> On Jun 16, 2017, at 8:00 AM, Sean Mullan <[email protected]> wrote: > > Please review this clarification to the SecurityManager::checkPackageAccess > method to note that the method may be called by the Virtual Machine when > loading classes: > > http://cr.openjdk.java.net/~mullan/webrevs/8181295/webrev.00/ > > A small correction was also made to the checkPackageDefinition method to note > that it may be called by the defineClass (and not the loadClass) method of > class loaders.
checkPackageDefinition is always a question for me and it’s not called in the JDK implementation. Is there any test verifying that (i.e. called from defineClass)? I’m okay to change “is” to “may” in checkPackageDefinition in this patch. I can’t validate this spec change. I suggest to separate this from JDK-8181295 and follow up in a future release. Mandy
