Mercurial > hg > release > icedtea-web-1.4
changeset 750:a0ca905f9ee7
Added java.vm.name read permission to fix Rhino evaluation of proxy PAC (RH982558)
author | Andrew Azores <aazores@redhat.com> |
---|---|
date | Tue, 30 Jul 2013 09:41:12 -0400 |
parents | e18d9ba86575 |
children | a875c8f789f2 |
files | ChangeLog netx/net/sourceforge/jnlp/runtime/RhinoBasedPacEvaluator.java |
diffstat | 2 files changed, 12 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Tue Jul 30 14:33:17 2013 +0200 +++ b/ChangeLog Tue Jul 30 09:41:12 2013 -0400 @@ -1,3 +1,8 @@ +2013-07-30 Andrew Azores <aazores@redhat.com> + * netx/net/sourceforge/jnlp/runtime/RhinoBasedPacEvaluator.java: + (getProxiesWithoutCaching) added java.vm.name read permission to fix + Rhino parsing and PAC proxy configuration + 2013-07-30 Jiri Vanek <jvanek@redhat.com> * tests/reproducers/simple/simpletest1/resources/favicon.ico: new file
--- a/netx/net/sourceforge/jnlp/runtime/RhinoBasedPacEvaluator.java Tue Jul 30 14:33:17 2013 +0200 +++ b/netx/net/sourceforge/jnlp/runtime/RhinoBasedPacEvaluator.java Tue Jul 30 09:41:12 2013 -0400 @@ -48,6 +48,7 @@ import java.security.Permissions; import java.security.PrivilegedAction; import java.security.ProtectionDomain; +import java.util.PropertyPermission; import net.sourceforge.jnlp.util.TimedHashMap; @@ -124,9 +125,15 @@ EvaluatePacAction evaluatePacAction = new EvaluatePacAction(pacContents, pacUrl.toString(), pacHelperFunctionContents, url); + + // Purposefully giving only these permissions rather than using java.policy. The "evaluatePacAction" + // isn't supposed to do very much and so doesn't require all the default permissions given by + // java.policy Permissions p = new Permissions(); p.add(new RuntimePermission("accessClassInPackage.org.mozilla.javascript")); p.add(new SocketPermission("*", "resolve")); + p.add(new PropertyPermission("java.vm.name", "read")); + ProtectionDomain pd = new ProtectionDomain(null, p); AccessControlContext context = new AccessControlContext(new ProtectionDomain[] { pd });