changeset in /hg/icedtea6: Fix harmless, but annoying OOB except...
Deepak Bhole
dbhole at redhat.com
Tue Feb 10 13:20:07 PST 2009
changeset 3b8dcbd3d44d in /hg/icedtea6
details: http://icedtea.classpath.org/hg/icedtea6?cmd=changeset;node=3b8dcbd3d44d
description:
Fix harmless, but annoying OOB exception on browser exit.
Fix exit permission checks.
diffstat:
5 files changed, 44 insertions(+), 5 deletions(-)
ChangeLog | 10 +++++
plugin/icedtea/sun/applet/PluginAppletSecurityContext.java | 3 +
plugin/icedtea/sun/applet/PluginStreamHandler.java | 5 ++
rt/net/sourceforge/jnlp/runtime/JNLPRuntime.java | 9 ++++
rt/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java | 22 ++++++++++--
diffs (132 lines):
diff -r c402774cf211 -r 3b8dcbd3d44d ChangeLog
--- a/ChangeLog Sun Feb 08 08:33:04 2009 -0500
+++ b/ChangeLog Tue Feb 10 16:19:54 2009 -0500
@@ -1,3 +1,13 @@ 2009-02-08 Lillian Angel <langel at redha
+2009-02-10 Deepak Bhole <dbhole at redhat.com>
+ * plugin/icedtea/sun/applet/PluginAppletSecurityContext.java: Fix
+ exit permissions for applets.
+ * plugin/icedtea/sun/applet/PluginStreamHandler.java: Fix harmless, but
+ annoying OOB exception on browser exit.
+ * rt/net/sourceforge/jnlp/runtime/JNLPRuntime.java: Add function to
+ 'always' disable exit.
+ * rt/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java: Same, and
+ update support in checkPermission() for exit permissions.
+
2009-02-08 Lillian Angel <langel at redhat.com>
* Makefile.am: Updated sed to search for OpenJDK instead of IcedTea6.
diff -r c402774cf211 -r 3b8dcbd3d44d plugin/icedtea/sun/applet/PluginAppletSecurityContext.java
--- a/plugin/icedtea/sun/applet/PluginAppletSecurityContext.java Sun Feb 08 08:33:04 2009 -0500
+++ b/plugin/icedtea/sun/applet/PluginAppletSecurityContext.java Tue Feb 10 16:19:54 2009 -0500
@@ -54,7 +54,6 @@ import java.security.PrivilegedAction;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
import java.util.ArrayList;
-import java.util.HashMap;
import java.util.Hashtable;
import java.util.List;
@@ -251,6 +250,8 @@ public class PluginAppletSecurityContext
if (System.getSecurityManager() == null) {
JNLPRuntime.initialize();
}
+
+ JNLPRuntime.disableExit();
this.classLoaders.put(liveconnectLoader, "file://");
}
diff -r c402774cf211 -r 3b8dcbd3d44d plugin/icedtea/sun/applet/PluginStreamHandler.java
--- a/plugin/icedtea/sun/applet/PluginStreamHandler.java Sun Feb 08 08:33:04 2009 -0500
+++ b/plugin/icedtea/sun/applet/PluginStreamHandler.java Tue Feb 10 16:19:54 2009 -0500
@@ -221,7 +221,10 @@ public class PluginStreamHandler {
String rest = "";
String[] msgComponents = message.split(" ");
-
+
+ if (msgComponents.length < 2)
+ return;
+
// type and identifier are guaranteed to be there
String type = msgComponents[0];
final int identifier = Integer.parseInt(msgComponents[1]);
diff -r c402774cf211 -r 3b8dcbd3d44d rt/net/sourceforge/jnlp/runtime/JNLPRuntime.java
--- a/rt/net/sourceforge/jnlp/runtime/JNLPRuntime.java Sun Feb 08 08:33:04 2009 -0500
+++ b/rt/net/sourceforge/jnlp/runtime/JNLPRuntime.java Tue Feb 10 16:19:54 2009 -0500
@@ -285,6 +285,15 @@ public class JNLPRuntime {
checkExitClass();
security.setExitClass(exitClass);
}
+
+ /**
+ * Disables applets from calling exit.
+ *
+ * Once disabled, exit cannot be re-enabled for the duration of the JVM instance
+ */
+ public static void disableExit() {
+ security.disableExit();
+ }
/**
* Return the current Application, or null if none can be
diff -r c402774cf211 -r 3b8dcbd3d44d rt/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java
--- a/rt/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java Sun Feb 08 08:33:04 2009 -0500
+++ b/rt/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java Tue Feb 10 16:19:54 2009 -0500
@@ -23,6 +23,7 @@ import java.awt.event.WindowEvent;
import java.awt.event.WindowEvent;
import java.lang.ref.WeakReference;
import java.net.SocketPermission;
+import java.security.AccessControlException;
import java.security.AccessController;
import java.security.Permission;
import java.security.PrivilegedAction;
@@ -102,6 +103,9 @@ class JNLPSecurityManager extends Securi
/** listener installs the app's classloader on the event dispatch thread */
private ContextUpdater contextListener = new ContextUpdater();
+
+ /** Sets whether or not exit is allowed (in the context of the plugin, this is always false) */
+ private boolean exitAllowed = true;
private class ContextUpdater extends WindowAdapter implements PrivilegedAction {
private ApplicationInstance app = null;
@@ -275,7 +279,7 @@ class JNLPSecurityManager extends Securi
try {
super.checkPermission(perm);
} catch (SecurityException se) {
-
+
//This section is a special case for dealing with SocketPermissions.
if (JNLPRuntime.isDebug())
System.err.println("Requesting permission: " + perm.toString());
@@ -436,9 +440,17 @@ class JNLPSecurityManager extends Securi
* behave normally, and the exit class can always exit the JVM.
*/
public void checkExit(int status) {
- super.checkExit(status);
-
+
+ // applets are not allowed to exit, but the plugin main class (primordial loader) is
Class stack[] = getClassContext();
+ if (!exitAllowed) {
+ for (int i=0; i < stack.length; i++)
+ if (stack[i].getClassLoader() != null)
+ throw new AccessControlException("Applets may not call System.exit()");
+ }
+
+ super.checkExit(status);
+
boolean realCall = (stack[1] == Runtime.class);
if (isExitClass(stack)) // either exitClass called or no exitClass set
@@ -468,6 +480,10 @@ class JNLPSecurityManager extends Securi
throw closeAppEx;
}
+ protected void disableExit() {
+ exitAllowed = false;
+ }
+
}
More information about the distro-pkg-dev
mailing list