Mercurial > hg > release > icedtea-web-1.5

changeset 943:48f3658a7efd

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
ManifestsAttributeValidator works with RunInSandbox * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java: pass SecurityDelegate to ManifestsAttributesValidator * netx/net/sourceforge/jnlp/runtime/ManifestsAttributesValidator.java: (securityDelegate) new field, added to constructor. (checkTrustedOnlyAttribute, checkPermissionsAttribute) works with RunInSandbox.
author Andrew Azores <aazores@redhat.com>
date Mon, 24 Mar 2014 09:14:04 -0400
parents 022f56ff692f
children a958ecb160f6
files ChangeLog netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java netx/net/sourceforge/jnlp/runtime/ManifestsAttributesValidator.java
diffstat 3 files changed, 20 insertions(+), 5 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog	Thu Mar 20 15:45:13 2014 -0400
+++ b/ChangeLog	Mon Mar 24 09:14:04 2014 -0400
@@ -1,3 +1,12 @@
+2014-03-24  Andrew Azores  <aazores@redhat.com>
+
+	* netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java: pass
+	SecurityDelegate to ManifestsAttributesValidator
+	* netx/net/sourceforge/jnlp/runtime/ManifestsAttributesValidator.java:
+	(securityDelegate) new field, added to constructor.
+	(checkTrustedOnlyAttribute, checkPermissionsAttribute) works with
+	RunInSandbox.
+
 2014-03-20  Andrew Azores  <aazores@redhat.com>
 
 	Trusted-only manifest attribute implementation
--- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java	Thu Mar 20 15:45:13 2014 -0400
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java	Mon Mar 24 09:14:04 2014 -0400
@@ -284,7 +284,7 @@
 
         setSecurity();
 
-        ManifestsAttributesValidator mav = new ManifestsAttributesValidator(security, file, signing);
+        ManifestsAttributesValidator mav = new ManifestsAttributesValidator(security, file, signing, securityDelegate);
         mav.checkTrustedOnlyAttribute();
         mav.checkCodebaseAttribute();
         mav.checkPermissionsAttribute();
--- a/netx/net/sourceforge/jnlp/runtime/ManifestsAttributesValidator.java	Thu Mar 20 15:45:13 2014 -0400
+++ b/netx/net/sourceforge/jnlp/runtime/ManifestsAttributesValidator.java	Mon Mar 24 09:14:04 2014 -0400
@@ -39,6 +39,7 @@
 import java.net.URL;
 import java.util.HashSet;
 import java.util.Set;
+
 import net.sourceforge.jnlp.ExtensionDesc;
 import net.sourceforge.jnlp.JARDesc;
 import net.sourceforge.jnlp.JNLPFile;
@@ -47,6 +48,7 @@
 import net.sourceforge.jnlp.PluginBridge;
 import net.sourceforge.jnlp.ResourcesDesc;
 import net.sourceforge.jnlp.SecurityDesc;
+import net.sourceforge.jnlp.runtime.JNLPClassLoader.SecurityDelegate;
 import net.sourceforge.jnlp.runtime.JNLPClassLoader.SigningState;
 import net.sourceforge.jnlp.security.SecurityDialogs;
 import net.sourceforge.jnlp.security.appletextendedsecurity.AppletSecurityLevel;
@@ -60,11 +62,14 @@
     private final SecurityDesc security;
     private final JNLPFile file;
     private final SigningState signing;
+    private final SecurityDelegate securityDelegate;
 
-    public ManifestsAttributesValidator(SecurityDesc security, JNLPFile file, SigningState signing) {
+    public ManifestsAttributesValidator(final SecurityDesc security, final JNLPFile file,
+            final SigningState signing, final SecurityDelegate securityDelegate) {
         this.security = security;
         this.file = file;
         this.signing = signing;
+        this.securityDelegate = securityDelegate;
     }
 
     /**
@@ -97,7 +102,7 @@
             securityType = "Unknown";
         }
 
-        final boolean isFullySigned = signing == SigningState.FULL;
+        final boolean isFullySigned = signing == SigningState.FULL || (signing == SigningState.PARTIAL && securityDelegate.getRunInSandbox());
         final String signedMsg;
         if (isFullySigned) {
             signedMsg = "The applet is fully signed";
@@ -152,8 +157,9 @@
     void checkPermissionsAttribute() throws LaunchException {
         final ManifestBoolean permissions = file.getManifestsAttributes().isSandboxForced();
         AppletSecurityLevel level = AppletStartupSecuritySettings.getInstance().getSecurityLevel();
-        if (level == AppletSecurityLevel.ALLOW_UNSIGNED) {
-            OutputController.getLogger().log(OutputController.Level.WARNING_ALL, "Although 'permissions' attribute of this application is '" + file.getManifestsAttributes().permissionsToString() + "' Your Extended applets security is at 'low', continuing");
+        if (level == AppletSecurityLevel.ALLOW_UNSIGNED || securityDelegate.getRunInSandbox()) {
+            OutputController.getLogger().log(OutputController.Level.WARNING_ALL, "Although 'permissions' attribute of this application is '" + file.getManifestsAttributes().permissionsToString()
+                    + "' Your Extended applets security is at 'low', or you have specifically chosen to run the applet Sandboxed. Continuing");
             return;
         }
         switch (permissions) {