Mercurial > hg > release > icedtea6-1.9

changeset 2082:d5ebbabd7488

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Merge
author Gary Benson <gbenson@redhat.com>
date Fri, 07 May 2010 10:51:15 +0100
parents 0e1af84bed2c (current diff) 6c2adc19cc47 (diff)
children 6af621b7b0e6
files ChangeLog
diffstat 2 files changed, 56 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog	Fri May 07 10:49:34 2010 +0100
+++ b/ChangeLog	Fri May 07 10:51:15 2010 +0100
@@ -48,6 +48,14 @@
 	* ports/hotspot/src/share/vm/shark/sharkCacheDecache.cpp
 	(SharkDecacher::end_frame): Updated for newer HotSpot.
 
+2010-05-06  Deepak Bhole <dbhole@redhat.com>
+
+	* netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java
+	(checkPermission): Allow Runtime and Security permission (for
+	putProvider.SunJCE) if initiated for an https connection.
+	(inTrustedCallChain): New method. Returns if given class/method is
+	in the call chain, and everything upto there is trusted.
+
 2010-05-05  Gary Benson  <gbenson@redhat.com>
 
 	PR icedtea/481
--- a/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java	Fri May 07 10:49:34 2010 +0100
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPSecurityManager.java	Fri May 07 10:51:15 2010 +0100
@@ -23,10 +23,12 @@
 import java.awt.event.WindowEvent;
 import java.lang.ref.WeakReference;
 import java.net.SocketPermission;
+import java.security.AllPermission;
 import java.security.AccessControlException;
 import java.security.AccessController;
 import java.security.Permission;
 import java.security.PrivilegedAction;
+import java.security.SecurityPermission;;
 import java.util.PropertyPermission;
 
 import javax.swing.JWindow;
@@ -395,6 +397,24 @@
 				    // Everything else is denied
 				    throw se;
 
+				} else if (perm instanceof SecurityPermission) {
+
+				    // JCE's initialization requires putProviderProperty permission
+				    if (perm.equals(new SecurityPermission("putProviderProperty.SunJCE"))) {
+				        if (inTrustedCallChain("com.sun.crypto.provider.SunJCE", "run")) {
+				            return;
+				        }
+				    }
+
+				} else if (perm instanceof RuntimePermission) {
+
+				    // KeyGenerator's init method requires internal spec access
+				    if (perm.equals(new SecurityPermission("accessClassInPackage.sun.security.internal.spec"))) {
+				        if (inTrustedCallChain("javax.crypto.KeyGenerator", "init")) {
+				            return;
+				        }
+				    }
+
 				} else {
 				    tmpPerm = perm;
 				}
@@ -419,6 +439,34 @@
         }
     }
 
+    /** 
+     * Returns weather the given class and method are in the current stack, 
+     * and whether or not everything upto then is trusted
+     * 
+     * @param className The name of the class to look for in the stack
+     * @param methodName The name of the method for the given class to look for in the stack
+     * @return Weather or not class::method() are in the chain, and everything upto there is trusted
+     */
+    private boolean inTrustedCallChain(String className, String methodName) {
+        
+        StackTraceElement[] stack =  Thread.currentThread().getStackTrace();
+        
+        for (int i=0; i < stack.length; i++) {
+
+            // Everything up to the desired class/method must be trusted
+            if (!stack[i].getClass().getProtectionDomain().implies(new AllPermission())) {
+                return false;
+            }
+
+            if (stack[i].getClassName().equals(className) &&
+                stack[i].getMethodName().equals(methodName)) {
+                return true;
+            }
+        }
+        
+        return false;
+    }
+    
     /**
      * Asks the user whether or not to grant permission.
      * @param perm the permission to be granted