#ReflectiveAccessByInstrumentationAgents

Andrew Dinn adinn at redhat.com
Fri May 6 08:07:21 UTC 2016 

On 05/05/16 20:50, Alan Bateman wrote:
> 
> On 05/05/2016 17:31, Andrew Dinn wrote:
>> :
>>
>> I looked at several ways of making this work and decided the best thing
>> was to have the agent redefine AccessibleObject.checkCanSetAccessible so
>> that it grants Byteman code (specifically one Byteman class called Rule)
>> free reign when it calls this method. This still retains security
>> manager checks made around this call. Choosing this method targets the
>> code which does module access checks.
>>
> This is very fragile because checkCanSetAccessible is not part of the
> API and may go away or change at any time.

Yes, that is true. I was assuming that

  once baked into JDK9 this was very unlikely to change

  if it did I could upgrade Byteman to implement another such hack

However, I think you are right that what I need to do is implement
something that depends on a guaranteed property e.g. inject a class
which makes the call into the module of java.lang.Object (java .base).
I'll still need to make sure it can only be called from my Rule class so
I can guarantee that it does not leak access.

> Have you looked at injecting code in the victim module that invokes
> Module addExports to export the packages to the Byteman modules (modules
> plural because it sounds like the code is split between the unnamed
> module of the app class loader and the unnamed modulie of the boot loader).

Not yet but I will do. n.b. for all practical purposes there is only one
Byteman module although which one it is depends upon whether the agent
jar is hoisted into the bootstrap or remains in the system loader. In
the former case the code is split but only in that the Main class gets
left in the system loader  while all others sit in bootstrap. Since Main
merely acts as a trampoline it does not require any special module linkage.
regards,


Andrew Dinn
-----------
Senior Principal Software Engineer
Red Hat UK Ltd
Registered in England and Wales under Company Registration No. 03798903
Directors: Michael Cunningham, Michael ("Mike") O'Neill, Eric Shander

More information about the jigsaw-dev mailing list