RFR: 7193201: [OS X] The development launcher should be signed and given task_for_pid privileges
Staffan Larsen
staffan.larsen at oracle.com
Wed Aug 22 05:12:57 PDT 2012
Please review the following change to the hotspot makefiles to give additional privileges on OS X for running SA tools. The SA tools use the task_for_pid system call to access another process. To do this, OS X requires the launching process to 1) have the SecTaskAccess key set in its plist and 2) be signed.
We do the same thing for the JDK launchers jinfo, jmap and jstack. Since we don't have access to a "real" certificate during development, we use one that we use a self signed certificate. Instructions for creating one is in [1]. This is the same certificate name as used by the JDK launchers at development time.
See the jdk/make/launchers/Makefile.launcher and jdk/make/common/Program.gmk for simliar code in the JDK.
http://cr.openjdk.java.net/~sla/7193201/webrev.00/
Thanks,
/Staffan
[1] https://wikis.oracle.com/display/OpenJDK/Mac+OS+X+Port+Using+jsadebug%2C+jinfo%2C+jmap
More information about the hotspot-dev
mailing list