Policy.setPolicy(policy);

      try {
        r.run();
      } finally {
        policy.addPermission(new SecurityPermission("setPolicy"));
        Policy.setPolicy(savedPolicy);
      }
    }
  }

  /** Runs a runnable without any permissions. */
  public void runWithoutPermissions(Runnable r) {
    runWithPermissions(r);
  }

      Policy.setPolicy(policy);

      try {
        r.run();
      } finally {
        policy.addPermission(new SecurityPermission("setPolicy"));
        Policy.setPolicy(savedPolicy);
      }
    }
  }

  /** Runs a runnable without any permissions. */
  public void runWithoutPermissions(Runnable r) {
    runWithPermissions(r);
  }

# This workflow uses actions that are not certified by GitHub. They are provided
# by a third-party and are governed by separate terms of service, privacy
# policy, and support documentation.

name: Scorecard supply-chain security
on:
  # For Branch-Protection check. Only the default branch is supported. See
  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
  branch_protection_rule:

@ElementTypesAreNonnullByDefault
public final class Queues {
  private Queues() {}

  // ArrayBlockingQueue

  /**
   * Creates an empty {@code ArrayBlockingQueue} with the given (fixed) capacity and nonfair access
   * policy.
   */
  @J2ktIncompatible
  @GwtIncompatible // ArrayBlockingQueue
  public static <E> ArrayBlockingQueue<E> newArrayBlockingQueue(int capacity) {
    return new ArrayBlockingQueue<>(capacity);
  }

@GwtIncompatible
@ElementTypesAreNonnullByDefault
public interface RangeMap<K extends Comparable, V> {
  /*
   * TODO(cpovirk): These docs sometimes say "map" and sometimes say "range map." Pick one, or at
   * least decide on a policy for when to use which.
   */

  /**
   * Returns the value associated with the specified key, or {@code null} if there is no such value.
   *

   * if occurrences == 0. This satisfies both NullPointerTester and
   * CollectionRemoveTester.testRemove_nullAllowed, but it's not clear that it's
   * a good policy, especially because, in order for the test to pass, the
   * parameter must be misleadingly annotated as @Nullable. I suspect that
   * we'll want to remove @Nullable, add an eager checkNotNull, and loosen up

  /**
   * The HTTP <a href="https://wicg.github.io/cross-origin-embedder-policy/#COEP-RO">{@code
   * Cross-Origin-Embedder-Policy-Report-Only}</a> header field name.
   *
   * @since 30.0
   */
  public static final String CROSS_ORIGIN_EMBEDDER_POLICY_REPORT_ONLY =
      "Cross-Origin-Embedder-Policy-Report-Only";
  /**
   * The HTTP Cross-Origin-Opener-Policy header field name.

   * if occurrences == 0. This satisfies both NullPointerTester and
   * CollectionRemoveTester.testRemove_nullAllowed, but it's not clear that it's
   * a good policy, especially because, in order for the test to pass, the
   * parameter must be misleadingly annotated as @Nullable. I suspect that
   * we'll want to remove @Nullable, add an eager checkNotNull, and loosen up

  // NOTE: Whenever both tests are cheap and functional, it's faster to use &, | instead of &&, ||

  static final boolean GENERATE_CANCELLATION_CAUSES;

  static {
    // System.getProperty may throw if the security policy does not permit access.
    boolean generateCancellationCauses;
    try {
      generateCancellationCauses =
          Boolean.parseBoolean(