Create a protection domain with a valid code source when a security manager is present
nevermind whether the bundle url protocol is unkown or not (FELIX-21).
git-svn-id: https://svn.apache.org/repos/asf/incubator/felix/trunk@469121 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/framework/src/main/java/org/apache/felix/framework/FakeURLStreamHandler.java b/framework/src/main/java/org/apache/felix/framework/FakeURLStreamHandler.java
index 11d246e..4f368af 100644
--- a/framework/src/main/java/org/apache/felix/framework/FakeURLStreamHandler.java
+++ b/framework/src/main/java/org/apache/felix/framework/FakeURLStreamHandler.java
@@ -36,6 +36,6 @@
{
protected URLConnection openConnection(URL url) throws IOException
{
- return null;
+ throw new IOException("FakeURLStreamHandler can not be used!");
}
}
diff --git a/framework/src/main/java/org/apache/felix/framework/Felix.java b/framework/src/main/java/org/apache/felix/framework/Felix.java
index 94de0e3..f64a2ab 100644
--- a/framework/src/main/java/org/apache/felix/framework/Felix.java
+++ b/framework/src/main/java/org/apache/felix/framework/Felix.java
@@ -20,6 +20,7 @@
import java.io.*;
import java.net.URL;
+import java.net.URLConnection;
import java.net.URLStreamHandler;
import java.security.CodeSource;
import java.security.ProtectionDomain;
@@ -1291,9 +1292,9 @@
if (!pd.implies(perm))
{
- throw new java.security.AccessControlException(
- "PackagePermission.IMPORT denied for import: " +
- imports[i].getName(), perm);
+ throw new java.security.AccessControlException(
+ "PackagePermission.IMPORT denied for import: " +
+ imports[i].getName(), perm);
}
}
// Check export permission for all exports of the current module.
@@ -2631,33 +2632,23 @@
IModule module = m_factory.createModule(
Long.toString(targetId) + "." + Integer.toString(revision), md);
- ProtectionDomain pd = null;
-
if (System.getSecurityManager() != null)
{
- String location = m_cache.getArchive(targetId).getLocation();
-
- if (location.startsWith("reference:"))
- {
- location = location.substring("reference:".length());
- }
-
- CodeSource codesource = new CodeSource(
- new URL(location),
+ CodeSource codesource = new CodeSource(m_secureAction.createURL(null,
+ m_cache.getArchive(targetId).getLocation(),
+ new FakeURLStreamHandler()),
m_cache.getArchive(targetId).getCertificates());
- pd = new ProtectionDomain(codesource,
- m_secureAction.getPolicy().getPermissions(codesource));
+ m_factory.setSecurityContext(module, new ProtectionDomain(codesource,
+ m_secureAction.getPolicy().getPermissions(codesource)));
}
- m_factory.setSecurityContext(module, pd);
-
// Create the content loader from the module archive.
IContentLoader contentLoader = new ContentLoaderImpl(
m_logger,
m_cache.getArchive(targetId).getRevision(revision).getContent(),
m_cache.getArchive(targetId).getRevision(revision).getContentPath(),
- pd);
+ (ProtectionDomain) module.getSecurityContext());
// Set the content loader's search policy.
contentLoader.setSearchPolicy(
new R4SearchPolicy(m_policyCore, module));
diff --git a/framework/src/main/java/org/apache/felix/framework/util/SecureAction.java b/framework/src/main/java/org/apache/felix/framework/util/SecureAction.java
index 31f6ca0..ec1b025 100644
--- a/framework/src/main/java/org/apache/felix/framework/util/SecureAction.java
+++ b/framework/src/main/java/org/apache/felix/framework/util/SecureAction.java
@@ -133,6 +133,33 @@
return new URL(protocol, host, port, path, handler);
}
}
+
+ public URL createURL(URL context, String spec, URLStreamHandler handler)
+ throws MalformedURLException
+ {
+ if (System.getSecurityManager() != null)
+ {
+ try
+ {
+ Actions actions = (Actions) m_actions.get();
+ actions.set(Actions.CREATE_URL_WITH_CONTEXT_ACTION, context,
+ spec, handler);
+ return (URL) AccessController.doPrivileged(actions, m_acc);
+ }
+ catch (PrivilegedActionException ex)
+ {
+ if (ex.getException() instanceof MalformedURLException)
+ {
+ throw (MalformedURLException) ex.getException();
+ }
+ throw (RuntimeException) ex.getException();
+ }
+ }
+ else
+ {
+ return new URL(context, spec, handler);
+ }
+ }
public String getAbsolutePath(File file)
{
@@ -553,25 +580,26 @@
public static final int GET_PROPERTY_ACTION = 0;
public static final int FOR_NAME_ACTION = 1;
public static final int CREATE_URL_ACTION = 2;
- public static final int GET_ABSOLUTE_PATH_ACTION = 3;
- public static final int FILE_EXISTS_ACTION = 4;
- public static final int FILE_IS_DIRECTORY_ACTION = 5;
- public static final int MAKE_DIRECTORY_ACTION = 6;
- public static final int MAKE_DIRECTORIES_ACTION = 7;
- public static final int LIST_DIRECTORY_ACTION = 8;
- public static final int RENAME_FILE_ACTION = 9;
- public static final int GET_FILE_INPUT_ACTION = 10;
- public static final int GET_FILE_OUTPUT_ACTION = 11;
- public static final int DELETE_FILE_ACTION = 12;
- public static final int OPEN_JARX_ACTION = 13;
- public static final int GET_URL_INPUT_ACTION = 14;
- public static final int CREATE_CONTENTCLASSLOADER_ACTION = 15;
- public static final int START_ACTIVATOR_ACTION = 16;
- public static final int STOP_ACTIVATOR_ACTION = 17;
- public static final int SYSTEM_EXIT_ACTION = 18;
- public static final int OPEN_JAR_ACTION=19;
- public static final int GET_POLICY_ACTION = 20;
-
+ public static final int CREATE_URL_WITH_CONTEXT_ACTION = 3;
+ public static final int GET_ABSOLUTE_PATH_ACTION = 4;
+ public static final int FILE_EXISTS_ACTION = 5;
+ public static final int FILE_IS_DIRECTORY_ACTION = 6;
+ public static final int MAKE_DIRECTORY_ACTION = 7;
+ public static final int MAKE_DIRECTORIES_ACTION = 8;
+ public static final int LIST_DIRECTORY_ACTION = 9;
+ public static final int RENAME_FILE_ACTION = 10;
+ public static final int GET_FILE_INPUT_ACTION = 11;
+ public static final int GET_FILE_OUTPUT_ACTION = 12;
+ public static final int DELETE_FILE_ACTION = 13;
+ public static final int OPEN_JARX_ACTION = 14;
+ public static final int GET_URL_INPUT_ACTION = 15;
+ public static final int CREATE_CONTENTCLASSLOADER_ACTION = 16;
+ public static final int START_ACTIVATOR_ACTION = 17;
+ public static final int STOP_ACTIVATOR_ACTION = 18;
+ public static final int SYSTEM_EXIT_ACTION = 19;
+ public static final int OPEN_JAR_ACTION= 20;
+ public static final int GET_POLICY_ACTION = 21;
+
private int m_action = -1;
private Object m_arg1 = null;
private Object m_arg2 = null;
@@ -622,6 +650,14 @@
m_arg2 = null;
}
+ public void set(int action, URL context, String spec, URLStreamHandler handler)
+ {
+ m_action = action;
+ m_arg1 = context;
+ m_arg2 = spec;
+ m_handler = handler;
+ }
+
private void unset()
{
m_action = -1;
@@ -650,6 +686,10 @@
{
return new URL(m_protocol, m_host, m_port, m_path, m_handler);
}
+ else if (m_action == CREATE_URL_WITH_CONTEXT_ACTION)
+ {
+ return new URL((URL) m_arg1, (String) m_arg2, m_handler);
+ }
else if (m_action == GET_ABSOLUTE_PATH_ACTION)
{
return ((File) m_arg1).getAbsolutePath();