Nashorn, Security manager and custom policy

Youri Bonnaffé youribm at gmail.com
Wed Apr 9 15:23:21 UTC 2014 

Hi,

I'm trying to run this very sample JS file:

    println(java.lang.System.getProperty("os.name"))

using jrunscript.

$> jrunscript test.js
Linux

Now when I set a Security Manager:

$> jrunscript -J-Djava.security.manager test.js
Exception in thread "main" java.security.AccessControlException: access
denied ("java.io.FilePermission" "test.js" "read")
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:457)
at java.security.AccessController.checkPermission(AccessController.java:884)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
at java.io.FileInputStream.<init>(FileInputStream.java:121)
at java.io.FileInputStream.<init>(FileInputStream.java:87)
at com.sun.tools.script.shell.Main.processSource(Main.java:279)
at com.sun.tools.script.shell.Main.access$100(Main.java:37)
at com.sun.tools.script.shell.Main$2.run(Main.java:200)
at com.sun.tools.script.shell.Main.main(Main.java:48)

which is expected.

Now when I set a custom policy such as:

grant {
    permission java.security.AllPermission;
};

$> jrunscript -J-Djava.security.manager
-J-Djava.security.policy=test.policy test.js
java.security.AccessControlException: access denied
("java.util.PropertyPermission" "os.name" "read")
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:457)
at java.security.AccessController.checkPermission(AccessController.java:884)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1294)
at java.lang.System.getProperty(System.java:714)
at jdk.nashorn.internal.scripts.Script$test.runScript(test.js:1)
at
jdk.nashorn.internal.runtime.ScriptFunctionData.invoke(ScriptFunctionData.java:498)
at
jdk.nashorn.internal.runtime.ScriptFunction.invoke(ScriptFunction.java:206)
at jdk.nashorn.internal.runtime.ScriptRuntime.apply(ScriptRuntime.java:378)
at
jdk.nashorn.api.scripting.NashornScriptEngine.evalImpl(NashornScriptEngine.java:546)
at
jdk.nashorn.api.scripting.NashornScriptEngine.evalImpl(NashornScriptEngine.java:528)
at
jdk.nashorn.api.scripting.NashornScriptEngine.evalImpl(NashornScriptEngine.java:524)
at
jdk.nashorn.api.scripting.NashornScriptEngine.eval(NashornScriptEngine.java:189)
at javax.script.AbstractScriptEngine.eval(AbstractScriptEngine.java:249)
at com.sun.tools.script.shell.Main.evaluateReader(Main.java:332)
at com.sun.tools.script.shell.Main.evaluateStream(Main.java:368)
at com.sun.tools.script.shell.Main.processSource(Main.java:285)
at com.sun.tools.script.shell.Main.access$100(Main.java:37)
at com.sun.tools.script.shell.Main$2.run(Main.java:200)
at com.sun.tools.script.shell.Main.main(Main.java:48)

This happens only with a JDK8/Nashorn, if I do the same with JDK7, the last
command will succeed. I failed to find information elsewhere so that's why
I asking for help here. Do you understand what might happen? And what
changed around security manager with JDK8/Nashorn?

Thanks,

  Youri

More information about the nashorn-dev mailing list