[cp-patches] RFC: Add security checks to Graphics2D peers

Gary Benson Mon, 19 Jun 2006 09:24:06 -0700

Hi all,

Does anyone mind if I commit the following patch to add security
checks to all Graphics2D peers?  The reason I ask is that the checks
might be overly restrictive, but at the moment the stuff after the
checks isn't implemented anywhere.  I just wanted to get them in so
they don't get lost.


Cheers,
Gary

Index: ChangeLog
===================================================================
RCS file: /cvsroot/classpath/classpath/ChangeLog,v
retrieving revision 1.7878
diff -u -r1.7878 ChangeLog
--- ChangeLog   19 Jun 2006 12:43:48 -0000      1.7878
+++ ChangeLog   19 Jun 2006 16:00:44 -0000
@@ -1,3 +1,9 @@
+2006-06-19  Gary Benson  <[EMAIL PROTECTED]>
+
+       * gnu/java/awt/peer/gtk/CairoGraphics2D.java: Add security check.
+       * gnu/java/awt/peer/qt/QtGraphics.java: Likewise.
+       * gnu/java/awt/java2d/AbstractGraphics2D.java: Likewise.
+
 2006-06-19  Raif S. Naffah  <[EMAIL PROTECTED]>
 
        * gnu/java/security/jce/hash/HavalSpi.java: Source formatting.
Index: gnu/java/awt/peer/gtk/CairoGraphics2D.java
===================================================================
RCS file: 
/cvsroot/classpath/classpath/gnu/java/awt/peer/gtk/CairoGraphics2D.java,v
retrieving revision 1.25
diff -u -r1.25 CairoGraphics2D.java
--- gnu/java/awt/peer/gtk/CairoGraphics2D.java  16 Jun 2006 10:27:29 -0000      
1.25
+++ gnu/java/awt/peer/gtk/CairoGraphics2D.java  19 Jun 2006 16:00:44 -0000
@@ -41,6 +41,7 @@
 import gnu.java.awt.ClasspathToolkit;
 
 import java.awt.AlphaComposite;
+import java.awt.AWTPermission;
 import java.awt.BasicStroke;
 import java.awt.Color;
 import java.awt.Composite;
@@ -886,6 +887,12 @@
       }
     else
       {
+        // FIXME: this check is only required "if this Graphics2D
+        // context is drawing to a Component on the display screen".
+        SecurityManager sm = System.getSecurityManager();
+        if (sm != null)
+          sm.checkPermission(new AWTPermission("readDisplayPixels"));
+
         // FIXME: implement general Composite support
         throw new java.lang.UnsupportedOperationException();
       }
Index: gnu/java/awt/peer/qt/QtGraphics.java
===================================================================
RCS file: /cvsroot/classpath/classpath/gnu/java/awt/peer/qt/QtGraphics.java,v
retrieving revision 1.3
diff -u -r1.3 QtGraphics.java
--- gnu/java/awt/peer/qt/QtGraphics.java        23 Aug 2005 02:13:48 -0000      
1.3
+++ gnu/java/awt/peer/qt/QtGraphics.java        19 Jun 2006 16:00:44 -0000
@@ -38,6 +38,7 @@
 package gnu.java.awt.peer.qt;
 
 import java.awt.AlphaComposite;
+import java.awt.AWTPermission;
 import java.awt.BasicStroke;
 import java.awt.Color;
 import java.awt.Composite;
@@ -605,8 +606,16 @@
        composite = comp;
       }
     else
-      throw new UnsupportedOperationException("We don't support custom"+
-                                             " composites yet.");
+      {
+       // FIXME: this check is only required "if this Graphics2D
+       // context is drawing to a Component on the display screen".
+       SecurityManager sm = System.getSecurityManager();
+       if (sm != null)
+         sm.checkPermission(new AWTPermission("readDisplayPixels"));
+
+       throw new UnsupportedOperationException("We don't support custom"+
+                                               " composites yet.");
+      }
   }
 
   public Composite getComposite()
Index: gnu/java/awt/java2d/AbstractGraphics2D.java
===================================================================
RCS file: 
/cvsroot/classpath/classpath/gnu/java/awt/java2d/AbstractGraphics2D.java,v
retrieving revision 1.9
diff -u -r1.9 AbstractGraphics2D.java
--- gnu/java/awt/java2d/AbstractGraphics2D.java 9 Jun 2006 20:49:51 -0000       
1.9
+++ gnu/java/awt/java2d/AbstractGraphics2D.java 19 Jun 2006 16:00:45 -0000
@@ -39,6 +39,7 @@
 
 import java.awt.AWTError;
 import java.awt.AlphaComposite;
+import java.awt.AWTPermission;
 import java.awt.BasicStroke;
 import java.awt.Color;
 import java.awt.Composite;
@@ -539,6 +540,15 @@
    */
   public void setComposite(Composite comp)
   {
+    if (! (comp instanceof AlphaComposite))
+      {
+        // FIXME: this check is only required "if this Graphics2D
+        // context is drawing to a Component on the display screen".
+        SecurityManager sm = System.getSecurityManager();
+        if (sm != null)
+          sm.checkPermission(new AWTPermission("readDisplayPixels"));
+      }
+
     composite = comp;
     if (! (comp.equals(AlphaComposite.SrcOver)))
       isOptimized = false;

[cp-patches] RFC: Add security checks to Graphics2D peers

Reply via email to