[Bug 1663] Intel RMM2 console can't read ISO images anymore.

bugzilla-daemon at icedtea.classpath.org bugzilla-daemon at icedtea.classpath.org
Mon Feb 3 11:45:45 PST 2014 

http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1663

--- Comment #5 from Andrew Azores <aazores at redhat.com> ---
I don't know of any dialog that would have appeared for an unsigned applet to
be granted local file read permissions. A dialog can appear asking if you want
to allow an applet to run with elevated permissions, but this is only supposed
to appear for applets with at least partial signing, and it wouldn't have
specified disk access permissions in particular.

The particular permission being denied to your applet in the screenshot is a
PropertyPermission to read the path to your home directory. I don't think this
permission has been revoked from the applet sandbox; as far as I know, unsigned
applets have never been allowed to do this. Even if it was previously allowed,
there would not be a dialog shown about it.

As a workaround since you can't sign the applet, you can try using a custom
policy. You can use 'policytool' for this or a plain text editor. Your policy
file location should normally be something like
$HOME/.config/icedtea-web/security/java.policy for IcedTea-Web 1.4. You can add
an entry like this:

grant codeBase "$CODEBASE" {
  permission java.util.PropertyPermission "user.home", "read";
};

to the policy file. Be sure to replace $CODEBASE with the actual codebase of
the applet, specified in the JNLP or HTML that defines the applet.

This permission alone most won't be enough to have the applet be able to
actually read files in your home directory, but it will solve the immediate
problem shown in your screenshot. You can then add further permissions in the
same entry as necessary until the applet works as intended. An example
FilePermission, which you'll likely need, could look like this:

permission java.io.FilePermission "${user.home}${/}iso${/}images${/}dir",
"read";

Using policytool instead to create these entries should be fairly straight
forward. Note that policytool doesn't really play nicely with i3 wm and tiling,
at least for me, so you might need to manually set each new window it spawns to
floating mode, or add a window class entry in your i3 config.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20140203/16836d80/attachment.html

More information about the distro-pkg-dev mailing list