aboutsummaryrefslogtreecommitdiffstats
path: root/netx/net/sourceforge/jnlp/runtime/RhinoBasedPacEvaluator.java
diff options
context:
space:
mode:
Diffstat (limited to 'netx/net/sourceforge/jnlp/runtime/RhinoBasedPacEvaluator.java')
-rw-r--r--netx/net/sourceforge/jnlp/runtime/RhinoBasedPacEvaluator.java7
1 files changed, 7 insertions, 0 deletions
diff --git a/netx/net/sourceforge/jnlp/runtime/RhinoBasedPacEvaluator.java b/netx/net/sourceforge/jnlp/runtime/RhinoBasedPacEvaluator.java
index c3f90ae..b1c290a 100644
--- a/netx/net/sourceforge/jnlp/runtime/RhinoBasedPacEvaluator.java
+++ b/netx/net/sourceforge/jnlp/runtime/RhinoBasedPacEvaluator.java
@@ -48,6 +48,7 @@ import java.security.AccessController;
import java.security.Permissions;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
+import java.util.PropertyPermission;
import net.sourceforge.jnlp.util.TimedHashMap;
@@ -124,9 +125,15 @@ public class RhinoBasedPacEvaluator implements PacEvaluator {
EvaluatePacAction evaluatePacAction = new EvaluatePacAction(pacContents, pacUrl.toString(),
pacHelperFunctionContents, url);
+
+ // Purposefully giving only these permissions rather than using java.policy. The "evaluatePacAction"
+ // isn't supposed to do very much and so doesn't require all the default permissions given by
+ // java.policy
Permissions p = new Permissions();
p.add(new RuntimePermission("accessClassInPackage.org.mozilla.javascript"));
p.add(new SocketPermission("*", "resolve"));
+ p.add(new PropertyPermission("java.vm.name", "read"));
+
ProtectionDomain pd = new ProtectionDomain(null, p);
AccessControlContext context = new AccessControlContext(new ProtectionDomain[] { pd });
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-01 11:57:15 +0000