On Fri, 27 Jan 2023 17:41:43 GMT, Mandy Chung <mch...@openjdk.org> wrote:
>> Currently, a `Lookup` object with `PACKAGE` access can be used to inject a
>> class in the runtime package of the Lookup's lookup class via
>> `Lookup::defineClass`. The classes that are injected have the same access
>> as other members in the module and can access private members of all types
>> in the module via reflection.
>>
>> However, changing `Lookup.defineClass` to require full privilege access
>> (`PRIVATE` + `MODULE`) is an incompatible change that would break existing
>> frameworks which use `privateLookupIn` and `Lookup::defineClass` to inject
>> auxiliary classes in a module. A module authorizes the framework by
>> opening a package for it to access and `Lookup::defineClass` was the
>> supported replacement for `setAccessible` on `ClassLoader::defineClass` hack
>> in JDK 9.
>>
>> This PR proposes to keep existing behavior and provide better documentation
>> to help developers to beware of the permissions given out when opening a
>> package to another module. A class injected in a module has the same
>> privilege as other module members.
>
> Mandy Chung has updated the pull request incrementally with one additional
> commit since the last revision:
>
> review feedback and add @apiNote
The update looks good.
src/java.base/share/classes/java/lang/Module.java line 606:
> 604: * {@link java.lang.invoke.MethodHandles.Lookup Lookup} object that
> is allowed to
> 605: * {@link java.lang.invoke.MethodHandles.Lookup#defineClass(byte[])
> define classes}
> 606: * in package {@code p}.
A small suggestion here is to change "means that code in M" to "allows code in
M".
-------------
Marked as reviewed by alanb (Reviewer).
PR: https://git.openjdk.org/jdk/pull/12236
