diff --git a/jdk/src/share/classes/com/sun/media/sound/JSSecurityManager.java b/jdk/src/share/classes/com/sun/media/sound/JSSecurityManager.java index 280e92aec68..ef34bc4adf9 100644 --- a/jdk/src/share/classes/com/sun/media/sound/JSSecurityManager.java +++ b/jdk/src/share/classes/com/sun/media/sound/JSSecurityManager.java @@ -187,9 +187,18 @@ final class JSSecurityManager { static List getProviders(final Class providerClass) { List p = new ArrayList<>(); - // ServiceLoader creates "lazy" iterator instance, so it doesn't, - // require do be called from privileged section - final Iterator ps = ServiceLoader.load(providerClass).iterator(); + // ServiceLoader creates "lazy" iterator instance, but it ensures that + // next/hasNext run with permissions that are restricted by whatever + // creates the ServiceLoader instance, so it requires to be called from + // privileged section + final PrivilegedAction> psAction = + new PrivilegedAction>() { + @Override + public Iterator run() { + return ServiceLoader.load(providerClass).iterator(); + } + }; + final Iterator ps = AccessController.doPrivileged(psAction); // the iterator's hasNext() method looks through classpath for // the provider class names, so it requires read permissions