protected PermissionCollection getPermissions(CodeSource codeSource) { PermissionCollection perms; try { try { perms = super.getPermissions(codeSource); } catch (SecurityException e) { // We lied about our CodeSource and that makes URLClassLoader unhappy. perms = new Permissions(); } ProtectionDomain myDomain = AccessController.doPrivileged( new PrivilegedAction<ProtectionDomain>() { public ProtectionDomain run() { return getClass().getProtectionDomain(); } }); PermissionCollection myPerms = myDomain.getPermissions(); if (myPerms != null) { for (Enumeration<Permission> elements = myPerms.elements(); elements.hasMoreElements(); ) { perms.add(elements.nextElement()); } } } catch (Throwable e) { // We lied about our CodeSource and that makes URLClassLoader unhappy. perms = new Permissions(); } perms.setReadOnly(); return perms; }
@Override protected PermissionCollection getPermissions(CodeSource codeSource) { PermissionCollection perms = super.getPermissions(codeSource); for (Permission perm : permSet) { perms.add(perm); } return perms; }
boolean checkPermission(Permission permission, BundlePermissions bundlePermissions) { // check permissions by location PermissionInfoCollection locationCollection; SecurityTable curCondAdminTable; PermissionInfoCollection curPermAdminDefaults; // save off the current state of the world while holding the lock synchronized (lock) { // get location the hard way to avoid permission check Bundle bundle = bundlePermissions.getBundle(); locationCollection = bundle instanceof AbstractBundle ? permAdminTable.getCollection( ((AbstractBundle) bundle).getBundleData().getLocation()) : null; curCondAdminTable = condAdminTable; curPermAdminDefaults = permAdminDefaults; } if (locationCollection != null) return locationCollection.implies(permission); // if conditional admin table is empty the fall back to defaults if (curCondAdminTable.isEmpty()) return curPermAdminDefaults != null ? curPermAdminDefaults.implies(permission) : DEFAULT_DEFAULT.implies(permission); // check the condition table int result = curCondAdminTable.evaluate(bundlePermissions, permission); if ((result & SecurityTable.GRANTED) != 0) return true; if ((result & SecurityTable.DENIED) != 0) return false; if ((result & SecurityTable.POSTPONED) != 0) return true; return false; }
static { AllPermission allPerm = new AllPermission(); DEFAULT_DEFAULT = allPerm.newPermissionCollection(); if (DEFAULT_DEFAULT != null) DEFAULT_DEFAULT.add(allPerm); }
/** * get the context for the AppletClassLoader we are creating. the context is granted permission to * create the class loader, connnect to the codebase, and whatever else the policy grants to all * codebases. */ private AccessControlContext getAccessControlContext(final URL codebase) { PermissionCollection perms = AccessController.doPrivileged( new PrivilegedAction<PermissionCollection>() { @Override public PermissionCollection run() { Policy p = java.security.Policy.getPolicy(); if (p != null) { return p.getPermissions( new CodeSource(null, (java.security.cert.Certificate[]) null)); } else { return null; } } }); if (perms == null) perms = new Permissions(); // XXX: this is needed to be able to create the classloader itself! perms.add(SecurityConstants.CREATE_CLASSLOADER_PERMISSION); Permission p; java.net.URLConnection urlConnection = null; try { urlConnection = codebase.openConnection(); p = urlConnection.getPermission(); } catch (java.io.IOException ioe) { p = null; } if (p != null) perms.add(p); if (p instanceof FilePermission) { String path = p.getName(); int endIndex = path.lastIndexOf(File.separatorChar); if (endIndex != -1) { path = path.substring(0, endIndex + 1); if (path.endsWith(File.separator)) { path += "-"; } perms.add(new FilePermission(path, SecurityConstants.FILE_READ_ACTION)); } } else { URL locUrl = codebase; if (urlConnection instanceof JarURLConnection) { locUrl = ((JarURLConnection) urlConnection).getJarFileURL(); } String host = locUrl.getHost(); if (host != null && (host.length() > 0)) perms.add(new SocketPermission(host, SecurityConstants.SOCKET_CONNECT_ACCEPT_ACTION)); } ProtectionDomain domain = new ProtectionDomain( new CodeSource(codebase, (java.security.cert.Certificate[]) null), perms); AccessControlContext acc = new AccessControlContext(new ProtectionDomain[] {domain}); return acc; }
/** Does install of JRE */ public static void install() { // Hide the JNLP Clients installer window and show own Config.getInstallService().hideStatusWindow(); showInstallerWindow(); // Make sure the destination exists. String path = Config.getInstallService().getInstallPath(); if (Config.isWindowsInstall()) { String defaultLocation = "C:\\Program Files\\Java\\j2re" + Config.getJavaVersion() + "\\"; File defaultDir = new File(defaultLocation); if (!defaultDir.exists()) { defaultDir.mkdirs(); } if (defaultDir.exists() && defaultDir.canWrite()) { path = defaultLocation; // use default if you can } } File installDir = new File(path); if (!installDir.exists()) { installDir.mkdirs(); if (!installDir.exists()) { // The installFailed string is only for debugging. No localization needed installFailed("couldntCreateDirectory", null); return; } } // Show license if neccesary enableStep(STEP_LICENSE); if (!showLicensing()) { // The installFailed string is only for debugging. No localization needed installFailed("Licensing was not accepted", null); } ; // Make sure that the data JAR is downloaded enableStep(STEP_DOWNLOAD); if (!downloadInstallerComponent()) { // The installFailed string is only for debugging. No localization needed installFailed("Unable to download data component", null); } String nativeLibName = Config.getNativeLibName(); File installerFile = null; try { // Load native library into process if found if (nativeLibName != null && !Config.isSolarisInstall()) { System.loadLibrary(nativeLibName); } // Unpack installer enableStep(STEP_UNPACK); String installResource = Config.getInstallerResource(); Config.trace("Installer resource: " + installResource); installerFile = unpackInstaller(installResource); // To clean-up downloaded files Config.trace("Unpacked installer to: " + installerFile); if (installerFile == null) { // The installFailed string is only for debugging. No localization needed installFailed("Could not unpack installer components", null); return; } enableStep(STEP_INSTALL); setStepText(STEP_INSTALL, Config.getWindowStepWait(STEP_INSTALL)); boolean success = false; if (Config.isSolarisInstall()) { success = runSolarisInstaller(path, installerFile); } else { success = runWindowsInstaller(path, installerFile); } if (!success) { // The installFailed string is only for debugging. No localization needed installFailed("Could not run installer", null); return; } } catch (UnsatisfiedLinkError ule) { // The installFailed string is only for debugging. No localization needed installFailed("Unable to load library: " + nativeLibName, null); return; } finally { if (installerFile != null) { installerFile.delete(); } } setStepText(STEP_INSTALL, Config.getWindowStep(STEP_INSTALL)); enableStep(STEP_DONE); String execPath = path + Config.getJavaPath(); Config.trace(execPath); /** Remove installer JAR from cache */ removeInstallerComponent(); // If we're running anything after 1.0.1 or not on Windows, just call // finishedInstall. Otherwise, deny ExitVM permission so that we can // return here and do a reboot. We have to do this because we need to // call ExtensionInstallerService.finishedInstall(), which registers // that our extension (the JRE) is installed. Unfortunately pre-1.2 it // also does not understand that we are requesting a reboot, and calls // System.exit(). So for pre 1.2 we want to deny the permission to // exit the VM so we can return here and perform a reboot. boolean ispre12 = false; String version = Config.getJavaWSVersion(); // get first tuple String v = version.substring(version.indexOf('-') + 1); int i2 = v.indexOf('.'); int v1 = Integer.parseInt(v.substring(0, i2)); // get second tuple v = v.substring(i2 + 1); i2 = v.indexOf('.'); if (i2 == -1) i2 = v.indexOf('-'); if (i2 == -1) i2 = v.indexOf('['); if (i2 == -1) i2 = v.length(); int v2 = Integer.parseInt(v.substring(0, i2)); // are we pre 1.2? if (v1 < 1 || (v1 == 1 && v2 < 2)) ispre12 = true; if (Config.isWindowsInstall() && ispre12 && Config.isHopper()) { // deny ExitVM permission then call finishedInstall ProtectionDomain pd = (new Object()).getClass().getProtectionDomain(); CodeSource cs = pd.getCodeSource(); AllPermissionExceptExitVM perm = new AllPermissionExceptExitVM(); PermissionCollection newpc = perm.newPermissionCollection(); newpc.add(perm); // run finishedInstall within the new context which excluded // just the ExitVM permission ProtectionDomain newpd = new ProtectionDomain(cs, newpc); AccessControlContext newacc = new AccessControlContext(new ProtectionDomain[] {newpd}); final String fExecPath = execPath; try { AccessController.doPrivileged( new PrivilegedExceptionAction() { public Object run() throws SecurityException { finishedInstall(fExecPath); return null; } }, newacc); } catch (PrivilegedActionException pae) { // swallow the exception because we want ExitVM to fail silent } catch (SecurityException se) { // swallow the exception because we want ExitVM to fail silent } } else { // just call finished Install finishedInstall(execPath); } if (Config.isWindowsInstall() && WindowsInstaller.IsRebootNecessary()) { // reboot if (!WindowsInstaller.askUserForReboot()) System.exit(0); } else { System.exit(0); } }