/hg/icedtea6: 8 new changesets
dbhole at icedtea.classpath.org
dbhole at icedtea.classpath.org
Wed Jul 28 12:54:04 PDT 2010
changeset 842a42d31b3e in /hg/icedtea6
details: http://icedtea.classpath.org/hg/icedtea6?cmd=changeset;node=842a42d31b3e
author: Deepak Bhole <dbhole at redhat.com>
date: Wed Jul 28 15:20:07 2010 -0400
Fix issue that allowed unsigned applications to modify system
properties.
changeset 9d642dc5d6fb in /hg/icedtea6
details: http://icedtea.classpath.org/hg/icedtea6?cmd=changeset;node=9d642dc5d6fb
author: Deepak Bhole <dbhole at redhat.com>
date: Wed Jul 28 15:23:50 2010 -0400
Fix issue that allowed unsigned code to use extension services
without prompt.
Collapse extention loaders into baseloader rather than vice-versa --
this makes it so that a loader is reported signed only if the main
app is.
changeset fb0ddfb8daa5 in /hg/icedtea6
details: http://icedtea.classpath.org/hg/icedtea6?cmd=changeset;node=fb0ddfb8daa5
author: Deepak Bhole <dbhole at redhat.com>
date: Wed Jul 28 15:36:19 2010 -0400
Add new security dialog that prompts the user if there is mixed
signed and unsigned code present.
changeset acaf27f20127 in /hg/icedtea6
details: http://icedtea.classpath.org/hg/icedtea6?cmd=changeset;node=acaf27f20127
author: Deepak Bhole <dbhole at redhat.com>
date: Wed Jul 28 15:38:26 2010 -0400
Warn user if extended services are being used from unsigned code
(even if the main application code is signed).
changeset 39a4a1ccee06 in /hg/icedtea6
details: http://icedtea.classpath.org/hg/icedtea6?cmd=changeset;node=39a4a1ccee06
author: Deepak Bhole <dbhole at redhat.com>
date: Wed Jul 28 15:40:48 2010 -0400
Mark jar as unverified only if it is unsigned (since signed jars --
even ones with problems, and still 'verified' for contents).
changeset bc4e4ad6e4b8 in /hg/icedtea6
details: http://icedtea.classpath.org/hg/icedtea6?cmd=changeset;node=bc4e4ad6e4b8
author: Deepak Bhole <dbhole at redhat.com>
date: Wed Jul 28 15:42:06 2010 -0400
Make sandbox permissions a subset of permissions returned for any
code source.
changeset 31d6a8239c29 in /hg/icedtea6
details: http://icedtea.classpath.org/hg/icedtea6?cmd=changeset;node=31d6a8239c29
author: Deepak Bhole <dbhole at redhat.com>
date: Wed Jul 28 15:42:55 2010 -0400
Add security descriptor mapping for nested jars.
changeset f62dd7854414 in /hg/icedtea6
details: http://icedtea.classpath.org/hg/icedtea6?cmd=changeset;node=f62dd7854414
author: Deepak Bhole <dbhole at redhat.com>
date: Wed Jul 28 15:52:36 2010 -0400
Track security descriptors per jar, and made permission decisions
based on it.
diffstat:
11 files changed, 478 insertions(+), 147 deletions(-)
ChangeLog | 81 ++++++
netx/net/sourceforge/jnlp/SecurityDesc.java | 63 ++--
netx/net/sourceforge/jnlp/resources/Messages.properties | 2
netx/net/sourceforge/jnlp/runtime/ApplicationInstance.java | 35 ++
netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java | 133 ++++++++--
netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java | 62 ----
netx/net/sourceforge/jnlp/security/NotAllSignedWarningPane.java | 121 +++++++++
netx/net/sourceforge/jnlp/security/SecurityDialogPanel.java | 7
netx/net/sourceforge/jnlp/security/SecurityWarningDialog.java | 31 ++
netx/net/sourceforge/jnlp/services/ServiceUtil.java | 58 ++--
netx/net/sourceforge/jnlp/tools/JarSigner.java | 32 +-
diffs (truncated from 927 to 500 lines):
diff -r bd5248cb292f -r f62dd7854414 ChangeLog
--- a/ChangeLog Wed Jul 28 14:41:56 2010 +0200
+++ b/ChangeLog Wed Jul 28 15:52:36 2010 -0400
@@ -1,3 +1,84 @@ 2010-07-28 Matthias Klose <doko at ubuntu
+2010-07-28 Deepak Bhole <dbhole at redhat.com>
+
+ * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java: Added a new
+ HashMap to map source locations to security descriptors for that location.
+ (getInstance): Use the new merge() method to merge loader data.
+ (initializeResources): Add map entries to the new jarLocationSecurityMap.
+ (getPermissions): Decide permissions based on security descriptor
+ associated with the calling code, rather than with the jnlp file.
+ (getCodeSourceSecurity): New method. Returns the security descriptor
+ associated with the given code source URL.
+ (merge): New method. Merges loader classpaths, native dir paths, and
+ security descriptor mappings.
+
+2010-07-28 Deepak Bhole <dbhole at redhat.com>
+
+ * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java (activateJars): Add
+ security descriptor mapping for nested jars.
+
+2010-07-28 Deepak Bhole <dbhole at redhat.com>
+
+ * netx/net/sourceforge/jnlp/SecurityDesc.java (getPermissions): Clean up
+ method, and make sure sandbox permissions are always a subset of what is
+ returned.
+
+2010-07-28 Deepak Bhole <dbhole at redhat.com>
+
+ * netx/net/sourceforge/jnlp/tools/JarSigner.java: Add new verifyResult enum
+ to track verification status.
+ (verifyJars): Mark jar unverified only if it has no signature.
+ (verifyJar): Use new verifyResult enum to return status based on if jar is
+ unsigned, signed but with errors, or signed and ok.
+
+2010-07-28 Deepak Bhole <dbhole at redhat.com>
+
+ * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java (getInstance):
+ Collapse new loader paths into base loader.
+ * netx/net/sourceforge/jnlp/services/ServiceUtil.java (checkAccess): Check
+ if calling code is trusted all the way to the end. If it isn't, prompt
+ user.
+
+2010-07-28 Deepak Bhole <dbhole at redhat.com>
+
+ * netx/net/sourceforge/jnlp/resources/Messages.properties: Add new strings.
+ * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java (getInstance):
+ Prompt user if the main app code is signed, but the extentions aren't.
+ (initializeResources): Prompt user if there are any unsigned jars mixed
+ with signed jars.
+ * netx/net/sourceforge/jnlp/security/NotAllSignedWarningPane.java: New file.
+ Dialog shown to user if the main app code is signed but the extentions aren't.
+ * netx/net/sourceforge/jnlp/security/SecurityDialogUI.java
+ (SecurityDialogUI): Add a constructor that doesn't take a CertVerifier
+ object.
+ * netx/net/sourceforge/jnlp/security/SecurityWarningDialog.java: Added
+ dialog and accesstype enum elements for a 'Not all jars signed' case.
+ (showNotAllSignedWarningDialog): New function. Prompts the user if the
+ main app code is signed but the extentions aren't.
+ (createDialog): Wire in the 'Not all jars signed' case.
+ (updateUI): Same.
+ * netx/net/sourceforge/jnlp/tools/JarSigner.java (allJarsSigned): New
+ function. Returns if there are any unsigned jars.
+
+2010-07-28 Deepak Bhole <dbhole at redhat.com>
+
+ * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java (getInstance):
+ Collapse extention loaders into baseloader rather than vice-verse.
+
+2010-07-28 Deepak Bhole <dbhole at redhat.com>
+
+ * netx/net/sourceforge/jnlp/SecurityDesc.java: Converge all property
+ permission settings info a single class.
+ (getPermissions): Do not give read/write permissions to anything other
+ than what is allowed by spec.
+ (getSandBoxPermissions): Same.
+ * netx/net/sourceforge/jnlp/runtime/ApplicationInstance.java: Remove
+ blanket imports.
+ (installEnvironment): Write properties in a restricted
+ AccessControlContext based on app specific permissions only.
+ * netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java
+ (checkPermission): Remove all property permission decision making code
+ and collapse it all into SecurityDesc.java.
+
2010-07-28 Matthias Klose <doko at ubuntu.com>
* NEWS: Add 1.8.1 entry.
diff -r bd5248cb292f -r f62dd7854414 netx/net/sourceforge/jnlp/SecurityDesc.java
--- a/netx/net/sourceforge/jnlp/SecurityDesc.java Wed Jul 28 14:41:56 2010 +0200
+++ b/netx/net/sourceforge/jnlp/SecurityDesc.java Wed Jul 28 15:52:36 2010 -0400
@@ -53,6 +53,11 @@ public class SecurityDesc {
/** the JNLP file */
private JNLPFile file;
+ // We go by the rules here:
+ // http://java.sun.com/docs/books/tutorial/deployment/doingMoreWithRIA/properties.html
+
+ // Since this is security sensitive, take a conservative approach:
+ // Allow only what is specifically allowed, and deny everything else
/** basic permissions for restricted mode */
private static Permission j2eePermissions[] = {
@@ -95,6 +100,9 @@ public class SecurityDesc {
new PropertyPermission("java.vm.vendor", "read"),
new PropertyPermission("java.vm.name", "read"),
new PropertyPermission("javawebstart.version", "read"),
+ new PropertyPermission("javaplugin.*", "read"),
+ new PropertyPermission("jnlp.*", "read,write"),
+ new PropertyPermission("javaws.*", "read,write"),
new RuntimePermission("exitVM"),
new RuntimePermission("stopThread"),
new AWTPermission("showWindowWithoutWarningBanner"),
@@ -105,6 +113,26 @@ public class SecurityDesc {
// new AWTPermission("accessEventQueue"),
};
+ /** basic permissions for restricted mode */
+ private static Permission jnlpRIAPermissions[] = {
+ new PropertyPermission("awt.useSystemAAFontSettings", "read,write"),
+ new PropertyPermission("http.agent", "read,write"),
+ new PropertyPermission("http.keepAlive", "read,write"),
+ new PropertyPermission("java.awt.syncLWRequests", "read,write"),
+ new PropertyPermission("java.awt.Window.locationByPlatform", "read,write"),
+ new PropertyPermission("javaws.cfg.jauthenticator", "read,write"),
+ new PropertyPermission("javax.swing.defaultlf", "read,write"),
+ new PropertyPermission("sun.awt.noerasebackground", "read,write"),
+ new PropertyPermission("sun.awt.erasebackgroundonresize", "read,write"),
+ new PropertyPermission("sun.java2d.d3d", "read,write"),
+ new PropertyPermission("sun.java2d.dpiaware", "read,write"),
+ new PropertyPermission("sun.java2d.noddraw", "read,write"),
+ new PropertyPermission("sun.java2d.opengl", "read,write"),
+ new PropertyPermission("swing.boldMetal", "read,write"),
+ new PropertyPermission("swing.metalTheme", "read,write"),
+ new PropertyPermission("swing.noxp", "read,write"),
+ new PropertyPermission("swing.useSystemFontSettings", "read,write"),
+ };
/**
* Create a security descriptor.
@@ -132,35 +160,19 @@ public class SecurityDesc {
* permissions granted depending on the security type.
*/
public PermissionCollection getPermissions() {
- Permissions permissions = new Permissions();
+ PermissionCollection permissions = getSandBoxPermissions();
- // all
+ // discard sandbox, give all
if (type == ALL_PERMISSIONS) {
+ permissions = new Permissions();
permissions.add(new AllPermission());
return permissions;
}
- // restricted
- if (type == SANDBOX_PERMISSIONS) {
- for (int i=0; i < sandboxPermissions.length; i++)
- permissions.add(sandboxPermissions[i]);
-
- if (downloadHost != null)
- permissions.add(new SocketPermission(downloadHost,
- "connect, accept"));
- }
-
- // j2ee
+ // add j2ee to sandbox if needed
if (type == J2EE_PERMISSIONS)
for (int i=0; i < j2eePermissions.length; i++)
permissions.add(j2eePermissions[i]);
-
- // properties
- PropertyDesc props[] = file.getResources().getProperties();
- for (int i=0; i < props.length; i++) {
- // should only allow jnlp.* properties if in sandbox?
- permissions.add(new PropertyPermission(props[i].getKey(), "read,write"));
- }
return permissions;
}
@@ -175,16 +187,13 @@ public class SecurityDesc {
for (int i=0; i < sandboxPermissions.length; i++)
permissions.add(sandboxPermissions[i]);
+ if (file.isApplication())
+ for (int i=0; i < jnlpRIAPermissions.length; i++)
+ permissions.add(jnlpRIAPermissions[i]);
+
if (downloadHost != null)
permissions.add(new SocketPermission(downloadHost,
"connect, accept"));
-
- // properties
- PropertyDesc props[] = file.getResources().getProperties();
- for (int i=0; i < props.length; i++) {
- // should only allow jnlp.* properties if in sandbox?
- permissions.add(new PropertyPermission(props[i].getKey(), "read,write"));
- }
return permissions;
}
diff -r bd5248cb292f -r f62dd7854414 netx/net/sourceforge/jnlp/resources/Messages.properties
--- a/netx/net/sourceforge/jnlp/resources/Messages.properties Wed Jul 28 14:41:56 2010 +0200
+++ b/netx/net/sourceforge/jnlp/resources/Messages.properties Wed Jul 28 15:52:36 2010 -0400
@@ -52,6 +52,8 @@ LCantDetermineMainClassInfo=Could not de
LCantDetermineMainClassInfo=Could not determine the main class for this application.
LUnsignedJarWithSecurity=Cannot grant permissions to unsigned jars.
LUnsignedJarWithSecurityInfo=Application requested security permissions, but jars are not signed.
+LSignedAppJarUsingUnsignedJar=Signed application using unsigned jars.
+LSignedAppJarUsingUnsignedJarInfo=The main application jar is signed, but some of the jars it is using aren't.
JNotApplet=File is not an applet.
JNotApplication=File is not an application.
diff -r bd5248cb292f -r f62dd7854414 netx/net/sourceforge/jnlp/runtime/ApplicationInstance.java
--- a/netx/net/sourceforge/jnlp/runtime/ApplicationInstance.java Wed Jul 28 14:41:56 2010 +0200
+++ b/netx/net/sourceforge/jnlp/runtime/ApplicationInstance.java Wed Jul 28 15:52:36 2010 -0400
@@ -17,17 +17,26 @@
package net.sourceforge.jnlp.runtime;
-import java.awt.*;
-import java.util.*;
-import java.util.List;
-import java.security.*;
+import java.awt.Window;
+import java.net.URL;
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.CodeSource;
+import java.security.PrivilegedAction;
+import java.security.ProtectionDomain;
+
import javax.swing.event.EventListenerList;
-import net.sourceforge.jnlp.*;
-import net.sourceforge.jnlp.event.*;
+import net.sourceforge.jnlp.JNLPFile;
+import net.sourceforge.jnlp.PropertyDesc;
+import net.sourceforge.jnlp.SecurityDesc;
+import net.sourceforge.jnlp.ShortcutDesc;
+import net.sourceforge.jnlp.event.ApplicationEvent;
+import net.sourceforge.jnlp.event.ApplicationListener;
import net.sourceforge.jnlp.security.SecurityWarningDialog.AccessType;
import net.sourceforge.jnlp.services.ServiceUtil;
-import net.sourceforge.jnlp.util.*;
+import net.sourceforge.jnlp.util.WeakList;
+import net.sourceforge.jnlp.util.XDesktopEntry;
/**
* Represents a running instance of an application described in a
@@ -160,6 +169,16 @@ public class ApplicationInstance {
void installEnvironment() {
final PropertyDesc props[] = file.getResources().getProperties();
+ CodeSource cs = new CodeSource((URL) null, (java.security.cert.Certificate [])null);
+
+ JNLPClassLoader loader = (JNLPClassLoader) this.loader;
+ SecurityDesc s = loader.getSecurity();
+
+ ProtectionDomain pd = new ProtectionDomain(cs, s.getPermissions(), null, null);
+
+ // Add to hashmap
+ AccessControlContext acc = new AccessControlContext(new ProtectionDomain[] {pd});
+
PrivilegedAction installProps = new PrivilegedAction() {
public Object run() {
for (int i=0; i < props.length; i++) {
@@ -169,7 +188,7 @@ public class ApplicationInstance {
return null;
}
};
- AccessController.doPrivileged(installProps);
+ AccessController.doPrivileged(installProps, acc);
}
/**
diff -r bd5248cb292f -r f62dd7854414 netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
--- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Wed Jul 28 14:41:56 2010 +0200
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Wed Jul 28 15:52:36 2010 -0400
@@ -26,6 +26,7 @@ import java.net.URLClassLoader;
import java.net.URLClassLoader;
import java.security.AccessControlContext;
import java.security.AccessController;
+import java.security.AllPermission;
import java.security.CodeSource;
import java.security.Permission;
import java.security.PermissionCollection;
@@ -140,6 +141,9 @@ public class JNLPClassLoader extends URL
/** File entries in the jar files available to this classloader */
private TreeSet jarEntries = new TreeSet();
+ /** Map of specific codesources to securitydesc */
+ private HashMap<URL, SecurityDesc> jarLocationSecurityMap = new HashMap<URL, SecurityDesc>();
+
/**
* Create a new JNLPClassLoader from the specified file.
*
@@ -249,23 +253,17 @@ public class JNLPClassLoader extends URL
JNLPClassLoader extLoader = (JNLPClassLoader) urlToLoader.get(uniqueKey);
if (extLoader != null && extLoader != loader) {
- for (URL u : loader.getURLs())
- extLoader.addURL(u);
- for (File nativeDirectory: loader.getNativeDirectories())
- extLoader.addNativeDirectory(nativeDirectory);
+ if (loader.signing && !extLoader.signing)
+ if (!SecurityWarningDialog.showNotAllSignedWarningDialog(file))
+ throw new LaunchException(file, null, R("LSFatal"), R("LCClient"), R("LSignedAppJarUsingUnsignedJar"), R("LSignedAppJarUsingUnsignedJarInfo"));
- loader = extLoader;
+ loader.merge(extLoader);
}
// loader is now current + ext. But we also need to think of
// the baseLoader
if (baseLoader != null && baseLoader != loader) {
- for (URL u : loader.getURLs())
- baseLoader.addURL(u);
- for (File nativeDirectory: loader.getNativeDirectories())
- baseLoader.addNativeDirectory(nativeDirectory);
-
- loader = baseLoader;
+ loader.merge(baseLoader);
}
} else {
@@ -402,6 +400,11 @@ public class JNLPClassLoader extends URL
if (js.anyJarsSigned()){
signing = true;
+ if (!js.allJarsSigned() &&
+ !SecurityWarningDialog.showNotAllSignedWarningDialog(file))
+ throw new LaunchException(file, null, R("LSFatal"), R("LCClient"), R("LSignedAppJarUsingUnsignedJar"), R("LSignedAppJarUsingUnsignedJarInfo"));
+
+
//user does not trust this publisher
if (!js.getAlreadyTrustPublisher()) {
checkTrustWithUser(js);
@@ -416,6 +419,34 @@ public class JNLPClassLoader extends URL
signing = false;
//otherwise this jar is simply unsigned -- make sure to ask
//for permission on certain actions
+ }
+ }
+
+ for (JARDesc jarDesc: file.getResources().getJARs()) {
+ try {
+ URL location = tracker.getCacheFile(jarDesc.getLocation()).toURI().toURL();
+ SecurityDesc jarSecurity = file.getSecurity();
+
+ if (file instanceof PluginBridge) {
+
+ URL codebase = null;
+
+ if (file.getCodeBase() != null) {
+ codebase = file.getCodeBase();
+ } else {
+ //Fixme: codebase should be the codebase of the Main Jar not
+ //the location. Although, it still works in the current state.
+ codebase = file.getResources().getMainJAR().getLocation();
+ }
+
+ jarSecurity = new SecurityDesc(file,
+ SecurityDesc.ALL_PERMISSIONS,
+ codebase.getHost());
+ }
+
+ jarLocationSecurityMap.put(location, jarSecurity);
+ } catch (MalformedURLException mfe) {
+ System.err.println(mfe.getMessage());
}
}
@@ -500,13 +531,15 @@ public class JNLPClassLoader extends URL
// set default perms
PermissionCollection permissions = security.getSandBoxPermissions();
- // If more than default is needed, evaluate based on codesource
- if (security.getSecurityType().equals(SecurityDesc.ALL_PERMISSIONS) ||
- security.getSecurityType().equals(SecurityDesc.J2EE_PERMISSIONS)) {
+ // If more than default is needed:
+ // 1. Code must be signed
+ // 2. ALL or J2EE permissions must be requested (note: plugin requests ALL automatically)
+ if (cs.getCodeSigners() != null &&
+ (getCodeSourceSecurity(cs.getLocation()).getSecurityType().equals(SecurityDesc.ALL_PERMISSIONS) ||
+ getCodeSourceSecurity(cs.getLocation()).getSecurityType().equals(SecurityDesc.J2EE_PERMISSIONS))
+ ) {
- if (cs.getCodeSigners() != null) {
- permissions = security.getPermissions();
- }
+ permissions = getCodeSourceSecurity(cs.getLocation()).getPermissions();
}
Enumeration<Permission> e = permissions.elements();
@@ -621,8 +654,31 @@ public class JNLPClassLoader extends URL
}
try {
- addURL(new URL("file://" + extractedJarLocation));
- } catch (MalformedURLException mfue) {
+ URL fileURL = new URL("file://" + extractedJarLocation);
+ addURL(fileURL);
+
+ SecurityDesc jarSecurity = file.getSecurity();
+
+ if (file instanceof PluginBridge) {
+
+ URL codebase = null;
+
+ if (file.getCodeBase() != null) {
+ codebase = file.getCodeBase();
+ } else {
+ //Fixme: codebase should be the codebase of the Main Jar not
+ //the location. Although, it still works in the current state.
+ codebase = file.getResources().getMainJAR().getLocation();
+ }
+
+ jarSecurity = new SecurityDesc(file,
+ SecurityDesc.ALL_PERMISSIONS,
+ codebase.getHost());
+ }
+
+ jarLocationSecurityMap.put(fileURL, jarSecurity);
+
+ } catch (MalformedURLException mfue) {
if (JNLPRuntime.isDebug())
System.err.println("Unable to add extracted nested jar to classpath");
@@ -1093,4 +1149,43 @@ public class JNLPClassLoader extends URL
protected SecurityDesc getSecurity() {
return security;
}
+
+ /**
+ * Returns the security descriptor for given code source URL
+ *
+ * @param source The code source
+ * @return The SecurityDescriptor for that source
+ */
+
+ protected SecurityDesc getCodeSourceSecurity(URL source) {
+ return jarLocationSecurityMap.get(source);
+ }
+
+ /**
+ * Merges the code source/security descriptor mapping from another loader
+ *
+ * @param extLoader The loader form which to merge
+ * @throws SecurityException if the code is called from an untrusted source
+ */
+ private void merge(JNLPClassLoader extLoader) {
+
+ try {
+ System.getSecurityManager().checkPermission(new AllPermission());
+ } catch (SecurityException se) {
+ throw new SecurityException("JNLPClassLoader() may only be called from trusted sources!");
+ }
+
+ // jars
+ for (URL u : extLoader.getURLs())
+ addURL(u);
+
+ // native search paths
+ for (File nativeDirectory: extLoader.getNativeDirectories())
+ addNativeDirectory(nativeDirectory);
+
+ // security descriptors
+ for (URL key: extLoader.jarLocationSecurityMap.keySet()) {
+ jarLocationSecurityMap.put(key, extLoader.jarLocationSecurityMap.get(key));
+ }
+ }
}
diff -r bd5248cb292f -r f62dd7854414 netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java
--- a/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java Wed Jul 28 14:41:56 2010 +0200
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java Wed Jul 28 15:52:36 2010 -0400
@@ -334,68 +334,6 @@ class JNLPSecurityManager extends Securi
}
}
}
-
- } else if (perm instanceof PropertyPermission) {
-
- if (JNLPRuntime.isDebug())
- System.err.println("Requesting property: " + perm.toString());
-
- // We go by the rules here:
- // http://java.sun.com/docs/books/tutorial/deployment/doingMoreWithRIA/properties.html
-
- // Since this is security sensitive, take a conservative approach:
- // Allow only what is specifically allowed, and deny everything else
-
- // First, allow what everyone is allowed to read
- if (perm.getActions().equals("read")) {
- if ( perm.getName().equals("java.class.version") ||
- perm.getName().equals("java.vendor") ||
- perm.getName().equals("java.vendor.url") ||
- perm.getName().equals("java.version") ||
- perm.getName().equals("os.name") ||
- perm.getName().equals("os.arch") ||
More information about the distro-pkg-dev
mailing list