286896 - Chrome apps and java.security.AccessControlException, PrivilegedActionException

Status: RESOLVED INCOMPLETE

(Core Graveyard :: Java: Live Connect, defect)

Description

[Ed Anuff]

User-Agent:       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 1.0.3705)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6) Gecko/20050225 Firefox/1.0.1

Java methods invoked from javascript which is excuted within chrome should be 
trusted in the same way that use of xpcom components is.  Currently, it appears 
to run in a sandbox.  This prevents extensions from being written that use Java 
in any meaningful way.

Reproducible: Always

Steps to Reproduce:
1.  Create a simple xul page called test.xul:

<?xml version="1.0"?>
<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
<window
    id="main-window"
    title="Main View"
    orient="horizontal"
    xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
    <script src="test.js"/>

	<vbox flex="1">
		<button label="Create File" oncommand="testFileCreate();" />
		<button label="Delete File" oncommand="testFileDelete();" />
		<button label="Test Thread" oncommand="testThread();" />
		<button label="Test Property" oncommand="testProperty();" />
		<button label="Dump System Properties" oncommand="testProperties
();" />
		<textbox multiline="true" id="classpath" flex="1" />
	</vbox>
</window>

2. Create a simple javascript file called test.js:

function testFileCreate() {
	Packages.lctest.LiveConnectTest.testFileCreate();
}

function testFileDelete() {
	Packages.lctest.LiveConnectTest.testFileDelete();
}

function testThread() {
	Packages.lctest.LiveConnectTest.testThreadAccess();
}

function testProperty() {
	var user_dir = java.lang.System.getProperty("java.class.path");
	
	var console = Components.classes
["@mozilla.org/consoleservice;1"].getService
(Components.interfaces.nsIConsoleService);
	console.logStringMessage(user_dir);
}

function testProperties() {
	var textbox = document.getElementById("classpath");
	var props = java.lang.System.getProperties();
	var writer = new java.io.StringWriter();
	var print_writer = new java.io.PrintWriter(writer, true);
	props.list(print_writer);
	var text = writer.toString();
	textbox.value = text;
}

3.  Use the quick setup for priveledged chrome:

http://www.xulplanet.com/tutorials/notes/quicksetup.php

4. Try it out at the appropraite chrome:// url

Actual Results:  
java.security.PrivilegedActionException: 
java.lang.reflect.InvocationTargetException
	at java.security.AccessController.doPrivileged(Native Method)
	at sun.plugin.liveconnect.SecureInvocation$2.run(Unknown Source)
	at java.security.AccessController.doPrivileged(Native Method)
	at sun.plugin.liveconnect.SecureInvocation.CallMethod(Unknown Source)
	at sun.plugin.liveconnect.SecureInvocation.access$300(Unknown Source)
	at sun.plugin.liveconnect.SecureInvocation$CallMethodThread.run(Unknown 
Source)
Caused by: java.lang.reflect.InvocationTargetException
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.lang.reflect.Method.invoke(Unknown Source)
	at sun.plugin.javascript.invoke.JSInvoke.invoke(Unknown Source)
	at sun.reflect.GeneratedMethodAccessor1.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.lang.reflect.Method.invoke(Unknown Source)
	at sun.plugin.javascript.JSClassLoader.invoke(Unknown Source)
	at sun.plugin.liveconnect.PrivilegedCallMethodAction.run(Unknown Source)
	... 6 more
Caused by: java.security.AccessControlException: access denied 
(java.io.FilePermission C:\test.txt write)
	at java.security.AccessControlContext.checkPermission(Unknown Source)
	at java.security.AccessController.checkPermission(Unknown Source)
	at java.lang.SecurityManager.checkPermission(Unknown Source)
	at java.lang.SecurityManager.checkWrite(Unknown Source)
	at sun.plugin.security.ActivatorSecurityManager.checkDelete(Unknown 
Source)
	at java.io.File.delete(Unknown Source)
	at lctest.LiveConnectTest.testFileDelete(LiveConnectTest.java:14)
	... 16 more


Expected Results:  
No error in the java console, java code executes with full permissions.

Comment 1

[Ed Anuff]

Forgot to add the actual java class being invoked:

package lctest;
import java.io.*;

public class LiveConnectTest {

	public static void testFileCreate() throws Exception {
		File file = new File("C:\\test.txt");
		PrintWriter writer = new PrintWriter(new FileWriter(file));
		writer.println("This is a test text file created from Java.");
	}

	public static void testFileDelete() {
		File file = new File("C:\\test.txt");
		file.delete();
	}

	public static void testThreadAccess() {
		new Thread(new Runnable() {
            public void run() {
                System.out.println("Hello from thread!");
                try {
                	Thread.sleep(1000);
                }
                catch (Exception e) {
                }
            }
        }).start();
		}
}

Comment 2

[Kyle Yuan]

So far, it's true that java and js can not share the privilege settings from
each other.

Comment 3

[Kyle Yuan]

mass reassign my bugs to Pete Zha.

Comment 4

[Pete Zha]

mass reassign to Alfred

Comment 5

[Benjamin Smedberg]

Firefox code moved from custom Liveconnect code to the NPAPI/NPRuntime bridge a while back. Mass-closing the bugs in the liveconnect component which are likely invalid. If you believe that this bug is still relevant to modern versions of Firefox, please reopen it and move it the "Core" product, component "Plug-Ins".