Java sandbox

Last Updated: Jan 05, 2018

MaxCompute MapReduce and UDF programs running in distributed environments are subject to the following Java sandbox related limitations. (Major programs of MapReduce jobs are not subject to these limitations.)

  • Direct access to local files is not allowed. You can only access files by using interfaces provided by MaxCompute MapReduce/Graph in the following way: Read resources specified by the —resources option, including files, JAR packages, and resource tables; Output log information through System.out and System.err. You can view log information by running the Log command on the MaxCompute client.
  • Direct access to the distributed file system is not allowed. You can only access table records by using MaxCompute MapReduce/Graph.
  • JNI call restrictions are not allowed.
  • Creation of Java threads is not allowed. Initiation of sub-processes to run Linux commands is not allowed.
  • Network access, including obtaining local IP addresses, is not allowed.
  • Java reflection is restricted. “suppressAccessChecks” permission is denied. A private attribute or method cannot be set to accessible for obtaining private attributes or calling private methods.

Specifically, if you follow these steps in the user code, “access denied” is thrown:

Related methods for accessing local files

  1. public boolean delete()
  2. public void deleteOnExit()
  3. public boolean exists()
  4. public boolean canRead()
  5. public boolean isFile()
  6. public boolean isDirectory()
  7. public boolean isHidden()
  8. public long lastModified()
  9. public long length()
  10. public String[] list()
  11. public String[] list(FilenameFilter filter)
  12. public File[] listFiles()
  13. public File[] listFiles(FilenameFilter filter)
  14. public File[] listFiles(FileFilter filter)
  15. public boolean canWrite()
  16. public boolean createNewFile()
  17. public static File createTempFile(String prefix, String suffix)
  18. public static File createTempFile(String prefix, String suffix,File directory)
  19. public boolean mkdir()
  20. public boolean mkdirs()
  21. public boolean renameTo(File dest)
  22. public boolean setLastModified(long time)
  23. public boolean setReadOnly()

  1. RandomAccessFile(String name, String mode)
  2. RandomAccessFile(File file, String mode)

  1. FileInputStream(FileDescriptor fdObj)
  2. FileInputStream(String name)
  3. FileInputStream(File file)

  1. FileOutputStream(FileDescriptor fdObj)
  2. FileOutputStream(File file)
  3. FileOutputStream(String name)
  4. FileOutputStream(String name, boolean append)


  1. public ProtectionDomain getProtectionDomain()


  1. ClassLoader()
  2. ClassLoader(ClassLoader parent)


  1. public Process exec(String command)
  2. public Process exec(String command, String envp[])
  3. public Process exec(String cmdarray[])
  4. public Process exec(String cmdarray[], String envp[])
  5. public void exit(int status)
  6. public static void runFinalizersOnExit(boolean value)
  7. public void addShutdownHook(Thread hook)
  8. public boolean removeShutdownHook(Thread hook)
  9. public void load(String lib)
  10. public void loadLibrary(String lib)


  1. public static void exit(int status)
  2. public static void runFinalizersOnExit(boolean value)
  3. public static void load(String filename)
  4. public static void loadLibrary( String libname)
  5. public static Properties getProperties()
  6. public static void setProperties(Properties props)
  7. public static String getProperty(String key) // Only some keys are allowed for file access.
  8. public static String getProperty(String key, String def) // Only some keys are allowed for file access.
  9. public static String setProperty(String key, String value)
  10. public static void setIn(InputStream in)
  11. public static void setOut(PrintStream out)
  12. public static void setErr(PrintStream err)
  13. public static synchronized void setSecurityManager(SecurityManager s)

List of keys allowed by System.getProperty:

  1. java.version
  2. java.vendor
  3. java.vendor.url
  4. java.class.version
  6. os.version
  7. os.arch
  8. file.separator
  9. path.separator
  10. line.separator
  11. java.specification.version
  12. java.specification.vendor
  14. java.vm.specification.version
  15. java.vm.specification.vendor
  17. java.vm.version
  18. java.vm.vendor
  20. file.encoding
  21. user.timezone


  1. Thread()
  2. Thread(Runnable target)
  3. Thread(String name)
  4. Thread(Runnable target, String name)
  5. Thread(ThreadGroup group, ...)
  6. public final void checkAccess()
  7. public void interrupt()
  8. public final void suspend()
  9. public final void resume()
  10. public final void setPriority (int newPriority)
  11. public final void setName(String name)
  12. public final void setDaemon(boolean on)
  13. public final void stop()
  14. public final synchronized void stop(Throwable obj)
  15. public static int enumerate(Thread tarray[])
  16. public void setContextClassLoader(ClassLoader cl)


  1. ThreadGroup(String name)
  2. ThreadGroup(ThreadGroup parent, String name)
  3. public final void checkAccess()
  4. public int enumerate(Thread list[])
  5. public int enumerate(Thread list[], boolean recurse)
  6. public int enumerate(ThreadGroup list[])
  7. public int enumerate(ThreadGroup list[], boolean recurse)
  8. public final ThreadGroup getParent()
  9. public final void setDaemon(boolean daemon)
  10. public final void setMaxPriority(int pri)
  11. public final void suspend()
  12. public final void resume()
  13. public final void destroy()
  14. public final void interrupt()
  15. public final void stop()


  1. public static void setAccessible(...)
  2. public void setAccessible(...)

  1. public String getHostName()
  2. public static InetAddress[] getAllByName(String host)
  3. public static InetAddress getLocalHost()

  1. public InetAddress getLocalAddress()

  1. Socket(...)

  1. ServerSocket(...)
  2. public Socket accept()
  3. protected final void implAccept(Socket s)
  4. public static synchronized void setSocketFactory(...)
  5. public static synchronized void setSocketImplFactory(...)

  1. DatagramSocket(...)
  2. public synchronized void receive(DatagramPacket p)

  1. MulticastSocket(...)

  1. URL(...)
  2. public static synchronized void setURLStreamHandlerFactory(...)
  4. public static synchronized void setContentHandlerFactory(...)
  5. public static void setFileNameMap(FileNameMap map)

  1. public static void setFollowRedirects(boolean set)
  3. URLClassLoader(...)

  1. public AccessControlContext(AccessControlContext acc, DomainCombiner combiner)
  2. public DomainCombiner getDomainCombiner()
Thank you! We've received your feedback.