Mercurial > hg > openjdk > aarch64-port > nashorn
changeset 493:47e2b609fe31
8022707: Revisit all doPrivileged blocks
Reviewed-by: jlaskey, hannesw
line wrap: on
line diff
--- a/make/project.properties Thu Aug 08 11:20:14 2013 -0300 +++ b/make/project.properties Fri Aug 09 20:48:44 2013 +0530 @@ -222,11 +222,16 @@ run.test.user.language=tr run.test.user.country=TR -# -XX:+PrintCompilation -XX:+UnlockDiagnosticVMOptions -XX:+PrintNMethods -run.test.jvmargs.main=-server -Xmx${run.test.xmx} -XX:+TieredCompilation -ea -Dfile.encoding=UTF-8 -Duser.language=${run.test.user.language} -Duser.country=${run.test.user.country} -XX:+HeapDumpOnOutOfMemoryError +run.test.jvmargs.common=-server -Xmx${run.test.xmx} -XX:+TieredCompilation -Dfile.encoding=UTF-8 -Duser.language=${run.test.user.language} -Duser.country=${run.test.user.country} -XX:+HeapDumpOnOutOfMemoryError + +#-XX:-UseCompressedKlassPointers -XX:+PrintHeapAtGC -XX:ClassMetaspaceSize=300M +# -XX:+PrintCompilation -XX:+UnlockDiagnosticVMOptions -XX:+PrintNMethods + +# turn on assertions for tests +run.test.jvmargs.main=${run.test.jvmargs.common} -ea #-XX:-UseCompressedKlassPointers -XX:+PrintHeapAtGC -XX:ClassMetaspaceSize=300M -run.test.jvmargs.octane.main=-Xms${run.test.xms} ${run.test.jvmargs.main} +run.test.jvmargs.octane.main=-Xms${run.test.xms} ${run.test.jvmargs.common} run.test.jvmsecurityargs=-Xverify:all -Djava.security.properties=${basedir}/make/java.security.override -Djava.security.manager -Djava.security.policy=${basedir}/build/nashorn.policy
--- a/src/jdk/nashorn/api/scripting/NashornScriptEngine.java Thu Aug 08 11:20:14 2013 -0300 +++ b/src/jdk/nashorn/api/scripting/NashornScriptEngine.java Fri Aug 09 20:48:44 2013 +0530 @@ -36,10 +36,13 @@ import java.lang.reflect.Modifier; import java.net.URL; import java.nio.charset.Charset; +import java.security.AccessControlContext; import java.security.AccessController; +import java.security.Permissions; import java.security.PrivilegedAction; import java.security.PrivilegedActionException; import java.security.PrivilegedExceptionAction; +import java.security.ProtectionDomain; import java.text.MessageFormat; import java.util.Locale; import java.util.ResourceBundle; @@ -71,6 +74,14 @@ */ public final class NashornScriptEngine extends AbstractScriptEngine implements Compilable, Invocable { + private static AccessControlContext createPermAccCtxt(final String permName) { + final Permissions perms = new Permissions(); + perms.add(new RuntimePermission(permName)); + return new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, perms) }); + } + + private static final AccessControlContext CREATE_CONTEXT_ACC_CTXT = createPermAccCtxt(Context.NASHORN_CREATE_CONTEXT); + private static final AccessControlContext CREATE_GLOBAL_ACC_CTXT = createPermAccCtxt(Context.NASHORN_CREATE_GLOBAL); private final ScriptEngineFactory factory; private final Context nashornContext; @@ -84,16 +95,9 @@ private static final String MESSAGES_RESOURCE = "jdk.nashorn.api.scripting.resources.Messages"; - // Without do privileged, under security manager messages can not be loaded. private static final ResourceBundle MESSAGES_BUNDLE; static { - MESSAGES_BUNDLE = AccessController.doPrivileged( - new PrivilegedAction<ResourceBundle>() { - @Override - public ResourceBundle run() { - return ResourceBundle.getBundle(MESSAGES_RESOURCE, Locale.getDefault()); - } - }); + MESSAGES_BUNDLE = ResourceBundle.getBundle(MESSAGES_RESOURCE, Locale.getDefault()); } private static String getMessage(final String msgId, final String... args) { @@ -128,7 +132,7 @@ throw e; } } - }); + }, CREATE_CONTEXT_ACC_CTXT); // create new global object this.global = createNashornGlobal(); @@ -340,7 +344,7 @@ throw e; } } - }); + }, CREATE_GLOBAL_ACC_CTXT); nashornContext.initGlobal(newGlobal); @@ -362,10 +366,8 @@ } private void evalEngineScript() throws ScriptException { - evalSupportScript("resources/engine.js", NashornException.ENGINE_SCRIPT_SOURCE_NAME); - } - - private void evalSupportScript(final String script, final String name) throws ScriptException { + final String script = "resources/engine.js"; + final String name = NashornException.ENGINE_SCRIPT_SOURCE_NAME; try { final InputStream is = AccessController.doPrivileged( new PrivilegedExceptionAction<InputStream>() { @@ -380,6 +382,9 @@ eval(isr); } } catch (final PrivilegedActionException | IOException e) { + if (Context.DEBUG) { + e.printStackTrace(); + } throw new ScriptException(e); } finally { put(ScriptEngine.FILENAME, null);
--- a/src/jdk/nashorn/api/scripting/NashornScriptEngineFactory.java Thu Aug 08 11:20:14 2013 -0300 +++ b/src/jdk/nashorn/api/scripting/NashornScriptEngineFactory.java Fri Aug 09 20:48:44 2013 +0530 @@ -30,6 +30,7 @@ import java.util.List; import javax.script.ScriptEngine; import javax.script.ScriptEngineFactory; +import jdk.nashorn.internal.runtime.Context; import jdk.nashorn.internal.runtime.Version; /** @@ -136,7 +137,14 @@ @Override public ScriptEngine getScriptEngine() { - return new NashornScriptEngine(this, getAppClassLoader()); + try { + return new NashornScriptEngine(this, getAppClassLoader()); + } catch (final RuntimeException e) { + if (Context.DEBUG) { + e.printStackTrace(); + } + throw e; + } } /** @@ -178,7 +186,7 @@ private static void checkConfigPermission() { final SecurityManager sm = System.getSecurityManager(); if (sm != null) { - sm.checkPermission(new RuntimePermission("nashorn.setConfig")); + sm.checkPermission(new RuntimePermission(Context.NASHORN_SET_CONFIG)); } }
--- a/src/jdk/nashorn/api/scripting/ScriptObjectMirror.java Thu Aug 08 11:20:14 2013 -0300 +++ b/src/jdk/nashorn/api/scripting/ScriptObjectMirror.java Fri Aug 09 20:48:44 2013 +0530 @@ -25,14 +25,17 @@ package jdk.nashorn.api.scripting; +import java.security.AccessControlContext; import java.security.AccessController; +import java.security.Permissions; import java.security.PrivilegedAction; +import java.security.ProtectionDomain; import java.util.AbstractMap; import java.util.ArrayList; import java.util.Collection; import java.util.Collections; +import java.util.Iterator; import java.util.LinkedHashSet; -import java.util.Iterator; import java.util.List; import java.util.Map; import java.util.Set; @@ -49,6 +52,14 @@ * netscape.javascript.JSObject interface. */ public final class ScriptObjectMirror extends JSObject implements Bindings { + private static AccessControlContext getContextAccCtxt() { + final Permissions perms = new Permissions(); + perms.add(new RuntimePermission(Context.NASHORN_GET_CONTEXT)); + return new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, perms) }); + } + + private static final AccessControlContext GET_CONTEXT_ACC_CTXT = getContextAccCtxt(); + private final ScriptObject sobj; private final ScriptObject global; @@ -144,7 +155,7 @@ public Context run() { return Context.getContext(); } - }); + }, GET_CONTEXT_ACC_CTXT); return wrap(context.eval(global, s, null, null, false), global); } });
--- a/src/jdk/nashorn/internal/objects/Global.java Thu Aug 08 11:20:14 2013 -0300 +++ b/src/jdk/nashorn/internal/objects/Global.java Fri Aug 09 20:48:44 2013 +0530 @@ -35,8 +35,6 @@ import java.lang.invoke.MethodHandles; import java.lang.ref.SoftReference; import java.lang.reflect.Field; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.util.Arrays; import java.util.LinkedHashMap; import java.util.List; @@ -420,7 +418,7 @@ // security check first final SecurityManager sm = System.getSecurityManager(); if (sm != null) { - sm.checkPermission(new RuntimePermission("nashorn.newGlobal")); + sm.checkPermission(new RuntimePermission(Context.NASHORN_CREATE_GLOBAL)); } // null check on context @@ -1780,19 +1778,13 @@ } private static void copyOptions(final ScriptObject options, final ScriptEnvironment scriptEnv) { - AccessController.doPrivileged(new PrivilegedAction<Void>() { - @Override - public Void run() { - for (Field f : scriptEnv.getClass().getFields()) { - try { - options.set(f.getName(), f.get(scriptEnv), false); - } catch (final IllegalArgumentException | IllegalAccessException exp) { - throw new RuntimeException(exp); - } - } - return null; + for (Field f : scriptEnv.getClass().getFields()) { + try { + options.set(f.getName(), f.get(scriptEnv), false); + } catch (final IllegalArgumentException | IllegalAccessException exp) { + throw new RuntimeException(exp); } - }); + } } private void initTypedArray() {
--- a/src/jdk/nashorn/internal/objects/NativeDebug.java Thu Aug 08 11:20:14 2013 -0300 +++ b/src/jdk/nashorn/internal/objects/NativeDebug.java Fri Aug 09 20:48:44 2013 +0530 @@ -72,7 +72,7 @@ public static Object getContext(final Object self) { final SecurityManager sm = System.getSecurityManager(); if (sm != null) { - sm.checkPermission(new RuntimePermission("nashorn.getContext")); + sm.checkPermission(new RuntimePermission(Context.NASHORN_GET_CONTEXT)); } return Global.getThisContext(); }
--- a/src/jdk/nashorn/internal/runtime/Context.java Thu Aug 08 11:20:14 2013 -0300 +++ b/src/jdk/nashorn/internal/runtime/Context.java Fri Aug 09 20:48:44 2013 +0530 @@ -64,6 +64,31 @@ * This class manages the global state of execution. Context is immutable. */ public final class Context { + // nashorn specific security runtime access permission names + /** + * Permission needed to pass arbitrary nashorn command line options when creating Context. + */ + public static final String NASHORN_SET_CONFIG = "nashorn.setConfig"; + + /** + * Permission needed to create Nashorn Context instance. + */ + public static final String NASHORN_CREATE_CONTEXT = "nashorn.createContext"; + + /** + * Permission needed to create Nashorn Global instance. + */ + public static final String NASHORN_CREATE_GLOBAL = "nashorn.createGlobal"; + + /** + * Permission to get current Nashorn Context from thread local storage. + */ + public static final String NASHORN_GET_CONTEXT = "nashorn.getContext"; + + /** + * Permission to use Java reflection/jsr292 from script code. + */ + public static final String NASHORN_JAVA_REFLECTION = "nashorn.JavaReflection"; /** * ContextCodeInstaller that has the privilege of installing classes in the Context. @@ -139,7 +164,7 @@ public static Context getContext() { final SecurityManager sm = System.getSecurityManager(); if (sm != null) { - sm.checkPermission(new RuntimePermission("nashorn.getContext")); + sm.checkPermission(new RuntimePermission(NASHORN_GET_CONTEXT)); } return getContextTrusted(); } @@ -204,7 +229,20 @@ private static final ClassLoader myLoader = Context.class.getClassLoader(); private static final StructureLoader sharedLoader; - private static final AccessControlContext NO_PERMISSIONS_CONTEXT; + + private static AccessControlContext createNoPermAccCtxt() { + return new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, new Permissions()) }); + } + + private static AccessControlContext createPermAccCtxt(final String permName) { + final Permissions perms = new Permissions(); + perms.add(new RuntimePermission(permName)); + return new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, perms) }); + } + + private static final AccessControlContext NO_PERMISSIONS_ACC_CTXT = createNoPermAccCtxt(); + private static final AccessControlContext CREATE_LOADER_ACC_CTXT = createPermAccCtxt("createClassLoader"); + private static final AccessControlContext CREATE_GLOBAL_ACC_CTXT = createPermAccCtxt(NASHORN_CREATE_GLOBAL); static { sharedLoader = AccessController.doPrivileged(new PrivilegedAction<StructureLoader>() { @@ -212,8 +250,7 @@ public StructureLoader run() { return new StructureLoader(myLoader, null); } - }); - NO_PERMISSIONS_CONTEXT = new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, new Permissions()) }); + }, CREATE_LOADER_ACC_CTXT); } /** @@ -254,7 +291,7 @@ public Context(final Options options, final ErrorManager errors, final PrintWriter out, final PrintWriter err, final ClassLoader appLoader) { final SecurityManager sm = System.getSecurityManager(); if (sm != null) { - sm.checkPermission(new RuntimePermission("nashorn.createContext")); + sm.checkPermission(new RuntimePermission(NASHORN_CREATE_CONTEXT)); } this.env = new ScriptEnvironment(options, out, err); @@ -516,7 +553,7 @@ @Override public ScriptObject run() { try { - return createGlobal(); + return newGlobal(); } catch (final RuntimeException e) { if (Context.DEBUG) { e.printStackTrace(); @@ -524,7 +561,9 @@ throw e; } } - }); + }, CREATE_GLOBAL_ACC_CTXT); + // initialize newly created Global instance + initGlobal(newGlobal); setGlobalTrusted(newGlobal); final Object[] wrapped = args == null? ScriptRuntime.EMPTY_ARRAY : ScriptObjectMirror.wrapArray(args, oldGlobal); @@ -577,7 +616,7 @@ sm.checkPackageAccess(fullName.substring(0, index)); return null; } - }, NO_PERMISSIONS_CONTEXT); + }, NO_PERMISSIONS_ACC_CTXT); } } } @@ -856,7 +895,7 @@ public ScriptLoader run() { return new ScriptLoader(sharedLoader, Context.this); } - }); + }, CREATE_LOADER_ACC_CTXT); } private long getUniqueScriptId() {
--- a/src/jdk/nashorn/internal/runtime/ECMAErrors.java Thu Aug 08 11:20:14 2013 -0300 +++ b/src/jdk/nashorn/internal/runtime/ECMAErrors.java Fri Aug 09 20:48:44 2013 +0530 @@ -25,8 +25,6 @@ package jdk.nashorn.internal.runtime; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.text.MessageFormat; import java.util.Locale; import java.util.ResourceBundle; @@ -40,16 +38,9 @@ public final class ECMAErrors { private static final String MESSAGES_RESOURCE = "jdk.nashorn.internal.runtime.resources.Messages"; - // Without do privileged, under security manager messages can not be loaded. private static final ResourceBundle MESSAGES_BUNDLE; static { - MESSAGES_BUNDLE = AccessController.doPrivileged( - new PrivilegedAction<ResourceBundle>() { - @Override - public ResourceBundle run() { - return ResourceBundle.getBundle(MESSAGES_RESOURCE, Locale.getDefault()); - } - }); + MESSAGES_BUNDLE = ResourceBundle.getBundle(MESSAGES_RESOURCE, Locale.getDefault()); } /** We assume that compiler generates script classes into the known package. */
--- a/src/jdk/nashorn/internal/runtime/Logging.java Thu Aug 08 11:20:14 2013 -0300 +++ b/src/jdk/nashorn/internal/runtime/Logging.java Fri Aug 09 20:48:44 2013 +0530 @@ -25,6 +25,11 @@ package jdk.nashorn.internal.runtime; +import java.security.AccessControlContext; +import java.security.AccessController; +import java.security.Permissions; +import java.security.PrivilegedAction; +import java.security.ProtectionDomain; import java.util.HashMap; import java.util.Locale; import java.util.Map; @@ -35,6 +40,7 @@ import java.util.logging.Level; import java.util.logging.LogRecord; import java.util.logging.Logger; +import java.util.logging.LoggingPermission; /** * Logging system for getting loggers for arbitrary subsystems as @@ -50,12 +56,20 @@ private static final Logger disabledLogger = Logger.getLogger("disabled"); + private static AccessControlContext createLoggerControlAccCtxt() { + final Permissions perms = new Permissions(); + perms.add(new LoggingPermission("control", null)); + return new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, perms) }); + } + static { - try { - Logging.disabledLogger.setLevel(Level.OFF); - } catch (final SecurityException e) { - //ignored - } + AccessController.doPrivileged(new PrivilegedAction<Void>() { + @Override + public Void run() { + Logging.disabledLogger.setLevel(Level.OFF); + return null; + } + }, createLoggerControlAccCtxt()); } /** Maps logger name to loggers. Names are typically per package */
--- a/src/jdk/nashorn/internal/runtime/linker/ClassAndLoader.java Thu Aug 08 11:20:14 2013 -0300 +++ b/src/jdk/nashorn/internal/runtime/linker/ClassAndLoader.java Fri Aug 09 20:48:44 2013 +0530 @@ -27,8 +27,11 @@ import static jdk.nashorn.internal.runtime.ECMAErrors.typeError; +import java.security.AccessControlContext; import java.security.AccessController; +import java.security.Permissions; import java.security.PrivilegedAction; +import java.security.ProtectionDomain; import java.util.Collection; import java.util.Iterator; import java.util.LinkedHashMap; @@ -43,6 +46,16 @@ * used to determine if one loader can see the other loader's classes. */ final class ClassAndLoader { + static AccessControlContext createPermAccCtxt(final String... permNames) { + final Permissions perms = new Permissions(); + for (final String permName : permNames) { + perms.add(new RuntimePermission(permName)); + } + return new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, perms) }); + } + + private static final AccessControlContext GET_LOADER_ACC_CTXT = createPermAccCtxt("getClassLoader"); + private final Class<?> representativeClass; // Don't access this directly; most of the time, use getRetrievedLoader(), or if you know what you're doing, // getLoader(). @@ -116,7 +129,7 @@ public ClassAndLoader run() { return getDefiningClassAndLoaderPrivileged(types); } - }); + }, GET_LOADER_ACC_CTXT); } static ClassAndLoader getDefiningClassAndLoaderPrivileged(final Class<?>[] types) {
--- a/src/jdk/nashorn/internal/runtime/linker/JavaAdapterBytecodeGenerator.java Thu Aug 08 11:20:14 2013 -0300 +++ b/src/jdk/nashorn/internal/runtime/linker/JavaAdapterBytecodeGenerator.java Fri Aug 09 20:48:44 2013 +0530 @@ -49,6 +49,7 @@ import java.lang.reflect.Constructor; import java.lang.reflect.Method; import java.lang.reflect.Modifier; +import java.security.AccessControlContext; import java.security.AccessController; import java.security.PrivilegedAction; import java.util.Arrays; @@ -868,6 +869,8 @@ } } + private static final AccessControlContext GET_DECLARED_MEMBERS_ACC_CTXT = ClassAndLoader.createPermAccCtxt("accessDeclaredMembers"); + /** * Creates a collection of methods that are not final, but we still never allow them to be overridden in adapters, * as explicitly declaring them automatically is a bad idea. Currently, this means {@code Object.finalize()} and @@ -886,7 +889,7 @@ throw new AssertionError(e); } } - }); + }, GET_DECLARED_MEMBERS_ACC_CTXT); } private String getCommonSuperClass(final String type1, final String type2) {
--- a/src/jdk/nashorn/internal/runtime/linker/JavaAdapterClassLoader.java Thu Aug 08 11:20:14 2013 -0300 +++ b/src/jdk/nashorn/internal/runtime/linker/JavaAdapterClassLoader.java Fri Aug 09 20:48:44 2013 +0530 @@ -25,6 +25,7 @@ package jdk.nashorn.internal.runtime.linker; +import java.security.AccessControlContext; import java.security.AccessController; import java.security.AllPermission; import java.security.CodeSigner; @@ -46,6 +47,7 @@ @SuppressWarnings("javadoc") final class JavaAdapterClassLoader { private static final ProtectionDomain GENERATED_PROTECTION_DOMAIN = createGeneratedProtectionDomain(); + private static final AccessControlContext CREATE_LOADER_ACC_CTXT = ClassAndLoader.createPermAccCtxt("createClassLoader"); private final String className; private volatile byte[] classBytes; @@ -77,7 +79,7 @@ throw new AssertionError(e); // cannot happen } } - }); + }, CREATE_LOADER_ACC_CTXT); } // Note that the adapter class is created in the protection domain of the class/interface being
--- a/src/jdk/nashorn/internal/runtime/linker/JavaAdapterFactory.java Thu Aug 08 11:20:14 2013 -0300 +++ b/src/jdk/nashorn/internal/runtime/linker/JavaAdapterFactory.java Fri Aug 09 20:48:44 2013 +0530 @@ -31,9 +31,9 @@ import java.lang.invoke.MethodHandles; import java.lang.invoke.MethodType; import java.lang.reflect.Modifier; +import java.security.AccessControlContext; import java.security.AccessController; import java.security.PrivilegedAction; -import java.security.PrivilegedExceptionAction; import java.util.ArrayList; import java.util.Arrays; import java.util.Collections; @@ -70,6 +70,11 @@ @SuppressWarnings("javadoc") public final class JavaAdapterFactory { + // context with permissions needs for AdapterInfo creation + private static final AccessControlContext CREATE_ADAPTER_INFO_ACC_CTXT = + ClassAndLoader.createPermAccCtxt("createClassLoader", "getClassLoader", + "accessDeclaredMembers", "accessClassInPackage.jdk.nashorn.internal.runtime"); + /** * A mapping from an original Class object to AdapterInfo representing the adapter for the class it represents. */ @@ -124,17 +129,10 @@ */ public static MethodHandle getConstructor(final Class<?> sourceType, final Class<?> targetType) throws Exception { final StaticClass adapterClass = getAdapterClassFor(new Class<?>[] { targetType }, null); - return AccessController.doPrivileged(new PrivilegedExceptionAction<MethodHandle>() { - @Override - public MethodHandle run() throws Exception { - // NOTE: we use publicLookup(), but none of our adapter constructors are caller sensitive, so this is - // okay, we won't artificially limit access. - return MH.bindTo(Bootstrap.getLinkerServices().getGuardedInvocation(new LinkRequestImpl( - NashornCallSiteDescriptor.get(MethodHandles.publicLookup(), "dyn:new", - MethodType.methodType(targetType, StaticClass.class, sourceType), 0), false, - adapterClass, null)).getInvocation(), adapterClass); - } - }); + return MH.bindTo(Bootstrap.getLinkerServices().getGuardedInvocation(new LinkRequestImpl( + NashornCallSiteDescriptor.get(MethodHandles.publicLookup(), "dyn:new", + MethodType.methodType(targetType, StaticClass.class, sourceType), 0), false, + adapterClass, null)).getInvocation(), adapterClass); } /** @@ -171,7 +169,7 @@ return (List)Collections.singletonList(clazz); } - /** + /** * For a given class, create its adapter class and associated info. * @param type the class for which the adapter is created * @return the adapter info for the class. @@ -190,12 +188,19 @@ } superClass = t; } else { + if (interfaces.size() > 65535) { + throw new IllegalArgumentException("interface limit exceeded"); + } + interfaces.add(t); } + if(!Modifier.isPublic(mod)) { return new AdapterInfo(AdaptationResult.Outcome.ERROR_NON_PUBLIC_CLASS, t.getCanonicalName()); } } + + final Class<?> effectiveSuperClass = superClass == null ? Object.class : superClass; return AccessController.doPrivileged(new PrivilegedAction<AdapterInfo>() { @Override @@ -206,7 +211,7 @@ return new AdapterInfo(e.getAdaptationResult()); } } - }); + }, CREATE_ADAPTER_INFO_ACC_CTXT); } private static class AdapterInfo {
--- a/src/jdk/nashorn/internal/runtime/linker/ReflectionCheckLinker.java Thu Aug 08 11:20:14 2013 -0300 +++ b/src/jdk/nashorn/internal/runtime/linker/ReflectionCheckLinker.java Fri Aug 09 20:48:44 2013 +0530 @@ -88,6 +88,6 @@ } private static void checkReflectionPermission(final SecurityManager sm) { - sm.checkPermission(new RuntimePermission("nashorn.JavaReflection")); + sm.checkPermission(new RuntimePermission(Context.NASHORN_JAVA_REFLECTION)); } }
--- a/src/jdk/nashorn/internal/runtime/options/Options.java Thu Aug 08 11:20:14 2013 -0300 +++ b/src/jdk/nashorn/internal/runtime/options/Options.java Fri Aug 09 20:48:44 2013 +0530 @@ -26,8 +26,11 @@ package jdk.nashorn.internal.runtime.options; import java.io.PrintWriter; +import java.security.AccessControlContext; import java.security.AccessController; +import java.security.Permissions; import java.security.PrivilegedAction; +import java.security.ProtectionDomain; import java.text.MessageFormat; import java.util.ArrayList; import java.util.Collection; @@ -39,6 +42,7 @@ import java.util.Locale; import java.util.Map; import java.util.MissingResourceException; +import java.util.PropertyPermission; import java.util.ResourceBundle; import java.util.StringTokenizer; import java.util.TimeZone; @@ -51,6 +55,15 @@ * Manages global runtime options. */ public final class Options { + // permission to just read nashorn.* System properties + private static AccessControlContext createPropertyReadAccCtxt() { + final Permissions perms = new Permissions(); + perms.add(new PropertyPermission("nashorn.*", "read")); + return new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, perms) }); + } + + private static final AccessControlContext READ_PROPERTY_ACC_CTXT = createPropertyReadAccCtxt(); + /** Resource tag. */ private final String resource; @@ -144,7 +157,7 @@ return false; } } - }); + }, READ_PROPERTY_ACC_CTXT); } /** @@ -171,7 +184,7 @@ return defValue; } } - }); + }, READ_PROPERTY_ACC_CTXT); } /** @@ -198,7 +211,7 @@ return defValue; } } - }); + }, READ_PROPERTY_ACC_CTXT); } /** @@ -567,15 +580,7 @@ private static String definePropPrefix; static { - // Without do privileged, under security manager messages can not be - // loaded. - Options.bundle = AccessController.doPrivileged(new PrivilegedAction<ResourceBundle>() { - @Override - public ResourceBundle run() { - return ResourceBundle.getBundle(Options.MESSAGES_RESOURCE, Locale.getDefault()); - } - }); - + Options.bundle = ResourceBundle.getBundle(Options.MESSAGES_RESOURCE, Locale.getDefault()); Options.validOptions = new TreeSet<>(); Options.usage = new HashMap<>();
--- a/src/jdk/nashorn/tools/Shell.java Thu Aug 08 11:20:14 2013 -0300 +++ b/src/jdk/nashorn/tools/Shell.java Fri Aug 09 20:48:44 2013 +0530 @@ -34,8 +34,6 @@ import java.io.OutputStream; import java.io.PrintStream; import java.io.PrintWriter; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.util.List; import java.util.Locale; import java.util.ResourceBundle; @@ -68,18 +66,7 @@ /** * Shell message bundle. */ - private static ResourceBundle bundle; - - static { - // Without do privileged, under security manager messages can not be - // loaded. - bundle = AccessController.doPrivileged(new PrivilegedAction<ResourceBundle>() { - @Override - public ResourceBundle run() { - return ResourceBundle.getBundle(MESSAGE_RESOURCE, Locale.getDefault()); - } - }); - } + private static final ResourceBundle bundle = ResourceBundle.getBundle(MESSAGE_RESOURCE, Locale.getDefault()); /** * Exit code for command line tool - successful