diff options
author | Sven Gothel <[email protected]> | 2013-06-21 03:45:07 +0200 |
---|---|---|
committer | Sven Gothel <[email protected]> | 2013-06-21 03:45:07 +0200 |
commit | eb842815498f5926828b49c48fffce22fc9586a2 (patch) | |
tree | b3aac763bb16890f7f3b3c69b5cdec3febf654f2 /src/java/jogamp/common/os | |
parent | 19bef683d38f4ce7b0dcb5c516244c6f87504e41 (diff) |
Security: Tighten DynamicLinker*, NativeLibrary and DynamicLibraryBundle access (2)
- Completes 23341a2df2d2ea36784a16fa1db8bc7385351a12
- Replace 'DynamicLinker' interface w/ well documented one
- All DynamicLinker methods are now considered secure, i.e.:
- open/lookup and close utilize reference counting on handle via a hash map.
- lookupSymbol(..) and close(..) impl. validate the passed library handle
whether it's retrieved via open*.
This is the fast path, not that expensive.
- lookupSymbolGlobal(..) performs
Check acccess of 'new RuntimePermission("loadLibrary.*")' if SecurityManager is installed.
This is the slow path.
- DynamicLibraryBundleInfo now reflects the security requirements,
i.e. whether priviledged access is needed.
Diffstat (limited to 'src/java/jogamp/common/os')
4 files changed, 63 insertions, 27 deletions
diff --git a/src/java/jogamp/common/os/BionicDynamicLinkerImpl.java b/src/java/jogamp/common/os/BionicDynamicLinkerImpl.java index b4ae70e..15d884f 100644 --- a/src/java/jogamp/common/os/BionicDynamicLinkerImpl.java +++ b/src/java/jogamp/common/os/BionicDynamicLinkerImpl.java @@ -55,7 +55,13 @@ public final class BionicDynamicLinkerImpl extends UnixDynamicLinkerImpl { // having to dlsym all entry points. System.loadLibrary() uses // RTLD_LOCAL visibility so can't be used for this purpose. SecurityUtil.checkLinkPermission(pathname); - return dlopen(pathname, RTLD_LAZY | RTLD_LOCAL); + final long handle = dlopen(pathname, RTLD_LAZY | RTLD_LOCAL); + if( 0 != handle ) { + incrLibRefCount(handle, pathname); + } else if ( DEBUG || debug ) { + System.err.println("dlopen \""+pathname+"\" local failed, error: "+dlerror()); + } + return handle; } @Override @@ -68,11 +74,18 @@ public final class BionicDynamicLinkerImpl extends UnixDynamicLinkerImpl { // having to dlsym all entry points. System.loadLibrary() uses // RTLD_LOCAL visibility so can't be used for this purpose. SecurityUtil.checkLinkPermission(pathname); - return dlopen(pathname, RTLD_LAZY | RTLD_GLOBAL); + final long handle = dlopen(pathname, RTLD_LAZY | RTLD_GLOBAL); + if( 0 != handle ) { + incrLibRefCount(handle, pathname); + } else if ( DEBUG || debug ) { + System.err.println("dlopen \""+pathname+"\" global failed, error: "+dlerror()); + } + return handle; } @Override - public final long lookupSymbolGlobal(String symbolName) { + public final long lookupSymbolGlobal(String symbolName) throws SecurityException { + SecurityUtil.checkAllLinkPermission(); final long addr = dlsym(RTLD_DEFAULT, symbolName); if(DEBUG_LOOKUP) { System.err.println("DynamicLinkerImpl.lookupSymbolGlobal("+symbolName+") -> 0x"+Long.toHexString(addr)); diff --git a/src/java/jogamp/common/os/MacOSXDynamicLinkerImpl.java b/src/java/jogamp/common/os/MacOSXDynamicLinkerImpl.java index b0b77ce..beab5d5 100644 --- a/src/java/jogamp/common/os/MacOSXDynamicLinkerImpl.java +++ b/src/java/jogamp/common/os/MacOSXDynamicLinkerImpl.java @@ -53,7 +53,13 @@ public final class MacOSXDynamicLinkerImpl extends UnixDynamicLinkerImpl { // having to dlsym all entry points. System.loadLibrary() uses // RTLD_LOCAL visibility so can't be used for this purpose. SecurityUtil.checkLinkPermission(pathname); - return dlopen(pathname, RTLD_LAZY | RTLD_LOCAL); + final long handle = dlopen(pathname, RTLD_LAZY | RTLD_LOCAL); + if( 0 != handle ) { + incrLibRefCount(handle, pathname); + } else if ( DEBUG || debug ) { + System.err.println("dlopen \""+pathname+"\" local failed, error: "+dlerror()); + } + return handle; } @Override @@ -66,11 +72,18 @@ public final class MacOSXDynamicLinkerImpl extends UnixDynamicLinkerImpl { // having to dlsym all entry points. System.loadLibrary() uses // RTLD_LOCAL visibility so can't be used for this purpose. SecurityUtil.checkLinkPermission(pathname); - return dlopen(pathname, RTLD_LAZY | RTLD_GLOBAL); + final long handle = dlopen(pathname, RTLD_LAZY | RTLD_GLOBAL); + if( 0 != handle ) { + incrLibRefCount(handle, pathname); + } else if ( DEBUG || debug ) { + System.err.println("dlopen \""+pathname+"\" global failed, error: "+dlerror()); + } + return handle; } @Override - public final long lookupSymbolGlobal(String symbolName) { + public final long lookupSymbolGlobal(String symbolName) throws SecurityException { + SecurityUtil.checkAllLinkPermission(); final long addr = dlsym(RTLD_DEFAULT, symbolName); if(DEBUG_LOOKUP) { System.err.println("DynamicLinkerImpl.lookupSymbolGlobal("+symbolName+") -> 0x"+Long.toHexString(addr)); diff --git a/src/java/jogamp/common/os/UnixDynamicLinkerImpl.java b/src/java/jogamp/common/os/UnixDynamicLinkerImpl.java index 1942477..25f4072 100644 --- a/src/java/jogamp/common/os/UnixDynamicLinkerImpl.java +++ b/src/java/jogamp/common/os/UnixDynamicLinkerImpl.java @@ -27,9 +27,7 @@ */ package jogamp.common.os; -import com.jogamp.common.os.DynamicLinker; - -/* pp */ abstract class UnixDynamicLinkerImpl implements DynamicLinker { +/* pp */ abstract class UnixDynamicLinkerImpl extends DynamicLinkerImpl { // // Package private scope of class w/ protected native code access @@ -49,9 +47,11 @@ import com.jogamp.common.os.DynamicLinker; /** Interface to C language function: <br> <code> void * dlsym(void * , const char * ); </code> */ protected static native long dlsym(long arg0, java.lang.String arg1); - @Override - public final long lookupSymbol(long libraryHandle, String symbolName) { + public final long lookupSymbol(long libraryHandle, String symbolName) throws IllegalArgumentException { + if( null == getLibRef( libraryHandle ) ) { + throw new IllegalArgumentException("Library handle 0x"+Long.toHexString(libraryHandle)+" unknown."); + } final long addr = dlsym(libraryHandle, symbolName); if(DEBUG_LOOKUP) { System.err.println("DynamicLinkerImpl.lookupSymbol(0x"+Long.toHexString(libraryHandle)+", "+symbolName+") -> 0x"+Long.toHexString(addr)); @@ -60,7 +60,10 @@ import com.jogamp.common.os.DynamicLinker; } @Override - public final void closeLibrary(long libraryHandle) { + public final void closeLibrary(long libraryHandle) throws IllegalArgumentException { + if( null == decrLibRefCount( libraryHandle ) ) { + throw new IllegalArgumentException("Library handle 0x"+Long.toHexString(libraryHandle)+" unknown."); + } dlclose(libraryHandle); } diff --git a/src/java/jogamp/common/os/WindowsDynamicLinkerImpl.java b/src/java/jogamp/common/os/WindowsDynamicLinkerImpl.java index b95f204..adb2492 100644 --- a/src/java/jogamp/common/os/WindowsDynamicLinkerImpl.java +++ b/src/java/jogamp/common/os/WindowsDynamicLinkerImpl.java @@ -27,10 +27,9 @@ */ package jogamp.common.os; -import com.jogamp.common.os.DynamicLinker; import com.jogamp.common.util.SecurityUtil; -public final class WindowsDynamicLinkerImpl implements DynamicLinker { +public final class WindowsDynamicLinkerImpl extends DynamicLinkerImpl { /** Interface to C language function: <br> <code> BOOL FreeLibrary(HANDLE hLibModule); </code> */ private static native int FreeLibrary(long hLibModule); @@ -44,7 +43,6 @@ public final class WindowsDynamicLinkerImpl implements DynamicLinker { /** Interface to C language function: <br> <code> HANDLE LoadLibraryW(LPCWSTR lpLibFileName); </code> */ private static native long LoadLibraryW(java.lang.String lpLibFileName); - @Override public final long openLibraryLocal(String libraryName, boolean debug) throws SecurityException { // How does that work under Windows ? @@ -55,8 +53,10 @@ public final class WindowsDynamicLinkerImpl implements DynamicLinker { @Override public final long openLibraryGlobal(String libraryName, boolean debug) throws SecurityException { SecurityUtil.checkLinkPermission(libraryName); - long handle = LoadLibraryW(libraryName); - if(0==handle && debug) { + final long handle = LoadLibraryW(libraryName); + if( 0 != handle ) { + incrLibRefCount(handle, libraryName); + } else if ( DEBUG || debug ) { int err = GetLastError(); System.err.println("LoadLibraryW \""+libraryName+"\" failed, error code: 0x"+Integer.toHexString(err)+", "+err); } @@ -64,7 +64,20 @@ public final class WindowsDynamicLinkerImpl implements DynamicLinker { } @Override - public final long lookupSymbol(long libraryHandle, String symbolName) { + public final long lookupSymbolGlobal(String symbolName) throws SecurityException { + SecurityUtil.checkAllLinkPermission(); + if(DEBUG_LOOKUP) { + System.err.println("lookupSymbolGlobal: Not supported on Windows"); + } + // allow DynamicLibraryBundle to continue w/ local libs + return 0; + } + + @Override + public final long lookupSymbol(long libraryHandle, String symbolName) throws IllegalArgumentException { + if( null == getLibRef( libraryHandle ) ) { + throw new IllegalArgumentException("Library handle 0x"+Long.toHexString(libraryHandle)+" unknown."); + } String _symbolName = symbolName; long addr = GetProcAddressA(libraryHandle, _symbolName); if(0==addr) { @@ -84,16 +97,10 @@ public final class WindowsDynamicLinkerImpl implements DynamicLinker { } @Override - public final long lookupSymbolGlobal(String symbolName) { - if(DEBUG_LOOKUP) { - System.err.println("lookupSymbolGlobal: Not supported on Windows"); + public final void closeLibrary(long libraryHandle) throws IllegalArgumentException { + if( null == decrLibRefCount( libraryHandle ) ) { + throw new IllegalArgumentException("Library handle 0x"+Long.toHexString(libraryHandle)+" unknown."); } - // allow DynamicLibraryBundle to continue w/ local libs - return 0; - } - - @Override - public final void closeLibrary(long libraryHandle) { FreeLibrary(libraryHandle); } |