From 6144e5cba6ef2e89096e6a74b74dd0d5ebf996b1 Mon Sep 17 00:00:00 2001
From: Omair Majid <omajid@redhat.com>
Date: Tue, 4 Jan 2011 15:12:40 -0500
Subject: allow custom permissions instead of all permissions for trusted code
2011-01-04 Omair Majid <omajid@redhat.com>
* netx/net/sourceforge/jnlp/SecurityDesc.java: Add
customTrustedPolicy.
(SecurityDesc): Initialize customTrustedPolicy.
(getCustomTrustedPolicy): New method. Get custom policy file from
configuration and use it to initialize a custom configuration.
(getPermissions): If trusted application and customTrustedPolicy is
not null, delegate to otherwise return AllPermissions.
* netx/net/sourceforge/jnlp/config/Defaults.java
(getDefaults): Use constant for property.
* netx/net/sourceforge/jnlp/config/DeploymentConfiguration.java:
Add new constant KEY_SECURITY_TRUSTED_POLICY.
* netx/net/sourceforge/jnlp/runtime/ApplicationInstance.java
(installEnvironment): Pass cs as a parameter to
SecurityDesc.getPermissions.
* netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
(getPermissions): Likewise.
---
netx/net/sourceforge/jnlp/SecurityDesc.java | 41 ++++++++++++++++++++++++++---
1 file changed, 38 insertions(+), 3 deletions(-)
(limited to 'netx/net/sourceforge/jnlp/SecurityDesc.java')
diff --git a/netx/net/sourceforge/jnlp/SecurityDesc.java b/netx/net/sourceforge/jnlp/SecurityDesc.java
index 7613017..ee5ea5f 100644
--- a/netx/net/sourceforge/jnlp/SecurityDesc.java
+++ b/netx/net/sourceforge/jnlp/SecurityDesc.java
@@ -58,6 +58,8 @@ public class SecurityDesc {
/** the JNLP file */
private JNLPFile file;
+ private final Policy customTrustedPolicy;
+
// We go by the rules here:
// http://java.sun.com/docs/books/tutorial/deployment/doingMoreWithRIA/properties.html
@@ -151,6 +153,33 @@ public class SecurityDesc {
String key = DeploymentConfiguration.KEY_SECURITY_ALLOW_HIDE_WINDOW_WARNING;
grantAwtPermissions = Boolean.valueOf(JNLPRuntime.getConfiguration().getProperty(key));
+
+ customTrustedPolicy = getCustomTrustedPolicy();
+ }
+
+ /**
+ * Returns a Policy object that represents a custom policy to use instead
+ * of granting {@link AllPermission} to a {@link CodeSource}
+ *
+ * @return a {@link Policy} object to delegate to. May be null, which
+ * indicates that no policy exists and AllPermissions should be granted
+ * instead.
+ */
+ private Policy getCustomTrustedPolicy() {
+ String key = DeploymentConfiguration.KEY_SECURITY_TRUSTED_POLICY;
+ String policyLocation = JNLPRuntime.getConfiguration().getProperty(key);
+
+ Policy policy = null;
+ if (policyLocation != null) {
+ try {
+ URI policyUri = new URI("file://" + policyLocation);
+ policy = Policy.getInstance("JavaPolicy", new URIParameter(policyUri));
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+ // return the appropriate policy, or null
+ return policy;
}
/**
@@ -164,15 +193,21 @@ public class SecurityDesc {
/**
* Returns a PermissionCollection containing the basic
* permissions granted depending on the security type.
+ *
+ * @param cs the CodeSource to get permissions for
*/
- public PermissionCollection getPermissions() {
+ public PermissionCollection getPermissions(CodeSource cs) {
PermissionCollection permissions = getSandBoxPermissions();
// discard sandbox, give all
if (type == ALL_PERMISSIONS) {
permissions = new Permissions();
- permissions.add(new AllPermission());
- return permissions;
+ if (customTrustedPolicy == null) {
+ permissions.add(new AllPermission());
+ return permissions;
+ } else {
+ return customTrustedPolicy.getPermissions(cs);
+ }
}
// add j2ee to sandbox if needed
--
cgit v1.2.3