RFR [9]: 8181295: Document that SecurityManager::checkPackageAccess may be called by the VM
Sean Mullan
sean.mullan at oracle.com
Fri Jun 16 20:25:05 UTC 2017
On 6/16/17 11:13 AM, Mandy Chung wrote:
>
>> On Jun 16, 2017, at 8:00 AM, Sean Mullan <sean.mullan at oracle.com> wrote:
>>
>> Please review this clarification to the SecurityManager::checkPackageAccess method to note that the method may be called by the Virtual Machine when loading classes:
>>
>> http://cr.openjdk.java.net/~mullan/webrevs/8181295/webrev.00/
>>
>> A small correction was also made to the checkPackageDefinition method to note that it may be called by the defineClass (and not the loadClass) method of class loaders.
>
> checkPackageDefinition is always a question for me and it’s not called in the JDK implementation. Is there any test verifying that (i.e. called from defineClass)?
>
> I’m okay to change “is” to “may” in checkPackageDefinition in this patch. I can’t validate this spec change. I suggest to separate this from JDK-8181295 and follow up in a future release.
Ok, that's fine. Instead of changing the wording, I would prefer to
revert the change to checkPackageDefinition and file a new issue to
address that separately in a subsequent release as it is not as critical
and not specifically related to this issue.
Thanks,
Sean
More information about the security-dev
mailing list