<AWT Dev> Review Request: 7164376 Replace use of sun.security.action.LoadLibraryAction
Artem Ananiev
artem.ananiev at oracle.com
Wed May 2 18:09:00 UTC 2012
Hi, Mandy,
the client part of the fix looks fine. Let me ask a naive question, though.
From your explanation, I see that System.loadLibrary() is now aware of
modules. What prevents us to change LoadLibraryAction the same way?
"FROM" code looks much more elegant than the new (the old?) "TO" one.
Thanks,
Artem
On 4/26/2012 10:49 PM, Mandy Chung wrote:
> 7164376 Replace use of sun.security.action.LoadLibraryAction
> with direct call of System.loadLibrary
>
> Webrev:
> http://cr.openjdk.java.net/~mchung/jdk8/webrevs/7164376/webrev.00/
>
> This change is required for jdk modularization. High level summary:
> it replaces the use of LoadLibraryAction:
>
> FROM:
> java.security.AccessController.doPrivileged(new LoadLibraryAction("net"));
>
> TO:
> AccessController.doPrivileged(
> new java.security.PrivilegedAction<Void>() {
> public Void run() {
> System.loadLibrary("net");
> return null;
> }
> });
>
> It touches files in awt, security and serviceability area (cc'ed).
> For this type of simple change, I think 1-2 reviewers can
> review all files (simpler to review jdk.patch) and no need
> for all teams to do the reviews.
>
> System.loadLibrary and Runtime.loadLibrary loads a system library of the
> given
> library name that requires RuntimePermission("loadLibrary."+lib)
> permission.
> Many places in the JDK code loading a system native library is using the
> sun.security.action.LoadLibraryAction convenient class that will load the
> system library as a privileged action:
> java.security.AccessController.doPrivileged(new LoadLibraryAction("net"));
>
> The search path of native libraries are coupled with an associated class
> loader.
> For example, the application class loader uses the path specified in the
> "java.library.path" system property for native library lookup. The
> loadLibrary
> implementation uses the caller's class loader for finding the native
> library being
> requested. For system libraries, the class loader is null and the system
> library
> lookup is handled as a special case. When the
> sun.security.action.LoadLibraryAction
> class is used that is the caller of System.loadLibrary, the caller's
> class loader
> in this case is "null" loader and thus it always finds the native
> library from
> the system library path.
>
> In a modular world, JDK modules may be loaded by multiple different
> module class
> loader. The following code would not work if it is expected to load a
> native
> library from a module which is not the module where the
> sun.security.action.LoadLibraryAction lives.
>
> For example, the management module is trying to load libmanagement.so.
> Calling
> the following will fail to find libmanagement.so because the caller of
> System.loadLibrary is the LoadLibraryAction which is in the base module
> and search the library from the base module only. To prepare for jdk
> modularization, the use of LoadLibraryAction should be replaced with
> a direct call of System.loadLibrary.
>
> This patch also removes sun.security.action.LoadLibraryAction
> class to avoid regression.
>
> Thanks
> Mandy
>
More information about the security-dev
mailing list