예제 #1
0
  protected PermissionCollection getPermissions(CodeSource codeSource) {
    PermissionCollection perms;
    try {
      try {
        perms = super.getPermissions(codeSource);
      } catch (SecurityException e) {
        // We lied about our CodeSource and that makes URLClassLoader unhappy.
        perms = new Permissions();
      }

      ProtectionDomain myDomain =
          AccessController.doPrivileged(
              new PrivilegedAction<ProtectionDomain>() {
                public ProtectionDomain run() {
                  return getClass().getProtectionDomain();
                }
              });
      PermissionCollection myPerms = myDomain.getPermissions();
      if (myPerms != null) {
        for (Enumeration<Permission> elements = myPerms.elements(); elements.hasMoreElements(); ) {
          perms.add(elements.nextElement());
        }
      }
    } catch (Throwable e) {
      // We lied about our CodeSource and that makes URLClassLoader unhappy.
      perms = new Permissions();
    }
    perms.setReadOnly();
    return perms;
  }
예제 #2
0
 @Override
 protected PermissionCollection getPermissions(CodeSource codeSource) {
   PermissionCollection perms = super.getPermissions(codeSource);
   for (Permission perm : permSet) {
     perms.add(perm);
   }
   return perms;
 }
예제 #3
0
 boolean checkPermission(Permission permission, BundlePermissions bundlePermissions) {
   // check permissions by location
   PermissionInfoCollection locationCollection;
   SecurityTable curCondAdminTable;
   PermissionInfoCollection curPermAdminDefaults;
   // save off the current state of the world while holding the lock
   synchronized (lock) {
     // get location the hard way to avoid permission check
     Bundle bundle = bundlePermissions.getBundle();
     locationCollection =
         bundle instanceof AbstractBundle
             ? permAdminTable.getCollection(
                 ((AbstractBundle) bundle).getBundleData().getLocation())
             : null;
     curCondAdminTable = condAdminTable;
     curPermAdminDefaults = permAdminDefaults;
   }
   if (locationCollection != null) return locationCollection.implies(permission);
   // if conditional admin table is empty the fall back to defaults
   if (curCondAdminTable.isEmpty())
     return curPermAdminDefaults != null
         ? curPermAdminDefaults.implies(permission)
         : DEFAULT_DEFAULT.implies(permission);
   // check the condition table
   int result = curCondAdminTable.evaluate(bundlePermissions, permission);
   if ((result & SecurityTable.GRANTED) != 0) return true;
   if ((result & SecurityTable.DENIED) != 0) return false;
   if ((result & SecurityTable.POSTPONED) != 0) return true;
   return false;
 }
예제 #4
0
 static {
   AllPermission allPerm = new AllPermission();
   DEFAULT_DEFAULT = allPerm.newPermissionCollection();
   if (DEFAULT_DEFAULT != null) DEFAULT_DEFAULT.add(allPerm);
 }
예제 #5
0
  /**
   * get the context for the AppletClassLoader we are creating. the context is granted permission to
   * create the class loader, connnect to the codebase, and whatever else the policy grants to all
   * codebases.
   */
  private AccessControlContext getAccessControlContext(final URL codebase) {

    PermissionCollection perms =
        AccessController.doPrivileged(
            new PrivilegedAction<PermissionCollection>() {
              @Override
              public PermissionCollection run() {
                Policy p = java.security.Policy.getPolicy();
                if (p != null) {
                  return p.getPermissions(
                      new CodeSource(null, (java.security.cert.Certificate[]) null));
                } else {
                  return null;
                }
              }
            });

    if (perms == null) perms = new Permissions();

    // XXX: this is needed to be able to create the classloader itself!

    perms.add(SecurityConstants.CREATE_CLASSLOADER_PERMISSION);

    Permission p;
    java.net.URLConnection urlConnection = null;
    try {
      urlConnection = codebase.openConnection();
      p = urlConnection.getPermission();
    } catch (java.io.IOException ioe) {
      p = null;
    }

    if (p != null) perms.add(p);

    if (p instanceof FilePermission) {

      String path = p.getName();

      int endIndex = path.lastIndexOf(File.separatorChar);

      if (endIndex != -1) {
        path = path.substring(0, endIndex + 1);

        if (path.endsWith(File.separator)) {
          path += "-";
        }
        perms.add(new FilePermission(path, SecurityConstants.FILE_READ_ACTION));
      }
    } else {
      URL locUrl = codebase;
      if (urlConnection instanceof JarURLConnection) {
        locUrl = ((JarURLConnection) urlConnection).getJarFileURL();
      }
      String host = locUrl.getHost();
      if (host != null && (host.length() > 0))
        perms.add(new SocketPermission(host, SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION));
    }

    ProtectionDomain domain =
        new ProtectionDomain(
            new CodeSource(codebase, (java.security.cert.Certificate[]) null), perms);
    AccessControlContext acc = new AccessControlContext(new ProtectionDomain[] {domain});

    return acc;
  }
예제 #6
0
  /** Does install of JRE */
  public static void install() {

    // Hide the JNLP Clients installer window and show own
    Config.getInstallService().hideStatusWindow();
    showInstallerWindow();

    // Make sure the destination exists.
    String path = Config.getInstallService().getInstallPath();
    if (Config.isWindowsInstall()) {
      String defaultLocation = "C:\\Program Files\\Java\\j2re" + Config.getJavaVersion() + "\\";
      File defaultDir = new File(defaultLocation);
      if (!defaultDir.exists()) {
        defaultDir.mkdirs();
      }
      if (defaultDir.exists() && defaultDir.canWrite()) {
        path = defaultLocation; // use default if you can
      }
    }

    File installDir = new File(path);

    if (!installDir.exists()) {
      installDir.mkdirs();
      if (!installDir.exists()) {
        // The installFailed string is only for debugging. No localization needed
        installFailed("couldntCreateDirectory", null);
        return;
      }
    }

    // Show license if neccesary
    enableStep(STEP_LICENSE);
    if (!showLicensing()) {
      // The installFailed string is only for debugging. No localization needed
      installFailed("Licensing was not accepted", null);
    }
    ;

    // Make sure that the data JAR is downloaded
    enableStep(STEP_DOWNLOAD);
    if (!downloadInstallerComponent()) {
      // The installFailed string is only for debugging. No localization needed
      installFailed("Unable to download data component", null);
    }

    String nativeLibName = Config.getNativeLibName();
    File installerFile = null;

    try {
      // Load native library into process if found
      if (nativeLibName != null && !Config.isSolarisInstall()) {
        System.loadLibrary(nativeLibName);
      }

      // Unpack installer
      enableStep(STEP_UNPACK);
      String installResource = Config.getInstallerResource();
      Config.trace("Installer resource: " + installResource);
      installerFile = unpackInstaller(installResource);

      // To clean-up downloaded files
      Config.trace("Unpacked installer to: " + installerFile);
      if (installerFile == null) {
        // The installFailed string is only for debugging. No localization needed
        installFailed("Could not unpack installer components", null);
        return;
      }

      enableStep(STEP_INSTALL);
      setStepText(STEP_INSTALL, Config.getWindowStepWait(STEP_INSTALL));

      boolean success = false;
      if (Config.isSolarisInstall()) {
        success = runSolarisInstaller(path, installerFile);
      } else {
        success = runWindowsInstaller(path, installerFile);
      }

      if (!success) {
        // The installFailed string is only for debugging. No localization needed
        installFailed("Could not run installer", null);
        return;
      }
    } catch (UnsatisfiedLinkError ule) {
      // The installFailed string is only for debugging. No localization needed
      installFailed("Unable to load library: " + nativeLibName, null);
      return;
    } finally {
      if (installerFile != null) {
        installerFile.delete();
      }
    }

    setStepText(STEP_INSTALL, Config.getWindowStep(STEP_INSTALL));
    enableStep(STEP_DONE);

    String execPath = path + Config.getJavaPath();
    Config.trace(execPath);

    /** Remove installer JAR from cache */
    removeInstallerComponent();

    // If we're running anything after 1.0.1 or not on Windows, just call
    // finishedInstall.  Otherwise, deny ExitVM permission so that we can
    // return here and do a reboot.  We have to do this because we need to
    // call ExtensionInstallerService.finishedInstall(), which registers
    // that our extension (the JRE) is installed.  Unfortunately pre-1.2 it
    // also does not understand that we are requesting a reboot, and calls
    // System.exit().  So for pre 1.2 we want to deny the permission to
    // exit the VM so we can return here and perform a reboot.
    boolean ispre12 = false;
    String version = Config.getJavaWSVersion();
    // get first tuple
    String v = version.substring(version.indexOf('-') + 1);
    int i2 = v.indexOf('.');
    int v1 = Integer.parseInt(v.substring(0, i2));
    // get second tuple
    v = v.substring(i2 + 1);
    i2 = v.indexOf('.');
    if (i2 == -1) i2 = v.indexOf('-');
    if (i2 == -1) i2 = v.indexOf('[');
    if (i2 == -1) i2 = v.length();
    int v2 = Integer.parseInt(v.substring(0, i2));
    // are we pre 1.2?
    if (v1 < 1 || (v1 == 1 && v2 < 2)) ispre12 = true;

    if (Config.isWindowsInstall() && ispre12 && Config.isHopper()) {
      // deny ExitVM permission then call finishedInstall
      ProtectionDomain pd = (new Object()).getClass().getProtectionDomain();
      CodeSource cs = pd.getCodeSource();
      AllPermissionExceptExitVM perm = new AllPermissionExceptExitVM();
      PermissionCollection newpc = perm.newPermissionCollection();
      newpc.add(perm);

      // run finishedInstall within the new context which excluded
      // just the ExitVM permission
      ProtectionDomain newpd = new ProtectionDomain(cs, newpc);
      AccessControlContext newacc = new AccessControlContext(new ProtectionDomain[] {newpd});
      final String fExecPath = execPath;
      try {
        AccessController.doPrivileged(
            new PrivilegedExceptionAction() {
              public Object run() throws SecurityException {
                finishedInstall(fExecPath);
                return null;
              }
            },
            newacc);
      } catch (PrivilegedActionException pae) {
        // swallow the exception because we want ExitVM to fail silent
      } catch (SecurityException se) {
        // swallow the exception because we want ExitVM to fail silent
      }
    } else {
      // just call finished Install
      finishedInstall(execPath);
    }

    if (Config.isWindowsInstall() && WindowsInstaller.IsRebootNecessary()) {
      // reboot
      if (!WindowsInstaller.askUserForReboot()) System.exit(0);
    } else {
      System.exit(0);
    }
  }