Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [equinox-dev] Problem with custom local permissions

This should be possible. But keep in mind that the local permissions in OSGi are a way to restrict a bundle to a particular set of permissions regardless of what permissions have been granted to the bundle from the PermissionAdmin or ConditionalPermissionAdmin. Have you made any calls to PermissionAdmin or ConditionalPermissionAdmin to manage bundle permissions? If so, have you granted the bundles your custom permission or AllPermissions? Even though you specified the permission in a bundle's local permission, the bundle will not actually have that permission unless you also make sure it is granted the permission from one of the permission admin services. Keep in mind that if you have not made any calls to the permission admin services then the default default permissions for all bundles is AllPermissions.

Also keep in mind that the protection domains for the bundles are controlled exclusively by the Framework's PermissionsAdmin and ConditionalPermissionAdmin. The policy file you use is only to grant permission to code running outside of a bundle class loader. Typically you need to grant AllPermissions to the Framework implementation which it looks like you have done.

Tom



Inactive hide details for dconde---09/06/2009 02:10:40 PM---Hi again,dconde---09/06/2009 02:10:40 PM---Hi again,


From:

dconde@xxxxxxxx

To:

"Equinox development mailing list" <equinox-dev@xxxxxxxxxxx>

Date:

09/06/2009 02:10 PM

Subject:

Re: [equinox-dev] Problem with custom local permissions




Hi again,

Maybe what I am trying to do which was explained in my previous thread is
not possible. I would like to know if it is possible to specify custom
permissions as local permission setting them in permission.perm file or do
I have to specify them by program in the same way as conditional
permissions?

I have created a custom permission class called MyPermission class which
extends from java.security.Permission and I have tried set them in a
permissions.perm file as local permissions, is this possible?

Thank you in advance




> Hi,
>
> I did not write any bundle which neither reads the permissions nor parses
> the text into PermissionInfo. I supposed that I could work in the same way
> that I worked with other permissions different to custom permissions, I
> mean , I created a policy.policy file where I set ALLPermissions
>
> grant {
> permission java.security.AllPermission;
> };
>
> then I launched Equinox with SecurityManager in the command line
>
>
> -Djava.security.manager=org.eclipse.osgi.framework.internal.core.FrameworkSe
> curityManager
> -Djava.security.policy=policy
>
> and placed the OSGI-INF folder with permissions.perm file into the bundle
> directory, what I do not understand is why I have to do what you explained
> me if I did not do when I did not use custom permissions. I mean, are
> custom permission dealed in different way as ServicePermission or
> FilePermission?
>
>
> I have done some tests with local permissions without using custom
> permissions and I did not have to create any bundle which read the
> permissions.perm file nor parse the text into PermissionInfo.
>
> Is there some example about how I have to do this?
>
> Thank you in advance
>
>
>> Have you written (or installed) a bundle which reads the
>> permissions.perm
>> file, parses the text into PermissionInfos and calls either
>> PermissionAdmin or ConditionalPermissionAdmin to set the permissions of
>> the bundle?
>>
>> permissions.perm files are not read by the framework. You need s
>> security
>> policy bundle installed (for example, as I describe above) to set bundle
>> permissions. The framework is policy free.
>> --
>>
>> BJ Hargrave
>> Senior Technical Staff Member, IBM
>> OSGi Fellow and CTO of the OSGi Alliance
>> hargrave@xxxxxxxxxx
>>
>> office: +1 386 848 1781
>> mobile: +1 386 848 3788
>>
>>
>>
>>
>> From:
>> "David Conde" <dconde@xxxxxxxx>
>> To:
>> "'Equinox development mailing list'" <equinox-dev@xxxxxxxxxxx>
>> Date:
>> 2009/09/04 07:59
>> Subject:
>> [equinox-dev] Problem with custom local permissions
>> Sent by:
>> equinox-dev-bounces@xxxxxxxxxxx
>>
>>
>>
>> Hi,
>>
>> I have the next scenario:
>> Bundle Service which has a method called addVALUE as  shown:
>>
>> public boolean addValue(String key, Object value) {
>>
>>             SecurityManager security = System.getSecurityManager();
>>           if (security != null) {
>>             security.checkPermission(new
>> PlatformConfigurationPermission(
>>                     PlatformConfigurationPermission.WRITE_VALUE));
>>           }
>>
>> }
>>
>> The problem is that other  bundle  called consumer which has the next
>> permissions.perm file, tries to call this method getting the Security
>> Exception shown below:
>>
>> #TestPlatformConfiguration Permissions File
>> (java.io.FilePermission "C:\TestingLog3.log" "write")
>> (es.citic.osgi.system.platformConfiguration.PlatformConfigurationPermission
>> "PlatformConfigurationPermission" "writeValue")
>>
>>
>> The Exception which was got is:
>> Java.security.AccessControlException: Access denied
>> (es.citic.osgi.system.platformConfiguration.PlatoformConfigurationPermission
>> PlatformConfigurationPermission writeValue)
>>
>>
>> My PlatformConfigurationPermission class extends from Permission.
>>
>> What am I missing in this implementation?
>>
>> It looks like as does not recognice what I am writing in the
>> permission.perm file.
>>
>> Any idea
>>
>> Thank you in advance
>>
>> David_______________________________________________
>> equinox-dev mailing list
>> equinox-dev@xxxxxxxxxxx
>>
https://dev.eclipse.org/mailman/listinfo/equinox-dev
>>
>> _______________________________________________
>> equinox-dev mailing list
>> equinox-dev@xxxxxxxxxxx
>>
https://dev.eclipse.org/mailman/listinfo/equinox-dev
>>
>
>
> _______________________________________________
> equinox-dev mailing list
> equinox-dev@xxxxxxxxxxx
>
https://dev.eclipse.org/mailman/listinfo/equinox-dev
>
>


_______________________________________________
equinox-dev mailing list
equinox-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/equinox-dev


GIF image

GIF image


Back to the top