[rfc][icedtea-web] Permissions manifest attribute fix

Andrew Azores aazores at redhat.com
Mon Mar 31 20:35:17 UTC 2014

On 03/31/2014 04:10 PM, Andrew Azores wrote:
> On 03/31/2014 01:28 PM, Andrew Azores wrote:
>> Hi,
>> The spec for this attribute is at [0]. Any reviewer, please double 
>> check the spec to be sure I've correctly interpreted it, and not just 
>> implemented something else.
>> [1] and [2] can be used as test cases for this fix. The Permissions 
>> manifest attribute had a bug due to the inability to distinguish 
>> between a signed applet being granted All-permission because it 
>> specified it in the HTML params, and a signed applet being granted 
>> All-permission because it did not specify a permission level and 
>> All-permission is the default in this case. This bug led to signed 
>> applets being unable to properly request for themselves to be run 
>> sandboxed.
>> This patch fixes it so that the applets may be run, however, there is 
>> a deficiency in that we are not actually able to sandbox the applet. 
>> This is because we are doing our manifest checks after all of our 
>> resources have been loaded and assigned SecurityDescs. In order to 
>> run an applet sandboxed, the SecurityDelegate#setRunInSandbox call 
>> must be performed before any of these security descriptors are 
>> assigned. This is not currently possible. However, we do at least 
>> have the Run In Sandbox button which can be used before the manifest 
>> checks are performed, which will then allow the applet to be run 
>> sandboxed at the user's discretion.
>> [0] 
>> http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/manifest.html#permissions
>> [1] 
>> http://docs.oracle.com/javase/tutorial/deployment/applet/deployingApplet.html
>> [2] 
>> http://docs.oracle.com/javase/tutorial/deployment/deploymentInDepth/examples/dist/depltoolkit_Java2Demo/DeployUsingJNLP.html
>> Thanks,
> Small refactor. Rather than the new RequestedPermissionLevel being 
> available from SecurityDesc and PluginBridge only, it's also available 
> from JNLPFile. PluginBridge, being a JNLPFile subclass, then overrides 
> the method and provides the correct implementation for HTML applets. 
> This just makes things more coherent IMO.
> Thanks,

And another, as discussed with Omair on IRC. Just extracted the common 
checks for HTML and JNLP into a new method and call this method once, 
before the split check for HTML/JNLP divergence. So long as the spec 
doesn't diverge the two any further, then this should be okay. Also 
remove an unnecessary typecast (made unnecessary in the last refactor 
due to new method and override, but forgot to fix).


Andrew A

-------------- next part --------------
A non-text attachment was scrubbed...
Name: permissions-attr-check-3.patch
Type: text/x-patch
Size: 14899 bytes
Desc: not available
URL: <http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20140331/1cc162bc/permissions-attr-check-3.patch>

More information about the distro-pkg-dev mailing list