On Thu, 23 Mar 2023 15:31:31 GMT, Eirik Bjorsnos <d...@openjdk.org> wrote:
> > I don't think we should be exporting that package. Instead, the `JarIndex` > > class can be updated to do `AccessController.doPrivileged(...)`. > > Nice, I'll try that! > > Do you know if the `jar` tool allows running with a `SecurityManager`? If > not, we could perhaps simply use `System.getProperty`? I had a look at the existing code in the jar tool. It appears that it doesn't run with a SecurityManager - there's direct calls to `System.getProperty()` in some places in the code. So I think just calling `System.getProperty()` should be fine. When this PR goes into a published state for review, I'm sure others who have more knowledge about this area will help decide. ------------- PR Comment: https://git.openjdk.org/jdk/pull/13158#issuecomment-1482267543
