From 1da55256d2140ad0fe9f1cd351c3786619bd5bbd Mon Sep 17 00:00:00 2001 From: "kyle.yuan%sun.com" Date: Tue, 6 Apr 2004 03:15:55 +0000 Subject: [PATCH] Bug 239122 Liveconnect can be used to read any file on user's filesystem enabling UniversalBrowserRead only during js calling applet r=jst, sr=brendan, a=chofmann --- js/src/liveconnect/jsj.c | 13 +++++++++++++ js/src/liveconnect/jsj_JavaObject.c | 9 +++++++++ js/src/liveconnect/jsj_method.c | 8 ++++++-- js/src/liveconnect/jsj_private.h | 7 +++++++ js/src/liveconnect/jsj_utils.c | 6 +++++- js/src/liveconnect/jsjava.h | 3 +++ modules/oji/src/nsCSecurityContext.cpp | 8 +++++++- 7 files changed, 50 insertions(+), 4 deletions(-) diff --git a/js/src/liveconnect/jsj.c b/js/src/liveconnect/jsj.c index 5cf386a4ef8..58ca76305ed 100644 --- a/js/src/liveconnect/jsj.c +++ b/js/src/liveconnect/jsj.c @@ -55,6 +55,8 @@ # include "prmon.h" #endif +JSBool JSIsCallingApplet = JS_FALSE; + /* * At certain times during initialization, there may be no JavaScript context * available to direct error reports to, in which case the error messages @@ -103,6 +105,7 @@ jclass jlClass; /* java.lang.Class */ jclass jlBoolean; /* java.lang.Boolean */ jclass jlDouble; /* java.lang.Double */ jclass jlString; /* java.lang.String */ +jclass jaApplet; /* java.applet.Applet */ jclass njJSObject; /* netscape.javascript.JSObject */ jclass njJSException; /* netscape.javascript.JSException */ jclass njJSUtil; /* netscape.javascript.JSUtil */ @@ -261,6 +264,8 @@ init_java_VM_reflection(JSJavaVM *jsjava_vm, JNIEnv *jEnv) LOAD_CLASS(java/lang/String, jlString); LOAD_CLASS(java/lang/Void, jlVoid); + LOAD_CLASS(java/applet/Applet, jaApplet); + LOAD_METHOD(java.lang.Class, getMethods, "()[Ljava/lang/reflect/Method;",jlClass); LOAD_METHOD(java.lang.Class, getConstructors, "()[Ljava/lang/reflect/Constructor;",jlClass); LOAD_METHOD(java.lang.Class, getFields, "()[Ljava/lang/reflect/Field;", jlClass); @@ -592,6 +597,7 @@ JSJ_DisconnectFromJavaVM(JSJavaVM *jsjava_vm) UNLOAD_CLASS(java/lang/Double, jlDouble); UNLOAD_CLASS(java/lang/String, jlString); UNLOAD_CLASS(java/lang/Void, jlVoid); + UNLOAD_CLASS(java/applet/Applet, jaApplet); UNLOAD_CLASS(netscape/javascript/JSObject, njJSObject); UNLOAD_CLASS(netscape/javascript/JSException, njJSException); UNLOAD_CLASS(netscape/javascript/JSUtil, njJSUtil); @@ -869,3 +875,10 @@ JSJ_ConvertJSValueToJavaObject(JSContext *cx, jsval v, jobject *vp) } return JS_FALSE; } + + +JS_EXPORT_API(JSBool) +JSJ_IsJSCallApplet() +{ + return JSIsCallingApplet; +} diff --git a/js/src/liveconnect/jsj_JavaObject.c b/js/src/liveconnect/jsj_JavaObject.c index ad1b7685559..18120e6eaad 100644 --- a/js/src/liveconnect/jsj_JavaObject.c +++ b/js/src/liveconnect/jsj_JavaObject.c @@ -654,6 +654,10 @@ JavaObject_getPropertyById(JSContext *cx, JSObject *obj, jsid id, jsval *vp) java_obj = java_wrapper->java_obj; field_val = method_val = JSVAL_VOID; + if (jaApplet && (*jEnv)->IsInstanceOf(jEnv, java_obj, jaApplet)) { + JSIsCallingApplet = JS_TRUE; + } + /* If a field member, get the value of the field */ if (member_descriptor->field) { success = jsj_GetJavaFieldValue(cx, jEnv, member_descriptor->field, java_obj, &field_val); @@ -777,6 +781,11 @@ JavaObject_setPropertyById(JSContext *cx, JSObject *obj, jsid id, jsval *vp) } java_obj = java_wrapper->java_obj; + + if (jaApplet && (*jEnv)->IsInstanceOf(jEnv, java_obj, jaApplet)) { + JSIsCallingApplet = JS_TRUE; + } + result = jsj_SetJavaFieldValue(cx, jEnv, member_descriptor->field, java_obj, *vp); jsj_ExitJava(jsj_env); return result; diff --git a/js/src/liveconnect/jsj_method.c b/js/src/liveconnect/jsj_method.c index 358d4bc12b5..7ede92e9514 100644 --- a/js/src/liveconnect/jsj_method.c +++ b/js/src/liveconnect/jsj_method.c @@ -1375,9 +1375,9 @@ static JSBool invoke_java_method(JSContext *cx, JSJavaThreadState *jsj_env, jobject java_class_or_instance, JavaClassDescriptor *class_descriptor, - JavaMethodSpec *method, + JavaMethodSpec *method, JSBool is_static_method, - jsval *argv, jsval *vp) + jsval *argv, jsval *vp) { jvalue java_value; jvalue *jargv; @@ -1803,6 +1803,10 @@ jsj_JavaInstanceMethodWrapper(JSContext *cx, JSObject *obj, if (!jEnv) return JS_FALSE; + if (jaApplet && (*jEnv)->IsInstanceOf(jEnv, java_obj, jaApplet)) { + JSIsCallingApplet = JS_TRUE; + } + /* Try to find an instance method with the given name first */ member_descriptor = jsj_LookupJavaMemberDescriptorById(cx, jEnv, class_descriptor, id); if (member_descriptor) diff --git a/js/src/liveconnect/jsj_private.h b/js/src/liveconnect/jsj_private.h index fc1608324f4..59b7cbbc266 100644 --- a/js/src/liveconnect/jsj_private.h +++ b/js/src/liveconnect/jsj_private.h @@ -301,6 +301,7 @@ extern jclass jlClass; /* java.lang.Class */ extern jclass jlBoolean; /* java.lang.Boolean */ extern jclass jlDouble; /* java.lang.Double */ extern jclass jlString; /* java.lang.String */ +extern jclass jaApplet; /* java.applet.Applet */ extern jclass njJSObject; /* netscape.javascript.JSObject */ extern jclass njJSException; /* netscape.javascript.JSException */ extern jclass njJSUtil; /* netscape.javascript.JSUtil */ @@ -352,6 +353,12 @@ extern jfieldID njJSException_filename; /* netscape.javascript.JSExceptio extern jfieldID njJSException_wrappedExceptionType; /* netscape.javascript.JSException.wrappedExceptionType */ extern jfieldID njJSException_wrappedException; /* netscape.javascript.JSException.wrappedException */ +/* + * XXX, bug 146458, + * whether we are doing a liveconnect call from javascript to java applet + */ +extern JSBool JSIsCallingApplet; + /**************** Java <==> JS conversions and Java types *******************/ extern JSBool jsj_ComputeJavaClassSignature(JSContext *cx, diff --git a/js/src/liveconnect/jsj_utils.c b/js/src/liveconnect/jsj_utils.c index 7e91b52a14c..8b3908b2c0a 100644 --- a/js/src/liveconnect/jsj_utils.c +++ b/js/src/liveconnect/jsj_utils.c @@ -470,7 +470,10 @@ jsj_EnterJava(JSContext *cx, JNIEnv **envp) return NULL; } - JS_ASSERT((jsj_env->recursion_depth == 0) || (jsj_env->cx == cx)); + /* simultaneous calls from different JSContext are not allowed */ + if ((jsj_env->recursion_depth > 0) && (jsj_env->cx != cx)) + return NULL; + jsj_env->recursion_depth++; /* bug #60018: prevent dangling pointer to JSContext */ @@ -485,6 +488,7 @@ jsj_EnterJava(JSContext *cx, JNIEnv **envp) extern void jsj_ExitJava(JSJavaThreadState *jsj_env) { + JSIsCallingApplet = JS_FALSE; if (jsj_env) { JS_ASSERT(jsj_env->recursion_depth > 0); if (--jsj_env->recursion_depth == 0) diff --git a/js/src/liveconnect/jsjava.h b/js/src/liveconnect/jsjava.h index 96e3eab8d97..3e1256b87d9 100644 --- a/js/src/liveconnect/jsjava.h +++ b/js/src/liveconnect/jsjava.h @@ -299,6 +299,9 @@ JSJ_ConvertJavaObjectToJSValue(JSContext *cx, jobject java_obj, jsval *vp); JS_EXPORT_API(JSBool) JSJ_ConvertJSValueToJavaObject(JSContext *cx, jsval js_val, jobject *vp); +JS_EXPORT_API(JSBool) +JSJ_IsJSCallApplet(); + JS_END_EXTERN_C #endif /* _JSJAVA_H */ diff --git a/modules/oji/src/nsCSecurityContext.cpp b/modules/oji/src/nsCSecurityContext.cpp index 980b49763d4..ae20c88afd7 100644 --- a/modules/oji/src/nsCSecurityContext.cpp +++ b/modules/oji/src/nsCSecurityContext.cpp @@ -50,6 +50,7 @@ #include "nsCSecurityContext.h" #include "nsIScriptContext.h" #include "jvmmgr.h" +#include "jsjava.h" // For GetOrigin() @@ -87,7 +88,12 @@ nsCSecurityContext::Implies(const char* target, const char* action, PRBool *bAll // |m_HasUniversalBrowserReadCapability| into the out parameter // once Java's origin checking code is fixed. // See bug 146458 for details. - *bAllowedAccess = PR_TRUE; + if (JSJ_IsJSCallApplet()) { + *bAllowedAccess = PR_TRUE; + } + else { + *bAllowedAccess = m_HasUniversalBrowserReadCapability; + } } else if(!nsCRT::strcmp(target,"UniversalJavaPermission")) { *bAllowedAccess = m_HasUniversalJavaCapability; } else {