Mercurial > hg > release > icedtea-web-1.5
changeset 950:689447c4d6bd
Added many new permissions for PolicyEditor
* netx/net/sourceforge/jnlp/resources/Messages.properties: (PEWriteProps,
PEWritePropsDetail, PEWriteSystemFiles, PEWriteSystemFilesDetail,
PEAWTPermission, PEAWTPermissionDetail, PERecordAudio,
PERecordAudioDetail, PEReflection, PEReflectionDetail, PEClassLoader,
PEClassLoaderDetail, PEClassInPackage, PEClassInPackageDetail,
PEDeclaredMembers, PEDeclaredMembersDetail, PEExec, PEExecDetail,
PEGetEnv, PEGetEnvDetail): new messages. (PEAudio, PEAudioDetail) renamed
to PEPlayAudio{,Detail}.
* netx/net/sourceforge/jnlp/security/policyeditor/PermissionActions.java:
(EXECUTE) new action
* netx/net/sourceforge/jnlp/security/policyeditor/PermissionTarget.java:
(ALL_FILES, RECORD, REFLECT, GETENV, ACCESS_CLASS_IN_PACKAGE,
DECLARED_MEMBERS, CLASSLOADER) new targets
* netx/net/sourceforge/jnlp/security/policyeditor/PermissionType.java:
(REFLECT_PERMISSION) new type
* netx/net/sourceforge/jnlp/security/policyeditor/PolicyEditorPermissions.java:
(WRITE_PROPERTIES, WRITE_SYSTEM_FILES, JAVA_REFLECTION, GET_CLASSLOADER,
ACCESS_CLASS_IN_PACKAGE, ACCESS_DECLARED_MEMBERS, EXEC_COMMANDS, GET_ENV,
ALL_AWT, RECORD_AUDIO) new permissions. (AUDIO) renamed PLAY_AUDIO.
author | Andrew Azores <aazores@redhat.com> |
---|---|
date | Wed, 26 Mar 2014 10:45:46 -0400 |
parents | d0069afaeaff |
children | fcb9dcf1c83c |
files | ChangeLog netx/net/sourceforge/jnlp/resources/Messages.properties netx/net/sourceforge/jnlp/security/policyeditor/PermissionActions.java netx/net/sourceforge/jnlp/security/policyeditor/PermissionTarget.java netx/net/sourceforge/jnlp/security/policyeditor/PermissionType.java netx/net/sourceforge/jnlp/security/policyeditor/PolicyEditorPermissions.java |
diffstat | 6 files changed, 94 insertions(+), 12 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Mon Mar 24 14:16:20 2014 -0400 +++ b/ChangeLog Wed Mar 26 10:45:46 2014 -0400 @@ -1,3 +1,26 @@ +2014-03-26 Andrew Azores <aazores@redhat.com> + + Added many new permissions for PolicyEditor + * netx/net/sourceforge/jnlp/resources/Messages.properties: (PEWriteProps, + PEWritePropsDetail, PEWriteSystemFiles, PEWriteSystemFilesDetail, + PEAWTPermission, PEAWTPermissionDetail, PERecordAudio, + PERecordAudioDetail, PEReflection, PEReflectionDetail, PEClassLoader, + PEClassLoaderDetail, PEClassInPackage, PEClassInPackageDetail, + PEDeclaredMembers, PEDeclaredMembersDetail, PEExec, PEExecDetail, + PEGetEnv, PEGetEnvDetail): new messages. (PEAudio, PEAudioDetail) renamed + to PEPlayAudio{,Detail}. + * netx/net/sourceforge/jnlp/security/policyeditor/PermissionActions.java: + (EXECUTE) new action + * netx/net/sourceforge/jnlp/security/policyeditor/PermissionTarget.java: + (ALL_FILES, RECORD, REFLECT, GETENV, ACCESS_CLASS_IN_PACKAGE, + DECLARED_MEMBERS, CLASSLOADER) new targets + * netx/net/sourceforge/jnlp/security/policyeditor/PermissionType.java: + (REFLECT_PERMISSION) new type + * netx/net/sourceforge/jnlp/security/policyeditor/PolicyEditorPermissions.java: + (WRITE_PROPERTIES, WRITE_SYSTEM_FILES, JAVA_REFLECTION, GET_CLASSLOADER, + ACCESS_CLASS_IN_PACKAGE, ACCESS_DECLARED_MEMBERS, EXEC_COMMANDS, GET_ENV, + ALL_AWT, RECORD_AUDIO) new permissions. (AUDIO) renamed PLAY_AUDIO. + 2014-03-24 Andrew Azores <aazores@redhat.com> * netx/net/sourceforge/jnlp/runtime/ManifestsAttributesValidator.java:
--- a/netx/net/sourceforge/jnlp/resources/Messages.properties Mon Mar 24 14:16:20 2014 -0400 +++ b/netx/net/sourceforge/jnlp/resources/Messages.properties Wed Mar 26 10:45:46 2014 -0400 @@ -492,24 +492,44 @@ PETitle=Policy Editor PEReadProps=Read system properties PEReadPropsDetail=Allow applets to read system properties such as your username and home directory location +PEWriteProps=Write system properties +PEWritePropsDetail=Allow applets to (over)write system properties PEReadFiles=Read from local files PEReadFilesDetail=Allow applets to read from files in your home directory PEWriteFiles=Write to local files PEWriteFilesDetail=Allow applets to write to files in your home directory PEReadSystemFiles=Read all system files PEReadSystemFilesDetail=Allow applets read-only access to all locations on your computer +PEWriteSystemFiles=Write all system files +PEWriteSystemFilesDetail=Allow applets write-only access to all locations on your computer PEReadTempFiles=Read from temp files PEReadTempFilesDetail=Allow applets to read from your temporary files directory PEWriteTempFiles=Write to temp files PEWriteTempFilesDetail=Allow applets to write to your temporary files directory +PEAWTPermission=Window System Access +PEAWTPermissionDetail=Allow applets all AWT windowing system access PEClipboard=Access clipboard PEClipboardDetail=Allow applets to read from and write to your clipboard PENetwork=Access the network PENetworkDetail=Allow applets to establish any network connections PEPrint=Print documents PEPrintDetail=Allow applets to queue print jobs -PEAudio=Play sounds -PEAudioDetail=Allow applets to play sounds, but not record +PEPlayAudio=Play sounds +PEPlayAudioDetail=Allow applets to play sounds, but not record +PERecordAudio=Record audio +PERecordAudioDetail=Allow applets to record audio, but not play back +PEReflection=Java reflection +PEReflectionDetail=Allow applets to access the Java Reflection API +PEClassLoader=Get ClassLoader +PEClassLoaderDetail=Allow applets to access the system classloader (often used with Reflection) +PEClassInPackage=Access other packages +PEClassInPackageDetail=Allow applets to access classes from other applet packages (often used with Reflection) +PEDeclaredMembers=Access private class data +PEDeclaredMembersDetail=Allow applets to access normally hidden data from other Java classes (often used with Reflection) +PEExec=Execute commands +PEExecDetail=Allow applets to execute system commands +PEGetEnv=Get environment variables +PEGetEnvDetail=Allow applets to read system environment variables PECouldNotOpen=Unable to open policy file PECouldNotSave=Unable to save policy file PEAddCodebase=Add new Codebase
--- a/netx/net/sourceforge/jnlp/security/policyeditor/PermissionActions.java Mon Mar 24 14:16:20 2014 -0400 +++ b/netx/net/sourceforge/jnlp/security/policyeditor/PermissionActions.java Wed Mar 26 10:45:46 2014 -0400 @@ -49,6 +49,7 @@ NONE(""), READ("read"), WRITE("write"), + EXECUTE("execute"), ACCEPT("accept"), LISTEN("listen"), CONNECT("connect"),
--- a/netx/net/sourceforge/jnlp/security/policyeditor/PermissionTarget.java Mon Mar 24 14:16:20 2014 -0400 +++ b/netx/net/sourceforge/jnlp/security/policyeditor/PermissionTarget.java Wed Mar 26 10:45:46 2014 -0400 @@ -41,13 +41,20 @@ */ public enum PermissionTarget { - NONE(""), + NONE(""), ALL("*"), + ALL_FILES("<<ALL FILES>>"), USER_HOME("${user.home}${/}*"), TMPDIR("${java.io.tmpdir}${/}*"), CLIPBOARD("accessClipboard"), PRINT("queuePrintJob"), - PLAY("play"); + PLAY("play"), + RECORD("record"), + REFLECT("suppressAccessChecks"), + GETENV("getenv.*"), + ACCESS_CLASS_IN_PACKAGE("accessClassInPackage.*"), + DECLARED_MEMBERS("accessDeclaredMembers"), + CLASSLOADER("getClassLoader"); public final String target;
--- a/netx/net/sourceforge/jnlp/security/policyeditor/PermissionType.java Mon Mar 24 14:16:20 2014 -0400 +++ b/netx/net/sourceforge/jnlp/security/policyeditor/PermissionType.java Wed Mar 26 10:45:46 2014 -0400 @@ -47,7 +47,8 @@ AWT_PERMISSION("java.awt.AWTPermission"), SOCKET_PERMISSION("java.net.SocketPermission"), RUNTIME_PERMISSION("java.lang.RuntimePermission"), - AUDIO_PERMISSION("javax.sound.sampled.AudioPermission"); + AUDIO_PERMISSION("javax.sound.sampled.AudioPermission"), + REFLECT_PERMISSION("java.lang.reflect.ReflectPermission"); public final String type;
--- a/netx/net/sourceforge/jnlp/security/policyeditor/PolicyEditorPermissions.java Mon Mar 24 14:16:20 2014 -0400 +++ b/netx/net/sourceforge/jnlp/security/policyeditor/PolicyEditorPermissions.java Wed Mar 26 10:45:46 2014 -0400 @@ -56,8 +56,14 @@ READ_PROPERTIES(R("PEReadProps"), R("PEReadPropsDetail"), PermissionType.PROPERTY_PERMISSION, PermissionTarget.ALL, PermissionActions.READ), + WRITE_PROPERTIES(R("PEWriteProps"), R("PEWritePropsDetail"), + PermissionType.PROPERTY_PERMISSION, PermissionTarget.ALL, PermissionActions.WRITE), + READ_SYSTEM_FILES(R("PEReadSystemFiles"), R("PEReadSystemFilesDetail"), - PermissionType.FILE_PERMISSION, PermissionTarget.ALL, PermissionActions.READ), + PermissionType.FILE_PERMISSION, PermissionTarget.ALL_FILES, PermissionActions.READ), + + WRITE_SYSTEM_FILES(R("PEWriteSystemFiles"), R("PEWriteSystemFilesDetail"), + PermissionType.FILE_PERMISSION, PermissionTarget.ALL_FILES, PermissionActions.WRITE), READ_TMP_FILES(R("PEReadTempFiles"), R("PEReadTempFilesDetail"), PermissionType.FILE_PERMISSION, PermissionTarget.TMPDIR, PermissionActions.READ), @@ -65,17 +71,41 @@ WRITE_TMP_FILES(R("PEWriteTempFiles"), R("PEWriteTempFilesDetail"), PermissionType.FILE_PERMISSION, PermissionTarget.TMPDIR, PermissionActions.WRITE), - CLIPBOARD(R("PEClipboard"), R("PEClipboardDetail"), - PermissionType.AWT_PERMISSION, PermissionTarget.CLIPBOARD, PermissionActions.NONE), + JAVA_REFLECTION(R("PEReflection"), R("PEReflectionDetail"), + PermissionType.REFLECT_PERMISSION, PermissionTarget.REFLECT, PermissionActions.NONE), + + GET_CLASSLOADER(R("PEClassLoader"), R("PEClassLoaderDetail"), + PermissionType.RUNTIME_PERMISSION, PermissionTarget.CLASSLOADER, PermissionActions.NONE), + + ACCESS_CLASS_IN_PACKAGE(R("PEClassInPackage"), R("PEClassInPackageDetail"), + PermissionType.RUNTIME_PERMISSION, PermissionTarget.ACCESS_CLASS_IN_PACKAGE, PermissionActions.NONE), + + ACCESS_DECLARED_MEMBERS(R("PEDeclaredMembers"), R("PEDeclaredMembersDetail"), + PermissionType.RUNTIME_PERMISSION, PermissionTarget.DECLARED_MEMBERS, PermissionActions.NONE), NETWORK(R("PENetwork"), R("PENetworkDetail"), PermissionType.SOCKET_PERMISSION, PermissionTarget.ALL, PermissionActions.NETALL), - PRINT(R("PEPrint"), R("PEPrintDetail"), - PermissionType.RUNTIME_PERMISSION, PermissionTarget.PRINT, PermissionActions.NONE), + EXEC_COMMANDS(R("PEExec"), R("PEExecDetail"), + PermissionType.FILE_PERMISSION, PermissionTarget.ALL_FILES, PermissionActions.EXECUTE), + + GET_ENV(R("PEGetEnv"), R("PEGetEnvDetail"), + PermissionType.RUNTIME_PERMISSION, PermissionTarget.GETENV, PermissionActions.NONE), + + ALL_AWT(R("PEAWTPermission"), R("PEAWTPermissionDetail"), + PermissionType.AWT_PERMISSION, PermissionTarget.ALL, PermissionActions.NONE), - AUDIO(R("PEAudio"), R("PEAudioDetail"), - PermissionType.AUDIO_PERMISSION, PermissionTarget.PLAY, PermissionActions.NONE); + CLIPBOARD(R("PEClipboard"), R("PEClipboardDetail"), + PermissionType.AWT_PERMISSION, PermissionTarget.CLIPBOARD, PermissionActions.NONE), + + PLAY_AUDIO(R("PEPlayAudio"), R("PEPlayAudioDetail"), + PermissionType.AUDIO_PERMISSION, PermissionTarget.PLAY, PermissionActions.NONE), + + RECORD_AUDIO(R("PERecordAudio"), R("PERecordAudioDetail"), + PermissionType.AUDIO_PERMISSION, PermissionTarget.RECORD, PermissionActions.NONE), + + PRINT(R("PEPrint"), R("PEPrintDetail"), + PermissionType.RUNTIME_PERMISSION, PermissionTarget.PRINT, PermissionActions.NONE); private final String name, description; private final PermissionType type;