RFR: 8309727: Assert privileges while reading the jdk.incubator.vector.VECTOR_ACCESS_OOB_CHECK system property [v2]

Uwe Schindler uschindler at openjdk.org
Fri Jun 9 18:15:39 UTC 2023


On Fri, 9 Jun 2023 13:18:07 GMT, Chris Hegarty <chegar at openjdk.org> wrote:

>> A trivial use of the Vector API when run with the security manager and a domain that does not grant permissions fails with java.security.AccessControlException: access denied ("java.util.PropertyPermission" "jdk.incubator.vector.VECTOR_ACCESS_OOB_CHECK" "read").
>> 
>> The fix it minimal, as consistent with other system property access in the JDK - just access the property while asserting privileged. Note: no explicit permission grant to the vector module is required, as it is in the boot loader.
>> 
>> This is the only such security manager related issue I see in this code, and I have looked.
>
> Chris Hegarty has updated the pull request incrementally with one additional commit since the last revision:
> 
>   add at bug and remove newline

Here is our Lucene workaround: https://github.com/apache/lucene/pull/12362

-------------

PR Comment: https://git.openjdk.org/jdk/pull/14392#issuecomment-1584965386


More information about the core-libs-dev mailing list