[Nestmates] RFR: 8199309: [Nestmates] The new Class nestmate methods should have SecurityManager checks

mandy chung mandy.chung at oracle.com
Mon Mar 12 18:09:08 UTC 2018



On 3/11/18 9:32 PM, John Rose wrote:
> Looks good, except for one thing:  The checkPackageAccess calls should
> happen *after* the checks for primitives and arrays.
>
> I don't think primitive or array classes interact well with checkPackageAccess.
> At least, that path (calling cPA from a prim or array) is not well exercised,
> and I'd rather not depend on it working correctly.
>
> You can return nestHost or nestMembers from a primitive or array without
> security implications, since they are self-hosting, so what comes out
> of the query is only what went in.
>
> (Hmm… the same is true of *any* self-hosting class.)

This makes sense.  The self-hosting class (that includes the primitive 
and arrays) should not need to do the package access check.  The 
permission check is to ensure the caller has the permission to access 
the requested nest host or members if differs.


On 3/12/18 12:05 AM, David Holmes wrote:
>
> This isn't in the webrev but how about:
>
> * @throws SecurityException
> *         If the returned class is not the current class, and
> *         if a security manager, <i>s</i>, is present and the caller's
> *         class loader is not the same as or an ancestor of the class
> *         loader for the returned class and invocation of {@link
> *         SecurityManager#checkPackageAccess s.checkPackageAccess()}
> *         denies access to the package of the current class
>
> and similarly for getNestMembers:
>
> * @throws SecurityException
> *         If any returned class is not the current class, and
> *         if a security manager, <i>s</i>, is present and the caller's
> *         class loader is not the same as or an ancestor of the class
> *         loader for the returned class and invocation of {@link
> *         SecurityManager#checkPackageAccess s.checkPackageAccess()}
> *         denies access to the package of the current class
>
> It's a bit of a mouthful but ...

This spec change looks okay.

Mandy


More information about the valhalla-dev mailing list