-
Bug
-
Resolution: Fixed
-
P2
-
None
-
repo-panama
Right now, restricted methods are enabled/disabled globally, using a JDK runtime property.
Moving forward, we should make this approach more robust, by having a new, dedicated flag:
--enable-native-access=<module1>,<module2>,<moduleN>
That is, the command line flag is used to grant native access to a specific module that wants to perform restricted Panama operations. If a restricted method is executed from a module which hasn't been granted the permission on the command line, an error should occur.
To help detect configuration issues, we could have a Jlink plugin which marks a module as "native" (by using a custom annotation on the module info classfile). Then, when building the module graph, we could fail-fast if we detect that any "native" module
doesn't have the corresponding command line flag set.
Finally, to support execution on the classpath, we should allow for:
--enable-native-access=ALL-UNNAMED
Moving forward, we should make this approach more robust, by having a new, dedicated flag:
--enable-native-access=<module1>,<module2>,<moduleN>
That is, the command line flag is used to grant native access to a specific module that wants to perform restricted Panama operations. If a restricted method is executed from a module which hasn't been granted the permission on the command line, an error should occur.
To help detect configuration issues, we could have a Jlink plugin which marks a module as "native" (by using a custom annotation on the module info classfile). Then, when building the module graph, we could fail-fast if we detect that any "native" module
doesn't have the corresponding command line flag set.
Finally, to support execution on the classpath, we should allow for:
--enable-native-access=ALL-UNNAMED
