Mercurial > hg > icedtea
changeset 1626:efecea0d299f
Transplanted from IcedTea6 3b8dcbd3d44d
2009-02-10 Deepak Bhole <dbhole@redhat.com>
* plugin/icedtea/sun/applet/PluginAppletSecurityContext.java: Fix
exit permissions for applets.
* plugin/icedtea/sun/applet/PluginStreamHandler.java: Fix harmless, but
annoying OOB exception on browser exit.
* overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/runtime/JNLPRuntime.java: Add function to
'always' disable exit.
* overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java: Same, and
update support in checkPermission() for exit permissions.
author | Andrew John Hughes <ahughes@redhat.com> |
---|---|
date | Mon, 02 Mar 2009 21:55:35 +0000 |
parents | 31f193267f48 |
children | 2fc5fc367791 |
files | ChangeLog overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/runtime/JNLPRuntime.java overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java plugin/icedtea/sun/applet/PluginAppletSecurityContext.java plugin/icedtea/sun/applet/PluginStreamHandler.java |
diffstat | 5 files changed, 41 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Mon Mar 02 17:56:43 2009 +0000 +++ b/ChangeLog Mon Mar 02 21:55:35 2009 +0000 @@ -927,6 +927,16 @@ * patches/icedtea-copy-plugs.patch: Recreated due to S6702956. +2009-02-10 Deepak Bhole <dbhole@redhat.com> + * plugin/icedtea/sun/applet/PluginAppletSecurityContext.java: Fix + exit permissions for applets. + * plugin/icedtea/sun/applet/PluginStreamHandler.java: Fix harmless, but + annoying OOB exception on browser exit. + * rt/net/sourceforge/jnlp/runtime/JNLPRuntime.java: Add function to + 'always' disable exit. + * rt/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java: Same, and + update support in checkPermission() for exit permissions. + 2009-02-08 Lillian Angel <langel@redhat.com> * Makefile.am: Updated sed to search for OpenJDK instead of IcedTea6.
--- a/overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/runtime/JNLPRuntime.java Mon Mar 02 17:56:43 2009 +0000 +++ b/overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/runtime/JNLPRuntime.java Mon Mar 02 21:55:35 2009 +0000 @@ -287,6 +287,15 @@ } /** + * Disables applets from calling exit. + * + * Once disabled, exit cannot be re-enabled for the duration of the JVM instance + */ + public static void disableExit() { + security.disableExit(); + } + + /** * Return the current Application, or null if none can be * determined. */
--- a/overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java Mon Mar 02 17:56:43 2009 +0000 +++ b/overlays/openjdk/jdk/src/share/classes/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java Mon Mar 02 21:55:35 2009 +0000 @@ -23,6 +23,7 @@ import java.awt.event.WindowEvent; import java.lang.ref.WeakReference; import java.net.SocketPermission; +import java.security.AccessControlException; import java.security.AccessController; import java.security.Permission; import java.security.PrivilegedAction; @@ -103,6 +104,9 @@ /** listener installs the app's classloader on the event dispatch thread */ private ContextUpdater contextListener = new ContextUpdater(); + /** Sets whether or not exit is allowed (in the context of the plugin, this is always false) */ + private boolean exitAllowed = true; + private class ContextUpdater extends WindowAdapter implements PrivilegedAction { private ApplicationInstance app = null; @@ -436,9 +440,16 @@ * behave normally, and the exit class can always exit the JVM. */ public void checkExit(int status) { - super.checkExit(status); + // applets are not allowed to exit, but the plugin main class (primordial loader) is + Class stack[] = getClassContext(); + if (!exitAllowed) { + for (int i=0; i < stack.length; i++) + if (stack[i].getClassLoader() != null) + throw new AccessControlException("Applets may not call System.exit()"); + } - Class stack[] = getClassContext(); + super.checkExit(status); + boolean realCall = (stack[1] == Runtime.class); if (isExitClass(stack)) // either exitClass called or no exitClass set @@ -468,6 +479,9 @@ throw closeAppEx; } + protected void disableExit() { + exitAllowed = false; + } }
--- a/plugin/icedtea/sun/applet/PluginAppletSecurityContext.java Mon Mar 02 17:56:43 2009 +0000 +++ b/plugin/icedtea/sun/applet/PluginAppletSecurityContext.java Mon Mar 02 21:55:35 2009 +0000 @@ -54,7 +54,6 @@ import java.security.PrivilegedAction; import java.security.ProtectionDomain; import java.util.ArrayList; -import java.util.HashMap; import java.util.Hashtable; import java.util.List; @@ -252,6 +251,8 @@ JNLPRuntime.initialize(); } + JNLPRuntime.disableExit(); + this.classLoaders.put(liveconnectLoader, "file://"); }
--- a/plugin/icedtea/sun/applet/PluginStreamHandler.java Mon Mar 02 17:56:43 2009 +0000 +++ b/plugin/icedtea/sun/applet/PluginStreamHandler.java Mon Mar 02 21:55:35 2009 +0000 @@ -221,7 +221,10 @@ String rest = ""; String[] msgComponents = message.split(" "); - + + if (msgComponents.length < 2) + return; + // type and identifier are guaranteed to be there String type = msgComponents[0]; final int identifier = Integer.parseInt(msgComponents[1]);