felix-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From pa...@apache.org
Subject svn commit: r424253 - in /incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix: framework/ framework/cache/ framework/searchpolicy/ framework/util/ moduleloader/
Date Fri, 21 Jul 2006 10:23:12 GMT
Author: pauls
Date: Fri Jul 21 03:23:11 2006
New Revision: 424253

URL: http://svn.apache.org/viewvc?rev=424253&view=rev
Log:
Implement the security checks and clean-up the left-overs.
Now we are free to start switching to protection domains.
Then we need to get signed bundles working. (FELIX-21)

Modified:
    incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/BundleContextImpl.java
    incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/BundleImpl.java
    incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/Felix.java
    incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/PackageAdminActivator.java
    incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/PackageAdminImpl.java
    incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/StartLevelActivator.java
    incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/StartLevelImpl.java
    incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/SystemBundle.java
    incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/cache/JarRevision.java
    incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/searchpolicy/ContentClassLoader.java
    incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/searchpolicy/ContentLoaderImpl.java
    incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/util/SecureAction.java
    incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/util/ServiceListenerWrapper.java
    incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/moduleloader/JarContent.java

Modified: incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/BundleContextImpl.java
URL: http://svn.apache.org/viewvc/incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/BundleContextImpl.java?rev=424253&r1=424252&r2=424253&view=diff
==============================================================================
--- incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/BundleContextImpl.java (original)
+++ incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/BundleContextImpl.java Fri Jul 21 03:23:11 2006
@@ -18,7 +18,9 @@
 
 import java.io.File;
 import java.io.InputStream;
+import java.util.ArrayList;
 import java.util.Dictionary;
+import java.util.List;
 
 import org.apache.felix.framework.ext.FelixBundleContext;
 import org.osgi.framework.*;
@@ -64,6 +66,22 @@
     {
         checkValidity();
         
+        Object sm = System.getSecurityManager();
+        
+        if (sm != null)
+        {
+            if (!(Constants.FRAMEWORK_VERSION.equals(name) ||
+                Constants.FRAMEWORK_VENDOR.equals(name) ||
+                Constants.FRAMEWORK_LANGUAGE.equals(name)||
+                Constants.FRAMEWORK_OS_NAME.equals(name) ||
+                Constants.FRAMEWORK_OS_VERSION.equals(name) ||
+                Constants.FRAMEWORK_PROCESSOR.equals(name)))
+            {
+                ((SecurityManager) sm).checkPermission(
+                    new java.util.PropertyPermission(name, "read"));
+            }
+        }
+        
         return m_felix.getProperty(name);
     }
 
@@ -93,7 +111,24 @@
     {
         checkValidity();
         
-        return m_felix.installBundle(location, is);
+        Bundle result = null;
+        
+        Object sm = System.getSecurityManager();
+        
+        if (sm != null)
+        {
+            result = m_felix.installBundle(location, is);
+            // Do check the bundle again in case that is was installed
+            // already.
+            ((SecurityManager) sm).checkPermission(
+                new AdminPermission(result, AdminPermission.LIFECYCLE));
+        }
+        else
+        {
+            result = m_felix.installBundle(location, is);
+        }
+        
+        return result;
     }
 
     public Bundle getBundle(long id)
@@ -114,6 +149,17 @@
     {
         checkValidity();
         
+        Object sm = System.getSecurityManager();
+        
+        if (sm != null)
+        {
+            if(l instanceof SynchronousBundleListener)
+            {
+                ((SecurityManager) sm).checkPermission(new AdminPermission(m_bundle, 
+                    AdminPermission.LISTENER));
+            }
+        }
+        
         m_felix.addBundleListener(m_bundle, l);
     }
 
@@ -121,6 +167,17 @@
     {
         checkValidity();
         
+        Object sm = System.getSecurityManager();
+        
+        if (sm != null)
+        {
+            if(l instanceof SynchronousBundleListener)
+            {
+                ((SecurityManager) sm).checkPermission(new AdminPermission(m_bundle, 
+                    AdminPermission.LISTENER));
+            }
+        }
+        
         m_felix.removeBundleListener(m_bundle, l);
     }
 
@@ -176,6 +233,20 @@
     {
         checkValidity();
         
+        Object sm = System.getSecurityManager();
+        
+        if (sm != null)
+        {
+            if (clazzes != null)
+            {
+                for (int i = 0;i < clazzes.length;i++)
+                {
+                    ((SecurityManager) sm).checkPermission(
+                        new ServicePermission(clazzes[i], ServicePermission.REGISTER));        
+                }
+            }
+        }
+        
         return m_felix.registerService(m_bundle, clazzes, svcObj, dict);
     }
 
@@ -284,7 +355,58 @@
         checkValidity();
         
         // TODO: Implement BundleContext.getAllServiceReferences()
-        return null;
+        Object sm = System.getSecurityManager();
+        
+        if (sm != null)
+        {
+            ServiceReference[] refs = null;
+            
+            if (refs == null)
+            {
+                return refs;
+            }
+            
+            List result = new ArrayList();
+            
+            for (int i = 0;i < refs.length;i++)
+            {
+                String[] objectClass = (String[]) refs[i].getProperty(
+                    Constants.OBJECTCLASS);
+                
+                if (objectClass == null)
+                {
+                    continue;
+                }
+                
+                for (int j = 0;j < objectClass.length;j++)
+                {
+                    try
+                    {
+                        ((SecurityManager) sm).checkPermission(new ServicePermission(
+                            objectClass[j], ServicePermission.GET));
+                        
+                        result.add(refs[i]);
+                        
+                        break;
+                    } 
+                    catch (Exception e)
+                    {
+                        
+                    }
+                }
+            }
+            
+            if (result.isEmpty())
+            {
+                return null;
+            }
+            
+            return (ServiceReference[]) result.toArray(new ServiceReference[result.size()]);
+        }
+        else
+        {
+            return null;
+        }
     }
 
     public ServiceReference[] getServiceReferences(String clazz, String filter)
@@ -292,7 +414,58 @@
     {
         checkValidity();
         
-        return m_felix.getServiceReferences(m_bundle, clazz, filter);
+        Object sm = System.getSecurityManager();
+        
+        if (sm != null)
+        {
+            ServiceReference[] refs = m_felix.getServiceReferences(m_bundle, clazz, filter);
+            
+            if (refs == null)
+            {
+                return refs;
+            }
+            
+            List result = new ArrayList();
+            
+            for (int i = 0;i < refs.length;i++)
+            {
+                String[] objectClass = (String[]) refs[i].getProperty(
+                    Constants.OBJECTCLASS);
+                
+                if (objectClass == null)
+                {
+                    continue;
+                }
+                
+                for (int j = 0;j < objectClass.length;j++)
+                {
+                    try
+                    {
+                        ((SecurityManager) sm).checkPermission(new ServicePermission(
+                            objectClass[j], ServicePermission.GET));
+                        
+                        result.add(refs[i]);
+                        
+                        break;
+                    } 
+                    catch (Exception e)
+                    {
+                        
+                    }
+                }
+            }
+            
+            if (result.isEmpty())
+            {
+                return null;
+            }
+            
+            return (ServiceReference[]) result.toArray(new ServiceReference[result.size()]);
+        }
+        else
+        {
+            return m_felix.getServiceReferences(m_bundle, clazz, filter);
+        }
     }
 
     public Object getService(ServiceReference ref)
@@ -303,6 +476,41 @@
         {
             throw new NullPointerException("Specified service reference cannot be null.");
         }
+        
+        Object sm = System.getSecurityManager();
+        
+        if (sm != null)
+        {
+            String[] objectClass = (String[]) ref.getProperty(Constants.OBJECTCLASS);
+            
+            if (objectClass == null)
+            {
+                return null;
+            }
+            
+            boolean hasPermission = false;
+            
+            for (int i = 0;(i < objectClass.length) && !hasPermission;i++)
+            {
+                try 
+                {
+                    ((SecurityManager) sm).checkPermission(
+                        new ServicePermission(objectClass[i], ServicePermission.GET));
+                    
+                    hasPermission = true;
+                }
+                catch (Exception ex)
+                {
+                    
+                }
+            }
+            
+            if (!hasPermission)
+            {
+                throw new SecurityException("No permission");
+            }
+        }
+        
         return m_felix.getService(m_bundle, ref);
     }
 

Modified: incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/BundleImpl.java
URL: http://svn.apache.org/viewvc/incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/BundleImpl.java?rev=424253&r1=424252&r2=424253&view=diff
==============================================================================
--- incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/BundleImpl.java (original)
+++ incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/BundleImpl.java Fri Jul 21 03:23:11 2006
@@ -19,8 +19,10 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.net.URL;
+import java.util.ArrayList;
 import java.util.Dictionary;
 import java.util.Enumeration;
+import java.util.List;
 
 import org.osgi.framework.*;
 
@@ -73,21 +75,73 @@
 
     public URL getEntry(String name)
     {
+        Object sm = System.getSecurityManager();
+        
+        if (sm != null)
+        {
+            try 
+            {
+                ((SecurityManager) sm).checkPermission(new AdminPermission(this, 
+                    AdminPermission.RESOURCE));
+            } 
+            catch (Exception e)
+            {
+                return null; // No permission
+            }
+        }
+        
         return m_felix.getBundleEntry(this, name);
     }
 
     public Enumeration getEntryPaths(String path)
     {
+        Object sm = System.getSecurityManager();
+        
+        if (sm != null)
+        {
+            try 
+            {
+                ((SecurityManager) sm).checkPermission(new AdminPermission(this, 
+                    AdminPermission.RESOURCE));
+            } 
+            catch (Exception e)
+            {
+                return null; // No permission
+            }
+        }
+        
         return m_felix.getBundleEntryPaths(this, path);
     }
 
     public Enumeration findEntries(String path, String filePattern, boolean recurse)
     {
+        Object sm = System.getSecurityManager();
+        
+        if (sm != null)
+        {
+            try 
+            {
+                ((SecurityManager) sm).checkPermission(new AdminPermission(this, 
+                    AdminPermission.RESOURCE));
+            } 
+            catch (Exception e)
+            {
+                return null; // No permission
+            }
+        }
+        
         return m_felix.findBundleEntries(this, path, filePattern, recurse);
     }
 
     public Dictionary getHeaders()
     {
+        Object sm = System.getSecurityManager();
+        
+        if (sm != null)
+        {
+            ((SecurityManager) sm).checkPermission(new AdminPermission(this, 
+                AdminPermission.METADATA));
+        }
         return m_felix.getBundleHeaders(this);
     }
 
@@ -98,6 +152,13 @@
 
     public String getLocation()
     {
+        Object sm = System.getSecurityManager();
+        
+        if (sm != null)
+        {
+            ((SecurityManager) sm).checkPermission(new AdminPermission(this, 
+                AdminPermission.METADATA));
+        }
         return m_felix.getBundleLocation(this);
     }
 
@@ -119,11 +180,111 @@
     **/
     public ServiceReference[] getRegisteredServices()
     {
-        return m_felix.getBundleRegisteredServices(this);
+        Object sm = System.getSecurityManager();
+        
+        if (sm != null)
+        {
+            ServiceReference[] refs = m_felix.getBundleRegisteredServices(this);
+            
+            if (refs == null)
+            {
+                return refs;
+            }
+            
+            List result = new ArrayList();
+            
+            for (int i = 0;i < refs.length;i++)
+            {
+                String[] objectClass = (String[]) refs[i].getProperty(
+                    Constants.OBJECTCLASS);
+                
+                if (objectClass == null)
+                {
+                    continue;
+                }
+                
+                for (int j = 0;j < objectClass.length;j++)
+                {
+                    try
+                    {
+                        ((SecurityManager) sm).checkPermission(new ServicePermission(
+                            objectClass[j], ServicePermission.GET));
+                        
+                        result.add(refs[i]);
+                        
+                        break;
+                    } 
+                    catch (Exception e)
+                    {
+                        
+                    }
+                }
+            }
+            
+            if (result.isEmpty())
+            {
+                return null;
+            }
+            
+            return (ServiceReference[]) result.toArray(new ServiceReference[result.size()]);
+        }
+        else
+        {
+            return m_felix.getBundleRegisteredServices(this);
+        }
     }
 
     public ServiceReference[] getServicesInUse()
     {
+        Object sm = System.getSecurityManager();
+        
+        if (sm != null)
+        {
+            ServiceReference[] refs = m_felix.getBundleServicesInUse(this);
+            
+            if (refs == null)
+            {
+                return refs;
+            }
+            
+            List result = new ArrayList();
+            
+            for (int i = 0;i < refs.length;i++)
+            {
+                String[] objectClass = (String[]) refs[i].getProperty(
+                    Constants.OBJECTCLASS);
+                
+                if (objectClass == null)
+                {
+                    continue;
+                }
+                
+                for (int j = 0;j < objectClass.length;j++)
+                {
+                    try
+                    {
+                        ((SecurityManager) sm).checkPermission(new ServicePermission(
+                            objectClass[j], ServicePermission.GET));
+                        
+                        result.add(refs[i]);
+                        
+                        break;
+                    } 
+                    catch (Exception e)
+                    {
+                        
+                    }
+                }
+            }
+            
+            if (result.isEmpty())
+            {
+                return null;
+            }
+            
+            return (ServiceReference[]) result.toArray(new ServiceReference[result.size()]);
+        }
+        
         return m_felix.getBundleServicesInUse(this);
     }
 
@@ -134,7 +295,8 @@
 
     public String getSymbolicName()
     {
-    	return (String) getHeaders().get(Constants.BUNDLE_SYMBOLICNAME);
+        return (String) m_felix.getBundleHeaders(this).get(
+            Constants.BUNDLE_SYMBOLICNAME);
     }
 
     public boolean hasPermission(Object obj)
@@ -144,11 +306,34 @@
 
     public Class loadClass(String name) throws ClassNotFoundException
     {
+        Object sm = System.getSecurityManager();
+        
+        if (sm != null)
+        {
+            try 
+            {
+                ((SecurityManager) sm).checkPermission(new AdminPermission(this, 
+                    AdminPermission.CLASS));
+            } 
+            catch (Exception e)
+            {
+                throw new ClassNotFoundException("No permission.", e);
+            }
+        }
+        
         return m_felix.loadBundleClass(this, name);
     }
 
     public void start() throws BundleException
     {
+        Object sm = System.getSecurityManager();
+        
+        if (sm != null)
+        {
+            ((SecurityManager) sm).checkPermission(new AdminPermission(this, 
+                AdminPermission.EXECUTE));
+        }
+ 
         m_felix.startBundle(this, true);
     }
 
@@ -159,16 +344,40 @@
 
     public void update(InputStream is) throws BundleException
     {
+        Object sm = System.getSecurityManager();
+        
+        if (sm != null)
+        {
+            ((SecurityManager) sm).checkPermission(new AdminPermission(this, 
+                AdminPermission.LIFECYCLE));
+        }
+        
         m_felix.updateBundle(this, is);
     }
 
     public void stop() throws BundleException
     {
+        Object sm = System.getSecurityManager();
+        
+        if (sm != null)
+        {
+            ((SecurityManager) sm).checkPermission(new AdminPermission(this, 
+                AdminPermission.EXECUTE));
+        }
+        
         m_felix.stopBundle(this, true);
     }
 
     public void uninstall() throws BundleException
     {
+        Object sm = System.getSecurityManager();
+        
+        if (sm != null)
+        {
+            ((SecurityManager) sm).checkPermission(new AdminPermission(this, 
+                AdminPermission.LIFECYCLE));
+        }
+        
         m_felix.uninstallBundle(this);
     }
 
@@ -184,13 +393,36 @@
     public Dictionary getHeaders(String locale)
     {
         // TODO: Implement Bundle.getHeaders(String locale)
-    	// Should be done after [#FELIX-27] resolution
+        // Should be done after [#FELIX-27] resolution
+        Object sm = System.getSecurityManager();
+        
+        if (sm != null)
+        {
+            ((SecurityManager) sm).checkPermission(new AdminPermission(this, 
+                AdminPermission.METADATA));
+        }
+     
         return null;
     }
 
     public Enumeration getResources(String name) throws IOException
     {
         // TODO: Implement Bundle.getResources()
+        Object sm = System.getSecurityManager();
+        
+        if (sm != null)
+        {
+            try 
+            {
+                ((SecurityManager) sm).checkPermission(new AdminPermission(this, 
+                    AdminPermission.RESOURCE));
+            } 
+            catch (Exception e)
+            {
+                return null; // No permission
+            }
+        }
+        
         return null;
     }
 

Modified: incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/Felix.java
URL: http://svn.apache.org/viewvc/incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/Felix.java?rev=424253&r1=424252&r2=424253&view=diff
==============================================================================
--- incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/Felix.java (original)
+++ incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/Felix.java Fri Jul 21 03:23:11 2006
@@ -18,10 +18,7 @@
 
 import java.io.*;
 import java.net.*;
-import java.security.AccessController;
-import java.security.PrivilegedActionException;
 import java.util.*;
-import java.util.zip.ZipEntry;
 
 import org.apache.felix.framework.cache.*;
 import org.apache.felix.framework.searchpolicy.*;
@@ -101,10 +98,6 @@
     // Reusable bundle URL stream handler.
     private URLStreamHandler m_bundleStreamHandler = null;
 
-    // Reusable admin permission object for all instances
-    // of the BundleImpl.
-    private static AdminPermission m_adminPerm = new AdminPermission();
-
     /**
      * <p>
      * This method starts the framework instance; instances of the framework
@@ -252,7 +245,23 @@
                 ? false : embedded.equals("true");
             if (!isEmbedded)
             {
-                System.exit(-1);
+                if (System.getSecurityManager() != null)
+                {
+                    java.security.AccessController.doPrivileged(
+                        new java.security.PrivilegedAction()
+                        {
+                            public Object run()
+                            {
+                                System.exit(-1);
+                                
+                                return null;
+                            }
+                        });
+                }
+                else
+                {
+                    System.exit(-1);
+                }
             }
             else
             {
@@ -497,11 +506,6 @@
     **/
     public synchronized void shutdown()
     {
-        if (System.getSecurityManager() != null)
-        {
-            AccessController.checkPermission(m_adminPerm);
-        }
-
         // Change framework status from running to stopping.
         // If framework is not running, then just return.
         if (m_frameworkStatus != RUNNING_STATUS)
@@ -838,11 +842,6 @@
     **/
     protected void setInitialBundleStartLevel(int startLevel)
     {
-        if (System.getSecurityManager() != null)
-        {
-            AccessController.checkPermission(m_adminPerm);
-        }
-
         if (startLevel <= 0)
         {
             throw new IllegalArgumentException(
@@ -968,10 +967,6 @@
     **/
     protected Dictionary getBundleHeaders(BundleImpl bundle)
     {
-        if (System.getSecurityManager() != null)
-        {
-            AccessController.checkPermission(m_adminPerm);
-        }
         return new MapToDictionary(bundle.getInfo().getCurrentHeader());
     }
 
@@ -980,10 +975,6 @@
     **/
     protected String getBundleLocation(BundleImpl bundle)
     {
-        if (System.getSecurityManager() != null)
-        {
-            AccessController.checkPermission(m_adminPerm);
-        }
         return bundle.getInfo().getLocation();
     }
 
@@ -996,19 +987,6 @@
         {
             throw new IllegalStateException("The bundle is uninstalled.");
         }
-        else if (System.getSecurityManager() != null)
-        {
-            try
-            {
-                AccessController.checkPermission(
-                    new AdminPermission(bundle, AdminPermission.RESOURCE));
-            }
-            catch (SecurityException ex)
-            {
-                // Spec says to return null if there is a security exception.
-                return null;
-            }
-        }
         return bundle.getInfo().getCurrentModule().getResource(name);
     }
 
@@ -1021,19 +999,6 @@
         {
             throw new IllegalStateException("The bundle is uninstalled.");
         }
-        else if (System.getSecurityManager() != null)
-        {
-            try
-            {
-                AccessController.checkPermission(
-                    new AdminPermission(bundle, AdminPermission.RESOURCE));
-            }
-            catch (SecurityException ex)
-            {
-                // Spec says to return null if there is a security exception.
-                return null;
-            }
-        }
         return ((ContentLoaderImpl) bundle.getInfo().getCurrentModule()
             .getContentLoader()).getResourceFromContent(name);
     }
@@ -1047,19 +1012,6 @@
         {
             throw new IllegalStateException("The bundle is uninstalled.");
         }
-        else if (System.getSecurityManager() != null)
-        {
-            try
-            {
-                AccessController.checkPermission(
-                    new AdminPermission(bundle, AdminPermission.RESOURCE));
-            }
-            catch (SecurityException ex)
-            {
-                // Spec says to return null if there is a security exception.
-                return null;
-            }
-        }
 
         // Get the entry enumeration from the module content and
         // create a wrapper enumeration to filter it.
@@ -1075,7 +1027,6 @@
     public Enumeration findBundleEntries(
         BundleImpl bundle, String path, String filePattern, boolean recurse)
     {
-
         // Try to resolve the bundle per the spec.
         resolveBundles(new Bundle[] { bundle });
 
@@ -1097,114 +1048,16 @@
 
         // Filter list of registered service references.
         ServiceReference[] refs = m_registry.getRegisteredServices(bundle);
-        List list = new ArrayList();
-        for (int refIdx = 0; (refs != null) && (refIdx < refs.length); refIdx++)
-        {
-            // Check that the current security context has permission
-            // to get at least one of the service interfaces; the
-            // objectClass property of the service stores its service
-            // interfaces.
-            boolean hasPermission = false;
-            if (System.getSecurityManager() != null)
-            {
-                String[] objectClass = (String[])
-                    refs[refIdx].getProperty(Constants.OBJECTCLASS);
-                if (objectClass == null)
-                {
-                    return null;
-                }
-                for (int ifcIdx = 0;
-                    !hasPermission && (ifcIdx < objectClass.length);
-                    ifcIdx++)
-                {
-                    try
-                    {
-                        ServicePermission perm =
-                            new ServicePermission(
-                                objectClass[ifcIdx], ServicePermission.GET);
-                        AccessController.checkPermission(perm);
-                        hasPermission = true;
-                    }
-                    catch (Exception ex)
-                    {
-                    }
-                }
-            }
-            else
-            {
-                hasPermission = true;
-            }
-
-            if (hasPermission)
-            {
-                list.add(refs[refIdx]);
-            }
-        }
 
-        if (list.size() > 0)
-        {
-            return (ServiceReference[])
-                list.toArray(new ServiceReference[list.size()]);
-        }
-
-        return null;
+        return refs;
     }
 
     protected ServiceReference[] getBundleServicesInUse(Bundle bundle)
     {
         // Filter list of "in use" service references.
         ServiceReference[] refs = m_registry.getServicesInUse(bundle);
-        List list = new ArrayList();
-        for (int refIdx = 0; (refs != null) && (refIdx < refs.length); refIdx++)
-        {
-            // Check that the current security context has permission
-            // to get at least one of the service interfaces; the
-            // objectClass property of the service stores its service
-            // interfaces.
-            boolean hasPermission = false;
-            if (System.getSecurityManager() != null)
-            {
-                String[] objectClass = (String[])
-                    refs[refIdx].getProperty(Constants.OBJECTCLASS);
-                if (objectClass == null)
-                {
-                    return null;
-                }
-                for (int ifcIdx = 0;
-                    !hasPermission && (ifcIdx < objectClass.length);
-                    ifcIdx++)
-                {
-                    try
-                    {
-                        ServicePermission perm =
-                            new ServicePermission(
-                                objectClass[ifcIdx], ServicePermission.GET);
-                        AccessController.checkPermission(perm);
-                        hasPermission = true;
-                    }
-                    catch (Exception ex)
-                    {
-                    }
-                }
-            }
-            else
-            {
-                hasPermission = true;
-            }
-
-            if (hasPermission)
-            {
-                list.add(refs[refIdx]);
-            }
-        }
-
-        if (list.size() > 0)
-        {
-            return (ServiceReference[])
-                list.toArray(new ServiceReference[list.size()]);
-        }
 
-        return null;
+        return refs;
     }
 
     protected boolean bundleHasPermission(BundleImpl bundle, Object obj)
@@ -1266,11 +1119,6 @@
     protected void startBundle(BundleImpl bundle, boolean record)
         throws BundleException
     {
-        if (System.getSecurityManager() != null)
-        {
-            AccessController.checkPermission(m_adminPerm);
-        }
-
         // CONCURRENCY NOTE:
         // Starting a bundle may actually impact many bundles, since
         // the bundle being started my need to be resolved, which in
@@ -1360,9 +1208,9 @@
 
                 if (System.getSecurityManager() != null)
                 {
-//                    m_startStopPrivileged.setAction(StartStopPrivileged.START_ACTION);
-//                    m_startStopPrivileged.setBundle(bundle);
-//                    AccessController.doPrivileged(m_startStopPrivileged);
+                    java.security.AccessController.doPrivileged(
+                        new PrivilegedActivatorCall(PrivilegedActivatorCall.START,
+                        info.getActivator(), info.getContext()));
                 }
                 else
                 {
@@ -1409,11 +1257,10 @@
             {
                 throw (SecurityException) th;
             }
-            // Convert a privileged action exception to the
-            // nested exception.
-            else if (th instanceof PrivilegedActionException)
+            else if ((System.getSecurityManager() != null) && 
+                (th instanceof java.security.PrivilegedActionException))
             {
-                th = ((PrivilegedActionException) th).getException();
+                th = ((java.security.PrivilegedActionException) th).getException();
             }
 
             // Rethrow all other exceptions as a BundleException.
@@ -1438,23 +1285,25 @@
                 throw new BundleException("Cannot resolve, bad URL "
                     + bundle.getInfo().getLocation());
             }
-
-//            try
-//            {
-//                AccessController.doPrivileged(new CheckImportsPrivileged(url, bundle));
-//            }
-//            catch (PrivilegedActionException ex)
-//            {
-//                Exception thrown = ((PrivilegedActionException) ex).getException();
-//                if (thrown instanceof AccessControlException)
-//                {
-//                    throw (AccessControlException) thrown;
-//                }
-//                else
-//                {
-//                    throw new BundleException("Problem resolving: " + ex);
-//                }
-//            }
+            
+            try
+            {
+                java.security.AccessController.doPrivileged(
+                    new CheckImportsPrivileged(url, bundle));
+            }
+            catch (java.security.PrivilegedActionException ex)
+            {
+                Exception thrown = 
+                    ((java.security.PrivilegedActionException) ex).getException();
+                if (thrown instanceof SecurityException)
+                {
+                    throw (SecurityException) thrown;
+                }
+                else
+                {
+                    throw new BundleException("Problem resolving: " + ex);
+                }
+            }
         }
 
         IModule module = bundle.getInfo().getCurrentModule();
@@ -1483,11 +1332,6 @@
     protected void updateBundle(BundleImpl bundle, InputStream is)
         throws BundleException
     {
-        if (System.getSecurityManager() != null)
-        {
-            AccessController.checkPermission(m_adminPerm);
-        }
-
         // Acquire bundle lock.
         acquireBundleLock(bundle);
 
@@ -1549,6 +1393,15 @@
                         info.getBundleId(),
                         archive.getRevisionCount() - 1,
                         info.getCurrentHeader());
+                    
+                    Object sm = System.getSecurityManager();
+                    
+                    if (sm != null)
+                    {
+                        ((SecurityManager) sm).checkPermission(
+                            new AdminPermission(bundle, AdminPermission.LIFECYCLE));
+                    }
+                    
                     // Add module to bundle info.
                     info.addModule(module);
                 } 
@@ -1595,6 +1448,12 @@
             // If update failed, rethrow exception.
             if (rethrow != null)
             {
+                if ((System.getSecurityManager() != null) && 
+                    (rethrow instanceof SecurityException))
+                {
+                    throw (SecurityException) rethrow;
+                }
+                
                 throw new BundleException("Update failed.", rethrow);
             }
         }
@@ -1614,11 +1473,6 @@
     protected void stopBundle(BundleImpl bundle, boolean record)
         throws BundleException
     {
-        if (System.getSecurityManager() != null)
-        {
-            AccessController.checkPermission(m_adminPerm);
-        }
-
         // Acquire bundle lock.
         acquireBundleLock(bundle);
 
@@ -1667,9 +1521,9 @@
             {
                 if (System.getSecurityManager() != null)
                 {
-//                    m_startStopPrivileged.setAction(StartStopPrivileged.STOP_ACTION);
-//                    m_startStopPrivileged.setBundle(bundle);
-//                    AccessController.doPrivileged(m_startStopPrivileged);
+                    java.security.AccessController.doPrivileged(
+                        new PrivilegedActivatorCall(PrivilegedActivatorCall.STOP,
+                        info.getActivator(), info.getContext()));
                 }
                 else
                 {
@@ -1735,9 +1589,10 @@
             {
                 throw (SecurityException) rethrow;
             }
-            else if (rethrow instanceof PrivilegedActionException)
+            else if ((System.getSecurityManager() != null) && 
+                (rethrow instanceof java.security.PrivilegedActionException))
             {
-                rethrow = ((PrivilegedActionException) rethrow).getException();
+                rethrow = ((java.security.PrivilegedActionException) rethrow).getException();
             }
     
             // Rethrow all other exceptions as a BundleException.
@@ -1747,11 +1602,6 @@
 
     protected void uninstallBundle(BundleImpl bundle) throws BundleException
     {
-        if (System.getSecurityManager() != null)
-        {
-            AccessController.checkPermission(m_adminPerm);
-        }
-
         // Acquire bundle lock.
         acquireBundleLock(bundle);
 
@@ -1768,11 +1618,6 @@
 
     private void _uninstallBundle(BundleImpl bundle) throws BundleException
     {
-        if (System.getSecurityManager() != null)
-        {
-            AccessController.checkPermission(m_adminPerm);
-        }
-
         BundleInfo info = bundle.getInfo();
         if (info.getState() == Bundle.UNINSTALLED)
         {
@@ -1854,11 +1699,6 @@
     private Bundle installBundle(long id, String location, InputStream is)
         throws BundleException
     {
-        if (System.getSecurityManager() != null)
-        {
-            AccessController.checkPermission(m_adminPerm);
-        }
-
         BundleImpl bundle = null;
 
         // Acquire an install lock.
@@ -1940,6 +1780,14 @@
             {
                 BundleArchive archive = m_cache.getArchive(id);
                 bundle = new BundleImpl(this, createBundleInfo(archive));
+                
+                Object sm = System.getSecurityManager();
+                
+                if (sm != null)
+                {
+                    ((SecurityManager) sm).checkPermission(
+                        new AdminPermission(bundle, AdminPermission.LIFECYCLE));
+                }
             }
             catch (Exception ex)
             {
@@ -1958,6 +1806,13 @@
                             "Could not remove from cache.", ex1);
                     }
                 }
+                
+                if ((System.getSecurityManager() != null) && 
+                    (ex instanceof SecurityException))
+                {
+                    throw (SecurityException) ex;
+                }
+                
                 throw new BundleException("Could not create bundle object.", ex);
             }
 
@@ -2252,17 +2107,6 @@
             throw new IllegalArgumentException("Service object cannot be null.");
         }
 
-        // Check for permission to register all passed in interface names.
-        if (System.getSecurityManager() != null)
-        {
-            for (int i = 0; i < classNames.length; i++)
-            {
-                ServicePermission perm = new ServicePermission(
-                    classNames[i], ServicePermission.REGISTER);
-                AccessController.checkPermission(perm);
-            }
-        }
-
         // Acquire bundle lock.
         acquireBundleLock(bundle);
 
@@ -2345,47 +2189,6 @@
             // Get the current service reference.
             ServiceReference ref = (ServiceReference) refList.get(refIdx);
 
-            // Get the service's objectClass property.
-            String[] objectClass = (String[]) ref.getProperty(FelixConstants.OBJECTCLASS);
-
-            // Boolean flag.
-            boolean allow = false;
-
-            // Filter the service reference if the requesting bundle
-            // does not have permission.
-            if (System.getSecurityManager() != null)
-            {
-                for (int classIdx = 0;
-                    !allow && (classIdx < objectClass.length);
-                    classIdx++)
-                {
-                    try
-                    {
-                        ServicePermission perm = new ServicePermission(
-                            objectClass[classIdx], ServicePermission.GET);
-                        AccessController.checkPermission(perm);
-                        // The bundle only needs permission for one
-                        // of the service interfaces, so break out
-                        // of the loop when permission is granted.
-                        allow = true;
-                    }
-                    catch (Exception ex)
-                    {
-                        // We do not throw this exception since the bundle
-                        // is not supposed to know about the service at all
-                        // if it does not have permission.
-                        m_logger.log(Logger.LOG_ERROR, ex.getMessage());
-                    }
-                }
-                
-                if (!allow)
-                {
-                    refList.remove(refIdx);
-                    refIdx--;
-                    continue;
-                }
-            }
-
             // Now check for castability.
             if (!isServiceAssignable(bundle, ref))
             {
@@ -2445,38 +2248,6 @@
             return null;
         }
 
-        boolean hasPermission = false;
-        if (System.getSecurityManager() != null)
-        {
-            for (int i = 0;
-                !hasPermission && (i < objectClass.length);
-                i++)
-            {
-                try
-                {
-                    ServicePermission perm =
-                        new ServicePermission(
-                            objectClass[i], ServicePermission.GET);
-                    AccessController.checkPermission(perm);
-                    hasPermission = true;
-                }
-                catch (Exception ex)
-                {
-                }
-            }
-        }
-        else
-        {
-            hasPermission = true;
-        }
-
-        // If the bundle does not permission to access the service,
-        // then return null.
-        if (!hasPermission)
-        {
-            return null;
-        }
-
         return m_registry.getService(bundle, ref);
     }
 
@@ -2731,12 +2502,6 @@
 
     protected boolean resolveBundles(Bundle[] targets)
     {
-        if (System.getSecurityManager() != null)
-        {
-// TODO: FW SECURITY - Perform proper security check.
-            AccessController.checkPermission(m_adminPerm);
-        }
-
         // Acquire locks for all bundles to be resolved.
         BundleImpl[] bundles = acquireBundleResolveLocks(targets);
 
@@ -2775,12 +2540,6 @@
 
     protected void refreshPackages(Bundle[] targets)
     {
-        if (System.getSecurityManager() != null)
-        {
-// TODO: FW SECURITY - Perform proper security check.
-            AccessController.checkPermission(m_adminPerm);
-        }
-
         // Acquire locks for all impacted bundles.
         BundleImpl[] bundles = acquireBundleRefreshLocks(targets);
 
@@ -4124,6 +3883,102 @@
                 bundles[i].getInfo().unlock();
             }
             m_bundleLock.notifyAll();
+        }
+    }
+    
+    private static class PrivilegedActivatorCall implements 
+        java.security.PrivilegedExceptionAction
+    {
+        private static final int START = 1;
+        private static final int STOP = 2;
+        private int m_action;
+        private BundleActivator m_activator;
+        private BundleContext m_context;
+        
+        PrivilegedActivatorCall(int action, BundleActivator activator, BundleContext context)
+        {
+            m_action = action;
+            m_activator = activator;
+            m_context = context;
+        }
+        public Object run() throws Exception
+        {
+            switch (m_action)
+            {
+                case START:
+                    m_activator.start(m_context);
+                    break;
+                case STOP:
+                    m_activator.stop(m_context);
+                    break;
+                default:
+                    throw new IllegalStateException("Unknown activator action.");
+            }
+            
+            return null;
+        }
+    }
+    
+    /**
+     * This simple class is used to perform the privileged action of
+     * checking if a bundle has permission to import its packages.
+    **/
+    private class CheckImportsPrivileged implements java.security.PrivilegedExceptionAction
+    {
+        private URL m_url = null;
+        private BundleImpl m_bundle = null;
+
+        public CheckImportsPrivileged(URL url, BundleImpl bundle)
+        {
+            m_url = url;
+            m_bundle = bundle;
+        }
+
+        public Object run() throws Exception
+        {
+            // Get permission collection for code source; we cannot
+            // call AccessController.checkPermission() directly since
+            // the bundle's code is not on the access context yet because
+            // it has not started yet...we are simply resolving it to see
+            // if we can start it. We must check for import permission
+            // on the exports as well, since export implies import.
+            java.security.CodeSource cs = new java.security.CodeSource(m_url,
+                (java.security.cert.Certificate[]) null);
+            
+            java.security.PermissionCollection pc = 
+                java.security.Policy.getPolicy().getPermissions(cs);
+
+            R4Import[] imports = m_policyCore.getImports(
+                m_bundle.getInfo().getCurrentModule());
+            
+            for (int i = 0;i < imports.length; i++)
+            {
+                PackagePermission perm = new PackagePermission(imports[i].getName(), 
+                    PackagePermission.IMPORT);
+                if (!pc.implies(perm))
+                {
+                   throw new java.security.AccessControlException(
+                       "PackagePermission.IMPORT denied for import: " + 
+                       imports[i].getName(), perm);
+                }
+            }
+            // Check export permission for all exports of the current module.
+            R4Export[] implicitImports = m_policyCore.getExports(
+                m_bundle.getInfo().getCurrentModule());
+            
+            for (int i = 0;i < implicitImports.length; i++)
+            {
+                PackagePermission perm = new PackagePermission(
+                    implicitImports[i].getName(), PackagePermission.EXPORT);
+                if (!pc.implies(perm))
+                {
+                    throw new java.security.AccessControlException(
+                        "PackagePermission.EXPORT denied for implicit export: " + 
+                        implicitImports[i].getName(), perm);
+                }
+            }
+            
+            return null;
         }
     }
 }

Modified: incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/PackageAdminActivator.java
URL: http://svn.apache.org/viewvc/incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/PackageAdminActivator.java?rev=424253&r1=424252&r2=424253&view=diff
==============================================================================
--- incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/PackageAdminActivator.java (original)
+++ incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/PackageAdminActivator.java Fri Jul 21 03:23:11 2006
@@ -32,8 +32,7 @@
     {
         m_reg = context.registerService(
             org.osgi.service.packageadmin.PackageAdmin.class.getName(),
-            new PackageAdminImpl(m_felix),
-            null);
+            new PackageAdminImpl(m_felix), null);
     }
 
     public void stop(BundleContext context) throws Exception

Modified: incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/PackageAdminImpl.java
URL: http://svn.apache.org/viewvc/incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/PackageAdminImpl.java?rev=424253&r1=424252&r2=424253&view=diff
==============================================================================
--- incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/PackageAdminImpl.java (original)
+++ incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/PackageAdminImpl.java Fri Jul 21 03:23:11 2006
@@ -26,10 +26,12 @@
 {
     private Felix m_felix = null;
     private Bundle[][] m_reqBundles = null;
+    private Bundle m_systemBundle = null;
 
     public PackageAdminImpl(Felix felix)
     {
         m_felix = felix;
+        m_systemBundle = m_felix.getBundle(0);
 
         // Start a thread to perform asynchronous package refreshes.
         Thread t = new Thread(this, "FelixPackageAdmin");
@@ -165,6 +167,14 @@
     public synchronized void refreshPackages(Bundle[] bundles)
         throws SecurityException
     {
+        Object sm = System.getSecurityManager();
+        
+        if (sm != null)
+        {
+            ((SecurityManager) sm).checkPermission(
+                new AdminPermission(m_systemBundle, AdminPermission.RESOLVE));
+        }
+        
         // Save our request parameters and notify all.
         if (m_reqBundles == null)
         {
@@ -234,6 +244,14 @@
 
     public boolean resolveBundles(Bundle[] bundles)
     {
+        Object sm = System.getSecurityManager();
+        
+        if (sm != null)
+        {
+            ((SecurityManager) sm).checkPermission(
+                new AdminPermission(m_systemBundle, AdminPermission.RESOLVE));
+        }
+        
         return m_felix.resolveBundles(bundles);
     }
 

Modified: incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/StartLevelActivator.java
URL: http://svn.apache.org/viewvc/incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/StartLevelActivator.java?rev=424253&r1=424252&r2=424253&view=diff
==============================================================================
--- incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/StartLevelActivator.java (original)
+++ incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/StartLevelActivator.java Fri Jul 21 03:23:11 2006
@@ -32,8 +32,7 @@
     {
         m_reg = context.registerService(
             org.osgi.service.startlevel.StartLevel.class.getName(),
-            new StartLevelImpl(m_felix),
-            null);
+            new StartLevelImpl(m_felix), null);
     }
 
     public void stop(BundleContext context) throws Exception

Modified: incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/StartLevelImpl.java
URL: http://svn.apache.org/viewvc/incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/StartLevelImpl.java?rev=424253&r1=424252&r2=424253&view=diff
==============================================================================
--- incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/StartLevelImpl.java (original)
+++ incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/StartLevelImpl.java Fri Jul 21 03:23:11 2006
@@ -16,7 +16,6 @@
  */
 package org.apache.felix.framework;
 
-import java.security.AccessController;
 import java.util.ArrayList;
 import java.util.List;
 
@@ -37,14 +36,13 @@
 
     private Felix m_felix = null;
     private List m_requestList = null;
-    // Reusable admin permission.
-    private static AdminPermission m_adminPerm = new AdminPermission();
+    private Bundle m_systemBundle = null;
     
     public StartLevelImpl(Felix felix)
     {
         m_felix = felix;
         m_requestList = new ArrayList();
-
+        m_systemBundle = m_felix.getBundle(0);
         // Start a thread to perform asynchronous package refreshes.
         Thread t = new Thread(this, "FelixStartLevel");
         t.setDaemon(true);
@@ -64,15 +62,20 @@
     **/
     public void setStartLevel(int startlevel)
     {
-        if (System.getSecurityManager() != null)
+        Object sm = System.getSecurityManager();
+        
+        if (sm != null)
         {
-            AccessController.checkPermission(m_adminPerm);
+            ((SecurityManager) sm).checkPermission(
+                new AdminPermission(m_systemBundle, AdminPermission.STARTLEVEL));
         }
-        else if (startlevel <= 0)
+        
+        if (startlevel <= 0)
         {
             throw new IllegalArgumentException(
                 "Start level must be greater than zero.");
         }
+        
         synchronized (m_requestList)
         {
             m_requestList.add(new Integer(startlevel));
@@ -124,11 +127,15 @@
     **/
     public void setBundleStartLevel(Bundle bundle, int startlevel)
     {
-        if (System.getSecurityManager() != null)
+        Object sm = System.getSecurityManager();
+        
+        if (sm != null)
         {
-            AccessController.checkPermission(m_adminPerm);
+            ((SecurityManager) sm).checkPermission(
+                new AdminPermission(bundle, AdminPermission.STARTLEVEL));
         }
-        else if (bundle.getBundleId() == 0)
+        
+        if (bundle.getBundleId() == 0)
         {
             throw new IllegalArgumentException(
                 "Cannot change system bundle start level.");
@@ -158,6 +165,13 @@
     **/
     public void setInitialBundleStartLevel(int startlevel)
     {
+        Object sm = System.getSecurityManager();
+        
+        if (sm != null)
+        {
+            ((SecurityManager) sm).checkPermission(
+                new AdminPermission(m_systemBundle, AdminPermission.STARTLEVEL));
+        }
         m_felix.setInitialBundleStartLevel(startlevel);
     }
 

Modified: incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/SystemBundle.java
URL: http://svn.apache.org/viewvc/incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/SystemBundle.java?rev=424253&r1=424252&r2=424253&view=diff
==============================================================================
--- incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/SystemBundle.java (original)
+++ incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/SystemBundle.java Fri Jul 21 03:23:11 2006
@@ -17,8 +17,6 @@
 package org.apache.felix.framework;
 
 import java.io.InputStream;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.util.*;
 
 import org.apache.felix.framework.cache.SystemBundleArchive;
@@ -159,11 +157,14 @@
 
     public synchronized void stop() throws BundleException
     {
-        if (System.getSecurityManager() != null)
+        Object sm = System.getSecurityManager();
+        
+        if(sm != null)
         {
-            AccessController.checkPermission(new AdminPermission());
+            ((SecurityManager) sm).checkPermission(new AdminPermission(this, 
+                AdminPermission.EXECUTE));
         }
-
+    
         // Spec says stop() on SystemBundle should return immediately and
         // shutdown framework on another thread.
         if (getFelix().getStatus() == Felix.RUNNING_STATUS)
@@ -192,13 +193,16 @@
                     {
                         if (System.getSecurityManager() != null)
                         {
-                            AccessController.doPrivileged(new PrivilegedAction() {
-                                public Object run()
+                            java.security.AccessController.doPrivileged(
+                                new java.security.PrivilegedAction()
                                 {
-                                    System.exit(0);
-                                    return null;
-                                }
-                            });
+                                    public Object run()
+                                    {
+                                        System.exit(0);
+                                        
+                                        return null;
+                                    }
+                                });
                         }
                         else
                         {
@@ -238,9 +242,12 @@
 
     public synchronized void update(InputStream is) throws BundleException
     {
-        if (System.getSecurityManager() != null)
+        Object sm = System.getSecurityManager();
+        
+        if (sm != null)
         {
-            AccessController.checkPermission(new AdminPermission());
+            ((SecurityManager) sm).checkPermission(new AdminPermission(this, 
+                AdminPermission.EXECUTE));
         }
 
         // TODO: This is supposed to stop and then restart the framework.

Modified: incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/cache/JarRevision.java
URL: http://svn.apache.org/viewvc/incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/cache/JarRevision.java?rev=424253&r1=424252&r2=424253&view=diff
==============================================================================
--- incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/cache/JarRevision.java (original)
+++ incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/cache/JarRevision.java Fri Jul 21 03:23:11 2006
@@ -290,7 +290,7 @@
                                 "Proxy-Authorization", "Basic " + base64);
                         }
                     }
-                    is = conn.getInputStream();
+                    is = BundleCache.getSecureAction().getURLConnectionInputStream(conn);
                 }
     
                 // Save the bundle jar file.

Modified: incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/searchpolicy/ContentClassLoader.java
URL: http://svn.apache.org/viewvc/incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/searchpolicy/ContentClassLoader.java?rev=424253&r1=424252&r2=424253&view=diff
==============================================================================
--- incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/searchpolicy/ContentClassLoader.java (original)
+++ incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/searchpolicy/ContentClassLoader.java Fri Jul 21 03:23:11 2006
@@ -31,7 +31,7 @@
 {
     private ContentLoaderImpl m_contentLoader = null;
 
-    ContentClassLoader(ContentLoaderImpl contentLoader)
+    public ContentClassLoader(ContentLoaderImpl contentLoader)
     {
         m_contentLoader = contentLoader;
     }

Modified: incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/searchpolicy/ContentLoaderImpl.java
URL: http://svn.apache.org/viewvc/incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/searchpolicy/ContentLoaderImpl.java?rev=424253&r1=424252&r2=424253&view=diff
==============================================================================
--- incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/searchpolicy/ContentLoaderImpl.java (original)
+++ incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/searchpolicy/ContentLoaderImpl.java Fri Jul 21 03:23:11 2006
@@ -23,6 +23,7 @@
 import java.util.Vector;
 
 import org.apache.felix.framework.Logger;
+import org.apache.felix.framework.util.SecureAction;
 import org.apache.felix.moduleloader.*;
 
 public class ContentLoaderImpl implements IContentLoader
@@ -33,6 +34,7 @@
     private ISearchPolicy m_searchPolicy = null;
     private IURLPolicy m_urlPolicy = null;
     private ContentClassLoader m_classLoader = null;
+    private static SecureAction m_secureAction = new SecureAction();
 
     public ContentLoaderImpl(Logger logger, IContent content, IContent[] contentPath)
     {
@@ -98,7 +100,7 @@
     {
         if (m_classLoader == null)
         {
-            m_classLoader = new ContentClassLoader(this);
+            m_classLoader = m_secureAction.createContentClassLoader(this);
         }
 
         try

Modified: incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/util/SecureAction.java
URL: http://svn.apache.org/viewvc/incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/util/SecureAction.java?rev=424253&r1=424252&r2=424253&view=diff
==============================================================================
--- incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/util/SecureAction.java (original)
+++ incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/util/SecureAction.java Fri Jul 21 03:23:11 2006
@@ -21,6 +21,8 @@
 import java.security.*;
 import java.util.jar.JarFile;
 
+import org.apache.felix.framework.searchpolicy.ContentClassLoader;
+import org.apache.felix.framework.searchpolicy.ContentLoaderImpl;
 import org.apache.felix.moduleloader.JarFileX;
 
 /**
@@ -310,6 +312,31 @@
             return new FileOutputStream(file);
         }
     }
+    
+    public synchronized InputStream getURLConnectionInputStream(URLConnection conn) 
+        throws IOException
+    {
+        if (System.getSecurityManager() != null)
+        {
+            try
+            {
+                m_actions.set(Actions.GET_URL_INPUT_ACTION, conn);
+                return (InputStream) AccessController.doPrivileged(m_actions, m_acc);
+            }
+            catch (PrivilegedActionException ex)
+            {
+                if (ex.getException() instanceof IOException)
+                {
+                    throw (IOException) ex.getException();
+                }
+                throw (RuntimeException) ex.getException();
+            }
+        }
+        else
+        {
+            return conn.getInputStream();
+        }
+    }
 
     public synchronized boolean deleteFile(File target)
     {
@@ -332,14 +359,14 @@
         }
     }
 
-    public synchronized JarFile openJAR(File file) throws IOException
+    public synchronized JarFileX openJAR(File file) throws IOException
     {
         if (System.getSecurityManager() != null)
         {
             try
             {
                 m_actions.set(Actions.OPEN_JAR_ACTION, file);
-                return (JarFile) AccessController.doPrivileged(m_actions, m_acc);
+                return (JarFileX) AccessController.doPrivileged(m_actions, m_acc);
             }
             catch (PrivilegedActionException ex)
             {
@@ -355,6 +382,26 @@
             return new JarFileX(file);
         }
     }
+   
+    public synchronized ContentClassLoader createContentClassLoader(ContentLoaderImpl impl)
+    {
+        if (System.getSecurityManager() != null)
+        {
+            try
+            {
+                m_actions.set(Actions.CREATE_CONTENTCLASSLOADER_ACTION, impl);
+                return (ContentClassLoader) AccessController.doPrivileged(m_actions);
+            }
+            catch (PrivilegedActionException ex)
+            {
+                throw (RuntimeException) ex.getException();
+            }
+        }
+        else
+        {
+            return new ContentClassLoader(impl);
+        }
+    }
 
     private class Actions implements PrivilegedExceptionAction
     {
@@ -372,6 +419,8 @@
         public static final int GET_FILE_OUTPUT_ACTION = 11;
         public static final int DELETE_FILE_ACTION = 12;
         public static final int OPEN_JAR_ACTION = 13;
+        public static final int GET_URL_INPUT_ACTION = 14;
+        public static final int CREATE_CONTENTCLASSLOADER_ACTION = 15;
 
         private int m_action = -1;
         private Object m_arg1 = null;
@@ -480,6 +529,14 @@
             else if (m_action == OPEN_JAR_ACTION)
             {
                 return new JarFileX((File) m_arg1);
+            }
+            else if (m_action == GET_URL_INPUT_ACTION)
+            {
+                return ((URLConnection) m_arg1).getInputStream();
+            }
+            else if (m_action == CREATE_CONTENTCLASSLOADER_ACTION)
+            {
+                return new ContentClassLoader((ContentLoaderImpl) m_arg1);
             }
             return null;
         }

Modified: incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/util/ServiceListenerWrapper.java
URL: http://svn.apache.org/viewvc/incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/util/ServiceListenerWrapper.java?rev=424253&r1=424252&r2=424253&view=diff
==============================================================================
--- incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/util/ServiceListenerWrapper.java (original)
+++ incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/framework/util/ServiceListenerWrapper.java Fri Jul 21 03:23:11 2006
@@ -1,5 +1,5 @@
 /*
- *   Copyright 2005 The Apache Software Foundation
+ *   Copyright 2006 The Apache Software Foundation
  *
  *   Licensed under the Apache License, Version 2.0 (the "License");
  *   you may not use this file except in compliance with the License.
@@ -25,7 +25,7 @@
     // LDAP query filter.
     private Filter m_filter = null;
     // Remember the security context.
-    private AccessControlContext m_acc = null;
+    private Object m_acc = null;
 
     public ServiceListenerWrapper(Bundle bundle, ServiceListener l, Filter filter)
     {
@@ -34,9 +34,11 @@
 
         // Remember security context for filtering
         // events based on security.
-        if (System.getSecurityManager() != null)
+        Object sm = System.getSecurityManager();
+        
+        if (sm != null)
         {
-            m_acc = AccessController.getContext();
+            m_acc = ((SecurityManager) sm).getSecurityContext();
         }
     }
 
@@ -67,19 +69,25 @@
         if (objectClass != null)
         {
             boolean hasPermission = false;
-            if (m_acc != null)
+            
+            Object sm = System.getSecurityManager();
+            
+            if ((m_acc != null) && (sm != null))
             {
                 for (int i = 0;
                     !hasPermission && (i < objectClass.length);
                     i++)
                 {
-                    try {
+                    try 
+                    {
                         ServicePermission perm =
                             new ServicePermission(
                                 objectClass[i], ServicePermission.GET);
-                        m_acc.checkPermission(perm);
+                        ((SecurityManager) sm).checkPermission(perm, m_acc);
                         hasPermission = true;
-                    } catch (Exception ex) {
+                    } 
+                    catch (Exception ex) 
+                    {
                     }
                 }
             }

Modified: incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/moduleloader/JarContent.java
URL: http://svn.apache.org/viewvc/incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/moduleloader/JarContent.java?rev=424253&r1=424252&r2=424253&view=diff
==============================================================================
--- incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/moduleloader/JarContent.java (original)
+++ incubator/felix/trunk/org.apache.felix.framework/src/main/java/org/apache/felix/moduleloader/JarContent.java Fri Jul 21 03:23:11 2006
@@ -22,6 +22,8 @@
 import java.util.NoSuchElementException;
 import java.util.zip.ZipEntry;
 
+import org.apache.felix.framework.util.SecureAction;
+
 public class JarContent implements IContent
 {
     private static final int BUFSIZE = 4096;
@@ -29,6 +31,8 @@
     private File m_file = null;
     private JarFileX m_jarFile = null;
     private boolean m_opened = false;
+    
+    private static SecureAction m_secureAction = new SecureAction();
 
     public JarContent(File file)
     {
@@ -256,7 +260,7 @@
     {
         if (m_jarFile == null)
         {
-            m_jarFile = new JarFileX(m_file);
+            m_jarFile = m_secureAction.openJAR(m_file);
         }
     }
 



Mime
View raw message