| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
required - and it deadlocks AWT/NEWT jogl/joal lib loading.
Introduced w/ commits 1c03dfd6d1939a46018583419956e350e531f4fe
and e9e61421ef6009e6788998c471d1d3d30aaefea6
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
calling 'PropertyAccess.isPropertyDefined(propName, default)' through Debug class.
Calling 'Debug.isPropertyDefined(propName, default)' may be 'optimized' to
'PropertyAccess.isPropertyDefined(propName, default)', which would skip the modules Debug's class initialization.
Iff that happens, an AccessControlException may happen, due to requesting an insecure property,
since modules own Debug class has not been added it's trusted prefixes from within it's init block yet.
This seems to be a bug of the JVM .. to me, however .. the above description is the only
able to explain the issue at hand.
+++
Fix calls Debug class own static methods, either Debug.initSingleton() or Debug.debug(),
before calling 'isPropertyDefined(propName, default)'.
+++
Also mark Debug class static methods final!
+++
|
|
|
|
| |
Signed-off-by: Harvey Harrison <[email protected]>
|
|
|
|
|
|
|
| |
- call append on the StringBuilder we are using rather than using String concatenation, which
uses StringBuffer.
Signed-off-by: Harvey Harrison <[email protected]>
|
|
|
|
|
|
| |
We are inside a block where relativePath must be non-null, remove the redundant check
Signed-off-by: Harvey Harrison <[email protected]>
|
|
|
|
|
|
| |
- can only be null here, remove the entire else condition
Signed-off-by: Harvey Harrison <[email protected]>
|
|
|
|
|
|
|
| |
- use copy-constructor rather than clone to suppress type warnings
- annotate a Class as Class<?>
Signed-off-by: Harvey Harrison <[email protected]>
|
|
|
|
| |
Signed-off-by: Harvey Harrison <[email protected]>
|
|
|
|
| |
non overloading of c-funcs.
|
| |
|
| |
|
|
|
|
| |
code redundancy and placing write at end of operation.
|
|
|
|
| |
Buffers.sizeOfBufferElem(..) call.
|
|
|
|
| |
openLibraryGlobal(..) and lookupSymbolGlobal(..) - removing duplicate code.
|
|
|
|
| |
byte-buffer w/ given elementSize semantics
|
|
|
|
| |
of JVM shutdown!
|
|
|
|
| |
Funny .. subclasses didn't compile in test compilation locally.
|
|
|
|
| |
from remaining amount.
|
| |
|
|
|
|
| |
incl. access check; Utilize 'AccessibleObject.setAccessible(Field[], true)' for performance.
|
|
|
|
| |
instead of 'checkAllPermissions' if accessing the cached function handles.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
access (2)
- Completes 23341a2df2d2ea36784a16fa1db8bc7385351a12
- Replace 'DynamicLinker' interface w/ well documented one
- All DynamicLinker methods are now considered secure, i.e.:
- open/lookup and close utilize reference counting on handle via a hash map.
- lookupSymbol(..) and close(..) impl. validate the passed library handle
whether it's retrieved via open*.
This is the fast path, not that expensive.
- lookupSymbolGlobal(..) performs
Check acccess of 'new RuntimePermission("loadLibrary.*")' if SecurityManager is installed.
This is the slow path.
- DynamicLibraryBundleInfo now reflects the security requirements,
i.e. whether priviledged access is needed.
|
|
|
|
| |
getDeclaredField() and setAccessible(true) due to package private handle fields.
|
|
|
|
|
|
|
|
| |
PROCADDRESS_VAR_PREFIX instance, add checkAllPermissions() for reset() and initEntry(..)
- Generated ProcAddressTable's function handles are all package private
- Generated ProcAddressTable's visibility can be set via 'AccessControl' config, default: public.
- ProcAddressTable's reset() and initEntry(..) perform checkAllPermissions() 1st.
|
|
|
|
| |
TODO comments, re protected lookup functions.
|
| |
|
|
|
|
| |
pointer' _must_ be private!
|
| |
|
|
|
|
|
|
| |
result w/ OS specific File.separatorChar
Take 3 (duh!): JRE impl. varies .. i.e. plain URL w/o JAR path differs from URL w/ JAR scheme on Windows .. well.
|
|
|
|
|
|
| |
result w/ OS specific File.separatorChar
The JAR entry shall stay untouched, i.e. separator is platform independent '/'.
|
|
|
|
| |
w/ OS specific File.separatorChar
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
compatible w/ file scheme.
Regression of (Bug 683, Commit b98825eb7cfb61aead4a7dff57471cd2d2c26823).
The URI encoded path cannot be read by File I/O (if file scheme), since the latter
requests an UTF8/16 name, not an URI encoded name (i.e. %20 for space).
The encoded URL is produced if calling 'uri.toURL()' and hence
the new 'IOUtil.toURL(URI)' provides a custom conversion recovering the UTF name via 'new File(uri).getPath()'.
Tested w/
- synthetic URI/URL coposition (unit test)
- manual w/ moving 'build' to 'build öä lala' for gluegen, joal and jogl.
+++
Misc.:
- 'URI JarUtil.getURIDirname(URI)' -> 'URI IOUtil.getDirname(URI)'
++
|
|
|
|
| |
post catch block, i.e. exception (if occured) and dlerror value.
|
|
|
|
| |
DEBUG mode ; DynamicLinker: Add 'String getLastError()'.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
values; Using same pattern for Mac OS X.
Add Bionic specialization using Bionic's non POSIX values
- derive from UnixDynamicLinkerImpl
- specify own flag and mode values
- use UnixDynamicLinkerImpl native code
Using same pattern for Mac OS X
- derive from UnixDynamicLinkerImpl
- specify own flag and mode values
- use UnixDynamicLinkerImpl native code
- drop MacOSXDynamicLinkerImpl native code
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
'gluegen' C Structs on-the-fly (2-pass actually).
Convenient annotation processing (APT) hooked to 'javac' (1.6) via gluegen.jar META-INF
service provider 'javax.annotation.processing.Processor' -> 'com.jogamp.gluegen.structgen.CStructAnnotationProcessor'.
Am implicit APT / JAVAC would be possible, however - to have a proper process
the unit test utilizes an explicit 2 pass run:
<!-- Annotation Processor Only - First -->
<javac destdir="${build_t.java}">
<classpath refid="junit.compile.classpath"/>
<compilerarg value="-proc:only"/>
<compilerarg value="-J-Djogamp.gluegen.structgen.debug"/>
<compilerarg value="-J-Djogamp.gluegen.structgen.output=${build_t.gen}/classes"/>
<src path="${test.base.dir}/com/jogamp/gluegen/test/junit/structgen"/>
</javac>
<!-- Javac Only - Second -->
<javac destdir="${build_t.java}">
<classpath refid="junit.compile.classpath"/>
<compilerarg value="-proc:none"/>
<src path="${test.base.dir}"/>
<src path="${build_t.gen}" />
</javac>
Original code from Michael Bien's 'superglue' git://github.com/mbien/superglue.git,
finally merged to GlueGen (as once intended).
Note: The APT javac pass requires to use 'gluegen.jar' instead of 'gluegen-rt.jar' !
The 2-pass process also alows using the runtime gluegen-rt.jar and hence ensures
clean namespace check at compilation.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
and privileged access)
This review focuses on how we perform permission checks,
or better - do we circumvent some assuming full privileges ?
Some native methods do need extra permission validation, i.e. loading native libraries.
Further more AccessController.doPrivileged(..) shall not cover generic code
exposing a critical feature to the user.
Further more .. we should rely on the SecuritManager, i.e. AccessControlContext's
'checkPermission(Permission)' code to comply w/ fine grained permission access.
It is also possible to have full permission w/o having any certificates (-> policy file).
+++
We remove implicit AccessController.doPrivileged(..) from within our trusted code
for generic methods, like Property access, temp. files.
+++
SecurityUtil:
- Remove 'getCommonAccessControlContext(Class<?> clz)',
which returned a local AccessControlContext for later restriction
if the passed class contains all certificates as the 'trusted' GlueGen class has.
- Simply expose convenient permission check methods relying on
SecurityManager / AccessControlContext.
PropertyAccess:
- 'protected static void addTrustedPrefix(..)' requires AllPermissions if SecurityManager is installed.
- Remove implicit doPrivileged(..) triggered by passed AccessControlContext instance,
only leave it for trusted prefixes.
IOUtil:
- Remove all doPrivileged(..) - Elevation shall be performed by caller.
DynamicLinker:
- 'public long openLibraryLocal(..)' and 'public long openLibraryGlobal(..)'
may throw SecurityException, if a SecurityManager is installed and the dyn. link permission
is not granted in the calling code.
Implemented in their respective Unix, OSX and Windows manifestation.
Caller has to elevate privileges via 'doPrivileged(..) {}' !
+++
Tests:
- Property access
- File access
- Native library loading
Manual Applet test (unsigned, but w/ SecurityManager and policy file):
> gluegen/test/applet
Applet has been tested w/ signed JAR w/ Firefox and Java7 on GNU/Linux as well.
Manual Application test (unsigned, but w/ SecurityManager and policy file):
com.jogamp.junit.sec.TestSecIOUtil01
- Run w/ SecurityManager and policy file:
- gluegen/scripts/runtest-secmgr.sh
- Run w/o SecurityManager:
- gluegen/scripts/runtest.sh
|
|
|
|
| |
convenience (JOGL ShaderCode) and bwd. compatibility
|
| |
|
|
|
|
| |
to remove DNS Lookups etc ..
|
|
|
|
| |
whitespace tokenizer); String match: Store end-of-match and flag defined components.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
sizeOfBufferElem(Buffer) -> sizeOfBufferElem(Object) to include NativeBuffer<?>
Misc:
- Add remainingElem(Object buffer).
- Removed 'sizeOfBufferType(Class<?> bufferType)', since we don't use such calling convention w/ class type
Note: remainingBytes(..) exist to allow using only one branch traversal to return the remaining size in bytes
instead of 2, remaining(obj) and sizeOfBufferElem(obj).
Note: The methods can take NativeBuffer<?> as an argument.
|
| |
|
| |
|
| |
|
|
|
|
| |
ctor; Add VersionNumberString [extends VersionNumber] which additionally holds the orig. string value.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GetPrimitiveArrayCritical(..)
The 'carray' pointer returned from GetPrimitiveArrayCritical(..) was moved about the array offset
and used in ReleasePrimitiveArrayCritical(..) to release the pinpointed memory.
Even though this 'is' a bug by violating the _sparse_ specification, Hotspot impl. doesn't use the value at all (NOP)
and hence this code didn't produce an error since .. (Same w/ Dalvik).
Now the array offset is added while passing the carray pointer to the native function call
and hence is no more modified and the orig. value is passed to ReleasePrimitiveArrayCritical(..).
Tested w/ GlueGen unit tests and all JOGL unit tests (on Linux x64 w/ 'a' hotspot VM).
|