Review Request: 8221530: Caller sensitive methods not handling caller = null when invoked by JNI code with no java frames on stack
Alan Bateman
Alan.Bateman at oracle.com
Thu Mar 28 15:08:26 UTC 2019
On 28/03/2019 14:48, Peter Levart wrote:
> :
>
> In addition, if access from null caller is granted and it is performed
> to a member in a "concealed" package, there's no warning displayed
The proposed check is that the package is exported unconditionally so it
will fail, no warning needed. I think that is okay. I could imagine
someone trying to argue that they run with `--add-exports
java.base/<concealed-package>=ALL-UNNAMED` and they expect their JNI
code to be able to reflect on the public members of public classes in
that package but it hardly seems wroth it as JNI doesn't do access
checks so it's pointless writing JNI code to use reflection.
-Alan
More information about the core-libs-dev
mailing list