On Fri, 31 Jan 2025 16:39:35 GMT, Coleen Phillimore <cole...@openjdk.org> wrote:
> This change removes the native call and injected field for ProtectionDomain > in the java.lang.Class instance, and moves the field to be declared in Java. > Tested with tier1-4. Reflection filtering was mostly a legacy measure to avoid write and read access to fields via reflection that can't hide in the VM. Now the access control of modules should be sufficient to block writes (and if java.lang is compromised, we can consider the whole VM compromised); we already grant free reads with the functional removal of SM. (The explicit move of `signers` did not filter that field, too) On a side note, if we filter more than 2 fields in `jdk.internal.reflect.Reflection`, we had better filter all fields. The filter is initialized very early in the bootstrap process, before `JavaLangAccess` is ready, so early that it couldn't access string hash code computation required for regular immutable sets. ------------- PR Comment: https://git.openjdk.org/jdk/pull/23396#issuecomment-2627839902
