felix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Felix Meschberger (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (FELIX-4039) Add Permissions file in ConfigAdmin bundle
Date Wed, 14 Aug 2013 08:09:47 GMT

    [ https://issues.apache.org/jira/browse/FELIX-4039?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13739386#comment-13739386
] 

Felix Meschberger commented on FELIX-4039:
------------------------------------------

Added the file to the source tree in Rev. 1513754.
                
> Add Permissions file in ConfigAdmin bundle 
> -------------------------------------------
>
>                 Key: FELIX-4039
>                 URL: https://issues.apache.org/jira/browse/FELIX-4039
>             Project: Felix
>          Issue Type: Improvement
>          Components: Configuration Admin
>    Affects Versions: configadmin-1.6.0
>            Reporter: Romain Dubois
>            Assignee: Felix Meschberger
>            Priority: Minor
>              Labels: security
>             Fix For: configadmin-1.6.2
>
>
> Most of felix bundles should have a permissions file.
> For ConfigAdmin bundle, I suggest the following content for "OSGI-INF/permissions.perm"
file:
> # Apache Felix Configuration Admin Service
> # Bundle permissions
> #
> # Imported/Exported packages 
> # -> MANIFEST.MF
> (org.osgi.framework.PackagePermission   "org.osgi.service.log"          "import")
> (org.osgi.framework.PackagePermission   "org.osgi.framework"            "import")
> (org.osgi.framework.PackagePermission   "org.osgi.service.cm"           "import,exportonly")
> (org.osgi.framework.PackagePermission   "org.apache.felix.cm"           "import,exportonly")
> (org.osgi.framework.PackagePermission   "org.apache.felix.cm.file"      "import,exportonly")
> # General bundle permissions
> (java.util.PropertyPermission           "felix.cm.*"                        "read")
> (org.osgi.framework.ServicePermission   "org.apache.felix.cm.*"             "get,register")
> (org.osgi.framework.ServicePermission   "org.osgi.service.cm.*"             "get,register")
> (org.osgi.framework.ServicePermission   "org.osgi.service.log.LogService"   "get")
> # Manage configurations
> # -> ConfigurationAdminImpl
> (org.osgi.framework.AdminPermission             "*" "metadata")
> (org.osgi.service.cm.ConfigurationPermission    "*" "configure,target")
> # Handle persistent configuration files
> # -> FilePersistenceManager
> (java.util.PropertyPermission   "user.dir"  "read")
> (java.io.FilePermission         "-"         "read,write,execute,delete")
> # -> ConfigurationManager
> (org.osgi.framework.ServicePermission   "org.apache.felix.cm.PersistenceManager"    "register")
> Note: I have extracted those permissions from code analysis then tested the suggested
file in simple examples. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message