[libbluray-devel] [Git][videolan/libbluray][master] bd-j/BDJSecurityManager: Change setSecurityManager depth call
Petri Hintukainen (@hpi)
gitlab at videolan.org
Sat Aug 27 11:44:20 UTC 2022
Petri Hintukainen pushed to branch master at VideoLAN / libbluray
Commits:
9a2d23d0 by Gauvain 'GovanifY' Roussel-Tarbouriech at 2022-08-24T15:10:23+02:00
bd-j/BDJSecurityManager: Change setSecurityManager depth call
Starting from Java 17, the implementation of setSecurityManager has an
additional call, java.lang.System.implSetSecurityManager . As Xlets
being able to disable their sandbox is relatively undesired, we adapt
the depth check accordingly depending on the version of the JVM, instead
of the previous workaround.
- - - - -
2 changed files:
- src/libbluray/bdj/java/org/videolan/BDJSecurityManager.java
- src/libbluray/bdj/java/org/videolan/Libbluray.java
Changes:
=====================================
src/libbluray/bdj/java/org/videolan/BDJSecurityManager.java
=====================================
@@ -33,6 +33,7 @@ final class BDJSecurityManager extends SecurityManager {
private String budaRoot;
private String persistentRoot;
private boolean usingUdf = false;
+ private int javaMajor;
private static Class urlPermission = null;
static {
@@ -43,11 +44,12 @@ final class BDJSecurityManager extends SecurityManager {
}
}
- BDJSecurityManager(String discRoot, String persistentRoot, String budaRoot) {
+ BDJSecurityManager(String discRoot, String persistentRoot, String budaRoot, int javaMajor) {
this.discRoot = discRoot;
this.cacheRoot = null;
this.budaRoot = budaRoot;
this.persistentRoot = persistentRoot;
+ this.javaMajor = javaMajor;
if (discRoot == null) {
usingUdf = true;
}
@@ -104,7 +106,12 @@ final class BDJSecurityManager extends SecurityManager {
deny(perm);
}
if (perm.implies(new RuntimePermission("setSecurityManager"))) {
- if (classDepth0("org.videolan.Libbluray") == 3) {
+
+ // Starting Java 17, the depth callback of setSecurityManager has changed as
+ // it now includes implSetSecurityManager . As we do not want the Xlets to
+ // be able to disable sandboxing we do check at runtime the Java version and
+ // then change the depth callback as needed below.
+ if ((classDepth0("org.videolan.Libbluray") == 3) || ((classDepth0("org.videolan.Libbluray") == 4) && (this.javaMajor > 16))) {
return;
}
deny(perm);
=====================================
src/libbluray/bdj/java/org/videolan/Libbluray.java
=====================================
@@ -116,10 +116,6 @@ public class Libbluray {
}
}
- /*
- *
- */
-
public static int getJavaMajor() {
try {
String ver = System.getProperty("java.version");
@@ -392,7 +388,7 @@ public class Libbluray {
System.setProperty("bluray.network.connected", "YES");
try {
- setSecurityManager(new BDJSecurityManager(discRoot, persistentRoot, budaRoot));
+ setSecurityManager(new BDJSecurityManager(discRoot, persistentRoot, budaRoot, getJavaMajor()));
} catch (Exception ex) {
System.err.println("System.setSecurityManager() failed: " + ex);
throw new SecurityException("Failed initializing SecurityManager");
View it on GitLab: https://code.videolan.org/videolan/libbluray/-/commit/9a2d23d049760ef9cc9661ff90011a84d90368f1
--
View it on GitLab: https://code.videolan.org/videolan/libbluray/-/commit/9a2d23d049760ef9cc9661ff90011a84d90368f1
You're receiving this email because of your account on code.videolan.org.
VideoLAN code repository instance
More information about the libbluray-devel
mailing list