[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [equinox-dev] OSGi security manager in Equinox

The policy file (specified by java.security.policy) is only used by class
loaders that extend SecureClassloader.  So things like the URLClassLoader,
the application and extension class loader etc.  A bundle's class loader
does not pay attention to the java.security.policy file.

The protection domains used by the OSGi bundle class loaders are only
configured by the ConditionalPermissionAdmin and the deprecated
PermissionAdmin services.  By default if no permissions are set through the
[Conditional]PermissionAdmin services then the bundles get AllPermission by
default.  Section 50.11 of the Core OSGi specification gives more details
on this.

Tom




                                                                       
  From:       Borislav Kapukaranov <b.kapukaranov@xxxxxxxxx>           
                                                                       
  To:         Equinox development mailing list <equinox-dev@xxxxxxxxxxx>,
                                                                       
  Date:       12/07/2011 11:18 AM                                      
                                                                       
  Subject:    [equinox-dev] OSGi security manager in Equinox           
                                                                       





Hi folks,

I'm playing with OSGi's security manager in Equinox and the implementation
of the Conditional Permissions Admin called SecurityAdmin.
My setup is Equinox + some other bundles. This is launched by the
equinox.launcher and I've passed the following as system properties:
-Declipse.security=osgi
-Djava.security.policy="my.policy
The policy looks like that
keystore "myKeystore";
grant signedBy "myself" {
permission java.security.AllPermission;
};
I have signed all bundles in /plugins with that keystore and granted them
all premissions with the policy.

The first thing I noticed is that without a policy file the framework still
starts. That is because when we are in OSGi security mode the launcher adds
all permissions to itself and the framework.
I created a simple bundle that in its Activator creates a directory at a
location different from it's data file. It doesn't have any local
permissions.
The call went into the EquinoxSecurityManager then started checking for
implied permissions at the AccessControlContext. The important point is
checking the Protection Domains. It went through two of them:
1. The system bundle's protection domain as the system bundle triggered the
Activator of my bundle.
2. The bundle's protection domain, probably for local permissions.
1) has all permission as it is the framework and 2) doesn't have any local
permission therefore by specification gets AllPermission.
So far so good.

My question is how the EquinoxSecurityManager is expected to be configured?
>From what I've seen the policy file syntax doesn't support the permission
syntax defined in the OSGi specification(ALLOW, DENY).
Does that mean OSGi's security manager is configured only by a bundle
interacting with the Conditional Permission Admin service?
Also does the policy file play any role at all in such setup? I suspect
it's relevant only for pure Java security setup.

Thanks,
Borislav_______________________________________________
equinox-dev mailing list
equinox-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/equinox-dev