Mercurial > hg > release > icedtea-web-1.6
changeset 985:e5175632c41a
Add Thread/ThreadGroup permissions for PolicyEditor and temp
* netx/net/sourceforge/jnlp/resources/Messages.properties:
(PEAccessThreads, PEAccessThreadsDetail, PEAccessThreadGroups,
PEAccessThreadGroupsDetail) new messages
* netx/net/sourceforge/jnlp/security/dialogs/TemporaryPermissions.java:
(ACCESS_THREADS_PERMISSION, ACCESS_THREAD_GROUPS_PERMISSION) new
permissions, added to reflection group. Use diamond operator.
* netx/net/sourceforge/jnlp/security/policyeditor/PermissionTarget.java:
(ACCESS_THREADS, ACCESS_THREAD_GROUPS) new targets
* netx/net/sourceforge/jnlp/security/policyeditor/PolicyEditorPermissions.java:
(ACCESS_THREADS, ACCESS_THREAD_GROUPS) new permissions, added to
reflection group. Minor formatting fixes.
author | Andrew Azores <aazores@redhat.com> |
---|---|
date | Mon, 14 Apr 2014 12:06:37 -0400 |
parents | 26b5ec24ec08 |
children | 3f9913affb06 |
files | ChangeLog netx/net/sourceforge/jnlp/resources/Messages.properties netx/net/sourceforge/jnlp/security/dialogs/TemporaryPermissions.java netx/net/sourceforge/jnlp/security/policyeditor/PermissionTarget.java netx/net/sourceforge/jnlp/security/policyeditor/PolicyEditorPermissions.java |
diffstat | 5 files changed, 39 insertions(+), 11 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Mon Apr 14 16:39:04 2014 +0200 +++ b/ChangeLog Mon Apr 14 12:06:37 2014 -0400 @@ -1,3 +1,17 @@ +2014-04-14 Andrew Azores <aazores@redhat.com> + + * netx/net/sourceforge/jnlp/resources/Messages.properties: + (PEAccessThreads, PEAccessThreadsDetail, PEAccessThreadGroups, + PEAccessThreadGroupsDetail) new messages + * netx/net/sourceforge/jnlp/security/dialogs/TemporaryPermissions.java: + (ACCESS_THREADS_PERMISSION, ACCESS_THREAD_GROUPS_PERMISSION) new + permissions, added to reflection group. Use diamond operator. + * netx/net/sourceforge/jnlp/security/policyeditor/PermissionTarget.java: + (ACCESS_THREADS, ACCESS_THREAD_GROUPS) new targets + * netx/net/sourceforge/jnlp/security/policyeditor/PolicyEditorPermissions.java: + (ACCESS_THREADS, ACCESS_THREAD_GROUPS) new permissions, added to + reflection group. Minor formatting fixes. + 2014-04-14 Jiri Vanek <jvanek@redhat.com> All manifest attributes can be disabled
--- a/netx/net/sourceforge/jnlp/resources/Messages.properties Mon Apr 14 16:39:04 2014 +0200 +++ b/netx/net/sourceforge/jnlp/resources/Messages.properties Mon Apr 14 12:06:37 2014 -0400 @@ -548,6 +548,10 @@ PEClassInPackageDetail=Allow applets to access classes from other applet packages (often used with Reflection) PEDeclaredMembers=Access private class data PEDeclaredMembersDetail=Allow applets to access normally hidden data from other Java classes (often used with Reflection) +PEAccessThreads=Modify threads +PEAccessThreadsDetail=Allow applets to start, stop, and otherwise manage threads +PEAccessThreadGroups=Modify threadgroups +PEAccessThreadGroupsDetail=Allow applets to start, stop, and otherwise manage thread groups PEExec=Execute commands PEExecDetail=Allow applets to execute system commands PEGetEnv=Get environment variables
--- a/netx/net/sourceforge/jnlp/security/dialogs/TemporaryPermissions.java Mon Apr 14 16:39:04 2014 +0200 +++ b/netx/net/sourceforge/jnlp/security/dialogs/TemporaryPermissions.java Mon Apr 14 12:06:37 2014 -0400 @@ -83,6 +83,8 @@ public static final RuntimePermission CLASSLOADER_PERMISSION = new RuntimePermission(GET_CLASSLOADER.getTarget().target); public static final RuntimePermission ACCESS_CLASS_IN_PACKAGE_PERMISSION = new RuntimePermission(ACCESS_CLASS_IN_PACKAGE.getTarget().target); public static final RuntimePermission ACCESS_DECLARED_MEMBERS_PERMISSION = new RuntimePermission(ACCESS_DECLARED_MEMBERS.getTarget().target); + public static final RuntimePermission ACCESS_THREADS_PERMISSION = new RuntimePermission(ACCESS_THREADS.getTarget().target); + public static final RuntimePermission ACCESS_THREADGROUPS_PERMISSION = new RuntimePermission(ACCESS_THREAD_GROUPS.getTarget().target); public static final AWTPermission AWT_PERMISSION = new AWTPermission(ALL_AWT.getTarget().target); public static final AudioPermission PLAY_AUDIO_PERMISSION = new AudioPermission(PLAY_AUDIO.getTarget().target); @@ -93,8 +95,8 @@ public static final Collection<Permission> ALL_PERMISSIONS, FILE_PERMISSIONS, PROPERTY_PERMISSIONS, NETWORK_PERMISSIONS, EXEC_PERMISSIONS, REFLECTION_PERMISSIONS, MEDIA_PERMISSIONS; static { - final Collection<Permission> all = new HashSet<Permission>(), file = new HashSet<Permission>(), property = new HashSet<Permission>(), - network = new HashSet<Permission>(), exec = new HashSet<Permission>(), reflection = new HashSet<Permission>(), media = new HashSet<Permission>(); + final Collection<Permission> all = new HashSet<>(), file = new HashSet<>(), property = new HashSet<>(), + network = new HashSet<>(), exec = new HashSet<>(), reflection = new HashSet<>(), media = new HashSet<>(); file.add(READ_LOCAL_FILES_PERMISSION); file.add(WRITE_LOCAL_FILES_PERMISSION); @@ -121,6 +123,8 @@ reflection.add(CLASSLOADER_PERMISSION); reflection.add(ACCESS_CLASS_IN_PACKAGE_PERMISSION); reflection.add(ACCESS_DECLARED_MEMBERS_PERMISSION); + reflection.add(ACCESS_THREADS_PERMISSION); + reflection.add(ACCESS_THREADGROUPS_PERMISSION); REFLECTION_PERMISSIONS = Collections.unmodifiableCollection(reflection); media.add(AWT_PERMISSION); @@ -144,19 +148,19 @@ } private static Collection<Permission> sum(final Permission... permissions) { - final Collection<Permission> result = new HashSet<Permission>(Arrays.asList(permissions)); + final Collection<Permission> result = new HashSet<>(Arrays.asList(permissions)); return Collections.unmodifiableCollection(result); } private static Collection<Permission> sum(final Collection<Permission> a, final Collection<Permission> b) { - final Collection<Permission> result = new HashSet<Permission>(); + final Collection<Permission> result = new HashSet<>(); result.addAll(a); result.addAll(b); return Collections.unmodifiableCollection(result); } private static final Collection<Permission> subtract(final Collection<Permission> from, final Collection<Permission> remove) { - final Collection<Permission> result = new HashSet<Permission>(from); + final Collection<Permission> result = new HashSet<>(from); result.removeAll(remove); return Collections.unmodifiableCollection(result); }
--- a/netx/net/sourceforge/jnlp/security/policyeditor/PermissionTarget.java Mon Apr 14 16:39:04 2014 +0200 +++ b/netx/net/sourceforge/jnlp/security/policyeditor/PermissionTarget.java Mon Apr 14 12:06:37 2014 -0400 @@ -52,6 +52,8 @@ RECORD("record"), REFLECT("suppressAccessChecks"), GETENV("getenv.*"), + ACCESS_THREADS("modifyThread"), + ACCESS_THREAD_GROUPS("modifyThreadGroup"), ACCESS_CLASS_IN_PACKAGE("accessClassInPackage.*"), DECLARED_MEMBERS("accessDeclaredMembers"), CLASSLOADER("getClassLoader");
--- a/netx/net/sourceforge/jnlp/security/policyeditor/PolicyEditorPermissions.java Mon Apr 14 16:39:04 2014 +0200 +++ b/netx/net/sourceforge/jnlp/security/policyeditor/PolicyEditorPermissions.java Mon Apr 14 12:06:37 2014 -0400 @@ -89,6 +89,12 @@ ACCESS_DECLARED_MEMBERS(R("PEDeclaredMembers"), R("PEDeclaredMembersDetail"), PermissionType.RUNTIME_PERMISSION, PermissionTarget.DECLARED_MEMBERS, PermissionActions.NONE), + ACCESS_THREADS(R("PEAccessThreads"), R("PEAccessThreadsDetail"), + PermissionType.RUNTIME_PERMISSION, PermissionTarget.ACCESS_THREADS, PermissionActions.NONE), + + ACCESS_THREAD_GROUPS(R("PEAccessThreadGroups"), R("PEAccessThreadGroupsDetail"), + PermissionType.RUNTIME_PERMISSION, PermissionTarget.ACCESS_THREAD_GROUPS, PermissionActions.NONE), + NETWORK(R("PENetwork"), R("PENetworkDetail"), PermissionType.SOCKET_PERMISSION, PermissionTarget.ALL, PermissionActions.NETALL), @@ -116,22 +122,20 @@ public static enum Group { ReadFileSystem(R("PEGReadFileSystem"), READ_LOCAL_FILES, READ_PROPERTIES, READ_SYSTEM_FILES, READ_TMP_FILES, GET_ENV), - WriteFileSystem(R("PEGWriteFileSystem"), WRITE_LOCAL_FILES, DELETE_LOCAL_FILES, WRITE_PROPERTIES, WRITE_SYSTEM_FILES, WRITE_TMP_FILES, - DELETE_TMP_FILES, EXEC_COMMANDS), - AccesUnowenedCode(R("PEGAccesUnowenedCode"), JAVA_REFLECTION, GET_CLASSLOADER, ACCESS_CLASS_IN_PACKAGE, ACCESS_DECLARED_MEMBERS), + WriteFileSystem(R("PEGWriteFileSystem"), WRITE_LOCAL_FILES, DELETE_LOCAL_FILES, WRITE_PROPERTIES, WRITE_SYSTEM_FILES, WRITE_TMP_FILES, DELETE_TMP_FILES, EXEC_COMMANDS), + AccessUnownedCode(R("PEGAccesUnowenedCode"), JAVA_REFLECTION, GET_CLASSLOADER, ACCESS_CLASS_IN_PACKAGE, ACCESS_DECLARED_MEMBERS, ACCESS_THREADS, ACCESS_THREAD_GROUPS), MediaAccess(R("PEGMediaAccess"), PLAY_AUDIO, RECORD_AUDIO, PRINT, CLIPBOARD); private final PolicyEditorPermissions[] permissions; - private final String title; + private final String title; private Group(final String title, final PolicyEditorPermissions... permissions) { this.title = title; this.permissions = permissions; - } public static boolean anyContains(final PolicyEditorPermissions permission) { - for (Group g : Group.values()) { + for (final Group g : Group.values()) { if (g.contains(permission)) { return true; }