On Fri, 26 May 2023 21:23:32 GMT, Mandy Chung <mch...@openjdk.org> wrote:

>> John Rose argues against using class data for Leyden. Since class data is 
>> the only known way to defend against user-manufactured annotations, I 
>> switched back to an extra wrapper interface. This approach also requires the 
>> Class loading checks since the interface is not unconditionally exported and 
>> fails security manager.
>
>> This approach also requires the Class loading checks since the interface is 
>> not unconditionally exported and fails security manager.
> 
> Are you referring to `ClassLoader::checkPackageAccess` change?   As MHProxy 
> implements `sun.invoke.WrapperInstance`, it needs to export 
> `java.base/sun.invoke` to the dynamic module.    The change to 
> `ClassLoader::checkPackageAccess` doesn't make sense for this.

Yes. Unfortunately, it fails at 
https://github.com/openjdk/jdk/blob/bd21e68e679c41c98f39dd2fbd38270ae7d55ed9/src/java.base/share/classes/java/lang/SecurityManager.java#L1317
 because a conditionally-exported package is considered a 
non-(unconditionally-)exported package.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/13197#discussion_r1207384208

Reply via email to