On 12/18/2015 07:55 AM, Sundararajan Athijegannathan wrote:
inline comments below..
On 12/18/2015 6:22 PM, Alan Bateman wrote:
On 18/12/2015 12:23, Sundararajan Athijegannathan wrote:
Please review http://cr.openjdk.java.net/~sundar/8145750/webrev.00/
for https://bugs.openjdk.java.net/browse/JDK-8145750
Adding missing permissions for jdk.dynalink module. Note that it used
to be part of jdk.scripting.nashorn module in the past and therefore
got AllPermission.
Is it really necessary to grant it AllPermission? Just wondering how
hard it would be to figure out the permissions that it really needs.
May be, not. But I tried giving only sun.reflect package access --
didn't work. There are a few doPrivileged blocks in dynalink code as
well. This needs further analysis.
But dynalink code was part of nashorn and so was getting AllPermission
so far - so there is no permission enhancement by adding this missing
permission block.
That said, we can revisit reduced permission set for dynalink module.
I'd prefer to track that as separate bug.
Yes, please file a separate bug to track this as de-privileging is one
of the main advantages of loading the module with the extension class
loader.
Thanks,
Sean
