JDK-8040059 changes the default policy for the deprivileged modules (those defined to the platform class loader) to enable granting specific permissions rather than AllPermission.

Setting -Djava.security.policy==override.policy with double equals sign overrides the system security policy that may not work in JDK 9 if the application uses any deprivileged modules.

Weblogic tests happens to override the security policy with double equals while it is unclear whether it is intended to override than augmenting.

This issue is created to re-evaluate the compatibility risk for JDK-8040059. The platform class loader only defines JDK modules and JavaFX modules. One reasonable change may be to separate the security policy for the system modules from ${JAVA_HOME}/conf/security/java.policy. It should always grant the policy for the system modules unless the same code source is specified in java.policy (either the system-wide one or the one specified in java.security.policy system property)