felix-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From pa...@apache.org
Subject svn commit: r1454470 - in /felix/trunk/framework/src/main/java/org/apache/felix/framework: BundleProtectionDomain.java ExtensionManager.java Felix.java util/FelixConstants.java
Date Fri, 08 Mar 2013 17:03:32 GMT
Author: pauls
Date: Fri Mar  8 17:03:32 2013
New Revision: 1454470

URL: http://svn.apache.org/r1454470
Log:
Use the default java security policy if no security provider is present and don't check for
allpermission if an extension bundle is installed and there is no security manager present.
(FELIX-3961,FELIX-3950)

Modified:
    felix/trunk/framework/src/main/java/org/apache/felix/framework/BundleProtectionDomain.java
    felix/trunk/framework/src/main/java/org/apache/felix/framework/ExtensionManager.java
    felix/trunk/framework/src/main/java/org/apache/felix/framework/Felix.java
    felix/trunk/framework/src/main/java/org/apache/felix/framework/util/FelixConstants.java

Modified: felix/trunk/framework/src/main/java/org/apache/felix/framework/BundleProtectionDomain.java
URL: http://svn.apache.org/viewvc/felix/trunk/framework/src/main/java/org/apache/felix/framework/BundleProtectionDomain.java?rev=1454470&r1=1454469&r2=1454470&view=diff
==============================================================================
--- felix/trunk/framework/src/main/java/org/apache/felix/framework/BundleProtectionDomain.java
(original)
+++ felix/trunk/framework/src/main/java/org/apache/felix/framework/BundleProtectionDomain.java
Fri Mar  8 17:03:32 2013
@@ -43,11 +43,13 @@ public class BundleProtectionDomain exte
             new CodeSource(
                 Felix.m_secureAction.createURL(
                     Felix.m_secureAction.createURL(null, "location:", new FakeURLStreamHandler()),
-                    bundle._getLocation(),
+                    bundle._getLocation().startsWith("reference:") ? 
+                        bundle._getLocation().substring("reference:".length()) : 
+                        bundle._getLocation(),
                     new FakeURLStreamHandler()
                     ),
                 (Certificate[]) certificates),
-            null);
+            null, null, null);
         m_felix = new WeakReference(felix);
         m_bundle = new WeakReference(bundle);
         m_revision = new WeakReference(bundle.adapt(BundleRevisionImpl.class));
@@ -67,6 +69,11 @@ public class BundleProtectionDomain exte
             felix.impliesBundlePermission(this, permission, false) : false;
     }
 
+    boolean superImplies(Permission permission)
+    {
+        return super.implies(permission);
+    }
+
     public boolean impliesDirect(Permission permission)
     {
         Felix felix = (Felix) m_felix.get();
@@ -101,4 +108,4 @@ public class BundleProtectionDomain exte
     {
         return m_toString;
     }
-}
\ No newline at end of file
+}

Modified: felix/trunk/framework/src/main/java/org/apache/felix/framework/ExtensionManager.java
URL: http://svn.apache.org/viewvc/felix/trunk/framework/src/main/java/org/apache/felix/framework/ExtensionManager.java?rev=1454470&r1=1454469&r2=1454470&view=diff
==============================================================================
--- felix/trunk/framework/src/main/java/org/apache/felix/framework/ExtensionManager.java (original)
+++ felix/trunk/framework/src/main/java/org/apache/felix/framework/ExtensionManager.java Fri
Mar  8 17:03:32 2013
@@ -330,13 +330,13 @@ class ExtensionManager extends URLStream
         Object sm = System.getSecurityManager();
         if (sm != null)
         {
-                ((SecurityManager) sm).checkPermission(
-                    new AdminPermission(bundle, AdminPermission.EXTENSIONLIFECYCLE));
-        }
+            ((SecurityManager) sm).checkPermission(
+                new AdminPermission(bundle, AdminPermission.EXTENSIONLIFECYCLE));
 
-        if (!((BundleProtectionDomain) bundle.getProtectionDomain()).impliesDirect(new AllPermission()))
-        {
-            throw new SecurityException("Extension Bundles must have AllPermission");
+            if (!((BundleProtectionDomain) bundle.getProtectionDomain()).impliesDirect(new
AllPermission()))
+            {
+                throw new SecurityException("Extension Bundles must have AllPermission");
+            }
         }
 
         String directive = ManifestParser.parseExtensionBundleHeader((String)

Modified: felix/trunk/framework/src/main/java/org/apache/felix/framework/Felix.java
URL: http://svn.apache.org/viewvc/felix/trunk/framework/src/main/java/org/apache/felix/framework/Felix.java?rev=1454470&r1=1454469&r2=1454470&view=diff
==============================================================================
--- felix/trunk/framework/src/main/java/org/apache/felix/framework/Felix.java (original)
+++ felix/trunk/framework/src/main/java/org/apache/felix/framework/Felix.java Fri Mar  8 17:03:32
2013
@@ -170,6 +170,9 @@ public class Felix extends BundleImpl im
     // Security Manager created by the framework
     private SecurityManager m_securityManager = null;
 
+    // Do we need to consult the default java security policy if no security provider is
present?
+    private volatile boolean m_securityDefaultPolicy;
+
     /**
      * <p>
      * This constructor creates a framework instance with a specified <tt>Map</tt>
@@ -283,6 +286,11 @@ public class Felix extends BundleImpl im
      *       unsupported fragment bundles throws an exception or logs a warning.
      *       Possible values are "<tt>exception</tt>" or "<tt>warning</tt>".
The
      *       default value is "<tt>exception</tt>".
+     *   </li>
+     *   <li><tt>felix.security.defaultpolicy</tt> - Flag to indicate whether
+     *       to consult the default java securtiy policy if no security extension
+     *       is present. The default value is "<tt>false</tt>".
+     *   </li>
      * </ul>
      * <p>
      * The <a href="Main.html"><tt>Main</tt></a> class implements
some
@@ -363,6 +371,9 @@ public class Felix extends BundleImpl im
             m_bootPkgs[i] = s;
         }
 
+        // Read the security default policy property
+        m_securityDefaultPolicy = "true".equals(getProperty(FelixConstants.SECURITY_DEFAULT_POLICY));

+
         // Create default bundle stream handler.
         m_bundleStreamHandler = new URLHandlersBundleStreamHandler(this);
 
@@ -4288,7 +4299,13 @@ public class Felix extends BundleImpl im
         {
             return m_securityProvider.hasBundlePermission(bundleProtectionDomain, permission,
direct);
         }
-        return true;
+        else
+        {
+            Bundle source = bundleProtectionDomain.getBundle();
+
+            return (m_securityDefaultPolicy && (source == null || source.getBundleId()
!= 0)) ? 
+                bundleProtectionDomain.superImplies(permission) : true;
+        }
     }
 
     private BundleActivator createBundleActivator(Bundle impl)

Modified: felix/trunk/framework/src/main/java/org/apache/felix/framework/util/FelixConstants.java
URL: http://svn.apache.org/viewvc/felix/trunk/framework/src/main/java/org/apache/felix/framework/util/FelixConstants.java?rev=1454470&r1=1454469&r2=1454470&view=diff
==============================================================================
--- felix/trunk/framework/src/main/java/org/apache/felix/framework/util/FelixConstants.java
(original)
+++ felix/trunk/framework/src/main/java/org/apache/felix/framework/util/FelixConstants.java
Fri Mar  8 17:03:32 2013
@@ -64,4 +64,5 @@ public interface FelixConstants extends 
     // Miscellaneous properties values.
     String FAKE_URL_PROTOCOL_VALUE = "location:";
     String FELIX_EXTENSION_ACTIVATOR = "Felix-Activator";
-}
\ No newline at end of file
+    String SECURITY_DEFAULT_POLICY = "felix.security.defaultpolicy";
+}



Mime
View raw message