When you say security policy, I assume
you mean the one you set through one of the framework's permission admin
service? And how are you setting the security manager?
Derek Baum <derek@xxxxxxxxxxxx> To:
05/18/2016 02:16 PM Subject:
security exceptions using Felix config admin with
Equinox Sent by:
Iâve also posted this to the Felix dev list, as the problem
occurs when using Felix config admin with Equinox runtime.
Iâm using org.eclipse.osgi_3.10.101.v20150820-1432.jar
Both implementations extend ProtectionDomain, but the
Felix implementation uses the 4-arg constructor:
The permissions granted
to this domain are dynamic; they include both the static permissions passed to this constructor,
and any permissions granted to this domain by the current Policy
at the time a permission is
while the Equinox implementation uses the 2-arg constructor.
The only permissions granted
to this domain are the ones specified; the
current Policy will not be consulted
So the problem arises because Felix config admin is using
doPrivileged() with a new AccessControlContext(), constructed using the
target classes ProtectionDomain, and the ProtectionDomain returned when
running on Equinox, does not consult the current policy, so my security
policy containing grant AllPermission is ignored.
Iâve taken a quick look at the Equinox config admin implementation,
and it doesnât use doPrivileged() or a new AccessControlContext(), so the issue does not arise.
Any opinions on whether this issue lies in Felix config
admin, Equinox framework, or elsewhere?