On Tue, 28 Mar 2023 14:34:19 GMT, Chen Liang <li...@openjdk.org> wrote:
> The interface access may be problematic: A non-exported interface Class > object can be obtained via Reflection inspection on exported types, such as > java packages and jdk.internal packages. > > * In that case, it might not be of best interest to create an interface, > but I don't think the current asInterfaceInstance API rejects such creations > either. See the Javadoc: https://github.com/openjdk/jdk/pull/13197/files#diff-6de80127c851b1b0ba6b2ab0a739ffae803187028a721d4a28cd47fb17b1bbcdL64-L65 As this API was added in Java 7, `public` access was easy. W.R.T. modules, no changes have been made to this API. The (previously) underlying `java.lang.reflect.Proxy` does not even require that. @liach Can you please test calling `MethodHandleProxies.wrapperInstanceTarget(MethodHandleProxies.asInterfaceInstance(Runnable.class, MethodHandles.zero(void.class)))` **with an installed `SecurityManager`**? Also with an interface in an untrusted protection domain, for example: public interface Test { void run(); public static void main(String[] args) { System.out.println(MethodHandleProxies.wrapperInstanceTarget(MethodHandleProxies.asInterfaceInstance(Test.class, MethodHandles.zero(void.class)))); } } also with a `SecurityManager` (`-Djava.security.manager` as VM argument). ------------- PR Comment: https://git.openjdk.org/jdk/pull/13197#issuecomment-1497897654
