[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openjdk-jigsaw-dev
Subject:    Re: Permissions in default.policy and --patch-module
From:       Alan Bateman <Alan.Bateman () oracle ! com>
Date:       2017-12-11 15:17:14
Message-ID: 00ba7d4f-8c09-aecc-5a38-6ed980b88281 () oracle ! com
[Download RAW message or body]

On 11/12/2017 07:50, Weijun Wang wrote:
> I was just trying to run a jtreg test on a new Windows VirtualBox VM. A small code \
> change is needed but I don't want to do a full build (it also does not have enough \
> memory). I just copied an existing image, and the modified class was compiled on \
> the host macOS machine. 
> So this is not "really a problem", but if --patch-module can be used to patch a \
> module, I do hope the new classes are treated exactly the same as those existing \
> classes.
The only difference is that the classes on the patch path are in a 
different location, hence have a different CodeSource and protection domain.
> 
> This is similar to the case of exploded build.
> 
The classes in an exploded build are located on the file system, hence a 
file URL as the location and code source. I suspect you are asking for 
jrt URL to work for exploded builds. Yes, this could be make to work 
although the difference between exploded and images build pre-dates 
modules (you'll have the same issue in JDK 8 with policy files that 
grant permissions to JAR files in the run-time image).

-Alan


[prev in list] [next in list] [prev in thread] [next in thread]