Re: Source file launch with security manager enabled fails

Thu, 03 Feb 2022 05:32:31 -0800

Thank you Sean for the confirmation. I just filed https://bugs.openjdk.java.net/browse/JDK-8281217 to track this. 

-Jaikiran

On 03/02/22 6:55 pm, Sean Mullan wrote:
I only took a quick look, but it looks like a bug. The jdk.compiler module needs to be granted that permission in the default.policy file. 

Please file a bug, or if you like I can file one on your behalf.

Thanks,
Sean

On 2/3/22 8:01 AM, Jaikiran Pai wrote:

I'm unsure if core-libs is the right place for this or compiler-dev,
sending this to core-libs for now.

Please consider this trivial Java source file:

public class HelloWorld {
      public static void main(final String[] args) throws Exception {
          System.out.println("Hello World");
      }
}

Running this in source file launcher mode as follows:

java HelloWorld.java

returns the expected result. However when running in source file
launcher mode *and* with security manager enabled, it throws the
following exception:

java -Djava.security.manager=default HelloWorld.java

WARNING: A command line option has enabled the Security Manager
WARNING: The Security Manager is deprecated and will be removed in a
future release
Exception in thread "main" java.security.AccessControlException: access
denied ("java.lang.RuntimePermission"
"accessClassInPackage.jdk.internal.misc")
      at
java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485) 
      at
java.base/java.security.AccessController.checkPermission(AccessController.java:1068) 
      at
java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416) 
      at
java.base/java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1332) 
      at
java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:184) 
      at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:520)
      at jdk.compiler/com.sun.tools.javac.launcher.Main.main(Main.java:132) 


This happens in Java 17 as well as latest master branch. I haven't
checked older releases but I guess it's reproducible there too.

Are users expected to use an explicit policy file to add this permission
in source file launch mode or is this missing an internal doPrivileged
call in the JDK?

As an additional input, compiling this file first using javac and then
launching it in traditional mode with security manager enabled works fine: 

javac HelloWorld.java

java -Djava.security.manager=default HelloWorld
WARNING: A command line option has enabled the Security Manager
WARNING: The Security Manager is deprecated and will be removed in a
future release
Hello World


-Jaikiran

Reply via email to