RFR 8145750: jjs fails to run simple scripts with security manager turned on

Sundararajan Athijegannathan sundararajan.athijegannathan at oracle.com
Fri Dec 18 12:55:55 UTC 2015

inline comments below..

On 12/18/2015 6:22 PM, Alan Bateman wrote:
> On 18/12/2015 12:23, Sundararajan Athijegannathan wrote:
>> Please review http://cr.openjdk.java.net/~sundar/8145750/webrev.00/ 
>> for https://bugs.openjdk.java.net/browse/JDK-8145750
>> Adding missing permissions for jdk.dynalink module. Note that it used 
>> to be part of jdk.scripting.nashorn module in the past and therefore 
>> got AllPermission.
> Is it really necessary to grant it AllPermission? Just wondering how 
> hard it would be to figure out the permissions that it really needs.

May be, not. But I tried giving only sun.reflect package access -- 
didn't work. There are a few doPrivileged blocks in dynalink code as 
well. This needs further analysis.
But dynalink code was part of nashorn and so was getting AllPermission 
so far - so there is no permission enhancement by adding this missing 
permission block.

That said, we can revisit reduced permission set for dynalink module. 
I'd prefer to track that as separate bug.

> If test/tools/jjs is new then it would be good to this test directory 
> into one of the test groups so that the tests are run, maybe jdk_other.

okay, I'll find out that.

> -Alan

More information about the nashorn-dev mailing list