[RFC]: Patch for bug #498108

Andrew Haley aph at redhat.com
Thu May 7 02:37:12 PDT 2009 

Lillian Angel wrote:

> Attached is a patch to fix
> https://bugzilla.redhat.com/show_bug.cgi?id=498108.
> 
> We need to remove the setPolicy restriction for trusted webstart
> applications, since each run in their own vm instance. Though the same
> code is used for plugins, and this restriction should still be upheld. I
> have added a parameter to JNLPRuntime.initialize to determine if a
> webstart application or a plugin applet are being initialized.

Two minor style nits:

> diff -r a5006e51afe4 plugin/icedtea/sun/applet/PluginAppletSecurityContext.java
> --- a/plugin/icedtea/sun/applet/PluginAppletSecurityContext.java	Tue May 05 14:42:36 2009 -0400
> +++ b/plugin/icedtea/sun/applet/PluginAppletSecurityContext.java	Wed May 06 13:39:27 2009 -0400
> @@ -248,7 +248,7 @@
>  		// an applet will be loaded at some point, we should make it the SM
>  		// that JNLPRuntime will try to install
>  		if (System.getSecurityManager() == null) {
> -			JNLPRuntime.initialize();
> +			JNLPRuntime.initialize(false);
>

is much easier to read as something like:

		JNLPRuntime.initialize(/* isApplication */ false);

> diff -r a5006e51afe4 rt/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java
> --- a/rt/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java	Tue May 05 14:42:36 2009 -0400
> +++ b/rt/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java	Wed May 06 13:39:27 2009 -0400
> @@ -255,13 +255,14 @@
>       */
>      public void checkPermission(Permission perm) {
>          String name = perm.getName();
> -
> +
>          // Enable this manually -- it'll produce too much output for -verbose
>          // otherwise.
>  //		if (true)
>  //			System.out.println("Checking permission: " + perm.toString());
> -        if ("setPolicy".equals(name) ||
> -            "setSecurityManager".equals(name))
> +
> +        if (!JNLPRuntime.isWebstartApplication() && ("setPolicy".equals(name) ||
> +            "setSecurityManager".equals(name)))
>              throw new SecurityException(R("RCantReplaceSM"));

would be better as

	 if (!JNLPRuntime.isWebstartApplication() &&
	     ("setPolicy".equals(name) || "setSecurityManager".equals(name)))
            throw new SecurityException(R("RCantReplaceSM"));

I misunderstood this the first couple of times I read it.

Andrew.

More information about the distro-pkg-dev mailing list