On 01/22/2017 12:02 PM, Mandy Chung wrote:
On Jan 21, 2017, at 6:37 PM, Weijun Wang <weijun.w...@oracle.com> wrote:
On 01/22/2017 09:18 AM, Mandy Chung wrote:
AFAIK, no permission check from RB::getBundle loading this resource bundle.
The implementation should wrap all security sensitive calls with doPriv. I
also mentioned that in [1]
I see.
It just feels strange to see getString() and getAuthResourcesString()
implemented so differently in this webrev. Since you think they should be the
same, how about creating a private method that includes the VM.initLevel and
bundles.computeIfAbsent calls? We'll let Adam to decide if getString() can also
call it.
I agree it looks strange but I hope Adam can leverage that. It’s better to
leave it for the fix for JDK-8168075.
Do you approve this fix?
Yes.
--Max
Mandy
