RFR [9]: 8181295: Document that SecurityManager::checkPackageAccess may be called by the VM
Mandy Chung
mandy.chung at oracle.com
Fri Jun 16 21:57:55 UTC 2017
> On Jun 16, 2017, at 1:25 PM, Sean Mullan <sean.mullan at oracle.com> wrote:
>
> On 6/16/17 11:13 AM, Mandy Chung wrote:
>>> On Jun 16, 2017, at 8:00 AM, Sean Mullan <sean.mullan at oracle.com> wrote:
>>>
>>> Please review this clarification to the SecurityManager::checkPackageAccess method to note that the method may be called by the Virtual Machine when loading classes:
>>>
>>> http://cr.openjdk.java.net/~mullan/webrevs/8181295/webrev.00/
>>>
>>> A small correction was also made to the checkPackageDefinition method to note that it may be called by the defineClass (and not the loadClass) method of class loaders.
>> checkPackageDefinition is always a question for me and it’s not called in the JDK implementation. Is there any test verifying that (i.e. called from defineClass)?
>> I’m okay to change “is” to “may” in checkPackageDefinition in this patch. I can’t validate this spec change. I suggest to separate this from JDK-8181295 and follow up in a future release.
>
> Ok, that's fine. Instead of changing the wording, I would prefer to revert the change to checkPackageDefinition and file a new issue to address that separately in a subsequent release as it is not as critical and not specifically related to this issue.
That’s fine with me. Approved.
I don’t need an updated webrev.
Mandy
More information about the security-dev
mailing list