/hg/icedtea-web: Applets can be granted temporary permissions fr...
aazores at icedtea.classpath.org
aazores at icedtea.classpath.org
Thu Mar 27 15:08:35 UTC 2014
changeset ede0279b5c53 in /hg/icedtea-web
details: http://icedtea.classpath.org/hg/icedtea-web?cmd=changeset;node=ede0279b5c53
author: Andrew Azores <aazores at redhat.com>
date: Thu Mar 27 11:08:09 2014 -0400
Applets can be granted temporary permissions from security dialogs
Applets can be temporarily granted permission levels above fully sandboxed
but below all-permission
* netx/net/sourceforge/jnlp/resources/Messages.properties:
(STempPermNoFile, STempPermNoNetwork, STempPermNoExec,
STempPermNoFileOrNetwork, STempPermNoExecOrNetwork, STempPermNoFileOrExec,
STempPermNoFileOrNetworkOrExec, STempAllMedia, STempSoundOnly,
STempClipboardOnly, STempPrintOnly, STempAllFileAndPropertyAccess,
STempReadLocalFilesAndProperties, STempReflectionOnly): new messages
* netx/net/sourceforge/jnlp/security/SecurityDialog.java: (installPanel)
pass SecurityDelegate to partially signed dialog
* netx/net/sourceforge/jnlp/security/SecurityDialogs.java:
(showPartiallySignedWarningDialog) added SecutityDelegate param for
message extras
* netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletTrustConfirmation.java:
(checkPartiallySignedWithUserIfRequired) added SecurityDelegate param
* netx/net/sourceforge/jnlp/security/dialogs/CertWarningPane.java:
(createPolicyPermissionsMenu, PolicyEditorLaunchListener,
PolicyEditorPopupListener) removed in favour of TemporaryPermissionsButton
* netx/net/sourceforge/jnlp/security/dialogs/apptrustwarningpanel/PartiallySignedAppTrustWarningPanel.java:
same
* netx/net/sourceforge/jnlp/security/dialogs/apptrustwarningpanel/AppTrustWarningDialog.java:
(partiallySigned) SecurityDelegate param
* netx/net/sourceforge/jnlp/security/policyeditor/PermissionActions.java:
(DELETE, READLINK, FILE_ALL) new actions. (rawActions, rawString) can
retrieve raw String representation of the action
* netx/net/sourceforge/jnlp/security/policyeditor/PermissionTarget.java:
(USER_HOME, TMPDIR) grant permissions to entire directory, not only
children
* netx/net/sourceforge/jnlp/security/policyeditor/PolicyEditorPermissions.java:
(DELETE_LOCAL_FILES, DELETE_TMP_FILES) new permissions.
(Group.WriteFileSystem) added DELETE* permissions
* nests/netx/unit/net/sourceforge/jnlp/security/policyeditor/PolicyEditorParsingTest.java:
update for change in PermissionTarget
* netx/net/sourceforge/jnlp/security/dialogs/TemporaryPermissions.java:
new class
* netx/net/sourceforge/jnlp/security/dialogs/TemporaryPermissionsButton.java:
new class
diffstat:
ChangeLog | 40 +
netx/net/sourceforge/jnlp/resources/Messages.properties | 18 +
netx/net/sourceforge/jnlp/security/SecurityDialog.java | 2 +-
netx/net/sourceforge/jnlp/security/SecurityDialogs.java | 4 +-
netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletTrustConfirmation.java | 2 +-
netx/net/sourceforge/jnlp/security/dialogs/CertWarningPane.java | 74 +---
netx/net/sourceforge/jnlp/security/dialogs/TemporaryPermissions.java | 204 ++++++++++
netx/net/sourceforge/jnlp/security/dialogs/TemporaryPermissionsButton.java | 191 +++++++++
netx/net/sourceforge/jnlp/security/dialogs/apptrustwarningpanel/AppTrustWarningDialog.java | 7 +-
netx/net/sourceforge/jnlp/security/dialogs/apptrustwarningpanel/PartiallySignedAppTrustWarningPanel.java | 123 ++----
netx/net/sourceforge/jnlp/security/policyeditor/PermissionActions.java | 9 +
netx/net/sourceforge/jnlp/security/policyeditor/PermissionTarget.java | 4 +-
netx/net/sourceforge/jnlp/security/policyeditor/PolicyEditorPermissions.java | 24 +-
tests/netx/unit/net/sourceforge/jnlp/security/policyeditor/PolicyEditorParsingTest.java | 4 +-
14 files changed, 530 insertions(+), 176 deletions(-)
diffs (truncated from 1021 to 500 lines):
diff -r b4631fce293a -r ede0279b5c53 ChangeLog
--- a/ChangeLog Thu Mar 27 14:08:54 2014 +0100
+++ b/ChangeLog Thu Mar 27 11:08:09 2014 -0400
@@ -1,3 +1,43 @@
+2014-03-27 Andrew Azores <aazores at redhat.com>
+
+ Applets can be temporarily granted permission levels above fully sandboxed
+ but below all-permission
+ * netx/net/sourceforge/jnlp/resources/Messages.properties:
+ (STempPermNoFile, STempPermNoNetwork, STempPermNoExec,
+ STempPermNoFileOrNetwork, STempPermNoExecOrNetwork, STempPermNoFileOrExec,
+ STempPermNoFileOrNetworkOrExec, STempAllMedia, STempSoundOnly,
+ STempClipboardOnly, STempPrintOnly, STempAllFileAndPropertyAccess,
+ STempReadLocalFilesAndProperties, STempReflectionOnly): new messages
+ * netx/net/sourceforge/jnlp/security/SecurityDialog.java: (installPanel)
+ pass SecurityDelegate to partially signed dialog
+ * netx/net/sourceforge/jnlp/security/SecurityDialogs.java:
+ (showPartiallySignedWarningDialog) added SecutityDelegate param for
+ message extras
+ * netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletTrustConfirmation.java:
+ (checkPartiallySignedWithUserIfRequired) added SecurityDelegate param
+ * netx/net/sourceforge/jnlp/security/dialogs/CertWarningPane.java:
+ (createPolicyPermissionsMenu, PolicyEditorLaunchListener,
+ PolicyEditorPopupListener) removed in favour of TemporaryPermissionsButton
+ * netx/net/sourceforge/jnlp/security/dialogs/apptrustwarningpanel/PartiallySignedAppTrustWarningPanel.java:
+ same
+ * netx/net/sourceforge/jnlp/security/dialogs/apptrustwarningpanel/AppTrustWarningDialog.java:
+ (partiallySigned) SecurityDelegate param
+ * netx/net/sourceforge/jnlp/security/policyeditor/PermissionActions.java:
+ (DELETE, READLINK, FILE_ALL) new actions. (rawActions, rawString) can
+ retrieve raw String representation of the action
+ * netx/net/sourceforge/jnlp/security/policyeditor/PermissionTarget.java:
+ (USER_HOME, TMPDIR) grant permissions to entire directory, not only
+ children
+ * netx/net/sourceforge/jnlp/security/policyeditor/PolicyEditorPermissions.java:
+ (DELETE_LOCAL_FILES, DELETE_TMP_FILES) new permissions.
+ (Group.WriteFileSystem) added DELETE* permissions
+ * nests/netx/unit/net/sourceforge/jnlp/security/policyeditor/PolicyEditorParsingTest.java:
+ update for change in PermissionTarget
+ * netx/net/sourceforge/jnlp/security/dialogs/TemporaryPermissions.java:
+ new class
+ * netx/net/sourceforge/jnlp/security/dialogs/TemporaryPermissionsButton.java:
+ new class
+
2014-03-27 Jiri Vanek <jvanek at redhat.com>
Clenaup in PolicyEditor tests and MVC
diff -r b4631fce293a -r ede0279b5c53 netx/net/sourceforge/jnlp/resources/Messages.properties
--- a/netx/net/sourceforge/jnlp/resources/Messages.properties Thu Mar 27 14:08:54 2014 +0100
+++ b/netx/net/sourceforge/jnlp/resources/Messages.properties Thu Mar 27 11:08:09 2014 -0400
@@ -305,6 +305,20 @@
STOAsignedMsgFully = The applet is fully signed
STOAsignedMsgAndSandbox = The applet is fully signed and sandboxed
STOAsignedMsgPartiall = The applet is not fully signed
+STempPermNoFile=No file access
+STempPermNoNetwork=No network access
+STempPermNoExec=No command execution
+STempNoFileOrNetwork=No file or network access
+STempNoExecOrNetwork=No command execution or network access
+STempNoFileOrExec=No file access or command execution
+STempNoFileOrNetworkOrExec=No file access, network access, or command execution
+STempAllMedia=All media
+STempSoundOnly=Play audio
+STempClipboardOnly=Access clipboard
+STempPrintOnly=Print documents
+STempAllFileAndPropertyAccess=All file and properties access
+STempReadLocalFilesAndProperties=Read-only local files and properties
+STempReflectionOnly=Java Reflection only
# Security - used for the More Information dialog
SBadKeyUsage=Resources contain entries whose signer certificate's KeyUsage extension doesn't allow code signing.
@@ -501,6 +515,8 @@
PEReadFilesDetail=Allow applets to read from files in your home directory
PEWriteFiles=Write to local files
PEWriteFilesDetail=Allow applets to write to files in your home directory
+PEDeleteFiles=Delete local files
+PEDeleteFilesDetail=Allow applets to delete files in your home directory
PEReadSystemFiles=Read all system files
PEReadSystemFilesDetail=Allow applets read-only access to all locations on your computer
PEWriteSystemFiles=Write all system files
@@ -509,6 +525,8 @@
PEReadTempFilesDetail=Allow applets to read from your temporary files directory
PEWriteTempFiles=Write to temp files
PEWriteTempFilesDetail=Allow applets to write to your temporary files directory
+PEDeleteTempFiles=Delete temp files
+PEDeleteTempFilesDetail=Allow applets to delete files in your temporary files directory
PEAWTPermission=Window System Access
PEAWTPermissionDetail=Allow applets all AWT windowing system access
PEClipboard=Access clipboard
diff -r b4631fce293a -r ede0279b5c53 netx/net/sourceforge/jnlp/security/SecurityDialog.java
--- a/netx/net/sourceforge/jnlp/security/SecurityDialog.java Thu Mar 27 14:08:54 2014 +0100
+++ b/netx/net/sourceforge/jnlp/security/SecurityDialog.java Thu Mar 27 11:08:09 2014 -0400
@@ -315,7 +315,7 @@
else if (dialogType == DialogType.APPLET_WARNING)
panel = new AppletWarningPane(this, this.certVerifier);
else if (dialogType == DialogType.PARTIALLYSIGNED_WARNING)
- panel = AppTrustWarningDialog.partiallySigned(this, file);
+ panel = AppTrustWarningDialog.partiallySigned(this, file, (SecurityDelegate) extras[0]);
else if (dialogType == DialogType.UNSIGNED_WARNING) // Only necessary for applets on 'high security' or above
panel = AppTrustWarningDialog.unsigned(this, file);
else if (dialogType == DialogType.AUTHENTICATION)
diff -r b4631fce293a -r ede0279b5c53 netx/net/sourceforge/jnlp/security/SecurityDialogs.java
--- a/netx/net/sourceforge/jnlp/security/SecurityDialogs.java Thu Mar 27 14:08:54 2014 +0100
+++ b/netx/net/sourceforge/jnlp/security/SecurityDialogs.java Thu Mar 27 11:08:09 2014 -0400
@@ -221,13 +221,15 @@
*
* @return true if permission was granted by the user, false otherwise.
*/
- public static AppSigningWarningAction showPartiallySignedWarningDialog(JNLPFile file, CertVerifier certVerifier) {
+ public static AppSigningWarningAction showPartiallySignedWarningDialog(JNLPFile file, CertVerifier certVerifier,
+ SecurityDelegate securityDelegate) {
final SecurityDialogMessage message = new SecurityDialogMessage();
message.dialogType = DialogType.PARTIALLYSIGNED_WARNING;
message.accessType = AccessType.PARTIALLYSIGNED;
message.file = file;
message.certVerifier = certVerifier;
+ message.extras = new Object[] { securityDelegate };
return (AppSigningWarningAction) getUserResponse(message);
}
diff -r b4631fce293a -r ede0279b5c53 netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletTrustConfirmation.java
--- a/netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletTrustConfirmation.java Thu Mar 27 14:08:54 2014 +0100
+++ b/netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletTrustConfirmation.java Thu Mar 27 11:08:09 2014 -0400
@@ -239,7 +239,7 @@
appletOK = false;
} else {
// No remembered decision, prompt the user
- AppSigningWarningAction warningResponse = SecurityDialogs.showPartiallySignedWarningDialog(file, certVerifier);
+ AppSigningWarningAction warningResponse = SecurityDialogs.showPartiallySignedWarningDialog(file, certVerifier, securityDelegate);
ExecuteAppletAction executeAction = warningResponse.getAction();
if (executeAction == ExecuteAppletAction.SANDBOX) {
diff -r b4631fce293a -r ede0279b5c53 netx/net/sourceforge/jnlp/security/dialogs/CertWarningPane.java
--- a/netx/net/sourceforge/jnlp/security/dialogs/CertWarningPane.java Thu Mar 27 14:08:54 2014 +0100
+++ b/netx/net/sourceforge/jnlp/security/dialogs/CertWarningPane.java Thu Mar 27 11:08:09 2014 -0400
@@ -41,20 +41,15 @@
import java.awt.BorderLayout;
import java.awt.Color;
-import java.awt.Dialog.ModalityType;
import java.awt.Dimension;
import java.awt.FlowLayout;
import java.awt.Font;
import java.awt.GridLayout;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
-import java.awt.event.MouseEvent;
-import java.awt.event.MouseListener;
import java.io.File;
import java.io.FileOutputStream;
import java.io.OutputStream;
-import java.net.MalformedURLException;
-import java.net.URL;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
@@ -65,16 +60,13 @@
import javax.swing.JButton;
import javax.swing.JCheckBox;
import javax.swing.JLabel;
-import javax.swing.JMenuItem;
import javax.swing.JPanel;
import javax.swing.JPopupMenu;
import javax.swing.SwingConstants;
import net.sourceforge.jnlp.JNLPFile;
import net.sourceforge.jnlp.PluginBridge;
-import net.sourceforge.jnlp.config.DeploymentConfiguration;
import net.sourceforge.jnlp.runtime.JNLPClassLoader.SecurityDelegate;
-import net.sourceforge.jnlp.runtime.JNLPRuntime;
import net.sourceforge.jnlp.security.CertVerifier;
import net.sourceforge.jnlp.security.CertificateUtils;
import net.sourceforge.jnlp.security.HttpsCertVerifier;
@@ -84,7 +76,6 @@
import net.sourceforge.jnlp.security.SecurityDialog;
import net.sourceforge.jnlp.security.SecurityDialogs.AccessType;
import net.sourceforge.jnlp.security.SecurityUtil;
-import net.sourceforge.jnlp.security.policyeditor.PolicyEditor;
import net.sourceforge.jnlp.security.policyeditor.PolicyEditor.PolicyEditorWindow;
import net.sourceforge.jnlp.util.FileUtils;
import net.sourceforge.jnlp.util.logging.OutputController;
@@ -225,8 +216,6 @@
}
private void addButtons() {
- createPolicyPermissionsMenu();
-
alwaysTrust = new JCheckBox(R("SAlwaysTrustPublisher"));
alwaysTrust.setEnabled(true);
alwaysTrust.setSelected(alwaysTrustSelected);
@@ -246,7 +235,7 @@
buttonPanel = new JPanel(new FlowLayout(FlowLayout.RIGHT));
run = new JButton(R("ButRun"));
sandbox = new JButton(R("ButSandbox"));
- advancedOptions = new JButton("\u2630"); // "hamburger" navicon
+ advancedOptions = new TemporaryPermissionsButton(file, securityDelegate, sandbox);
cancel = new JButton(R("ButCancel"));
run.setToolTipText(R("CertWarnRunTip"));
@@ -273,8 +262,6 @@
sandbox.addActionListener(createSetValueListener(parent, 1));
- advancedOptions.addMouseListener(new PolicyEditorPopupListener());
-
cancel.addActionListener(createSetValueListener(parent, 2));
initialFocusComponent = cancel;
@@ -310,65 +297,6 @@
add(bottomPanel);
}
- private void createPolicyPermissionsMenu() {
- policyMenu = new JPopupMenu();
-
- JMenuItem launchPolicyEditor = new JMenuItem(R("CertWarnPolicyEditorItem"));
- launchPolicyEditor.addActionListener(new PolicyEditorLaunchListener());
-
- policyMenu.add(launchPolicyEditor);
- policyMenu.setSize(policyMenu.getMinimumSize());
- policyMenu.setVisible(false);
- }
-
- private class PolicyEditorLaunchListener implements ActionListener {
- @Override
- public void actionPerformed(final ActionEvent e) {
- final String rawFilepath = JNLPRuntime.getConfiguration().getProperty(DeploymentConfiguration.KEY_USER_SECURITY_POLICY);
- String filepath;
- try {
- filepath = new URL(rawFilepath).getPath();
- } catch (final MalformedURLException mfue) {
- filepath = null;
- }
-
- if (policyEditor == null || policyEditor.getPolicyEditor().isClosed()) {
- policyEditor = PolicyEditor.getPolicyEditorDialog(filepath);
- } else {
- policyEditor.asWindow().toFront();
- policyEditor.asWindow().repaint();
- }
- policyEditor.setModalityType(ModalityType.DOCUMENT_MODAL);
- policyEditor.getPolicyEditor().addNewCodebase(file.getCodeBase().toString());
- policyEditor.asWindow().setVisible(true);
- policyMenu.setVisible(false);
- }
- }
-
- private class PolicyEditorPopupListener implements MouseListener {
- @Override
- public void mouseClicked(final MouseEvent e) {
- policyMenu.setLocation(e.getLocationOnScreen());
- policyMenu.setVisible(!policyMenu.isVisible());
- }
-
- @Override
- public void mousePressed(final MouseEvent e) {
- }
-
- @Override
- public void mouseReleased(final MouseEvent e) {
- }
-
- @Override
- public void mouseEntered(final MouseEvent e) {
- }
-
- @Override
- public void mouseExited(final MouseEvent e) {
- }
- }
-
private class MoreInfoButtonListener implements ActionListener {
@Override
public void actionPerformed(ActionEvent e) {
diff -r b4631fce293a -r ede0279b5c53 netx/net/sourceforge/jnlp/security/dialogs/TemporaryPermissions.java
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/netx/net/sourceforge/jnlp/security/dialogs/TemporaryPermissions.java Thu Mar 27 11:08:09 2014 -0400
@@ -0,0 +1,204 @@
+/* Copyright (C) 2014 Red Hat, Inc.
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License as published by
+the Free Software Foundation, version 2.
+
+IcedTea is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING. If not, write to
+the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version.
+ */
+
+package net.sourceforge.jnlp.security.dialogs;
+
+import java.awt.AWTPermission;
+import java.io.FilePermission;
+import java.lang.reflect.ReflectPermission;
+import java.net.SocketPermission;
+import java.security.Permission;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.PropertyPermission;
+
+import javax.sound.sampled.AudioPermission;
+
+import static net.sourceforge.jnlp.security.policyeditor.PolicyEditorPermissions.*;
+
+public class TemporaryPermissions {
+
+ // We can't use the PolicyEditorPermissions versions of these, because they rely on System Property expansion, which is perfomed
+ // by the policy parser, but not by the Permissions constructors.
+ private static final String USER_HOME = System.getProperty("user.home");
+ private static final String TMPDIR = System.getProperty("java.io.tmpdir");
+
+ public static final FilePermission READ_LOCAL_FILES_PERMISSION = new FilePermission(USER_HOME, READ_LOCAL_FILES.getActions().rawString());
+ public static final FilePermission WRITE_LOCAL_FILES_PERMISSION = new FilePermission(USER_HOME, WRITE_LOCAL_FILES.getActions().rawString());
+ public static final FilePermission DELETE_LOCAL_FILES_PERMISSION = new FilePermission(USER_HOME, DELETE_LOCAL_FILES.getActions().rawString());
+ public static final FilePermission READ_TMP_FILES_PERMISSION = new FilePermission(TMPDIR, READ_TMP_FILES.getActions().rawString());
+ public static final FilePermission WRITE_TMP_FILES_PERMISSION = new FilePermission(TMPDIR, WRITE_TMP_FILES.getActions().rawString());
+ public static final FilePermission DELETE_TMP_FILES_PERMISSION = new FilePermission(TMPDIR, DELETE_TMP_FILES.getActions().rawString());
+ public static final FilePermission READ_SYSTEM_FILES_PERMISSION = new FilePermission(READ_SYSTEM_FILES.getTarget().target, READ_SYSTEM_FILES.getActions()
+ .rawString());
+ public static final FilePermission WRITE_SYSTEM_FILES_PERMISSION = new FilePermission(WRITE_SYSTEM_FILES.getTarget().target, WRITE_SYSTEM_FILES
+ .getActions().rawString());
+
+ public static final PropertyPermission READ_PROPERTIES_PERMISSION = new PropertyPermission(READ_PROPERTIES.getTarget().target, READ_PROPERTIES.getActions()
+ .rawString());
+ public static final PropertyPermission WRITE_PROPERTIES_PERMISSION = new PropertyPermission(WRITE_PROPERTIES.getTarget().target, WRITE_PROPERTIES
+ .getActions().rawString());
+
+ public static final FilePermission EXEC_PERMISSION = new FilePermission(EXEC_COMMANDS.getTarget().target, EXEC_COMMANDS.getActions().rawString());
+ public static final RuntimePermission GETENV_PERMISSION = new RuntimePermission(GET_ENV.getTarget().target);
+
+ public static final SocketPermission NETWORK_PERMISSION = new SocketPermission(NETWORK.getTarget().target, NETWORK.getActions().rawString());
+
+ public static final ReflectPermission REFLECTION_PERMISSION = new ReflectPermission(JAVA_REFLECTION.getTarget().target);
+ public static final RuntimePermission CLASSLOADER_PERMISSION = new RuntimePermission(GET_CLASSLOADER.getTarget().target);
+ public static final RuntimePermission ACCESS_CLASS_IN_PACKAGE_PERMISSION = new RuntimePermission(ACCESS_CLASS_IN_PACKAGE.getTarget().target);
+ public static final RuntimePermission ACCESS_DECLARED_MEMBERS_PERMISSION = new RuntimePermission(ACCESS_DECLARED_MEMBERS.getTarget().target);
+
+ public static final AWTPermission AWT_PERMISSION = new AWTPermission(ALL_AWT.getTarget().target);
+ public static final AudioPermission PLAY_AUDIO_PERMISSION = new AudioPermission(PLAY_AUDIO.getTarget().target);
+ public static final AudioPermission RECORD_AUDIO_PERMISSION = new AudioPermission(RECORD_AUDIO.getTarget().target);
+ public static final AWTPermission CLIPBOARD_PERMISSION = new AWTPermission(CLIPBOARD.getTarget().target);
+ public static final RuntimePermission PRINT_PERMISSION = new RuntimePermission(PRINT.getTarget().target);
+
+ public static final Collection<Permission> ALL_PERMISSIONS, FILE_PERMISSIONS, PROPERTY_PERMISSIONS, NETWORK_PERMISSIONS, EXEC_PERMISSIONS,
+ REFLECTION_PERMISSIONS, MEDIA_PERMISSIONS;
+ static {
+ final Collection<Permission> all = new HashSet<Permission>(), file = new HashSet<Permission>(), property = new HashSet<Permission>(),
+ network = new HashSet<Permission>(), exec = new HashSet<Permission>(), reflection = new HashSet<Permission>(), media = new HashSet<Permission>();
+
+ file.add(READ_LOCAL_FILES_PERMISSION);
+ file.add(WRITE_LOCAL_FILES_PERMISSION);
+ file.add(DELETE_LOCAL_FILES_PERMISSION);
+ file.add(READ_TMP_FILES_PERMISSION);
+ file.add(WRITE_TMP_FILES_PERMISSION);
+ file.add(DELETE_TMP_FILES_PERMISSION);
+ file.add(READ_SYSTEM_FILES_PERMISSION);
+ file.add(WRITE_SYSTEM_FILES_PERMISSION);
+ FILE_PERMISSIONS = Collections.unmodifiableCollection(file);
+
+ property.add(READ_PROPERTIES_PERMISSION);
+ property.add(WRITE_PROPERTIES_PERMISSION);
+ PROPERTY_PERMISSIONS = Collections.unmodifiableCollection(property);
+
+ exec.add(EXEC_PERMISSION);
+ exec.add(GETENV_PERMISSION);
+ EXEC_PERMISSIONS = Collections.unmodifiableCollection(exec);
+
+ network.add(NETWORK_PERMISSION);
+ NETWORK_PERMISSIONS = Collections.unmodifiableCollection(network);
+
+ reflection.add(REFLECTION_PERMISSION);
+ reflection.add(CLASSLOADER_PERMISSION);
+ reflection.add(ACCESS_CLASS_IN_PACKAGE_PERMISSION);
+ reflection.add(ACCESS_DECLARED_MEMBERS_PERMISSION);
+ REFLECTION_PERMISSIONS = Collections.unmodifiableCollection(reflection);
+
+ media.add(AWT_PERMISSION);
+ media.add(PLAY_AUDIO_PERMISSION);
+ media.add(RECORD_AUDIO_PERMISSION);
+ media.add(CLIPBOARD_PERMISSION);
+ media.add(PRINT_PERMISSION);
+ MEDIA_PERMISSIONS = Collections.unmodifiableCollection(media);
+
+ all.addAll(file);
+ all.addAll(property);
+ all.addAll(exec);
+ all.addAll(network);
+ all.addAll(reflection);
+ all.addAll(media);
+ ALL_PERMISSIONS = Collections.unmodifiableCollection(all);
+ }
+
+ private static final Collection<Permission> allMinus(final Collection<Permission> permissions) {
+ return subtract(ALL_PERMISSIONS, permissions);
+ }
+
+ private static Collection<Permission> sum(final Permission... permissions) {
+ final Collection<Permission> result = new HashSet<Permission>(Arrays.asList(permissions));
+ return Collections.unmodifiableCollection(result);
+ }
+
+ private static Collection<Permission> sum(final Collection<Permission> a, final Collection<Permission> b) {
+ final Collection<Permission> result = new HashSet<Permission>();
+ result.addAll(a);
+ result.addAll(b);
+ return Collections.unmodifiableCollection(result);
+ }
+
+ private static final Collection<Permission> subtract(final Collection<Permission> from, final Collection<Permission> remove) {
+ final Collection<Permission> result = new HashSet<Permission>(from);
+ result.removeAll(remove);
+ return Collections.unmodifiableCollection(result);
+ }
+
+ public static Collection<Permission> noFileAccess() {
+ return allMinus(FILE_PERMISSIONS);
+ }
+
+ public static Collection<Permission> noNetworkAccess() {
+ return allMinus(Arrays.asList(new Permission[] { NETWORK_PERMISSION }));
+ }
+
+ public static Collection<Permission> noFileOrNetworkAccess() {
+ return subtract(allMinus(FILE_PERMISSIONS), NETWORK_PERMISSIONS);
+ }
+
+ public static Collection<Permission> allFileAccessAndProperties() {
+ return sum(FILE_PERMISSIONS, PROPERTY_PERMISSIONS);
+ }
+
+ public static Collection<Permission> readLocalFilesAndProperties() {
+ return sum(READ_LOCAL_FILES_PERMISSION, READ_PROPERTIES_PERMISSION);
+ }
+
+ public static Collection<Permission> reflectionOnly() {
+ return REFLECTION_PERMISSIONS;
+ }
+
+ public static Collection<Permission> allMedia() {
+ return MEDIA_PERMISSIONS;
+ }
+
+ public static Collection<Permission> audioOnly() {
+ return sum(PLAY_AUDIO_PERMISSION, RECORD_AUDIO_PERMISSION);
+ }
+
+ public static Collection<Permission> clipboardOnly() {
+ return sum(CLIPBOARD_PERMISSION);
+ }
+
+ public static Collection<Permission> printOnly() {
+ return sum(PRINT_PERMISSION);
+ }
+
+}
diff -r b4631fce293a -r ede0279b5c53 netx/net/sourceforge/jnlp/security/dialogs/TemporaryPermissionsButton.java
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/netx/net/sourceforge/jnlp/security/dialogs/TemporaryPermissionsButton.java Thu Mar 27 11:08:09 2014 -0400
@@ -0,0 +1,191 @@
+/* Copyright (C) 2014 Red Hat, Inc.
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License as published by
+the Free Software Foundation, version 2.
+
+IcedTea is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
More information about the distro-pkg-dev
mailing list