/hg/icedtea-web: TemporaryPermissions generated via reflection r...
aazores at icedtea.classpath.org
aazores at icedtea.classpath.org
Fri Jun 13 20:49:24 UTC 2014
changeset e5d8a62d2170 in /hg/icedtea-web
details: http://icedtea.classpath.org/hg/icedtea-web?cmd=changeset;node=e5d8a62d2170
author: Andrew Azores <aazores at redhat.com>
date: Fri Jun 13 16:48:22 2014 -0400
TemporaryPermissions generated via reflection rather than hard coded
2014-06-13 Andrew Azores <aazores at redhat.com>
TemporaryPermissions generated via reflection rather than hard coded
* netx/net/sourceforge/jnlp/resources/Messages.properties
(STempPermNoFile, STempPermNoNetwork, STempPermNoExec,
STempNoFileOrNetwork, STempNoExecOrNetwork, STempNoFileOrExec,
STempNoFileOrNetworkOrExec, STempAllMedia, STempSoundOnly,
STempClipboardOnly, STempPrintOnly, STempAllFileAndPropertyAccess,
STempReadLocalFilesAndProperties, STempReflectionOnly): removed
(STempNetwork, STempReadFilesAndProperties, STempWriteFilesAndProperties,
STempReflectionAndExternal, STempAllMedia): new messages
* netx/net/sourceforge/jnlp/resources/Messages_cs.properties
(STempPermNoFile, STempPermNoNetwork, STempPermNoExec,
STempNoFileOrNetwork, STempNoExecOrNetwork, STempNoFileOrExec,
STempNoFileOrNetworkOrExec, STempAllMedia, STempSoundOnly,
STempClipboardOnly, STempPrintOnly, STempAllFileAndPropertyAccess,
STempReadLocalFilesAndProperties, STempReflectionOnly): removed
* netx/net/sourceforge/jnlp/security/dialogs/TemporaryPermissions.java:
rewrite to use reflection to generate permissions from
PolicyEditorPermissions rather than exposing statically defined values
* netx/net/sourceforge/jnlp/security/dialogs/TemporaryPermissionsButton.java:
refactor to use new TemporaryPermissions change
* tests/netx/unit/net/sourceforge/jnlp/security/dialogs/TemporaryPermissionsTest.java:
new tests for TemporaryPermissions
diffstat:
ChangeLog | 25 +
netx/net/sourceforge/jnlp/resources/Messages.properties | 19 +-
netx/net/sourceforge/jnlp/resources/Messages_cs.properties | 14 -
netx/net/sourceforge/jnlp/security/dialogs/TemporaryPermissions.java | 210 ++-------
netx/net/sourceforge/jnlp/security/dialogs/TemporaryPermissionsButton.java | 50 +-
tests/netx/unit/net/sourceforge/jnlp/security/dialogs/TemporaryPermissionsTest.java | 104 ++++
6 files changed, 207 insertions(+), 215 deletions(-)
diffs (truncated from 507 to 500 lines):
diff -r 0d6f97d838b7 -r e5d8a62d2170 ChangeLog
--- a/ChangeLog Thu Jun 12 16:51:32 2014 -0400
+++ b/ChangeLog Fri Jun 13 16:48:22 2014 -0400
@@ -1,3 +1,28 @@
+2014-06-13 Andrew Azores <aazores at redhat.com>
+
+ TemporaryPermissions generated via reflection rather than hard coded
+ * netx/net/sourceforge/jnlp/resources/Messages.properties
+ (STempPermNoFile, STempPermNoNetwork, STempPermNoExec,
+ STempNoFileOrNetwork, STempNoExecOrNetwork, STempNoFileOrExec,
+ STempNoFileOrNetworkOrExec, STempAllMedia, STempSoundOnly,
+ STempClipboardOnly, STempPrintOnly, STempAllFileAndPropertyAccess,
+ STempReadLocalFilesAndProperties, STempReflectionOnly): removed
+ (STempNetwork, STempReadFilesAndProperties, STempWriteFilesAndProperties,
+ STempReflectionAndExternal, STempAllMedia): new messages
+ * netx/net/sourceforge/jnlp/resources/Messages_cs.properties
+ (STempPermNoFile, STempPermNoNetwork, STempPermNoExec,
+ STempNoFileOrNetwork, STempNoExecOrNetwork, STempNoFileOrExec,
+ STempNoFileOrNetworkOrExec, STempAllMedia, STempSoundOnly,
+ STempClipboardOnly, STempPrintOnly, STempAllFileAndPropertyAccess,
+ STempReadLocalFilesAndProperties, STempReflectionOnly): removed
+ * netx/net/sourceforge/jnlp/security/dialogs/TemporaryPermissions.java:
+ rewrite to use reflection to generate permissions from
+ PolicyEditorPermissions rather than exposing statically defined values
+ * netx/net/sourceforge/jnlp/security/dialogs/TemporaryPermissionsButton.java:
+ refactor to use new TemporaryPermissions change
+ * tests/netx/unit/net/sourceforge/jnlp/security/dialogs/TemporaryPermissionsTest.java:
+ new tests for TemporaryPermissions
+
2014-06-12 Andrew Azores <aazores at redhat.com>
* netx/net/sourceforge/jnlp/security/policyeditor/PolicyEditor.java
diff -r 0d6f97d838b7 -r e5d8a62d2170 netx/net/sourceforge/jnlp/resources/Messages.properties
--- a/netx/net/sourceforge/jnlp/resources/Messages.properties Thu Jun 12 16:51:32 2014 -0400
+++ b/netx/net/sourceforge/jnlp/resources/Messages.properties Fri Jun 13 16:48:22 2014 -0400
@@ -305,20 +305,11 @@
STOAsignedMsgFully = The applet is fully signed
STOAsignedMsgAndSandbox = The applet is fully signed and sandboxed
STOAsignedMsgPartiall = The applet is not fully signed
-STempPermNoFile=No file access
-STempPermNoNetwork=No network access
-STempPermNoExec=No command execution
-STempNoFileOrNetwork=No file or network access
-STempNoExecOrNetwork=No command execution or network access
-STempNoFileOrExec=No file access or command execution
-STempNoFileOrNetworkOrExec=No file access, network access, or command execution
-STempAllMedia=All media
-STempSoundOnly=Play audio
-STempClipboardOnly=Access clipboard
-STempPrintOnly=Print documents
-STempAllFileAndPropertyAccess=All file and properties access
-STempReadLocalFilesAndProperties=Read-only local files and properties
-STempReflectionOnly=Java Reflection only
+STempNetwork=Allow incoming and outgoing network connections
+STempReadFilesAndProperties=Read-only access to all files and properties
+STempWriteFilesAndProperties=Write-only access to all files and properties
+STempReflectionAndExternal=Java Reflection and external code access
+STempAllMedia=All media (printing, audio, clipboard access)
# Security - used for the More Information dialog
SBadKeyUsage=Resources contain entries whose signer certificate's KeyUsage extension doesn't allow code signing.
diff -r 0d6f97d838b7 -r e5d8a62d2170 netx/net/sourceforge/jnlp/resources/Messages_cs.properties
--- a/netx/net/sourceforge/jnlp/resources/Messages_cs.properties Thu Jun 12 16:51:32 2014 -0400
+++ b/netx/net/sourceforge/jnlp/resources/Messages_cs.properties Fri Jun 13 16:48:22 2014 -0400
@@ -301,20 +301,6 @@
STOAsignedMsgFully= Aplet je kompletn\u011b podeps\u00e1n.
STOAsignedMsgAndSandbox= Aplet je kompletn\u011b podeps\u00e1n a b\u011b\u017e\u00ed v izolovan\u00e9m prostoru (sandbox).
STOAsignedMsgPartiall= Aplet nen\u00ed kompletn\u011b podeps\u00e1n.
-STempPermNoFile=Bez p\u0159\u00edstupu k soubor\u016fm
-STempPermNoNetwork=Bez p\u0159\u00edstupu k s\u00edti
-STempPermNoExec=Bez mo\u017enosti spou\u0161t\u011bt p\u0159\u00edkazy
-STempNoFileOrNetwork=Bez p\u0159\u00edstupu k soubor\u016fm a s\u00edti
-STempNoExecOrNetwork=Bez mo\u017enosti spou\u0161t\u011bt p\u0159\u00edkazy a bez p\u0159\u00edstupu k s\u00edti
-STempNoFileOrExec=Bez p\u0159\u00edstupu k soubor\u016fm a bez mo\u017enosti spou\u0161t\u011bt p\u0159\u00edkazy
-STempNoFileOrNetworkOrExec=Bez p\u0159\u00edstupu k soubor\u016fm a s\u00edti a bez mo\u017enosti spou\u0161t\u011bt p\u0159\u00edkazy
-STempAllMedia=V\u0161echna m\u00e9dia
-STempSoundOnly=P\u0159ehr\u00e1v\u00e1n\u00ed audia
-STempClipboardOnly=P\u0159\u00edstup do schr\u00e1nky
-STempPrintOnly=Tisknut\u00ed dokument\u016f
-STempAllFileAndPropertyAccess=P\u0159\u00edstup ke v\u0161em soubor\u016fm a vlastnostem.
-STempReadLocalFilesAndProperties=P\u0159\u00edstup k lok\u00e1ln\u00edm soubor\u016fm a vlastnostem v re\u017eimu pro \u010dten\u00ed
-STempReflectionOnly=Pouze rozhran\u00ed Java Reflection
# Security - used for the More Information dialog
SBadKeyUsage=Zdroj obsahuje polo\u017eky, u nich\u017e roz\u0161\u00ed\u0159en\u00ed pou\u017eit\u00ed kl\u00ed\u010de KeyUsage certifik\u00e1tu podepisovatele nedovoluje podeps\u00e1n\u00ed k\u00f3du.
diff -r 0d6f97d838b7 -r e5d8a62d2170 netx/net/sourceforge/jnlp/security/dialogs/TemporaryPermissions.java
--- a/netx/net/sourceforge/jnlp/security/dialogs/TemporaryPermissions.java Thu Jun 12 16:51:32 2014 -0400
+++ b/netx/net/sourceforge/jnlp/security/dialogs/TemporaryPermissions.java Fri Jun 13 16:48:22 2014 -0400
@@ -36,173 +36,83 @@
package net.sourceforge.jnlp.security.dialogs;
-import java.awt.AWTPermission;
-import java.io.FilePermission;
-import java.lang.reflect.ReflectPermission;
-import java.net.SocketPermission;
+import java.lang.reflect.Constructor;
+import java.lang.reflect.InvocationTargetException;
import java.security.Permission;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
-import java.util.PropertyPermission;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
-import javax.sound.sampled.AudioPermission;
-
-import static net.sourceforge.jnlp.security.policyeditor.PolicyEditorPermissions.*;
+import net.sourceforge.jnlp.security.policyeditor.PermissionActions;
+import net.sourceforge.jnlp.security.policyeditor.PolicyEditorPermissions;
+import net.sourceforge.jnlp.util.logging.OutputController;
public class TemporaryPermissions {
- // We can't use the PolicyEditorPermissions versions of these, because they rely on System Property expansion, which is perfomed
- // by the policy parser, but not by the Permissions constructors.
- private static final String USER_HOME = System.getProperty("user.home");
- private static final String TMPDIR = System.getProperty("java.io.tmpdir");
+ // Look for expandable properties in targets, eg ${user.home} or ${java.io.tmpdir}
+ private static final Pattern expandablePattern = Pattern.compile("\\$\\{([a-zA-Z0-9\\.}]+)*\\}");
- public static final FilePermission READ_LOCAL_FILES_PERMISSION = new FilePermission(USER_HOME, READ_LOCAL_FILES.getActions().rawString());
- public static final FilePermission WRITE_LOCAL_FILES_PERMISSION = new FilePermission(USER_HOME, WRITE_LOCAL_FILES.getActions().rawString());
- public static final FilePermission DELETE_LOCAL_FILES_PERMISSION = new FilePermission(USER_HOME, DELETE_LOCAL_FILES.getActions().rawString());
- public static final FilePermission READ_TMP_FILES_PERMISSION = new FilePermission(TMPDIR, READ_TMP_FILES.getActions().rawString());
- public static final FilePermission WRITE_TMP_FILES_PERMISSION = new FilePermission(TMPDIR, WRITE_TMP_FILES.getActions().rawString());
- public static final FilePermission DELETE_TMP_FILES_PERMISSION = new FilePermission(TMPDIR, DELETE_TMP_FILES.getActions().rawString());
- public static final FilePermission READ_SYSTEM_FILES_PERMISSION = new FilePermission(READ_SYSTEM_FILES.getTarget().target, READ_SYSTEM_FILES.getActions()
- .rawString());
- public static final FilePermission WRITE_SYSTEM_FILES_PERMISSION = new FilePermission(WRITE_SYSTEM_FILES.getTarget().target, WRITE_SYSTEM_FILES
- .getActions().rawString());
-
- public static final PropertyPermission READ_PROPERTIES_PERMISSION = new PropertyPermission(READ_PROPERTIES.getTarget().target, READ_PROPERTIES.getActions()
- .rawString());
- public static final PropertyPermission WRITE_PROPERTIES_PERMISSION = new PropertyPermission(WRITE_PROPERTIES.getTarget().target, WRITE_PROPERTIES
- .getActions().rawString());
-
- public static final FilePermission EXEC_PERMISSION = new FilePermission(EXEC_COMMANDS.getTarget().target, EXEC_COMMANDS.getActions().rawString());
- public static final RuntimePermission GETENV_PERMISSION = new RuntimePermission(GET_ENV.getTarget().target);
-
- public static final SocketPermission NETWORK_PERMISSION = new SocketPermission(NETWORK.getTarget().target, NETWORK.getActions().rawString());
-
- public static final ReflectPermission REFLECTION_PERMISSION = new ReflectPermission(JAVA_REFLECTION.getTarget().target);
- public static final RuntimePermission CLASSLOADER_PERMISSION = new RuntimePermission(GET_CLASSLOADER.getTarget().target);
- public static final RuntimePermission ACCESS_CLASS_IN_PACKAGE_PERMISSION = new RuntimePermission(ACCESS_CLASS_IN_PACKAGE.getTarget().target);
- public static final RuntimePermission ACCESS_DECLARED_MEMBERS_PERMISSION = new RuntimePermission(ACCESS_DECLARED_MEMBERS.getTarget().target);
- public static final RuntimePermission ACCESS_THREADS_PERMISSION = new RuntimePermission(ACCESS_THREADS.getTarget().target);
- public static final RuntimePermission ACCESS_THREADGROUPS_PERMISSION = new RuntimePermission(ACCESS_THREAD_GROUPS.getTarget().target);
-
- public static final AWTPermission AWT_PERMISSION = new AWTPermission(ALL_AWT.getTarget().target);
- public static final AudioPermission PLAY_AUDIO_PERMISSION = new AudioPermission(PLAY_AUDIO.getTarget().target);
- public static final AudioPermission RECORD_AUDIO_PERMISSION = new AudioPermission(RECORD_AUDIO.getTarget().target);
- public static final AWTPermission CLIPBOARD_PERMISSION = new AWTPermission(CLIPBOARD.getTarget().target);
- public static final RuntimePermission PRINT_PERMISSION = new RuntimePermission(PRINT.getTarget().target);
-
- public static final Collection<Permission> ALL_PERMISSIONS, FILE_PERMISSIONS, PROPERTY_PERMISSIONS, NETWORK_PERMISSIONS, EXEC_PERMISSIONS,
- REFLECTION_PERMISSIONS, MEDIA_PERMISSIONS;
- static {
- final Collection<Permission> all = new HashSet<>(), file = new HashSet<>(), property = new HashSet<>(),
- network = new HashSet<>(), exec = new HashSet<>(), reflection = new HashSet<>(), media = new HashSet<>();
-
- file.add(READ_LOCAL_FILES_PERMISSION);
- file.add(WRITE_LOCAL_FILES_PERMISSION);
- file.add(DELETE_LOCAL_FILES_PERMISSION);
- file.add(READ_TMP_FILES_PERMISSION);
- file.add(WRITE_TMP_FILES_PERMISSION);
- file.add(DELETE_TMP_FILES_PERMISSION);
- file.add(READ_SYSTEM_FILES_PERMISSION);
- file.add(WRITE_SYSTEM_FILES_PERMISSION);
- FILE_PERMISSIONS = Collections.unmodifiableCollection(file);
-
- property.add(READ_PROPERTIES_PERMISSION);
- property.add(WRITE_PROPERTIES_PERMISSION);
- PROPERTY_PERMISSIONS = Collections.unmodifiableCollection(property);
-
- exec.add(EXEC_PERMISSION);
- exec.add(GETENV_PERMISSION);
- EXEC_PERMISSIONS = Collections.unmodifiableCollection(exec);
-
- network.add(NETWORK_PERMISSION);
- NETWORK_PERMISSIONS = Collections.unmodifiableCollection(network);
-
- reflection.add(REFLECTION_PERMISSION);
- reflection.add(CLASSLOADER_PERMISSION);
- reflection.add(ACCESS_CLASS_IN_PACKAGE_PERMISSION);
- reflection.add(ACCESS_DECLARED_MEMBERS_PERMISSION);
- reflection.add(ACCESS_THREADS_PERMISSION);
- reflection.add(ACCESS_THREADGROUPS_PERMISSION);
- REFLECTION_PERMISSIONS = Collections.unmodifiableCollection(reflection);
-
- media.add(AWT_PERMISSION);
- media.add(PLAY_AUDIO_PERMISSION);
- media.add(RECORD_AUDIO_PERMISSION);
- media.add(CLIPBOARD_PERMISSION);
- media.add(PRINT_PERMISSION);
- MEDIA_PERMISSIONS = Collections.unmodifiableCollection(media);
-
- all.addAll(file);
- all.addAll(property);
- all.addAll(exec);
- all.addAll(network);
- all.addAll(reflection);
- all.addAll(media);
- ALL_PERMISSIONS = Collections.unmodifiableCollection(all);
+ public static Collection<Permission> getPermissions(final PolicyEditorPermissions... editorPermissions) {
+ return getPermissions(Arrays.asList(editorPermissions));
}
- private static final Collection<Permission> allMinus(final Collection<Permission> permissions) {
- return subtract(ALL_PERMISSIONS, permissions);
+ public static Collection<Permission> getPermissions(final Collection<PolicyEditorPermissions> editorPermissions) {
+ final Collection<Permission> col = new HashSet<Permission>();
+ for (final PolicyEditorPermissions editorPerm : editorPermissions) {
+ col.add(getPermission(editorPerm));
+ }
+ return Collections.unmodifiableCollection(col);
}
- private static Collection<Permission> sum(final Permission... permissions) {
- final Collection<Permission> result = new HashSet<>(Arrays.asList(permissions));
- return Collections.unmodifiableCollection(result);
+ public static Collection<Permission> getPermissions(final PolicyEditorPermissions.Group permissionsGroup) {
+ return getPermissions(permissionsGroup.getPermissions());
}
- private static Collection<Permission> sum(final Collection<Permission> a, final Collection<Permission> b) {
- final Collection<Permission> result = new HashSet<>();
- result.addAll(a);
- result.addAll(b);
- return Collections.unmodifiableCollection(result);
+ public static Permission getPermission(final PolicyEditorPermissions editorPermission) {
+ try {
+ final Class<?> clazz = Class.forName(editorPermission.getType().type);
+ final Constructor<?> ctor;
+ final Permission perm;
+ String target = editorPermission.getTarget().target;
+
+ Matcher m = expandablePattern.matcher(target);
+ while (m.find()) {
+ // Expand any matches by reading from System properties, eg ${java.io.tmpdir} is /tmp on most systems
+ target = m.replaceFirst(System.getProperty(m.group(1)));
+ m = expandablePattern.matcher(target);
+ }
+
+ if (editorPermission.getActions().equals(PermissionActions.NONE)) {
+ ctor = clazz.getDeclaredConstructor(new Class[] { String.class });
+ ctor.setAccessible(true);
+ perm = (Permission) ctor.newInstance(target);
+ } else {
+ ctor = clazz.getDeclaredConstructor(new Class[] { String.class, String.class });
+ ctor.setAccessible(true);
+ perm = (Permission) ctor.newInstance(target, collectionToString(editorPermission.getActions().getActions()));
+ }
+ return perm;
+ } catch (final ClassNotFoundException | SecurityException | NoSuchMethodException
+ | IllegalArgumentException | InstantiationException | IllegalAccessException | InvocationTargetException e) {
+ OutputController.getLogger().log(e);
+ return null;
+ }
}
- private static final Collection<Permission> subtract(final Collection<Permission> from, final Collection<Permission> remove) {
- final Collection<Permission> result = new HashSet<>(from);
- result.removeAll(remove);
- return Collections.unmodifiableCollection(result);
+ private static String collectionToString(final Collection<String> col) {
+ final StringBuilder sb = new StringBuilder();
+ int count = 0;
+ for (final String str : col) {
+ sb.append(str);
+ if (count < col.size() - 1) {
+ sb.append(",");
+ }
+ ++count;
+ }
+ return sb.toString();
}
- public static Collection<Permission> noFileAccess() {
- return allMinus(FILE_PERMISSIONS);
- }
-
- public static Collection<Permission> noNetworkAccess() {
- return allMinus(Arrays.asList(new Permission[] { NETWORK_PERMISSION }));
- }
-
- public static Collection<Permission> noFileOrNetworkAccess() {
- return subtract(allMinus(FILE_PERMISSIONS), NETWORK_PERMISSIONS);
- }
-
- public static Collection<Permission> allFileAccessAndProperties() {
- return sum(FILE_PERMISSIONS, PROPERTY_PERMISSIONS);
- }
-
- public static Collection<Permission> readLocalFilesAndProperties() {
- return sum(READ_LOCAL_FILES_PERMISSION, READ_PROPERTIES_PERMISSION);
- }
-
- public static Collection<Permission> reflectionOnly() {
- return REFLECTION_PERMISSIONS;
- }
-
- public static Collection<Permission> allMedia() {
- return MEDIA_PERMISSIONS;
- }
-
- public static Collection<Permission> audioOnly() {
- return sum(PLAY_AUDIO_PERMISSION, RECORD_AUDIO_PERMISSION);
- }
-
- public static Collection<Permission> clipboardOnly() {
- return sum(CLIPBOARD_PERMISSION);
- }
-
- public static Collection<Permission> printOnly() {
- return sum(PRINT_PERMISSION);
- }
-
-}
+}
\ No newline at end of file
diff -r 0d6f97d838b7 -r e5d8a62d2170 netx/net/sourceforge/jnlp/security/dialogs/TemporaryPermissionsButton.java
--- a/netx/net/sourceforge/jnlp/security/dialogs/TemporaryPermissionsButton.java Thu Jun 12 16:51:32 2014 -0400
+++ b/netx/net/sourceforge/jnlp/security/dialogs/TemporaryPermissionsButton.java Fri Jun 13 16:48:22 2014 -0400
@@ -63,6 +63,7 @@
import net.sourceforge.jnlp.runtime.JNLPRuntime;
import net.sourceforge.jnlp.security.policyeditor.PolicyEditor;
import net.sourceforge.jnlp.security.policyeditor.PolicyEditor.PolicyEditorWindow;
+import net.sourceforge.jnlp.security.policyeditor.PolicyEditorPermissions;
public class TemporaryPermissionsButton extends JButton {
@@ -101,51 +102,26 @@
policyMenu.addSeparator();
+ final JCheckBoxMenuItem networkAccess = new JCheckBoxMenuItem(R("STempNetwork"));
+ networkAccess.addActionListener(new TemporaryPermissionsListener(TemporaryPermissions.getPermissions(PolicyEditorPermissions.NETWORK)));
+ policyMenu.add(networkAccess);
- final JCheckBoxMenuItem noFileAccess = new JCheckBoxMenuItem(R("STempPermNoFile"));
- noFileAccess.addActionListener(new TemporaryPermissionsListener(TemporaryPermissions.noFileAccess()));
- policyMenu.add(noFileAccess);
-
- final JCheckBoxMenuItem noNetworkAccess = new JCheckBoxMenuItem(R("STempPermNoNetwork"));
- noNetworkAccess.addActionListener(new TemporaryPermissionsListener(TemporaryPermissions.noNetworkAccess()));
- policyMenu.add(noNetworkAccess);
-
- final JCheckBoxMenuItem noFileOrNetwork = new JCheckBoxMenuItem(R("STempNoFileOrNetwork"));
- noFileOrNetwork.addActionListener(new TemporaryPermissionsListener(TemporaryPermissions.noFileOrNetworkAccess()));
- policyMenu.add(noFileOrNetwork);
-
- policyMenu.addSeparator();
-
- final JCheckBoxMenuItem allFileAccessOnly = new JCheckBoxMenuItem(R("STempAllFileAndPropertyAccess"));
- allFileAccessOnly.addActionListener(new TemporaryPermissionsListener(TemporaryPermissions.allFileAccessAndProperties()));
- policyMenu.add(allFileAccessOnly);
-
- final JCheckBoxMenuItem readLocalFilesAndProperties = new JCheckBoxMenuItem(R("STempReadLocalFilesAndProperties"));
- readLocalFilesAndProperties.addActionListener(new TemporaryPermissionsListener(TemporaryPermissions.readLocalFilesAndProperties()));
+ final JCheckBoxMenuItem readLocalFilesAndProperties = new JCheckBoxMenuItem(R("STempReadFilesAndProperties"));
+ readLocalFilesAndProperties.addActionListener(new TemporaryPermissionsListener(TemporaryPermissions.getPermissions(PolicyEditorPermissions.Group.ReadFileSystem)));
policyMenu.add(readLocalFilesAndProperties);
- final JCheckBoxMenuItem reflectionOnly = new JCheckBoxMenuItem(R("STempReflectionOnly"));
- reflectionOnly.addActionListener(new TemporaryPermissionsListener(TemporaryPermissions.reflectionOnly()));
+ final JCheckBoxMenuItem writeLocalFilesAndProperties = new JCheckBoxMenuItem(R("STempWriteFilesAndProperties"));
+ writeLocalFilesAndProperties.addActionListener(new TemporaryPermissionsListener(TemporaryPermissions.getPermissions(PolicyEditorPermissions.Group.WriteFileSystem)));
+ policyMenu.add(writeLocalFilesAndProperties);
+
+ final JCheckBoxMenuItem reflectionOnly = new JCheckBoxMenuItem(R("STempReflectionAndExternal"));
+ reflectionOnly.addActionListener(new TemporaryPermissionsListener(TemporaryPermissions.getPermissions(PolicyEditorPermissions.Group.AccessUnownedCode)));
policyMenu.add(reflectionOnly);
- policyMenu.addSeparator();
-
final JCheckBoxMenuItem allMedia = new JCheckBoxMenuItem(R("STempAllMedia"));
- allMedia.addActionListener(new TemporaryPermissionsListener(TemporaryPermissions.allMedia()));
+ allMedia.addActionListener(new TemporaryPermissionsListener(TemporaryPermissions.getPermissions(PolicyEditorPermissions.Group.MediaAccess)));
policyMenu.add(allMedia);
- final JCheckBoxMenuItem soundOnly = new JCheckBoxMenuItem(R("STempSoundOnly"));
- soundOnly.addActionListener(new TemporaryPermissionsListener(TemporaryPermissions.audioOnly()));
- policyMenu.add(soundOnly);
-
- final JCheckBoxMenuItem clipboardOnly = new JCheckBoxMenuItem(R("STempClipboardOnly"));
- clipboardOnly.addActionListener(new TemporaryPermissionsListener(TemporaryPermissions.clipboardOnly()));
- policyMenu.add(clipboardOnly);
-
- final JCheckBoxMenuItem printOnly = new JCheckBoxMenuItem(R("STempPrintOnly"));
- printOnly.addActionListener(new TemporaryPermissionsListener(TemporaryPermissions.printOnly()));
- policyMenu.add(printOnly);
-
return policyMenu;
}
diff -r 0d6f97d838b7 -r e5d8a62d2170 tests/netx/unit/net/sourceforge/jnlp/security/dialogs/TemporaryPermissionsTest.java
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/netx/unit/net/sourceforge/jnlp/security/dialogs/TemporaryPermissionsTest.java Fri Jun 13 16:48:22 2014 -0400
@@ -0,0 +1,104 @@
+/*Copyright (C) 2014 Red Hat, Inc.
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License as published by
+the Free Software Foundation, version 2.
+
+IcedTea is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING. If not, write to
+the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version.
+ */
+
+package net.sourceforge.jnlp.security.dialogs;
+
+import static org.junit.Assert.assertEquals;
+
+import java.awt.AWTPermission;
+import java.io.FilePermission;
+import java.security.Permission;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.sound.sampled.AudioPermission;
+
+import net.sourceforge.jnlp.security.policyeditor.PolicyEditorPermissions;
+
+import org.junit.Test;
+
+public class TemporaryPermissionsTest {
+
+ @Test
+ public void testGetPermission() throws Exception {
+ final Permission expected = new FilePermission(System.getProperty("java.io.tmpdir"), "read");
+ final Permission generated = TemporaryPermissions.getPermission(PolicyEditorPermissions.READ_TMP_FILES);
+ assertEquals(expected, generated);
+ }
+
+ @Test
+ public void testGetPermissionsVarargs() throws Exception {
+ final Permission readTmpPermission = new FilePermission(System.getProperty("java.io.tmpdir"), "read");
+ final Permission writeTmpPermission = new FilePermission(System.getProperty("java.io.tmpdir"), "write");
+ final Set<Permission> expected = new HashSet<>(Arrays.asList(readTmpPermission, writeTmpPermission));
+ final Set<Permission> generated = new HashSet<>(TemporaryPermissions.getPermissions(PolicyEditorPermissions.READ_TMP_FILES, PolicyEditorPermissions.WRITE_TMP_FILES));
+ assertEquals(expected, generated);
+ }
+
+ @Test
+ public void testGetPermissionsVarargsArray() throws Exception {
+ final Permission readTmpPermission = new FilePermission(System.getProperty("java.io.tmpdir"), "read");
+ final Permission writeTmpPermission = new FilePermission(System.getProperty("java.io.tmpdir"), "write");
+ final Set<Permission> expected = new HashSet<>(Arrays.asList(readTmpPermission, writeTmpPermission));
+ final PolicyEditorPermissions[] arr = new PolicyEditorPermissions[] { PolicyEditorPermissions.READ_TMP_FILES, PolicyEditorPermissions.WRITE_TMP_FILES };
+ final Set<Permission> generated = new HashSet<>(TemporaryPermissions.getPermissions(arr));
+ assertEquals(expected, generated);
+ }
+
+ @Test
+ public void testGetPermissionsCollection() throws Exception {
+ final Permission readTmpPermission = new FilePermission(System.getProperty("java.io.tmpdir"), "read");
+ final Permission writeTmpPermission = new FilePermission(System.getProperty("java.io.tmpdir"), "write");
+ final Set<Permission> expected = new HashSet<>(Arrays.asList(readTmpPermission, writeTmpPermission));
+ final Collection<PolicyEditorPermissions> coll = Arrays.asList(PolicyEditorPermissions.READ_TMP_FILES, PolicyEditorPermissions.WRITE_TMP_FILES);
+ final Set<Permission> generated = new HashSet<>(TemporaryPermissions.getPermissions(coll));
+ assertEquals(expected, generated);
+ }
+
+ @Test
+ public void testGetPermissionsGroup() throws Exception {
+ final Permission playAudio = new AudioPermission("play");
+ final Permission recordAudio = new AudioPermission("record");
+ final Permission print = new RuntimePermission("queuePrintJob");
+ final Permission clipboard = new AWTPermission("accessClipboard");
More information about the distro-pkg-dev
mailing list