From eb842815498f5926828b49c48fffce22fc9586a2 Mon Sep 17 00:00:00 2001 From: Sven Gothel Date: Fri, 21 Jun 2013 03:45:07 +0200 Subject: Security: Tighten DynamicLinker*, NativeLibrary and DynamicLibraryBundle access (2) - Completes 23341a2df2d2ea36784a16fa1db8bc7385351a12 - Replace 'DynamicLinker' interface w/ well documented one - All DynamicLinker methods are now considered secure, i.e.: - open/lookup and close utilize reference counting on handle via a hash map. - lookupSymbol(..) and close(..) impl. validate the passed library handle whether it's retrieved via open*. This is the fast path, not that expensive. - lookupSymbolGlobal(..) performs Check acccess of 'new RuntimePermission("loadLibrary.*")' if SecurityManager is installed. This is the slow path. - DynamicLibraryBundleInfo now reflects the security requirements, i.e. whether priviledged access is needed. --- src/java/com/jogamp/common/util/SecurityUtil.java | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'src/java/com/jogamp/common/util/SecurityUtil.java') diff --git a/src/java/com/jogamp/common/util/SecurityUtil.java b/src/java/com/jogamp/common/util/SecurityUtil.java index 4d7aa5d..6b35c9c 100644 --- a/src/java/com/jogamp/common/util/SecurityUtil.java +++ b/src/java/com/jogamp/common/util/SecurityUtil.java @@ -141,6 +141,17 @@ public class SecurityUtil { } } + /** + * Throws an {@link SecurityException} if an installed {@link SecurityManager} + * does not permit to dynamically link to all libraries. + */ + public static final void checkAllLinkPermission() throws SecurityException { + if( null != securityManager ) { + securityManager.checkPermission(allLinkPermission); + } + } + private static final RuntimePermission allLinkPermission = new RuntimePermission("loadLibrary.*"); + /** * @param clz * @return -- cgit v1.2.3