/hg/icedtea-web: Added many new permissions for PolicyEditor
aazores at icedtea.classpath.org
aazores at icedtea.classpath.org
Wed Mar 26 14:45:54 UTC 2014
changeset 689447c4d6bd in /hg/icedtea-web
details: http://icedtea.classpath.org/hg/icedtea-web?cmd=changeset;node=689447c4d6bd
author: Andrew Azores <aazores at redhat.com>
date: Wed Mar 26 10:45:46 2014 -0400
Added many new permissions for PolicyEditor
* netx/net/sourceforge/jnlp/resources/Messages.properties: (PEWriteProps,
PEWritePropsDetail, PEWriteSystemFiles, PEWriteSystemFilesDetail,
PEAWTPermission, PEAWTPermissionDetail, PERecordAudio,
PERecordAudioDetail, PEReflection, PEReflectionDetail, PEClassLoader,
PEClassLoaderDetail, PEClassInPackage, PEClassInPackageDetail,
PEDeclaredMembers, PEDeclaredMembersDetail, PEExec, PEExecDetail,
PEGetEnv, PEGetEnvDetail): new messages. (PEAudio, PEAudioDetail) renamed
to PEPlayAudio{,Detail}.
* netx/net/sourceforge/jnlp/security/policyeditor/PermissionActions.java:
(EXECUTE) new action
* netx/net/sourceforge/jnlp/security/policyeditor/PermissionTarget.java:
(ALL_FILES, RECORD, REFLECT, GETENV, ACCESS_CLASS_IN_PACKAGE,
DECLARED_MEMBERS, CLASSLOADER) new targets
* netx/net/sourceforge/jnlp/security/policyeditor/PermissionType.java:
(REFLECT_PERMISSION) new type
* netx/net/sourceforge/jnlp/security/policyeditor/PolicyEditorPermissions.java:
(WRITE_PROPERTIES, WRITE_SYSTEM_FILES, JAVA_REFLECTION, GET_CLASSLOADER,
ACCESS_CLASS_IN_PACKAGE, ACCESS_DECLARED_MEMBERS, EXEC_COMMANDS, GET_ENV,
ALL_AWT, RECORD_AUDIO) new permissions. (AUDIO) renamed PLAY_AUDIO.
diffstat:
ChangeLog | 23 +++++
netx/net/sourceforge/jnlp/resources/Messages.properties | 24 +++++-
netx/net/sourceforge/jnlp/security/policyeditor/PermissionActions.java | 1 +
netx/net/sourceforge/jnlp/security/policyeditor/PermissionTarget.java | 11 ++-
netx/net/sourceforge/jnlp/security/policyeditor/PermissionType.java | 3 +-
netx/net/sourceforge/jnlp/security/policyeditor/PolicyEditorPermissions.java | 44 ++++++++-
6 files changed, 94 insertions(+), 12 deletions(-)
diffs (197 lines):
diff -r d0069afaeaff -r 689447c4d6bd ChangeLog
--- a/ChangeLog Mon Mar 24 14:16:20 2014 -0400
+++ b/ChangeLog Wed Mar 26 10:45:46 2014 -0400
@@ -1,3 +1,26 @@
+2014-03-26 Andrew Azores <aazores at redhat.com>
+
+ Added many new permissions for PolicyEditor
+ * netx/net/sourceforge/jnlp/resources/Messages.properties: (PEWriteProps,
+ PEWritePropsDetail, PEWriteSystemFiles, PEWriteSystemFilesDetail,
+ PEAWTPermission, PEAWTPermissionDetail, PERecordAudio,
+ PERecordAudioDetail, PEReflection, PEReflectionDetail, PEClassLoader,
+ PEClassLoaderDetail, PEClassInPackage, PEClassInPackageDetail,
+ PEDeclaredMembers, PEDeclaredMembersDetail, PEExec, PEExecDetail,
+ PEGetEnv, PEGetEnvDetail): new messages. (PEAudio, PEAudioDetail) renamed
+ to PEPlayAudio{,Detail}.
+ * netx/net/sourceforge/jnlp/security/policyeditor/PermissionActions.java:
+ (EXECUTE) new action
+ * netx/net/sourceforge/jnlp/security/policyeditor/PermissionTarget.java:
+ (ALL_FILES, RECORD, REFLECT, GETENV, ACCESS_CLASS_IN_PACKAGE,
+ DECLARED_MEMBERS, CLASSLOADER) new targets
+ * netx/net/sourceforge/jnlp/security/policyeditor/PermissionType.java:
+ (REFLECT_PERMISSION) new type
+ * netx/net/sourceforge/jnlp/security/policyeditor/PolicyEditorPermissions.java:
+ (WRITE_PROPERTIES, WRITE_SYSTEM_FILES, JAVA_REFLECTION, GET_CLASSLOADER,
+ ACCESS_CLASS_IN_PACKAGE, ACCESS_DECLARED_MEMBERS, EXEC_COMMANDS, GET_ENV,
+ ALL_AWT, RECORD_AUDIO) new permissions. (AUDIO) renamed PLAY_AUDIO.
+
2014-03-24 Andrew Azores <aazores at redhat.com>
* netx/net/sourceforge/jnlp/runtime/ManifestsAttributesValidator.java:
diff -r d0069afaeaff -r 689447c4d6bd netx/net/sourceforge/jnlp/resources/Messages.properties
--- a/netx/net/sourceforge/jnlp/resources/Messages.properties Mon Mar 24 14:16:20 2014 -0400
+++ b/netx/net/sourceforge/jnlp/resources/Messages.properties Wed Mar 26 10:45:46 2014 -0400
@@ -492,24 +492,44 @@
PETitle=Policy Editor
PEReadProps=Read system properties
PEReadPropsDetail=Allow applets to read system properties such as your username and home directory location
+PEWriteProps=Write system properties
+PEWritePropsDetail=Allow applets to (over)write system properties
PEReadFiles=Read from local files
PEReadFilesDetail=Allow applets to read from files in your home directory
PEWriteFiles=Write to local files
PEWriteFilesDetail=Allow applets to write to files in your home directory
PEReadSystemFiles=Read all system files
PEReadSystemFilesDetail=Allow applets read-only access to all locations on your computer
+PEWriteSystemFiles=Write all system files
+PEWriteSystemFilesDetail=Allow applets write-only access to all locations on your computer
PEReadTempFiles=Read from temp files
PEReadTempFilesDetail=Allow applets to read from your temporary files directory
PEWriteTempFiles=Write to temp files
PEWriteTempFilesDetail=Allow applets to write to your temporary files directory
+PEAWTPermission=Window System Access
+PEAWTPermissionDetail=Allow applets all AWT windowing system access
PEClipboard=Access clipboard
PEClipboardDetail=Allow applets to read from and write to your clipboard
PENetwork=Access the network
PENetworkDetail=Allow applets to establish any network connections
PEPrint=Print documents
PEPrintDetail=Allow applets to queue print jobs
-PEAudio=Play sounds
-PEAudioDetail=Allow applets to play sounds, but not record
+PEPlayAudio=Play sounds
+PEPlayAudioDetail=Allow applets to play sounds, but not record
+PERecordAudio=Record audio
+PERecordAudioDetail=Allow applets to record audio, but not play back
+PEReflection=Java reflection
+PEReflectionDetail=Allow applets to access the Java Reflection API
+PEClassLoader=Get ClassLoader
+PEClassLoaderDetail=Allow applets to access the system classloader (often used with Reflection)
+PEClassInPackage=Access other packages
+PEClassInPackageDetail=Allow applets to access classes from other applet packages (often used with Reflection)
+PEDeclaredMembers=Access private class data
+PEDeclaredMembersDetail=Allow applets to access normally hidden data from other Java classes (often used with Reflection)
+PEExec=Execute commands
+PEExecDetail=Allow applets to execute system commands
+PEGetEnv=Get environment variables
+PEGetEnvDetail=Allow applets to read system environment variables
PECouldNotOpen=Unable to open policy file
PECouldNotSave=Unable to save policy file
PEAddCodebase=Add new Codebase
diff -r d0069afaeaff -r 689447c4d6bd netx/net/sourceforge/jnlp/security/policyeditor/PermissionActions.java
--- a/netx/net/sourceforge/jnlp/security/policyeditor/PermissionActions.java Mon Mar 24 14:16:20 2014 -0400
+++ b/netx/net/sourceforge/jnlp/security/policyeditor/PermissionActions.java Wed Mar 26 10:45:46 2014 -0400
@@ -49,6 +49,7 @@
NONE(""),
READ("read"),
WRITE("write"),
+ EXECUTE("execute"),
ACCEPT("accept"),
LISTEN("listen"),
CONNECT("connect"),
diff -r d0069afaeaff -r 689447c4d6bd netx/net/sourceforge/jnlp/security/policyeditor/PermissionTarget.java
--- a/netx/net/sourceforge/jnlp/security/policyeditor/PermissionTarget.java Mon Mar 24 14:16:20 2014 -0400
+++ b/netx/net/sourceforge/jnlp/security/policyeditor/PermissionTarget.java Wed Mar 26 10:45:46 2014 -0400
@@ -41,13 +41,20 @@
*/
public enum PermissionTarget {
- NONE(""),
+ NONE(""),
ALL("*"),
+ ALL_FILES("<<ALL FILES>>"),
USER_HOME("${user.home}${/}*"),
TMPDIR("${java.io.tmpdir}${/}*"),
CLIPBOARD("accessClipboard"),
PRINT("queuePrintJob"),
- PLAY("play");
+ PLAY("play"),
+ RECORD("record"),
+ REFLECT("suppressAccessChecks"),
+ GETENV("getenv.*"),
+ ACCESS_CLASS_IN_PACKAGE("accessClassInPackage.*"),
+ DECLARED_MEMBERS("accessDeclaredMembers"),
+ CLASSLOADER("getClassLoader");
public final String target;
diff -r d0069afaeaff -r 689447c4d6bd netx/net/sourceforge/jnlp/security/policyeditor/PermissionType.java
--- a/netx/net/sourceforge/jnlp/security/policyeditor/PermissionType.java Mon Mar 24 14:16:20 2014 -0400
+++ b/netx/net/sourceforge/jnlp/security/policyeditor/PermissionType.java Wed Mar 26 10:45:46 2014 -0400
@@ -47,7 +47,8 @@
AWT_PERMISSION("java.awt.AWTPermission"),
SOCKET_PERMISSION("java.net.SocketPermission"),
RUNTIME_PERMISSION("java.lang.RuntimePermission"),
- AUDIO_PERMISSION("javax.sound.sampled.AudioPermission");
+ AUDIO_PERMISSION("javax.sound.sampled.AudioPermission"),
+ REFLECT_PERMISSION("java.lang.reflect.ReflectPermission");
public final String type;
diff -r d0069afaeaff -r 689447c4d6bd netx/net/sourceforge/jnlp/security/policyeditor/PolicyEditorPermissions.java
--- a/netx/net/sourceforge/jnlp/security/policyeditor/PolicyEditorPermissions.java Mon Mar 24 14:16:20 2014 -0400
+++ b/netx/net/sourceforge/jnlp/security/policyeditor/PolicyEditorPermissions.java Wed Mar 26 10:45:46 2014 -0400
@@ -56,8 +56,14 @@
READ_PROPERTIES(R("PEReadProps"), R("PEReadPropsDetail"),
PermissionType.PROPERTY_PERMISSION, PermissionTarget.ALL, PermissionActions.READ),
+ WRITE_PROPERTIES(R("PEWriteProps"), R("PEWritePropsDetail"),
+ PermissionType.PROPERTY_PERMISSION, PermissionTarget.ALL, PermissionActions.WRITE),
+
READ_SYSTEM_FILES(R("PEReadSystemFiles"), R("PEReadSystemFilesDetail"),
- PermissionType.FILE_PERMISSION, PermissionTarget.ALL, PermissionActions.READ),
+ PermissionType.FILE_PERMISSION, PermissionTarget.ALL_FILES, PermissionActions.READ),
+
+ WRITE_SYSTEM_FILES(R("PEWriteSystemFiles"), R("PEWriteSystemFilesDetail"),
+ PermissionType.FILE_PERMISSION, PermissionTarget.ALL_FILES, PermissionActions.WRITE),
READ_TMP_FILES(R("PEReadTempFiles"), R("PEReadTempFilesDetail"),
PermissionType.FILE_PERMISSION, PermissionTarget.TMPDIR, PermissionActions.READ),
@@ -65,17 +71,41 @@
WRITE_TMP_FILES(R("PEWriteTempFiles"), R("PEWriteTempFilesDetail"),
PermissionType.FILE_PERMISSION, PermissionTarget.TMPDIR, PermissionActions.WRITE),
- CLIPBOARD(R("PEClipboard"), R("PEClipboardDetail"),
- PermissionType.AWT_PERMISSION, PermissionTarget.CLIPBOARD, PermissionActions.NONE),
+ JAVA_REFLECTION(R("PEReflection"), R("PEReflectionDetail"),
+ PermissionType.REFLECT_PERMISSION, PermissionTarget.REFLECT, PermissionActions.NONE),
+
+ GET_CLASSLOADER(R("PEClassLoader"), R("PEClassLoaderDetail"),
+ PermissionType.RUNTIME_PERMISSION, PermissionTarget.CLASSLOADER, PermissionActions.NONE),
+
+ ACCESS_CLASS_IN_PACKAGE(R("PEClassInPackage"), R("PEClassInPackageDetail"),
+ PermissionType.RUNTIME_PERMISSION, PermissionTarget.ACCESS_CLASS_IN_PACKAGE, PermissionActions.NONE),
+
+ ACCESS_DECLARED_MEMBERS(R("PEDeclaredMembers"), R("PEDeclaredMembersDetail"),
+ PermissionType.RUNTIME_PERMISSION, PermissionTarget.DECLARED_MEMBERS, PermissionActions.NONE),
NETWORK(R("PENetwork"), R("PENetworkDetail"),
PermissionType.SOCKET_PERMISSION, PermissionTarget.ALL, PermissionActions.NETALL),
+ EXEC_COMMANDS(R("PEExec"), R("PEExecDetail"),
+ PermissionType.FILE_PERMISSION, PermissionTarget.ALL_FILES, PermissionActions.EXECUTE),
+
+ GET_ENV(R("PEGetEnv"), R("PEGetEnvDetail"),
+ PermissionType.RUNTIME_PERMISSION, PermissionTarget.GETENV, PermissionActions.NONE),
+
+ ALL_AWT(R("PEAWTPermission"), R("PEAWTPermissionDetail"),
+ PermissionType.AWT_PERMISSION, PermissionTarget.ALL, PermissionActions.NONE),
+
+ CLIPBOARD(R("PEClipboard"), R("PEClipboardDetail"),
+ PermissionType.AWT_PERMISSION, PermissionTarget.CLIPBOARD, PermissionActions.NONE),
+
+ PLAY_AUDIO(R("PEPlayAudio"), R("PEPlayAudioDetail"),
+ PermissionType.AUDIO_PERMISSION, PermissionTarget.PLAY, PermissionActions.NONE),
+
+ RECORD_AUDIO(R("PERecordAudio"), R("PERecordAudioDetail"),
+ PermissionType.AUDIO_PERMISSION, PermissionTarget.RECORD, PermissionActions.NONE),
+
PRINT(R("PEPrint"), R("PEPrintDetail"),
- PermissionType.RUNTIME_PERMISSION, PermissionTarget.PRINT, PermissionActions.NONE),
-
- AUDIO(R("PEAudio"), R("PEAudioDetail"),
- PermissionType.AUDIO_PERMISSION, PermissionTarget.PLAY, PermissionActions.NONE);
+ PermissionType.RUNTIME_PERMISSION, PermissionTarget.PRINT, PermissionActions.NONE);
private final String name, description;
private final PermissionType type;
More information about the distro-pkg-dev
mailing list