/hg/release/icedtea-web-1.4: Added java.vm.name read permission ...

[aazores at icedtea.classpath.org]

changeset a0ca905f9ee7 in /hg/release/icedtea-web-1.4
details: http://icedtea.classpath.org/hg/release/icedtea-web-1.4?cmd=changeset;node=a0ca905f9ee7
author: Andrew Azores <aazores at redhat.com>
date: Tue Jul 30 09:41:12 2013 -0400

	Added java.vm.name read permission to fix Rhino evaluation of proxy PAC (RH982558)


diffstat:

 ChangeLog                                                     |  5 +++++
 netx/net/sourceforge/jnlp/runtime/RhinoBasedPacEvaluator.java |  7 +++++++
 2 files changed, 12 insertions(+), 0 deletions(-)

diffs (39 lines):

diff -r e18d9ba86575 -r a0ca905f9ee7 ChangeLog
--- a/ChangeLog	Tue Jul 30 14:33:17 2013 +0200
+++ b/ChangeLog	Tue Jul 30 09:41:12 2013 -0400
@@ -1,3 +1,8 @@
+2013-07-30  Andrew Azores <aazores at redhat.com>
+	* netx/net/sourceforge/jnlp/runtime/RhinoBasedPacEvaluator.java:
+	(getProxiesWithoutCaching) added java.vm.name read permission to fix
+	Rhino parsing and PAC proxy configuration
+
 2013-07-30  Jiri Vanek  <jvanek at redhat.com>
 
 	* tests/reproducers/simple/simpletest1/resources/favicon.ico: new file
diff -r e18d9ba86575 -r a0ca905f9ee7 netx/net/sourceforge/jnlp/runtime/RhinoBasedPacEvaluator.java
--- a/netx/net/sourceforge/jnlp/runtime/RhinoBasedPacEvaluator.java	Tue Jul 30 14:33:17 2013 +0200
+++ b/netx/net/sourceforge/jnlp/runtime/RhinoBasedPacEvaluator.java	Tue Jul 30 09:41:12 2013 -0400
@@ -48,6 +48,7 @@
 import java.security.Permissions;
 import java.security.PrivilegedAction;
 import java.security.ProtectionDomain;
+import java.util.PropertyPermission;
 
 import net.sourceforge.jnlp.util.TimedHashMap;
 
@@ -124,9 +125,15 @@
 
         EvaluatePacAction evaluatePacAction = new EvaluatePacAction(pacContents, pacUrl.toString(),
                 pacHelperFunctionContents, url);
+
+        // Purposefully giving only these permissions rather than using java.policy. The "evaluatePacAction"
+        // isn't supposed to do very much and so doesn't require all the default permissions given by
+        // java.policy
         Permissions p = new Permissions();
         p.add(new RuntimePermission("accessClassInPackage.org.mozilla.javascript"));
         p.add(new SocketPermission("*", "resolve"));
+        p.add(new PropertyPermission("java.vm.name", "read"));
+
         ProtectionDomain pd = new ProtectionDomain(null, p);
         AccessControlContext context = new AccessControlContext(new ProtectionDomain[] { pd });