[Swfdec-commits] swfdec/Makefile.am swfdec/swfdec_access.c swfdec/swfdec_access.h swfdec/swfdec_load_sound.c swfdec/swfdec_net_stream.c swfdec/swfdec_player_internal.h swfdec/swfdec_policy_file.c
Benjamin Otte
company at kemper.freedesktop.org
Wed Jun 18 07:12:42 PDT 2008
swfdec/Makefile.am | 2 +
swfdec/swfdec_access.c | 73 ++++++++++++++++++++++++++++++++++++++++
swfdec/swfdec_access.h | 51 +++++++++++++++++++++++++++
swfdec/swfdec_load_sound.c | 13 ++++++-
swfdec/swfdec_net_stream.c | 12 ++++++
swfdec/swfdec_player_internal.h | 4 --
swfdec/swfdec_policy_file.c | 54 -----------------------------
7 files changed, 148 insertions(+), 61 deletions(-)
New commits:
commit 77613b390a76267fef20229556aff5092f1d326a
Author: Benjamin Otte <otte at gnome.org>
Date: Wed Jun 18 16:11:41 2008 +0200
redo API of security once again
now we have a matrix that tells us what to do. See SwfdecLoadSound or
SwfdecNetStream implementations about it.
diff --git a/swfdec/Makefile.am b/swfdec/Makefile.am
index 816dd4e..9478371 100644
--- a/swfdec/Makefile.am
+++ b/swfdec/Makefile.am
@@ -10,6 +10,7 @@ lib_LTLIBRARIES = libswfdec- at SWFDEC_MAJORMINOR@.la
# these are files that must be in SRCDIR
libswfdec_source_files = \
+ swfdec_access.c \
swfdec_accessibility.c \
swfdec_actor.c \
swfdec_amf.c \
@@ -218,6 +219,7 @@ libswfdec_ at SWFDEC_MAJORMINOR@includedir = $(includedir)/swfdec- at SWFDEC_MAJORMINO
libswfdec_ at SWFDEC_MAJORMINOR@include_HEADERS = $(public_headers) swfdec_enums.h
noinst_HEADERS = \
+ swfdec_access.h \
swfdec_actor.h \
swfdec_amf.h \
swfdec_as_boolean.h \
diff --git a/swfdec/swfdec_access.c b/swfdec/swfdec_access.c
new file mode 100644
index 0000000..5068b8c
--- /dev/null
+++ b/swfdec/swfdec_access.c
@@ -0,0 +1,73 @@
+/* Swfdec
+ * Copyright (C) 2008 Benjamin Otte <otte at gnome.org>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA 02110-1301 USA
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <swfdec/swfdec_access.h>
+#include <swfdec/swfdec_debug.h>
+
+void
+swfdec_player_allow_by_matrix (SwfdecPlayer *player, const char *url_string,
+ const SwfdecAccessMatrix matrix, SwfdecPolicyFunc func, gpointer data)
+{
+ SwfdecSandbox *sandbox;
+ SwfdecAccessPermission perm;
+ SwfdecAccessType type;
+ SwfdecURL *url;
+
+ g_return_if_fail (SWFDEC_IS_PLAYER (player));
+ g_return_if_fail (url_string != NULL);
+ g_return_if_fail (func);
+
+ sandbox = SWFDEC_SANDBOX (SWFDEC_AS_CONTEXT (player)->global);
+ g_assert (sandbox);
+
+ url = swfdec_player_create_url (player, url_string);
+ if (url == NULL) {
+ func (player, FALSE, data);
+ return;
+ }
+
+ if (swfdec_url_is_local (url)) {
+ type = SWFDEC_ACCESS_LOCAL;
+ } else if (swfdec_url_host_equal(url, sandbox->url)) {
+ type = SWFDEC_ACCESS_SAME_HOST;
+ } else {
+ type = SWFDEC_ACCESS_NET;
+ }
+
+ perm = matrix[sandbox->type][type];
+
+ if (perm == SWFDEC_ACCESS_YES) {
+ func (player, TRUE, data);
+ } else if (perm == SWFDEC_ACCESS_NO) {
+ func (player, FALSE, data);
+ } else {
+ SwfdecURL *load_url = swfdec_url_new_components (
+ swfdec_url_get_protocol (url), swfdec_url_get_host (url),
+ swfdec_url_get_port (url), "crossdomain.xml", NULL);
+ swfdec_player_allow_or_load (player, sandbox->url, url, load_url, func, data);
+ swfdec_url_free (load_url);
+ }
+
+ swfdec_url_free (url);
+}
+
diff --git a/swfdec/swfdec_access.h b/swfdec/swfdec_access.h
new file mode 100644
index 0000000..d386eff
--- /dev/null
+++ b/swfdec/swfdec_access.h
@@ -0,0 +1,51 @@
+/* Swfdec
+ * Copyright (C) 2008 Benjamin Otte <otte at gnome.org>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA 02110-1301 USA
+ */
+
+#ifndef _SWFDEC_ACCESS_H_
+#define _SWFDEC_ACCESS_H_
+
+#include <swfdec/swfdec.h>
+#include <swfdec/swfdec_player_internal.h>
+#include <swfdec/swfdec_sandbox.h>
+
+G_BEGIN_DECLS
+
+typedef enum {
+ SWFDEC_ACCESS_LOCAL,
+ SWFDEC_ACCESS_SAME_HOST,
+ SWFDEC_ACCESS_NET
+} SwfdecAccessType;
+
+typedef enum {
+ SWFDEC_ACCESS_NO,
+ SWFDEC_ACCESS_POLICY,
+ SWFDEC_ACCESS_YES
+} SwfdecAccessPermission;
+
+typedef SwfdecAccessPermission SwfdecAccessMatrix[5][3];
+
+void swfdec_player_allow_by_matrix (SwfdecPlayer * player,
+ const char * url_string,
+ const SwfdecAccessMatrix matrix,
+ SwfdecPolicyFunc func,
+ gpointer data);
+
+
+G_END_DECLS
+#endif
diff --git a/swfdec/swfdec_load_sound.c b/swfdec/swfdec_load_sound.c
index 0a44c80..6c4b41e 100644
--- a/swfdec/swfdec_load_sound.c
+++ b/swfdec/swfdec_load_sound.c
@@ -22,6 +22,7 @@
#endif
#include "swfdec_load_sound.h"
+#include "swfdec_access.h"
#include "swfdec_as_strings.h"
#include "swfdec_audio_decoder.h"
#include "swfdec_audio_internal.h"
@@ -388,6 +389,14 @@ swfdec_load_sound_load (SwfdecPlayer *player, gboolean allow, gpointer data)
swfdec_stream_set_target (sound->stream, SWFDEC_STREAM_TARGET (sound));
}
+static const SwfdecAccessMatrix swfdec_load_sound_matrix = {
+ { SWFDEC_ACCESS_NO, SWFDEC_ACCESS_NO, SWFDEC_ACCESS_NO },
+ { SWFDEC_ACCESS_NO, SWFDEC_ACCESS_YES, SWFDEC_ACCESS_YES },
+ { SWFDEC_ACCESS_YES, SWFDEC_ACCESS_NO, SWFDEC_ACCESS_NO },
+ { SWFDEC_ACCESS_YES, SWFDEC_ACCESS_YES, SWFDEC_ACCESS_YES },
+ { SWFDEC_ACCESS_YES, SWFDEC_ACCESS_YES, SWFDEC_ACCESS_YES }
+};
+
SwfdecLoadSound *
swfdec_load_sound_new (SwfdecAsObject *target, const char *url)
{
@@ -401,8 +410,8 @@ swfdec_load_sound_new (SwfdecAsObject *target, const char *url)
sound->target = target;
sound->sandbox = SWFDEC_SANDBOX (target->context->global);
sound->url = g_strdup (url);
- swfdec_player_load_default (SWFDEC_PLAYER (target->context), url,
- swfdec_load_sound_load, sound);
+ swfdec_player_allow_by_matrix (SWFDEC_PLAYER (target->context), url,
+ swfdec_load_sound_matrix, swfdec_load_sound_load, sound);
/* tell missing plugins stuff we want MP3 */
missing = NULL;
swfdec_audio_decoder_prepare (SWFDEC_AUDIO_CODEC_MP3,
diff --git a/swfdec/swfdec_net_stream.c b/swfdec/swfdec_net_stream.c
index 70fdbb3..acc3e94 100644
--- a/swfdec/swfdec_net_stream.c
+++ b/swfdec/swfdec_net_stream.c
@@ -23,6 +23,7 @@
#include <math.h>
#include "swfdec_net_stream.h"
+#include "swfdec_access.h"
#include "swfdec_amf.h"
#include "swfdec_as_frame_internal.h"
#include "swfdec_as_strings.h"
@@ -569,6 +570,14 @@ swfdec_net_stream_load (SwfdecPlayer *player, gboolean allowed, gpointer streamp
stream->requested_url = NULL;
}
+static const SwfdecAccessMatrix swfdec_net_stream_matrix = {
+ { SWFDEC_ACCESS_NO, SWFDEC_ACCESS_NO, SWFDEC_ACCESS_NO },
+ { SWFDEC_ACCESS_NO, SWFDEC_ACCESS_YES, SWFDEC_ACCESS_POLICY },
+ { SWFDEC_ACCESS_YES, SWFDEC_ACCESS_NO, SWFDEC_ACCESS_NO },
+ { SWFDEC_ACCESS_NO, SWFDEC_ACCESS_NO, SWFDEC_ACCESS_POLICY },
+ { SWFDEC_ACCESS_YES, SWFDEC_ACCESS_NO, SWFDEC_ACCESS_POLICY }
+};
+
void
swfdec_net_stream_set_url (SwfdecNetStream *stream, const char *url_string)
{
@@ -589,7 +598,8 @@ swfdec_net_stream_set_url (SwfdecNetStream *stream, const char *url_string)
stream->requested_url = g_strdup (url_string);
stream->sandbox = SWFDEC_SANDBOX (SWFDEC_AS_CONTEXT (player)->global);
- swfdec_player_load_default (player, url_string, swfdec_net_stream_load, stream);
+ swfdec_player_allow_by_matrix (player, url_string,
+ swfdec_net_stream_matrix, swfdec_net_stream_load, stream);
}
void
diff --git a/swfdec/swfdec_player_internal.h b/swfdec/swfdec_player_internal.h
index 49e60a1..fa39462 100644
--- a/swfdec/swfdec_player_internal.h
+++ b/swfdec/swfdec_player_internal.h
@@ -286,10 +286,6 @@ void swfdec_player_allow_or_load (SwfdecPlayer * player,
const SwfdecURL * crossdomain,
SwfdecPolicyFunc func,
gpointer data);
-void swfdec_player_load_default (SwfdecPlayer * player,
- const char * url_string,
- SwfdecPolicyFunc func,
- gpointer data);
/* in swfdec_as_interpret.c */
SwfdecMovie * swfdec_player_get_movie_from_value
diff --git a/swfdec/swfdec_policy_file.c b/swfdec/swfdec_policy_file.c
index 7915108..32f74d0 100644
--- a/swfdec/swfdec_policy_file.c
+++ b/swfdec/swfdec_policy_file.c
@@ -368,57 +368,3 @@ swfdec_player_allow_or_load (SwfdecPlayer *player, const SwfdecURL *from,
file->requests = g_slist_append (file->requests, request);
}
-void
-swfdec_player_load_default (SwfdecPlayer *player, const char *url_string,
- SwfdecPolicyFunc func, gpointer data)
-{
- SwfdecSandbox *sandbox;
- SwfdecURL *url;
-
- g_return_if_fail (SWFDEC_IS_PLAYER (player));
- g_return_if_fail (url_string != NULL);
- g_return_if_fail (func);
-
- sandbox = SWFDEC_SANDBOX (SWFDEC_AS_CONTEXT (player)->global);
- g_assert (sandbox);
-
- url = swfdec_player_create_url (player, url_string);
- if (url == NULL) {
- func (player, FALSE, data);
- return;
- }
- if (swfdec_url_is_local (url)) {
- func (player,
- sandbox->type == SWFDEC_SANDBOX_LOCAL_TRUSTED ||
- sandbox->type == SWFDEC_SANDBOX_LOCAL_FILE, data);
- } else {
- switch (sandbox->type) {
- case SWFDEC_SANDBOX_REMOTE:
- if (swfdec_url_host_equal(url, sandbox->url)) {
- func (player, TRUE, data);
- break;
- }
- /* fall through */
- case SWFDEC_SANDBOX_LOCAL_NETWORK:
- case SWFDEC_SANDBOX_LOCAL_TRUSTED:
- {
- SwfdecURL *load_url = swfdec_url_new_components (
- swfdec_url_get_protocol (url), swfdec_url_get_host (url),
- swfdec_url_get_port (url), "crossdomain.xml", NULL);
- swfdec_player_allow_or_load (player, sandbox->url, url, load_url, func, data);
- swfdec_url_free (load_url);
- }
- break;
- case SWFDEC_SANDBOX_LOCAL_FILE:
- func (player, FALSE, data);
- break;
- case SWFDEC_SANDBOX_NONE:
- default:
- g_assert_not_reached ();
- break;
- }
- }
-
- swfdec_url_free (url);
-}
-
More information about the Swfdec-commits
mailing list