On Thu, 6 Apr 2023 17:04:02 GMT, Johannes Kuhn <jk...@openjdk.org> wrote:
>> I don't think that's good enough. If an instance implements an interface >> that just happens to also have an entry in the INTERFACE_INFOS cache, then >> e.g. `MethodHandleProxies::wrapperInstanceTarget` could be used to retrieve >> the class data of a class that wasn't generated using MethodHandleProxies. >> >> I think some explicit marker is needed for class generated by >> MethodHandleProxies. >> >> Switching back to the `WrapperInstance` interface, and then defining the >> class using `IMPL_LOOKUP`, as opposed to defining the class in a dynamic >> module, could be an option (since we determined that the wrapper instance >> can not be used to escalate privilege. I'm just not sure if that will work >> for target interfaces in non-exported packages. Proxy seems to be able to do >> that too though. > > An other possibility to to add some key into the ClassData that can't be > imitated - such as the `InterfaceInfo` itself. > An `instanceof` check on the ClassData at a fixed position could then > determine if is a MHP. It looks like Proxy forcibly adds reads and exports edges from the module of the target interface to the module that defines the proxy: https://github.com/openjdk/jdk/blob/master/src/java.base/share/classes/java/lang/reflect/Proxy.java#L855-L868 I think we can do the same here ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/13197#discussion_r1160074618
