On Mon, 13 May 2024 11:47:38 GMT, Maurizio Cimadamore <mcimadam...@openjdk.org> wrote:
>> This PR implements [JEP 472](https://openjdk.org/jeps/472), by restricting >> the use of JNI in the following ways: >> >> * `System::load` and `System::loadLibrary` are now restricted methods >> * `Runtime::load` and `Runtime::loadLibrary` are now restricted methods >> * binding a JNI `native` method declaration to a native implementation is >> now considered a restricted operation >> >> This PR slightly changes the way in which the JDK deals with restricted >> methods, even for FFM API calls. In Java 22, the single >> `--enable-native-access` was used both to specify a set of modules for which >> native access should be allowed *and* to specify whether illegal native >> access (that is, native access occurring from a module not specified by >> `--enable-native-access`) should be treated as an error or a warning. More >> specifically, an error is only issued if the `--enable-native-access flag` >> is used at least once. >> >> Here, a new flag is introduced, namely >> `illegal-native-access=allow/warn/deny`, which is used to specify what >> should happen when access to a restricted method and/or functionality is >> found outside the set of modules specified with `--enable-native-access`. >> The default policy is `warn`, but users can select `allow` to suppress the >> warnings, or `deny` to cause `IllegalCallerException` to be thrown. This >> aligns the treatment of restricted methods with other mechanisms, such as >> `--illegal-access` and the more recent `--sun-misc-unsafe-memory-access`. >> >> Some changes were required in the package-info javadoc for >> `java.lang.foreign`, to reflect the changes in the command line flags >> described above. > > Maurizio Cimadamore has updated the pull request incrementally with three > additional commits since the last revision: > > - Fix another typo > - Fix typo > - Add more comments src/hotspot/share/prims/nativeLookup.cpp line 275: > 273: > 274: // Otherwise call static method findNative in ClassLoader > 275: Suggestion: src/hotspot/share/prims/nativeLookup.cpp line 419: > 417: if (entry != nullptr) return entry; > 418: > 419: Suggestion: src/hotspot/share/prims/nativeLookup.cpp line 426: > 424: return nullptr; > 425: } > 426: } Suggestion: } src/java.base/share/classes/java/lang/Module.java line 331: > 329: String modflag = isNamed() ? getName() : "ALL-UNNAMED"; > 330: String caller = currentClass != null ? > currentClass.getName() : "code"; > 331: System.err.printf(""" This message should probably be different when linking native methods, since otherwise it’ll be: WARNING: A restricted method in foo has been called WARNING: bar has been called by Baz in Baz WARNING: Use --enable-native-access=foo to avoid a warning for callers in this module WARNING: Restricted methods will be blocked in a future release unless native access is enabled when it should really be something like: WARNING: A JNI native method in foo has been linked WARNING: bar has been linked in Baz WARNING: Use --enable-native-access=foo to avoid a warning for native methods in this module WARNING: Native methods will be blocked in a future release unless native access is enabled ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/19213#discussion_r1599248442 PR Review Comment: https://git.openjdk.org/jdk/pull/19213#discussion_r1599248501 PR Review Comment: https://git.openjdk.org/jdk/pull/19213#discussion_r1599248577 PR Review Comment: https://git.openjdk.org/jdk/pull/19213#discussion_r1599253428