RFR 8154192: Deprivilege java.scripting module

Wed May 18 08:47:32 UTC 2016

On 18/05/2016 08:55, Sundararajan Athijegannathan wrote:
> Please review the updated webrevs.
>
> * Fixed Modules.gmk for order of modules:
>
> http://cr.openjdk.java.net/~sundar/8154192/top/webrev.01/
>
> * From quick reading of j.u.ServiceLoader: AccessControlContext is
> captured in ServiceLoader constructor & used for iteration
> (RestrictedIterator). So, ScriptEngineManager calling only ServiceLoader
> constructor inside doPrivileged block seems fine. Also, I turned
> ProviderTest javax.script API test to use security manager - this tests
> loads a dummy script engine from a jar file in classpath. This test
> passes with security manager on.
>
> http://cr.openjdk.java.net/~sundar/8154192/jdk/webrev.01/
>
> Yes, we can still revisit AllPermission for java.scripting module in a
> future change.
>
One suggestion is to run ProviderTest twice, both with and without SM. 
The rest looks okay.

-Alan.