On Fri, 5 Feb 2021 02:37:54 GMT, Coleen Phillimore <cole...@openjdk.org> wrote:
>> This change does not call up to Java for checkPackageAccess if the security >> manager is NULL, but still saves the protection domain in the pd_set for >> that dictionary entry. If the option -Djava.security.manager=disallow is >> set, that means that there will never be a security manager and the JVM code >> can avoid saving the protection domains completely. >> See the two functions java_lang_System::has_security_manager() and >> java_lang_System::allow_security_manager() for details. >> Also deleted ProtectionDomainVerification because there's no use for this >> option. >> >> Tested with tier1 hotspot, jdk and langtools. >> and tier2-6. > > Coleen Phillimore has updated the pull request incrementally with one > additional commit since the last revision: > > Fix comments and copyright. Some comments remain confusing. Thanks, David src/hotspot/share/classfile/javaClasses.cpp line 4415: > 4413: > 4414: // This field means that a security manager can be installed so we > still have to > 4415: // populate the ProtectionDomainCacheTable. No this field returns the installed SM if any. It doesn't tell you anything about whether you can install a SM or not (though obviously if non-NULL then you could). src/java.base/share/classes/java/lang/System.java line 163: > 161: > 162: // indicates if a security manager is possible > 163: // @implNote The HotSpot JVM hardcodes the value of NEVER. You don't need this if the VM reads the value of NEVER. ------------- PR: https://git.openjdk.java.net/jdk/pull/2410
