Review request JDK-8165180: Provide a shared secret to access non-public ServerSocket constructor
peter.levart at gmail.com
Mon Sep 5 07:19:27 UTC 2016
On 09/02/2016 05:30 PM, Mandy Chung wrote:
> Constructor::newInstance is a caller-sensitive method that performs the security check when the caller is not the same class loader as implClass’s class loader or not its ancestor.
> In this case the caller class is ServerSocket and its class loader is the bootstrap class loader is privileged (an ancestor of any loader).
I'm thinking of the Class::getDeclaredConstructor method.
If the implClass's class loader is not the bootstrap loader,
"accessDeclaredMembers" permission will be checked. I don't know about
which implClass(es) will be passed to the method, but if custom user
classes are among them, they will not be loaded by bootstrap loader, right?
Checking the usages of getDeclaredConstructor() in JDK sources I can see
that they usually (but not always) are enclosed in doPrivileged.
>> On Sep 2, 2016, at 6:42 AM, Peter Levart <peter.levart at gmail.com> wrote:
>> Hi Many,
>> Are you sure the implementation class passed to JavaNetSocketAccess.newSocketImpl(Class<? extends SocketImpl> implClass) is never going to be loaded by a class loader other than bootstrap classloader (the loader of the caller of implClass.getDeclaredConstructor()) and that no unprivileged code will be on the call stack at that time? Do you need to enclose this invocation into doPrivileged() block or do you expect that the caller of JavaNetSocketAccess.newSocketImpl() will do that?
>> Regards, Peter
>> On 08/31/2016 10:48 PM, Mandy Chung wrote:
>>> This patch introduces JavaNetSocketAccess to allow access to non-public ServerSocket constructor that is accessed by some other area as a clean up.
More information about the net-dev