On Wed, 28 Apr 2021 23:22:38 GMT, Mandy Chung <mch...@openjdk.org> wrote:
> My statement was overly simplified, sorry. If `handle` is invoked in another > module B and invoked by a class in module B, which module (the `lookup`'s > module or ) do you expect be the caller to check against for native access > check? `CLinker::downcallHandle` is not caller-sensitive but its > implementation is. > > The method handle of a caller-sensitive method behaves as if it were called > from an instruction contained in the lookup class [1]. I think I expect that, with caller sensitive, it is possible from a client in an "enabled" module to obtain a MethodHandle, and then pass it to an unprivileged module, which then calls it, and works ok. This matches my expectation (this trick could be used also to give a client access to an otherwise inaccessible - in the classic sense - method). So, when working with method handles, I'm completely fine working with the lookup class as context (and not with the real caller class). Given all this, do you agree that current checks are not affected by interface-ness of some of the methods involved? ------------- PR: https://git.openjdk.java.net/jdk/pull/3699
