Questions on deprivileging a module

Wang Weijun at
Mon Jul 4 06:03:14 UTC 2016

I am working on

   JDK-8159528 Deprivilege, and

Several questions:

1. How does updating <top>/make/common/Modules.gmk affect an exploded build?

2. I am using Unsafe in two places, once to rewrite a final filed in clone() [1], and another to call unsafe.ensureClassInitialized(KeyTab.class) so that I can call a non-public method there [2], but it seems a platform module cannot use Unsafe. Is there new ways to do these? What I can do now is 1) make it non-final 2) call a method in KeyTab to get it initialized.

3. I thought I can add something like

grant codeBase "file://${java.home}/modules/" {

into java.policy so I can test with an exploded build. However, I see exceptions on ("java.lang.RuntimePermission" "") not granted. The exception is not thrown when I am testing with an image build. Is there any way I can avoid it?



More information about the security-dev mailing list