On Thu, 26 Jan 2023 21:03:59 GMT, Mandy Chung <mch...@openjdk.org> wrote:
> Currently, a `Lookup` object with `PACKAGE` access can be used to inject a
> class in the runtime package of the Lookup's lookup class via
> `Lookup::defineClass`. The classes that are injected have the same access
> as other members in the module and can access private members of all types in
> the module via reflection.
>
> However, changing `Lookup.defineClass` to require full privilege access
> (`PRIVATE` + `MODULE`) is an incompatible change that would break existing
> frameworks which use `privateLookupIn` and `Lookup::defineClass` to inject
> auxiliary classes in a module. A module authorizes the framework by opening
> a package for it to access and `Lookup::defineClass` was the supported
> replacement for `setAccessible` on `ClassLoader::defineClass` hack in JDK 9.
>
>
> This PR proposes to keep existing behavior and provide better documentation
> to help developers to beware of the permissions given out when opening a
> package to another module. A class injected in a module has the same
> privilege as other module members.
src/java.base/share/classes/java/lang/Module.java line 607:
> 605: * {@link java.lang.invoke.MethodHandles.Lookup Lookup} object that
> can be used to
> 606: * {@link java.lang.invoke.MethodHandles.Lookup#defineClass(byte[])
> inject classes}
> 607: * in package {@code p}. </p>
Suggestion:
* <p> A package {@code p} opened to module {@code M} means that code in
* {@code M} is allowed to do deep reflection on all types in the package.
* Further, if {@code M} reads this module it can obtain a
* {@link java.lang.invoke.MethodHandles.Lookup Lookup} object that is
allowed to
* {@link java.lang.invoke.MethodHandles.Lookup#defineClass(byte[]) define
classes}
* in package {@code p}. </p>
Trying to reuse existing terms. I am presuming deep reflection implies on all
members and setAccessible so there is no need to mention it?
Also i don't see "inject" used in existing text, so just reuse "define"?
src/java.base/share/classes/java/lang/invoke/MethodHandles.java line 240:
> 238: * of {@code targetClass}. Extreme caution should be taken when
> opening a package
> 239: * to another module. The injected classes have the same full
> privilege
> 240: * access as other members in the target module.
Suggestion:
* The {@code Lookup} object returned by this method is allowed to
* {@linkplain Lookup#defineClass(byte[]) define classes} in the runtime
package
* of {@code targetClass}. Extreme caution should be taken when opening a
package
* to another module as such defined classes have the same full privilege
* access as other members in the target module.
src/java.base/share/classes/java/lang/invoke/MethodHandles.java line 883:
> 881: * of {@code T}. Extreme caution should be taken when opening a
> package
> 882: * to another module. The injected classes have the same full
> privilege
> 883: * access as other members in the target module.
Suggestion:
* <p>
* The {@code Lookup} object returned by {@code privateLookupIn} is allowed
to
* {@linkplain Lookup#defineClass(byte[]) define classes} in the runtime
package
* of {@code T}. Extreme caution should be taken when opening a package
* to another module as such defined classes have the same full privilege
* access as other members in the target module.
You mention "target module" but i don't think i it is defined for the Lookup
class JavaDoc. In this case are we referring to module M2?
-------------
PR: https://git.openjdk.org/jdk/pull/12236
