[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [equinox-dev] security exceptions using Felix config admin withEquinox

Why does Felix CM call doPrivileged with an ACC from the object it is about to call? That is pointless since that object will soon be on the call stack and thus its permissions will be tested.
 
Perhaps the problem is solved by using the one arg version of doPrivileged:
 
      AccessController.doPrivileged(new PrivilegedExceptionAction() {
               public Object run() throws ConfigurationException {
                   service.updated( properties );
                   return null;
               }
            });
 
 
 
--

BJ Hargrave
Senior Technical Staff Member, IBM // office: +1 386 848 1781
OSGi Fellow and CTO of the OSGi Alliance // mobile: +1 386 848 3788
hargrave@xxxxxxxxxx
 
 
----- Original message -----
From: Derek Baum <derek@xxxxxxxxxxxx>
Sent by: equinox-dev-bounces@xxxxxxxxxxx
To: equinox-dev@xxxxxxxxxxx
Cc:
Subject: Re: [equinox-dev] security exceptions using Felix config admin with Equinox
Date: Wed, May 18, 2016 3:16 PM
 
Hi,
 
Iâve also posted this to the Felix dev list, as the problem occurs when using Felix config admin with Equinox runtime.
 
Iâm using org.eclipse.osgi_3.10.101.v20150820-1432.jar
 
Thanks,
 
â
Derek
 
 
On 18 May 2016, at 18:58, Derek Baum <derek@xxxxxxxxxxxx> wrote:
 
Iâm running with a SecurityManager installed and a trivial security.policy that grants AllPermission.
 
This works fine when running using the Felix runtime; however when I switch to Equinox I get security exceptions.
 
Iâm not yet sure whether the problem lies with Felix config admin (1.8.8), Equinox runtime or elsewhere.
 
 
Iâve diagnosed the cause of the failure as follows:
 
Felix config admin ManagedServiceTracker, uses doPrivileged() to invoke the service.updated() method, with a new AccessControlContext:
 
      AccessController.doPrivileged(new PrivilegedExceptionAction() {
               public Object run() throws ConfigurationException {
                   service.updated( properties );
                   return null;
               }
            }, getAccessControlContext( service ) );
 
    AccessControlContext getAccessControlContext( final Object ref ) {
        return new AccessControlContext( new ProtectionDomain[]
            { ref.getClass().getProtectionDomain() } );
    }
 
 
Felix and Equinox return different ProtectionDomain implementations:
 
org.apache.felix.framework.BundleProtectionDomain
org.eclipse.osgi.internal.loader.ModuleClassLoader$GenerationProtectionDomain
 
 
Both implementations extend ProtectionDomain, but the Felix implementation uses the 4-arg constructor:
 
     The permissions granted to this domain are dynamic; they include
     both the static permissions passed to this constructor, and any
     permissions granted to this domain by the current Policy at the
     time a permission is checked.
 
while the Equinox implementation uses the 2-arg constructor.
 
    The only permissions granted to this domain
    are the ones specified; the current Policy will not be consulted
 
 
So the problem arises because Felix config admin is using doPrivileged() with a new AccessControlContext(), constructed using the target classes ProtectionDomain, and the ProtectionDomain returned when running on Equinox, does not consult the current policy, so my security policy containing grant AllPermission is ignored.
 
 
Iâve taken a quick look at the Equinox config admin implementation, and it doesnât use doPrivileged() or a new AccessControlContext(),
so the issue does not arise.
 
 
Any opinions on whether this issue lies in Felix config admin, Equinox framework, or elsewhere?
 
 
Thanks,
 
â
Derek
 
 
 
 
 
 
 
 
 
_______________________________________________
equinox-dev mailing list
equinox-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/equinox-dev