Re: RFR 8154192: Deprivilege java.scripting module

[Alan Bateman]

On 18/05/2016 08:55, Sundararajan Athijegannathan wrote:
Please review the updated webrevs.
* Fixed Modules.gmk for order of modules:

http://cr.openjdk.java.net/~sundar/8154192/top/webrev.01/

* From quick reading of j.u.ServiceLoader: AccessControlContext is
captured in ServiceLoader constructor & used for iteration
(RestrictedIterator). So, ScriptEngineManager calling only ServiceLoader
constructor inside doPrivileged block seems fine. Also, I turned
ProviderTest javax.script API test to use security manager - this tests
loads a dummy script engine from a jar file in classpath. This test
passes with security manager on.

http://cr.openjdk.java.net/~sundar/8154192/jdk/webrev.01/

Yes, we can still revisit AllPermission for java.scripting module in a
future change.

One suggestion is to run ProviderTest twice, both with and without SM. 
The rest looks okay.

-Alan.