[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [equinox-dev] Java security manager and Equinox

The OSGi specification requires that bundles are granted AllPermissions by
default (see section 50.11 of the OSGi specification).  As stated in the
previous thread the permissions granted to a bundle are only controlled
through the use of the [Conditional]PermissionAdmin services.

Hope this helps.

Tom




                                                                       
  From:       Borislav Kapukaranov <b.kapukaranov@xxxxxxxxx>           
                                                                       
  To:         Equinox development mailing list <equinox-dev@xxxxxxxxxxx>,
                                                                       
  Date:       12/07/2011 11:28 AM                                      
                                                                       
  Subject:    [equinox-dev] Java security manager and Equinox          
                                                                       





Hi folks,

I decided that this topic is different enough to deserve a new thread, so
I'm separating it from the OSGi security manager one.
To reiterate quickly my setup is Equinox + some more bundles, ran with the
equinox.launcher. I passed as security parameters these:
-Djava.security.manager
-Djava.security.policy=my.policy
I have signed all the /plugins bundles with that same keystore and gave
these signed bundles AllPermission with my policy file. Without the policy
file the framework won't start so it's working fine.

I have a bundle that performs a simple creation of a directory at a
location different from the bundles data file location.
While debugging I noticed several things:
- The security manager is indeed Java's one - that's fine
- During the permission check of the AccessControlContext there are two
protection domains:
[ProtectionDomain
(file:/<location-to-equinox>/configuration/org.eclipse.osgi/bundles/93/1/bundlefile
 <no signer certificates>).....
...., ProtectionDomain
(file:/<location-to-equinox>/plugins/org.eclipse.osgi_3.7.0.v20110613.jar .....
So far so good.
During the implies check of the bundle's protection domain at some point it
goes in org.eclipse.osgi.internal.permadmin.BundlePermissions and checks if
the required permission is implied. The bundle's protection domain only has
file permissions over its data file. So far the permission isn't implied.
Last, the SecurityAdmin(this is Equinox's ConditionalPermissionAdmin
implementation) is checked.
Since the conditional admin table is empty because I'm using Java Security,
not OSGi's it falls back to its defaults, which are AllPermission.

Because of that the permission is now implied. Then the protection domain
of the system bundle is checked but it already has AllPermission because of
the policy file so it turns out my permission is implied and the bundle
creates successfully the directory.

I find several things concerning here:
- There seems to be a mix between OSGi and Java security. Yes, the first
one derives from the other but still is it expected the Conditional
Permission Admin is called in a pure Java 2-enabled setup?
- The default local bundle permissions for OSGi may be AllPermission but in
the Java security, correct me if I'm wrong, I believe only the policy file
dictates who has which permissions. In this case my bundle clearly is
outside the set of bundles that apply to the specified condition, yet it
still has AllPermissions. Is that a bug or I'm missing something?

Thanks,
Borislav


_______________________________________________
equinox-dev mailing list
equinox-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/equinox-dev