RFR: 8331671: Implement JEP 472: Prepare to Restrict the Use of JNI [v3]
Alan Bateman
alanb at openjdk.org
Wed May 15 06:18:02 UTC 2024
On Wed, 15 May 2024 00:54:43 GMT, David Holmes <dholmes at openjdk.org> wrote:
>> src/hotspot/share/runtime/arguments.cpp line 2271:
>>
>>> 2269: } else if (match_option(option, "--illegal-native-access=", &tail)) {
>>> 2270: if (!create_module_property("jdk.module.illegal.native.access", tail, InternalProperty)) {
>>> 2271: return JNI_ENOMEM;
>>
>> I think it would be helpful to get guidance on if this is the right way to add this system property, only because this one not a "module property". The configuration (WriteableProperty + InternalProperty) look right.
>
> So my recollection/understanding is that we use this mechanism to convert module-related `--` flags passed to the VM into system properties that the Java code can then read, but we set them up such that you are not allowed to specify them directly via `-D`. Is the question here whether this new property should be in the `jdk.module` namespace?
That's my recollection too. The usage here isn' related to modules which makes me wonder if this function should be renamed (not by this PR of course) of if we should be using PropertyList_unique_add (with AddProperty, WriteableProperty, InternalProperty) instead. There will be further GNU style options coming that will likely need to map to an internal system property in the same way.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/19213#discussion_r1601002132
More information about the security-dev
mailing list