> On 1 May 2023, at 11:57, Ron Pressler <ron.press...@oracle.com> wrote:
>
[...]
>
> There’s no need for such code. Modules that need JNI will use JNI. The
> application will simply give them permission to do so with
> --enable-native-access=MODULE-NAME, as it would also do to allow FFM to use
> native libraries.
I wonder if you are planning to define a formal grammar for all these command
line options defining “integrity policies” as it surely looks to me like…
grant MODULE-NAME {
AllPermission
}
grant MODULE-NAME {
OpenModulePermission(“module-to-open-name”)
}
Wouldn’t it be better to reconsider JEP 411 and just make running under
security manager the default?
—
Michal
