RFR: 8349145: Make Class.getProtectionDomain() non-native
Chen Liang
liach at openjdk.org
Fri Jan 31 17:19:46 UTC 2025
On Fri, 31 Jan 2025 16:39:35 GMT, Coleen Phillimore <coleenp at openjdk.org> wrote:
> This change removes the native call and injected field for ProtectionDomain in the java.lang.Class instance, and moves the field to be declared in Java.
> Tested with tier1-4.
Reflection filtering was mostly a legacy measure to avoid write and read access to fields via reflection that can't hide in the VM. Now the access control of modules should be sufficient to block writes (and if java.lang is compromised, we can consider the whole VM compromised); we already grant free reads with the functional removal of SM. (The explicit move of `signers` did not filter that field, too)
On a side note, if we filter more than 2 fields in `jdk.internal.reflect.Reflection`, we had better filter all fields. The filter is initialized very early in the bootstrap process, before `JavaLangAccess` is ready, so early that it couldn't access string hash code computation required for regular immutable sets.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/23396#issuecomment-2627839902
More information about the core-libs-dev
mailing list