[rfc][icedtea-web] Fix support for signed applets with sandbox permissions in manifest
Andrew Azores
aazores at redhat.com
Wed Jul 30 15:02:43 UTC 2014
On 07/30/2014 10:52 AM, Jiri Vanek wrote:
> > diff --git
> a/tests/test-extensions/net/sourceforge/jnlp/mock/DummyJNLPFile.java
> b/tests/test-extensions/net/sourceforge/jnlp/mock/DummyJNLPFile.java
> > ---
> a/tests/test-extensions/net/sourceforge/jnlp/mock/DummyJNLPFile.java
> > +++
> b/tests/test-extensions/net/sourceforge/jnlp/mock/DummyJNLPFile.java
> > @@ -58,6 +58,9 @@ public class DummyJNLPFile extends JNLPF
> > }
> > }
> >
> > + {
> > + this.security = new SecurityDesc(this,
> SecurityDesc.SANDBOX_PERMISSIONS, null);
> > + }
> >
> > @Override
> > public ResourcesDesc getResources() {
> > @@ -68,10 +71,5 @@ public class DummyJNLPFile extends JNLPF
> > public URL getCodeBase() {
> > return CODEBASE_URL;
> > }
> > -
> > - @Override
> > - public SecurityDesc getSecurity() {
> > - return new SecurityDesc(this,
> SecurityDesc.SANDBOX_PERMISSIONS, null);
> > - }
> >
> > }
> > diff --git
> a/tests/test-extensions/net/sourceforge/jnlp/mock/DummyJNLPFileWithJar.java
> b/tests/test-extensions/net/sourceforge/jnlp/mock/DummyJNLPFileWithJar.java
>
> > ---
> a/tests/test-extensions/net/sourceforge/jnlp/mock/DummyJNLPFileWithJar.java
> > +++
> b/tests/test-extensions/net/sourceforge/jnlp/mock/DummyJNLPFileWithJar.java
> > @@ -38,6 +38,7 @@ public class DummyJNLPFileWithJar extend
> >
> > }
> > info = new ArrayList<InformationDesc>();
> > + this.security = new SecurityDesc(this,
> SecurityDesc.SANDBOX_PERMISSIONS, null);
> > }
> >
> > public URL getJarLocation() {
> > @@ -87,11 +88,6 @@ public class DummyJNLPFileWithJar extend
> > return codeBase;
> > }
> >
> > - @Override
> > - public SecurityDesc getSecurity() {
> > - return new SecurityDesc(this,
> SecurityDesc.SANDBOX_PERMISSIONS, null);
> > - }
> > -
> > public void setInfo(List<InformationDesc> info) {
> > this.info = info;
> > }
> >
>
> those looks ok to me. However:
>
>> diff --git
>> a/tests/netx/unit/net/sourceforge/jnlp/runtime/JNLPFileTest.java
>> b/tests/netx/unit/net/sourceforge/jnlp/runtime/JNLPFileTest.java
>> --- a/tests/netx/unit/net/sourceforge/jnlp/runtime/JNLPFileTest.java
>> +++ b/tests/netx/unit/net/sourceforge/jnlp/runtime/JNLPFileTest.java
>> @@ -129,7 +129,7 @@ public class JNLPFileTest extends NoStdO
>> /*
>> * "sandbox" or "all-permissions"
>> */
>> - manifest6.getMainAttributes().put(new
>> Attributes.Name(JNLPFile.ManifestsAttributes.PERMISSIONS), "sandbox");
>> + manifest6.getMainAttributes().put(new
>> Attributes.Name(JNLPFile.ManifestsAttributes.PERMISSIONS),
>> "all-permissions");
>
> Why this change??? It should not be here...
>
>> manifest6.getMainAttributes().put(new
>> Attributes.Name(JNLPFile.ManifestsAttributes.TRUSTED_LIBRARY), "false");
>> manifest6.getMainAttributes().put(new
>> Attributes.Name(JNLPFile.ManifestsAttributes.TRUSTED_ONLY), "false");
>>
>> @@ -180,7 +180,7 @@ public class JNLPFileTest extends NoStdO
>> Assert.assertEquals("*.comhttps://*.cz",
>> jnlpFile.getManifestsAttributes().getAttribute(new
>> Attributes.Name(JNLPFile.ManifestsAttributes.APP_LIBRARY_ALLOWABLE)));
>> Assert.assertEquals("*.netftp://*uu.co.uk",
>> jnlpFile.getManifestsAttributes().getAttribute(new
>> Attributes.Name(JNLPFile.ManifestsAttributes.CALLER_ALLOWABLE)));
>> Assert.assertEquals("*.com *.net *.cz *.co.uk",
>> jnlpFile.getManifestsAttributes().getAttribute(new
>> Attributes.Name(JNLPFile.ManifestsAttributes.CODEBASE)));
>> -
>> Assert.assertEquals(SecurityDesc.RequestedPermissionLevel.SANDBOX.toHtmlString(),
>> jnlpFile.getManifestsAttributes().getAttribute(new
>> Attributes.Name(JNLPFile.ManifestsAttributes.PERMISSIONS)));
>> +
>> Assert.assertEquals(SecurityDesc.RequestedPermissionLevel.ALL.toHtmlString(),
>> jnlpFile.getManifestsAttributes().getAttribute(new
>> Attributes.Name(JNLPFile.ManifestsAttributes.PERMISSIONS)));
>
> So this one,
>> Assert.assertEquals("false",
>> jnlpFile.getManifestsAttributes().getAttribute(new
>> Attributes.Name(JNLPFile.ManifestsAttributes.TRUSTED_LIBRARY)));
>> Assert.assertEquals("false",
>> jnlpFile.getManifestsAttributes().getAttribute(new
>> Attributes.Name(JNLPFile.ManifestsAttributes.TRUSTED_ONLY)));
>>
>> @@ -206,7 +206,7 @@ public class JNLPFileTest extends NoStdO
>> Assert.assertEquals(true,
>> jnlpFile.getManifestsAttributes().getCodebase().matches(new
>> URL("ftp://aa.bb.net")));
>> Assert.assertEquals(true,
>> jnlpFile.getManifestsAttributes().getCodebase().matches(new
>> URL("https://x.net")));
>> Assert.assertEquals(false,
>> jnlpFile.getManifestsAttributes().getCodebase().matches(new
>> URL("http://aa.bb/com")));
>> - Assert.assertEquals(JNLPFile.ManifestBoolean.TRUE,
>> jnlpFile.getManifestsAttributes().isSandboxForced());
>> + Assert.assertEquals(JNLPFile.ManifestBoolean.FALSE,
>> jnlpFile.getManifestsAttributes().isSandboxForced());
>
> and this one. Why so?
>> Assert.assertEquals(JNLPFile.ManifestBoolean.FALSE,
>> jnlpFile.getManifestsAttributes().isTrustedLibrary());
>> Assert.assertEquals(JNLPFile.ManifestBoolean.FALSE,
>> jnlpFile.getManifestsAttributes().isTrustedOnly());
>>
>
>
The JNLPClassLoader is determining the applet to be signed, and the
ManifestAttributesChecker does not allow for JNLP applets to have a
mismatch between their signing state and the permissions level they
request (I believe this is in the spec for the Permissions attribute).
Is the applet not actually signed? I looked into how the JARs are being
created and couldn't see if they're signed one way or the other.
Thanks,
--
Andrew A
More information about the distro-pkg-dev
mailing list