1 files changed, 26 insertions, 0 deletions

diff --git a/netx/net/sourceforge/jnlp/runtime/JNLPPolicy.java b/netx/net/sourceforge/jnlp/runtime/JNLPPolicy.java
index ea96022..13f72e6 100644
--- a/netx/net/sourceforge/jnlp/runtime/JNLPPolicy.java
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPPolicy.java
@@ -16,6 +16,7 @@
 
 package net.sourceforge.jnlp.runtime;
 
+import java.io.File;
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.security.*;
@@ -44,6 +45,8 @@ public class JNLPPolicy extends Policy {
     /** the previous policy */
     private static Policy systemPolicy;
 
+    private final String jreExtDir;
+
     /** the system level policy for jnlps */
     private Policy systemJnlpPolicy = null;
 
@@ -57,6 +60,9 @@ public class JNLPPolicy extends Policy {
 
         systemJnlpPolicy = getPolicyFromConfig(DeploymentConfiguration.KEY_SYSTEM_SECURITY_POLICY);
         userJnlpPolicy = getPolicyFromConfig(DeploymentConfiguration.KEY_USER_SECURITY_POLICY);
+
+        String jre = System.getProperty("java.home");
+        jreExtDir = jre + File.separator + "lib" + File.separator + "ext";
     }
 
     /**
@@ -67,6 +73,10 @@ public class JNLPPolicy extends Policy {
         if (source.equals(systemSource) || source.equals(shellSource))
             return getAllPermissions();
 
+        if (isSystemJar(source)) {
+            return getAllPermissions();
+        }
+
         // if we check the SecurityDesc here then keep in mind that
         // code can add properties at runtime to the ResourcesDesc!
         if (JNLPRuntime.getApplication() != null) {
@@ -123,6 +133,22 @@ public class JNLPPolicy extends Policy {
     }
 
     /**
+     * Returns true if the CodeSource corresponds to a system jar. That is,
+     * it's part of the JRE.
+     */
+    private boolean isSystemJar(CodeSource source) {
+        // anything in JRE/lib/ext is a system jar and has full permissions
+        String sourceProtocol = source.getLocation().getProtocol();
+        String sourcePath = source.getLocation().getPath();
+        if (sourceProtocol.toUpperCase().equals("FILE") &&
+                sourcePath.startsWith(jreExtDir)) {
+            return true;
+        }
+
+        return false;
+    }
+
+    /**
      * Constructs a delegate policy based on a config setting
      * @param key a KEY_* in DeploymentConfiguration
      * @return a policy based on the configuration set by the user