RFR: 8155023: jdk.vm.ci needs to securely export services
Doug Simon
doug.simon at oracle.com
Mon May 9 12:48:14 UTC 2016
> On 09 May 2016, at 14:30, Alan Bateman <Alan.Bateman at oracle.com> wrote:
>
>
>
> On 09/05/2016 12:50, Doug Simon wrote:
>> :
>> Should I be passing System.getSystemClassLoader() as the second argument to ServiceLoader.load()?
>>
> Probably as I assume you want to restrict deployments to the class path or module path. That is, I assume compiler implementation aren't going to be bundled with applications that are loaded into a running VM.
That is correct.
> If you do then you'll need to call ClassLoader::getSystemClassLoaded in a privileged block.
Ok. I’ve pushed these changes along with a comment explaining the use of the system class loader:
http://cr.openjdk.java.net/~dnsimon/8155023/src/jdk.vm.ci/share/classes/jdk.vm.ci.services/src/jdk/vm/ci/services/Services.java.sdiff.html
> The updated permission checks, to check JVMCIPermission, looks fine. Strictly speaking then the Services.loadXXX methods should need it but this isn't a general purpose service loading class so what you have is fine.
Got it.
Thanks for answering the final questions I have about this change.
-Doug
More information about the hotspot-compiler-dev
mailing list