On Wed, 31 May 2023 00:49:22 GMT, Mandy Chung <mch...@openjdk.org> wrote:
>>> Apparently, calling utility methods from sun.invoke, like the >>> ensureOriginalLookup in this patch, also triggers this check. >> >> It should not trigger `checkPackageAccess` if it does not implement the >> interface AFAICT. >> >> It would trigger module-access check. `java.base` can export `sun.invoke` >> to the dynamic module (it may be worth considering putting the internal >> interface in a specific package for the dynamic module' use - `sun.invoke` >> is ok since it currently has one interface but hard to catch when someone >> adds a new class/interface in `sun.invoke` unintentionally and leak out >> sensitive API. > >> Then we still need to obtain the implemented interface and original method >> handle information every time they are queried. Having these information (or >> the method handle providing access) computed early is more convenient. > > I was thinking the wrapper instance class still implements some private > methods to get the implemented interface and original method handle which can > be accessed only `java.base` via deep reflection. > It should not trigger `checkPackageAccess` if it does not implement the > interface AFAICT. `checkPackageAccess` is also called by the application class loader: https://github.com/openjdk/jdk/blob/master/src/java.base/share/classes/jdk/internal/loader/ClassLoaders.java#L174-L189 It should make it impossible to reference for example `sun.misc.Unsafe`. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/13197#discussion_r1211652282
