> On Nov 19, 2016, at 5:36 PM, David Holmes <david.hol...@oracle.com> wrote: > > On 19/11/2016 12:52 AM, Claes Redestad wrote: >> Hi, >> >> having classes ask the security manager for permission to access its own >> class loader >> when probing for assertion status during class initialization appears >> pointless. > > For our internal JDK classloaders perhaps, but you seem to be extrapolating > this to all classloaders and all security manager implementations. This would > be an observable change in behaviour so at a minimum should be thoroughly > examined before being changed.
Class::getClassLoader() is caller-sensitive and it will skip the permission check if the caller’s class loader is the same or ancestor of the class loader being accessed. Class::desiredAssertionStatus calls Class::getClassLoader and so the caller class in this case is java.lang.Class. Effectively no permission check is done and it’s equivalent to calling getClassLoader0. Mandy
