Proposal: Allow illegal reflective access by default in JDK 9

Peter Levart peter.levart at
Fri May 19 11:40:07 UTC 2017

On 05/19/2017 01:14 PM, Alan Bateman wrote:
> On 19/05/2017 11:58, Peter Levart wrote:
>> :
>> ...the example works (does not throw exception), but when run with:
>>     --add-opens java.base/jdk.internal.misc=ALL-UNNAMED
>> ...the example still works!!!! OOOPS - this is a bug!!! This is 
>> definitely a bug.
> No, the behavior is correct as jdk.internal.misc.Unsafe is public and 
> it's getUnsafe is public. It's different to sun.misc.Unsafe.
> However, you do have a point that opening all packages by default 
> means that the internal Unsafe might need to be looked at again. The 
> long term plan is to reduce the need for sun.misc.Unsafe but not by 
> having libraries move to the internal Unsafe.
> BTW: For the security manager case then I assume you code fragment 
> would need to accessClassInPackage.jdk.internal.misc permission.

Right, but such permission should not be sufficient, since it is 
required only to obtain the jdk.internal.misc.Unsafe.class object (i.e. 
for Class.forName("jdk.internal.misc.Unsafe"). I can play a trick here 
to obtain such Class instance. For example:

public class Test {
     public static void main(String[] args) throws Exception {
         System.setSecurityManager(new SecurityManager());
         Class<?> unsafeClass ="UNSAFE").getType();
         Object theUnsafe = unsafeClass.getMethod("getUnsafe").invoke(null);

Ok, I need "accessDeclaredMembers" permission here, but you get the 

Regards, Peter

> -Alan

More information about the jigsaw-dev mailing list