[Bug classpath/46773] New: [METABUG] Calling Policy.setPolicy with a new Policy object has no effect on the DefaultSecurityManager

[gnu_andrew at member dot fsf.org]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=46773

           Summary: [METABUG] Calling Policy.setPolicy with a new Policy
                    object has no effect on the DefaultSecurityManager
           Product: classpath
           Version: 0.98
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: classpath
        AssignedTo: address@hidden
        ReportedBy: address@hidden


As shown by running this new Mauve test:

http://sources.redhat.com/cgi-bin/cvsweb.cgi/mauve/gnu/testlet/java/security/Policy/setPolicy.java?rev=1.1&content-type=text/x-cvsweb-markup&cvsroot=mauve

calling setPolicy has no effect on the default SecurityManager implementation
provided by GNU Classapath.

This is because VMAccessController creates ProtectionDomain objects using the
two argument constructor which uses static permissions.  The four argument
constructor should be used instead so the policy is consulted.

Fixing this requires changes in a VM class which seems to have local copies in
most Classpath VMs (at least CACAO, gij and jamvm).  This metabug thus tracks
fixing the issue separately in both gcj and Classpath's reference copy.