RFR: 8155023: jdk.vm.ci needs to securely export services
doug.simon at oracle.com
Mon May 9 11:50:40 UTC 2016
> On 05 May 2016, at 17:45, Doug Simon <doug.simon at oracle.com> wrote:
>> On 05 May 2016, at 16:55, Alan Bateman <Alan.Bateman at oracle.com> wrote:
>> On 03/05/2016 14:34, Doug Simon wrote:
>> I skimmed through this.
>> The module-info.java looks okay. The permission check idiom in JVMCICompilerFactory (and EventProvider) look fine.
>> I'm not sure about using RuntimePermission("jvmci"). One reason is that RuntimePermission specifies in its javadoc all the possible targets. It might be better to just introduce a new basic permission for this.
> Ok, I was not aware that the set of RuntimePermissions is effectively closed. I’ve created JVMCIPermission and updated the webrev.
>> One thing about Services.load is that it uses ServiceLoader.load and hence the TCCL. I don't know if this is what you here, I suspect you want the system class loader.
> Is that because I should expect only trusted code to use this call? That is, only code available via the system class loader? I’ll admit that when to use TCCL versus the system class loader is not clear to me.
Should I be passing System.getSystemClassLoader() as the second argument to ServiceLoader.load()?
More information about the hotspot-compiler-dev