Low level hooks in JDK for instrumentation of permission checks.
Peter Firmstone
peter.firmstone at zeus.net.au
Thu Jun 10 06:37:04 UTC 2021
Thanks Alan,
You've hit the nail on the head.
In policy implementations, a null CodeSource in PD, is assigned
AllPermission. So it would require adding grant statements for these
modules in the default policy file that ships with the JVM.
I thought it's an opportunity to make ProtectionDomain a little more
useful if it maps to modules.
Gut feel is it would be relatively low risk, but as you correctly state,
would require testing.
I'm not able to lodge on Jira, but I thought this would be worthy update.
Regards,
Peter.
On 10/06/2021 4:22 pm, Alan Bateman wrote:
> On 10/06/2021 03:49, Peter Firmstone wrote:
>> Hi Sean,
>>
>> Sorry I've confused you.
>>
>> What I should have said is a ProtectionDomain with a null CodeSource.
>>
>> What I mean to ask is, where ProtectionDomain is created with a null
>> CodeSource, in Class::getProtectionDomain() can we have CodeSource's
>> that represents system modules instead of null?
>>
>> A CodeSource with URL's like jrt:/jdk.* or jrt:/java.* for system
>> modules?
>
> This is already the case for system modules that are mapped to the
> platform or application class loaders. I think your question is about
> modules that are mapped to the boot loader and whether they should get
> a unique PD that includes a useful code source rather than using a
> "shared" PD. That would be changing long standing behavior and would
> require careful analysis to see if anything would break.
>
> -Alan
More information about the security-dev
mailing list