On 02/06/2016 09:41, Andrew Dinn wrote:
On 01/06/16 20:07, Alex Buckley wrote:
Core Reflection is still bound by the Java language's notion of
accessibility, so calling newInstance() on a Class or get() on a Field
or invoke() on a Method will perform an access check in SE 9 just like
in SE 8. The access check has two parts, as previously discussed, but by
policy the first part (X-reads-Y) is a "yes" for these reflective
operations ... that leaves second part where the underlying
class/field/method must be exported to the code calling
newInstance()/get()/invoke(). That's why setAccessible has been
@CallerSensitive since the module system implementation was merged into
JDK 9.
That's not quite true at present since this exports test need not be
passed when the caller module is java.base i.e. the current permissions
are wider than you state.
Alan Bateman explained to me that that this was merely a heuristic to
enable the current Jigsaw implementation to work. If/when that heuristic
is removed then is the intention that the condition for reflective
access will reduce simply to the exports check or will there still be a
need for some slightly wider condition? If the latter then how will the
condition be widened?
There is special handling for java.base in java.base but that is not
specified and lots of things would need to happen before that can go
away. So I think a separate topic .
-Alan
