[libbluray-devel] Fix delete permissions
hpi1
git at videolan.org
Fri Mar 27 12:49:06 CET 2015
libbluray | branch: master | hpi1 <hpi1 at anonymous.org> | Fri Mar 27 13:34:14 2015 +0200| [53a132b0a05a8a77a62362e4fb2d732a41af54f4] | committer: hpi1
Fix delete permissions
- always compare canonical paths
- BD-J core can delete Xlet files
> http://git.videolan.org/gitweb.cgi/libbluray.git/?a=commit;h=53a132b0a05a8a77a62362e4fb2d732a41af54f4
---
.../bdj/java/org/videolan/BDJSecurityManager.java | 44 ++++++++++----------
1 file changed, 23 insertions(+), 21 deletions(-)
diff --git a/src/libbluray/bdj/java/org/videolan/BDJSecurityManager.java b/src/libbluray/bdj/java/org/videolan/BDJSecurityManager.java
index c125358..a9a6d35 100644
--- a/src/libbluray/bdj/java/org/videolan/BDJSecurityManager.java
+++ b/src/libbluray/bdj/java/org/videolan/BDJSecurityManager.java
@@ -106,9 +106,6 @@ final class BDJSecurityManager extends SecurityManager {
else if (perm instanceof FilePermission) {
/* grant delete for writable files */
if (perm.getActions().equals("delete")) {
- if (canReadWrite(perm.getName())) {
- return;
- }
checkWrite(perm.getName());
return;
}
@@ -185,7 +182,10 @@ final class BDJSecurityManager extends SecurityManager {
if (discRoot != null && file.startsWith(discRoot)) {
return true;
}
- if (canReadWrite(file)) {
+ if (budaRoot != null && file.startsWith(budaRoot)) {
+ return true;
+ }
+ if (persistentRoot != null && file.startsWith(persistentRoot)) {
return true;
}
@@ -212,35 +212,37 @@ final class BDJSecurityManager extends SecurityManager {
* File write access
*/
- private boolean canReadWrite(String file) {
+ private boolean canWrite(String file) {
+
+ // Xlet can write to persistent storage and binding unit
+
if (budaRoot != null && file.startsWith(budaRoot)) {
return true;
}
if (persistentRoot != null && file.startsWith(persistentRoot)) {
return true;
}
- return false;
- }
- public void checkWrite(String file) {
BDJXletContext ctx = BDJXletContext.getCurrentContext();
-
- file = getCanonPath(file);
-
if (ctx != null) {
- // Xlet can write to persistent storage and binding unit
- if (canReadWrite(file)) {
- return;
- }
logger.error("Xlet write " + file + " denied at\n" + Logger.dumpStack());
- } else {
- // BD-J core can write to cache
- if (cacheRoot != null && file.startsWith(cacheRoot)) {
- return;
- }
- logger.error("BD-J write " + file + " denied at\n" + Logger.dumpStack());
+ return false;
+ }
+
+ // BD-J core can write to cache
+ if (cacheRoot != null && file.startsWith(cacheRoot)) {
+ return true;
}
+ logger.error("BD-J write " + file + " denied at\n" + Logger.dumpStack());
+ return false;
+ }
+
+ public void checkWrite(String file) {
+ file = getCanonPath(file);
+ if (canWrite(file)) {
+ return;
+ }
throw new SecurityException("write access denied");
}
More information about the libbluray-devel
mailing list