Add reads to open module

[forax at univ-mlv.fr]

----- Mail original -----
> De: "Christian Beikov" <christian.beikov at gmail.com>
> À: "Remi Forax" <forax at univ-mlv.fr>
> Cc: "jigsaw-dev" <jigsaw-dev at openjdk.java.net>
> Envoyé: Lundi 17 Mai 2021 18:27:01
> Objet: Re: Add reads to open module

> Am 17.05.2021 um 18:10 schrieb Remi Forax:
>> ----- Mail original -----
>>> De: "Christian Beikov" <christian.beikov at gmail.com>
>>> À: "jigsaw-dev" <jigsaw-dev at openjdk.java.net>
>>> Envoyé: Lundi 17 Mai 2021 17:43:15
>>> Objet: Fwd: Add reads to open module
>>> Hi,
>>>
>>> I have a use case where I generate some code and that code refers to
>>> classes of some module B.
>>>
>>> When the module A (an open module), into which I define that class, has
>>> no read-edges to the module B, this fails saying that A does not read B.
>>>
>>> That's fine and totally understandable, so I tried to add the following
>>> code:
>>>
>>> moduleA.addReads("moduleB.pkg", moduleB)
>>>
>>> but this is not allowed as `addReads` only works if `this == callerModule`.
>>>
>>> My workaround is to define a class into module A that can then call this
>>> method.
>>>
>>> Is there a reason to this limitation? I mean the module is open anyway,
>>> so anyone can just define a class into it, so why not also allow calling
>>> addReads?
>> It's basic security [1], you can not see something you do not ask for.
>> By example, if your module as a security issue, you don't want an attacker to be
>> able to see all other open modules from your module.

> Right, but the module is open already, so I can do anything by injecting
> code into that module. It's more of a usabulity question I guess,
> because I'd rather just call `Module#addReads` directly instead of doing
> this through a <clinit> or a dedicated class that I inject. Not sure how
> the system is more secure by not allowing to call this method directly
> in this case.

You can do that, because you control the command line, an attacker may not be able to do the same thing.

Rémi