Review request for the incorrect check for "getClassLoader" permission

[Mandy Chung]

Alan, David, Paul,

Given that j.u.c is pulled down from Doug's CVS into OpenJDK, I am 
having a second thought to leave the j.u.c.atomic change out from this 
patch.

I have added a static needsPackalgeAccessCheck method in 
sun.reflect.misc.ReflectUtil class that could be used by j.u.c.atomic 
updater once it's integrated to jdk8.  Since this j.u.c. change isn't 
critical for jigsaw at this time, we'll check with Doug (probably with 
David or Chris' help) and get appropriate change made in JSR166e source 
that will subsequently get pulled down in JDK 8 and jigsaw.

Updated webrev:
   
http://cr.openjdk.java.net/~mchung/jigsaw/webrevs/getclassloader-permission-fix.01/

Thanks
Mandy

On 6/21/2012 12:02 PM, Mandy Chung wrote:
> David, Paul,
>
> I have a fix for the incorrect check w.r.t. "getClassLoader" 
> permission [1] and also update j.u.c.atomic for module mode.
>
> Webrev at:
>    
> http://cr.openjdk.java.net/~mchung/jigsaw/webrevs/getclassloader-permission-fix/
>
> The security.sh test demonstrates what can be accessed in module mode 
> and lists the open issue.  This patch is intended to fix the bug 
> introduced in this changeset:
> http://hg.openjdk.java.net/jigsaw/jigsaw/jdk/rev/7b282c826118
>
> Since there is no parent-child delegation relationship and the 
> existing security check applies, it can only access its own class 
> loader in module mode.  This remains an open issue what security 
> checks would be appropriate in module mode and how well it plays with 
> existing java security policy file etc.
>
> As for testing, I ran test/java/util/concurrent/atomic tests in hybrid 
> mode and they passed (in fact I verified all java/lang and java/util 
> tests). Since AtomicUpdaters is marked to run in othervm mode, I 
> manually converted it as a module and it passes.
>
> Thanks
> Mandy
> [1] 
> http://mail.openjdk.java.net/pipermail/jigsaw-dev/2012-May/002614.html