RFR: 8159752: Grant de-privileged module permissions by default with java.security.policy override option
Mandy Chung
mandy.chung at oracle.com
Fri Jul 15 08:37:48 UTC 2016
> On Jul 15, 2016, at 4:05 AM, Sean Mullan <sean.mullan at oracle.com> wrote:
>
> Please review this change to the default Policy provider implementation to grant de-privileged module permissions by default even when the java.security.policy override option is specified or when the Policy.getInstance API is used:
>
> http://cr.openjdk.java.net/~mullan/webrevs/8159752/webrev.00/
>
Thanks for addressing the `==` overriding issue. As you replied in another mail, this patch prepares the future work to modularize java.policy for modules.
I skimmed on the patch. The build change and java.policy and default.policy files look okay. I will leave the detailed review to the security team.
Nit: line 312-314 - an alternative is to use:
Paths.get(System.getProperty("java.home”), “lib”, “security”, “default.policy”);
Mandy
More information about the security-dev
mailing list