On Fri, 15 Nov 2024 15:43:08 GMT, Eirik Bjørsnøs <eir...@openjdk.org> wrote:
>> Please review this PR to clean up `RandomSupport`, `ClassFileDumper` and
>> `StaticProperty` in the `jdk.internal.util` namespace:
>>
>> * `RandomSupport` is updated to replace an `AccessController::doPrivileged`
>> call with `Boolean::getBoolean`. (Existing code uses
>> `String::equalsIgnoreCase`, equivalent to `Boolean::getBoolean`)
>> * `ClassFileDumper` constructor is updated to remove a comment referencing
>> `GetPropertyAction`. (I left the `VM::getSavedProperty` call as-is, please
>> advise if this should be replaced with `System::getProperty)
>> * `ClassFileDumper::write` is updated to unwrap a
>> `AccessController::doPrivileged` call
>> * `StaticProperty` is updated to remove
>> `SecurityManager::checkPropertyAccess` references in the documentation
>>
>> Verification: GHA results pending.
>
> Eirik Bjørsnøs has updated the pull request incrementally with one additional
> commit since the last revision:
>
> Remove redundant suppression
src/java.base/share/classes/jdk/internal/util/random/RandomSupport.java line
728:
> 726: // The following decides which of two strategies initialSeed() will
> use.
> 727: private static boolean secureRandomSeedRequested() {
> 728: return Boolean.getBoolean("java.util.secureRandomSeed");
Not sure why access to this system property required privileges.
It is documented in
[SplittableRandom](https://docs.oracle.com/en/java/javase/23/docs/api/java.base/java/util/SplittableRandom.html#java.util.secureRandomSeed),
so I guess it's OK to have unprivileged access.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/22141#discussion_r1844278216
