RFR(M) 8189116: Give the jdk.internal.vm.compiler.management only the permissions it really needs to expose the bean
mandy.chung at oracle.com
Fri Nov 10 19:58:04 UTC 2017
On 11/10/17 1:55 AM, Jaroslav Tulach wrote:
> I believe I have a fix for JDK-8189116 - the
> jdk.internal.vm.compiler.management needs only few permissions as shown in my
> webrev: http://cr.openjdk.java.net/~jtulach/8189116/webrev.01/
The change looks fine. This mainly depends on the test coverage and
also code inspection to find security-sensitive operations.
> I have executed all the tests I found and it seems none of them regressed.
You ran jdk_svc that should cover the management tests. I assume you
also run Graal tests.
> Also the Graal Compiler MX bean is properly exposed when the built JDK is
> launched with
> ./build/linux-x64/jdk/bin/java -XX:+UnlockExperimentalVMOptions -XX:
> +EnableJVMCI -XX:+UseJVMCICompiler -jar ...
You can also try running the above command with -Djava.security.manager
as a sanity test (the application may need additional permissions) -
just a sanity test. Is there a way you can access Graal MBean in a VM
with security manager enabled (locally is fine) to make sure it can be
accessed as expected?
This is good to go as long as you verify the access to Graal MBean with
security manager on.
More information about the core-libs-dev