Return-Path: Delivered-To: apmail-incubator-felix-commits-archive@www.apache.org Received: (qmail 19347 invoked from network); 30 Oct 2006 11:13:14 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 30 Oct 2006 11:13:14 -0000 Received: (qmail 68014 invoked by uid 500); 30 Oct 2006 11:13:24 -0000 Delivered-To: apmail-incubator-felix-commits-archive@incubator.apache.org Received: (qmail 67999 invoked by uid 500); 30 Oct 2006 11:13:24 -0000 Mailing-List: contact felix-commits-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: felix-dev@incubator.apache.org Delivered-To: mailing list felix-commits@incubator.apache.org Received: (qmail 67988 invoked by uid 99); 30 Oct 2006 11:13:24 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 30 Oct 2006 03:13:24 -0800 X-ASF-Spam-Status: No, hits=0.6 required=10.0 tests=NO_REAL_NAME X-Spam-Check-By: apache.org Received: from [140.211.11.3] (HELO eris.apache.org) (140.211.11.3) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 30 Oct 2006 03:13:10 -0800 Received: by eris.apache.org (Postfix, from userid 65534) id B1AE41A9846; Mon, 30 Oct 2006 03:12:23 -0800 (PST) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r469121 - in /incubator/felix/trunk/framework/src/main/java/org/apache/felix/framework: FakeURLStreamHandler.java Felix.java util/SecureAction.java Date: Mon, 30 Oct 2006 11:12:23 -0000 To: felix-commits@incubator.apache.org From: pauls@apache.org X-Mailer: svnmailer-1.1.0 Message-Id: <20061030111223.B1AE41A9846@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: pauls Date: Mon Oct 30 03:12:20 2006 New Revision: 469121 URL: http://svn.apache.org/viewvc?view=rev&rev=469121 Log: Create a protection domain with a valid code source when a security manager is present nevermind whether the bundle url protocol is unkown or not (FELIX-21). Modified: incubator/felix/trunk/framework/src/main/java/org/apache/felix/framework/FakeURLStreamHandler.java incubator/felix/trunk/framework/src/main/java/org/apache/felix/framework/Felix.java incubator/felix/trunk/framework/src/main/java/org/apache/felix/framework/util/SecureAction.java Modified: incubator/felix/trunk/framework/src/main/java/org/apache/felix/framework/FakeURLStreamHandler.java URL: http://svn.apache.org/viewvc/incubator/felix/trunk/framework/src/main/java/org/apache/felix/framework/FakeURLStreamHandler.java?view=diff&rev=469121&r1=469120&r2=469121 ============================================================================== --- incubator/felix/trunk/framework/src/main/java/org/apache/felix/framework/FakeURLStreamHandler.java (original) +++ incubator/felix/trunk/framework/src/main/java/org/apache/felix/framework/FakeURLStreamHandler.java Mon Oct 30 03:12:20 2006 @@ -36,6 +36,6 @@ { protected URLConnection openConnection(URL url) throws IOException { - return null; + throw new IOException("FakeURLStreamHandler can not be used!"); } } Modified: incubator/felix/trunk/framework/src/main/java/org/apache/felix/framework/Felix.java URL: http://svn.apache.org/viewvc/incubator/felix/trunk/framework/src/main/java/org/apache/felix/framework/Felix.java?view=diff&rev=469121&r1=469120&r2=469121 ============================================================================== --- incubator/felix/trunk/framework/src/main/java/org/apache/felix/framework/Felix.java (original) +++ incubator/felix/trunk/framework/src/main/java/org/apache/felix/framework/Felix.java Mon Oct 30 03:12:20 2006 @@ -20,6 +20,7 @@ import java.io.*; import java.net.URL; +import java.net.URLConnection; import java.net.URLStreamHandler; import java.security.CodeSource; import java.security.ProtectionDomain; @@ -1291,9 +1292,9 @@ if (!pd.implies(perm)) { - throw new java.security.AccessControlException( - "PackagePermission.IMPORT denied for import: " + - imports[i].getName(), perm); + throw new java.security.AccessControlException( + "PackagePermission.IMPORT denied for import: " + + imports[i].getName(), perm); } } // Check export permission for all exports of the current module. @@ -2631,33 +2632,23 @@ IModule module = m_factory.createModule( Long.toString(targetId) + "." + Integer.toString(revision), md); - ProtectionDomain pd = null; - if (System.getSecurityManager() != null) { - String location = m_cache.getArchive(targetId).getLocation(); - - if (location.startsWith("reference:")) - { - location = location.substring("reference:".length()); - } - - CodeSource codesource = new CodeSource( - new URL(location), + CodeSource codesource = new CodeSource(m_secureAction.createURL(null, + m_cache.getArchive(targetId).getLocation(), + new FakeURLStreamHandler()), m_cache.getArchive(targetId).getCertificates()); - pd = new ProtectionDomain(codesource, - m_secureAction.getPolicy().getPermissions(codesource)); + m_factory.setSecurityContext(module, new ProtectionDomain(codesource, + m_secureAction.getPolicy().getPermissions(codesource))); } - m_factory.setSecurityContext(module, pd); - // Create the content loader from the module archive. IContentLoader contentLoader = new ContentLoaderImpl( m_logger, m_cache.getArchive(targetId).getRevision(revision).getContent(), m_cache.getArchive(targetId).getRevision(revision).getContentPath(), - pd); + (ProtectionDomain) module.getSecurityContext()); // Set the content loader's search policy. contentLoader.setSearchPolicy( new R4SearchPolicy(m_policyCore, module)); Modified: incubator/felix/trunk/framework/src/main/java/org/apache/felix/framework/util/SecureAction.java URL: http://svn.apache.org/viewvc/incubator/felix/trunk/framework/src/main/java/org/apache/felix/framework/util/SecureAction.java?view=diff&rev=469121&r1=469120&r2=469121 ============================================================================== --- incubator/felix/trunk/framework/src/main/java/org/apache/felix/framework/util/SecureAction.java (original) +++ incubator/felix/trunk/framework/src/main/java/org/apache/felix/framework/util/SecureAction.java Mon Oct 30 03:12:20 2006 @@ -133,6 +133,33 @@ return new URL(protocol, host, port, path, handler); } } + + public URL createURL(URL context, String spec, URLStreamHandler handler) + throws MalformedURLException + { + if (System.getSecurityManager() != null) + { + try + { + Actions actions = (Actions) m_actions.get(); + actions.set(Actions.CREATE_URL_WITH_CONTEXT_ACTION, context, + spec, handler); + return (URL) AccessController.doPrivileged(actions, m_acc); + } + catch (PrivilegedActionException ex) + { + if (ex.getException() instanceof MalformedURLException) + { + throw (MalformedURLException) ex.getException(); + } + throw (RuntimeException) ex.getException(); + } + } + else + { + return new URL(context, spec, handler); + } + } public String getAbsolutePath(File file) { @@ -553,25 +580,26 @@ public static final int GET_PROPERTY_ACTION = 0; public static final int FOR_NAME_ACTION = 1; public static final int CREATE_URL_ACTION = 2; - public static final int GET_ABSOLUTE_PATH_ACTION = 3; - public static final int FILE_EXISTS_ACTION = 4; - public static final int FILE_IS_DIRECTORY_ACTION = 5; - public static final int MAKE_DIRECTORY_ACTION = 6; - public static final int MAKE_DIRECTORIES_ACTION = 7; - public static final int LIST_DIRECTORY_ACTION = 8; - public static final int RENAME_FILE_ACTION = 9; - public static final int GET_FILE_INPUT_ACTION = 10; - public static final int GET_FILE_OUTPUT_ACTION = 11; - public static final int DELETE_FILE_ACTION = 12; - public static final int OPEN_JARX_ACTION = 13; - public static final int GET_URL_INPUT_ACTION = 14; - public static final int CREATE_CONTENTCLASSLOADER_ACTION = 15; - public static final int START_ACTIVATOR_ACTION = 16; - public static final int STOP_ACTIVATOR_ACTION = 17; - public static final int SYSTEM_EXIT_ACTION = 18; - public static final int OPEN_JAR_ACTION=19; - public static final int GET_POLICY_ACTION = 20; - + public static final int CREATE_URL_WITH_CONTEXT_ACTION = 3; + public static final int GET_ABSOLUTE_PATH_ACTION = 4; + public static final int FILE_EXISTS_ACTION = 5; + public static final int FILE_IS_DIRECTORY_ACTION = 6; + public static final int MAKE_DIRECTORY_ACTION = 7; + public static final int MAKE_DIRECTORIES_ACTION = 8; + public static final int LIST_DIRECTORY_ACTION = 9; + public static final int RENAME_FILE_ACTION = 10; + public static final int GET_FILE_INPUT_ACTION = 11; + public static final int GET_FILE_OUTPUT_ACTION = 12; + public static final int DELETE_FILE_ACTION = 13; + public static final int OPEN_JARX_ACTION = 14; + public static final int GET_URL_INPUT_ACTION = 15; + public static final int CREATE_CONTENTCLASSLOADER_ACTION = 16; + public static final int START_ACTIVATOR_ACTION = 17; + public static final int STOP_ACTIVATOR_ACTION = 18; + public static final int SYSTEM_EXIT_ACTION = 19; + public static final int OPEN_JAR_ACTION= 20; + public static final int GET_POLICY_ACTION = 21; + private int m_action = -1; private Object m_arg1 = null; private Object m_arg2 = null; @@ -622,6 +650,14 @@ m_arg2 = null; } + public void set(int action, URL context, String spec, URLStreamHandler handler) + { + m_action = action; + m_arg1 = context; + m_arg2 = spec; + m_handler = handler; + } + private void unset() { m_action = -1; @@ -649,6 +685,10 @@ else if (m_action == CREATE_URL_ACTION) { return new URL(m_protocol, m_host, m_port, m_path, m_handler); + } + else if (m_action == CREATE_URL_WITH_CONTEXT_ACTION) + { + return new URL((URL) m_arg1, (String) m_arg2, m_handler); } else if (m_action == GET_ABSOLUTE_PATH_ACTION) {