FW: SecurityManager.checkPackageAccess for qualified exports
Langer, Christoph
christoph.langer at sap.com
Fri May 12 07:26:28 UTC 2017
Adding security-dev... Any comments?
-----------------------------------------------------------------------------
Hi all,
while playing with the security manager (using -Djava.security.manager) in Java 9 and testing platform modules that we have added specifically in our build, I came across the following thing:
As we are using some stuff from jdk.internal, I get the AccessControlException: "exception access denied ("java.lang.RuntimePermission" "accessClassInPackage.jdk.internal.misc")" in several places, even if my code runs priviledged. I figured that I need to grant permission "permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.misc"" to my module. I was looking around where this restriction comes from and learned the following in the documentation of SecurityManager.checkPackageAccess:
Implementation Note:
This implementation also restricts all non-exported packages of modules loaded by the platform class loader<http://download.java.net/java/jdk9/docs/api/java/lang/ClassLoader.html#getPlatformClassLoader--> or its ancestors. A "non-exported package" refers to a package that is not exported to all modules. Specifically, it refers to a package that either is not exported at all by its containing module or is exported in a qualified fashion by its containing module.
Reading this, I'm wondering whether the implementation should implicitly grant package access for modules that a package in question was exported to in a qualified fashion? Now one ends up having to additionally add specific permissions which can easily be forgot.
Any comments? Shouldn't that be improved?
Best regards
Christoph
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20170512/62f6c20a/attachment.htm>
More information about the security-dev
mailing list