diff --git a/build.gradle b/build.gradle
index 0fff5011..8d83a2a1 100644
--- a/build.gradle
+++ b/build.gradle
@@ -144,8 +144,13 @@ githubRelease.doFirst {
   }
 }
 
-tasks.withType(Test) { task ->
-  if (JavaVersion.current().compareTo(JavaVersion.VERSION_17) > 0) {
-    task.jvmArgs += ["-Djava.security.manager=allow"]
-  }
+tasks.withType(Test).configureEach { task ->
+    if (JavaVersion.current().compareTo(JavaVersion.VERSION_17) > 0) {
+        def policyFile = file("${projectDir}/src/main/plugin-metadata/plugin-security.policy").absolutePath
+        task.jvmArgs += [
+            "--add-opens", "java.base/java.lang=ALL-UNNAMED",
+            "-Djava.security.manager",
+            "-Djava.security.policy=" + policyFile
+        ]
+    }
 }
diff --git a/src/main/plugin-metadata/plugin-security.policy b/src/main/plugin-metadata/plugin-security.policy
index 49671782..fabb3240 100644
--- a/src/main/plugin-metadata/plugin-security.policy
+++ b/src/main/plugin-metadata/plugin-security.policy
@@ -20,11 +20,11 @@
 grant {
   // needed to generate runtime classes
   permission java.lang.RuntimePermission "createClassLoader";
-  
+
   // expression runtime
   permission org.opensearch.script.ClassPermission "java.lang.String";
   permission org.opensearch.script.ClassPermission "org.apache.lucene.expressions.Expression";
-  permission org.opensearch.script.ClassPermission "org.apache.lucene.expressions.js.ExpressionMath"
+  permission org.opensearch.script.ClassPermission "org.apache.lucene.expressions.js.ExpressionMath";
   permission org.opensearch.script.ClassPermission "org.apache.lucene.search.DoubleValues";
   // available functions
   permission org.opensearch.script.ClassPermission "java.lang.Math";