RFR(S) 8166304: Skipping access check for classes generated by core reflection
harold seigel
harold.seigel at oracle.com
Tue Nov 15 14:09:31 UTC 2016
Hi,
Please review this fix for bug JDK-8166304. The fix throws an
IllegalAccessError exception when attempting to create a class that is a
sub-type of a jdk.internal.reflect class, unless the class loader is
either the boot loader or the special reflection class loader. This
prevents user classes from being able to extend jdk.internal.reflect
classes in order to bypass Reflection.getCallerClass.
Open webrev: http://cr.openjdk.java.net/~hseigel/bug_8166304/
JBS bug: https://bugs.openjdk.java.net/browse/JDK-8166304
The fix was tested with the JCK Lang and vm tests, the JTreg hotspot,
java/io, java/lang, and java/util tests, the nsk co-located and the
non-co-located tests, the RBT tier2 tests, and the test in the webrev.
A sample error message looks like this:
java.lang.IllegalAccessError: class FakeMethodAccessor loaded by
jdk/internal/loader/ClassLoaders$AppClassLoader cannot access
jdk/internal/reflect superclass jdk.internal.reflect.MethodAccessorImpl
Thanks, Harold
More information about the hotspot-runtime-dev
mailing list