Mercurial > hg > release > icedtea7-2.2
changeset 2297:199a7a1f9a66
netx: handle JNLP files which use native libraries but do not indicate it
2010-06-24 Omair Majid <omajid@redhat.com>
* netx/net/sourceforge/jnlp/SecurityDesc.java: Fix comments.
* netx/net/sourceforge/jnlp/JNLPClassLoader.java
(activateJars): Always call activateNative.
(activateNative): Search for native code anywhere in the jar.
author | Omair Majid <omajid@redhat.com> |
---|---|
date | Thu, 24 Jun 2010 09:40:43 -0400 |
parents | 0e3aba9022ce |
children | 1a13fd8125c7 |
files | ChangeLog netx/net/sourceforge/jnlp/SecurityDesc.java netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java |
diffstat | 3 files changed, 35 insertions(+), 18 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Thu Jul 22 22:58:42 2010 +0100 +++ b/ChangeLog Thu Jun 24 09:40:43 2010 -0400 @@ -1,3 +1,10 @@ +2010-06-24 Omair Majid <omajid@redhat.com> + + * netx/net/sourceforge/jnlp/SecurityDesc.java: Fix comments. + * netx/net/sourceforge/jnlp/JNLPClassLoader.java + (activateJars): Always call activateNative. + (activateNative): Search for native code anywhere in the jar. + 2010-07-22 Andrew John Hughes <ahughes@redhat.com> * INSTALL,
--- a/netx/net/sourceforge/jnlp/SecurityDesc.java Thu Jul 22 22:58:42 2010 +0100 +++ b/netx/net/sourceforge/jnlp/SecurityDesc.java Thu Jun 24 09:40:43 2010 -0400 @@ -31,12 +31,9 @@ */ public class SecurityDesc { - // todo: make sure classloader's native code support checks - // the security permissions - - // shouldn't need to verify that native code only runs in - // trusted environment because the parser and/or classloader - // should kick it. + /* + * We do not verify security here, the classloader deals with security + */ /** All permissions. */ public static final Object ALL_PERMISSIONS = "All";
--- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Thu Jul 22 22:58:42 2010 +0100 +++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Thu Jun 24 09:40:43 2010 -0400 @@ -80,9 +80,6 @@ /** map from JNLPFile url to shared classloader */ private static Map urlToLoader = new HashMap(); // never garbage collected! - /** number of times a classloader with native code is created */ - private static int nativeCounter = 0; - /** the directory for native code */ private File nativeDir = null; // if set, some native code exists @@ -642,8 +639,8 @@ ex.printStackTrace(); } - if (jar.isNative()) - activateNative(jar); + // some programs place a native library in any jar + activateNative(jar); } return null; @@ -654,9 +651,9 @@ } /** - * Enable the native code contained in a JAR by copying the - * native files into the filesystem. Called in the security - * context of the classloader. + * Search for and enable any native code contained in a JAR by copying the + * native files into the filesystem. Called in the security context of the + * classloader. */ protected void activateNative(JARDesc jar) { if (JNLPRuntime.isDebug()) @@ -669,17 +666,33 @@ if (nativeDir == null) nativeDir = getNativeDir(); + String[] librarySuffixes = { ".so", ".dylib", ".jnilib", ".framework", ".dll" }; + try { JarFile jarFile = new JarFile(localFile, false); - Enumeration entries = jarFile.entries(); + Enumeration<JarEntry> entries = jarFile.entries(); while (entries.hasMoreElements()) { - JarEntry e = (JarEntry) entries.nextElement(); + JarEntry e = entries.nextElement(); + + if (e.isDirectory()) { + continue; + } + + String name = new File(e.getName()).getName(); + boolean isLibrary = false; - if (e.isDirectory() || e.getName().indexOf('/') != -1) + for (String suffix: librarySuffixes) { + if (name.endsWith(suffix)) { + isLibrary = true; + break; + } + } + if (!isLibrary) { continue; + } - File outFile = new File(nativeDir, e.getName()); + File outFile = new File(nativeDir, name); CacheUtil.streamCopy(jarFile.getInputStream(e), new FileOutputStream(outFile));