On Thu, 16 Jun 2022 07:08:20 GMT, Johannes Kuhn <jk...@openjdk.org> wrote:
> * This adds additional permissions to the jdk.random module
> (`RuntimePermission "accessClassInPackage.jdk.internal.util.random"`)
> * The annotations of the provider classes are now parsed early.
> This avoids putting the parts that can trigger the parsing into an
> `AccessController.doPrivileged()` block.
> * If a `SecurityManager` is installed, `RandomGeneratorFactory.all()` will
> only return `RandomGenerator`s that are loaded by a system domain loader.
> This avoids parsing annotations of user classes from a privileged context.
src/java.base/share/classes/java/util/random/RandomGeneratorFactory.java line
165:
> 163: onlyBuiltIn = p ->
> VM.isSystemDomainLoader(p.type().getClassLoader());
> 164: } else {
> 165: onlyBuiltIn = p -> true;
Should this variable be renamed to something else? Because right now it does
the opposite of it's name. i.e. When `onlyBuiltIn` is set to `true`, like here,
the code a few lines below which filters the stream accepts all
`RandomGeneratorFactory` implementations that have been found.
-------------
PR: https://git.openjdk.org/jdk/pull/9180
