/hg/release/icedtea6-1.8: 9 new changesets
doko at icedtea.classpath.org
doko at icedtea.classpath.org
Wed Jul 28 05:04:41 PDT 2010
changeset 764f3a27b98d in /hg/release/icedtea6-1.8
details: http://icedtea.classpath.org/hg/release/icedtea6-1.8?cmd=changeset;node=764f3a27b98d
author: doko at ubuntu.com
date: Sat Jul 24 00:45:34 2010 +0200
2010-07-21 Deepak Bhole <dbhole at redhat.com>
* netx/net/sourceforge/jnlp/SecurityDesc.java: Converge all
property permission settings info a single class.
(getPermissions): Do not give read/write permissions to anything
other than what is allowed by spec.
(getSandBoxPermissions): Same.
* netx/net/sourceforge/jnlp/runtime/ApplicationInstance.java: Remove
blanket imports. (installEnvironment): Write properties in a
restricted AccessControlContext based on app specific
permissions only.
* netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java
(checkPermission): Remove all property permission decision making
code and collapse it all into SecurityDesc.java.
changeset 50249f734932 in /hg/release/icedtea6-1.8
details: http://icedtea.classpath.org/hg/release/icedtea6-1.8?cmd=changeset;node=50249f734932
author: doko at ubuntu.com
date: Sat Jul 24 00:46:24 2010 +0200
2010-07-21 Deepak Bhole <dbhole at redhat.com>
* netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
(getInstance): Collapse extention loaders into baseloader
rather than vice-verse.
changeset 1c6ebab0ea7f in /hg/release/icedtea6-1.8
details: http://icedtea.classpath.org/hg/release/icedtea6-1.8?cmd=changeset;node=1c6ebab0ea7f
author: doko at ubuntu.com
date: Sat Jul 24 00:49:21 2010 +0200
2010-07-21 Deepak Bhole <dbhole at redhat.com>
* netx/net/sourceforge/jnlp/resources/Messages.properties:
Add new strings.
* netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
(getInstance): Prompt user if the main app code is signed,
but the extentions aren't. (initializeResources): Prompt
user if there are any unsigned jars mixed with signed jars.
* netx/net/sourceforge/jnlp/security/NotAllSignedWarningPane.java: New
file. Dialog shown to user if the main app code is signed
but the extentions aren't.
* netx/net/sourceforge/jnlp/security/SecurityDialogUI.java
(SecurityDialogUI): Add a constructor that doesn't take a
CertVerifier object.
* netx/net/sourceforge/jnlp/security/SecurityWarningDialog.java: Added
dialog and accesstype enum elements for a 'Not all jars signed'
case. (showNotAllSignedWarningDialog): New function. Prompts
the user if the main app code is signed but the extentions
aren't. (createDialog): Wire in the 'Not all jars signed'
case. (updateUI): Same.
* netx/net/sourceforge/jnlp/tools/JarSigner.java (allJarsSigned): New
function. Returns if there are any unsigned jars.
changeset 9257ba041f18 in /hg/release/icedtea6-1.8
details: http://icedtea.classpath.org/hg/release/icedtea6-1.8?cmd=changeset;node=9257ba041f18
author: doko at ubuntu.com
date: Sat Jul 24 00:50:12 2010 +0200
2010-07-22 Deepak Bhole <dbhole at redhat.com>
* netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
(getInstance): Collapse new loader paths into base loader.
* netx/net/sourceforge/jnlp/services/ServiceUtil.java (checkAccess):
Check if calling code is trusted all the way to the end. If
it isn't, prompt user.
changeset e59670bc8db8 in /hg/release/icedtea6-1.8
details: http://icedtea.classpath.org/hg/release/icedtea6-1.8?cmd=changeset;node=e59670bc8db8
author: doko at ubuntu.com
date: Sat Jul 24 00:51:39 2010 +0200
2010-07-22 Deepak Bhole <dbhole at redhat.com>
* netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java:
Added a new HashMap to map source locations to security
descriptors for that location. (getInstance): Use the new
merge() method to merge loader data. (initializeResources):
Add map entries to the new jarLocationSecurityMap.
(getPermissions): Decide permissions based on security descriptor
associated with the calling code, rather than with the jnlp file.
(getCodeSourceSecurity): New method. Returns the security descriptor
associated with the given code source URL. (merge): New
method. Merges loader classpaths, native dir paths, and
security descriptor mappings.
changeset a6cb78541643 in /hg/release/icedtea6-1.8
details: http://icedtea.classpath.org/hg/release/icedtea6-1.8?cmd=changeset;node=a6cb78541643
author: doko at ubuntu.com
date: Sat Jul 24 00:52:38 2010 +0200
2010-07-22 Deepak Bhole <dbhole at redhat.com>
* t/net/sourceforge/jnlp/tools/JarSigner.java: Add new
verifyResult enum to track verification status.
(verifyJars): Mark jar unverified only if it has no signature.
(verifyJar): Use new verifyResult enum to return status based on if
jar is unsigned, signed but with errors, or signed and ok.
changeset 7c6d03b64403 in /hg/release/icedtea6-1.8
details: http://icedtea.classpath.org/hg/release/icedtea6-1.8?cmd=changeset;node=7c6d03b64403
author: doko at ubuntu.com
date: Sat Jul 24 00:53:53 2010 +0200
2010-07-22 Deepak Bhole <dbhole at redhat.com>
* netx/net/sourceforge/jnlp/SecurityDesc.java
(getPermissions): Clean up method, and make sure sandbox
permissions are always a subset of what is returned.
changeset 6d2beb513332 in /hg/release/icedtea6-1.8
details: http://icedtea.classpath.org/hg/release/icedtea6-1.8?cmd=changeset;node=6d2beb513332
author: doko at ubuntu.com
date: Sat Jul 24 00:54:29 2010 +0200
2010-07-23 Deepak Bhole <dbhole at redhat.com>
* netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
(activateJars): Add security descriptor mapping for nested
jars.
changeset 1419166fcebf in /hg/release/icedtea6-1.8
details: http://icedtea.classpath.org/hg/release/icedtea6-1.8?cmd=changeset;node=1419166fcebf
author: doko at ubuntu.com
date: Sat Jul 24 00:58:16 2010 +0200
2010-07-23 Matthias Klose <doko at ubuntu.com>
* configure.ac: Bump version to 1.8.1.
* NEWS: Update for 1.8.1.
diffstat:
13 files changed, 535 insertions(+), 152 deletions(-)
ChangeLog | 86 ++++++
NEWS | 41 +++
configure.ac | 2
netx/net/sourceforge/jnlp/SecurityDesc.java | 65 ++--
netx/net/sourceforge/jnlp/resources/Messages.properties | 2
netx/net/sourceforge/jnlp/runtime/ApplicationInstance.java | 35 ++
netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java | 135 ++++++++--
netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java | 62 ----
netx/net/sourceforge/jnlp/security/NotAllSignedWarningPane.java | 126 +++++++++
netx/net/sourceforge/jnlp/security/SecurityDialogUI.java | 6
netx/net/sourceforge/jnlp/security/SecurityWarningDialog.java | 35 ++
netx/net/sourceforge/jnlp/services/ServiceUtil.java | 60 ++--
netx/net/sourceforge/jnlp/tools/JarSigner.java | 32 +-
diffs (truncated from 1017 to 500 lines):
diff -r fcc6da6f0adb -r 1419166fcebf ChangeLog
--- a/ChangeLog Wed Jul 21 16:29:05 2010 -0400
+++ b/ChangeLog Sat Jul 24 00:58:16 2010 +0200
@@ -1,3 +1,89 @@ 2010-07-21 Deepak Bhole <dbhole at redhat.
+2010-07-23 Matthias Klose <doko at ubuntu.com>
+
+ * configure.ac: Bump version to 1.8.1.
+ * NEWS: Update for 1.8.1.
+
+2010-07-23 Deepak Bhole <dbhole at redhat.com>
+
+ * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java (activateJars): Add
+ security descriptor mapping for nested jars.
+
+2010-07-22 Deepak Bhole <dbhole at redhat.com>
+
+ * netx/net/sourceforge/jnlp/SecurityDesc.java (getPermissions): Clean up
+ method, and make sure sandbox permissions are always a subset of what is
+ returned.
+
+2010-07-22 Deepak Bhole <dbhole at redhat.com>
+
+ * netx/net/sourceforge/jnlp/tools/JarSigner.java: Add new verifyResult enum
+ to track verification status.
+ (verifyJars): Mark jar unverified only if it has no signature.
+ (verifyJar): Use new verifyResult enum to return status based on if jar is
+ unsigned, signed but with errors, or signed and ok.
+
+2010-07-22 Deepak Bhole <dbhole at redhat.com>
+
+ * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java: Added a new
+ HashMap to map source locations to security descriptors for that location.
+ (getInstance): Use the new merge() method to merge loader data.
+ (initializeResources): Add map entries to the new jarLocationSecurityMap.
+ (getPermissions): Decide permissions based on security descriptor
+ associated with the calling code, rather than with the jnlp file.
+ (getCodeSourceSecurity): New method. Returns the security descriptor
+ associated with the given code source URL.
+ (merge): New method. Merges loader classpaths, native dir paths, and
+ security descriptor mappings.
+
+2010-07-22 Deepak Bhole <dbhole at redhat.com>
+
+ * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java (getInstance):
+ Collapse new loader paths into base loader.
+ * netx/net/sourceforge/jnlp/services/ServiceUtil.java (checkAccess): Check
+ if calling code is trusted all the way to the end. If it isn't, prompt
+ user.
+
+2010-07-21 Deepak Bhole <dbhole at redhat.com>
+
+ * netx/net/sourceforge/jnlp/resources/Messages.properties: Add new strings.
+ * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java (getInstance):
+ Prompt user if the main app code is signed, but the extentions aren't.
+ (initializeResources): Prompt user if there are any unsigned jars mixed
+ with signed jars.
+ * netx/net/sourceforge/jnlp/security/NotAllSignedWarningPane.java: New file.
+ Dialog shown to user if the main app code is signed but the extentions aren't.
+ * netx/net/sourceforge/jnlp/security/SecurityDialogUI.java
+ (SecurityDialogUI): Add a constructor that doesn't take a CertVerifier
+ object.
+ * netx/net/sourceforge/jnlp/security/SecurityWarningDialog.java: Added
+ dialog and accesstype enum elements for a 'Not all jars signed' case.
+ (showNotAllSignedWarningDialog): New function. Prompts the user if the
+ main app code is signed but the extentions aren't.
+ (createDialog): Wire in the 'Not all jars signed' case.
+ (updateUI): Same.
+ * netx/net/sourceforge/jnlp/tools/JarSigner.java (allJarsSigned): New
+ function. Returns if there are any unsigned jars.
+
+2010-07-21 Deepak Bhole <dbhole at redhat.com>
+
+ * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java (getInstance):
+ Collapse extention loaders into baseloader rather than vice-verse.
+
+2010-07-21 Deepak Bhole <dbhole at redhat.com>
+
+ * netx/net/sourceforge/jnlp/SecurityDesc.java: Converge all property
+ permission settings info a single class.
+ (getPermissions): Do not give read/write permissions to anything other
+ than what is allowed by spec.
+ (getSandBoxPermissions): Same.
+ * netx/net/sourceforge/jnlp/runtime/ApplicationInstance.java: Remove
+ blanket imports.
+ (installEnvironment): Write properties in a restricted
+ AccessControlContext based on app specific permissions only.
+ * netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java
+ (checkPermission): Remove all property permission decision making code
+ and collapse it all into SecurityDesc.java.
+
2010-07-21 Deepak Bhole <dbhole at redhat.com>
* netx/net/sourceforge/jnlp/Parser.java: Undo changes from 98c88b32cdb4 to
diff -r fcc6da6f0adb -r 1419166fcebf NEWS
--- a/NEWS Wed Jul 21 16:29:05 2010 -0400
+++ b/NEWS Sat Jul 24 00:58:16 2010 +0200
@@ -1,3 +1,44 @@ New in release 1.8 (2010-04-13):
+New in release 1.8.1 (2010-07-28):
+
+- OpenJDK:
+ - 6678385: Fixes jvm crashes when window is resized.
+ - Produces the "expected" behavior for full screen applications, when
+ running the Metacity window manager.
+- IcedTeaNPPlugin.
+ - RH524387: javax.net.ssl.SSLKeyException: RSA premaster secret error
+ - Set context classloader for all threads in an applet's threadgroup
+ - PR436: Close all applet threads on exit
+ - PR480: NPPlugin with NoScript extension.
+ - PR488: Question mark changing into underscore in URL.
+ - RH592553: Fix bug causing 100% CPU usage.
+ - Don't generate a random pointer from a pthread_t in the debug output.
+ - Add ForbiddenTargetException for legacy support.
+ - Use variadic macro for plugin debug message printing.
+ - Don't link the plugin with libxul libraries.
+ - Fix race conditions in plugin initialization code that were causing hangs.
+ - RH506730: BankID (Norwegian common online banking authentication system) applet fails to load.
+ - Fix policy evaluation to match the proprietary JDK.
+ - PR491: pass java_{code,codebase,archive} parameters to Java.
+ - Adds javawebstart.version property and give user permission to read that property.
+- NetX:
+ - Fix security flaw in NetX that allows arbitrary unsigned apps to set
+ any java property.
+ - Fix a flaw that allows unsigned code to access any file on the
+ machine (accessible to the user) and write to it.
+ - Make path sanitization consistent; use a blacklisting approach.
+ - Make the SingleInstanceServer thread a daemon thread.
+ - Handle JNLP files which use native libraries but do not indicate it
+ - Allow JNLP classloaders to share native libraries
+ - Added encoding support
+- PulseAudio:
+ - Eliminate spurious exception throwing.
+- Zero/Shark:
+ - PR shark/483: Fix miscompilation of sun.misc.Unsafe::getByte.
+ - PR PR icedtea/324, icedtea/481: Fix Shark VM crash.
+ - Fix Zero build on Hitachi SH.
+* SystemTap support:
+ - PR476: Enable building SystemTap support on GCC 4.5.
+
New in release 1.8 (2010-04-13):
- Updated to OpenJDK6 b18.
diff -r fcc6da6f0adb -r 1419166fcebf configure.ac
--- a/configure.ac Wed Jul 21 16:29:05 2010 -0400
+++ b/configure.ac Sat Jul 24 00:58:16 2010 +0200
@@ -1,4 +1,4 @@ AC_INIT([icedtea6],[1.8],[distro-pkg-dev
-AC_INIT([icedtea6],[1.8],[distro-pkg-dev at openjdk.java.net])
+AC_INIT([icedtea6],[1.8.1],[distro-pkg-dev at openjdk.java.net])
AM_INIT_AUTOMAKE([1.9 tar-pax foreign])
AC_CONFIG_FILES([Makefile])
diff -r fcc6da6f0adb -r 1419166fcebf netx/net/sourceforge/jnlp/SecurityDesc.java
--- a/netx/net/sourceforge/jnlp/SecurityDesc.java Wed Jul 21 16:29:05 2010 -0400
+++ b/netx/net/sourceforge/jnlp/SecurityDesc.java Sat Jul 24 00:58:16 2010 +0200
@@ -53,6 +53,11 @@ public class SecurityDesc {
/** the JNLP file */
private JNLPFile file;
+ // We go by the rules here:
+ // http://java.sun.com/docs/books/tutorial/deployment/doingMoreWithRIA/properties.html
+
+ // Since this is security sensitive, take a conservative approach:
+ // Allow only what is specifically allowed, and deny everything else
/** basic permissions for restricted mode */
private static Permission j2eePermissions[] = {
@@ -95,6 +100,9 @@ public class SecurityDesc {
new PropertyPermission("java.vm.vendor", "read"),
new PropertyPermission("java.vm.name", "read"),
new PropertyPermission("javawebstart.version", "read"),
+ new PropertyPermission("javaplugin.*", "read"),
+ new PropertyPermission("jnlp.*", "read,write"),
+ new PropertyPermission("javaws.*", "read,write"),
new RuntimePermission("exitVM"),
new RuntimePermission("stopThread"),
new AWTPermission("showWindowWithoutWarningBanner"),
@@ -105,6 +113,26 @@ public class SecurityDesc {
// new AWTPermission("accessEventQueue"),
};
+ /** basic permissions for restricted mode */
+ private static Permission jnlpRIAPermissions[] = {
+ new PropertyPermission("awt.useSystemAAFontSettings", "read,write"),
+ new PropertyPermission("http.agent", "read,write"),
+ new PropertyPermission("http.keepAlive", "read,write"),
+ new PropertyPermission("java.awt.syncLWRequests", "read,write"),
+ new PropertyPermission("java.awt.Window.locationByPlatform", "read,write"),
+ new PropertyPermission("javaws.cfg.jauthenticator", "read,write"),
+ new PropertyPermission("javax.swing.defaultlf", "read,write"),
+ new PropertyPermission("sun.awt.noerasebackground", "read,write"),
+ new PropertyPermission("sun.awt.erasebackgroundonresize", "read,write"),
+ new PropertyPermission("sun.java2d.d3d", "read,write"),
+ new PropertyPermission("sun.java2d.dpiaware", "read,write"),
+ new PropertyPermission("sun.java2d.noddraw", "read,write"),
+ new PropertyPermission("sun.java2d.opengl", "read,write"),
+ new PropertyPermission("swing.boldMetal", "read,write"),
+ new PropertyPermission("swing.metalTheme", "read,write"),
+ new PropertyPermission("swing.noxp", "read,write"),
+ new PropertyPermission("swing.useSystemFontSettings", "read,write"),
+ };
/**
* Create a security descriptor.
@@ -118,7 +146,7 @@ public class SecurityDesc {
this.type = type;
this.downloadHost = downloadHost;
}
-
+
/**
* Returns the permissions type, one of: ALL_PERMISSIONS,
* SANDBOX_PERMISSIONS, J2EE_PERMISSIONS.
@@ -132,35 +160,19 @@ public class SecurityDesc {
* permissions granted depending on the security type.
*/
public PermissionCollection getPermissions() {
- Permissions permissions = new Permissions();
+ PermissionCollection permissions = getSandBoxPermissions();
- // all
+ // discard sandbox, give all
if (type == ALL_PERMISSIONS) {
+ permissions = new Permissions();
permissions.add(new AllPermission());
return permissions;
}
- // restricted
- if (type == SANDBOX_PERMISSIONS) {
- for (int i=0; i < sandboxPermissions.length; i++)
- permissions.add(sandboxPermissions[i]);
-
- if (downloadHost != null)
- permissions.add(new SocketPermission(downloadHost,
- "connect, accept"));
- }
-
- // j2ee
+ // add j2ee to sandbox if needed
if (type == J2EE_PERMISSIONS)
for (int i=0; i < j2eePermissions.length; i++)
permissions.add(j2eePermissions[i]);
-
- // properties
- PropertyDesc props[] = file.getResources().getProperties();
- for (int i=0; i < props.length; i++) {
- // should only allow jnlp.* properties if in sandbox?
- permissions.add(new PropertyPermission(props[i].getKey(), "read,write"));
- }
return permissions;
}
@@ -175,16 +187,13 @@ public class SecurityDesc {
for (int i=0; i < sandboxPermissions.length; i++)
permissions.add(sandboxPermissions[i]);
+ if (file.isApplication())
+ for (int i=0; i < jnlpRIAPermissions.length; i++)
+ permissions.add(jnlpRIAPermissions[i]);
+
if (downloadHost != null)
permissions.add(new SocketPermission(downloadHost,
"connect, accept"));
-
- // properties
- PropertyDesc props[] = file.getResources().getProperties();
- for (int i=0; i < props.length; i++) {
- // should only allow jnlp.* properties if in sandbox?
- permissions.add(new PropertyPermission(props[i].getKey(), "read,write"));
- }
return permissions;
}
diff -r fcc6da6f0adb -r 1419166fcebf netx/net/sourceforge/jnlp/resources/Messages.properties
--- a/netx/net/sourceforge/jnlp/resources/Messages.properties Wed Jul 21 16:29:05 2010 -0400
+++ b/netx/net/sourceforge/jnlp/resources/Messages.properties Sat Jul 24 00:58:16 2010 +0200
@@ -52,6 +52,8 @@ LCantDetermineMainClassInfo=Could not de
LCantDetermineMainClassInfo=Could not determine the main class for this application.
LUnsignedJarWithSecurity=Cannot grant permissions to unsigned jars.
LUnsignedJarWithSecurityInfo=Application requested security permissions, but jars are not signed.
+LSignedAppJarUsingUnsignedJar=Signed application using unsigned jars.
+LSignedAppJarUsingUnsignedJarInfo=The main application jar is signed, but some of the jars it is using aren't.
JNotApplet=File is not an applet.
JNotApplication=File is not an application.
diff -r fcc6da6f0adb -r 1419166fcebf netx/net/sourceforge/jnlp/runtime/ApplicationInstance.java
--- a/netx/net/sourceforge/jnlp/runtime/ApplicationInstance.java Wed Jul 21 16:29:05 2010 -0400
+++ b/netx/net/sourceforge/jnlp/runtime/ApplicationInstance.java Sat Jul 24 00:58:16 2010 +0200
@@ -17,17 +17,26 @@
package net.sourceforge.jnlp.runtime;
-import java.awt.*;
-import java.util.*;
-import java.util.List;
-import java.security.*;
+import java.awt.Window;
+import java.net.URL;
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.CodeSource;
+import java.security.PrivilegedAction;
+import java.security.ProtectionDomain;
+
import javax.swing.event.EventListenerList;
-import net.sourceforge.jnlp.*;
-import net.sourceforge.jnlp.event.*;
+import net.sourceforge.jnlp.JNLPFile;
+import net.sourceforge.jnlp.PropertyDesc;
+import net.sourceforge.jnlp.SecurityDesc;
+import net.sourceforge.jnlp.ShortcutDesc;
+import net.sourceforge.jnlp.event.ApplicationEvent;
+import net.sourceforge.jnlp.event.ApplicationListener;
import net.sourceforge.jnlp.security.SecurityWarningDialog.AccessType;
import net.sourceforge.jnlp.services.ServiceUtil;
-import net.sourceforge.jnlp.util.*;
+import net.sourceforge.jnlp.util.WeakList;
+import net.sourceforge.jnlp.util.XDesktopEntry;
/**
* Represents a running instance of an application described in a
@@ -159,6 +168,16 @@ public class ApplicationInstance {
*/
void installEnvironment() {
final PropertyDesc props[] = file.getResources().getProperties();
+
+ CodeSource cs = new CodeSource((URL) null, (java.security.cert.Certificate [])null);
+
+ JNLPClassLoader loader = (JNLPClassLoader) this.loader;
+ SecurityDesc s = loader.getSecurity();
+
+ ProtectionDomain pd = new ProtectionDomain(cs, s.getPermissions(), null, null);
+
+ // Add to hashmap
+ AccessControlContext acc = new AccessControlContext(new ProtectionDomain[] {pd});
PrivilegedAction installProps = new PrivilegedAction() {
public Object run() {
@@ -169,7 +188,7 @@ public class ApplicationInstance {
return null;
}
};
- AccessController.doPrivileged(installProps);
+ AccessController.doPrivileged(installProps, acc);
}
/**
diff -r fcc6da6f0adb -r 1419166fcebf netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
--- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Wed Jul 21 16:29:05 2010 -0400
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Sat Jul 24 00:58:16 2010 +0200
@@ -26,6 +26,7 @@ import java.net.URLClassLoader;
import java.net.URLClassLoader;
import java.security.AccessControlContext;
import java.security.AccessController;
+import java.security.AllPermission;
import java.security.CodeSource;
import java.security.Permission;
import java.security.PermissionCollection;
@@ -140,6 +141,9 @@ public class JNLPClassLoader extends URL
/** File entries in the jar files available to this classloader */
private TreeSet jarEntries = new TreeSet();
+ /** Map of specific codesources to securitydesc */
+ private HashMap<URL, SecurityDesc> jarLocationSecurityMap = new HashMap<URL, SecurityDesc>();
+
/**
* Create a new JNLPClassLoader from the specified file.
*
@@ -249,24 +253,19 @@ public class JNLPClassLoader extends URL
JNLPClassLoader extLoader = (JNLPClassLoader) urlToLoader.get(uniqueKey);
if (extLoader != null && extLoader != loader) {
- for (URL u : loader.getURLs())
- extLoader.addURL(u);
- for (File nativeDirectory: loader.getNativeDirectories())
- extLoader.addNativeDirectory(nativeDirectory);
- loader = extLoader;
+ if (loader.signing && !extLoader.signing)
+ if (!SecurityWarningDialog.showNotAllSignedWarningDialog(file))
+ throw new LaunchException(file, null, R("LSFatal"), R("LCClient"), R("LSignedAppJarUsingUnsignedJar"), R("LSignedAppJarUsingUnsignedJarInfo"));
+
+ loader.merge(extLoader);
}
// loader is now current + ext. But we also need to think of
// the baseLoader
if (baseLoader != null && baseLoader != loader) {
- for (URL u : loader.getURLs())
- baseLoader.addURL(u);
- for (File nativeDirectory: loader.getNativeDirectories())
- baseLoader.addNativeDirectory(nativeDirectory);
-
- loader = baseLoader;
- }
+ loader.merge(baseLoader);
+ }
} else {
// if key is same and locations match, this is the loader we want
@@ -402,6 +401,10 @@ public class JNLPClassLoader extends URL
if (js.anyJarsSigned()){
signing = true;
+ if (!js.allJarsSigned() &&
+ !SecurityWarningDialog.showNotAllSignedWarningDialog(file))
+ throw new LaunchException(file, null, R("LSFatal"), R("LCClient"), R("LSignedAppJarUsingUnsignedJar"), R("LSignedAppJarUsingUnsignedJarInfo"));
+
//user does not trust this publisher
if (!js.getAlreadyTrustPublisher()) {
checkTrustWithUser(js);
@@ -416,6 +419,34 @@ public class JNLPClassLoader extends URL
signing = false;
//otherwise this jar is simply unsigned -- make sure to ask
//for permission on certain actions
+ }
+ }
+
+ for (JARDesc jarDesc: file.getResources().getJARs()) {
+ try {
+ URL location = tracker.getCacheFile(jarDesc.getLocation()).toURI().toURL();
+ SecurityDesc jarSecurity = file.getSecurity();
+
+ if (file instanceof PluginBridge) {
+
+ URL codebase = null;
+
+ if (file.getCodeBase() != null) {
+ codebase = file.getCodeBase();
+ } else {
+ //Fixme: codebase should be the codebase of the Main Jar not
+ //the location. Although, it still works in the current state.
+ codebase = file.getResources().getMainJAR().getLocation();
+ }
+
+ jarSecurity = new SecurityDesc(file,
+ SecurityDesc.ALL_PERMISSIONS,
+ codebase.getHost());
+ }
+
+ jarLocationSecurityMap.put(location, jarSecurity);
+ } catch (MalformedURLException mfe) {
+ System.err.println(mfe.getMessage());
}
}
@@ -500,13 +531,15 @@ public class JNLPClassLoader extends URL
// set default perms
PermissionCollection permissions = security.getSandBoxPermissions();
- // If more than default is needed, evaluate based on codesource
- if (security.getSecurityType().equals(SecurityDesc.ALL_PERMISSIONS) ||
- security.getSecurityType().equals(SecurityDesc.J2EE_PERMISSIONS)) {
+ // If more than default is needed:
+ // 1. Code must be signed
+ // 2. ALL or J2EE permissions must be requested (note: plugin requests ALL automatically)
+ if (cs.getCodeSigners() != null &&
+ (getCodeSourceSecurity(cs.getLocation()).getSecurityType().equals(SecurityDesc.ALL_PERMISSIONS) ||
+ getCodeSourceSecurity(cs.getLocation()).getSecurityType().equals(SecurityDesc.J2EE_PERMISSIONS))
+ ) {
- if (cs.getCodeSigners() != null) {
- permissions = security.getPermissions();
- }
+ permissions = getCodeSourceSecurity(cs.getLocation()).getPermissions();
}
Enumeration<Permission> e = permissions.elements();
@@ -621,8 +654,31 @@ public class JNLPClassLoader extends URL
}
try {
- addURL(new URL("file://" + extractedJarLocation));
- } catch (MalformedURLException mfue) {
+ URL fileURL = new URL("file://" + extractedJarLocation);
+ addURL(fileURL);
+
+ SecurityDesc jarSecurity = file.getSecurity();
+
+ if (file instanceof PluginBridge) {
+
+ URL codebase = null;
+
+ if (file.getCodeBase() != null) {
+ codebase = file.getCodeBase();
+ } else {
+ //Fixme: codebase should be the codebase of the Main Jar not
+ //the location. Although, it still works in the current state.
+ codebase = file.getResources().getMainJAR().getLocation();
+ }
+
+ jarSecurity = new SecurityDesc(file,
+ SecurityDesc.ALL_PERMISSIONS,
+ codebase.getHost());
+ }
+
+ jarLocationSecurityMap.put(fileURL, jarSecurity);
+
+ } catch (MalformedURLException mfue) {
if (JNLPRuntime.isDebug())
More information about the distro-pkg-dev
mailing list