On Thu, 26 Jan 2023 21:03:59 GMT, Mandy Chung <mch...@openjdk.org> wrote:
> Currently, a `Lookup` object with `PACKAGE` access can be used to inject a > class in the runtime package of the Lookup's lookup class via > `Lookup::defineClass`. The classes that are injected have the same access > as other members in the module and can access private members of all types in > the module via reflection. > > However, changing `Lookup.defineClass` to require full privilege access > (`PRIVATE` + `MODULE`) is an incompatible change that would break existing > frameworks which use `privateLookupIn` and `Lookup::defineClass` to inject > auxiliary classes in a module. A module authorizes the framework by opening > a package for it to access and `Lookup::defineClass` was the supported > replacement for `setAccessible` on `ClassLoader::defineClass` hack in JDK 9. > > > This PR proposes to keep existing behavior and provide better documentation > to help developers to beware of the permissions given out when opening a > package to another module. A class injected in a module has the same > privilege as other module members. This pull request has now been integrated. Changeset: 7f05d57a Author: Mandy Chung <mch...@openjdk.org> URL: https://git.openjdk.org/jdk/commit/7f05d57a87d8b41b53194aa0dacc4057cbb58544 Stats: 31 lines in 2 files changed: 30 ins; 0 del; 1 mod 8217920: Lookup.defineClass injects a class that can access private members of any class in its own module Reviewed-by: psandoz, alanb, darcy ------------- PR: https://git.openjdk.org/jdk/pull/12236
