RE: [equinox-dev] Problem with security in Equinox

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

RE: [equinox-dev] Problem with security in Equinox

From: Mark Hoffmann <mark.hoffmann@xxxxxx>
Date: Mon, 27 Apr 2009 10:42:03 +0200
Delivered-to: equinox-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/equinox-dev>
List-help: <mailto:equinox-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/equinox-dev>, <mailto:equinox-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/listinfo/equinox-dev>, <mailto:equinox-dev-request@eclipse.org?subject=unsubscribe>
Organization: http://freemail.web.de/

Hi,

I run equinox with my own policy, that looks like this:

grant codeBase
"file:/path_to_launcher_bundle/org.eclipse.equinox.launcher_1.0.100.v20080509-1800.jar" {
    permission java.util.PropertyPermission "*", "read, write";
    permission java.io.FilePermission "<<ALL FILES>>", "read, write, delete";
    permission java.lang.RuntimePermission "*";
    permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
    permission org.osgi.framework.ServicePermission "*","register,get";
    permission org.osgi.framework.AdminPermission;
    permission java.net.NetPermission "specifyStreamHandler";
    permission org.osgi.service.application.ApplicationAdminPermission "*", "lifecycle";
    permission org.osgi.framework.PackagePermission "*","export,import";
    permission org.osgi.framework.BundlePermission "*","provide,require";
    permission javax.security.auth.AuthPermission "modifyPrincipals";
    permission javax.security.auth.AuthPermission "createLoginContext.TEST";
    permission javax.security.auth.AuthPermission "doAsPrivileged";
    permission javax.security.auth.AuthPermission "setLoginConfiguration";
    permission javax.security.auth.AuthPermission "doAs";
    permission javax.security.auth.AuthPermission "getSubject";
    permission java.security.SecurityPermission "getPolicy";
    permission java.security.SecurityPermission "setPolicy";
};

grant codeBase "file:/path_to/workspace" {
    permission java.io.FilePermission "<<ALL FILES>>", "read, write, delete";
    permission java.util.PropertyPermission "*", "read, write";
    permission java.lang.RuntimePermission "*";
    permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
    permission org.osgi.framework.ServicePermission "*","register,get";
    permission org.osgi.framework.AdminPermission;
    permission java.net.NetPermission "specifyStreamHandler";
    permission org.osgi.service.application.ApplicationAdminPermission "*", "lifecycle";
    permission org.osgi.framework.PackagePermission "*","export,import";
    permission org.osgi.framework.BundlePermission "*","provide,require";
    permission javax.security.auth.AuthPermission "modifyPrincipals";
    permission javax.security.auth.AuthPermission "createLoginContext.TEST";
    permission javax.security.auth.AuthPermission "doAsPrivileged";
    permission javax.security.auth.AuthPermission "setLoginConfiguration";
    permission javax.security.auth.AuthPermission "doAs";
    permission javax.security.auth.AuthPermission "getSubject";
};

As VM lauch arguments I gave:

-Djava.security.policy=${workspace_loc}/PluginName/data/test.policy
-Djava.security.manager
-Declipse.security=org.eclipse.osgi.framework.internal.core.FrameworkSecurityManager

What I further needed was the permissions.perm file in the OSGI-INF folder, that contains the same information like the section for the launcher in the policy file:

(java.io.FilePermission "<<ALL FILES>>" "read,write,delete")
(java.util.PropertyPermission "*" "read, write")
(java.lang.RuntimePermission "*")
(java.lang.reflect.ReflectPermission "suppressAccessChecks")
(org.osgi.framework.ServicePermission "*" "register,get")
(org.osgi.framework.AdminPermission)
(java.net.NetPermission "specifyStreamHandler")
(org.osgi.service.application.ApplicationAdminPermission "*" "lifecycle")
(org.osgi.framework.PackagePermission "*" "export,import")
(org.osgi.framework.BundlePermission "*" "provide,require")
(javax.security.auth.AuthPermission "modifyPrincipals")
(javax.security.auth.AuthPermission "createLoginContext.TEST")
(javax.security.auth.AuthPermission "doAsPrivileged")
(javax.security.auth.AuthPermission "setLoginConfiguration")
(javax.security.auth.AuthPermission "doAs")
(javax.security.auth.AuthPermission "getSubject")
(java.security.SecurityPermission "getPolicy")
(java.security.SecurityPermission "setPolicy")

Regards,
Mark


"David Conde" <dconde@xxxxxxxx> schrieb am 27.04.2009 09:32:16:
> 
> I got a solution for my problem, if I modify the common policy file 
> in JVM directory, instead of changing in my policy file (into my 
> program directory), and there I write:
> 
> grant {
> permission java.security.AllPermission;
> };
> 
> then If I launch Equinox with security parameters I do not get any 
> exception at all.
> 
> Java -Djava.security.manager=org.eclipse.osgi.framework.internal.core.
> FrameworkSecurityManager
> -Djava.security.policy=policy -jar org.eclipse.osgi_3.4.0.v20080107.
> jar console
> 
> Why do I have to modify in the JVR directory policy file instead of 
> doing in my policy file?
> 
> I mean , If I like to fix some permissions for my bundle I should not 
> write them in JVR Policy file but in my policy file.
> 
> Thanks in advance
> 
> De: equinox-dev-bounces@xxxxxxxxxxx [mailto:equinox-dev-bounces@
> eclipse.org]  *En nombre de *Thomas Watson
>  *Enviado el:* viernes, 24 de abril de 2009 16:59
>  *Para:* Equinox development mailing list
>  *Asunto:* Re: [equinox-dev] Problem with security in Equinox
> 
> This works for me. What VM are you using? I suggest you open a bug 
> with details on your OS and java version etc.
> 
> Tom
> 
> "David Conde" ---04/24/2009 07:17:52 AM---Hi,
> 
> From:
> 
> "David Conde" <dconde@xxxxxxxx>
> 
> To:
> 
> <equinox-dev@xxxxxxxxxxx>
> 
> Date:
> 
> 04/24/2009 07:17 AM
> 
> Subject:
> 
> [equinox-dev] Problem with security in Equinox
> 
> Hi, 
> 
> I have been looking for documentation about make secure a bundle 
> running on Equinox Framework without using Eclipse.
> 
> I have tried to put ON the security features of Equinox typing the 
> next commands:
> 
> java
> -Djava.security.manager=org.eclipse.osgi.framework.internal.core.
> FrameworkSecurityManager
> -Djava.security.policy=policy -jar org.eclipse.osgi_3.4.0.v20080107.
> jar -console
> 
> Previously I created text file called policy in which I had written :
> 
> grant {
> permission java.security.AllPermission;
> };
> 
> But when I do this I got the next Exception:
> 
> Errror occurred during initialization of VM
> java.lang.ExceptionInInitializerError
> at java.lang.System.setSecurityManager0(Unknown Source)
> at java.lang.System.setSecurityManager(Unknown Source)
> at sun.misc.Launcher.<init>(Unknown Source)
> at sun.misc.Launcher.<clinit>(Unknown Source)
> at java.lang.ClassLoader.initSystemClassLoader(Unknown Source)
> at java.lang.ClassLoader.getSystemClassLoader(Unknown Source)
> Caused by: java.security.AccessControlException: access denied (java.
> security.Se
> curityPermission getProperty.networkaddress.cache.ttl)
> at java.security.AccessControlContext.checkPermission(Unknown Source)
> at org.eclipse.osgi.framework.internal.core.FrameworkSecurityManager.
> int
> ernalCheckPermission(FrameworkSecurityManager.java:119)
> at org.eclipse.osgi.framework.internal.core.FrameworkSecurityManager$
> Che
> ckPermissionAction.run(FrameworkSecurityManager.java:84)
> at java.security.AccessController.doPrivileged(Native Method)
> at org.eclipse.osgi.framework.internal.core.FrameworkSecurityManager.
> che
> ckPermission(FrameworkSecurityManager.java:90)
> at org.eclipse.osgi.framework.internal.core.FrameworkSecurityManager.
> che
> ckPermission(FrameworkSecurityManager.java:219)
> at java.security.Security.getProperty(Unknown Source)
> at sun.net.InetAddressCachePolicy$1.run(Unknown Source)
> at java.security.AccessController.doPrivileged(Native Method)
> at sun.net.InetAddressCachePolicy.<clinit>(Unknown Source)
> at java.lang.System.setSecurityManager0(Unknown Source)
> at java.lang.System.setSecurityManager(Unknown Source)
> at sun.misc.Launcher.<init>(Unknown Source)
> at sun.misc.Launcher.<clinit>(Unknown Source)
> at java.lang.ClassLoader.initSystemClassLoader(Unknown Source)
> 
> I do not have any idea about why I got this exception, I have looked 
> for that in Internet but there was no result
> 
> Any idea about this problem?
> 
> Thank you in advance
> 
> David 
> 
> _______________________________________________
> equinox-dev mailing list
> equinox-dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/equinox-dev
> 
> _______________________________________________ equinox-dev mailing 
> list equinox-dev@xxxxxxxxxxx https://dev.eclipse.org/mailman/listinfo/
> 
> equinox-dev

__________________________________________________________________________
Verschicken Sie SMS direkt vom Postfach aus - in alle deutschen und viele 
ausländische Netze zum gleichen Preis! 
https://produkte.web.de/webde_sms/sms

Follow-Ups:
- RE: [equinox-dev] Problem with security in Equinox
  - From: David Conde

Prev by Date: RE: [equinox-dev] Problem with security in Equinox
Next by Date: RE: [equinox-dev] Problem with security in Equinox
Previous by thread: RE: [equinox-dev] Problem with security in Equinox
Next by thread: RE: [equinox-dev] Problem with security in Equinox
Index(es):
- Date
- Thread

Breadcrumbs