SecurityManager.checkPackageAccess for qualified exports
Langer, Christoph
christoph.langer at sap.com
Fri May 12 07:16:26 UTC 2017
Hi all,
while playing with the security manager (using -Djava.security.manager) in Java 9 and testing platform modules that we have added specifically in our build, I came across the following thing:
As we are using some stuff from jdk.internal, I get the AccessControlException: "exception access denied ("java.lang.RuntimePermission" "accessClassInPackage.jdk.internal.misc")" in several places, even if my code runs priviledged. I figured that I need to grant permission "permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.misc"" to my module. I was looking around where this restriction comes from and learned the following in the documentation of SecurityManager.checkPackageAccess:
Implementation Note:
This implementation also restricts all non-exported packages of modules loaded by the platform class loader<http://download.java.net/java/jdk9/docs/api/java/lang/ClassLoader.html#getPlatformClassLoader--> or its ancestors. A "non-exported package" refers to a package that is not exported to all modules. Specifically, it refers to a package that either is not exported at all by its containing module or is exported in a qualified fashion by its containing module.
Reading this, I'm wondering whether the implementation should implicitly grant package access for modules that a package in question was exported to in a qualified fashion? Now one ends up having to additionally add specific permissions which can easily be forgot.
Any comments? Shouldn't that be improved?
Best regards
Christoph
More information about the jigsaw-dev
mailing list