It would be useful for CI if we could set a system property which would log security manager permission check violations (and the details thereof) to a log file, outside of the standard log infrastructure. This would potentially allow us to fail CI when unexpected "hidden" permission violations occur by way of a post-build script analyzes the log output.

This might also be useful for troubleshooting more obscure security manager related problems.