RFR [9]: 8181295: Document that SecurityManager::checkPackageAccess may be called by the VM
Mandy Chung
mandy.chung at oracle.com
Fri Jun 16 15:13:51 UTC 2017
> On Jun 16, 2017, at 8:00 AM, Sean Mullan <sean.mullan at oracle.com> wrote:
>
> Please review this clarification to the SecurityManager::checkPackageAccess method to note that the method may be called by the Virtual Machine when loading classes:
>
> http://cr.openjdk.java.net/~mullan/webrevs/8181295/webrev.00/
>
> A small correction was also made to the checkPackageDefinition method to note that it may be called by the defineClass (and not the loadClass) method of class loaders.
checkPackageDefinition is always a question for me and it’s not called in the JDK implementation. Is there any test verifying that (i.e. called from defineClass)?
I’m okay to change “is” to “may” in checkPackageDefinition in this patch. I can’t validate this spec change. I suggest to separate this from JDK-8181295 and follow up in a future release.
Mandy
More information about the security-dev
mailing list