Review request for the incorrect check for "getClassLoader" permission
Mandy Chung
mandy.chung at oracle.com
Thu Jun 21 12:02:29 PDT 2012
David, Paul,
I have a fix for the incorrect check w.r.t. "getClassLoader" permission
[1] and also update j.u.c.atomic for module mode.
Webrev at:
http://cr.openjdk.java.net/~mchung/jigsaw/webrevs/getclassloader-permission-fix/
The security.sh test demonstrates what can be accessed in module mode
and lists the open issue. This patch is intended to fix the bug
introduced in this changeset:
http://hg.openjdk.java.net/jigsaw/jigsaw/jdk/rev/7b282c826118
Since there is no parent-child delegation relationship and the existing
security check applies, it can only access its own class loader in
module mode. This remains an open issue what security checks would be
appropriate in module mode and how well it plays with existing java
security policy file etc.
As for testing, I ran test/java/util/concurrent/atomic tests in hybrid
mode and they passed (in fact I verified all java/lang and java/util
tests). Since AtomicUpdaters is marked to run in othervm mode, I
manually converted it as a module and it passes.
Thanks
Mandy
[1] http://mail.openjdk.java.net/pipermail/jigsaw-dev/2012-May/002614.html
More information about the jigsaw-dev
mailing list