[foreign-memaccess+abi] RFR: 8310659: The jar tool should support allowing access to restricted methods from executable jars [v7]

[Maurizio Cimadamore]

On Wed, 28 Jun 2023 10:54:42 GMT, Jorn Vernee <jvernee at openjdk.org> wrote:

>> Add `Enable-Native-Access` jar attribute. `Enable-Native-Access: true` is equal to passing `--enable-native-access=ALL-UNNAMED` on the command line when running an executable jar (using `-jar <jar file>`).
>> 
>> Question: right now I've implemented this to check if the attribute value is exactly `true`, otherwise it is ignored. Should we only allow `true` or `false`, and throw an error on other values?
>> 
>> Reviewer note: I've factored some of a test code for analyzing output to `TestEnableNativeAccessBase` for the enable native access tests.
>
> Jorn Vernee has updated the pull request incrementally with one additional commit since the last revision:
> 
>   minor polish

After quick discussion with @AlanBateman and @pron, it seems like the most straightforward path is to just treat the manifest attribute as a "dynamic" addition of the unnamed module to the set of modules allowed to do restricted operations, and one that should not alter the deny vs. warn policy (which is still determined by the command line option being used). While this is mildly inconsistent, the fact that (a) executable jars are unlikely to work with named modules and (b) the warning treatment is transitional anyway, it is preferable to keep things simple.

-------------

PR Comment: https://git.openjdk.org/panama-foreign/pull/843#issuecomment-1611229680