Bug ID: JDK-8096389 Gtk: SecurityException using WebView when running app with security manager

JDK-8096389 : Gtk: SecurityException using WebView when running app with security manager

Type: Bug
Component: javafx
Sub-Component: window-toolkit
Affected Version: 8

Priority: P3
Status: Resolved
Resolution: Fixed

Submitted: 2014-03-06
Updated: 2015-06-12
Resolved: 2014-03-17

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

JDK 8
8u20Fixed

Related Reports

Relates :	JDK-8097371 - [JFXPanel] SecurityException in PlatformUtil when running SwingInterop with security manager
Relates :	JDK-8097417 - Create regression tests that run JavaFX apps with a security manager

Sub Tasks

JDK-8096523 :

Gtk: SecurityException using WebView when running app with security manager - Resolved

Description

To reproduce, run the attached program on a Linux machine with a security manager enabled (or run it as an untrusted applet or Web Start app).

$ java -Djava.security.manager -webviewapp.Main

Exception in Application start method
Workaround until RT-13281 is implemented: keep toolkit alive
java.lang.reflect.InvocationTargetException
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.lang.reflect.Method.invoke(Unknown Source)
	at com.sun.javafx.application.LauncherImpl.launchApplicationWithArgs(Unknown Source)
	at com.sun.javafx.application.LauncherImpl.launchApplication(Unknown Source)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.lang.reflect.Method.invoke(Unknown Source)
	at sun.launcher.LauncherHelper$FXHelper.main(Unknown Source)
Caused by: java.lang.RuntimeException: Exception in Application start method
	at com.sun.javafx.application.LauncherImpl.launchApplication1(Unknown Source)
	at com.sun.javafx.application.LauncherImpl.access$000(Unknown Source)
	at com.sun.javafx.application.LauncherImpl$1.run(Unknown Source)
	at java.lang.Thread.run(Unknown Source)
Caused by: java.security.AccessControlException: access denied ("java.util.PropertyPermission" "user.home" "read")
	at java.security.AccessControlContext.checkPermission(Unknown Source)
	at java.security.AccessController.checkPermission(Unknown Source)
	at java.lang.SecurityManager.checkPermission(Unknown Source)
	at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
	at java.lang.System.getProperty(Unknown Source)
	at com.sun.glass.ui.Application.getDataDirectory(Unknown Source)
	at javafx.scene.web.WebEngine.defaultUserDataDirectory(Unknown Source)
	at javafx.scene.web.WebEngine.applyUserDataDirectory(Unknown Source)
	at javafx.scene.web.WebEngine.load(Unknown Source)
	at webviewapp.Main.start(Main.java:32)
	at com.sun.javafx.application.LauncherImpl$8.run(Unknown Source)
	at com.sun.javafx.application.PlatformImpl$7.run(Unknown Source)
	at com.sun.javafx.application.PlatformImpl$6$1.run(Unknown Source)
	at com.sun.javafx.application.PlatformImpl$6$1.run(Unknown Source)
	at java.security.AccessController.doPrivileged(Native Method)
	at com.sun.javafx.application.PlatformImpl$6.run(Unknown Source)
	at com.sun.glass.ui.InvokeLaterDispatcher$Future.run(Unknown Source)
	at com.sun.glass.ui.gtk.GtkApplication._runLoop(Native Method)
	at com.sun.glass.ui.gtk.GtkApplication.access$200(Unknown Source)
	at com.sun.glass.ui.gtk.GtkApplication$6$1.run(Unknown Source)
	... 1 more
Exception running application webviewapp.Main

Comments

Unit Test: tests/system/src/test/java/sandbox/SandboxAppTest.java
19-03-2014
I am requesting to take this fix into 8u11 for CPU14_03. Justification: This is a regression introduced in JDK 8. Without this fix, all applets or Web Start apps that run in a sandbox and use WebView will get a security exception on Linux. There is no known workaround other than to request all permissions. Risk: very low. It is a one line change that wraps the call to System.getProperty in a doPrivileged block.
17-03-2014
Tested with various webview apps, including Ensemble, ran the test program with / without the security manager.
17-03-2014
http://hg.openjdk.java.net/openjfx/8u-dev/rt/rev/c0d5845f82d5
17-03-2014
The fix looks fine to me.
17-03-2014
Please review the following: http://cr.openjdk.java.net/~kcr/RT-36141/ Reviewers: anthony This is a simple fix to read the System property from within a doPrivileged block. Regression tests will be covered by RT-36197 (which I will send out for review soon).
15-03-2014
This is a regression in behavior from FX 2.2.51 to FX 8. It was introduced by the fix for RT-31920. The error is in the following method in glass, which returns the default user directory. com.sun.glass.ui.Application.getDataDirectory() The implementation calls System.getProperty("user.home"). This method is called by public API methods in WebEngine, so an untrusted app using those methods will cause an exception to be thrown. The fix is trivial, which is to wrap the call to System.getProperty("user.home") inside a doPrivileged which we do in other similar cases. Note that the method is overridden on Mac and Windows (although as a fallback those overriding methods can call super), which is why this bug only appears on Linux in my testing.
06-03-2014