Security: Tighten DynamicLinker*, NativeLibrary and DynamicLibraryBundle access.

5 files changed, 34 insertions, 22 deletions

diff --git a/make/joal-alc.cfg b/make/joal-alc.cfg
index bd5a1d1..efba5a6 100755
--- a/make/joal-alc.cfg
+++ b/make/joal-alc.cfg
@@ -26,6 +26,8 @@ Import java.io.UnsupportedEncodingException
 Import java.util.*
 Import com.jogamp.openal.*
 Import jogamp.openal.*
+Import java.security.AccessController
+Import java.security.PrivilegedAction
 
 # Factor out the OpenAL constants into their own interface
 Ignore ^AL_.+
diff --git a/make/joal-alcabstract-CustomJavaCode.java b/make/joal-alcabstract-CustomJavaCode.java
index 3420cc2..debadad 100755
--- a/make/joal-alcabstract-CustomJavaCode.java
+++ b/make/joal-alcabstract-CustomJavaCode.java
@@ -1,11 +1,15 @@
 private static final ALCProcAddressTable alcProcAddressTable;
 
 static {
-    alcProcAddressTable = new ALCProcAddressTable();
-    if(null==alcProcAddressTable) {
-      throw new RuntimeException("Couldn't instantiate ALCProcAddressTable");
-    }
-    alcProcAddressTable.reset(ALImpl.alDynamicLookupHelper);
+    alcProcAddressTable = AccessController.doPrivileged(new PrivilegedAction<ALCProcAddressTable>() {
+                                public ALCProcAddressTable run() {
+                                    final ALCProcAddressTable alcProcAddressTable = new ALCProcAddressTable();
+                                    if(null==alcProcAddressTable) {
+                                      throw new RuntimeException("Couldn't instantiate ALCProcAddressTable");
+                                    }
+                                    alcProcAddressTable.reset(ALImpl.alDynamicLookupHelper);
+                                    return alcProcAddressTable;
+                                } } );
 }
 
 public static ALCProcAddressTable getALCProcAddressTable() { return alcProcAddressTable; }
diff --git a/make/joal-alext.cfg b/make/joal-alext.cfg
index d57b9a3..da63612 100644
--- a/make/joal-alext.cfg
+++ b/make/joal-alext.cfg
@@ -31,6 +31,8 @@ Import java.io.UnsupportedEncodingException
 Import java.util.*
 Import com.jogamp.openal.*
 Import jogamp.openal.*
+Import java.security.AccessController
+Import java.security.PrivilegedAction
 
 # Factor out the OpenAL constants into their own interface
 Ignore ^AL_.+
diff --git a/make/joal-alextabstract-CustomJavaCode.java b/make/joal-alextabstract-CustomJavaCode.java
index e73dc60..e467fc7 100644
--- a/make/joal-alextabstract-CustomJavaCode.java
+++ b/make/joal-alextabstract-CustomJavaCode.java
@@ -1,11 +1,15 @@
 private static final ALExtProcAddressTable alExtProcAddressTable;
 
 static {
-    alExtProcAddressTable = new ALExtProcAddressTable();
-    if(null==alExtProcAddressTable) {
-      throw new RuntimeException("Couldn't instantiate ALExtProcAddressTable");
-    }
-    alExtProcAddressTable.reset(ALImpl.alDynamicLookupHelper);
+    alExtProcAddressTable = AccessController.doPrivileged(new PrivilegedAction<ALExtProcAddressTable>() {
+                                public ALExtProcAddressTable run() {
+                                    final ALExtProcAddressTable alExtProcAddressTable = new ALExtProcAddressTable();
+                                    if(null==alExtProcAddressTable) {
+                                      throw new RuntimeException("Couldn't instantiate ALExtProcAddressTable");
+                                    }
+                                    alExtProcAddressTable.reset(ALImpl.alDynamicLookupHelper);
+                                    return alExtProcAddressTable;
+                                } } );
 }
 
 public static ALExtProcAddressTable getALExtProcAddressTable() { return alExtProcAddressTable; }
diff --git a/make/joal-common-CustomJavaCode.java b/make/joal-common-CustomJavaCode.java
index 436f462..5df6cfd 100644
--- a/make/joal-common-CustomJavaCode.java
+++ b/make/joal-common-CustomJavaCode.java
@@ -9,19 +9,19 @@ static {
 
     alDynamicLookupHelper = AccessController.doPrivileged(new PrivilegedAction<DynamicLibraryBundle>() {
                                 public DynamicLibraryBundle run() {
-                                    return new DynamicLibraryBundle(new ALDynamicLibraryBundleInfo());
+                                    final DynamicLibraryBundle bundle =  new DynamicLibraryBundle(new ALDynamicLibraryBundleInfo());
+                                    if(null==bundle) {
+                                      throw new RuntimeException("Null ALDynamicLookupHelper");
+                                    }
+                                    if(!bundle.isToolLibLoaded()) {
+                                      throw new RuntimeException("Couln't load native AL library");
+                                    }
+                                    if(!bundle.isLibComplete()) {
+                                      throw new RuntimeException("Couln't load native AL/JNI glue library");
+                                    }
+                                    alProcAddressTable.reset(bundle);
+                                    return bundle;
                                 } } );
-
-    if(null==alDynamicLookupHelper) {
-      throw new RuntimeException("Null ALDynamicLookupHelper");
-    }
-    if(!alDynamicLookupHelper.isToolLibLoaded()) {
-      throw new RuntimeException("Couln't load native AL library");
-    }
-    if(!alDynamicLookupHelper.isLibComplete()) {
-      throw new RuntimeException("Couln't load native AL/JNI glue library");
-    }
-    alProcAddressTable.reset(alDynamicLookupHelper);
 }
 
 public static ALProcAddressTable getALProcAddressTable() { return alProcAddressTable; }