Mercurial > hg > release > icedtea6-1.8
changeset 2060:baf9e63a16aa
netx: error out when unsigned jnlp applications request permissions
2010-07-20 Omair Majid <omajid@redhat.com>
* netx/net/sourceforge/jnlp/resources/Messages.properties:
Add LUnsignedJarWithSecurity LUnsignedJarWithSecurityInfo.
* netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
(setSecurity): Can now throw a LaunchException if the JNLP file requests
permissions but the jars are unsigned.
| author | Omair Majid <omajid@redhat.com> |
|---|---|
| date | Wed, 21 Jul 2010 13:02:49 -0400 |
| parents | 2489bca2d112 |
| children | fcc6da6f0adb |
| files | ChangeLog netx/net/sourceforge/jnlp/resources/Messages.properties netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java |
| diffstat | 3 files changed, 26 insertions(+), 9 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Tue Jul 20 16:52:27 2010 -0400 +++ b/ChangeLog Wed Jul 21 13:02:49 2010 -0400 @@ -1,3 +1,11 @@ +2010-07-20 Omair Majid <omajid@redhat.com> + + * netx/net/sourceforge/jnlp/resources/Messages.properties: + Add LUnsignedJarWithSecurity LUnsignedJarWithSecurityInfo. + * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java + (setSecurity): Can now throw a LaunchException if the JNLP file requests + permissions but the jars are unsigned. + 2010-07-20 Man Lung Wong <mwong@redhat.com> * netx/net/sourceforge/jnlp/SecurityDesc.java:
--- a/netx/net/sourceforge/jnlp/resources/Messages.properties Tue Jul 20 16:52:27 2010 -0400 +++ b/netx/net/sourceforge/jnlp/resources/Messages.properties Wed Jul 21 13:02:49 2010 -0400 @@ -50,6 +50,8 @@ LNotLaunchableInfo=File must be a JNLP application, applet, or installer type. LCantDetermineMainClass=Unknown Main-Class. LCantDetermineMainClassInfo=Could not determine the main class for this application. +LUnsignedJarWithSecurity=Cannot grant permissions to unsigned jars. +LUnsignedJarWithSecurityInfo=Application requested security permissions, but jars are not signed. JNotApplet=File is not an applet. JNotApplication=File is not an application.
--- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Tue Jul 20 16:52:27 2010 -0400 +++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Wed Jul 21 13:02:49 2010 -0400 @@ -167,7 +167,7 @@ } - private void setSecurity() { + private void setSecurity() throws LaunchException { URL codebase = null; @@ -196,15 +196,22 @@ } } else { //regular jnlp file - /** - * If the application is signed, then we set the SecurityDesc to the - * <security> tag in the jnlp file. Note that if an application is - * signed, but there is no <security> tag in the jnlp file, the - * application will get sandbox permissions. - * If the application is unsigned, we ignore the <security> tag and - * use a sandbox instead. + /* + * Various combinations of the jars being signed and <security> tags being + * present are possible. They are treated as follows + * + * Jars JNLP File Result + * + * Signed <security> Appropriate Permissions + * Signed no <security> Sandbox + * Unsigned <security> Error + * Unsigned no <security> Sandbox + * */ - if (signing == true) { + if (! file.getSecurity().getSecurityType().equals(SecurityDesc.SANDBOX_PERMISSIONS) && !signing) { + throw new LaunchException(file, null, R("LSFatal"), R("LCClient"), R("LUnsignedJarWithSecurity"), R("LUnsignedJarWithSecurityInfo")); + } + else if (signing == true) { this.security = file.getSecurity(); } else { this.security = new SecurityDesc(file,