RFR: 8331671: Implement JEP 472: Prepare to Restrict the Use of JNI [v6]
Maurizio Cimadamore
mcimadamore at openjdk.org
Thu May 16 11:50:05 UTC 2024
On Thu, 16 May 2024 11:42:48 GMT, Jaikiran Pai <jpai at openjdk.org> wrote:
> Hello Maurizio, in the current mainline, we have code in `LauncherHelper` https://github.com/openjdk/jdk/blob/master/src/java.base/share/classes/sun/launcher/LauncherHelper.java#L636 where we enable native access to all unnamed modules if an executable jar with `Enable-Native-Access: ALL-UNNAMED` manifest is being launched. For such executable jars, what is the expected semantics when the launch also explicitly has a `--enable-native-access=M1,M2` option. Something like:
>
> ```
> java --enable-native-access=M1,M2 -jar foo.jar
> ```
>
> where `foo.jar` has `Enable-Native-Access: ALL-UNNAMED` in its manifest.
The options are additive - e.g. the enable-native-access in the manifest will add up to the enable-native-access in the command line, so effectively it will be as if you were running with --enable-native-access=M1,M2,ALL-UNNAMED
> src/java.base/share/classes/sun/launcher/resources/launcher.properties line 72:
>
>> 70: \ by code in modules for which native access is not explicitly enabled.\n\
>> 71: \ <value> is one of "deny", "warn" or "allow".\n\
>> 72: \ This option will be removed in a future release.\n\
>
> Should this specify the current default value for this option if it isn't set?
We already do, see
https://github.com/openjdk/jdk/pull/19213/files/1c45e5d56c429205ab8185481bc1044a86ab3bc6#diff-d05029afe6aed86f860a10901114402f1f6af4fe1e4b46d883141ab1d2a527b8R582
-------------
PR Comment: https://git.openjdk.org/jdk/pull/19213#issuecomment-2115012361
PR Review Comment: https://git.openjdk.org/jdk/pull/19213#discussion_r1603195671
More information about the serviceability-dev
mailing list