diff --git a/netx/net/sourceforge/jnlp/resources/Messages.properties b/netx/net/sourceforge/jnlp/resources/Messages.properties --- a/netx/net/sourceforge/jnlp/resources/Messages.properties +++ b/netx/net/sourceforge/jnlp/resources/Messages.properties @@ -492,12 +492,16 @@ PECodebaseFlag=Specify (a) codebase URL( PETitle=Policy Editor PEReadProps=Read system properties PEReadPropsDetail=Allow applets to read system properties such as your username and home directory location +PEWriteProps=Write system properties +PEWritePropsDetail=Allow applets to (over)write system properties PEReadFiles=Read from local files PEReadFilesDetail=Allow applets to read from files in your home directory PEWriteFiles=Write to local files PEWriteFilesDetail=Allow applets to write to files in your home directory PEReadSystemFiles=Read all system files PEReadSystemFilesDetail=Allow applets read-only access to all locations on your computer +PEWriteSystemFiles=Write all system files +PEWriteSystemFilesDetail=Allow applets write-only access to all locations on your computer PEReadTempFiles=Read from temp files PEReadTempFilesDetail=Allow applets to read from your temporary files directory PEWriteTempFiles=Write to temp files @@ -510,6 +514,18 @@ PEPrint=Print documents PEPrintDetail=Allow applets to queue print jobs PEAudio=Play sounds PEAudioDetail=Allow applets to play sounds, but not record +PEReflection=Java reflection +PEReflectionDetail=Allow applets to access the Java Reflection API +PEClassLoader=Get ClassLoader +PEClassLoaderDetail=Allow applets to access the system classloader (often used with Reflection) +PEClassInPackage=Access other packages +PEClassInPackageDetail=Allow applets to access classes from other applet packages (often used with Reflection) +PEDeclaredMembers=Access private class data +PEDeclaredMembersDetail=Allow applets to access normally hidden data from other Java classes (often used with Reflection) +PEExec=Execute commands +PEExecDetail=Allow applets to execute system commands +PEGetEnv=Get environment variables +PEGetEnvDetail=Allow applets to read system environment variables PECouldNotOpen=Unable to open policy file PECouldNotSave=Unable to save policy file PEAddCodebase=Add new Codebase diff --git a/netx/net/sourceforge/jnlp/security/policyeditor/PermissionActions.java b/netx/net/sourceforge/jnlp/security/policyeditor/PermissionActions.java --- a/netx/net/sourceforge/jnlp/security/policyeditor/PermissionActions.java +++ b/netx/net/sourceforge/jnlp/security/policyeditor/PermissionActions.java @@ -49,6 +49,7 @@ public enum PermissionActions { NONE(""), READ("read"), WRITE("write"), + EXECUTE("execute"), ACCEPT("accept"), LISTEN("listen"), CONNECT("connect"), diff --git a/netx/net/sourceforge/jnlp/security/policyeditor/PermissionTarget.java b/netx/net/sourceforge/jnlp/security/policyeditor/PermissionTarget.java --- a/netx/net/sourceforge/jnlp/security/policyeditor/PermissionTarget.java +++ b/netx/net/sourceforge/jnlp/security/policyeditor/PermissionTarget.java @@ -41,13 +41,19 @@ package net.sourceforge.jnlp.security.po */ public enum PermissionTarget { - NONE(""), + NONE(""), ALL("*"), + ALL_FILES("<>"), USER_HOME("${user.home}${/}*"), TMPDIR("${java.io.tmpdir}${/}*"), CLIPBOARD("accessClipboard"), PRINT("queuePrintJob"), - PLAY("play"); + PLAY("play"), + REFLECT("suppressAccessChecks"), + GETENV("getenv.*"), + ACCESS_CLASS_IN_PACKAGE("accessClassInPackage.*"), + DECLARED_MEMBERS("accessDeclaredMembers"), + CLASSLOADER("getClassLoader"); public final String target; diff --git a/netx/net/sourceforge/jnlp/security/policyeditor/PermissionType.java b/netx/net/sourceforge/jnlp/security/policyeditor/PermissionType.java --- a/netx/net/sourceforge/jnlp/security/policyeditor/PermissionType.java +++ b/netx/net/sourceforge/jnlp/security/policyeditor/PermissionType.java @@ -47,7 +47,8 @@ public enum PermissionType { AWT_PERMISSION("java.awt.AWTPermission"), SOCKET_PERMISSION("java.net.SocketPermission"), RUNTIME_PERMISSION("java.lang.RuntimePermission"), - AUDIO_PERMISSION("javax.sound.sampled.AudioPermission"); + AUDIO_PERMISSION("javax.sound.sampled.AudioPermission"), + REFLECT_PERMISSION("java.lang.reflect.ReflectPermission"); public final String type; diff --git a/netx/net/sourceforge/jnlp/security/policyeditor/PolicyEditorPermissions.java b/netx/net/sourceforge/jnlp/security/policyeditor/PolicyEditorPermissions.java --- a/netx/net/sourceforge/jnlp/security/policyeditor/PolicyEditorPermissions.java +++ b/netx/net/sourceforge/jnlp/security/policyeditor/PolicyEditorPermissions.java @@ -56,8 +56,14 @@ public enum PolicyEditorPermissions { READ_PROPERTIES(R("PEReadProps"), R("PEReadPropsDetail"), PermissionType.PROPERTY_PERMISSION, PermissionTarget.ALL, PermissionActions.READ), + WRITE_PROPERTIES(R("PEWriteProps"), R("PEWritePropsDetail"), + PermissionType.PROPERTY_PERMISSION, PermissionTarget.ALL, PermissionActions.WRITE), + READ_SYSTEM_FILES(R("PEReadSystemFiles"), R("PEReadSystemFilesDetail"), - PermissionType.FILE_PERMISSION, PermissionTarget.ALL, PermissionActions.READ), + PermissionType.FILE_PERMISSION, PermissionTarget.ALL_FILES, PermissionActions.READ), + + WRITE_SYSTEM_FILES(R("PEWriteSystemFiles"), R("PEWriteSystemFilesDetail"), + PermissionType.FILE_PERMISSION, PermissionTarget.ALL_FILES, PermissionActions.WRITE), READ_TMP_FILES(R("PEReadTempFiles"), R("PEReadTempFilesDetail"), PermissionType.FILE_PERMISSION, PermissionTarget.TMPDIR, PermissionActions.READ), @@ -65,12 +71,30 @@ public enum PolicyEditorPermissions { WRITE_TMP_FILES(R("PEWriteTempFiles"), R("PEWriteTempFilesDetail"), PermissionType.FILE_PERMISSION, PermissionTarget.TMPDIR, PermissionActions.WRITE), - CLIPBOARD(R("PEClipboard"), R("PEClipboardDetail"), - PermissionType.AWT_PERMISSION, PermissionTarget.CLIPBOARD, PermissionActions.NONE), + JAVA_REFLECTION(R("PEReflection"), R("PEReflectionDetail"), + PermissionType.REFLECT_PERMISSION, PermissionTarget.REFLECT, PermissionActions.NONE), + + GET_CLASSLOADER(R("PEClassLoader"), R("PEClassLoaderDetail"), + PermissionType.RUNTIME_PERMISSION, PermissionTarget.CLASSLOADER, PermissionActions.NONE), + + ACCESS_CLASS_IN_PACKAGE(R("PEClassInPackage"), R("PEClassInPackageDetail"), + PermissionType.RUNTIME_PERMISSION, PermissionTarget.ACCESS_CLASS_IN_PACKAGE, PermissionActions.NONE), + + ACCESS_DECLARED_MEMBERS(R("PEDeclaredMembers"), R("PEDeclaredMembersDetail"), + PermissionType.RUNTIME_PERMISSION, PermissionTarget.DECLARED_MEMBERS, PermissionActions.NONE), NETWORK(R("PENetwork"), R("PENetworkDetail"), PermissionType.SOCKET_PERMISSION, PermissionTarget.ALL, PermissionActions.NETALL), + EXEC_COMMANDS(R("PEExec"), R("PEExecDetail"), + PermissionType.FILE_PERMISSION, PermissionTarget.ALL_FILES, PermissionActions.EXECUTE), + + GET_ENV(R("PEGetEnv"), R("PEGetEnvDetail"), + PermissionType.RUNTIME_PERMISSION, PermissionTarget.GETENV, PermissionActions.NONE), + + CLIPBOARD(R("PEClipboard"), R("PEClipboardDetail"), + PermissionType.AWT_PERMISSION, PermissionTarget.CLIPBOARD, PermissionActions.NONE), + PRINT(R("PEPrint"), R("PEPrintDetail"), PermissionType.RUNTIME_PERMISSION, PermissionTarget.PRINT, PermissionActions.NONE),