> On Jul 15, 2016, at 4:05 AM, Sean Mullan <sean.mul...@oracle.com> wrote:
>
> Please review this change to the default Policy provider implementation to
> grant de-privileged module permissions by default even when the
> java.security.policy override option is specified or when the
> Policy.getInstance API is used:
>
> http://cr.openjdk.java.net/~mullan/webrevs/8159752/webrev.00/
>
Thanks for addressing the `==` overriding issue. As you replied in another
mail, this patch prepares the future work to modularize java.policy for modules.
I skimmed on the patch. The build change and java.policy and default.policy
files look okay. I will leave the detailed review to the security team.
Nit: line 312-314 - an alternative is to use:
Paths.get(System.getProperty("java.home”), “lib”, “security”,
“default.policy”);
Mandy
