SecurityManager.checkPackageAccess for qualified exports

Mandy Chung mandy.chung at oracle.com
Fri May 12 17:04:05 UTC 2017


> On May 12, 2017, at 8:01 AM, Sean Mullan <sean.mullan at oracle.com> wrote:
> 
> On 5/12/17 9:14 AM, Langer, Christoph wrote:
>> 
>> I think the package access check walking down the whole stack is fine and should be done here, not just the module access check.

One thing to mention is that the application class loader’s loadClass method calls SecurityManager::checkPackageAccess which is stack-based permission check.  When a class is being loaded by the application class loader, package access permission is checked.

>> However, frames originating out of a module that the package was exported to should have the permission to access the package. Such that when I would run in a privileged section there, I would get package access. And if I wouldn't run privileged then all the calling frames would be checked and the check might not be passed. Wouldn't that be the right way?
> 
> Yes, I think something like this is worth considering but needs to be prototyped and carefully reviewed before we would be able to consider it. I can file an issue to track this, but in my opinion it is too late for JDK 9.

We discussed this and agree to improve it in a future release.  In particular when a module M1 exports qualifiedly to M2, it’d be good to skip that the package access check.

Mandy




More information about the security-dev mailing list