Mercurial > hg > release > icedtea-web-1.5
changeset 1042:a7ed0ba86302
Tuned permissions attribute behavior for unsigned jnlps
* NEWS: change of permissions attribute mentioned in news
* netx/net/sourceforge/jnlp/runtime/ManifestAttributesChecker.java:permissions sandbox and signed app and unsigned app with permissions all-permissions now run in sandbox instead of not at all.
author | Jiri Vanek <jvanek@redhat.com> |
---|---|
date | Mon, 20 Jul 2015 16:06:29 +0200 |
parents | 7dcaaab8ea51 |
children | f45e2b0ee174 |
files | ChangeLog NEWS netx/net/sourceforge/jnlp/runtime/ManifestAttributesChecker.java |
diffstat | 3 files changed, 13 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Mon Jul 20 13:00:49 2015 +0200 +++ b/ChangeLog Mon Jul 20 16:06:29 2015 +0200 @@ -1,3 +1,11 @@ +2015-07-20 Jiri Vanek <jvanek@redhat.com> + + Tuned permissions attribute behavior for unsigned jnlps + * NEWS: change of permissions attribute mentioned in news + * netx/net/sourceforge/jnlp/runtime/ManifestAttributesChecker.java: + permissions sandbox and signed app and unsigned app with permissions all-permissions + now run in sandbox instead of not at all. + 2015-07-20 Jiri Vanek <jvanek@redhat.com> Fixed download service
--- a/NEWS Mon Jul 20 13:00:49 2015 +0200 +++ b/NEWS Mon Jul 20 16:06:29 2015 +0200 @@ -9,6 +9,7 @@ CVE-XXXX-YYYY: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY New in release 1.5.3 (YYYY-MM-DD): +* permissions sandbox and signed app and unsigned app with permissions all-permissions now run in sandbox instead of not at all. * fixed DownloadService * RH1231441 Unable to read the text of the buttons of the security dialogue
--- a/netx/net/sourceforge/jnlp/runtime/ManifestAttributesChecker.java Mon Jul 20 13:00:49 2015 +0200 +++ b/netx/net/sourceforge/jnlp/runtime/ManifestAttributesChecker.java Mon Jul 20 16:06:29 2015 +0200 @@ -220,10 +220,12 @@ } else { // JNLP if (isNoneOrDefault(requestedPermissions)) { if (sandboxForced == ManifestBoolean.TRUE && signing != SigningState.NONE) { - throw new LaunchException("The 'permissions' attribute is '" + file.getManifestsAttributes().permissionsToString() + "' and the applet is signed. This is fatal."); + OutputController.getLogger().log(OutputController.Level.WARNING_ALL, "The 'permissions' attribute is '" + file.getManifestsAttributes().permissionsToString() + "' and the applet is signed. Forcing sandbox."); + securityDelegate.setRunInSandbox(); } if (sandboxForced == ManifestBoolean.FALSE && signing == SigningState.NONE) { - throw new LaunchException("The 'permissions' attribute is '" + file.getManifestsAttributes().permissionsToString() + "' and the applet is unsigned. This is fatal."); + OutputController.getLogger().log(OutputController.Level.WARNING_ALL, "The 'permissions' attribute is '" + file.getManifestsAttributes().permissionsToString() + "' and the applet is unsigned. Forcing sandbox."); + securityDelegate.setRunInSandbox(); } } }