Mercurial > jdk8-mips64-public > nashorn / changeset

     1.1 --- a/make/build.xml	Wed Jun 01 18:59:33 2016 +0530
     1.2 +++ b/make/build.xml	Thu Jun 02 14:56:20 2016 +0530
     1.3 @@ -425,6 +425,10 @@
     1.4      permission java.io.FilePermission "${basedir}/test/script/external/showdown/-", "read";
     1.5  };
     1.6  
     1.7 +grant codeBase "file:/${basedir}/test/script/basic/JDK-8158467.js" {
     1.8 +    permission java.lang.RuntimePermission "nashorn.setConfig";
     1.9 +};
    1.10 +
    1.11      </echo>
    1.12  
    1.13      <replace file="${build.dir}/nashorn.policy"><replacetoken>\</replacetoken><replacevalue>/</replacevalue></replace>    <!--hack for Windows - to make URLs with normal path separators -->

     2.1 --- a/src/jdk/nashorn/internal/runtime/Context.java	Wed Jun 01 18:59:33 2016 +0530
     2.2 +++ b/src/jdk/nashorn/internal/runtime/Context.java	Thu Jun 02 14:56:20 2016 +0530
     2.3 @@ -1047,7 +1047,17 @@
     2.4          }
     2.5  
     2.6          // Try finding using the "app" loader.
     2.7 -        return Class.forName(fullName, true, appLoader);
     2.8 +        if (appLoader != null) {
     2.9 +            return Class.forName(fullName, true, appLoader);
    2.10 +        } else {
    2.11 +            final Class<?> cl = Class.forName(fullName);
    2.12 +            // return the Class only if it was loaded by boot loader
    2.13 +            if (cl.getClassLoader() == null) {
    2.14 +                return cl;
    2.15 +            } else {
    2.16 +                throw new ClassNotFoundException(fullName);
    2.17 +            }
    2.18 +        }
    2.19      }
    2.20  
    2.21      /**

     3.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     3.2 +++ b/test/script/basic/JDK-8158467.js	Thu Jun 02 14:56:20 2016 +0530
     3.3 @@ -0,0 +1,92 @@
     3.4 +/*
     3.5 + * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
     3.6 + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
     3.7 + *
     3.8 + * This code is free software; you can redistribute it and/or modify it
     3.9 + * under the terms of the GNU General Public License version 2 only, as
    3.10 + * published by the Free Software Foundation.
    3.11 + *
    3.12 + * This code is distributed in the hope that it will be useful, but WITHOUT
    3.13 + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
    3.14 + * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
    3.15 + * version 2 for more details (a copy is included in the LICENSE file that
    3.16 + * accompanied this code).
    3.17 + *
    3.18 + * You should have received a copy of the GNU General Public License version
    3.19 + * 2 along with this work; if not, write to the Free Software Foundation,
    3.20 + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
    3.21 + *
    3.22 + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
    3.23 + * or visit www.oracle.com if you need additional information or have any
    3.24 + * questions.
    3.25 + */
    3.26 +
    3.27 +/**
    3.28 + * JDK-8158467: AccessControlException is thrown on public Java class access if "script app loader" is set to null
    3.29 + *
    3.30 + * @option -scripting
    3.31 + * @test
    3.32 + * @run
    3.33 + */
    3.34 +
    3.35 +var Factory = Java.type("jdk.nashorn.api.scripting.NashornScriptEngineFactory");
    3.36 +var fac = new Factory();
    3.37 +
    3.38 +// This script has to be given RuntimePermission("nashorn.setConfig")
    3.39 +var e = fac["getScriptEngine(java.lang.ClassLoader)"](null);
    3.40 +
    3.41 +print(e.eval("java.lang.System"));
    3.42 +print(e.eval("({ foo: 42})").foo);
    3.43 +print((e.eval("function(x) x*x"))(31));
    3.44 +
    3.45 +e.put("output", print);
    3.46 +var runnable = e.eval(<<EOF
    3.47 +    new java.lang.Runnable() {
    3.48 +        run: function() {
    3.49 +            output("hello Runnable");
    3.50 +        }
    3.51 +    }
    3.52 +EOF);
    3.53 +
    3.54 +runnable.run();
    3.55 +
    3.56 +var obj = e.eval(<<EOF
    3.57 +new (Java.extend(Java.type("java.lang.Object"))) {
    3.58 +    hashCode: function() 33,
    3.59 +    toString: function() "I'm object"
    3.60 +}
    3.61 +EOF);
    3.62 +
    3.63 +print(obj.hashCode());
    3.64 +print(obj.toString());
    3.65 +
    3.66 +// should throw SecurityException!
    3.67 +try {
    3.68 +    e.eval("Packages.jdk.internal");
    3.69 +} catch (ex) {
    3.70 +    print(ex);
    3.71 +}
    3.72 +
    3.73 +// should throw SecurityException!
    3.74 +try {
    3.75 +    e.eval("Java.type('jdk.internal.misc.Unsafe')");
    3.76 +} catch (ex) {
    3.77 +    print(ex);
    3.78 +}
    3.79 +
    3.80 +// should throw SecurityException!
    3.81 +try {
    3.82 +    e.eval("Java.type('jdk.nashorn.internal.Context')");
    3.83 +} catch (ex) {
    3.84 +    print(ex);
    3.85 +}
    3.86 +
    3.87 +// should throw ClassNotFoundException as null is script
    3.88 +// "app loader" [and not platform loader which loads nashorn]
    3.89 +e.eval(<<EOF
    3.90 +try {
    3.91 +    Java.type('jdk.nashorn.api.scripting.JSObject');
    3.92 +} catch (ex) {
    3.93 +    output(ex);
    3.94 +}
    3.95 +EOF);

     4.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     4.2 +++ b/test/script/basic/JDK-8158467.js.EXPECTED	Thu Jun 02 14:56:20 2016 +0530
     4.3 @@ -0,0 +1,10 @@
     4.4 +[JavaClass java.lang.System]
     4.5 +42
     4.6 +961
     4.7 +hello Runnable
     4.8 +33
     4.9 +I'm object
    4.10 +java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessClassInPackage.jdk.internal")
    4.11 +java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessClassInPackage.jdk.internal.misc")
    4.12 +java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessClassInPackage.jdk.nashorn.internal")
    4.13 +java.lang.ClassNotFoundException: jdk.nashorn.api.scripting.JSObject