Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8139895

Introduce GuardingDynamicLinkerExporter

XMLWordPrintable

    • Icon: Enhancement Enhancement
    • Resolution: Fixed
    • Icon: P3 P3
    • 9
    • 9
    • core-libs
    • None
    • b89
    • generic
    • generic

        Dynalink used to auto-discover GuardingDynamicLinker classes declared through the java.util.ServiceLoader mechanism. However, such automatically exported GuardingDynamicLinker is a trusted object as it can affect linking of call sites external to itself (in the language runtime that auto-loaded it).

        Hence, we decided on another level of indirection, namely Dynalink should instead look for instances of GuardingDynamicLinkerExporter through the service loader mechanism. GuardingDynamicLinkerExporter is an abstract class that performs a permission check in its constructor. Libraries can export linkers only through their instances of their own subclass of GuardingDynamicLinkerExporter, which will then trigger the permission check. Hence, only libraries explicitly granted the permission to export linkers will be able to do so.

              attila Attila Szegedi
              attila Attila Szegedi
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: