Mercurial > hg > release > icedtea6-1.9
changeset 2082:d5ebbabd7488
Merge
author | Gary Benson <gbenson@redhat.com> |
---|---|
date | Fri, 07 May 2010 10:51:15 +0100 |
parents | 0e1af84bed2c (current diff) 6c2adc19cc47 (diff) |
children | 6af621b7b0e6 |
files | ChangeLog |
diffstat | 2 files changed, 56 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Fri May 07 10:49:34 2010 +0100 +++ b/ChangeLog Fri May 07 10:51:15 2010 +0100 @@ -48,6 +48,14 @@ * ports/hotspot/src/share/vm/shark/sharkCacheDecache.cpp (SharkDecacher::end_frame): Updated for newer HotSpot. +2010-05-06 Deepak Bhole <dbhole@redhat.com> + + * netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java + (checkPermission): Allow Runtime and Security permission (for + putProvider.SunJCE) if initiated for an https connection. + (inTrustedCallChain): New method. Returns if given class/method is + in the call chain, and everything upto there is trusted. + 2010-05-05 Gary Benson <gbenson@redhat.com> PR icedtea/481
--- a/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java Fri May 07 10:49:34 2010 +0100 +++ b/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java Fri May 07 10:51:15 2010 +0100 @@ -23,10 +23,12 @@ import java.awt.event.WindowEvent; import java.lang.ref.WeakReference; import java.net.SocketPermission; +import java.security.AllPermission; import java.security.AccessControlException; import java.security.AccessController; import java.security.Permission; import java.security.PrivilegedAction; +import java.security.SecurityPermission;; import java.util.PropertyPermission; import javax.swing.JWindow; @@ -395,6 +397,24 @@ // Everything else is denied throw se; + } else if (perm instanceof SecurityPermission) { + + // JCE's initialization requires putProviderProperty permission + if (perm.equals(new SecurityPermission("putProviderProperty.SunJCE"))) { + if (inTrustedCallChain("com.sun.crypto.provider.SunJCE", "run")) { + return; + } + } + + } else if (perm instanceof RuntimePermission) { + + // KeyGenerator's init method requires internal spec access + if (perm.equals(new SecurityPermission("accessClassInPackage.sun.security.internal.spec"))) { + if (inTrustedCallChain("javax.crypto.KeyGenerator", "init")) { + return; + } + } + } else { tmpPerm = perm; } @@ -419,6 +439,34 @@ } } + /** + * Returns weather the given class and method are in the current stack, + * and whether or not everything upto then is trusted + * + * @param className The name of the class to look for in the stack + * @param methodName The name of the method for the given class to look for in the stack + * @return Weather or not class::method() are in the chain, and everything upto there is trusted + */ + private boolean inTrustedCallChain(String className, String methodName) { + + StackTraceElement[] stack = Thread.currentThread().getStackTrace(); + + for (int i=0; i < stack.length; i++) { + + // Everything up to the desired class/method must be trusted + if (!stack[i].getClass().getProtectionDomain().implies(new AllPermission())) { + return false; + } + + if (stack[i].getClassName().equals(className) && + stack[i].getMethodName().equals(methodName)) { + return true; + } + } + + return false; + } + /** * Asks the user whether or not to grant permission. * @param perm the permission to be granted