RFR: 8309727: Assert privileges while reading the jdk.incubator.vector.VECTOR_ACCESS_OOB_CHECK system property
Chris Hegarty
chegar at openjdk.org
Fri Jun 9 13:12:07 UTC 2023
On Fri, 9 Jun 2023 13:02:18 GMT, Chris Hegarty <chegar at openjdk.org> wrote:
> A trivial use of the Vector API when run with the security manager and a domain that does not grant permissions fails with java.security.AccessControlException: access denied ("java.util.PropertyPermission" "jdk.incubator.vector.VECTOR_ACCESS_OOB_CHECK" "read").
>
> The fix it minimal, as consistent with other system property access in the JDK - just access the property while asserting privileged. Note: no explicit permission grant to the vector module is required, as it is in the boot loader.
>
> This is the only such security manager related issue I see in this code, and I have looked.
@PaulSandoz We just ran into this yesterday, https://github.com/elastic/elasticsearch/pull/96715. The change here is trivial.
test/jdk/jdk/incubator/vector/VectorRuns.java line 32:
> 30: * @modules jdk.incubator.vector
> 31: * @run main VectorRuns
> 32: * @run main/othervm/java.security.policy=empty_security.policy VectorRuns
I just added a minimal test here, so as not to otherwise disturb other areas. This is sufficient to very the fix, and ensure that it does not reoccur.
test/jdk/jdk/incubator/vector/VectorRuns.java line 73:
> 71: return a.length;
> 72:
> 73: int length = a.length & ~(species.length() - 1);
pre existing test issue.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/14392#issuecomment-1584549575
PR Review Comment: https://git.openjdk.org/jdk/pull/14392#discussion_r1224274145
PR Review Comment: https://git.openjdk.org/jdk/pull/14392#discussion_r1224275043
More information about the core-libs-dev
mailing list