archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-27 06:45:07 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8217920: Lookup.defineClass injects a class that can access private members of any class in its own module

Browse source 
Reviewed-by: psandoz, alanb, darcy
This commit is contained in:
Mandy Chung 2023-01-27 18:31:03 +00:00
parent 22c976a9b0
commit 7f05d57a87
2 changed files with 31 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

18
src/java.base/share/classes/java/lang/Module.java
View file

@ -597,6 +597,14 @@ public final class Module implements AnnotatedElement {
*
* <p> This method does not check if the given module reads this module. </p>
*
* @apiNote A package {@code p} opened to module {@code M} allows code in
* {@code M} do {@linkplain java.lang.reflect.AccessibleObject#setAccessible(boolean)
* deep reflection} on all types in the package.
* Further, if {@code M} reads this module, it can obtain a
* {@link java.lang.invoke.MethodHandles.Lookup Lookup} object that is allowed to
* {@link java.lang.invoke.MethodHandles.Lookup#defineClass(byte[]) define classes}
* in package {@code p}.
*
* @param pn
* The package name
* @param other
@ -650,6 +658,14 @@ public final class Module implements AnnotatedElement {
*
* <p> This method does not check if the given module reads this module. </p>
*
* @apiNote A package {@code p} opened to module {@code M} allows code in
* {@code M} do {@linkplain java.lang.reflect.AccessibleObject#setAccessible(boolean)
* deep reflection} on all types in the package.
* Further, if {@code M} reads this module, it can obtain a
* {@link java.lang.invoke.MethodHandles.Lookup Lookup} object that is allowed to
* {@link java.lang.invoke.MethodHandles.Lookup#defineClass(byte[]) define classes}
* in package {@code p}.
*
* @param pn
* The package name
*
@ -657,6 +673,8 @@ public final class Module implements AnnotatedElement {
* unconditionally
*
* @see ModuleDescriptor#opens()
* @see java.lang.reflect.AccessibleObject#setAccessible(boolean)
* @see java.lang.invoke.MethodHandles#privateLookupIn
*/
public boolean isOpen(String pn) {
Objects.requireNonNull(pn);