[rfc][icedtea-web] align Permission attibute behaviour to "expected" behaviour was: Re: status of Permissions attribute implementation
Jiri Vanek
jvanek at redhat.com
Wed Jul 15 13:37:39 UTC 2015
On 07/15/2015 03:30 PM, Andrew Azores wrote:
> On 14/07/15 04:47 AM, Jiri Vanek wrote:
>> Hello.Here is fix for the issues I spoted during heavyu testing of Permissions attribute.
>>
>> run befor patch:
>> Passed: SandboxUnsignedInvalidTest.javawsAppletAllPermAllSecurity
>> Passed: SandboxUnsignedInvalidTest.javawsAllPermAllSecurity
>> Passed: SandboxUnsignedInvalidTest.appletAllPermAllSecurity - opera
>> Passed: SandboxUnsignedInvalidTest.javawsAllPermNoSecurity
>> Passed: SandboxUnsignedInvalidTest.javawsAppletAllPermNoSecurity
>> Passed: SandboxUnsignedMissingTestHighSecurity.javawsAppletAllPermNoSecurityNo
>> Passed: SandboxUnsignedMissingTestHighSecurity.javawsAllPermAllSecurityNo
>> Passed: SandboxUnsignedMissingTestHighSecurity.javawsAppletAllPermAllSecurityNo
>> Passed: SandboxUnsignedMissingTestHighSecurity.javawsAllPermNoSecurityYes
>> Passed: SandboxUnsignedMissingTestHighSecurity.javawsAppletAllPermNoSecurityYes
>> Passed: SandboxUnsignedMissingTestHighSecurity.javawsAllPermNoSecurityNo
>> Passed: SandboxUnsignedMissingTestHighSecurity.javawsAppletAllPermAllSecurityYes
>> Passed: SandboxUnsignedMissingTestHighSecurity.javawsAllPermAllSecurityYes
>> Passed: SandboxUnsignedSandboxTest.javawsAppletAllPermAllSecurity
>> Passed: SandboxUnsignedSandboxTest.javawsAllPermAllSecurity
>> Passed: SandboxUnsignedSandboxTest.appletAllPermAllSecurity - midori
>> Passed: SandboxUnsignedSandboxTest.javawsAllPermNoSecurity
>> Passed: SandboxUnsignedSandboxTest.javawsAppletAllPermNoSecurity
>> Passed: SandboxSignedSandboxTest.javawsAppletAllPermAllSecurity
>> Passed: SandboxSignedSandboxTest.javawsAllPermAllSecurity
>> Passed: SandboxSignedSandboxTest.appletAllPermAllSecurity - opera
>> FAILED: javawsAllPermNoSecurity(SandboxSignedSandboxTest) null
>> FAILED: javawsAppletAllPermNoSecurity(SandboxSignedSandboxTest) null
>> Passed: SandboxSignedMissingTestHighSecurity.javawsAppletAllPermNoSecurityNo
>> Passed: SandboxSignedMissingTestHighSecurity.javawsAllPermAllSecurityNo
>> Passed: SandboxSignedMissingTestHighSecurity.javawsAppletAllPermAllSecurityNo
>> Passed: SandboxSignedMissingTestHighSecurity.javawsAllPermNoSecurityYes
>> Passed: SandboxSignedMissingTestHighSecurity.javawsAppletAllPermNoSecurityYes
>> Passed: SandboxSignedMissingTestHighSecurity.javawsAllPermNoSecurityNo
>> Passed: SandboxSignedMissingTestHighSecurity.javawsAppletAllPermAllSecurityYes
>> Passed: SandboxSignedMissingTestHighSecurity.javawsAllPermAllSecurityYes
>> Passed: SandboxUnsignedMissingTest.javawsAppletAllPermAllSecurity
>> Passed: SandboxUnsignedMissingTest.javawsAllPermAllSecurity
>> Passed: SandboxUnsignedMissingTest.appletAllPermAllSecurity - midori
>> Passed: SandboxUnsignedMissingTest.javawsAllPermNoSecurity
>> Passed: SandboxUnsignedMissingTest.javawsAppletAllPermNoSecurity
>> Passed: SandboxSignedMissingTest.javawsAppletAllPermAllSecurity
>> Passed: SandboxSignedMissingTest.javawsAllPermAllSecurity
>> Passed: SandboxSignedMissingTest.appletAllPermAllSecurity - midori
>> Passed: SandboxSignedMissingTest.javawsAllPermNoSecurity
>> Passed: SandboxSignedMissingTest.javawsAppletAllPermNoSecurity
>> Passed: SandboxUnsignedAllPermTest.javawsAppletAllPermAllSecurity
>> Passed: SandboxUnsignedAllPermTest.javawsAllPermAllSecurity
>> Passed: SandboxUnsignedAllPermTest.appletAllPermAllSecurity - midori
>> FAILED: javawsAllPermNoSecurity(SandboxUnsignedAllPermTest) null
>> FAILED: javawsAppletAllPermNoSecurity(SandboxUnsignedAllPermTest) null
>> Passed: SandboxSignedAllPermTest.javawsAppletAllPermAllSecurity
>> Passed: SandboxSignedAllPermTest.javawsAllPermAllSecurity
>> Passed: SandboxSignedAllPermTest.appletAllPermAllSecurity - epiphany
>> Passed: SandboxSignedAllPermTest.javawsAllPermNoSecurity
>> Passed: SandboxSignedAllPermTest.javawsAppletAllPermNoSecurity
>> Passed: SandboxSignedInvalidTest.javawsAppletAllPermAllSecurity
>> Passed: SandboxSignedInvalidTest.javawsAllPermAllSecurity
>> Passed: SandboxSignedInvalidTest.appletAllPermAllSecurity - opera
>> Passed: SandboxSignedInvalidTest.javawsAllPermNoSecurity
>> Passed: SandboxSignedInvalidTest.javawsAppletAllPermNoSecurity
>> Total tests run: 56; From those : 0 known to fail
>> Test known to fail: passed: 0; failed: 0; ignored: 0
>> Test results: passed: 52; failed: 4; ignored: 0
>>
>>
>>
>> run after patch:
>> Passed: SandboxUnsignedInvalidTest.javawsAppletAllPermAllSecurity
>> Passed: SandboxUnsignedInvalidTest.javawsAllPermAllSecurity
>> Passed: SandboxUnsignedInvalidTest.appletAllPermAllSecurity - epiphany
>> Passed: SandboxUnsignedInvalidTest.javawsAllPermNoSecurity
>> Passed: SandboxUnsignedInvalidTest.javawsAppletAllPermNoSecurity
>> Passed: SandboxUnsignedMissingTestHighSecurity.javawsAppletAllPermNoSecurityNo
>> Passed: SandboxUnsignedMissingTestHighSecurity.javawsAllPermAllSecurityNo
>> Passed: SandboxUnsignedMissingTestHighSecurity.javawsAppletAllPermAllSecurityNo
>> Passed: SandboxUnsignedMissingTestHighSecurity.javawsAllPermNoSecurityYes
>> Passed: SandboxUnsignedMissingTestHighSecurity.javawsAppletAllPermNoSecurityYes
>> Passed: SandboxUnsignedMissingTestHighSecurity.javawsAllPermNoSecurityNo
>> Passed: SandboxUnsignedMissingTestHighSecurity.javawsAppletAllPermAllSecurityYes
>> Passed: SandboxUnsignedMissingTestHighSecurity.javawsAllPermAllSecurityYes
>> Passed: SandboxUnsignedSandboxTest.javawsAppletAllPermAllSecurity
>> Passed: SandboxUnsignedSandboxTest.javawsAllPermAllSecurity
>> Passed: SandboxUnsignedSandboxTest.appletAllPermAllSecurity - opera
>> Passed: SandboxUnsignedSandboxTest.javawsAllPermNoSecurity
>> Passed: SandboxUnsignedSandboxTest.javawsAppletAllPermNoSecurity
>> Passed: SandboxSignedSandboxTest.javawsAppletAllPermAllSecurity
>> Passed: SandboxSignedSandboxTest.javawsAllPermAllSecurity
>> Passed: SandboxSignedSandboxTest.appletAllPermAllSecurity - epiphany
>> Passed: SandboxSignedSandboxTest.javawsAllPermNoSecurity
>> Passed: SandboxSignedSandboxTest.javawsAppletAllPermNoSecurity
>> Passed: SandboxSignedMissingTestHighSecurity.javawsAppletAllPermNoSecurityNo
>> Passed: SandboxSignedMissingTestHighSecurity.javawsAllPermAllSecurityNo
>> Passed: SandboxSignedMissingTestHighSecurity.javawsAppletAllPermAllSecurityNo
>> Passed: SandboxSignedMissingTestHighSecurity.javawsAllPermNoSecurityYes
>> Passed: SandboxSignedMissingTestHighSecurity.javawsAppletAllPermNoSecurityYes
>> Passed: SandboxSignedMissingTestHighSecurity.javawsAllPermNoSecurityNo
>> Passed: SandboxSignedMissingTestHighSecurity.javawsAppletAllPermAllSecurityYes
>> Passed: SandboxSignedMissingTestHighSecurity.javawsAllPermAllSecurityYes
>> Passed: SandboxUnsignedMissingTest.javawsAppletAllPermAllSecurity
>> Passed: SandboxUnsignedMissingTest.javawsAllPermAllSecurity
>> Passed: SandboxUnsignedMissingTest.appletAllPermAllSecurity - opera
>> Passed: SandboxUnsignedMissingTest.javawsAllPermNoSecurity
>> Passed: SandboxUnsignedMissingTest.javawsAppletAllPermNoSecurity
>> Passed: SandboxSignedMissingTest.javawsAppletAllPermAllSecurity
>> Passed: SandboxSignedMissingTest.javawsAllPermAllSecurity
>> Passed: SandboxSignedMissingTest.appletAllPermAllSecurity - midori
>> Passed: SandboxSignedMissingTest.javawsAllPermNoSecurity
>> Passed: SandboxSignedMissingTest.javawsAppletAllPermNoSecurity
>> Passed: SandboxUnsignedAllPermTest.javawsAppletAllPermAllSecurity
>> Passed: SandboxUnsignedAllPermTest.javawsAllPermAllSecurity
>> Passed: SandboxUnsignedAllPermTest.appletAllPermAllSecurity - midori
>> Passed: SandboxUnsignedAllPermTest.javawsAllPermNoSecurity
>> Passed: SandboxUnsignedAllPermTest.javawsAppletAllPermNoSecurity
>> Passed: SandboxSignedAllPermTest.javawsAppletAllPermAllSecurity
>> Passed: SandboxSignedAllPermTest.javawsAllPermAllSecurity
>> Passed: SandboxSignedAllPermTest.appletAllPermAllSecurity - opera
>> Passed: SandboxSignedAllPermTest.javawsAllPermNoSecurity
>> Passed: SandboxSignedAllPermTest.javawsAppletAllPermNoSecurity
>> Passed: SandboxSignedInvalidTest.javawsAppletAllPermAllSecurity
>> Passed: SandboxSignedInvalidTest.javawsAllPermAllSecurity
>> Passed: SandboxSignedInvalidTest.appletAllPermAllSecurity - midori
>> Passed: SandboxSignedInvalidTest.javawsAllPermNoSecurity
>> Passed: SandboxSignedInvalidTest.javawsAppletAllPermNoSecurity
>> Total tests run: 56; From those : 0 known to fail
>> Test known to fail: passed: 0; failed: 0; ignored: 0
>> Test results: passed: 56; failed: 0; ignored: 0
>>
>>
>>
>> So you can see how thsi was "test driven" so (for reviwer) watching the tests is important.
>>
>> Attached are also full log.
>>
>> not sure whether backport to 1.5 ... thoughts?
>>
>>
>> On 07/13/2015 05:38 PM, Jiri Vanek wrote:
>>> Hi!
>>>
>>> http://icedtea.classpath.org/hg/icedtea-web/rev/afb391ba4b20
>>> http://icedtea.classpath.org/hg/icedtea-web/rev/01082f3b6119
>>> http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/manifest.html#permissions
>>>
>>> I have added reproducers for all possible cases of Permissions attribute usage:
>>> High security (ASK_UNSIGNED)
>>> - have sense only when attribute is missing. Then user is asked whether to continue. Both signed
>>> and unsigned javaws/applets
>>> - result is pass, itw behaves correctly.
>>> - whether it have sense to popup also for unsigned applets... Thats questionable. But I would say
>>> yes, it is marking that something is wrong. (And Iwould turn to allow_unsigned anyway;)
>>>
>>> Low security (ALLOW_UNSIGNED)
>>> attribute have invalid value
>>> - always fail to start (ok)
>>>
>>> Signed
>>> attribute missing
>>> run with all permissions as expected
>>> attribute have all-permissions value
>>> run with all permissions as expected
>>> attribute have sandbox value
>>> depends on jnlp requesting security/all-permissions element
>>> - if there is nothing like it, then app runs n sandbox
>>> - if jnlp is requesting, then we currently dont lunch. Thats a bug and should be fixed
>>> - two occurrences in http://icedtea.classpath.org/hg/icedtea-web/rev/01082f3b6119#l34.78
>>>
>>> Unsigned
>>> attribute missing
>>> run in sandbox as expected
>>> attribute have all-permissions value
>>> - here is one disorder applet runs in sandbox, but jnlp file which is NOT requesting
>>> permissions fails. IMho again bug.
>>> - two occurrences in http://icedtea.classpath.org/hg/icedtea-web/rev/afb391ba4b20#l10.76
>>> attribute have sandbox value
>>> - if jnlp is requesting all-permissions, then fails
>>> - otherwise always run in sandbox
>>>
>>> Both bugs seems to have same cause. and should be fixed.
>>>
>>>
>>>
>>>
>>> Motivation was report that this dialogue keep popuping for ever under some circumsatnces.
>>> I was not able to reproduce it, and will negotiate with reporter.
>>>
>>>
>>> I will do similar tests for all implemented manifest attributes.
>
> Looks good.
really???
> Backporting to 1.5 is probably a good idea as well.
I'm not sure.... I will backport tests first and see how they behave here...
I was still not yet confiremd the strange "always popuping" ehaviour of permissions attribute...
>
Thanx for check!
J.
More information about the distro-pkg-dev
mailing list