Both jdk.vm.ci and jdk.vm.compiler require a number of permissions when a security manager is present. Since neither of these modules is accessible to application code, it should be ok to give them all permissions. This seems to be the approach for a number of other modules including jdk.scripting.nashorn, jdk.dynalink, jdk.jsobject etc. Please review this small change that configures this proposed permission level.
http://cr.openjdk.java.net/~dnsimon/8145337/webrev/ https://bugs.openjdk.java.net/browse/JDK-8145337 -Doug
