[rfc][icedtea-web] Permissions manifest attribute fix

Andrew Azores aazores at redhat.com
Mon Mar 31 20:10:52 UTC 2014 

On 03/31/2014 01:28 PM, Andrew Azores wrote:
> Hi,
>
> The spec for this attribute is at [0]. Any reviewer, please double 
> check the spec to be sure I've correctly interpreted it, and not just 
> implemented something else.
>
> [1] and [2] can be used as test cases for this fix. The Permissions 
> manifest attribute had a bug due to the inability to distinguish 
> between a signed applet being granted All-permission because it 
> specified it in the HTML params, and a signed applet being granted 
> All-permission because it did not specify a permission level and 
> All-permission is the default in this case. This bug led to signed 
> applets being unable to properly request for themselves to be run 
> sandboxed.
>
> This patch fixes it so that the applets may be run, however, there is 
> a deficiency in that we are not actually able to sandbox the applet. 
> This is because we are doing our manifest checks after all of our 
> resources have been loaded and assigned SecurityDescs. In order to run 
> an applet sandboxed, the SecurityDelegate#setRunInSandbox call must be 
> performed before any of these security descriptors are assigned. This 
> is not currently possible. However, we do at least have the Run In 
> Sandbox button which can be used before the manifest checks are 
> performed, which will then allow the applet to be run sandboxed at the 
> user's discretion.
>
> [0] 
> http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/manifest.html#permissions
> [1] 
> http://docs.oracle.com/javase/tutorial/deployment/applet/deployingApplet.html
> [2] 
> http://docs.oracle.com/javase/tutorial/deployment/deploymentInDepth/examples/dist/depltoolkit_Java2Demo/DeployUsingJNLP.html
>
> Thanks,
>

Small refactor. Rather than the new RequestedPermissionLevel being 
available from SecurityDesc and PluginBridge only, it's also available 
from JNLPFile. PluginBridge, being a JNLPFile subclass, then overrides 
the method and provides the correct implementation for HTML applets. 
This just makes things more coherent IMO.

Thanks,

-- 
Andrew A

-------------- next part --------------
A non-text attachment was scrubbed...
Name: permissions-attr-check-2.patch
Type: text/x-patch
Size: 15378 bytes
Desc: not available
URL: <http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20140331/73a2aafe/permissions-attr-check-2-0001.patch>

More information about the distro-pkg-dev mailing list