All Products
Search

This Product

    MaxCompute:Java sandbox

    Document Center

    MaxCompute:Java sandbox

    Last Updated:Mar 26, 2026

    MaxCompute runs MapReduce jobs and user-defined functions (UDFs) in distributed mode inside a Java sandbox. The sandbox enforces that your code acts on the data it receives and returns a result — without accessing the underlying system or causing side effects. This keeps distributed execution safe and isolated across concurrent jobs.

    The sandbox applies only to MapReduce task code and UDFs that run in distributed mode. The MapReduce main function is not subject to these restrictions.

    Restrictions

    The sandbox blocks six categories of operations. For each category, an alternative is listed where one exists.

    CategoryRestrictionAlternative
    Local file accessDirect file I/O is not allowed.Access resource files, JAR packages, and resource tables through the MaxCompute MapReduce or MaxCompute Graph APIs. View logs written to System.out and System.err with the Log command on the MaxCompute client.
    Distributed file systemDirect access to distributed file systems is not allowed.Use MaxCompute MapReduce or MaxCompute Graph to read and write tables.
    JNIJava Native Interface (JNI) calls are not allowed.
    ThreadsCreating Java threads is not allowed. Linux commands cannot be run from sub-threads.
    Network accessAll network operations are not allowed, including acquiring local IP addresses.
    Java reflectionThe suppressAccessChecks permission is not allowed. Private fields and private methods cannot be made accessible.

    Restricted APIs

    Calling any of the following methods or constructors throws an access denied exception. The list covers all APIs blocked by the sandbox.

    File I/O

    `java.io.File`

    delete()
deleteOnExit()
exists()
canRead()
isFile()
isDirectory()
isHidden()
lastModified()
length()
list()
list(FilenameFilter filter)
listFiles()
listFiles(FilenameFilter filter)
listFiles(FileFilter filter)
canWrite()
createNewFile()
createTempFile(String prefix, String suffix)
createTempFile(String prefix, String suffix, File directory)
mkdir()
mkdirs()
renameTo(File dest)
setLastModified(long time)
setReadOnly()

    `java.io.RandomAccessFile`

    RandomAccessFile(String name, String mode)
RandomAccessFile(File file, String mode)

    `java.io.FileInputStream`

    FileInputStream(FileDescriptor fdObj)
FileInputStream(String name)
FileInputStream(File file)

    `java.io.FileOutputStream`

    FileOutputStream(FileDescriptor fdObj)
FileOutputStream(File file)
FileOutputStream(String name)
FileOutputStream(String name, boolean append)

    Class loading and runtime

    `java.lang.Class`

    getProtectionDomain()

    `java.lang.ClassLoader`

    ClassLoader()
ClassLoader(ClassLoader parent)

    `java.lang.Runtime`

    exec(String command)
exec(String command, String[] envp)
exec(String[] cmdarray)
exec(String[] cmdarray, String[] envp)
exit(int status)
runFinalizersOnExit(boolean value)
addShutdownHook(Thread hook)
removeShutdownHook(Thread hook)
load(String lib)
loadLibrary(String lib)

    `java.lang.System`

    exit(int status)
runFinalizersOnExit(boolean value)
load(String filename)
loadLibrary(String libname)
getProperties()
setProperties(Properties props)
getProperty(String key)           // Only the keys listed below are allowed
getProperty(String key, String def) // Only the keys listed below are allowed
setProperty(String key, String value)
setIn(InputStream in)
setOut(PrintStream out)
setErr(PrintStream err)
setSecurityManager(SecurityManager s)

    System.getProperty only allows the following keys:

    java.version
java.vendor
java.vendor.url
java.class.version
os.name
os.version
os.arch
file.separator
path.separator
line.separator
java.specification.version
java.specification.vendor
java.specification.name
java.vm.specification.version
java.vm.specification.vendor
java.vm.specification.name
java.vm.version
java.vm.vendor
java.vm.name
file.encoding
user.timezone

    Threads

    `java.lang.Thread`

    Thread()
Thread(Runnable target)
Thread(String name)
Thread(Runnable target, String name)
Thread(ThreadGroup group, ...)
checkAccess()
interrupt()
suspend()
resume()
setPriority(int newPriority)
setName(String name)
setDaemon(boolean on)
stop()
stop(Throwable obj)
enumerate(Thread[] tarray)
setContextClassLoader(ClassLoader cl)

    `java.lang.ThreadGroup`

    ThreadGroup(String name)
ThreadGroup(ThreadGroup parent, String name)
checkAccess()
enumerate(Thread[] list)
enumerate(Thread[] list, boolean recurse)
enumerate(ThreadGroup[] list)
enumerate(ThreadGroup[] list, boolean recurse)
getParent()
setDaemon(boolean daemon)
setMaxPriority(int pri)
suspend()
resume()
destroy()
interrupt()
stop()

    Reflection

    `java.lang.reflect.AccessibleObject`

    setAccessible(AccessibleObject[] array, boolean flag)
setAccessible(boolean flag)

    Network

    `java.net.InetAddress`

    getHostName()
getAllByName(String host)
getLocalHost()

    `java.net.DatagramSocket`

    DatagramSocket(...)
getLocalAddress()
receive(DatagramPacket p)

    `java.net.Socket`

    Socket(...)

    `java.net.ServerSocket`

    ServerSocket(...)
accept()
implAccept(Socket s)
setSocketFactory(...)
setSocketImplFactory(...)

    `java.net.MulticastSocket`

    MulticastSocket(...)

    `java.net.URL`

    URL(...)
setURLStreamHandlerFactory(...)

    `java.net.URLConnection`

    setContentHandlerFactory(...)
setFileNameMap(FileNameMap map)

    `java.net.HttpURLConnection`

    setFollowRedirects(boolean set)

    `java.net.URLClassLoader`

    URLClassLoader(...)

    Security

    `java.security.AccessControlContext`

    AccessControlContext(AccessControlContext acc, DomainCombiner combiner)
getDomainCombiner()