[Nestmates] RFR: 8199309: [Nestmates] The new Class nestmate methods should have SecurityManager checks (original) (raw)
mandy chung mandy.chung at oracle.com
Mon Mar 12 18:09:08 UTC 2018
- Previous message (by thread): [Nestmates] RFR: 8199309: [Nestmates] The new Class nestmate methods should have SecurityManager checks
- Next message (by thread): hg: valhalla/valhalla: [lworld] Basic runtime test for withfield behavior.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 3/11/18 9:32 PM, John Rose wrote:
Looks good, except for one thing: The checkPackageAccess calls should happen after the checks for primitives and arrays.
I don't think primitive or array classes interact well with checkPackageAccess. At least, that path (calling cPA from a prim or array) is not well exercised, and I'd rather not depend on it working correctly. You can return nestHost or nestMembers from a primitive or array without security implications, since they are self-hosting, so what comes out of the query is only what went in. (Hmm… the same is true of any self-hosting class.)
This makes sense. The self-hosting class (that includes the primitive and arrays) should not need to do the package access check. The permission check is to ensure the caller has the permission to access the requested nest host or members if differs.
On 3/12/18 12:05 AM, David Holmes wrote:
This isn't in the webrev but how about: * @throws SecurityException * If the returned class is not the current class, and * if a security manager, s, is present and the caller's * class loader is not the same as or an ancestor of the class * loader for the returned class and invocation of {@link * SecurityManager#checkPackageAccess s.checkPackageAccess()} * denies access to the package of the current class and similarly for getNestMembers: * @throws SecurityException * If any returned class is not the current class, and * if a security manager, s, is present and the caller's * class loader is not the same as or an ancestor of the class * loader for the returned class and invocation of {@link * SecurityManager#checkPackageAccess s.checkPackageAccess()} * denies access to the package of the current class It's a bit of a mouthful but ...
This spec change looks okay.
Mandy
- Previous message (by thread): [Nestmates] RFR: 8199309: [Nestmates] The new Class nestmate methods should have SecurityManager checks
- Next message (by thread): hg: valhalla/valhalla: [lworld] Basic runtime test for withfield behavior.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]