When using a `SecurityManager`, the permissions required by JDK modules are granted by default, and are not dependent on the `policy.url` properties that are set in the `java.security` file.

This also applies if you are setting the `java.security.policy` system property with either the '=' or '==' option.