/hg/icedtea-web: Fixed ManifestsAttributeValidator and RunInSandbox
aazores at icedtea.classpath.org
aazores at icedtea.classpath.org
Mon Mar 24 18:08:27 UTC 2014
changeset 80e5a57863e2 in /hg/icedtea-web
details: http://icedtea.classpath.org/hg/icedtea-web?cmd=changeset;node=80e5a57863e2
author: Andrew Azores <aazores at redhat.com>
date: Mon Mar 24 14:08:17 2014 -0400
Fixed ManifestsAttributeValidator and RunInSandbox
diffstat:
ChangeLog | 5 ++++
netx/net/sourceforge/jnlp/runtime/ManifestsAttributesValidator.java | 11 +++++++--
2 files changed, 13 insertions(+), 3 deletions(-)
diffs (40 lines):
diff -r c0845e58bfba -r 80e5a57863e2 ChangeLog
--- a/ChangeLog Mon Mar 24 17:04:51 2014 +0100
+++ b/ChangeLog Mon Mar 24 14:08:17 2014 -0400
@@ -1,3 +1,8 @@
+2014-03-24 Andrew Azores <aazores at redhat.com>
+
+ * netx/net/sourceforge/jnlp/runtime/ManifestsAttributesValidator.java:
+ (checkTrustedOnlyAttrubute) works properly with sandboxing
+
2014-03-24 Jiri Vanek <jvanek at redhat.com>
Client applications now log into new console.
diff -r c0845e58bfba -r 80e5a57863e2 netx/net/sourceforge/jnlp/runtime/ManifestsAttributesValidator.java
--- a/netx/net/sourceforge/jnlp/runtime/ManifestsAttributesValidator.java Mon Mar 24 17:04:51 2014 +0100
+++ b/netx/net/sourceforge/jnlp/runtime/ManifestsAttributesValidator.java Mon Mar 24 14:08:17 2014 -0400
@@ -102,16 +102,21 @@
securityType = "Unknown";
}
- final boolean isFullySigned = signing == SigningState.FULL || (signing == SigningState.PARTIAL && securityDelegate.getRunInSandbox());
+ final boolean isFullySigned = signing == SigningState.FULL;
+ final boolean isSandboxed = securityDelegate.getRunInSandbox();
+ final boolean requestsCorrectPermissions = (isFullySigned && SecurityDesc.ALL_PERMISSIONS.equals(desc))
+ || (isSandboxed && SecurityDesc.SANDBOX_PERMISSIONS.equals(desc));
final String signedMsg;
- if (isFullySigned) {
+ if (isFullySigned && !isSandboxed) {
signedMsg = "The applet is fully signed";
+ } else if (isFullySigned && isSandboxed) {
+ signedMsg = "The applet is fully signed and sandboxed";
} else {
signedMsg = "The applet is not fully signed";
}
OutputController.getLogger().log(OutputController.Level.MESSAGE_DEBUG,
"Trusted Only manifest attribute is \"true\". " + signedMsg + " and requests permission level: " + securityType);
- if (!(isFullySigned && SecurityDesc.ALL_PERMISSIONS.equals(desc))) {
+ if (!(isFullySigned && requestsCorrectPermissions)) {
throw new LaunchException(Translator.R("STrustedOnlyAttributeFailure", signedMsg, securityType));
}
}
More information about the distro-pkg-dev
mailing list