[libbluray-devel] JSM: do not allow creating/replacing security manager
hpi1
git at videolan.org
Wed Mar 4 10:30:19 CET 2015
libbluray | branch: master | hpi1 <hpi1 at anonymous.org> | Tue Mar 3 14:14:22 2015 +0200| [a0cdf369b781d547530541108749d5a59d85d93b] | committer: hpi1
JSM: do not allow creating/replacing security manager
> http://git.videolan.org/gitweb.cgi/libbluray.git/?a=commit;h=a0cdf369b781d547530541108749d5a59d85d93b
---
.../bdj/java/org/videolan/BDJSecurityManager.java | 28 ++++++++++++++++----
1 file changed, 23 insertions(+), 5 deletions(-)
diff --git a/src/libbluray/bdj/java/org/videolan/BDJSecurityManager.java b/src/libbluray/bdj/java/org/videolan/BDJSecurityManager.java
index effc157..bb54ea9 100644
--- a/src/libbluray/bdj/java/org/videolan/BDJSecurityManager.java
+++ b/src/libbluray/bdj/java/org/videolan/BDJSecurityManager.java
@@ -24,10 +24,7 @@ import java.io.FilePermission;
import java.io.File;
import java.security.Permission;
-/*
- * Dummy security manager to grab all file access
- */
-class BDJSecurityManager extends SecurityManager {
+final class BDJSecurityManager extends SecurityManager {
private String discRoot;
private String cacheRoot;
@@ -60,17 +57,38 @@ class BDJSecurityManager extends SecurityManager {
*
*/
+ private void deny(Permission perm) {
+ logger.error("denied " + perm + "\n" + Logger.dumpStack());
+ throw new SecurityException("denied " + perm);
+ }
+
public void checkPermission(Permission perm) {
+ if (perm instanceof RuntimePermission) {
+ if (perm.implies(new RuntimePermission("createSecurityManager"))) {
+ deny(perm);
+ }
+ if (perm.implies(new RuntimePermission("setSecurityManager"))) {
+ if (classDepth("org.videolan.Libbluray") == 3) {
+ return;
+ }
+ deny(perm);
+ }
+ }
+
/*
try {
java.security.AccessController.checkPermission(perm);
} catch (java.security.AccessControlException ex) {
- System.err.println(" *** caught " + ex + " at " + Logger.dumpStack());
+ System.err.println(" *** caught " + ex + " at\n" + Logger.dumpStack());
throw ex;
}
*/
}
+ /*
+ *
+ */
+
public void checkExec(String cmd) {
logger.error("Exec(" + cmd + ") denied\n" + Logger.dumpStack());
throw new SecurityException("exec denied");
More information about the libbluray-devel
mailing list