Mercurial > hg > release > icedtea-web-1.5
changeset 943:48f3658a7efd
ManifestsAttributeValidator works with RunInSandbox
* netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java: pass
SecurityDelegate to ManifestsAttributesValidator
* netx/net/sourceforge/jnlp/runtime/ManifestsAttributesValidator.java:
(securityDelegate) new field, added to constructor.
(checkTrustedOnlyAttribute, checkPermissionsAttribute) works with
RunInSandbox.
author | Andrew Azores <aazores@redhat.com> |
---|---|
date | Mon, 24 Mar 2014 09:14:04 -0400 |
parents | 022f56ff692f |
children | a958ecb160f6 |
files | ChangeLog netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java netx/net/sourceforge/jnlp/runtime/ManifestsAttributesValidator.java |
diffstat | 3 files changed, 20 insertions(+), 5 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Thu Mar 20 15:45:13 2014 -0400 +++ b/ChangeLog Mon Mar 24 09:14:04 2014 -0400 @@ -1,3 +1,12 @@ +2014-03-24 Andrew Azores <aazores@redhat.com> + + * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java: pass + SecurityDelegate to ManifestsAttributesValidator + * netx/net/sourceforge/jnlp/runtime/ManifestsAttributesValidator.java: + (securityDelegate) new field, added to constructor. + (checkTrustedOnlyAttribute, checkPermissionsAttribute) works with + RunInSandbox. + 2014-03-20 Andrew Azores <aazores@redhat.com> Trusted-only manifest attribute implementation
--- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Thu Mar 20 15:45:13 2014 -0400 +++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Mon Mar 24 09:14:04 2014 -0400 @@ -284,7 +284,7 @@ setSecurity(); - ManifestsAttributesValidator mav = new ManifestsAttributesValidator(security, file, signing); + ManifestsAttributesValidator mav = new ManifestsAttributesValidator(security, file, signing, securityDelegate); mav.checkTrustedOnlyAttribute(); mav.checkCodebaseAttribute(); mav.checkPermissionsAttribute();
--- a/netx/net/sourceforge/jnlp/runtime/ManifestsAttributesValidator.java Thu Mar 20 15:45:13 2014 -0400 +++ b/netx/net/sourceforge/jnlp/runtime/ManifestsAttributesValidator.java Mon Mar 24 09:14:04 2014 -0400 @@ -39,6 +39,7 @@ import java.net.URL; import java.util.HashSet; import java.util.Set; + import net.sourceforge.jnlp.ExtensionDesc; import net.sourceforge.jnlp.JARDesc; import net.sourceforge.jnlp.JNLPFile; @@ -47,6 +48,7 @@ import net.sourceforge.jnlp.PluginBridge; import net.sourceforge.jnlp.ResourcesDesc; import net.sourceforge.jnlp.SecurityDesc; +import net.sourceforge.jnlp.runtime.JNLPClassLoader.SecurityDelegate; import net.sourceforge.jnlp.runtime.JNLPClassLoader.SigningState; import net.sourceforge.jnlp.security.SecurityDialogs; import net.sourceforge.jnlp.security.appletextendedsecurity.AppletSecurityLevel; @@ -60,11 +62,14 @@ private final SecurityDesc security; private final JNLPFile file; private final SigningState signing; + private final SecurityDelegate securityDelegate; - public ManifestsAttributesValidator(SecurityDesc security, JNLPFile file, SigningState signing) { + public ManifestsAttributesValidator(final SecurityDesc security, final JNLPFile file, + final SigningState signing, final SecurityDelegate securityDelegate) { this.security = security; this.file = file; this.signing = signing; + this.securityDelegate = securityDelegate; } /** @@ -97,7 +102,7 @@ securityType = "Unknown"; } - final boolean isFullySigned = signing == SigningState.FULL; + final boolean isFullySigned = signing == SigningState.FULL || (signing == SigningState.PARTIAL && securityDelegate.getRunInSandbox()); final String signedMsg; if (isFullySigned) { signedMsg = "The applet is fully signed"; @@ -152,8 +157,9 @@ void checkPermissionsAttribute() throws LaunchException { final ManifestBoolean permissions = file.getManifestsAttributes().isSandboxForced(); AppletSecurityLevel level = AppletStartupSecuritySettings.getInstance().getSecurityLevel(); - if (level == AppletSecurityLevel.ALLOW_UNSIGNED) { - OutputController.getLogger().log(OutputController.Level.WARNING_ALL, "Although 'permissions' attribute of this application is '" + file.getManifestsAttributes().permissionsToString() + "' Your Extended applets security is at 'low', continuing"); + if (level == AppletSecurityLevel.ALLOW_UNSIGNED || securityDelegate.getRunInSandbox()) { + OutputController.getLogger().log(OutputController.Level.WARNING_ALL, "Although 'permissions' attribute of this application is '" + file.getManifestsAttributes().permissionsToString() + + "' Your Extended applets security is at 'low', or you have specifically chosen to run the applet Sandboxed. Continuing"); return; } switch (permissions) {