Security: Tighten DynamicLinker*, NativeLibrary and DynamicLibraryBundle access.

6 files changed, 45 insertions, 30 deletions

diff --git a/make/joal-alc.cfg b/make/joal-alc.cfg
index bd5a1d1..efba5a6 100755
--- a/make/joal-alc.cfg
+++ b/make/joal-alc.cfg
@@ -26,6 +26,8 @@ Import java.io.UnsupportedEncodingException
 Import java.util.*
 Import com.jogamp.openal.*
 Import jogamp.openal.*
+Import java.security.AccessController
+Import java.security.PrivilegedAction
 
 # Factor out the OpenAL constants into their own interface
 Ignore ^AL_.+
diff --git a/make/joal-alcabstract-CustomJavaCode.java b/make/joal-alcabstract-CustomJavaCode.java
index 3420cc2..debadad 100755
--- a/make/joal-alcabstract-CustomJavaCode.java
+++ b/make/joal-alcabstract-CustomJavaCode.java
@@ -1,11 +1,15 @@
 private static final ALCProcAddressTable alcProcAddressTable;
 
 static {
-    alcProcAddressTable = new ALCProcAddressTable();
-    if(null==alcProcAddressTable) {
-      throw new RuntimeException("Couldn't instantiate ALCProcAddressTable");
-    }
-    alcProcAddressTable.reset(ALImpl.alDynamicLookupHelper);
+    alcProcAddressTable = AccessController.doPrivileged(new PrivilegedAction<ALCProcAddressTable>() {
+                                public ALCProcAddressTable run() {
+                                    final ALCProcAddressTable alcProcAddressTable = new ALCProcAddressTable();
+                                    if(null==alcProcAddressTable) {
+                                      throw new RuntimeException("Couldn't instantiate ALCProcAddressTable");
+                                    }
+                                    alcProcAddressTable.reset(ALImpl.alDynamicLookupHelper);
+                                    return alcProcAddressTable;
+                                } } );
 }
 
 public static ALCProcAddressTable getALCProcAddressTable() { return alcProcAddressTable; }
diff --git a/make/joal-alext.cfg b/make/joal-alext.cfg
index d57b9a3..da63612 100644
--- a/make/joal-alext.cfg
+++ b/make/joal-alext.cfg
@@ -31,6 +31,8 @@ Import java.io.UnsupportedEncodingException
 Import java.util.*
 Import com.jogamp.openal.*
 Import jogamp.openal.*
+Import java.security.AccessController
+Import java.security.PrivilegedAction
 
 # Factor out the OpenAL constants into their own interface
 Ignore ^AL_.+
diff --git a/make/joal-alextabstract-CustomJavaCode.java b/make/joal-alextabstract-CustomJavaCode.java
index e73dc60..e467fc7 100644
--- a/make/joal-alextabstract-CustomJavaCode.java
+++ b/make/joal-alextabstract-CustomJavaCode.java
@@ -1,11 +1,15 @@
 private static final ALExtProcAddressTable alExtProcAddressTable;
 
 static {
-    alExtProcAddressTable = new ALExtProcAddressTable();
-    if(null==alExtProcAddressTable) {
-      throw new RuntimeException("Couldn't instantiate ALExtProcAddressTable");
-    }
-    alExtProcAddressTable.reset(ALImpl.alDynamicLookupHelper);
+    alExtProcAddressTable = AccessController.doPrivileged(new PrivilegedAction<ALExtProcAddressTable>() {
+                                public ALExtProcAddressTable run() {
+                                    final ALExtProcAddressTable alExtProcAddressTable = new ALExtProcAddressTable();
+                                    if(null==alExtProcAddressTable) {
+                                      throw new RuntimeException("Couldn't instantiate ALExtProcAddressTable");
+                                    }
+                                    alExtProcAddressTable.reset(ALImpl.alDynamicLookupHelper);
+                                    return alExtProcAddressTable;
+                                } } );
 }
 
 public static ALExtProcAddressTable getALExtProcAddressTable() { return alExtProcAddressTable; }
diff --git a/make/joal-common-CustomJavaCode.java b/make/joal-common-CustomJavaCode.java
index 436f462..5df6cfd 100644
--- a/make/joal-common-CustomJavaCode.java
+++ b/make/joal-common-CustomJavaCode.java
@@ -9,19 +9,19 @@ static {
 
     alDynamicLookupHelper = AccessController.doPrivileged(new PrivilegedAction<DynamicLibraryBundle>() {
                                 public DynamicLibraryBundle run() {
-                                    return new DynamicLibraryBundle(new ALDynamicLibraryBundleInfo());
+                                    final DynamicLibraryBundle bundle =  new DynamicLibraryBundle(new ALDynamicLibraryBundleInfo());
+                                    if(null==bundle) {
+                                      throw new RuntimeException("Null ALDynamicLookupHelper");
+                                    }
+                                    if(!bundle.isToolLibLoaded()) {
+                                      throw new RuntimeException("Couln't load native AL library");
+                                    }
+                                    if(!bundle.isLibComplete()) {
+                                      throw new RuntimeException("Couln't load native AL/JNI glue library");
+                                    }
+                                    alProcAddressTable.reset(bundle);
+                                    return bundle;
                                 } } );
-
-    if(null==alDynamicLookupHelper) {
-      throw new RuntimeException("Null ALDynamicLookupHelper");
-    }
-    if(!alDynamicLookupHelper.isToolLibLoaded()) {
-      throw new RuntimeException("Couln't load native AL library");
-    }
-    if(!alDynamicLookupHelper.isLibComplete()) {
-      throw new RuntimeException("Couln't load native AL/JNI glue library");
-    }
-    alProcAddressTable.reset(alDynamicLookupHelper);
 }
 
 public static ALProcAddressTable getALProcAddressTable() { return alProcAddressTable; }
diff --git a/src/java/jogamp/openal/ALDynamicLibraryBundleInfo.java b/src/java/jogamp/openal/ALDynamicLibraryBundleInfo.java
index 59765fe..69c6a28 100644
--- a/src/java/jogamp/openal/ALDynamicLibraryBundleInfo.java
+++ b/src/java/jogamp/openal/ALDynamicLibraryBundleInfo.java
@@ -40,8 +40,8 @@ import java.security.AccessController;
 import java.security.PrivilegedAction;
 import java.util.*;
 
-public class ALDynamicLibraryBundleInfo implements DynamicLibraryBundleInfo  {
-    private static List<String> glueLibNames;
+public final class ALDynamicLibraryBundleInfo implements DynamicLibraryBundleInfo  {
+    private static final List<String> glueLibNames;
     static {
         AccessController.doPrivileged(new PrivilegedAction<Object>() {
             public Object run() {
@@ -62,13 +62,16 @@ public class ALDynamicLibraryBundleInfo implements DynamicLibraryBundleInfo  {
     protected ALDynamicLibraryBundleInfo() {
     }
 
-    /** FIXME: not default, maybe local ? **/
+    /** 
+     * Returns <code>true</code>,
+     * since we might load the library and allow symbol access to subsequent libs.
+     */
     @Override
-    public boolean shallLinkGlobal() { return true; }
+    public final boolean shallLinkGlobal() { return true; }
 
     /** default **/
     @Override
-    public boolean shallLookupGlobal() { return false; }
+    public final boolean shallLookupGlobal() { return false; }
     
     @Override
     public final List<String> getGlueLibNames() {
@@ -76,7 +79,7 @@ public class ALDynamicLibraryBundleInfo implements DynamicLibraryBundleInfo  {
     }
 
     @Override
-    public List<List<String>> getToolLibNames() {
+    public final List<List<String>> getToolLibNames() {
         List<List<String>> libNamesList = new ArrayList<List<String>>();
 
         final List<String> alSystemLibNames = new ArrayList<String>();
@@ -138,12 +141,12 @@ public class ALDynamicLibraryBundleInfo implements DynamicLibraryBundleInfo  {
     }
 
     @Override
-    public boolean useToolGetProcAdressFirst(String funcName) {
+    public final boolean useToolGetProcAdressFirst(String funcName) {
         return true;
     }
 
     @Override
-    public RunnableExecutor getLibLoaderExecutor() {
+    public final RunnableExecutor getLibLoaderExecutor() {
         return DynamicLibraryBundle.getDefaultRunnableExecutor();
     }    
 }