Check permission to AccessibleObject#setAccessible(boolean) a better way#4389
Merged
headius merged 2 commits intojruby:masterfrom Dec 15, 2016
jmiettinen:check_accessible
Merged
Check permission to AccessibleObject#setAccessible(boolean) a better way#4389headius merged 2 commits intojruby:masterfrom jmiettinen:check_accessible
headius merged 2 commits intojruby:masterfrom
jmiettinen:check_accessible
Conversation
…ccessible(boolean) instead of seeing if we have permission 'suppressAccessChecks'. We may not have that permission if we're not using a privileged classloader but can still setAccessible if (when) there's no security manager
Member
|
I like the idea, but perhaps we should test it against a class in JRuby, so we're not modifying permissions for a globally-visible class. Perhaps make an Integer look-alike static inner class and use that? |
Contributor
Author
|
Calling It is, however, better to do checks for code that's under our control. I don't know what would be the best place to insert such class so I dumped it into same package for now. |
Member
|
This looks fine to me...I'll merge. Thanks! |
headius
added a commit
to headius/jruby
that referenced
this pull request
May 4, 2017
Check permission to AccessibleObject#setAccessible(boolean) a better way
Merged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
In #4266, we noticed a difference what methods JRuby finds in Java-classes between JRuby-jar being in boot classpath and in the normal classpath. This change removes that difference.
The reason for the difference is that all classes in boot classpath are privileged and
AccessController#checkPermission(Permission)will always returntrueto them, whereas for others the result depends on security policy in effect.In normal (at least Oracle) JVM installations, the policy doesn't allow
suppressAccessChecks, but call toAccessibleObject#setAccessible(boolean)will still succeed as there's noSecurityManagerset.I posit that trying to call
setAccessibleis a better way to see if we might later on succeed in callingsetAccessiblethan checking the permission.