Security: Tighten DynamicLinker*, NativeLibrary and DynamicLibraryBundle access (2)

- Completes 23341a2df2d2ea36784a16fa1db8bc7385351a12

- Replace 'DynamicLinker' interface w/ well documented one

- All DynamicLinker methods are now considered secure, i.e.:
  - open/lookup and close utilize reference counting on handle via a hash map.

  - lookupSymbol(..) and close(..) impl. validate the passed library handle
    whether it's retrieved via open*.
    This is the fast path, not that expensive.

  - lookupSymbolGlobal(..) performs
    Check acccess of 'new RuntimePermission("loadLibrary.*")' if SecurityManager is installed.
    This is the slow path.

- DynamicLibraryBundleInfo now reflects the security requirements,
  i.e. whether priviledged access is needed.

4 files changed, 63 insertions, 27 deletions

diff --git a/src/java/jogamp/common/os/BionicDynamicLinkerImpl.java b/src/java/jogamp/common/os/BionicDynamicLinkerImpl.java
index b4ae70e..15d884f 100644
--- a/src/java/jogamp/common/os/BionicDynamicLinkerImpl.java
+++ b/src/java/jogamp/common/os/BionicDynamicLinkerImpl.java
@@ -55,7 +55,13 @@ public final class BionicDynamicLinkerImpl extends UnixDynamicLinkerImpl {
     // having to dlsym all entry points. System.loadLibrary() uses
     // RTLD_LOCAL visibility so can't be used for this purpose.
     SecurityUtil.checkLinkPermission(pathname);
-    return dlopen(pathname, RTLD_LAZY | RTLD_LOCAL);
+    final long handle = dlopen(pathname, RTLD_LAZY | RTLD_LOCAL);
+    if( 0 != handle ) {
+        incrLibRefCount(handle, pathname);
+    } else if ( DEBUG || debug ) {
+        System.err.println("dlopen \""+pathname+"\" local failed, error: "+dlerror());
+    }
+    return handle;
   }
 
   @Override
@@ -68,11 +74,18 @@ public final class BionicDynamicLinkerImpl extends UnixDynamicLinkerImpl {
     // having to dlsym all entry points. System.loadLibrary() uses
     // RTLD_LOCAL visibility so can't be used for this purpose.
     SecurityUtil.checkLinkPermission(pathname);
-    return dlopen(pathname, RTLD_LAZY | RTLD_GLOBAL);
+    final long handle = dlopen(pathname, RTLD_LAZY | RTLD_GLOBAL);
+    if( 0 != handle ) {
+        incrLibRefCount(handle, pathname);
+    } else if ( DEBUG || debug ) {
+        System.err.println("dlopen \""+pathname+"\" global failed, error: "+dlerror());
+    }
+    return handle;
   }
   
   @Override
-  public final long lookupSymbolGlobal(String symbolName) {
+  public final long lookupSymbolGlobal(String symbolName) throws SecurityException {
+    SecurityUtil.checkAllLinkPermission();
     final long addr = dlsym(RTLD_DEFAULT, symbolName);
     if(DEBUG_LOOKUP) {
         System.err.println("DynamicLinkerImpl.lookupSymbolGlobal("+symbolName+") -> 0x"+Long.toHexString(addr));
diff --git a/src/java/jogamp/common/os/MacOSXDynamicLinkerImpl.java b/src/java/jogamp/common/os/MacOSXDynamicLinkerImpl.java
index b0b77ce..beab5d5 100644
--- a/src/java/jogamp/common/os/MacOSXDynamicLinkerImpl.java
+++ b/src/java/jogamp/common/os/MacOSXDynamicLinkerImpl.java
@@ -53,7 +53,13 @@ public final class MacOSXDynamicLinkerImpl extends UnixDynamicLinkerImpl {
     // having to dlsym all entry points. System.loadLibrary() uses
     // RTLD_LOCAL visibility so can't be used for this purpose.
     SecurityUtil.checkLinkPermission(pathname);
-    return dlopen(pathname, RTLD_LAZY | RTLD_LOCAL);
+    final long handle = dlopen(pathname, RTLD_LAZY | RTLD_LOCAL);
+    if( 0 != handle ) {
+        incrLibRefCount(handle, pathname);
+    } else if ( DEBUG || debug ) {
+        System.err.println("dlopen \""+pathname+"\" local failed, error: "+dlerror());
+    }
+    return handle;
   }
   
   @Override
@@ -66,11 +72,18 @@ public final class MacOSXDynamicLinkerImpl extends UnixDynamicLinkerImpl {
     // having to dlsym all entry points. System.loadLibrary() uses
     // RTLD_LOCAL visibility so can't be used for this purpose.
     SecurityUtil.checkLinkPermission(pathname);
-    return dlopen(pathname, RTLD_LAZY | RTLD_GLOBAL);
+    final long handle = dlopen(pathname, RTLD_LAZY | RTLD_GLOBAL);
+    if( 0 != handle ) {
+        incrLibRefCount(handle, pathname);
+    } else if ( DEBUG || debug ) {
+        System.err.println("dlopen \""+pathname+"\" global failed, error: "+dlerror());
+    }
+    return handle;
   }
   
   @Override
-  public final long lookupSymbolGlobal(String symbolName) {
+  public final long lookupSymbolGlobal(String symbolName) throws SecurityException {
+    SecurityUtil.checkAllLinkPermission();
     final long addr = dlsym(RTLD_DEFAULT, symbolName);
     if(DEBUG_LOOKUP) {
         System.err.println("DynamicLinkerImpl.lookupSymbolGlobal("+symbolName+") -> 0x"+Long.toHexString(addr));
diff --git a/src/java/jogamp/common/os/UnixDynamicLinkerImpl.java b/src/java/jogamp/common/os/UnixDynamicLinkerImpl.java
index 1942477..25f4072 100644
--- a/src/java/jogamp/common/os/UnixDynamicLinkerImpl.java
+++ b/src/java/jogamp/common/os/UnixDynamicLinkerImpl.java
@@ -27,9 +27,7 @@
  */
 package jogamp.common.os;
 
-import com.jogamp.common.os.DynamicLinker;
-
-/* pp */ abstract class UnixDynamicLinkerImpl implements DynamicLinker {
+/* pp */ abstract class UnixDynamicLinkerImpl extends DynamicLinkerImpl {
 
   //
   // Package private scope of class w/ protected native code access
@@ -49,9 +47,11 @@ import com.jogamp.common.os.DynamicLinker;
   /** Interface to C language function: <br> <code> void *  dlsym(void * , const char * ); </code>    */
   protected static native long dlsym(long arg0, java.lang.String arg1);
 
-
   @Override
-  public final long lookupSymbol(long libraryHandle, String symbolName) {
+  public final long lookupSymbol(long libraryHandle, String symbolName) throws IllegalArgumentException {
+    if( null == getLibRef( libraryHandle ) ) {
+        throw new IllegalArgumentException("Library handle 0x"+Long.toHexString(libraryHandle)+" unknown.");
+    }
     final long addr = dlsym(libraryHandle, symbolName);
     if(DEBUG_LOOKUP) {
         System.err.println("DynamicLinkerImpl.lookupSymbol(0x"+Long.toHexString(libraryHandle)+", "+symbolName+") -> 0x"+Long.toHexString(addr));
@@ -60,7 +60,10 @@ import com.jogamp.common.os.DynamicLinker;
   }
 
   @Override
-  public final void closeLibrary(long libraryHandle) {
+  public final void closeLibrary(long libraryHandle) throws IllegalArgumentException {
+    if( null == decrLibRefCount( libraryHandle ) ) {
+        throw new IllegalArgumentException("Library handle 0x"+Long.toHexString(libraryHandle)+" unknown.");
+    }
     dlclose(libraryHandle);
   }
   
diff --git a/src/java/jogamp/common/os/WindowsDynamicLinkerImpl.java b/src/java/jogamp/common/os/WindowsDynamicLinkerImpl.java
index b95f204..adb2492 100644
--- a/src/java/jogamp/common/os/WindowsDynamicLinkerImpl.java
+++ b/src/java/jogamp/common/os/WindowsDynamicLinkerImpl.java
@@ -27,10 +27,9 @@
  */
 package jogamp.common.os;
 
-import com.jogamp.common.os.DynamicLinker;
 import com.jogamp.common.util.SecurityUtil;
 
-public final class WindowsDynamicLinkerImpl implements DynamicLinker {
+public final class WindowsDynamicLinkerImpl extends DynamicLinkerImpl {
 
   /** Interface to C language function: <br> <code> BOOL FreeLibrary(HANDLE hLibModule); </code>    */
   private static native int FreeLibrary(long hLibModule);
@@ -44,7 +43,6 @@ public final class WindowsDynamicLinkerImpl implements DynamicLinker {
   /** Interface to C language function: <br> <code> HANDLE LoadLibraryW(LPCWSTR lpLibFileName); </code>    */
   private static native long LoadLibraryW(java.lang.String lpLibFileName);
 
-
   @Override
   public final long openLibraryLocal(String libraryName, boolean debug) throws SecurityException {
     // How does that work under Windows ?
@@ -55,8 +53,10 @@ public final class WindowsDynamicLinkerImpl implements DynamicLinker {
   @Override
   public final long openLibraryGlobal(String libraryName, boolean debug) throws SecurityException {
     SecurityUtil.checkLinkPermission(libraryName);
-    long handle = LoadLibraryW(libraryName);
-    if(0==handle && debug) {
+    final long handle = LoadLibraryW(libraryName);
+    if( 0 != handle ) {
+        incrLibRefCount(handle, libraryName);
+    } else if ( DEBUG || debug ) {
         int err = GetLastError();
         System.err.println("LoadLibraryW \""+libraryName+"\" failed, error code: 0x"+Integer.toHexString(err)+", "+err);
     }
@@ -64,7 +64,20 @@ public final class WindowsDynamicLinkerImpl implements DynamicLinker {
   }
   
   @Override
-  public final long lookupSymbol(long libraryHandle, String symbolName) {
+  public final long lookupSymbolGlobal(String symbolName) throws SecurityException {
+    SecurityUtil.checkAllLinkPermission();
+    if(DEBUG_LOOKUP) {
+        System.err.println("lookupSymbolGlobal: Not supported on Windows");
+    }
+    // allow DynamicLibraryBundle to continue w/ local libs
+    return 0;
+  }
+
+  @Override
+  public final long lookupSymbol(long libraryHandle, String symbolName) throws IllegalArgumentException {
+    if( null == getLibRef( libraryHandle ) ) {
+        throw new IllegalArgumentException("Library handle 0x"+Long.toHexString(libraryHandle)+" unknown.");
+    }
     String _symbolName = symbolName;
     long addr = GetProcAddressA(libraryHandle, _symbolName);
     if(0==addr) {
@@ -84,16 +97,10 @@ public final class WindowsDynamicLinkerImpl implements DynamicLinker {
   }
   
   @Override
-  public final long lookupSymbolGlobal(String symbolName) {
-    if(DEBUG_LOOKUP) {
-        System.err.println("lookupSymbolGlobal: Not supported on Windows");
+  public final void closeLibrary(long libraryHandle) throws IllegalArgumentException {
+    if( null == decrLibRefCount( libraryHandle ) ) {
+        throw new IllegalArgumentException("Library handle 0x"+Long.toHexString(libraryHandle)+" unknown.");
     }
-    // allow DynamicLibraryBundle to continue w/ local libs
-    return 0;
-  }
-
-  @Override
-  public final void closeLibrary(long libraryHandle) {
     FreeLibrary(libraryHandle);
   }