RFR(S) 8216151: [Graal] Module jdk.internal.vm.compiler.management has not been granted accessClassInPackage.org.graalvm.compiler.debug
vladimir.kozlov at oracle.com
Mon Jan 14 18:31:07 UTC 2019
Thank you Mandy for review.
On 1/14/19 10:29 AM, Mandy Chung wrote:
> On 1/14/19 9:39 AM, Vladimir Kozlov wrote:
>> Thank you, Alan
>> On 1/14/19 2:27 AM, Alan Bateman wrote:
>>> On 13/01/2019 02:46, Vladimir Kozlov wrote:
>>>> Have to update default.policy after changes in jdk.internal.vm.compiler.management files done by JDK-8199755:
>>>> "Update Graal".
>>>> Ran CheckAccessClassInPackagePermissions.java test.
>>> cc'ing security-dev as that is where is the security policy file is maintained.
>>> One thing is double check is that code in jdk.internal.vm.compiler.management really needs to access members of
>>> classes in the listed packages. I ask because the module definition doesn't export some of these packages to
>>> jdk.internal.vm.compiler.management so they aren't accessible even when not running with a security manager.
>> I verified that all listed packages are used by compiler.management and I listed only needed in default.policy. I used
>> CheckAccessClassInPackagePermissions.java test to find which permissions are needed.
> I reviewed the change and the list matches the list of qualified exports from jdk.internal.vm.compiler to
> The security team has been looking into removing the private VM call out to ClassLoader::checkPackageAccess. When
> that's removed, we would not need to maintain these accessClassInPackage permission to access any new qualified exports.
More information about the hotspot-compiler-dev