I have a question related.
There are some places in JDK that use doPrivileged to read "os.name" etc. This
system property is in the default java.policy file
> On May 2, 2016, at 10:15 PM, Sean Mullan <sean.mul...@oracle.com> wrote:
>
> This is not an issue in your changes, but the current javadoc for
> Version.current() says:
>
> 266 * @throws SecurityException
> 267 * If a security manager exists and its {@link
> 268 * SecurityManager#checkPropertyAccess(String)
> 269 * checkPropertyAccess} method does not allow access to the
> 270 * system property "java.version"
>
> but this can never occur since the code is wrapping the call to
> System.getProperty("java.version") in doPrivileged, so the caller's
> permissions are never checked.
>
> I think that this is a bug in the javadoc of this method and that it should
> not be specified to throw SecurityException. All code already has permission
> to read "java.version" in the default java.policy file.
Can you clarify?
If a system property is listed in the default java.policy file, shall we use or
not use doPrivileged() to read it inside JDK? I thought the answer is yes
because the policy file could be modified.
Thanks
Max
