Low level hooks in JDK for instrumentation of permission checks.
Alan Bateman
Alan.Bateman at oracle.com
Thu Jun 10 06:22:24 UTC 2021
On 10/06/2021 03:49, Peter Firmstone wrote:
> Hi Sean,
>
> Sorry I've confused you.
>
> What I should have said is a ProtectionDomain with a null CodeSource.
>
> What I mean to ask is, where ProtectionDomain is created with a null
> CodeSource, in Class::getProtectionDomain() can we have CodeSource's
> that represents system modules instead of null?
>
> A CodeSource with URL's like jrt:/jdk.* or jrt:/java.* for system
> modules?
This is already the case for system modules that are mapped to the
platform or application class loaders. I think your question is about
modules that are mapped to the boot loader and whether they should get a
unique PD that includes a useful code source rather than using a
"shared" PD. That would be changing long standing behavior and would
require careful analysis to see if anything would break.
-Alan
More information about the security-dev
mailing list