Added java.vm.name read permission to fix Rhino evaluation of proxy PAC (RH982558)

1 files changed, 7 insertions, 0 deletions

diff --git a/netx/net/sourceforge/jnlp/runtime/RhinoBasedPacEvaluator.java b/netx/net/sourceforge/jnlp/runtime/RhinoBasedPacEvaluator.java
index c3f90ae..b1c290a 100644
--- a/netx/net/sourceforge/jnlp/runtime/RhinoBasedPacEvaluator.java
+++ b/netx/net/sourceforge/jnlp/runtime/RhinoBasedPacEvaluator.java
@@ -48,6 +48,7 @@ import java.security.AccessController;
 import java.security.Permissions;
 import java.security.PrivilegedAction;
 import java.security.ProtectionDomain;
+import java.util.PropertyPermission;
 
 import net.sourceforge.jnlp.util.TimedHashMap;
 
@@ -124,9 +125,15 @@ public class RhinoBasedPacEvaluator implements PacEvaluator {
 
         EvaluatePacAction evaluatePacAction = new EvaluatePacAction(pacContents, pacUrl.toString(),
                 pacHelperFunctionContents, url);
+
+        // Purposefully giving only these permissions rather than using java.policy. The "evaluatePacAction"
+        // isn't supposed to do very much and so doesn't require all the default permissions given by
+        // java.policy
         Permissions p = new Permissions();
         p.add(new RuntimePermission("accessClassInPackage.org.mozilla.javascript"));
         p.add(new SocketPermission("*", "resolve"));
+        p.add(new PropertyPermission("java.vm.name", "read"));
+
         ProtectionDomain pd = new ProtectionDomain(null, p);
         AccessControlContext context = new AccessControlContext(new ProtectionDomain[] { pd });