Peter Firmstone wrote:
...
Basically: Method call from new thread? Permission check. Permission
revoked? Permission check again. Previously checked Thread, no relevant
revocation's since (of same Class<Permission>)? Don't check again,
return quickly.
The assumption I've made is, it will be very difficult for an attacker
to predict when a thread will access a method on the delegate, then
later, be called by that very same thread, so his class can call the
delegate unchecked. Any thoughts on this? Am I overlooking something?
...
What are the implications of all this for TaskManager? I have not yet
investigated whether it is used to run proxy code, but some proxy
actions seem like natural parallel tasks, so it should be permitted.
There is no association between each TaskManager thread and any
particular subset of its tasks. The timing is somewhat controllable
through runAfter decisions. A task can sit around on the TaskManager
queue returning false from runAfter until a task of some specified type
has just run.
Patricia
