Thank you Alan and Sean,
I copied preceding code for jdk.internal.vm.compiler because it is not clear for me if accessClassInPackage is enough
for all cases. Anyway, I filed next issue to find minimum required permission as you suggested.
https://bugs.openjdk.java.net/browse/JDK-8189116
Thanks,
Vladimir
On 10/10/17 5:26 AM, Sean Mullan wrote:
On 10/9/17 3:55 AM, Alan Bateman wrote:
On 05/10/2017 00:05, Vladimir Kozlov wrote:
https://bugs.openjdk.java.net/browse/JDK-8188775
Changes for 8182701[1] missed changes in default.policy for new module
jdk.internal.vm.compiler.management.
Add missing code:
src/java.base/share/lib/security/default.policy
@@ -154,6 +154,10 @@
permission java.security.AllPermission;
};
+grant codeBase "jrt:/jdk.internal.vm.compiler.management" {
+ permission java.security.AllPermission;
+};
+
This looks okay to me although it would be nice if we could identify the minimal permissions rather than granting it
AllPermission.
+1.
Is there any reason you did not just grant it RuntimePermission
"accessClassInPackage.org.graalvm.compiler.hotspot"?
I see you have already pushed the fix, so I would recommend opening another issue to only grant the required permissions
to the jdk.internal.vm.compiler.management module.
Thanks,
Sean
