Mercurial > hg > release > icedtea-web-1.5

--- a/ChangeLog	Mon Mar 24 14:16:20 2014 -0400
+++ b/ChangeLog	Wed Mar 26 10:45:46 2014 -0400
@@ -1,3 +1,26 @@
+2014-03-26  Andrew Azores  <aazores@redhat.com>
+
+	Added many new permissions for PolicyEditor
+	* netx/net/sourceforge/jnlp/resources/Messages.properties: (PEWriteProps,
+	PEWritePropsDetail, PEWriteSystemFiles, PEWriteSystemFilesDetail,
+	PEAWTPermission, PEAWTPermissionDetail, PERecordAudio,
+	PERecordAudioDetail, PEReflection, PEReflectionDetail, PEClassLoader,
+	PEClassLoaderDetail, PEClassInPackage, PEClassInPackageDetail,
+	PEDeclaredMembers, PEDeclaredMembersDetail, PEExec, PEExecDetail,
+	PEGetEnv, PEGetEnvDetail): new messages. (PEAudio, PEAudioDetail) renamed
+	to PEPlayAudio{,Detail}.
+	* netx/net/sourceforge/jnlp/security/policyeditor/PermissionActions.java:
+	(EXECUTE) new action
+	* netx/net/sourceforge/jnlp/security/policyeditor/PermissionTarget.java:
+	(ALL_FILES, RECORD, REFLECT, GETENV, ACCESS_CLASS_IN_PACKAGE,
+	DECLARED_MEMBERS, CLASSLOADER) new targets
+	* netx/net/sourceforge/jnlp/security/policyeditor/PermissionType.java:
+	(REFLECT_PERMISSION) new type
+	* netx/net/sourceforge/jnlp/security/policyeditor/PolicyEditorPermissions.java:
+	(WRITE_PROPERTIES, WRITE_SYSTEM_FILES, JAVA_REFLECTION, GET_CLASSLOADER,
+	ACCESS_CLASS_IN_PACKAGE, ACCESS_DECLARED_MEMBERS, EXEC_COMMANDS, GET_ENV,
+	ALL_AWT, RECORD_AUDIO) new permissions. (AUDIO) renamed PLAY_AUDIO.
+
 2014-03-24  Andrew Azores  <aazores@redhat.com>

 	* netx/net/sourceforge/jnlp/runtime/ManifestsAttributesValidator.java:
--- a/netx/net/sourceforge/jnlp/resources/Messages.properties	Mon Mar 24 14:16:20 2014 -0400
+++ b/netx/net/sourceforge/jnlp/resources/Messages.properties	Wed Mar 26 10:45:46 2014 -0400
@@ -492,24 +492,44 @@
 PETitle=Policy Editor
 PEReadProps=Read system properties
 PEReadPropsDetail=Allow applets to read system properties such as your username and home directory location
+PEWriteProps=Write system properties
+PEWritePropsDetail=Allow applets to (over)write system properties
 PEReadFiles=Read from local files
 PEReadFilesDetail=Allow applets to read from files in your home directory
 PEWriteFiles=Write to local files
 PEWriteFilesDetail=Allow applets to write to files in your home directory
 PEReadSystemFiles=Read all system files
 PEReadSystemFilesDetail=Allow applets read-only access to all locations on your computer
+PEWriteSystemFiles=Write all system files
+PEWriteSystemFilesDetail=Allow applets write-only access to all locations on your computer
 PEReadTempFiles=Read from temp files
 PEReadTempFilesDetail=Allow applets to read from your temporary files directory
 PEWriteTempFiles=Write to temp files
 PEWriteTempFilesDetail=Allow applets to write to your temporary files directory
+PEAWTPermission=Window System Access
+PEAWTPermissionDetail=Allow applets all AWT windowing system access
 PEClipboard=Access clipboard
 PEClipboardDetail=Allow applets to read from and write to your clipboard
 PENetwork=Access the network
 PENetworkDetail=Allow applets to establish any network connections
 PEPrint=Print documents
 PEPrintDetail=Allow applets to queue print jobs
-PEAudio=Play sounds
-PEAudioDetail=Allow applets to play sounds, but not record
+PEPlayAudio=Play sounds
+PEPlayAudioDetail=Allow applets to play sounds, but not record
+PERecordAudio=Record audio
+PERecordAudioDetail=Allow applets to record audio, but not play back
+PEReflection=Java reflection
+PEReflectionDetail=Allow applets to access the Java Reflection API
+PEClassLoader=Get ClassLoader
+PEClassLoaderDetail=Allow applets to access the system classloader (often used with Reflection)
+PEClassInPackage=Access other packages
+PEClassInPackageDetail=Allow applets to access classes from other applet packages (often used with Reflection)
+PEDeclaredMembers=Access private class data
+PEDeclaredMembersDetail=Allow applets to access normally hidden data from other Java classes (often used with Reflection)
+PEExec=Execute commands
+PEExecDetail=Allow applets to execute system commands
+PEGetEnv=Get environment variables
+PEGetEnvDetail=Allow applets to read system environment variables
 PECouldNotOpen=Unable to open policy file
 PECouldNotSave=Unable to save policy file
 PEAddCodebase=Add new Codebase
--- a/netx/net/sourceforge/jnlp/security/policyeditor/PermissionActions.java	Mon Mar 24 14:16:20 2014 -0400
+++ b/netx/net/sourceforge/jnlp/security/policyeditor/PermissionActions.java	Wed Mar 26 10:45:46 2014 -0400
@@ -49,6 +49,7 @@
     NONE(""),
     READ("read"),
     WRITE("write"),
+    EXECUTE("execute"),
     ACCEPT("accept"),
     LISTEN("listen"),
     CONNECT("connect"),
--- a/netx/net/sourceforge/jnlp/security/policyeditor/PermissionTarget.java	Mon Mar 24 14:16:20 2014 -0400
+++ b/netx/net/sourceforge/jnlp/security/policyeditor/PermissionTarget.java	Wed Mar 26 10:45:46 2014 -0400
@@ -41,13 +41,20 @@
  */
 public enum PermissionTarget {

-	NONE(""),
+    NONE(""),
     ALL("*"),
+    ALL_FILES("<<ALL FILES>>"),
     USER_HOME("${user.home}${/}*"),
     TMPDIR("${java.io.tmpdir}${/}*"),
     CLIPBOARD("accessClipboard"),
     PRINT("queuePrintJob"),
-    PLAY("play");
+    PLAY("play"),
+    RECORD("record"),
+    REFLECT("suppressAccessChecks"),
+    GETENV("getenv.*"),
+    ACCESS_CLASS_IN_PACKAGE("accessClassInPackage.*"),
+    DECLARED_MEMBERS("accessDeclaredMembers"),
+    CLASSLOADER("getClassLoader");

     public final String target;
--- a/netx/net/sourceforge/jnlp/security/policyeditor/PermissionType.java	Mon Mar 24 14:16:20 2014 -0400
+++ b/netx/net/sourceforge/jnlp/security/policyeditor/PermissionType.java	Wed Mar 26 10:45:46 2014 -0400
@@ -47,7 +47,8 @@
     AWT_PERMISSION("java.awt.AWTPermission"),
     SOCKET_PERMISSION("java.net.SocketPermission"),
     RUNTIME_PERMISSION("java.lang.RuntimePermission"),
-    AUDIO_PERMISSION("javax.sound.sampled.AudioPermission");
+    AUDIO_PERMISSION("javax.sound.sampled.AudioPermission"),
+    REFLECT_PERMISSION("java.lang.reflect.ReflectPermission");

     public final String type;
--- a/netx/net/sourceforge/jnlp/security/policyeditor/PolicyEditorPermissions.java	Mon Mar 24 14:16:20 2014 -0400
+++ b/netx/net/sourceforge/jnlp/security/policyeditor/PolicyEditorPermissions.java	Wed Mar 26 10:45:46 2014 -0400
@@ -56,8 +56,14 @@
     READ_PROPERTIES(R("PEReadProps"), R("PEReadPropsDetail"),
             PermissionType.PROPERTY_PERMISSION, PermissionTarget.ALL, PermissionActions.READ),

+    WRITE_PROPERTIES(R("PEWriteProps"), R("PEWritePropsDetail"),
+            PermissionType.PROPERTY_PERMISSION, PermissionTarget.ALL, PermissionActions.WRITE),
+
     READ_SYSTEM_FILES(R("PEReadSystemFiles"), R("PEReadSystemFilesDetail"),
-            PermissionType.FILE_PERMISSION, PermissionTarget.ALL, PermissionActions.READ),
+            PermissionType.FILE_PERMISSION, PermissionTarget.ALL_FILES, PermissionActions.READ),
+
+    WRITE_SYSTEM_FILES(R("PEWriteSystemFiles"), R("PEWriteSystemFilesDetail"),
+            PermissionType.FILE_PERMISSION, PermissionTarget.ALL_FILES, PermissionActions.WRITE),

     READ_TMP_FILES(R("PEReadTempFiles"), R("PEReadTempFilesDetail"),
             PermissionType.FILE_PERMISSION, PermissionTarget.TMPDIR, PermissionActions.READ),
@@ -65,17 +71,41 @@
     WRITE_TMP_FILES(R("PEWriteTempFiles"), R("PEWriteTempFilesDetail"),
             PermissionType.FILE_PERMISSION, PermissionTarget.TMPDIR, PermissionActions.WRITE),

-    CLIPBOARD(R("PEClipboard"), R("PEClipboardDetail"),
-            PermissionType.AWT_PERMISSION, PermissionTarget.CLIPBOARD, PermissionActions.NONE),
+    JAVA_REFLECTION(R("PEReflection"), R("PEReflectionDetail"),
+            PermissionType.REFLECT_PERMISSION, PermissionTarget.REFLECT, PermissionActions.NONE),
+
+    GET_CLASSLOADER(R("PEClassLoader"), R("PEClassLoaderDetail"),
+            PermissionType.RUNTIME_PERMISSION, PermissionTarget.CLASSLOADER, PermissionActions.NONE),
+
+    ACCESS_CLASS_IN_PACKAGE(R("PEClassInPackage"), R("PEClassInPackageDetail"),
+            PermissionType.RUNTIME_PERMISSION, PermissionTarget.ACCESS_CLASS_IN_PACKAGE, PermissionActions.NONE),
+
+    ACCESS_DECLARED_MEMBERS(R("PEDeclaredMembers"), R("PEDeclaredMembersDetail"),
+            PermissionType.RUNTIME_PERMISSION, PermissionTarget.DECLARED_MEMBERS, PermissionActions.NONE),

     NETWORK(R("PENetwork"), R("PENetworkDetail"),
             PermissionType.SOCKET_PERMISSION, PermissionTarget.ALL, PermissionActions.NETALL),

-    PRINT(R("PEPrint"), R("PEPrintDetail"),
-            PermissionType.RUNTIME_PERMISSION, PermissionTarget.PRINT, PermissionActions.NONE),
+    EXEC_COMMANDS(R("PEExec"), R("PEExecDetail"),
+            PermissionType.FILE_PERMISSION, PermissionTarget.ALL_FILES, PermissionActions.EXECUTE),
+
+    GET_ENV(R("PEGetEnv"), R("PEGetEnvDetail"),
+            PermissionType.RUNTIME_PERMISSION, PermissionTarget.GETENV, PermissionActions.NONE),
+
+    ALL_AWT(R("PEAWTPermission"), R("PEAWTPermissionDetail"),
+            PermissionType.AWT_PERMISSION, PermissionTarget.ALL, PermissionActions.NONE),

-    AUDIO(R("PEAudio"), R("PEAudioDetail"),
-            PermissionType.AUDIO_PERMISSION, PermissionTarget.PLAY, PermissionActions.NONE);
+    CLIPBOARD(R("PEClipboard"), R("PEClipboardDetail"),
+            PermissionType.AWT_PERMISSION, PermissionTarget.CLIPBOARD, PermissionActions.NONE),
+
+    PLAY_AUDIO(R("PEPlayAudio"), R("PEPlayAudioDetail"),
+            PermissionType.AUDIO_PERMISSION, PermissionTarget.PLAY, PermissionActions.NONE),
+
+    RECORD_AUDIO(R("PERecordAudio"), R("PERecordAudioDetail"),
+            PermissionType.AUDIO_PERMISSION, PermissionTarget.RECORD, PermissionActions.NONE),
+
+    PRINT(R("PEPrint"), R("PEPrintDetail"),
+            PermissionType.RUNTIME_PERMISSION, PermissionTarget.PRINT, PermissionActions.NONE);

     private final String name, description;
     private final PermissionType type;