I think it would be useful to hear from Jon Gibbons or someone else
working on javac first. It would be a bit unusual to run the compiler
with a security manager and I thought it was deliberate to not grant
permissions to jdk.compiler in the default policy. Also the source code
launcher is aimed at the early stages of learning Java where there
shouldn't be advanced options or exotic execution modes.
-Alan
On 03/02/2022 13:25, Sean Mullan wrote:
I only took a quick look, but it looks like a bug. The jdk.compiler
module needs to be granted that permission in the default.policy file.
Please file a bug, or if you like I can file one on your behalf.
Thanks,
Sean
On 2/3/22 8:01 AM, Jaikiran Pai wrote:
I'm unsure if core-libs is the right place for this or compiler-dev,
sending this to core-libs for now.
Please consider this trivial Java source file:
public class HelloWorld {
public static void main(final String[] args) throws Exception {
System.out.println("Hello World");
}
}
Running this in source file launcher mode as follows:
java HelloWorld.java
returns the expected result. However when running in source file
launcher mode *and* with security manager enabled, it throws the
following exception:
java -Djava.security.manager=default HelloWorld.java
WARNING: A command line option has enabled the Security Manager
WARNING: The Security Manager is deprecated and will be removed in a
future release
Exception in thread "main" java.security.AccessControlException: access
denied ("java.lang.RuntimePermission"
"accessClassInPackage.jdk.internal.misc")
at
java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
at
java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
at
java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416)
at
java.base/java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1332)
at
java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:184)
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:520)
at
jdk.compiler/com.sun.tools.javac.launcher.Main.main(Main.java:132)
This happens in Java 17 as well as latest master branch. I haven't
checked older releases but I guess it's reproducible there too.
Are users expected to use an explicit policy file to add this permission
in source file launch mode or is this missing an internal doPrivileged
call in the JDK?
As an additional input, compiling this file first using javac and then
launching it in traditional mode with security manager enabled works
fine:
javac HelloWorld.java
java -Djava.security.manager=default HelloWorld
WARNING: A command line option has enabled the Security Manager
WARNING: The Security Manager is deprecated and will be removed in a
future release
Hello World
-Jaikiran
