stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8022707: Revisit all doPrivileged blocks

Browse Source 
Reviewed-by: jlaskey, hannesw
This commit is contained in:
Athijegannathan Sundararajan 2013-08-09 20:48:44 +05:30
parent 8662010454
commit 8ee7468a8c
16 changed files with 185 additions and 105 deletions

11
nashorn/make/project.properties

@ -222,11 +222,16 @@ run.test.xms=2G
run.test.user.language=tr
run.test.user.country=TR
# -XX:+PrintCompilation -XX:+UnlockDiagnosticVMOptions -XX:+PrintNMethods
run.test.jvmargs.main=-server -Xmx${run.test.xmx} -XX:+TieredCompilation -ea -Dfile.encoding=UTF-8 -Duser.language=${run.test.user.language} -Duser.country=${run.test.user.country} -XX:+HeapDumpOnOutOfMemoryError
run.test.jvmargs.common=-server -Xmx${run.test.xmx} -XX:+TieredCompilation -Dfile.encoding=UTF-8 -Duser.language=${run.test.user.language} -Duser.country=${run.test.user.country} -XX:+HeapDumpOnOutOfMemoryError
#-XX:-UseCompressedKlassPointers -XX:+PrintHeapAtGC -XX:ClassMetaspaceSize=300M
# -XX:+PrintCompilation -XX:+UnlockDiagnosticVMOptions -XX:+PrintNMethods
# turn on assertions for tests
run.test.jvmargs.main=${run.test.jvmargs.common} -ea
#-XX:-UseCompressedKlassPointers -XX:+PrintHeapAtGC -XX:ClassMetaspaceSize=300M
run.test.jvmargs.octane.main=-Xms${run.test.xms} ${run.test.jvmargs.main}
run.test.jvmargs.octane.main=-Xms${run.test.xms} ${run.test.jvmargs.common}
run.test.jvmsecurityargs=-Xverify:all -Djava.security.properties=${basedir}/make/java.security.override -Djava.security.manager -Djava.security.policy=${basedir}/build/nashorn.policy

33
nashorn/src/jdk/nashorn/api/scripting/NashornScriptEngine.java

@ -36,10 +36,13 @@ import java.lang.reflect.Method;
import java.lang.reflect.Modifier;
import java.net.URL;
import java.nio.charset.Charset;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.Permissions;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.ProtectionDomain;
import java.text.MessageFormat;
import java.util.Locale;
import java.util.ResourceBundle;
@ -71,6 +74,14 @@ import jdk.nashorn.internal.runtime.options.Options;
*/
public final class NashornScriptEngine extends AbstractScriptEngine implements Compilable, Invocable {
private static AccessControlContext createPermAccCtxt(final String permName) {
final Permissions perms = new Permissions();
perms.add(new RuntimePermission(permName));
return new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, perms) });
}
private static final AccessControlContext CREATE_CONTEXT_ACC_CTXT = createPermAccCtxt(Context.NASHORN_CREATE_CONTEXT);
private static final AccessControlContext CREATE_GLOBAL_ACC_CTXT = createPermAccCtxt(Context.NASHORN_CREATE_GLOBAL);
private final ScriptEngineFactory factory;
private final Context nashornContext;
@ -84,16 +95,9 @@ public final class NashornScriptEngine extends AbstractScriptEngine implements C
private static final String MESSAGES_RESOURCE = "jdk.nashorn.api.scripting.resources.Messages";
// Without do privileged, under security manager messages can not be loaded.
private static final ResourceBundle MESSAGES_BUNDLE;
static {
MESSAGES_BUNDLE = AccessController.doPrivileged(
new PrivilegedAction<ResourceBundle>() {
@Override
public ResourceBundle run() {
return ResourceBundle.getBundle(MESSAGES_RESOURCE, Locale.getDefault());
}
});
MESSAGES_BUNDLE = ResourceBundle.getBundle(MESSAGES_RESOURCE, Locale.getDefault());
}
private static String getMessage(final String msgId, final String... args) {
@ -128,7 +132,7 @@ public final class NashornScriptEngine extends AbstractScriptEngine implements C
throw e;
}
}
});
}, CREATE_CONTEXT_ACC_CTXT);
// create new global object
this.global = createNashornGlobal();
@ -340,7 +344,7 @@ public final class NashornScriptEngine extends AbstractScriptEngine implements C
throw e;
}
}
});
}, CREATE_GLOBAL_ACC_CTXT);
nashornContext.initGlobal(newGlobal);
@ -362,10 +366,8 @@ public final class NashornScriptEngine extends AbstractScriptEngine implements C
}
private void evalEngineScript() throws ScriptException {
evalSupportScript("resources/engine.js", NashornException.ENGINE_SCRIPT_SOURCE_NAME);
}
private void evalSupportScript(final String script, final String name) throws ScriptException {
final String script = "resources/engine.js";
final String name = NashornException.ENGINE_SCRIPT_SOURCE_NAME;
try {
final InputStream is = AccessController.doPrivileged(
new PrivilegedExceptionAction<InputStream>() {
@ -380,6 +382,9 @@ public final class NashornScriptEngine extends AbstractScriptEngine implements C
eval(isr);
}
} catch (final PrivilegedActionException | IOException e) {
if (Context.DEBUG) {
e.printStackTrace();
}
throw new ScriptException(e);
} finally {
put(ScriptEngine.FILENAME, null);

12
nashorn/src/jdk/nashorn/api/scripting/NashornScriptEngineFactory.java

@ -30,6 +30,7 @@ import java.util.Collections;
import java.util.List;
import javax.script.ScriptEngine;
import javax.script.ScriptEngineFactory;
import jdk.nashorn.internal.runtime.Context;
import jdk.nashorn.internal.runtime.Version;
/**
@ -136,7 +137,14 @@ public final class NashornScriptEngineFactory implements ScriptEngineFactory {
@Override
public ScriptEngine getScriptEngine() {
return new NashornScriptEngine(this, getAppClassLoader());
try {
return new NashornScriptEngine(this, getAppClassLoader());
} catch (final RuntimeException e) {
if (Context.DEBUG) {
e.printStackTrace();
}
throw e;
}
}
/**
@ -178,7 +186,7 @@ public final class NashornScriptEngineFactory implements ScriptEngineFactory {
private static void checkConfigPermission() {
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new RuntimePermission("nashorn.setConfig"));
sm.checkPermission(new RuntimePermission(Context.NASHORN_SET_CONFIG));
}
}

15
nashorn/src/jdk/nashorn/api/scripting/ScriptObjectMirror.java

@ -25,14 +25,17 @@
package jdk.nashorn.api.scripting;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.Permissions;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
import java.util.AbstractMap;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.LinkedHashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
@ -49,6 +52,14 @@ import jdk.nashorn.internal.runtime.ScriptRuntime;
* netscape.javascript.JSObject interface.
*/
public final class ScriptObjectMirror extends JSObject implements Bindings {
private static AccessControlContext getContextAccCtxt() {
final Permissions perms = new Permissions();
perms.add(new RuntimePermission(Context.NASHORN_GET_CONTEXT));
return new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, perms) });
}
private static final AccessControlContext GET_CONTEXT_ACC_CTXT = getContextAccCtxt();
private final ScriptObject sobj;
private final ScriptObject global;
@ -144,7 +155,7 @@ public final class ScriptObjectMirror extends JSObject implements Bindings {
public Context run() {
return Context.getContext();
}
});
}, GET_CONTEXT_ACC_CTXT);
return wrap(context.eval(global, s, null, null, false), global);
}
});

22
nashorn/src/jdk/nashorn/internal/objects/Global.java

@ -35,8 +35,6 @@ import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;
import java.lang.ref.SoftReference;
import java.lang.reflect.Field;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Arrays;
import java.util.LinkedHashMap;
import java.util.List;
@ -420,7 +418,7 @@ public final class Global extends ScriptObject implements GlobalObject, Scope {
// security check first
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new RuntimePermission("nashorn.newGlobal"));
sm.checkPermission(new RuntimePermission(Context.NASHORN_CREATE_GLOBAL));
}
// null check on context
@ -1780,19 +1778,13 @@ public final class Global extends ScriptObject implements GlobalObject, Scope {
}
private static void copyOptions(final ScriptObject options, final ScriptEnvironment scriptEnv) {
AccessController.doPrivileged(new PrivilegedAction<Void>() {
@Override
public Void run() {
for (Field f : scriptEnv.getClass().getFields()) {
try {
options.set(f.getName(), f.get(scriptEnv), false);
} catch (final IllegalArgumentException | IllegalAccessException exp) {
throw new RuntimeException(exp);
}
}
return null;
for (Field f : scriptEnv.getClass().getFields()) {
try {
options.set(f.getName(), f.get(scriptEnv), false);
} catch (final IllegalArgumentException | IllegalAccessException exp) {
throw new RuntimeException(exp);
}
});
}
}
private void initTypedArray() {

2
nashorn/src/jdk/nashorn/internal/objects/NativeDebug.java

@ -72,7 +72,7 @@ public final class NativeDebug extends ScriptObject {
public static Object getContext(final Object self) {
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new RuntimePermission("nashorn.getContext"));
sm.checkPermission(new RuntimePermission(Context.NASHORN_GET_CONTEXT));
}
return Global.getThisContext();
}

57
nashorn/src/jdk/nashorn/internal/runtime/Context.java

@ -64,6 +64,31 @@ import jdk.nashorn.internal.runtime.options.Options;
* This class manages the global state of execution. Context is immutable.
*/
public final class Context {
// nashorn specific security runtime access permission names
/**
* Permission needed to pass arbitrary nashorn command line options when creating Context.
*/
public static final String NASHORN_SET_CONFIG = "nashorn.setConfig";
/**
* Permission needed to create Nashorn Context instance.
*/
public static final String NASHORN_CREATE_CONTEXT = "nashorn.createContext";
/**
* Permission needed to create Nashorn Global instance.
*/
public static final String NASHORN_CREATE_GLOBAL = "nashorn.createGlobal";
/**
* Permission to get current Nashorn Context from thread local storage.
*/
public static final String NASHORN_GET_CONTEXT = "nashorn.getContext";
/**
* Permission to use Java reflection/jsr292 from script code.
*/
public static final String NASHORN_JAVA_REFLECTION = "nashorn.JavaReflection";
/**
* ContextCodeInstaller that has the privilege of installing classes in the Context.
@ -139,7 +164,7 @@ public final class Context {
public static Context getContext() {
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new RuntimePermission("nashorn.getContext"));
sm.checkPermission(new RuntimePermission(NASHORN_GET_CONTEXT));
}
return getContextTrusted();
}
@ -204,7 +229,20 @@ public final class Context {
private static final ClassLoader myLoader = Context.class.getClassLoader();
private static final StructureLoader sharedLoader;
private static final AccessControlContext NO_PERMISSIONS_CONTEXT;
private static AccessControlContext createNoPermAccCtxt() {
return new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, new Permissions()) });
}
private static AccessControlContext createPermAccCtxt(final String permName) {
final Permissions perms = new Permissions();
perms.add(new RuntimePermission(permName));
return new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, perms) });
}
private static final AccessControlContext NO_PERMISSIONS_ACC_CTXT = createNoPermAccCtxt();
private static final AccessControlContext CREATE_LOADER_ACC_CTXT = createPermAccCtxt("createClassLoader");
private static final AccessControlContext CREATE_GLOBAL_ACC_CTXT = createPermAccCtxt(NASHORN_CREATE_GLOBAL);
static {
sharedLoader = AccessController.doPrivileged(new PrivilegedAction<StructureLoader>() {
@ -212,8 +250,7 @@ public final class Context {
public StructureLoader run() {
return new StructureLoader(myLoader, null);
}
});
NO_PERMISSIONS_CONTEXT = new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, new Permissions()) });
}, CREATE_LOADER_ACC_CTXT);
}
/**
@ -254,7 +291,7 @@ public final class Context {
public Context(final Options options, final ErrorManager errors, final PrintWriter out, final PrintWriter err, final ClassLoader appLoader) {
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new RuntimePermission("nashorn.createContext"));
sm.checkPermission(new RuntimePermission(NASHORN_CREATE_CONTEXT));
}
this.env = new ScriptEnvironment(options, out, err);
@ -516,7 +553,7 @@ public final class Context {
@Override
public ScriptObject run() {
try {
return createGlobal();
return newGlobal();
} catch (final RuntimeException e) {
if (Context.DEBUG) {
e.printStackTrace();
@ -524,7 +561,9 @@ public final class Context {
throw e;
}
}
});
}, CREATE_GLOBAL_ACC_CTXT);
// initialize newly created Global instance
initGlobal(newGlobal);
setGlobalTrusted(newGlobal);
final Object[] wrapped = args == null? ScriptRuntime.EMPTY_ARRAY : ScriptObjectMirror.wrapArray(args, oldGlobal);
@ -577,7 +616,7 @@ public final class Context {
sm.checkPackageAccess(fullName.substring(0, index));
return null;
}
}, NO_PERMISSIONS_CONTEXT);
}, NO_PERMISSIONS_ACC_CTXT);
}
}
}
@ -856,7 +895,7 @@ public final class Context {
public ScriptLoader run() {
return new ScriptLoader(sharedLoader, Context.this);
}
});
}, CREATE_LOADER_ACC_CTXT);
}
private long getUniqueScriptId() {

11
nashorn/src/jdk/nashorn/internal/runtime/ECMAErrors.java

@ -25,8 +25,6 @@
package jdk.nashorn.internal.runtime;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.text.MessageFormat;
import java.util.Locale;
import java.util.ResourceBundle;
@ -40,16 +38,9 @@ import jdk.nashorn.internal.scripts.JS;
public final class ECMAErrors {
private static final String MESSAGES_RESOURCE = "jdk.nashorn.internal.runtime.resources.Messages";
// Without do privileged, under security manager messages can not be loaded.
private static final ResourceBundle MESSAGES_BUNDLE;
static {
MESSAGES_BUNDLE = AccessController.doPrivileged(
new PrivilegedAction<ResourceBundle>() {
@Override
public ResourceBundle run() {
return ResourceBundle.getBundle(MESSAGES_RESOURCE, Locale.getDefault());
}
});
MESSAGES_BUNDLE = ResourceBundle.getBundle(MESSAGES_RESOURCE, Locale.getDefault());
}
/** We assume that compiler generates script classes into the known package. */

24
nashorn/src/jdk/nashorn/internal/runtime/Logging.java

@ -25,6 +25,11 @@
package jdk.nashorn.internal.runtime;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.Permissions;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
import java.util.HashMap;
import java.util.Locale;
import java.util.Map;
@ -35,6 +40,7 @@ import java.util.logging.Handler;
import java.util.logging.Level;
import java.util.logging.LogRecord;
import java.util.logging.Logger;
import java.util.logging.LoggingPermission;
/**
* Logging system for getting loggers for arbitrary subsystems as
@ -50,12 +56,20 @@ public final class Logging {
private static final Logger disabledLogger = Logger.getLogger("disabled");
private static AccessControlContext createLoggerControlAccCtxt() {
final Permissions perms = new Permissions();
perms.add(new LoggingPermission("control", null));
return new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, perms) });
}
static {
try {
Logging.disabledLogger.setLevel(Level.OFF);
} catch (final SecurityException e) {
//ignored
}
AccessController.doPrivileged(new PrivilegedAction<Void>() {
@Override
public Void run() {
Logging.disabledLogger.setLevel(Level.OFF);
return null;
}
}, createLoggerControlAccCtxt());
}
/** Maps logger name to loggers. Names are typically per package */

15
nashorn/src/jdk/nashorn/internal/runtime/linker/ClassAndLoader.java

@ -27,8 +27,11 @@ package jdk.nashorn.internal.runtime.linker;
import static jdk.nashorn.internal.runtime.ECMAErrors.typeError;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.Permissions;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
import java.util.Collection;
import java.util.Iterator;
import java.util.LinkedHashMap;
@ -43,6 +46,16 @@ import java.util.Map;
* used to determine if one loader can see the other loader's classes.
*/
final class ClassAndLoader {
static AccessControlContext createPermAccCtxt(final String... permNames) {
final Permissions perms = new Permissions();
for (final String permName : permNames) {
perms.add(new RuntimePermission(permName));
}
return new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, perms) });
}
private static final AccessControlContext GET_LOADER_ACC_CTXT = createPermAccCtxt("getClassLoader");
private final Class<?> representativeClass;
// Don't access this directly; most of the time, use getRetrievedLoader(), or if you know what you're doing,
// getLoader().
@ -116,7 +129,7 @@ final class ClassAndLoader {
public ClassAndLoader run() {
return getDefiningClassAndLoaderPrivileged(types);
}
});
}, GET_LOADER_ACC_CTXT);
}
static ClassAndLoader getDefiningClassAndLoaderPrivileged(final Class<?>[] types) {

5
nashorn/src/jdk/nashorn/internal/runtime/linker/JavaAdapterBytecodeGenerator.java

@ -49,6 +49,7 @@ import java.lang.reflect.AccessibleObject;
import java.lang.reflect.Constructor;
import java.lang.reflect.Method;
import java.lang.reflect.Modifier;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Arrays;
@ -868,6 +869,8 @@ final class JavaAdapterBytecodeGenerator {
}
}
private static final AccessControlContext GET_DECLARED_MEMBERS_ACC_CTXT = ClassAndLoader.createPermAccCtxt("accessDeclaredMembers");
/**
* Creates a collection of methods that are not final, but we still never allow them to be overridden in adapters,
* as explicitly declaring them automatically is a bad idea. Currently, this means {@code Object.finalize()} and
@ -886,7 +889,7 @@ final class JavaAdapterBytecodeGenerator {
throw new AssertionError(e);
}
}
});
}, GET_DECLARED_MEMBERS_ACC_CTXT);
}
private String getCommonSuperClass(final String type1, final String type2) {

4
nashorn/src/jdk/nashorn/internal/runtime/linker/JavaAdapterClassLoader.java

@ -25,6 +25,7 @@
package jdk.nashorn.internal.runtime.linker;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.AllPermission;
import java.security.CodeSigner;
@ -46,6 +47,7 @@ import jdk.internal.dynalink.beans.StaticClass;
@SuppressWarnings("javadoc")
final class JavaAdapterClassLoader {
private static final ProtectionDomain GENERATED_PROTECTION_DOMAIN = createGeneratedProtectionDomain();
private static final AccessControlContext CREATE_LOADER_ACC_CTXT = ClassAndLoader.createPermAccCtxt("createClassLoader");
private final String className;
private volatile byte[] classBytes;
@ -77,7 +79,7 @@ final class JavaAdapterClassLoader {
throw new AssertionError(e); // cannot happen
}
}
});
}, CREATE_LOADER_ACC_CTXT);
}
// Note that the adapter class is created in the protection domain of the class/interface being

33
nashorn/src/jdk/nashorn/internal/runtime/linker/JavaAdapterFactory.java

@ -31,9 +31,9 @@ import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.reflect.Modifier;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
@ -70,6 +70,11 @@ import jdk.nashorn.internal.runtime.ScriptObject;
@SuppressWarnings("javadoc")
public final class JavaAdapterFactory {
// context with permissions needs for AdapterInfo creation
private static final AccessControlContext CREATE_ADAPTER_INFO_ACC_CTXT =
ClassAndLoader.createPermAccCtxt("createClassLoader", "getClassLoader",
"accessDeclaredMembers", "accessClassInPackage.jdk.nashorn.internal.runtime");
/**
* A mapping from an original Class object to AdapterInfo representing the adapter for the class it represents.
*/
@ -124,17 +129,10 @@ public final class JavaAdapterFactory {
*/
public static MethodHandle getConstructor(final Class<?> sourceType, final Class<?> targetType) throws Exception {
final StaticClass adapterClass = getAdapterClassFor(new Class<?>[] { targetType }, null);
return AccessController.doPrivileged(new PrivilegedExceptionAction<MethodHandle>() {
@Override
public MethodHandle run() throws Exception {
// NOTE: we use publicLookup(), but none of our adapter constructors are caller sensitive, so this is
// okay, we won't artificially limit access.
return MH.bindTo(Bootstrap.getLinkerServices().getGuardedInvocation(new LinkRequestImpl(
NashornCallSiteDescriptor.get(MethodHandles.publicLookup(), "dyn:new",
MethodType.methodType(targetType, StaticClass.class, sourceType), 0), false,
adapterClass, null)).getInvocation(), adapterClass);
}
});
return MH.bindTo(Bootstrap.getLinkerServices().getGuardedInvocation(new LinkRequestImpl(
NashornCallSiteDescriptor.get(MethodHandles.publicLookup(), "dyn:new",
MethodType.methodType(targetType, StaticClass.class, sourceType), 0), false,
adapterClass, null)).getInvocation(), adapterClass);
}
/**
@ -171,7 +169,7 @@ public final class JavaAdapterFactory {
return (List)Collections.singletonList(clazz);
}
/**
/**
* For a given class, create its adapter class and associated info.
* @param type the class for which the adapter is created
* @return the adapter info for the class.
@ -190,12 +188,19 @@ public final class JavaAdapterFactory {
}
superClass = t;
} else {
if (interfaces.size() > 65535) {
throw new IllegalArgumentException("interface limit exceeded");
}
interfaces.add(t);
}
if(!Modifier.isPublic(mod)) {
return new AdapterInfo(AdaptationResult.Outcome.ERROR_NON_PUBLIC_CLASS, t.getCanonicalName());
}
}
final Class<?> effectiveSuperClass = superClass == null ? Object.class : superClass;
return AccessController.doPrivileged(new PrivilegedAction<AdapterInfo>() {
@Override
@ -206,7 +211,7 @@ public final class JavaAdapterFactory {
return new AdapterInfo(e.getAdaptationResult());
}
}
});
}, CREATE_ADAPTER_INFO_ACC_CTXT);
}
private static class AdapterInfo {

2
nashorn/src/jdk/nashorn/internal/runtime/linker/ReflectionCheckLinker.java

@ -88,6 +88,6 @@ final class ReflectionCheckLinker implements TypeBasedGuardingDynamicLinker{
}
private static void checkReflectionPermission(final SecurityManager sm) {
sm.checkPermission(new RuntimePermission("nashorn.JavaReflection"));
sm.checkPermission(new RuntimePermission(Context.NASHORN_JAVA_REFLECTION));
}
}

29
nashorn/src/jdk/nashorn/internal/runtime/options/Options.java

@ -26,8 +26,11 @@
package jdk.nashorn.internal.runtime.options;
import java.io.PrintWriter;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.Permissions;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Collection;
@ -39,6 +42,7 @@ import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.MissingResourceException;
import java.util.PropertyPermission;
import java.util.ResourceBundle;
import java.util.StringTokenizer;
import java.util.TimeZone;
@ -51,6 +55,15 @@ import jdk.nashorn.internal.runtime.QuotedStringTokenizer;
* Manages global runtime options.
*/
public final class Options {
// permission to just read nashorn.* System properties
private static AccessControlContext createPropertyReadAccCtxt() {
final Permissions perms = new Permissions();
perms.add(new PropertyPermission("nashorn.*", "read"));
return new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, perms) });
}
private static final AccessControlContext READ_PROPERTY_ACC_CTXT = createPropertyReadAccCtxt();
/** Resource tag. */
private final String resource;
@ -144,7 +157,7 @@ public final class Options {
return false;
}
}
});
}, READ_PROPERTY_ACC_CTXT);
}
/**
@ -171,7 +184,7 @@ public final class Options {
return defValue;
}
}
});
}, READ_PROPERTY_ACC_CTXT);
}
/**
@ -198,7 +211,7 @@ public final class Options {
return defValue;
}
}
});
}, READ_PROPERTY_ACC_CTXT);
}
/**
@ -567,15 +580,7 @@ public final class Options {
private static String definePropPrefix;
static {
// Without do privileged, under security manager messages can not be
// loaded.
Options.bundle = AccessController.doPrivileged(new PrivilegedAction<ResourceBundle>() {
@Override
public ResourceBundle run() {
return ResourceBundle.getBundle(Options.MESSAGES_RESOURCE, Locale.getDefault());
}
});
Options.bundle = ResourceBundle.getBundle(Options.MESSAGES_RESOURCE, Locale.getDefault());
Options.validOptions = new TreeSet<>();
Options.usage = new HashMap<>();

15
nashorn/src/jdk/nashorn/tools/Shell.java

@ -34,8 +34,6 @@ import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.PrintStream;
import java.io.PrintWriter;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.List;
import java.util.Locale;
import java.util.ResourceBundle;
@ -68,18 +66,7 @@ public class Shell {
/**
* Shell message bundle.
*/
private static ResourceBundle bundle;
static {
// Without do privileged, under security manager messages can not be
// loaded.
bundle = AccessController.doPrivileged(new PrivilegedAction<ResourceBundle>() {
@Override
public ResourceBundle run() {
return ResourceBundle.getBundle(MESSAGE_RESOURCE, Locale.getDefault());
}
});
}
private static final ResourceBundle bundle = ResourceBundle.getBundle(MESSAGE_RESOURCE, Locale.getDefault());
/**
* Exit code for command line tool - successful