Mercurial Mercurial > jdk-sandbox / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
8158467: AccessControlException is thrown on public Java class access if "script app loader" is set to null
authorsundar
Thu, 02 Jun 2016 14:56:20 +0530
changeset 38809 98a5507b1c86
parent 38808 102fd16b8798
child 38810 f092b4fabfdb
8158467: AccessControlException is thrown on public Java class access if "script app loader" is set to null Reviewed-by: mhaupt, hannesw
nashorn/make/build.xml file | annotate | diff | comparison | revisions
nashorn/src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/runtime/Context.java file | annotate | diff | comparison | revisions
nashorn/test/script/basic/JDK-8158467.js file | annotate | diff | comparison | revisions
nashorn/test/script/basic/JDK-8158467.js.EXPECTED file | annotate | diff | comparison | revisions 
--- a/nashorn/make/build.xml	Wed Jun 01 15:17:37 2016 +0530
+++ b/nashorn/make/build.xml	Thu Jun 02 14:56:20 2016 +0530
@@ -492,6 +492,10 @@
     permission java.io.FilePermission "${basedir}/test/script/external/showdown/-", "read";
 };
 
+grant codeBase "file:/${basedir}/test/script/basic/JDK-8158467.js" {
+    permission java.lang.RuntimePermission "nashorn.setConfig";
+};
+
     </echo>
 
     <replace file="${build.dir}/nashorn.policy"><replacetoken>\</replacetoken><replacevalue>/</replacevalue></replace>    <!--hack for Windows - to make URLs with normal path separators -->
--- a/nashorn/src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/runtime/Context.java	Wed Jun 01 15:17:37 2016 +0530
+++ b/nashorn/src/jdk.scripting.nashorn/share/classes/jdk/nashorn/internal/runtime/Context.java	Thu Jun 02 14:56:20 2016 +0530
@@ -1166,7 +1166,17 @@
         }
 
         // Try finding using the "app" loader.
-        return Class.forName(fullName, true, appLoader);
+        if (appLoader != null) {
+            return Class.forName(fullName, true, appLoader);
+        } else {
+            final Class<?> cl = Class.forName(fullName);
+            // return the Class only if it was loaded by boot loader
+            if (cl.getClassLoader() == null) {
+                return cl;
+            } else {
+                throw new ClassNotFoundException(fullName);
+            }
+        }
     }
 
     /**
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/nashorn/test/script/basic/JDK-8158467.js	Thu Jun 02 14:56:20 2016 +0530
@@ -0,0 +1,92 @@
+/*
+ * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/**
+ * JDK-8158467: AccessControlException is thrown on public Java class access if "script app loader" is set to null
+ *
+ * @option -scripting
+ * @test
+ * @run
+ */
+
+var Factory = Java.type("jdk.nashorn.api.scripting.NashornScriptEngineFactory");
+var fac = new Factory();
+
+// This script has to be given RuntimePermission("nashorn.setConfig")
+var e = fac["getScriptEngine(java.lang.ClassLoader)"](null);
+
+print(e.eval("java.lang.System"));
+print(e.eval("({ foo: 42})").foo);
+print((e.eval("function(x) x*x"))(31));
+
+e.put("output", print);
+var runnable = e.eval(<<EOF
+    new java.lang.Runnable() {
+        run: function() {
+            output("hello Runnable");
+        }
+    }
+EOF);
+
+runnable.run();
+
+var obj = e.eval(<<EOF
+new (Java.extend(Java.type("java.lang.Object"))) {
+    hashCode: function() 33,
+    toString: function() "I'm object"
+}
+EOF);
+
+print(obj.hashCode());
+print(obj.toString());
+
+// should throw SecurityException!
+try {
+    e.eval("Packages.jdk.internal");
+} catch (ex) {
+    print(ex);
+}
+
+// should throw SecurityException!
+try {
+    e.eval("Java.type('jdk.internal.misc.Unsafe')");
+} catch (ex) {
+    print(ex);
+}
+
+// should throw SecurityException!
+try {
+    e.eval("Java.type('jdk.nashorn.internal.Context')");
+} catch (ex) {
+    print(ex);
+}
+
+// should throw ClassNotFoundException as null is script
+// "app loader" [and not platform loader which loads nashorn]
+e.eval(<<EOF
+try {
+    Java.type('jdk.nashorn.api.scripting.JSObject');
+} catch (ex) {
+    output(ex);
+}
+EOF);
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/nashorn/test/script/basic/JDK-8158467.js.EXPECTED	Thu Jun 02 14:56:20 2016 +0530
@@ -0,0 +1,10 @@
+[JavaClass java.lang.System]
+42
+961
+hello Runnable
+33
+I'm object
+java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessClassInPackage.jdk.internal")
+java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessClassInPackage.jdk.internal.misc")
+java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessClassInPackage.jdk.nashorn.internal")
+java.lang.ClassNotFoundException: jdk.nashorn.api.scripting.JSObject
jdk-sandbox