/hg/icedtea-web: allow custom permissions instead of all permiss...
omajid at icedtea.classpath.org
omajid at icedtea.classpath.org
Tue Jan 4 12:12:51 PST 2011
changeset e65820401742 in /hg/icedtea-web
details: http://icedtea.classpath.org/hg/icedtea-web?cmd=changeset;node=e65820401742
author: Omair Majid <omajid at redhat.com>
date: Tue Jan 04 15:12:40 2011 -0500
allow custom permissions instead of all permissions for trusted code
2011-01-04 Omair Majid <omajid at redhat.com>
* netx/net/sourceforge/jnlp/SecurityDesc.java: Add
customTrustedPolicy. (SecurityDesc): Initialize
customTrustedPolicy. (getCustomTrustedPolicy): New method. Get
custom policy file from configuration and use it to initialize a
custom configuration. (getPermissions): If trusted application
and customTrustedPolicy is not null, delegate to otherwise
return AllPermissions.
* netx/net/sourceforge/jnlp/config/Defaults.java (getDefaults):
Use constant for property.
* netx/net/sourceforge/jnlp/config/DeploymentConfiguration.java:
Add new constant KEY_SECURITY_TRUSTED_POLICY.
* netx/net/sourceforge/jnlp/runtime/ApplicationInstance.java
(installEnvironment): Pass cs as a parameter to
SecurityDesc.getPermissions.
* netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
(getPermissions): Likewise.
diffstat:
6 files changed, 62 insertions(+), 6 deletions(-)
ChangeLog | 19 ++++
netx/net/sourceforge/jnlp/SecurityDesc.java | 41 +++++++++-
netx/net/sourceforge/jnlp/config/Defaults.java | 2
netx/net/sourceforge/jnlp/config/DeploymentConfiguration.java | 2
netx/net/sourceforge/jnlp/runtime/ApplicationInstance.java | 2
netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java | 2
diffs (145 lines):
diff -r c938ea901f2f -r e65820401742 ChangeLog
--- a/ChangeLog Tue Jan 04 14:45:10 2011 -0500
+++ b/ChangeLog Tue Jan 04 15:12:40 2011 -0500
@@ -1,3 +1,22 @@ 2011-01-04 Omair Majid <omajid at redhat.
+2011-01-04 Omair Majid <omajid at redhat.com>
+
+ * netx/net/sourceforge/jnlp/SecurityDesc.java: Add
+ customTrustedPolicy.
+ (SecurityDesc): Initialize customTrustedPolicy.
+ (getCustomTrustedPolicy): New method. Get custom policy file from
+ configuration and use it to initialize a custom configuration.
+ (getPermissions): If trusted application and customTrustedPolicy is
+ not null, delegate to otherwise return AllPermissions.
+ * netx/net/sourceforge/jnlp/config/Defaults.java
+ (getDefaults): Use constant for property.
+ * netx/net/sourceforge/jnlp/config/DeploymentConfiguration.java:
+ Add new constant KEY_SECURITY_TRUSTED_POLICY.
+ * netx/net/sourceforge/jnlp/runtime/ApplicationInstance.java
+ (installEnvironment): Pass cs as a parameter to
+ SecurityDesc.getPermissions.
+ * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
+ (getPermissions): Likewise.
+
2011-01-04 Omair Majid <omajid at redhat.com>
* netx/net/sourceforge/jnlp/controlpanel/ControlPanel.java: Remove
diff -r c938ea901f2f -r e65820401742 netx/net/sourceforge/jnlp/SecurityDesc.java
--- a/netx/net/sourceforge/jnlp/SecurityDesc.java Tue Jan 04 14:45:10 2011 -0500
+++ b/netx/net/sourceforge/jnlp/SecurityDesc.java Tue Jan 04 15:12:40 2011 -0500
@@ -57,6 +57,8 @@ public class SecurityDesc {
/** the JNLP file */
private JNLPFile file;
+
+ private final Policy customTrustedPolicy;
// We go by the rules here:
// http://java.sun.com/docs/books/tutorial/deployment/doingMoreWithRIA/properties.html
@@ -151,6 +153,33 @@ public class SecurityDesc {
String key = DeploymentConfiguration.KEY_SECURITY_ALLOW_HIDE_WINDOW_WARNING;
grantAwtPermissions = Boolean.valueOf(JNLPRuntime.getConfiguration().getProperty(key));
+
+ customTrustedPolicy = getCustomTrustedPolicy();
+ }
+
+ /**
+ * Returns a Policy object that represents a custom policy to use instead
+ * of granting {@link AllPermission} to a {@link CodeSource}
+ *
+ * @return a {@link Policy} object to delegate to. May be null, which
+ * indicates that no policy exists and AllPermissions should be granted
+ * instead.
+ */
+ private Policy getCustomTrustedPolicy() {
+ String key = DeploymentConfiguration.KEY_SECURITY_TRUSTED_POLICY;
+ String policyLocation = JNLPRuntime.getConfiguration().getProperty(key);
+
+ Policy policy = null;
+ if (policyLocation != null) {
+ try {
+ URI policyUri = new URI("file://" + policyLocation);
+ policy = Policy.getInstance("JavaPolicy", new URIParameter(policyUri));
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+ // return the appropriate policy, or null
+ return policy;
}
/**
@@ -164,15 +193,21 @@ public class SecurityDesc {
/**
* Returns a PermissionCollection containing the basic
* permissions granted depending on the security type.
+ *
+ * @param cs the CodeSource to get permissions for
*/
- public PermissionCollection getPermissions() {
+ public PermissionCollection getPermissions(CodeSource cs) {
PermissionCollection permissions = getSandBoxPermissions();
// discard sandbox, give all
if (type == ALL_PERMISSIONS) {
permissions = new Permissions();
- permissions.add(new AllPermission());
- return permissions;
+ if (customTrustedPolicy == null) {
+ permissions.add(new AllPermission());
+ return permissions;
+ } else {
+ return customTrustedPolicy.getPermissions(cs);
+ }
}
// add j2ee to sandbox if needed
diff -r c938ea901f2f -r e65820401742 netx/net/sourceforge/jnlp/config/Defaults.java
--- a/netx/net/sourceforge/jnlp/config/Defaults.java Tue Jan 04 14:45:10 2011 -0500
+++ b/netx/net/sourceforge/jnlp/config/Defaults.java Tue Jan 04 15:12:40 2011 -0500
@@ -209,7 +209,7 @@ public class Defaults {
String.valueOf(true)
},
{
- "deployment.security.trusted.policy",
+ DeploymentConfiguration.KEY_SECURITY_TRUSTED_POLICY,
BasicValueValidators.getFilePathValidator(),
null
},
diff -r c938ea901f2f -r e65820401742 netx/net/sourceforge/jnlp/config/DeploymentConfiguration.java
--- a/netx/net/sourceforge/jnlp/config/DeploymentConfiguration.java Tue Jan 04 14:45:10 2011 -0500
+++ b/netx/net/sourceforge/jnlp/config/DeploymentConfiguration.java Tue Jan 04 15:12:40 2011 -0500
@@ -103,6 +103,8 @@ public final class DeploymentConfigurati
/** Boolean. Only show security prompts to user if true */
public static final String KEY_SECURITY_PROMPT_USER = "deployment.security.askgrantdialog.show";
+
+ public static final String KEY_SECURITY_TRUSTED_POLICY = "deployment.security.trusted.policy";
/** Boolean. Only give AWTPermission("showWindowWithoutWarningBanner") if true */
public static final String KEY_SECURITY_ALLOW_HIDE_WINDOW_WARNING = "deployment.security.sandbox.awtwarningwindow";
diff -r c938ea901f2f -r e65820401742 netx/net/sourceforge/jnlp/runtime/ApplicationInstance.java
--- a/netx/net/sourceforge/jnlp/runtime/ApplicationInstance.java Tue Jan 04 14:45:10 2011 -0500
+++ b/netx/net/sourceforge/jnlp/runtime/ApplicationInstance.java Tue Jan 04 15:12:40 2011 -0500
@@ -225,7 +225,7 @@ public class ApplicationInstance {
JNLPClassLoader loader = (JNLPClassLoader) this.loader;
SecurityDesc s = loader.getSecurity();
- ProtectionDomain pd = new ProtectionDomain(cs, s.getPermissions(), null, null);
+ ProtectionDomain pd = new ProtectionDomain(cs, s.getPermissions(cs), null, null);
// Add to hashmap
AccessControlContext acc = new AccessControlContext(new ProtectionDomain[] { pd });
diff -r c938ea901f2f -r e65820401742 netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
--- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Tue Jan 04 14:45:10 2011 -0500
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Tue Jan 04 15:12:40 2011 -0500
@@ -578,7 +578,7 @@ public class JNLPClassLoader extends URL
(getCodeSourceSecurity(cs.getLocation()).getSecurityType().equals(SecurityDesc.ALL_PERMISSIONS) ||
getCodeSourceSecurity(cs.getLocation()).getSecurityType().equals(SecurityDesc.J2EE_PERMISSIONS))) {
- permissions = getCodeSourceSecurity(cs.getLocation()).getPermissions();
+ permissions = getCodeSourceSecurity(cs.getLocation()).getPermissions(cs);
}
Enumeration<Permission> e = permissions.elements();
More information about the distro-pkg-dev
mailing list