On Fri, 26 May 2023 21:23:32 GMT, Mandy Chung <mch...@openjdk.org> wrote:
>> John Rose argues against using class data for Leyden. Since class data is >> the only known way to defend against user-manufactured annotations, I >> switched back to an extra wrapper interface. This approach also requires the >> Class loading checks since the interface is not unconditionally exported and >> fails security manager. > >> This approach also requires the Class loading checks since the interface is >> not unconditionally exported and fails security manager. > > Are you referring to `ClassLoader::checkPackageAccess` change? As MHProxy > implements `sun.invoke.WrapperInstance`, it needs to export > `java.base/sun.invoke` to the dynamic module. The change to > `ClassLoader::checkPackageAccess` doesn't make sense for this. Yes. Unfortunately, it fails at https://github.com/openjdk/jdk/blob/bd21e68e679c41c98f39dd2fbd38270ae7d55ed9/src/java.base/share/classes/java/lang/SecurityManager.java#L1317 because a conditionally-exported package is considered a non-(unconditionally-)exported package. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/13197#discussion_r1207384208