libbluray | branch: master | hpi1 <[email protected]> | Fri Mar 27 13:34:14 2015 +0200| [53a132b0a05a8a77a62362e4fb2d732a41af54f4] | committer: hpi1
Fix delete permissions - always compare canonical paths - BD-J core can delete Xlet files > http://git.videolan.org/gitweb.cgi/libbluray.git/?a=commit;h=53a132b0a05a8a77a62362e4fb2d732a41af54f4 --- .../bdj/java/org/videolan/BDJSecurityManager.java | 44 ++++++++++---------- 1 file changed, 23 insertions(+), 21 deletions(-) diff --git a/src/libbluray/bdj/java/org/videolan/BDJSecurityManager.java b/src/libbluray/bdj/java/org/videolan/BDJSecurityManager.java index c125358..a9a6d35 100644 --- a/src/libbluray/bdj/java/org/videolan/BDJSecurityManager.java +++ b/src/libbluray/bdj/java/org/videolan/BDJSecurityManager.java @@ -106,9 +106,6 @@ final class BDJSecurityManager extends SecurityManager { else if (perm instanceof FilePermission) { /* grant delete for writable files */ if (perm.getActions().equals("delete")) { - if (canReadWrite(perm.getName())) { - return; - } checkWrite(perm.getName()); return; } @@ -185,7 +182,10 @@ final class BDJSecurityManager extends SecurityManager { if (discRoot != null && file.startsWith(discRoot)) { return true; } - if (canReadWrite(file)) { + if (budaRoot != null && file.startsWith(budaRoot)) { + return true; + } + if (persistentRoot != null && file.startsWith(persistentRoot)) { return true; } @@ -212,35 +212,37 @@ final class BDJSecurityManager extends SecurityManager { * File write access */ - private boolean canReadWrite(String file) { + private boolean canWrite(String file) { + + // Xlet can write to persistent storage and binding unit + if (budaRoot != null && file.startsWith(budaRoot)) { return true; } if (persistentRoot != null && file.startsWith(persistentRoot)) { return true; } - return false; - } - public void checkWrite(String file) { BDJXletContext ctx = BDJXletContext.getCurrentContext(); - - file = getCanonPath(file); - if (ctx != null) { - // Xlet can write to persistent storage and binding unit - if (canReadWrite(file)) { - return; - } logger.error("Xlet write " + file + " denied at\n" + Logger.dumpStack()); - } else { - // BD-J core can write to cache - if (cacheRoot != null && file.startsWith(cacheRoot)) { - return; - } - logger.error("BD-J write " + file + " denied at\n" + Logger.dumpStack()); + return false; + } + + // BD-J core can write to cache + if (cacheRoot != null && file.startsWith(cacheRoot)) { + return true; } + logger.error("BD-J write " + file + " denied at\n" + Logger.dumpStack()); + return false; + } + + public void checkWrite(String file) { + file = getCanonPath(file); + if (canWrite(file)) { + return; + } throw new SecurityException("write access denied"); } _______________________________________________ libbluray-devel mailing list [email protected] https://mailman.videolan.org/listinfo/libbluray-devel
