RFR: 6983726: Reimplement MethodHandleProxies.asInterfaceInstance [v16]
Johannes Kuhn
jkuhn at openjdk.org
Wed May 31 12:41:10 UTC 2023
On Wed, 31 May 2023 00:49:22 GMT, Mandy Chung <mchung at openjdk.org> wrote:
>>> Apparently, calling utility methods from sun.invoke, like the ensureOriginalLookup in this patch, also triggers this check.
>>
>> It should not trigger `checkPackageAccess` if it does not implement the interface AFAICT.
>>
>> It would trigger module-access check. `java.base` can export `sun.invoke` to the dynamic module (it may be worth considering putting the internal interface in a specific package for the dynamic module' use - `sun.invoke` is ok since it currently has one interface but hard to catch when someone adds a new class/interface in `sun.invoke` unintentionally and leak out sensitive API.
>
>> Then we still need to obtain the implemented interface and original method handle information every time they are queried. Having these information (or the method handle providing access) computed early is more convenient.
>
> I was thinking the wrapper instance class still implements some private methods to get the implemented interface and original method handle which can be accessed only `java.base` via deep reflection.
> It should not trigger `checkPackageAccess` if it does not implement the interface AFAICT.
`checkPackageAccess` is also called by the application class loader:
https://github.com/openjdk/jdk/blob/master/src/java.base/share/classes/jdk/internal/loader/ClassLoaders.java#L174-L189
It should make it impossible to reference for example `sun.misc.Unsafe`.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/13197#discussion_r1211652282
More information about the core-libs-dev
mailing list