Permissions for eval code [jjs with support for Security Manager?]

A. Sundararajan sundararajan.athijegannathan at
Fri Feb 7 04:49:44 PST 2014


Sorry I forgot to address the following issue. Filed a bug:

It is bug that "eval" code does not get the default permissions.

Thanks for reporting.



Am Wed, 05 Feb 2014 12:38:45 +0530
schrieb "A. Sundararajan" <sundararajan.athijegannathan at  <>>:
>/  The -D System properties are set after jjs tool is initialized. If
/>/  you want System properties to be initialized before VM is
/>/  initialized, you should use -J-D.
/>/       jjs foo.js
/>/  This is true of all JDK bin tools. Any -J option is passed to the VM.
Yes true, I haven't thought of it because jjs supports the -D syntax and
the property is actually set (but obviously too late).

So with "jjs" I can actually start a instance
where the SM is enabled. If I use it to start a *.js file it actually
works (the default permissions granted apply - see below).

However in interactive mode the policy does not match. Not sure if this
is a required function (it would be certainly good for testing):

$ export JAVA_HOME=/c/Program\ Files/Java/jdk1.8.0/
$ cat $TEMP/sec.js
var System = Java.type("java.lang.System")
System.out.printf("java.version=%s%n", System.getProperty("java.version"))
exit(2) // expected to fail

$ "$JAVA_HOME/bin/jjs" $TEMP/sec.js
Exception in thread "main" access denied ("java.lang.RuntimePermission" "exitVM.2")
         at java.lang.SecurityManager.checkPermission(
         at java.lang.SecurityManager.checkExit(
         at java.lang.Runtime.exit(
         at java.lang.System.exit(
         at jdk.nashorn.internal.objects.Global.exit(
         at jdk.nashorn.internal.scripts.Script$sec.runScript(C:/Users/eckenfel/AppData/Local/Temp/sec.js:3)
         at jdk.nashorn.internal.runtime.ScriptFunctionData.invoke(
         at jdk.nashorn.internal.runtime.ScriptFunction.invoke(
         at jdk.nashorn.internal.runtime.ScriptRuntime.apply(
$ "$JAVA_HOME/bin/jjs"
jjs> java.lang.System.getProperty("java.version") access denied ("java.util.PropertyPermission" "java.version" "read")

More information about the nashorn-dev mailing list