[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [equinox-dev] OSGi security manager in Equinox

You should never edit the .permdata file directly.  That file is an
implementation detail for the framework that is used to persistently store
the cond perm admin table as managed by the [Conditional]PermissionAdmin
services.

The launcher should configure the cond perm admin table the same way as a
normal bundle, by using the [Conditional]PermissionAdmin service.  The way
your custom launcher figures out what to populate the
[Conditional]PermissionAdmin service with is an implementation detail of
your launcher.  You could use your own file or some other mechanism to
drive the code in your launcher to call the methods on the
[Conditional]PermissionAdmin service.

Tom




                                                                       
  From:       "Kapukaranov, Borislav" <borislav.kapukaranov@xxxxxxx>   
                                                                       
  To:         Equinox development mailing list <equinox-dev@xxxxxxxxxxx>,
                                                                       
  Date:       12/08/2011 10:37 AM                                      
                                                                       
  Subject:    Re: [equinox-dev] OSGi security manager in Equinox       
                                                                       





I agree, this is the best place and a regular bundle after that will do.
The trick is to initialize the table in the first place.
I couldn't find a documented way to do that. One pointer I think might be
relevant, judging on the code, is the .permdata file that is read when a
new BasePermissionStorage is created. I'm not really sure where this file
should be placed, but I assume in "/configuration/org.eclipse.osgi"?

Do you know of that's the right way to initialize the conditional
permission table? Also what should be the syntax of that file?
If there's another way I'm all ears :)
Also I got the impression this initialization can be achieved with the
standard launcher, right?

Thanks,
Borislav

-----Original Message-----
From: equinox-dev-bounces@xxxxxxxxxxx [
mailto:equinox-dev-bounces@xxxxxxxxxxx] On Behalf Of Thomas Watson
Sent: Thursday, December 08, 2011 4:26 PM
To: Equinox development mailing list
Subject: Re: [equinox-dev] OSGi security manager in Equinox

Hi Borislav,

Your intuition is correct.  The best place for setting the initial
conditional permission table is in the launcher after initializing the
framework (Framework.init()) with an empty storage area.  But after that I
think using a normal bundle (configurator type bundle) to do the ongoing
management of the permission table is fine.

Tom





  From:       Borislav Kapukaranov <b.kapukaranov@xxxxxxxxx>


  To:         Equinox development mailing list <equinox-dev@xxxxxxxxxxx>,


  Date:       12/07/2011 09:59 PM


  Subject:    Re: [equinox-dev] OSGi security manager in Equinox







Thanks Tom, that was really helpful.


At this point I wonder if the only way to configure a secure framework is
to make sure you start a bundle right after the framework has booted which
will configure the (C)PA?
Any other ways to achieve that in addition to having a custom launcher? I'm
looking for a best practice here :-)
Why custom launcher - I suppose that's safer because it won't be affected
by any provisioning mechanism that can reorder your bundles' start or
rewrite your config.ini.


Thanks,
Borislav


On Dec 7, 2011 8:56 PM, "Thomas Watson" <tjwatson@xxxxxxxxxx> wrote:
  The policy file (specified by java.security.policy) is only used by class
  loaders that extend SecureClassloader.  So things like the
  URLClassLoader,
  the application and extension class loader etc.  A bundle's class loader
  does not pay attention to the java.security.policy file.

  The protection domains used by the OSGi bundle class loaders are only
  configured by the ConditionalPermissionAdmin and the deprecated
  PermissionAdmin services.  By default if no permissions are set through
  the
  [Conditional]PermissionAdmin services then the bundles get AllPermission
  by
  default.  Section 50.11 of the Core OSGi specification gives more details
  on this.

  Tom





   From:       Borislav Kapukaranov <b.kapukaranov@xxxxxxxxx>

   To:         Equinox development mailing list <equinox-dev@xxxxxxxxxxx>,

   Date:       12/07/2011 11:18 AM

   Subject:    [equinox-dev] OSGi security manager in Equinox






  Hi folks,

  I'm playing with OSGi's security manager in Equinox and the
  implementation
  of the Conditional Permissions Admin called SecurityAdmin.
  My setup is Equinox + some other bundles. This is launched by the
  equinox.launcher and I've passed the following as system properties:
  -Declipse.security=osgi
  -Djava.security.policy="my.policy
  The policy looks like that
  keystore "myKeystore";
  grant signedBy "myself" {
  permission java.security.AllPermission;
  };
  I have signed all bundles in /plugins with that keystore and granted them
  all premissions with the policy.

  The first thing I noticed is that without a policy file the framework
  still
  starts. That is because when we are in OSGi security mode the launcher
  adds
  all permissions to itself and the framework.
  I created a simple bundle that in its Activator creates a directory at a
  location different from it's data file. It doesn't have any local
  permissions.
  The call went into the EquinoxSecurityManager then started checking for
  implied permissions at the AccessControlContext. The important point is
  checking the Protection Domains. It went through two of them:
  1. The system bundle's protection domain as the system bundle triggered
  the
  Activator of my bundle.
  2. The bundle's protection domain, probably for local permissions.
  1) has all permission as it is the framework and 2) doesn't have any
  local
  permission therefore by specification gets AllPermission.
  So far so good.

  My question is how the EquinoxSecurityManager is expected to be
  configured?
  From what I've seen the policy file syntax doesn't support the permission
  syntax defined in the OSGi specification(ALLOW, DENY).
  Does that mean OSGi's security manager is configured only by a bundle
  interacting with the Conditional Permission Admin service?
  Also does the policy file play any role at all in such setup? I suspect
  it's relevant only for pure Java security setup.

  Thanks,
  Borislav_______________________________________________
  equinox-dev mailing list
  equinox-dev@xxxxxxxxxxx
  https://dev.eclipse.org/mailman/listinfo/equinox-dev



  _______________________________________________
  equinox-dev mailing list
  equinox-dev@xxxxxxxxxxx
  https://dev.eclipse.org/mailman/listinfo/equinox-dev
  _______________________________________________
  equinox-dev mailing list
  equinox-dev@xxxxxxxxxxx
  https://dev.eclipse.org/mailman/listinfo/equinox-dev



_______________________________________________
equinox-dev mailing list
equinox-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/equinox-dev
_______________________________________________
equinox-dev mailing list
equinox-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/equinox-dev