/hg/release/icedtea-web-1.5: Tuned permissions attribute behavio...

Mon Jul 20 14:06:57 UTC 2015

changeset a7ed0ba86302 in /hg/release/icedtea-web-1.5
details: http://icedtea.classpath.org/hg/release/icedtea-web-1.5?cmd=changeset;node=a7ed0ba86302
author: Jiri Vanek <jvanek at redhat.com>
date: Mon Jul 20 16:06:29 2015 +0200

	Tuned permissions attribute behavior for unsigned jnlps

	* NEWS: change of permissions attribute mentioned in news
	* netx/net/sourceforge/jnlp/runtime/ManifestAttributesChecker.java:permissions sandbox and signed app and unsigned app with permissions all-permissions now run in sandbox instead of not at all.


diffstat:

 ChangeLog                                                        |  8 ++++++++
 NEWS                                                             |  1 +
 netx/net/sourceforge/jnlp/runtime/ManifestAttributesChecker.java |  6 ++++--
 3 files changed, 13 insertions(+), 2 deletions(-)

diffs (44 lines):

diff -r 7dcaaab8ea51 -r a7ed0ba86302 ChangeLog

--- a/ChangeLog	Mon Jul 20 13:00:49 2015 +0200
+++ b/ChangeLog	Mon Jul 20 16:06:29 2015 +0200
@@ -1,3 +1,11 @@
+2015-07-20  Jiri Vanek  <jvanek at redhat.com>
+
+	Tuned permissions attribute behavior for unsigned jnlps
+	* NEWS: change of permissions attribute mentioned in news 
+	* netx/net/sourceforge/jnlp/runtime/ManifestAttributesChecker.java:
+	permissions sandbox and signed app and unsigned app with permissions all-permissions
+	now run in sandbox instead of not at all.
+
 2015-07-20  Jiri Vanek  <jvanek at redhat.com>
 
 	Fixed download service
diff -r 7dcaaab8ea51 -r a7ed0ba86302 NEWS
--- a/NEWS	Mon Jul 20 13:00:49 2015 +0200
+++ b/NEWS	Mon Jul 20 16:06:29 2015 +0200
@@ -9,6 +9,7 @@
 CVE-XXXX-YYYY: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
 
 New in release 1.5.3 (YYYY-MM-DD):
+* permissions sandbox and signed app and unsigned app with permissions all-permissions now run in sandbox instead of not at all.
 * fixed DownloadService
 * RH1231441 Unable to read the text of the buttons of the security dialogue
 
diff -r 7dcaaab8ea51 -r a7ed0ba86302 netx/net/sourceforge/jnlp/runtime/ManifestAttributesChecker.java
--- a/netx/net/sourceforge/jnlp/runtime/ManifestAttributesChecker.java	Mon Jul 20 13:00:49 2015 +0200
+++ b/netx/net/sourceforge/jnlp/runtime/ManifestAttributesChecker.java	Mon Jul 20 16:06:29 2015 +0200
@@ -220,10 +220,12 @@
         } else { // JNLP
             if (isNoneOrDefault(requestedPermissions)) {
                 if (sandboxForced == ManifestBoolean.TRUE && signing != SigningState.NONE) {
-                    throw new LaunchException("The 'permissions' attribute is '" + file.getManifestsAttributes().permissionsToString() + "' and the applet is signed. This is fatal.");
+                    OutputController.getLogger().log(OutputController.Level.WARNING_ALL, "The 'permissions' attribute is '" + file.getManifestsAttributes().permissionsToString() + "' and the applet is signed. Forcing sandbox.");
+                    securityDelegate.setRunInSandbox();
                 }
                 if (sandboxForced == ManifestBoolean.FALSE && signing == SigningState.NONE) {
-                    throw new LaunchException("The 'permissions' attribute is '" + file.getManifestsAttributes().permissionsToString() + "' and the applet is unsigned. This is fatal.");
+                    OutputController.getLogger().log(OutputController.Level.WARNING_ALL, "The 'permissions' attribute is '" + file.getManifestsAttributes().permissionsToString() + "' and the applet is unsigned. Forcing sandbox.");
+                    securityDelegate.setRunInSandbox();
                 }
             }
         }
