[icedtea-web] URLPermission in Java 8
Omair Majid
omajid at redhat.com
Wed Jun 18 17:23:32 UTC 2014
* Andrew Azores <aazores at redhat.com> [2014-06-18 13:07]:
> On 06/18/2014 12:59 PM, Omair Majid wrote:
> >* Andrew Azores <aazores at redhat.com> [2014-06-18 12:55]:
> >>Do we really want to exclude this permission from the reported set of
> >>permissions in the applet's SecurityDesc?
> >
> >I am not sure what you mean by 'reported set'.
>
> The result of SecurityDesc#getSandboxPermissions. If we add the
> URLPermission once, in the ClassLoader, then calling
> SecurityDesc#getSandboxPermissions will return a result that does not
> actually match the conceptual sandbox permissions set.
Yes.
The question is, what needs it? Can we split getSandboxPermissions into
getStaticSandboxPermissions and getDynamicSandboxPermissions, for
example? Where the classloader would use just the static variant of the
method.
> >If you mean keeping this permission separate from others, then
> >Code-wise, it's not ideal. But this might be better for performance if
> >we stop icedtea-web from re-computing the same permissions multiple
> >times and only apply the static permissions once, at class creation
> >time.
>
> We can also stop from having to perform a class lookup and stop from having
> to do any real computing by simply storing a reference to the URLPermission
> class and constructor, if they exist, when the SecurityDesc is created. Then
> the reflection cost is only paid once, too, but the permission lives in IMO
> the correct location and can also be included in the result of
> #getSandboxPermissions.
Sure, that's an option.
Thanks,
Omair
--
PGP Key: 66484681 (http://pgp.mit.edu/)
Fingerprint = F072 555B 0A17 3957 4E95 0056 F286 F14F 6648 4681
More information about the distro-pkg-dev
mailing list