--- a/nashorn/src/jdk/internal/dynalink/DynamicLinkerFactory.java	Mon Aug 12 14:43:53 2013 +0530
+++ b/nashorn/src/jdk/internal/dynalink/DynamicLinkerFactory.java	Mon Aug 12 12:46:01 2013 +0200
@@ -99,6 +99,7 @@
 import jdk.internal.dynalink.linker.LinkRequest;
 import jdk.internal.dynalink.support.AutoDiscovery;
 import jdk.internal.dynalink.support.BottomGuardingDynamicLinker;
+import jdk.internal.dynalink.support.ClassLoaderGetterContextProvider;
 import jdk.internal.dynalink.support.CompositeGuardingDynamicLinker;
 import jdk.internal.dynalink.support.CompositeTypeBasedGuardingDynamicLinker;
 import jdk.internal.dynalink.support.LinkerServicesImpl;
@@ -315,7 +316,7 @@
             public ClassLoader run() {
                 return Thread.currentThread().getContextClassLoader();
             }
-        });
+        }, ClassLoaderGetterContextProvider.GET_CLASS_LOADER_CONTEXT);
     }
 
     private static void addClasses(Set<Class<? extends GuardingDynamicLinker>> knownLinkerClasses,

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/nashorn/src/jdk/internal/dynalink/support/ClassLoaderGetterContextProvider.java	Mon Aug 12 12:46:01 2013 +0200
@@ -0,0 +1,107 @@
+/*
+ * Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * This file is available under and governed by the GNU General Public
+ * License version 2 only, as published by the Free Software Foundation.
+ * However, the following notice accompanied the original version of this
+ * file, and Oracle licenses the original version of this file under the BSD
+ * license:
+ */
+/*
+   Copyright 2009-2013 Attila Szegedi
+
+   Licensed under both the Apache License, Version 2.0 (the "Apache License")
+   and the BSD License (the "BSD License"), with licensee being free to
+   choose either of the two at their discretion.
+
+   You may not use this file except in compliance with either the Apache
+   License or the BSD License.
+
+   If you choose to use this file in compliance with the Apache License, the
+   following notice applies to you:
+
+       You may obtain a copy of the Apache License at
+
+           http://www.apache.org/licenses/LICENSE-2.0
+
+       Unless required by applicable law or agreed to in writing, software
+       distributed under the License is distributed on an "AS IS" BASIS,
+       WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+       implied. See the License for the specific language governing
+       permissions and limitations under the License.
+
+   If you choose to use this file in compliance with the BSD License, the
+   following notice applies to you:
+
+       Redistribution and use in source and binary forms, with or without
+       modification, are permitted provided that the following conditions are
+       met:
+       * Redistributions of source code must retain the above copyright
+         notice, this list of conditions and the following disclaimer.
+       * Redistributions in binary form must reproduce the above copyright
+         notice, this list of conditions and the following disclaimer in the
+         documentation and/or other materials provided with the distribution.
+       * Neither the name of the copyright holder nor the names of
+         contributors may be used to endorse or promote products derived from
+         this software without specific prior written permission.
+
+       THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+       IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+       TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+       PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDER
+       BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+       CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+       SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+       BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+       WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+       OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+       ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+package jdk.internal.dynalink.support;
+
+import java.security.AccessControlContext;
+import java.security.Permissions;
+import java.security.ProtectionDomain;
+
+/**
+ * This class exposes a canonical {@link AccessControlContext} with a single {@link RuntimePermission} for
+ * {@code "getClassLoader"} permission that is used by other parts of the code to narrow their set of permissions when
+ * they're retrieving class loaders in privileged blocks.
+ */
+public class ClassLoaderGetterContextProvider {
+    /**
+     * Canonical instance of {@link AccessControlContext} with a single {@link RuntimePermission} for
+     * {@code "getClassLoader"} permission.
+     */
+    public static final AccessControlContext GET_CLASS_LOADER_CONTEXT;
+    static {
+        final Permissions perms = new Permissions();
+        perms.add(new RuntimePermission("getClassLoader"));
+        GET_CLASS_LOADER_CONTEXT = new AccessControlContext(
+                new ProtectionDomain[] { new ProtectionDomain(null, perms) });
+    }
+}

--- a/nashorn/src/jdk/internal/dynalink/support/ClassMap.java	Mon Aug 12 14:43:53 2013 +0530
+++ b/nashorn/src/jdk/internal/dynalink/support/ClassMap.java	Mon Aug 12 12:46:01 2013 +0200
@@ -155,7 +155,7 @@
             public ClassLoader run() {
                 return clazz.getClassLoader();
             }
-        });
+        }, ClassLoaderGetterContextProvider.GET_CLASS_LOADER_CONTEXT);
 
         // If allowed to strongly reference, put it in the fast map
         if(Guards.canReferenceDirectly(classLoader, clazzLoader)) {

--- a/nashorn/src/jdk/internal/dynalink/support/TypeConverterFactory.java	Mon Aug 12 14:43:53 2013 +0530
+++ b/nashorn/src/jdk/internal/dynalink/support/TypeConverterFactory.java	Mon Aug 12 12:46:01 2013 +0200
@@ -151,7 +151,7 @@
             public ClassLoader run() {
                 return clazz.getClassLoader();
             }
-        });
+        }, ClassLoaderGetterContextProvider.GET_CLASS_LOADER_CONTEXT);
     }
 
     /**