[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[equinox-dev] Java security manager and Equinox

Hi folks,

I decided that this topic is different enough to deserve a new thread, so I'm separating it from the OSGi security manager one.
To reiterate quickly my setup is Equinox + some more bundles, ran with the equinox.launcher. I passed as security parameters these:
I have signed all the /plugins bundles with that same keystore and gave these signed bundles AllPermission with my policy file. Without the policy file the framework won't start so it's working fine.

I have a bundle that performs a simple creation of a directory at a location different from the bundles data file location.
While debugging I noticed several things:
- The security manager is indeed Java's one - that's fine 
- During the permission check of the AccessControlContext there are two protection domains:
[ProtectionDomain  (file:/<location-to-equinox>/configuration/org.eclipse.osgi/bundles/93/1/bundlefile <no signer certificates>).....
...., ProtectionDomain  (file:/<location-to-equinox>/plugins/org.eclipse.osgi_3.7.0.v20110613.jar .....
So far so good.
During the implies check of the bundle's protection domain at some point it goes in org.eclipse.osgi.internal.permadmin.BundlePermissions and checks if the required permission is implied. The bundle's protection domain only has file permissions over its data file. So far the permission isn't implied. Last, the SecurityAdmin(this is Equinox's ConditionalPermissionAdmin implementation) is checked. 
Since the conditional admin table is empty because I'm using Java Security, not OSGi's it falls back to its defaults, which are AllPermission.

Because of that the permission is now implied. Then the protection domain of the system bundle is checked but it already has AllPermission because of the policy file so it turns out my permission is implied and the bundle creates successfully the directory.

I find several things concerning here:
- There seems to be a mix between OSGi and Java security. Yes, the first one derives from the other but still is it expected the Conditional Permission Admin is called in a pure Java 2-enabled setup?
- The default local bundle permissions for OSGi may be AllPermission but in the Java security, correct me if I'm wrong, I believe only the policy file dictates who has which permissions. In this case my bundle clearly is outside the set of bundles that apply to the specified condition, yet it still has AllPermissions. Is that a bug or I'm missing something?