[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [equinox-dev] Enabling security in Equinox

On Oct 30, 2009, at 1:31 , <tom.hsu@xxxxxxxxxx> <tom.hsu@xxxxxxxxxx> wrote:

Hi all,

I now realized that I need to provide system permissions for the Conditional Permission Admin service in order to secure behaviors of some installed bundles. Please confirm my understanding:
1. The example showed in the PDF seem to suggest achieving this using privileged bundle to assign restricted permission objects for the new bundles.
2. #1 approach needs to be done programmatcally?

Yes, in various places in the OSGi specification, a bundle called the "management agent" is mentioned. This bundle has a couple of responsibilities (scattered throughout the spec) and one of them is to setup and maintain security policies.

3. Is there a way to achieve the restriction of bundles coming from known location <A> to have a limited set of permissions with a configuration file like custo_java.policy?

Not that I know of, you'd have to do that programmatically.

Greetings, Marcel