Mercurial > hg > icedtea9
changeset 2324:3918f39eab4d
Warn user if extended services are being used from unsigned code (even if
the main application code is signed).
author | Deepak Bhole <dbhole@redhat.com> |
---|---|
date | Wed, 28 Jul 2010 15:38:26 -0400 |
parents | 0165a4d30876 |
children | 645e965b61e7 |
files | ChangeLog netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java netx/net/sourceforge/jnlp/services/ServiceUtil.java |
diffstat | 3 files changed, 50 insertions(+), 26 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Wed Jul 28 15:36:19 2010 -0400 +++ b/ChangeLog Wed Jul 28 15:38:26 2010 -0400 @@ -1,3 +1,11 @@ +2010-07-28 Deepak Bhole <dbhole@redhat.com> + + * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java (getInstance): + Collapse new loader paths into base loader. + * netx/net/sourceforge/jnlp/services/ServiceUtil.java (checkAccess): Check + if calling code is trusted all the way to the end. If it isn't, prompt + user. + 2010-07-28 Deepak Bhole <dbhole@redhat.com> * netx/net/sourceforge/jnlp/resources/Messages.properties: Add new strings.
--- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Wed Jul 28 15:36:19 2010 -0400 +++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Wed Jul 28 15:38:26 2010 -0400 @@ -262,12 +262,10 @@ // loader is now current + ext. But we also need to think of // the baseLoader if (baseLoader != null && baseLoader != loader) { - for (URL u : loader.getURLs()) - baseLoader.addURL(u); - for (File nativeDirectory: loader.getNativeDirectories()) - baseLoader.addNativeDirectory(nativeDirectory); - - loader = baseLoader; + for (URL u : baseLoader.getURLs()) + loader.addURL(u); + for (File nativeDirectory: baseLoader.getNativeDirectories()) + loader.addNativeDirectory(nativeDirectory); } } else {
--- a/netx/net/sourceforge/jnlp/services/ServiceUtil.java Wed Jul 28 15:36:19 2010 -0400 +++ b/netx/net/sourceforge/jnlp/services/ServiceUtil.java Wed Jul 28 15:38:26 2010 -0400 @@ -225,9 +225,9 @@ } /** - * Returns whether the app requesting a service is signed. If the app is - * unsigned, the user is prompted with a dialog asking if the action - * should be allowed. + * Returns whether the app requesting a service has the right permissions. + * If it doesn't, user is prompted for permissions. + * * @param app the application which is requesting the check. If null, the current * application is used. * @param type the type of access being requested @@ -239,12 +239,37 @@ SecurityWarningDialog.AccessType type, Object... extras) { - if (app == null) { - app = JNLPRuntime.getApplication(); + if (app == null) + app = JNLPRuntime.getApplication(); + + boolean codeTrusted = true; + + StackTraceElement[] stack = Thread.currentThread().getStackTrace(); + + for (int i=0; i < stack.length; i++) { + + Class c = null; + + try { + c = Class.forName(stack[i].getClassName()); + } catch (Exception e1) { + try { + c = Class.forName(stack[i].getClassName(), false, app.getClassLoader()); + } catch (Exception e2) { + System.err.println(e2.getMessage()); + } + } + + // Everything up to the desired class/method must be trusted + if (c == null || // class not found + ( c.getProtectionDomain().getCodeSource() != null && // class is not in bootclasspath + c.getProtectionDomain().getCodeSource().getCodeSigners() == null) // class is trusted + ) { + codeTrusted = false; + } } - if (app != null) { - if (!app.isSigned()) { + if (!codeTrusted) { final SecurityWarningDialog.AccessType tmpType = type; final Object[] tmpExtras = extras; final ApplicationInstance tmpApp = app; @@ -252,24 +277,17 @@ //We need to do this to allow proper icon loading for unsigned //applets, otherwise permissions won't be granted to load icons //from resources.jar. - Object o = AccessController.doPrivileged(new PrivilegedAction() { - public Object run() { + Boolean b = AccessController.doPrivileged(new PrivilegedAction<Boolean>() { + public Boolean run() { boolean b = SecurityWarningDialog.showAccessWarningDialog(tmpType, tmpApp.getJNLPFile(), tmpExtras); - return (Object) new Boolean(b); + return new Boolean(b); } }); - return ((Boolean)o).booleanValue(); - - } else if (app.isSigned()) { + return b.booleanValue(); + } - //just return true here regardless if the app - //has signing issues -- at this point the user would've - //already decided to run the app anyways. - return true; - } - } - return false; //deny + return true; //allow } }