| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
compatible w/ file scheme.
Regression of (Bug 683, Commit b98825eb7cfb61aead4a7dff57471cd2d2c26823).
The URI encoded path cannot be read by File I/O (if file scheme), since the latter
requests an UTF8/16 name, not an URI encoded name (i.e. %20 for space).
The encoded URL is produced if calling 'uri.toURL()' and hence
the new 'IOUtil.toURL(URI)' provides a custom conversion recovering the UTF name via 'new File(uri).getPath()'.
Tested w/
- synthetic URI/URL coposition (unit test)
- manual w/ moving 'build' to 'build öä lala' for gluegen, joal and jogl.
+++
Misc.:
- 'URI JarUtil.getURIDirname(URI)' -> 'URI IOUtil.getDirname(URI)'
++
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
and privileged access)
This review focuses on how we perform permission checks,
or better - do we circumvent some assuming full privileges ?
Some native methods do need extra permission validation, i.e. loading native libraries.
Further more AccessController.doPrivileged(..) shall not cover generic code
exposing a critical feature to the user.
Further more .. we should rely on the SecuritManager, i.e. AccessControlContext's
'checkPermission(Permission)' code to comply w/ fine grained permission access.
It is also possible to have full permission w/o having any certificates (-> policy file).
+++
We remove implicit AccessController.doPrivileged(..) from within our trusted code
for generic methods, like Property access, temp. files.
+++
SecurityUtil:
- Remove 'getCommonAccessControlContext(Class<?> clz)',
which returned a local AccessControlContext for later restriction
if the passed class contains all certificates as the 'trusted' GlueGen class has.
- Simply expose convenient permission check methods relying on
SecurityManager / AccessControlContext.
PropertyAccess:
- 'protected static void addTrustedPrefix(..)' requires AllPermissions if SecurityManager is installed.
- Remove implicit doPrivileged(..) triggered by passed AccessControlContext instance,
only leave it for trusted prefixes.
IOUtil:
- Remove all doPrivileged(..) - Elevation shall be performed by caller.
DynamicLinker:
- 'public long openLibraryLocal(..)' and 'public long openLibraryGlobal(..)'
may throw SecurityException, if a SecurityManager is installed and the dyn. link permission
is not granted in the calling code.
Implemented in their respective Unix, OSX and Windows manifestation.
Caller has to elevate privileges via 'doPrivileged(..) {}' !
+++
Tests:
- Property access
- File access
- Native library loading
Manual Applet test (unsigned, but w/ SecurityManager and policy file):
> gluegen/test/applet
Applet has been tested w/ signed JAR w/ Firefox and Java7 on GNU/Linux as well.
Manual Application test (unsigned, but w/ SecurityManager and policy file):
com.jogamp.junit.sec.TestSecIOUtil01
- Run w/ SecurityManager and policy file:
- gluegen/scripts/runtest-secmgr.sh
- Run w/o SecurityManager:
- gluegen/scripts/runtest.sh
|
| |
|
|
| |
to remove DNS Lookups etc ..
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Derivation
+++
JNILibLoaderBase.addNativeJarLibs(..): Add API doc
JNILibLoaderBase:
"addNativeJarLibs(Class<?> classFromJavaJar, String allNativeJarBaseName, String[] atomicNativeJarBaseNames)" ->
"addNativeJarLibs(Class<?>[] classesFromJavaJars, String singleJarMarker, String[] stripBasenameSuffixes)"
Derive the 'all' (1st choice) native JAR URL solely on the given class's JAR URL.
Examples:
JOCL:
// only: jocl.jar -> jocl-natives-'os.and.arch'.jar
addNativeJarLibs(new Class<?>[] { JOCLJNILibLoader.class }, null, null );
JOGL:
final ClassLoader cl = GLProfile.class.getClassLoader();
// either: [jogl-all.jar, jogl-all-noawt.jar, jogl-all-mobile.jar] -> jogl-all-natives-<os.and.arch>.jar
// or: nativewindow-core.jar -> nativewindow-natives-<os.and.arch>.jar,
// jogl-core.jar -> jogl-natives-<os.and.arch>.jar,
// (newt-core.jar -> newt-natives-<os.and.arch>.jar)? (if available)
final String newtFactoryClassName = "com.jogamp.newt.NewtFactory";
final Class<?>[] classesFromJavaJars = new Class<?>[] { NWJNILibLoader.class, GLProfile.class, null };
if( ReflectionUtil.isClassAvailable(newtFactoryClassName, cl) ) {
classesFromJavaJars[2] = ReflectionUtil.getClass(newtFactoryClassName, false, cl);
}
JNILibLoaderBase.addNativeJarLibs(classesFromJavaJars, "-all", new String[] { "-noawt", "-mobile", "-core" } );
Efficiency / Performance:
- Reduced JAR URL lookup calls JarUtil.getJarURL(..) - JNILibLoaderBase, Platform, JarUtil
- Attempt loading Jar files (native, class, ..) only once - TempJarCache
Code Cleanup (IOUtil, JarUtil, :
- IOException if not found
- IllegalArgumentException if null argument
+++
jogamp.android-launcher.jar -> jogamp-android-launcher.jar
+++
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1468286bf569a493e4fdb887d5f3732f88c8cec3) 'update' scenario in same JVM instance.
TempFileCache/LauncherTempFileCache were using the system property
'jnlp.jogamp.tmp.cache.root', if set.
However, in case one JVM launched an old GlueGen (Applet)
and then launching a new GlueGen (Applet) w/ a new tmpDir location,
the property is still set but the tmpRootDir location does not exist.
This patch tolerates this situation and cont. setting a new tmpRootDir.
Example:
JVM1.GlueGen1 tmpDir: /tmp/, tmpRootDir: /tmp/jogamp.tmp.cache_000000/
JVM1.GlueGen2 tmpDir: /tmp/jogamp_0000/, tmpRootDir: /tmp/jogamp_0000/file_cache/
Misc:
- IOUtil: Always use 'jogamp_xxxx' as the sys-temp subfolder for tmpDir
- JNILibLoaderBase: Remove unised import
- TempJarCache.validateCertificates(): Add OK DEBUG output.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
library loading
Some Platform field declarations and it's static initialization has been delegated
to it's new abstract super class PlatformPropsImpl to solve
static initialization interdependencies w/ the GlueGen native library loading
and it's derived information {@link #getMachineDescription()}, {@link #is32Bit()}, ..<br>
This mechanism is preferred in this case to avoid synchronization and locking
and allow better performance accessing the mentioned fields/methods.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
is mounted w/ noexec ; IOUtil API change!
Test whether executable files can be launched in temporary folder
by trying to run an empty executable file - if !( WINDOWS | OPENKODE )
TempDir:
1) ${java.io.tmpdir}/jogamp
2) $XDG_CACHE_HOME/jogamp - if !( ANDROID | MACOS | WINDOWS | OPENKODE )
3) $HOME/.jogamp
$XDG_CACHE_HOME defaults to $HOME/.cache
- TempFileCache: ${TempDir}/file_cache -> ${java.io.tmpdir}/jogamp/file_cache
- LauncherTempFileCache: ${TempDir}/file_cache -> ${java.io.tmpdir}/jogamp/file_cache
+++
AndroidUtils*.getTempRoot(): Remove unused AccessControlContext param
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
'android-armv7hf' and 'linux-armv7hf' ]
- Platform gets new ABIType [ GENERIC, ARMEL, ARMHF ]
- Platform impl. needs to guess ABIType in case of ARM,
since no Java system property ('os.arch' ..) reflects the new EABI.
I consider this a bug, since this will also hinder JNLP to work.
The latter also uses 'os.arch' sys property to determine the nativelib resource!
(See Platform.guessABITypeImpl(..) for details how we guess the type.)
- Adding symbolic links to ubuntu's gnueabihf cross tool chain
- Adding armhf crossbuild script
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
PropertyAccess: Fix security code, grant access to common 'trusted' properties
- SecurityUtil
- Generalize cert validation for JAR and property access
- Grant access to common AccessControlContext for 'same' cert
- PropertyAccess:
- Fix security code: Passing the current AccessControlContext from the caller
didn't include priviledges.
- Grant access to common 'trusted' properties,
which removes the need of passing the AccessControlContext for general properties
like 'jnlp.', 'jogamp.' ..
- Enable registering 'trusted' properties, when caller's cert is 'same'
|
| | |
|
| |
|
|
| |
Platform.loadGlueGenRTImpl(), Reuse JarUtil (same methodology) to determine whether we run from JarURL
|
| |
|
|
| |
our lifecycle. JarFile's hash almost always differs.
|
| |
|
|
|
|
|
|
| |
JNILibLoaderBase's 'addNativeJarLibs(Class<?> classFromJavaJar, String allNativeJarBaseName, String[] atomicNativeJarBaseNames)'
now just attempts to load the 'all' variant, and will continue w/ atomics if not successful (ie not available).
It skips the validation of a 'allJavaJarPrefix', ie validating the 'classFromJavaJar holding JAR file,
which allows GLUEGEN/JOGL classes to be contained in JAR files other than the original.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It turns out that Java's File mkdir() only makes the directory writable for the current user,
I have missed this fact. Great catch.
1. Fix TempJarCache.isInitialized(): Return false if not successfully initialized.
It merely returned if it has passed 'initSingleton()' and ignored the staticInitError.
2. Fix TempFileCache pattern of determining the temp base directory
We cannot just use a static directory name, due to the multi user environment
and user write permissions on File.mkdir().
IOUtil has a new 'getTempDir(..)' methods, which iterates through integers [000000-999999]
until a writeable directory could be found or created.
TempFileCache initializes this temp base dir in the static block ensuring
the value is final for the JVM / ClassLoader.
Updated comments/docs in TempFileCache.
|
| |
|
|
|
|
|
|
| |
Add unit test.
Misc.:
- IOUtil: Add toURL* methods
- TempJarCache: Add 'URL getResource(String)'
|
| | |
|
| | |
|
| |
|
|
| |
Certificates if caller has any. Add Convenient JNILibLoaderBase.addNativeJarLibs(..) method.
|
| |
|
|
|
|
| |
- JNILibLoaderBase: If TempJarCache is active, try find native library in cached JARs
- TempJarCache: Add bootstrabNativeLib(..) allowing bootstraping gluegen-rt from JAR w/o needing it
- JARUtil: minor edits (final)
|
| |
|
|
| |
initialization/usage only
|
|
|
JarUtil:
Utility to handle Jar files and it's content, incl. extracting it's entries
TempFileCache:
Utility to have a save temporary file cache per JVM and per instance,
eg. per ClassLoader.
The temp cache is cleaned up with the next usage of TempFileCache,
which solves the troubles of JVM bugs and situations where the JVM
is not able to close and delete open temp files.
TempJarCache:
Utility to cache Jar files temporary (using TempFileCache)
and access it's content.
This class is suitable to implement a URLClassLoader
or similar resource loading facilities.
All tested w/ TestTempJarCache
|
