The Security manager is a class that allows java apps to allow what and what not can be done within their codebase.
A common usage of a security manager is to disallow the code within the jvm to access system propertes (if running in a sandbox), make http calls, or create files on the underlying filesystem.
Since the SecurityManager is configurable, it is very hard to define by default what it does, even if it is on the same platform, because despite the fact that the security manager is a standardized thing, you can have numerous configurations and configuration options even for the same instance of an app. You can start your app by providing a different security manager policy file which could greatly influence the way your app behaves.
A common practice is to configure a security manager by providing it with a file:
http://docs.oracle.com/javase/7/docs/technotes/guides/security/PolicyFiles.html
I'd have to say in my 7 years of Java experience, I have dealt with security managers and policy files only when the jvm was running in a sandbox. However, it is interesting to note that Android jvm also has a security manager which seems to not be the recommended way of doing security policies: http://developer.android.com/reference/java/lang/SecurityManager.html
Also, check this SO answer:
Java Security Manager - What does it check?
So in short:
The security manager is a well known thing. It can be configured with a policy file which determines how it behaves so based on this policy file it can or can't throw an exception when you don't override its checkAccess method. So, to be sure you allow everything, you can have a permitAllSecurityManager as the default system security manager where every operation can be permitted, or you can specify a policy file to the default security manager which allows all operations.
