On 12/17/2013 06:43 PM, Mandy Chung wrote:
Can you check what methods are called by the constructors whose access
are denied in the current implementation but granted in the patch? I
have to take another look to make sure but I believe they only calls
the methods in the handler classes that calls Handler.checkPermission.
Mandy
Hi Mandy, Daniel,
Here's yet another variant that reduces the doPrivileged code to just
Handler's setters. This way no LogManager methods are invoked under
elevated privilege:
http://cr.openjdk.java.net/~plevart/jdk8-tl/jul.Handler.sealed/webrev.06/
I also factored-out common code into a single package-private
Handler.configure() method + two package-private getters that provide
this method with different defaults for different Handler subclasses.
configure() is in this variant called only in immediate Handler
subclasses: MemoryHandler & StreamHandler and not in SocketHandler or
ConsoleHandler. Each property is only set once this way at construction
time - current code sets each property twice in SocketHandler or
ConsoleHandler.
SocketHandler's output stream is set with privileged action in both
cases: whether constructed with configured or specified host/port.
Regards, Peter