Beispiel #1
0
 // Construct PermissionCollection that permits an action only
 // if it is permitted by staticDomain and by security context of Java stack on
 // the moment of constructor invocation
 ContextPermissions(ProtectionDomain staticDomain) {
   _context = AccessController.getContext();
   if (staticDomain != null) {
     _statisPermissions = staticDomain.getPermissions();
   }
   setReadOnly();
 }
Beispiel #2
0
 protected void callProcessFileSecure(
     final Context cx, final Scriptable scope, final String filename) {
   AccessController.doPrivileged(
       new PrivilegedAction() {
         public Object run() {
           URL url = getUrlObj(filename);
           ProtectionDomain staticDomain = getUrlDomain(url);
           Main.processFileSecure(cx, scope, url.toExternalForm(), staticDomain);
           return null;
         }
       });
 }
Beispiel #3
0
  public Object callWithDomain(
      Object securityDomain,
      final Context cx,
      final Callable callable,
      final Scriptable scope,
      final Scriptable thisObj,
      final Object[] args) {
    ProtectionDomain staticDomain = (ProtectionDomain) securityDomain;
    // There is no direct way in Java to intersect permitions according
    // stack context with additional domain.
    // The following implementation first constructs ProtectionDomain
    // that allows actions only allowed by both staticDomain and current
    // stack context, and then constructs AccessController for this dynamic
    // domain.
    // If this is too slow, alternative solution would be to generate
    // class per domain with a proxy method to call to infect
    // java stack.
    // Another optimization in case of scripts coming from "world" domain,
    // that is having minimal default privileges is to construct
    // one AccessControlContext based on ProtectionDomain
    // with least possible privileges and simply call
    // AccessController.doPrivileged with this untrusted context

    ProtectionDomain dynamicDomain = getDynamicDomain(staticDomain);
    ProtectionDomain[] tmp = {dynamicDomain};
    AccessControlContext restricted = new AccessControlContext(tmp);

    PrivilegedAction action =
        new PrivilegedAction() {
          public Object run() {
            return callable.call(cx, scope, thisObj, args);
          }
        };

    return AccessController.doPrivileged(action, restricted);
  }