Hi all,
while playing with the security manager (using -Djava.security.manager) in Java
9 and testing platform modules that we have added specifically in our build, I
came across the following thing:
As we are using some stuff from jdk.internal, I get the AccessControlException:
"exception access denied ("java.lang.RuntimePermission"
"accessClassInPackage.jdk.internal.misc")" in several places, even if my code
runs priviledged. I figured that I need to grant permission "permission
java.lang.RuntimePermission "accessClassInPackage.jdk.internal.misc"" to my
module. I was looking around where this restriction comes from and learned the
following in the documentation of SecurityManager.checkPackageAccess:
Implementation Note:
This implementation also restricts all non-exported packages of modules loaded
by the platform class
loader<http://download.java.net/java/jdk9/docs/api/java/lang/ClassLoader.html#getPlatformClassLoader-->
or its ancestors. A "non-exported package" refers to a package that is not
exported to all modules. Specifically, it refers to a package that either is
not exported at all by its containing module or is exported in a qualified
fashion by its containing module.
Reading this, I'm wondering whether the implementation should implicitly grant
package access for modules that a package in question was exported to in a
qualified fashion? Now one ends up having to additionally add specific
permissions which can easily be forgot.
Any comments? Shouldn't that be improved?
Best regards
Christoph
