[rfc][icedtea-web] Fix support for signed applets with sandbox permissions in manifest
Andrew Azores
aazores at redhat.com
Thu Jun 19 14:38:55 UTC 2014
On 06/19/2014 10:23 AM, Jiri Vanek wrote:
> On 06/19/2014 04:11 PM, Andrew Azores wrote:
>> On 06/18/2014 01:44 PM, Andrew Azores wrote:
>>> On 06/18/2014 12:01 PM, Jiri Vanek wrote:
>>>> On 05/27/2014 06:23 PM, Andrew Azores wrote:
>>>>> Hi,
>>>>>
>>>>> This patch allows signed applets with sandbox permissions
>>>>> specified in
>>>>> their manifests to actually
>>>>
>>>>
>>>> How it is dealing with mixed (signed + unsigned code) apps?
>>>
>>> I don't have any examples of mixed signing apps with a Permissions
>>> manifest attribute, but a
>>> reproducer could be prepared for this case.
>>>
>>
>> Quick progress update: I'm working with Lukasz on creating this
>> reproducer, since it's a good
>> example of a fairly complicated reproducer test. Once that's ready
>> then it can go into a changeset
>> along with the already provided test. This will cover fully signed
>> and partially signed applets,
>> both with Permissions: sandbox in the manifest.
>>
>> Which other possible combinations of Signing x Manifest x Plugin/JNLP
>> are worthy of testing? Plugin
>> vs JNLP does have a distinction in the Permissions attribute spec, so
>> that should probably be
>> tested. Signing of course needs to be done, but fully vs partially is
>> probably sufficient, since
>> unsigned applets are only allowed to be sandboxed anyway. Do we also
>> want to have tests for
>> Permissions: all-permission in the manifest? And the case of no
>> manifest permissions attribute at
>> all is pretty well covered already by a lot of other reproducers (eg
>> MixedSigningApplet and
>> CustomPoliciesTest) IMO.
>>
>
> There can be nitpicks like jnlp app diverged to be lunched as
> applet/app and also html applet which can be lunched via jnlp href.
>
> It is another x 3 :(
>> So {Fully Signed, Partially Signed} x {Permissions: sandbox,
>> Permissions: all-permission} X {Plugin,
>> JNLP} ?
>
> Well this is really a lot of work. On one side I would be happy to
> have them all, on second, I would call it to much work (but may be
> good practice for Lukas ;) ).
>
> Please dont forget to closing listeners otherwise the testsuite will
> run another 10minutes longer;)
>
> Well all 12 reproducers (+ 6*4 for applets)is ideal world. If you
> will have them all it really will be nice, but do not waste more time
> then is necessary.
>
> Ty!
>
>
> J.
Yes, that is definitely a lot of work. It is an important region to have
rigorous testing for though.
>
>
> hmm Jsut crossed my mind - Most of the reproducers have no manifest at
> all. (So issiing permissions attribute). The "daily" report runs with
> the manifest check off. And on low security. I'm guessing it will not
> be affected by your chnageser (I'm pretty sure, but confirming)
>
>
> J.
>
Yea, that's a big concern. Disabling the manifest checks means that none
of the reproducer tests will ever be auto-sandboxed, regardless of
what's in the manifest, so all the tests are invalidated :(
Thanks,
--
Andrew A
More information about the distro-pkg-dev
mailing list