RFR [9]: 8181295: Document that SecurityManager::checkPackageAccess may be called by the VM

Mandy Chung mandy.chung at oracle.com
Fri Jun 16 21:57:55 UTC 2017


> On Jun 16, 2017, at 1:25 PM, Sean Mullan <sean.mullan at oracle.com> wrote:
> 
> On 6/16/17 11:13 AM, Mandy Chung wrote:
>>> On Jun 16, 2017, at 8:00 AM, Sean Mullan <sean.mullan at oracle.com> wrote:
>>> 
>>> Please review this clarification to the SecurityManager::checkPackageAccess method to note that the method may be called by the Virtual Machine when loading classes:
>>> 
>>> http://cr.openjdk.java.net/~mullan/webrevs/8181295/webrev.00/
>>> 
>>> A small correction was also made to the checkPackageDefinition method to note that it may be called by the defineClass (and not the loadClass) method of class loaders.
>> checkPackageDefinition is always a question for me and it’s not called in the JDK implementation.  Is there any test verifying that (i.e. called from defineClass)?
>> I’m okay to change “is” to “may” in checkPackageDefinition in this patch.  I can’t validate this spec change.  I suggest to separate this from JDK-8181295 and follow up in a future release.
> 
> Ok, that's fine. Instead of changing the wording, I would prefer to revert the change to checkPackageDefinition and file a new issue to address that separately in a subsequent release as it is not as critical and not specifically related to this issue.

That’s fine with me.  Approved.

I don’t need an updated webrev.

Mandy



More information about the security-dev mailing list