Security: Tighten DynamicLinker*, NativeLibrary and DynamicLibraryBundle access.

4 files changed, 137 insertions, 66 deletions

diff --git a/src/java/jogamp/common/os/BionicDynamicLinkerImpl.java b/src/java/jogamp/common/os/BionicDynamicLinkerImpl.java
index 3864ab2..488ce99 100644
--- a/src/java/jogamp/common/os/BionicDynamicLinkerImpl.java
+++ b/src/java/jogamp/common/os/BionicDynamicLinkerImpl.java
@@ -1,3 +1,30 @@
+/**
+ * Copyright 2013 JogAmp Community. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification, are
+ * permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright notice, this list of
+ *       conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright notice, this list
+ *       of conditions and the following disclaimer in the documentation and/or other materials
+ *       provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY JogAmp Community ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
+ * FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL JogAmp Community OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * The views and conclusions contained in the software and documentation are those of the
+ * authors and should not be interpreted as representing official policies, either expressed
+ * or implied, of JogAmp Community.
+ */
 package jogamp.common.os;
 
 import com.jogamp.common.util.SecurityUtil;
@@ -9,7 +36,7 @@ import com.jogamp.common.util.SecurityUtil;
  * Bionic is used on Android.
  * </p>
  */
-public class BionicDynamicLinkerImpl extends UnixDynamicLinkerImpl {
+public final class BionicDynamicLinkerImpl extends UnixDynamicLinkerImpl {
   private static final long RTLD_DEFAULT = 0xffffffffL;
   //      static final long RTLD_NEXT    = 0xfffffffeL;
   
@@ -19,7 +46,7 @@ public class BionicDynamicLinkerImpl extends UnixDynamicLinkerImpl {
   private static final int RTLD_GLOBAL   = 0x00002;
 
   // --- Begin CustomJavaCode .cfg declarations
-  public long openLibraryLocal(String pathname, boolean debug) throws SecurityException {
+  public final long openLibraryLocal(String pathname, boolean debug) throws SecurityException {
     // Note we use RTLD_GLOBAL visibility to _NOT_ allow this functionality to
     // be used to pre-resolve dependent libraries of JNI code without
     // requiring that all references to symbols in those libraries be
@@ -31,7 +58,7 @@ public class BionicDynamicLinkerImpl extends UnixDynamicLinkerImpl {
     return dlopen(pathname, RTLD_LAZY | RTLD_LOCAL);
   }
 
-  public long openLibraryGlobal(String pathname, boolean debug) throws SecurityException {
+  public final long openLibraryGlobal(String pathname, boolean debug) throws SecurityException {
     // Note we use RTLD_GLOBAL visibility to allow this functionality to
     // be used to pre-resolve dependent libraries of JNI code without
     // requiring that all references to symbols in those libraries be
@@ -43,7 +70,7 @@ public class BionicDynamicLinkerImpl extends UnixDynamicLinkerImpl {
     return dlopen(pathname, RTLD_LAZY | RTLD_GLOBAL);
   }
   
-  public long lookupSymbolGlobal(String symbolName) {
+  public final long lookupSymbolGlobal(String symbolName) {
     final long addr = dlsym(RTLD_DEFAULT, symbolName);
     if(DEBUG_LOOKUP) {
         System.err.println("DynamicLinkerImpl.lookupSymbolGlobal("+symbolName+") -> 0x"+Long.toHexString(addr));
diff --git a/src/java/jogamp/common/os/MacOSXDynamicLinkerImpl.java b/src/java/jogamp/common/os/MacOSXDynamicLinkerImpl.java
index 09ee48d..bebddc4 100644
--- a/src/java/jogamp/common/os/MacOSXDynamicLinkerImpl.java
+++ b/src/java/jogamp/common/os/MacOSXDynamicLinkerImpl.java
@@ -1,3 +1,30 @@
+/**
+ * Copyright 2013 JogAmp Community. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification, are
+ * permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright notice, this list of
+ *       conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright notice, this list
+ *       of conditions and the following disclaimer in the documentation and/or other materials
+ *       provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY JogAmp Community ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
+ * FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL JogAmp Community OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * The views and conclusions contained in the software and documentation are those of the
+ * authors and should not be interpreted as representing official policies, either expressed
+ * or implied, of JogAmp Community.
+ */
 package jogamp.common.os;
 
 import com.jogamp.common.util.SecurityUtil;
@@ -6,7 +33,7 @@ import com.jogamp.common.util.SecurityUtil;
  * Mac OS X specialization of {@link UnixDynamicLinkerImpl}
  * utilizing OS X 's non POSIX flags and mode values.
  */
-public class MacOSXDynamicLinkerImpl extends UnixDynamicLinkerImpl {
+public final class MacOSXDynamicLinkerImpl extends UnixDynamicLinkerImpl {
 
   private static final long RTLD_DEFAULT = -2L;
   //      static final long RTLD_NEXT    = -1L;
@@ -17,7 +44,7 @@ public class MacOSXDynamicLinkerImpl extends UnixDynamicLinkerImpl {
   private static final int RTLD_GLOBAL   = 0x00008;
 
   // --- Begin CustomJavaCode .cfg declarations
-  public long openLibraryLocal(String pathname, boolean debug) throws SecurityException {
+  public final long openLibraryLocal(String pathname, boolean debug) throws SecurityException {
     // Note we use RTLD_LOCAL visibility to _NOT_ allow this functionality to
     // be used to pre-resolve dependent libraries of JNI code without
     // requiring that all references to symbols in those libraries be
@@ -29,7 +56,7 @@ public class MacOSXDynamicLinkerImpl extends UnixDynamicLinkerImpl {
     return dlopen(pathname, RTLD_LAZY | RTLD_LOCAL);
   }
   
-  public long openLibraryGlobal(String pathname, boolean debug) throws SecurityException {
+  public final long openLibraryGlobal(String pathname, boolean debug) throws SecurityException {
     // Note we use RTLD_GLOBAL visibility to allow this functionality to
     // be used to pre-resolve dependent libraries of JNI code without
     // requiring that all references to symbols in those libraries be
@@ -41,7 +68,7 @@ public class MacOSXDynamicLinkerImpl extends UnixDynamicLinkerImpl {
     return dlopen(pathname, RTLD_LAZY | RTLD_GLOBAL);
   }
   
-  public long lookupSymbolGlobal(String symbolName) {
+  public final long lookupSymbolGlobal(String symbolName) {
     final long addr = dlsym(RTLD_DEFAULT, symbolName);
     if(DEBUG_LOOKUP) {
         System.err.println("DynamicLinkerImpl.lookupSymbolGlobal("+symbolName+") -> 0x"+Long.toHexString(addr));
diff --git a/src/java/jogamp/common/os/UnixDynamicLinkerImpl.java b/src/java/jogamp/common/os/UnixDynamicLinkerImpl.java
index 7675977..28e166e 100644
--- a/src/java/jogamp/common/os/UnixDynamicLinkerImpl.java
+++ b/src/java/jogamp/common/os/UnixDynamicLinkerImpl.java
@@ -1,58 +1,56 @@
+/**
+ * Copyright 2013 JogAmp Community. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification, are
+ * permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright notice, this list of
+ *       conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright notice, this list
+ *       of conditions and the following disclaimer in the documentation and/or other materials
+ *       provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY JogAmp Community ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
+ * FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL JogAmp Community OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * The views and conclusions contained in the software and documentation are those of the
+ * authors and should not be interpreted as representing official policies, either expressed
+ * or implied, of JogAmp Community.
+ */
 package jogamp.common.os;
 
 import com.jogamp.common.os.DynamicLinker;
-import com.jogamp.common.util.SecurityUtil;
 
+/* pp */ abstract class UnixDynamicLinkerImpl implements DynamicLinker {
 
-public class UnixDynamicLinkerImpl implements DynamicLinker {
-
-  private static final long RTLD_DEFAULT = 0;
-  //      static final long RTLD_NEXT    = -1L;
-  
-  private static final int RTLD_LAZY     = 0x00001;
-  //      static final int RTLD_NOW      = 0x00002;
-  private static final int RTLD_LOCAL    = 0x00000;
-  private static final int RTLD_GLOBAL   = 0x00100;
-
+  //
+  // Package private scope of class w/ protected native code access
+  // and sealed jogamp.common.* package definition
+  // ensuring no abuse via subclassing.
+  //
+    
   /** Interface to C language function: <br> <code> int dlclose(void * ); </code>    */
-  /* pp */ static native int dlclose(long arg0);
+  protected static native int dlclose(long arg0);
 
   /** Interface to C language function: <br> <code> char *  dlerror(void); </code>    */
-  /* pp */ static native java.lang.String dlerror();
+  protected static native java.lang.String dlerror();
 
   /** Interface to C language function: <br> <code> void *  dlopen(const char * , int); </code>    */
-  /* pp */ static native long dlopen(java.lang.String arg0, int arg1);
+  protected static native long dlopen(java.lang.String arg0, int arg1);
 
   /** Interface to C language function: <br> <code> void *  dlsym(void * , const char * ); </code>    */
-  /* pp */ static native long dlsym(long arg0, java.lang.String arg1);
+  protected static native long dlsym(long arg0, java.lang.String arg1);
 
 
-  // --- Begin CustomJavaCode .cfg declarations
-  public long openLibraryLocal(String pathname, boolean debug) throws SecurityException {
-    // Note we use RTLD_GLOBAL visibility to _NOT_ allow this functionality to
-    // be used to pre-resolve dependent libraries of JNI code without
-    // requiring that all references to symbols in those libraries be
-    // looked up dynamically via the ProcAddressTable mechanism; in
-    // other words, one can actually link against the library instead of
-    // having to dlsym all entry points. System.loadLibrary() uses
-    // RTLD_LOCAL visibility so can't be used for this purpose.
-    SecurityUtil.checkLinkPermission(pathname);
-    return dlopen(pathname, RTLD_LAZY | RTLD_LOCAL);
-  }
-
-  public long openLibraryGlobal(String pathname, boolean debug) throws SecurityException {
-    // Note we use RTLD_GLOBAL visibility to allow this functionality to
-    // be used to pre-resolve dependent libraries of JNI code without
-    // requiring that all references to symbols in those libraries be
-    // looked up dynamically via the ProcAddressTable mechanism; in
-    // other words, one can actually link against the library instead of
-    // having to dlsym all entry points. System.loadLibrary() uses
-    // RTLD_LOCAL visibility so can't be used for this purpose.
-    SecurityUtil.checkLinkPermission(pathname);
-    return dlopen(pathname, RTLD_LAZY | RTLD_GLOBAL);
-  }
-  
-  public long lookupSymbol(long libraryHandle, String symbolName) {
+  public final long lookupSymbol(long libraryHandle, String symbolName) {
     final long addr = dlsym(libraryHandle, symbolName);
     if(DEBUG_LOOKUP) {
         System.err.println("DynamicLinkerImpl.lookupSymbol(0x"+Long.toHexString(libraryHandle)+", "+symbolName+") -> 0x"+Long.toHexString(addr));
@@ -60,19 +58,11 @@ public class UnixDynamicLinkerImpl implements DynamicLinker {
     return addr;    
   }
 
-  public long lookupSymbolGlobal(String symbolName) {
-    final long addr = dlsym(RTLD_DEFAULT, symbolName);
-    if(DEBUG_LOOKUP) {
-        System.err.println("DynamicLinkerImpl.lookupSymbolGlobal("+symbolName+") -> 0x"+Long.toHexString(addr));
-    }
-    return addr;    
-  }
-  
-  public void closeLibrary(long libraryHandle) {
+  public final void closeLibrary(long libraryHandle) {
     dlclose(libraryHandle);
   }
   
-  public String getLastError() {
+  public final String getLastError() {
       return dlerror();
   }
 }
diff --git a/src/java/jogamp/common/os/WindowsDynamicLinkerImpl.java b/src/java/jogamp/common/os/WindowsDynamicLinkerImpl.java
index 884ac39..158bd7c 100644
--- a/src/java/jogamp/common/os/WindowsDynamicLinkerImpl.java
+++ b/src/java/jogamp/common/os/WindowsDynamicLinkerImpl.java
@@ -1,9 +1,36 @@
+/**
+ * Copyright 2013 JogAmp Community. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without modification, are
+ * permitted provided that the following conditions are met:
+ *
+ *    1. Redistributions of source code must retain the above copyright notice, this list of
+ *       conditions and the following disclaimer.
+ *
+ *    2. Redistributions in binary form must reproduce the above copyright notice, this list
+ *       of conditions and the following disclaimer in the documentation and/or other materials
+ *       provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY JogAmp Community ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
+ * FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL JogAmp Community OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * The views and conclusions contained in the software and documentation are those of the
+ * authors and should not be interpreted as representing official policies, either expressed
+ * or implied, of JogAmp Community.
+ */
 package jogamp.common.os;
 
 import com.jogamp.common.os.DynamicLinker;
 import com.jogamp.common.util.SecurityUtil;
 
-public class WindowsDynamicLinkerImpl implements DynamicLinker {
+public final class WindowsDynamicLinkerImpl implements DynamicLinker {
 
   /** Interface to C language function: <br> <code> BOOL FreeLibrary(HANDLE hLibModule); </code>    */
   private static native int FreeLibrary(long hLibModule);
@@ -19,13 +46,13 @@ public class WindowsDynamicLinkerImpl implements DynamicLinker {
 
 
   // --- Begin CustomJavaCode .cfg declarations
-  public long openLibraryLocal(String libraryName, boolean debug) throws SecurityException {
+  public final long openLibraryLocal(String libraryName, boolean debug) throws SecurityException {
     // How does that work under Windows ?
     // Don't know .. so it's an alias for the time being
     return openLibraryGlobal(libraryName, debug);
   }
   
-  public long openLibraryGlobal(String libraryName, boolean debug) throws SecurityException {
+  public final long openLibraryGlobal(String libraryName, boolean debug) throws SecurityException {
     SecurityUtil.checkLinkPermission(libraryName);
     long handle = LoadLibraryW(libraryName);
     if(0==handle && debug) {
@@ -35,7 +62,7 @@ public class WindowsDynamicLinkerImpl implements DynamicLinker {
     return handle;
   }
   
-  public long lookupSymbol(long libraryHandle, String symbolName) {
+  public final long lookupSymbol(long libraryHandle, String symbolName) {
     String _symbolName = symbolName;
     long addr = GetProcAddressA(libraryHandle, _symbolName);
     if(0==addr) {
@@ -54,7 +81,7 @@ public class WindowsDynamicLinkerImpl implements DynamicLinker {
     return addr;
   }
   
-  public long lookupSymbolGlobal(String symbolName) {
+  public final long lookupSymbolGlobal(String symbolName) {
     if(DEBUG_LOOKUP) {
         System.err.println("lookupSymbolGlobal: Not supported on Windows");
     }
@@ -62,11 +89,11 @@ public class WindowsDynamicLinkerImpl implements DynamicLinker {
     return 0;
   }
 
-  public void closeLibrary(long libraryHandle) {
+  public final void closeLibrary(long libraryHandle) {
     FreeLibrary(libraryHandle);
   }
 
-  public String getLastError() {
+  public final String getLastError() {
       final int err = GetLastError();
       return "Last error: 0x"+Integer.toHexString(err)+" ("+err+")";
   }