Re: RFR 8154192: Deprivilege java.scripting module

Mandy Chung Wed, 18 May 2016 09:14:11 -0700

> On May 18, 2016, at 12:55 AM, Sundararajan Athijegannathan 
> <sundararajan.athijegannat...@oracle.com> wrote:
> 
> Please review the updated webrevs.
> 
> * Fixed Modules.gmk for order of modules:
> 
> http://cr.openjdk.java.net/~sundar/8154192/top/webrev.01/
> 
> * From quick reading of j.u.ServiceLoader: AccessControlContext is
> captured in ServiceLoader constructor & used for iteration
> (RestrictedIterator). So, ScriptEngineManager calling only ServiceLoader
> constructor inside doPrivileged block seems fine. Also, I turned
> ProviderTest javax.script API test to use security manager - this tests
> loads a dummy script engine from a jar file in classpath. This test
> passes with security manager on.
> 
> http://cr.openjdk.java.net/~sundar/8154192/jdk/webrev.01/
> 
> Yes, we can still revisit AllPermission for java.scripting module in a
> future change.



+1

I saw you updated the test to run with and without SM which is good.

Mandy

Re: RFR 8154192: Deprivilege java.scripting module

Reply via email to