> On May 12, 2017, at 8:01 AM, Sean Mullan <[email protected]> wrote: > > On 5/12/17 9:14 AM, Langer, Christoph wrote: >> >> I think the package access check walking down the whole stack is fine and >> should be done here, not just the module access check.
One thing to mention is that the application class loader’s loadClass method calls SecurityManager::checkPackageAccess which is stack-based permission check. When a class is being loaded by the application class loader, package access permission is checked. >> However, frames originating out of a module that the package was exported to >> should have the permission to access the package. Such that when I would run >> in a privileged section there, I would get package access. And if I wouldn't >> run privileged then all the calling frames would be checked and the check >> might not be passed. Wouldn't that be the right way? > > Yes, I think something like this is worth considering but needs to be > prototyped and carefully reviewed before we would be able to consider it. I > can file an issue to track this, but in my opinion it is too late for JDK 9. We discussed this and agree to improve it in a future release. In particular when a module M1 exports qualifiedly to M2, it’d be good to skip that the package access check. Mandy
