Mercurial > hg > release > icedtea-web-1.6
changeset 1241:cee19abe4dbd
Tuned permissions attribute behavior for unsigned jnlps
* NEWS: change of permissions attribute mentioned in news
* netx/net/sourceforge/jnlp/runtime/ManifestAttributesChecker.java: permissions sandbox and signed app and unsigned app with permissions all-permissions now run in sandbox instead of not at all.
* tests/reproducers/signed/SandboxSignedSandbox/testcases/SandboxSignedSandboxTest.java: Failing tests of (javawsAllPermNoSecurity) (javawsAppletAllPermNoSecurity) with bug comment got removed this comment and are now passing
* tests/reproducers/simple/SandboxUnsignedAllPerm/testcases/SandboxUnsignedAllPermTest.java Failing tests of (javawsAllPermNoSecurity) (javawsAppletAllPermNoSecurity) with bug comment got removed this comment and are now passing
| author | Jiri Vanek <jvanek@redhat.com> |
|---|---|
| date | Mon, 20 Jul 2015 15:54:20 +0200 |
| parents | f5b19b402bf6 |
| children | 25194ee44e24 |
| files | ChangeLog NEWS netx/net/sourceforge/jnlp/runtime/ManifestAttributesChecker.java tests/reproducers/signed/SandboxSignedSandbox/testcases/SandboxSignedSandboxTest.java tests/reproducers/simple/SandboxUnsignedAllPerm/testcases/SandboxUnsignedAllPermTest.java |
| diffstat | 5 files changed, 19 insertions(+), 6 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Mon Jul 20 15:22:38 2015 +0200 +++ b/ChangeLog Mon Jul 20 15:54:20 2015 +0200 @@ -1,3 +1,17 @@ +2015-07-20 Jiri Vanek <jvanek@redhat.com> + + Tuned permissions attribute behavior for unsigned jnlps + * NEWS: change of permissions attribute mentioned in news + * netx/net/sourceforge/jnlp/runtime/ManifestAttributesChecker.java: + permissions sandbox and signed app and unsigned app with permissions all-permissions + now run in sandbox instead of not at all. + * tests/reproducers/signed/SandboxSignedSandbox/testcases/SandboxSignedSandboxTest.java: + Failing tests of (javawsAllPermNoSecurity) (javawsAppletAllPermNoSecurity) + with bug comment got removed this comment and are now passing + * tests/reproducers/simple/SandboxUnsignedAllPerm/testcases/SandboxUnsignedAllPermTest.java + Failing tests of (javawsAllPermNoSecurity) (javawsAppletAllPermNoSecurity) + with bug comment got removed this comment and are now passing + 2015-07-20 Jiri Vanek <jvanek@redhat.com> Added tests for signed applet/app using Permission attribute and for unsigned applet/app using Permission attribute
--- a/NEWS Mon Jul 20 15:22:38 2015 +0200 +++ b/NEWS Mon Jul 20 15:54:20 2015 +0200 @@ -9,6 +9,7 @@ CVE-XXXX-YYYY: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY New in release 1.6.1 (2015-MM-DD): +* permissions sandbox and signed app and unsigned app with permissions all-permissions now run in sandbox instead of not at all. * fixed DownloadService * fixed bug in caching of files with query * fixed issues with recreating of existing shortcut
--- a/netx/net/sourceforge/jnlp/runtime/ManifestAttributesChecker.java Mon Jul 20 15:22:38 2015 +0200 +++ b/netx/net/sourceforge/jnlp/runtime/ManifestAttributesChecker.java Mon Jul 20 15:54:20 2015 +0200 @@ -295,10 +295,12 @@ } else { // JNLP if (isNoneOrDefault(requestedPermissions)) { if (sandboxForced == ManifestBoolean.TRUE && signing != SigningState.NONE) { - throw new LaunchException("The 'permissions' attribute is '" + file.getManifestsAttributes().permissionsToString() + "' and the applet is signed. This is fatal."); + OutputController.getLogger().log(OutputController.Level.WARNING_ALL, "The 'permissions' attribute is '" + file.getManifestsAttributes().permissionsToString() + "' and the applet is signed. Forcing sandbox."); + securityDelegate.setRunInSandbox(); } if (sandboxForced == ManifestBoolean.FALSE && signing == SigningState.NONE) { - throw new LaunchException("The 'permissions' attribute is '" + file.getManifestsAttributes().permissionsToString() + "' and the applet is unsigned. This is fatal."); + OutputController.getLogger().log(OutputController.Level.WARNING_ALL, "The 'permissions' attribute is '" + file.getManifestsAttributes().permissionsToString() + "' and the applet is unsigned. Forcing sandbox."); + securityDelegate.setRunInSandbox(); } } }
--- a/tests/reproducers/signed/SandboxSignedSandbox/testcases/SandboxSignedSandboxTest.java Mon Jul 20 15:22:38 2015 +0200 +++ b/tests/reproducers/signed/SandboxSignedSandbox/testcases/SandboxSignedSandboxTest.java Mon Jul 20 15:54:20 2015 +0200 @@ -75,7 +75,6 @@ @Test //no security dialog //should run in snadbox (jnlp dont have all-permnissions) - //dont run at all. BUG! public void javawsAllPermNoSecurity() throws Exception{ ProcessResult p = server.executeJavawsHeadless("SandboxSignedSandbox.jnlp"); Assert.assertTrue(p.stdout.contains(confirmation)); @@ -95,7 +94,6 @@ @Test //no security dialog //should run in snadbox (jnlp dont have all-permnissions) - //dont run at all. BUG! public void javawsAppletAllPermNoSecurity() throws Exception{ ProcessResult p = server.executeJavaws(Arrays.asList(new String[]{"-headless", "-verbose"}),"SandboxSignedSandbox_applet.jnlp", new AutoOkClosingListener(), new AutoErrorClosingListener()); Assert.assertTrue(p.stdout.contains(confirmation));
--- a/tests/reproducers/simple/SandboxUnsignedAllPerm/testcases/SandboxUnsignedAllPermTest.java Mon Jul 20 15:22:38 2015 +0200 +++ b/tests/reproducers/simple/SandboxUnsignedAllPerm/testcases/SandboxUnsignedAllPermTest.java Mon Jul 20 15:54:20 2015 +0200 @@ -71,7 +71,6 @@ } @Test - //bug, should run in sandbox, see appletAllPermAllSecurity public void javawsAllPermNoSecurity() throws Exception { ProcessResult p = server.executeJavawsHeadless("SandboxUnsignedAllPerm.jnlp"); Assert.assertTrue(p.stdout.contains(confirmation)); @@ -88,7 +87,6 @@ } @Test - //bug, should run in sandbox, see appletAllPermAllSecurity public void javawsAppletAllPermNoSecurity() throws Exception { ProcessResult p = server.executeJavaws(Arrays.asList(new String[]{"-headless", "-verbose"}), "SandboxUnsignedAllPerm_applet.jnlp", new AutoOkClosingListener(), new AutoErrorClosingListener()); Assert.assertTrue(p.stdout.contains(confirmation));