/hg/icedtea-web: Fixed ManifestsAttributeValidator and RunInSandbox

aazores at icedtea.classpath.org aazores at icedtea.classpath.org
Mon Mar 24 18:08:27 UTC 2014 

changeset 80e5a57863e2 in /hg/icedtea-web
details: http://icedtea.classpath.org/hg/icedtea-web?cmd=changeset;node=80e5a57863e2
author: Andrew Azores <aazores at redhat.com>
date: Mon Mar 24 14:08:17 2014 -0400

	Fixed ManifestsAttributeValidator and RunInSandbox


diffstat:

 ChangeLog                                                           |   5 ++++
 netx/net/sourceforge/jnlp/runtime/ManifestsAttributesValidator.java |  11 +++++++--
 2 files changed, 13 insertions(+), 3 deletions(-)

diffs (40 lines):

diff -r c0845e58bfba -r 80e5a57863e2 ChangeLog
--- a/ChangeLog	Mon Mar 24 17:04:51 2014 +0100
+++ b/ChangeLog	Mon Mar 24 14:08:17 2014 -0400
@@ -1,3 +1,8 @@
+2014-03-24  Andrew Azores  <aazores at redhat.com>
+
+	* netx/net/sourceforge/jnlp/runtime/ManifestsAttributesValidator.java:
+	(checkTrustedOnlyAttrubute) works properly with sandboxing
+
 2014-03-24  Jiri Vanek  <jvanek at redhat.com>
 
 	Client applications now log into new console.
diff -r c0845e58bfba -r 80e5a57863e2 netx/net/sourceforge/jnlp/runtime/ManifestsAttributesValidator.java
--- a/netx/net/sourceforge/jnlp/runtime/ManifestsAttributesValidator.java	Mon Mar 24 17:04:51 2014 +0100
+++ b/netx/net/sourceforge/jnlp/runtime/ManifestsAttributesValidator.java	Mon Mar 24 14:08:17 2014 -0400
@@ -102,16 +102,21 @@
             securityType = "Unknown";
         }
 
-        final boolean isFullySigned = signing == SigningState.FULL || (signing == SigningState.PARTIAL && securityDelegate.getRunInSandbox());
+        final boolean isFullySigned = signing == SigningState.FULL;
+        final boolean isSandboxed = securityDelegate.getRunInSandbox();
+        final boolean requestsCorrectPermissions = (isFullySigned && SecurityDesc.ALL_PERMISSIONS.equals(desc))
+                || (isSandboxed && SecurityDesc.SANDBOX_PERMISSIONS.equals(desc));
         final String signedMsg;
-        if (isFullySigned) {
+        if (isFullySigned && !isSandboxed) {
             signedMsg = "The applet is fully signed";
+        } else if (isFullySigned && isSandboxed) {
+            signedMsg = "The applet is fully signed and sandboxed";
         } else {
             signedMsg = "The applet is not fully signed";
         }
         OutputController.getLogger().log(OutputController.Level.MESSAGE_DEBUG,
                 "Trusted Only manifest attribute is \"true\". " + signedMsg + " and requests permission level: " + securityType);
-        if (!(isFullySigned && SecurityDesc.ALL_PERMISSIONS.equals(desc))) {
+        if (!(isFullySigned && requestsCorrectPermissions)) {
             throw new LaunchException(Translator.R("STrustedOnlyAttributeFailure", signedMsg, securityType));
         }
     }

More information about the distro-pkg-dev mailing list