Re: [equinox-dev] security exceptions using Felix config admin with Equi

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [equinox-dev] security exceptions using Felix config admin with Equinox

From: Derek Baum <derek@xxxxxxxxxxxx>
Date: Wed, 18 May 2016 20:16:17 +0100
Delivered-to: equinox-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/equinox-dev>
List-help: <mailto:equinox-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/equinox-dev>, <mailto:equinox-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/equinox-dev>, <mailto:equinox-dev-request@eclipse.org?subject=unsubscribe>

Hi,

I’ve also posted this to the Felix dev list, as the problem occurs when using Felix config admin with Equinox runtime.

I’m using org.eclipse.osgi_3.10.101.v20150820-1432.jar

Thanks,

—

Derek

On 18 May 2016, at 18:58, Derek Baum <derek@xxxxxxxxxxxx> wrote:

I’m running with a SecurityManager installed and a trivial security.policy that grants AllPermission.

This works fine when running using the Felix runtime; however when I switch to Equinox I get security exceptions.

I’m not yet sure whether the problem lies with Felix config admin (1.8.8), Equinox runtime or elsewhere.

I’ve diagnosed the cause of the failure as follows:

Felix config admin ManagedServiceTracker, uses doPrivileged() to invoke the service.updated() method, with a new AccessControlContext:

AccessController.doPrivileged(new PrivilegedExceptionAction() {
public Object run() throws ConfigurationException {
service.updated( properties );
return null;
}
}, getAccessControlContext( service ) );

AccessControlContext getAccessControlContext( final Object ref ) {
return new AccessControlContext( new ProtectionDomain[]
{ ref.getClass().getProtectionDomain() } );
}

Felix and Equinox return different ProtectionDomain implementations:

org.apache.felix.framework.BundleProtectionDomain
org.eclipse.osgi.internal.loader.ModuleClassLoader$GenerationProtectionDomain

Both implementations extend ProtectionDomain, but the Felix implementation uses the 4-arg constructor:

The permissions granted to this domain are dynamic; they include
both the static permissions passed to this constructor, and any
permissions granted to this domain by the current Policy at the
time a permission is checked.

while the Equinox implementation uses the 2-arg constructor.

The only permissions granted to this domain
are the ones specified; the current Policy will not be consulted

So the problem arises because Felix config admin is using doPrivileged() with a new AccessControlContext(), constructed using the target classes ProtectionDomain, and the ProtectionDomain returned when running on Equinox, does not consult the current policy, so my security policy containing grant AllPermission is ignored.

I’ve taken a quick look at the Equinox config admin implementation, and it doesn’t use doPrivileged() or a new AccessControlContext(),
so the issue does not arise.

Any opinions on whether this issue lies in Felix config admin, Equinox framework, or elsewhere?

Thanks,

—
Derek

Follow-Ups:
- Re: [equinox-dev] security exceptions using Felix config admin withEquinox
  - From: Thomas Watson

Prev by Date: [equinox-dev] Fw: [eclipse-dev] Reminders for RC2 and RC3
Next by Date: Re: [equinox-dev] security exceptions using Felix config admin withEquinox
Previous by thread: [equinox-dev] Fw: [eclipse-dev] Reminders for RC2 and RC3
Next by thread: Re: [equinox-dev] security exceptions using Felix config admin withEquinox
Index(es):
- Date
- Thread

Breadcrumbs