Oops, wrong package! -- corrected inline On 01/11/16 15:09, Andrew Dinn wrote: > On 01/11/16 14:39, David M. Lloyd wrote: >> On 11/01/2016 09:23 AM, John Rose wrote: >>> On Nov 1, 2016, at 10:22 AM, Jochen Theodorou <blackd...@gmx.org> wrote: >>>> >>>> Can we clarify "privileged code"? Privileged like in a >>>> SecurityManager in a PrivilegedAction for example, for privileged >>>> like only jdk internal code? Just to see it black on white ;) >>> >>> Good question: I mean the basic JDK platform implementation. >>> Something deep in java.base. Like Unsafe. >> >> I don't see why this can't be a "regular" API though, rather than a >> super-user sledgehammer every single time. If user code can be >> statically granted access, and that user code can deliberately acquire a >> narrowly-scoped object which can access those Lookups/*Handles, then >> isn't that better than using Unsafe, which not only represents >> unrestricted system-wide access, but can undermine even the JVM's >> integrity if leaked? > > If making this a 'regular' API means allowing any code to use it then > that clearly undermines /all/ the access restrictions provided by > modules. The point is not to unlock all doors in the castle but to open > doors for trusted code when needed (and only then). > > There is a very easy way to provide tightly controlled access to a > framework. Export access to e.g. jdk.internal.misc.Unsafe or e.g. > java.lang.reflect.MethodHandles to a nominated module provided by your ^ +--java.lang.invoke.MethodHandles
> framework then arrange for that module to hand out Lookups (or better > MethodHandles) to framework code as and when they are needed via a > private channel. You can do arrange that with a single addExports option > on the command line and a very small amount of setup code to establish > the private channel > > regards, > > > Andrew Dinn > ----------- > > -- regards, Andrew Dinn ----------- Senior Principal Software Engineer Red Hat UK Ltd Registered in England and Wales under Company Registration No. 03798903 Directors: Michael Cunningham, Michael ("Mike") O'Neill, Eric Shander