RFR: 8155023: jdk.vm.ci needs to securely export services
doug.simon at oracle.com
Mon May 9 12:48:14 UTC 2016
> On 09 May 2016, at 14:30, Alan Bateman <Alan.Bateman at oracle.com> wrote:
> On 09/05/2016 12:50, Doug Simon wrote:
>> Should I be passing System.getSystemClassLoader() as the second argument to ServiceLoader.load()?
> Probably as I assume you want to restrict deployments to the class path or module path. That is, I assume compiler implementation aren't going to be bundled with applications that are loaded into a running VM.
That is correct.
> If you do then you'll need to call ClassLoader::getSystemClassLoaded in a privileged block.
Ok. I’ve pushed these changes along with a comment explaining the use of the system class loader:
> The updated permission checks, to check JVMCIPermission, looks fine. Strictly speaking then the Services.loadXXX methods should need it but this isn't a general purpose service loading class so what you have is fine.
Thanks for answering the final questions I have about this change.
More information about the hotspot-compiler-dev