RFR: 8327624: Remove VM implementation that bypass verification for core reflection [v2]
ExE Boss
duke at openjdk.org
Sat Oct 19 11:55:52 UTC 2024
On Fri, 18 Oct 2024 17:18:05 GMT, Mandy Chung <mchung at openjdk.org> wrote:
>>> // If the loader is not the boot loader then throw an exception if its
>>> // superclass is in package jdk.internal.reflect
>>
>> This should not be needed. `jdk.internal.reflect` is a non-exported package in `java.base` module. If another module `M` defines a class whose superclass is in `jdk.internal.reflect` package, `java.base` must export `jdk.internal.reflect` package to `M` for access. Otherwise, it will fail the super access check, as done in the check below this deleted code.
>>
>>
>> Reflection::VerifyClassAccessResults vca_result =
>> Reflection::verify_class_access(this_klass, InstanceKlass::cast(super), false);
>
> `test/hotspot/jtreg/runtime/AccessCheckSuper.java` is one test that fails the super class access check. @lfoltan may know whether there are more tests besides this one.
This code was necessary back when this was the `sun.reflect` package and it was not able to be encapsulated (before modules) to prevent untrusted class loaders from leaking the `MagicAccessorImpl` class hierarchy.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/21571#discussion_r1807206230
More information about the core-libs-dev
mailing list