Review request JDK-8165180: Provide a shared secret to access non-public ServerSocket constructor

[Peter Levart]

Hi Mandy,


On 09/02/2016 05:30 PM, Mandy Chung wrote:
> Constructor::newInstance is a caller-sensitive method that performs the security check when the caller is not the same class loader as implClass’s class loader or not its ancestor.
>
> In this case the caller class is ServerSocket and its class loader is the bootstrap class loader is privileged (an ancestor of any loader).

I'm thinking of the Class::getDeclaredConstructor method.

If the implClass's class loader is not the bootstrap loader, 
"accessDeclaredMembers" permission will be checked. I don't know about 
which implClass(es) will be passed to the method, but if custom user 
classes are among them, they will not be loaded by bootstrap loader, right?

Checking the usages of getDeclaredConstructor() in JDK sources I can see 
that they usually (but not always) are enclosed in doPrivileged.

Regards, Peter

>
> Mandy
>
>> On Sep 2, 2016, at 6:42 AM, Peter Levart <peter.levart at gmail.com> wrote:
>>
>> Hi Many,
>>
>> Are you sure the implementation class passed to JavaNetSocketAccess.newSocketImpl(Class<? extends SocketImpl> implClass) is never going to be loaded by a class loader other than bootstrap classloader (the loader of the caller of implClass.getDeclaredConstructor()) and that no unprivileged code will be on the call stack at that time? Do you need to enclose this invocation into doPrivileged() block or do you expect that the caller of JavaNetSocketAccess.newSocketImpl() will do that?
>>
>> Regards, Peter
>>
>> On 08/31/2016 10:48 PM, Mandy Chung wrote:
>>> This patch introduces JavaNetSocketAccess to allow access to non-public ServerSocket constructor that is accessed by some other area as a clean up.
>>>
>>> Webrev:
>>>    http://cr.openjdk.java.net/~mchung/jdk9/webrevs/8165180/webrev.00/
>>>
>>> Mandy