On Wed, 28 Apr 2021 18:02:03 GMT, Mandy Chung <mch...@openjdk.org> wrote:
> I reviewed the `--enable-native-access` related change that looks fine. > > > Access to restricted methods from any other module not in the list is > > disallowed and will result in an IllegalAccessException. > > I think you meant to say `IllegalCallerException` instead of > `IllegalAccessException`. Also do you intend to have javadoc to generate > `@throw IllegalCallerException` for the restricted methods automatically > besides the javadoc description? > IllegalCalller is probably better yes - we started off with an access-like check, so things have evolved a bit. I'll also add the @throws. > Making the restricted methods as `@CallerSensitive` in order to get the > caller class for native access check is the proper approach. However, some > interface methods are restricted methods such as `CLinker::downcallHandle` > whose the implementation method is `@CallerSensitive`. I concern with the > security issue with method handle and type aliasing. On the other hand, > `CLinker` is a sealed interface and only implemented by the platform and so > it's less of a concern. I think the interface method should also be > `@CallerSensitive` so that for example a method handle for > `CLinker::downcallHandle` will be produced with the proper caller-sensitive > context. I believe that we had to move @CallerSensitive out of interfaces because there was a test that was checking that @CS was not put on "virtual" methods. ------------- PR: https://git.openjdk.java.net/jdk/pull/3699