[libbluray-devel] JSM: do not allow creating/replacing security manager

Wed, 04 Mar 2015 01:30:50 -0800 

libbluray | branch: master | hpi1 <[email protected]> | Tue Mar  3 14:14:22 
2015 +0200| [a0cdf369b781d547530541108749d5a59d85d93b] | committer: hpi1

JSM: do not allow creating/replacing security manager

> http://git.videolan.org/gitweb.cgi/libbluray.git/?a=commit;h=a0cdf369b781d547530541108749d5a59d85d93b
---

 .../bdj/java/org/videolan/BDJSecurityManager.java  |   28 ++++++++++++++++----
 1 file changed, 23 insertions(+), 5 deletions(-)

diff --git a/src/libbluray/bdj/java/org/videolan/BDJSecurityManager.java 
b/src/libbluray/bdj/java/org/videolan/BDJSecurityManager.java
index effc157..bb54ea9 100644
--- a/src/libbluray/bdj/java/org/videolan/BDJSecurityManager.java
+++ b/src/libbluray/bdj/java/org/videolan/BDJSecurityManager.java
@@ -24,10 +24,7 @@ import java.io.FilePermission;
 import java.io.File;
 import java.security.Permission;
 
-/*
- * Dummy security manager to grab all file access
- */
-class BDJSecurityManager extends SecurityManager {
+final class BDJSecurityManager extends SecurityManager {
 
     private String discRoot;
     private String cacheRoot;
@@ -60,17 +57,38 @@ class BDJSecurityManager extends SecurityManager {
      *
      */
 
+    private void deny(Permission perm) {
+        logger.error("denied " + perm + "\n" + Logger.dumpStack());
+        throw new SecurityException("denied " + perm);
+    }
+
     public void checkPermission(Permission perm) {
+        if (perm instanceof RuntimePermission) {
+            if (perm.implies(new RuntimePermission("createSecurityManager"))) {
+                deny(perm);
+            }
+            if (perm.implies(new RuntimePermission("setSecurityManager"))) {
+                if (classDepth("org.videolan.Libbluray") == 3) {
+                    return;
+                }
+                deny(perm);
+            }
+        }
+
         /*
         try {
             java.security.AccessController.checkPermission(perm);
         } catch (java.security.AccessControlException ex) {
-            System.err.println(" *** caught " + ex + " at " + 
Logger.dumpStack());
+            System.err.println(" *** caught " + ex + " at\n" + 
Logger.dumpStack());
             throw ex;
         }
         */
     }
 
+    /*
+     *
+     */
+
     public void checkExec(String cmd) {
         logger.error("Exec(" + cmd + ") denied\n" + Logger.dumpStack());
         throw new SecurityException("exec denied");

_______________________________________________
libbluray-devel mailing list
[email protected]
https://mailman.videolan.org/listinfo/libbluray-devel

Reply via email to