<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Georgia;
panose-1:2 4 5 2 5 4 5 2 3 3;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.simpletaglabel
{mso-style-name:simpletaglabel;}
span.apple-converted-space
{mso-style-name:apple-converted-space;}
span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="DE" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US">Adding security-dev… Any comments?<o:p></o:p></span></p>
<p class="MsoNormal"><a name="_MailEndCompose"><span lang="EN-US"><o:p> </o:p></span></a></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span lang="EN-US">-----------------------------------------------------------------------------<o:p></o:p></span></span></p>
<span style="mso-bookmark:_MailEndCompose"></span>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span lang="EN-US">Hi all,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">while playing with the security manager (using -Djava.security.manager) in Java 9 and testing platform modules that we have added specifically in our build, I came across the following thing:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">As we are using some stuff from jdk.internal, I get the AccessControlException: “exception access denied ("java.lang.RuntimePermission" "accessClassInPackage.jdk.internal.misc")” in several places, even if my code runs
priviledged. I figured that I need to grant permission “permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.misc"” to my module. I was looking around where this restriction comes from and learned the following in the documentation of
SecurityManager.checkPackageAccess:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:8.0pt;font-family:"Arial",sans-serif;color:#666666;mso-fareast-language:DE"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-top:7.5pt;background:white"><span class="simpletaglabel"><b><span lang="EN-US" style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#4E4E4E">Implementation Note:</span></b></span><b><span lang="EN-US" style="font-size:9.0pt;font-family:"Arial",sans-serif;color:#4E4E4E"><o:p></o:p></span></b></p>
<p class="MsoNormal" style="mso-margin-top-alt:3.75pt;margin-right:0cm;margin-bottom:7.5pt;margin-left:36.0pt;background:white">
<span lang="EN-US" style="font-size:10.5pt;font-family:"Georgia",serif;color:#353833">This implementation also restricts all non-exported packages of modules loaded by<span class="apple-converted-space"> </span></span><span style="font-size:10.5pt;font-family:"Georgia",serif;color:#353833"><a href="http://download.java.net/java/jdk9/docs/api/java/lang/ClassLoader.html#getPlatformClassLoader--"><span lang="EN-US" style="color:#4A6782">the
platform class loader</span></a></span><span class="apple-converted-space"><span lang="EN-US" style="font-size:10.5pt;font-family:"Georgia",serif;color:#353833"> </span></span><span lang="EN-US" style="font-size:10.5pt;font-family:"Georgia",serif;color:#353833">or
its ancestors. A "non-exported package" refers to a package that is not exported to all modules. Specifically, it refers to a package that either is not exported at all by its containing module or is exported in a qualified fashion by its containing module.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Reading this, I’m wondering whether the implementation should implicitly grant package access for modules that a package in question was exported to in a qualified fashion? Now one ends up having to additionally add specific
permissions which can easily be forgot.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Any comments? Shouldn’t that be improved?<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Best regards<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Christoph<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
</div>
</body>
</html>