felix-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cziege...@apache.org
Subject svn commit: r1800130 - in /felix/trunk/osgi-r7/configurator/src/main: java/org/apache/felix/configurator/impl/Configurator.java java/org/apache/felix/configurator/impl/json/JSONUtil.java resources/ resources/OSGI-INF/ resources/OSGI-INF/permissions.perm
Date Wed, 28 Jun 2017 07:47:30 GMT
Author: cziegeler
Date: Wed Jun 28 07:47:29 2017
New Revision: 1800130

URL: http://svn.apache.org/viewvc?rev=1800130&view=rev
Log:
Update security checks, add permissions

Added:
    felix/trunk/osgi-r7/configurator/src/main/resources/
    felix/trunk/osgi-r7/configurator/src/main/resources/OSGI-INF/
    felix/trunk/osgi-r7/configurator/src/main/resources/OSGI-INF/permissions.perm
Modified:
    felix/trunk/osgi-r7/configurator/src/main/java/org/apache/felix/configurator/impl/Configurator.java
    felix/trunk/osgi-r7/configurator/src/main/java/org/apache/felix/configurator/impl/json/JSONUtil.java

Modified: felix/trunk/osgi-r7/configurator/src/main/java/org/apache/felix/configurator/impl/Configurator.java
URL: http://svn.apache.org/viewvc/felix/trunk/osgi-r7/configurator/src/main/java/org/apache/felix/configurator/impl/Configurator.java?rev=1800130&r1=1800129&r2=1800130&view=diff
==============================================================================
--- felix/trunk/osgi-r7/configurator/src/main/java/org/apache/felix/configurator/impl/Configurator.java
(original)
+++ felix/trunk/osgi-r7/configurator/src/main/java/org/apache/felix/configurator/impl/Configurator.java
Wed Jun 28 07:47:29 2017
@@ -48,6 +48,7 @@ import org.osgi.framework.BundleContext;
 import org.osgi.framework.BundleEvent;
 import org.osgi.framework.Constants;
 import org.osgi.framework.InvalidSyntaxException;
+import org.osgi.framework.ServicePermission;
 import org.osgi.framework.ServiceReference;
 import org.osgi.service.cm.Configuration;
 import org.osgi.service.cm.ConfigurationAdmin;
@@ -496,21 +497,24 @@ public class Configurator {
         if ( configAdminServiceBundleId == null ) {
             final Bundle configBundle = cfg.getBundleId() == -1 ? this.bundleContext.getBundle()
: this.bundleContext.getBundle(Constants.SYSTEM_BUNDLE_LOCATION).getBundleContext().getBundle(cfg.getBundleId());
             if ( configBundle != null ) {
-                try {
-                    final Collection<ServiceReference<ConfigurationAdmin>> refs
= configBundle.getBundleContext().getServiceReferences(ConfigurationAdmin.class, null);
-                    final List<ServiceReference<ConfigurationAdmin>> sortedRefs
= new ArrayList<>(refs);
-                    Collections.sort(sortedRefs);
-                    for(int i=sortedRefs.size();i>0;i--) {
-                        final ServiceReference<ConfigurationAdmin> r = sortedRefs.get(i-1);
-                        synchronized ( this.configAdminReferences ) {
-                            if ( this.configAdminReferences.contains(r) ) {
-                                configAdminServiceBundleId = r.getBundle().getBundleId();
-                                break;
+                if ( System.getSecurityManager() == null
+                     || configBundle.hasPermission( new ServicePermission(ConfigurationAdmin.class.getName(),
ServicePermission.GET)) ) {
+                    try {
+                        final Collection<ServiceReference<ConfigurationAdmin>>
refs = configBundle.getBundleContext().getServiceReferences(ConfigurationAdmin.class, null);
+                        final List<ServiceReference<ConfigurationAdmin>> sortedRefs
= new ArrayList<>(refs);
+                        Collections.sort(sortedRefs);
+                        for(int i=sortedRefs.size();i>0;i--) {
+                            final ServiceReference<ConfigurationAdmin> r = sortedRefs.get(i-1);
+                            synchronized ( this.configAdminReferences ) {
+                                if ( this.configAdminReferences.contains(r) ) {
+                                    configAdminServiceBundleId = r.getBundle().getBundleId();
+                                    break;
+                                }
                             }
                         }
+                    } catch (final InvalidSyntaxException e) {
+                        // this can never happen as we pass {@code null} as the filter
                     }
-                } catch (final InvalidSyntaxException e) {
-                    // this can never happen as we pass {@code null} as the filter
                 }
             }
         }

Modified: felix/trunk/osgi-r7/configurator/src/main/java/org/apache/felix/configurator/impl/json/JSONUtil.java
URL: http://svn.apache.org/viewvc/felix/trunk/osgi-r7/configurator/src/main/java/org/apache/felix/configurator/impl/json/JSONUtil.java?rev=1800130&r1=1800129&r2=1800130&view=diff
==============================================================================
--- felix/trunk/osgi-r7/configurator/src/main/java/org/apache/felix/configurator/impl/json/JSONUtil.java
(original)
+++ felix/trunk/osgi-r7/configurator/src/main/java/org/apache/felix/configurator/impl/json/JSONUtil.java
Wed Jun 28 07:47:29 2017
@@ -56,7 +56,7 @@ public class JSONUtil {
 
     private static final String INTERNAL_PREFIX = ":configurator:";
 
-    private static final String PROP_VERSION = INTERNAL_PREFIX + "json-version";
+    private static final String PROP_VERSION = INTERNAL_PREFIX + "resource-version";
 
     private static final String PROP_RANKING = "ranking";
 

Added: felix/trunk/osgi-r7/configurator/src/main/resources/OSGI-INF/permissions.perm
URL: http://svn.apache.org/viewvc/felix/trunk/osgi-r7/configurator/src/main/resources/OSGI-INF/permissions.perm?rev=1800130&view=auto
==============================================================================
--- felix/trunk/osgi-r7/configurator/src/main/resources/OSGI-INF/permissions.perm (added)
+++ felix/trunk/osgi-r7/configurator/src/main/resources/OSGI-INF/permissions.perm Wed Jun
28 07:47:29 2017
@@ -0,0 +1,36 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Imported packages
+# -> MANIFEST.MF
+(org.osgi.framework.PackagePermission "org.osgi.framework" "import")
+(org.osgi.framework.PackagePermission "org.osgi.framework.wiring" "import")
+(org.osgi.framework.PackagePermission "org.osgi.util.tracker" "import")
+(org.osgi.framework.PackagePermission "org.osgi.service.cm" "import")
+(org.osgi.framework.PackagePermission "org.osgi.service.log" "import")
+(org.osgi.framework.PackagePermission "org.osgi.service.coordinator" "import")
+
+# General bundle permissions
+(java.util.PropertyPermission "configurator.*" "read")
+(org.osgi.framework.ServicePermission "org.osgi.service.cm.Configuration" "get")
+(org.osgi.framework.ServicePermission "org.osgi.service.coordinator.Coordinator" "get")
+(org.osgi.framework.ServicePermission "org.osgi.service.log.LogService" "get")
+
+# Manage configurations
+(org.osgi.service.cm.ConfigurationPermission "*" "configure")
+
+# Handle binaries
+(java.io.FilePermission "-" "read,write,execute,delete")
+



Mime
View raw message