On Thu, 16 Jun 2022 07:08:20 GMT, Johannes Kuhn <jk...@openjdk.org> wrote:
> * This adds additional permissions to the jdk.random module > (`RuntimePermission "accessClassInPackage.jdk.internal.util.random"`) > * The annotations of the provider classes are now parsed early. > This avoids putting the parts that can trigger the parsing into an > `AccessController.doPrivileged()` block. > * If a `SecurityManager` is installed, `RandomGeneratorFactory.all()` will > only return `RandomGenerator`s that are loaded by a system domain loader. > This avoids parsing annotations of user classes from a privileged context. test/jdk/java/util/Random/SecurityManagerFactory.java line 2: > 1: /* > 2: * Copyright (c) 2021, Oracle and/or its affiliates. All rights reserved. Update year to 2022. test/jdk/java/util/Random/SecurityManagerFactory.java line 29: > 27: * @summary Checks if the random factory providers can be loaded when a > SecurityManager is active > 28: * @bug 8288475 > 29: * @run main/othervm/policy=java.policy -Djava.security.manager > SecurityManagerFactory You should not need to specify the `java.security.manager` system property as the jtreg `policy` tag will automatically run it under a SecurityManager. test/jdk/java/util/Random/SecurityManagerFactory.java line 34: > 32: public class SecurityManagerFactory { > 33: public static void main(String[] args) { > 34: RandomGeneratorFactory.all().toList(); Should you also check what `RandomGenerator`s are returned when an SM is enabled to make sure it is ok? ------------- PR: https://git.openjdk.org/jdk/pull/9180