Code Review Request: running signed modules with SecurityManager

mark.reinhold at oracle.com mark.reinhold at oracle.com
Fri Jun 4 13:19:35 PDT 2010


> Date: Fri, 04 Jun 2010 15:22:46 -0400
> From: sean.mullan at oracle.com

> On 6/4/10 2:31 PM, mark.reinhold at oracle.com wrote:
>> http://cr.openjdk.java.net/~mullan/jigsaw/webrevs/SecurityManager2/webrev.01/
>> ...
>> 
>> SimpleLibrary.java
>> 
>>    [55] Is there a reason to put signer.ser in its own subdirectory?
> 
> Just trying to think ahead - we'll likely want to store additional security
> information such as the module's granted permissions, and potentially other
> certificate related information such as CRLs.

Even then I don't expect there will ever be very many files in an
installed-module directory, so I doubt a subdirectory would be needed.

> ...
>> Loader.java
>> ...
>> 
>>    [196] If there's no CodeSigner then shouldn't you pass null as the last
>>    argument to defineModule, rather than new CodeSource(null, null)?
> 
> No, I don't believe so. There is a subtle difference. A CodeSource of (null,
> null) will still be granted permissions where the URL/certs don't matter, ex
> the permissions of the sandbox policy. But a null CodeSource won't be granted
> any permissions.

Hmm.  That's okay for now, I guess.

- Mark



More information about the jigsaw-dev mailing list