Mercurial > hg > release > icedtea-1.9

changeset 1631:3b8dcbd3d44d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fix harmless, but annoying OOB exception on browser exit. Fix exit permission checks.
author Deepak Bhole <dbhole@redhat.com>
date Tue, 10 Feb 2009 16:19:54 -0500
parents c402774cf211
children 5d4d8012aa03
files ChangeLog plugin/icedtea/sun/applet/PluginAppletSecurityContext.java plugin/icedtea/sun/applet/PluginStreamHandler.java rt/net/sourceforge/jnlp/runtime/JNLPRuntime.java rt/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java
diffstat 5 files changed, 43 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog	Sun Feb 08 08:33:04 2009 -0500
+++ b/ChangeLog	Tue Feb 10 16:19:54 2009 -0500
@@ -1,3 +1,13 @@
+2009-02-10  Deepak Bhole <dbhole@redhat.com>
+	* plugin/icedtea/sun/applet/PluginAppletSecurityContext.java: Fix
+	exit permissions for applets.
+	* plugin/icedtea/sun/applet/PluginStreamHandler.java: Fix harmless, but
+	annoying OOB exception on browser exit.
+	* rt/net/sourceforge/jnlp/runtime/JNLPRuntime.java: Add function to
+	'always' disable exit.
+	* rt/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java: Same, and
+	update support in checkPermission() for exit permissions.
+
 2009-02-08  Lillian Angel  <langel@redhat.com>
 
 	* Makefile.am: Updated sed to search for OpenJDK instead of IcedTea6. 
--- a/plugin/icedtea/sun/applet/PluginAppletSecurityContext.java	Sun Feb 08 08:33:04 2009 -0500
+++ b/plugin/icedtea/sun/applet/PluginAppletSecurityContext.java	Tue Feb 10 16:19:54 2009 -0500
@@ -54,7 +54,6 @@
 import java.security.PrivilegedAction;
 import java.security.ProtectionDomain;
 import java.util.ArrayList;
-import java.util.HashMap;
 import java.util.Hashtable;
 import java.util.List;
 
@@ -252,6 +251,8 @@
 			JNLPRuntime.initialize();
 		}
 
+		JNLPRuntime.disableExit();
+
 		this.classLoaders.put(liveconnectLoader, "file://");
 	}
 
--- a/plugin/icedtea/sun/applet/PluginStreamHandler.java	Sun Feb 08 08:33:04 2009 -0500
+++ b/plugin/icedtea/sun/applet/PluginStreamHandler.java	Tue Feb 10 16:19:54 2009 -0500
@@ -221,7 +221,10 @@
     	String rest = "";
 
     	String[] msgComponents = message.split(" ");
-    	
+    
+		if (msgComponents.length < 2)
+			return;
+	
     	// type and identifier are guaranteed to be there
     	String type = msgComponents[0];
     	final int identifier = Integer.parseInt(msgComponents[1]);
--- a/rt/net/sourceforge/jnlp/runtime/JNLPRuntime.java	Sun Feb 08 08:33:04 2009 -0500
+++ b/rt/net/sourceforge/jnlp/runtime/JNLPRuntime.java	Tue Feb 10 16:19:54 2009 -0500
@@ -285,6 +285,15 @@
         checkExitClass();
         security.setExitClass(exitClass);
     }
+    
+    /**
+     * Disables applets from calling exit.
+     * 
+     * Once disabled, exit cannot be re-enabled for the duration of the JVM instance
+     */
+    public static void disableExit() {
+    	security.disableExit();
+    }
 
     /**
      * Return the current Application, or null if none can be
--- a/rt/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java	Sun Feb 08 08:33:04 2009 -0500
+++ b/rt/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java	Tue Feb 10 16:19:54 2009 -0500
@@ -23,6 +23,7 @@
 import java.awt.event.WindowEvent;
 import java.lang.ref.WeakReference;
 import java.net.SocketPermission;
+import java.security.AccessControlException;
 import java.security.AccessController;
 import java.security.Permission;
 import java.security.PrivilegedAction;
@@ -102,6 +103,9 @@
 
     /** listener installs the app's classloader on the event dispatch thread */
     private ContextUpdater contextListener = new ContextUpdater();
+    
+    /** Sets whether or not exit is allowed (in the context of the plugin, this is always false) */
+    private boolean exitAllowed = true;
 
     private class ContextUpdater extends WindowAdapter implements PrivilegedAction {
         private ApplicationInstance app = null;
@@ -275,7 +279,7 @@
 			try {
 				super.checkPermission(perm);
 			} catch (SecurityException se) {
-				
+
 				//This section is a special case for dealing with SocketPermissions.
 				if (JNLPRuntime.isDebug())
 					System.err.println("Requesting permission: " + perm.toString());
@@ -436,9 +440,17 @@
      * behave normally, and the exit class can always exit the JVM.
      */
     public void checkExit(int status) {
-        super.checkExit(status);
 
+    	// applets are not allowed to exit, but the plugin main class (primordial loader) is
         Class stack[] = getClassContext();
+        if (!exitAllowed) {
+        	for (int i=0; i < stack.length; i++)
+        		if (stack[i].getClassLoader() != null)
+        			throw new AccessControlException("Applets may not call System.exit()");
+        }
+
+    	super.checkExit(status);
+        
         boolean realCall = (stack[1] == Runtime.class);
 
         if (isExitClass(stack)) // either exitClass called or no exitClass set
@@ -468,6 +480,10 @@
         throw closeAppEx;
     }
 
+    protected void disableExit() {
+    	exitAllowed = false;
+    }
+    
 }