> On Jul 15, 2016, at 4:05 AM, Sean Mullan <sean.mul...@oracle.com> wrote: > > Please review this change to the default Policy provider implementation to > grant de-privileged module permissions by default even when the > java.security.policy override option is specified or when the > Policy.getInstance API is used: > > http://cr.openjdk.java.net/~mullan/webrevs/8159752/webrev.00/ >
Thanks for addressing the `==` overriding issue. As you replied in another mail, this patch prepares the future work to modularize java.policy for modules. I skimmed on the patch. The build change and java.policy and default.policy files look okay. I will leave the detailed review to the security team. Nit: line 312-314 - an alternative is to use: Paths.get(System.getProperty("java.home”), “lib”, “security”, “default.policy”); Mandy