Hi Götz, thanks for the review!
Best regards, Martin From: Lindenmaier, Goetz <goetz.lindenma...@sap.com> Sent: Montag, 21. Dezember 2020 14:44 To: Doerr, Martin <martin.do...@sap.com>; core-libs-dev <core-libs-dev@openjdk.java.net>; jdk-updates-...@openjdk.java.net Cc: Langer, Christoph <christoph.lan...@sap.com> Subject: RE: [11u] RFR: 8235351: Lookup::unreflect should bind with the original caller independent of Method's accessible flag Hi Martin, The change looks good. The private methods have been called at those places before, so this is straight forward. Best regards, Goetz. From: Doerr, Martin <martin.do...@sap.com<mailto:martin.do...@sap.com>> Sent: Monday, December 21, 2020 11:52 AM To: core-libs-dev <core-libs-dev@openjdk.java.net<mailto:core-libs-dev@openjdk.java.net>>; jdk-updates-...@openjdk.java.net<mailto:jdk-updates-...@openjdk.java.net> Cc: Langer, Christoph <christoph.lan...@sap.com<mailto:christoph.lan...@sap.com>>; Lindenmaier, Goetz <goetz.lindenma...@sap.com<mailto:goetz.lindenma...@sap.com>> Subject: [11u] RFR: 8235351: Lookup::unreflect should bind with the original caller independent of Method's accessible flag Hi, JDK-8235351 is backported to 11.0.11-oracle. I'd like to backport it for parity. Change doesn't apply cleanly, because https://bugs.openjdk.java.net/browse/JDK-8233527 is not in 11u (jdk14 uses hasFullPrivilegeAccess(), but older versions use hasPrivateAccess()). Bug: https://bugs.openjdk.java.net/browse/JDK-8235351 Original change: https://hg.openjdk.java.net/jdk/jdk/rev/4437d58547ce 11u backport: http://cr.openjdk.java.net/~mdoerr/8235351_methodhandles_11u/webrev.00/ This is the adaptation: diff -r a670e0826a66 src/java.base/share/classes/java/lang/invoke/MethodHandles.java --- a/src/java.base/share/classes/java/lang/invoke/MethodHandles.java Fri Dec 06 15:10:40 2019 -0800 +++ b/src/java.base/share/classes/java/lang/invoke/MethodHandles.java Fri Dec 18 18:01:25 2020 +0100 @@ -2074,8 +2074,8 @@ * Otherwise, if m is caller-sensitive, throw IllegalAccessException. */ Lookup findBoundCallerLookup(MemberName m) throws IllegalAccessException { - if (MethodHandleNatives.isCallerSensitive(m) && !hasFullPrivilegeAccess()) { - // Only lookups with full privilege access are allowed to resolve caller-sensitive methods + if (MethodHandleNatives.isCallerSensitive(m) && !hasPrivateAccess()) { + // Only lookups with private access are allowed to resolve caller-sensitive methods throw new IllegalAccessException("Attempt to lookup caller-sensitive method using restricted lookup object"); } return this; @@ -2335,9 +2335,9 @@ if (boundCaller.allowedModes == TRUSTED || !MethodHandleNatives.isCallerSensitive(method)) return mh; - // boundCaller must have full privilege access. + // boundCaller must have private access. // It should have been checked by findBoundCallerLookup. Safe to check this again. - if (!boundCaller.hasFullPrivilegeAccess()) + if (!boundCaller.hasPrivateAccess()) throw new IllegalAccessException("Attempt to lookup caller-sensitive method using restricted lookup object"); MethodHandle cbmh = MethodHandleImpl.bindCaller(mh, boundCaller.lookupClass); Please review. Best regards, Martin
