felix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Guillaume Nodet (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (FELIX-5385) ConfigAdmin uses wrong security when calling ManagedServices
Date Thu, 20 Oct 2016 08:47:59 GMT

     [ https://issues.apache.org/jira/browse/FELIX-5385?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Guillaume Nodet updated FELIX-5385:
-----------------------------------
    Fix Version/s: configadmin-1.9.0

> ConfigAdmin uses wrong security when calling ManagedServices
> ------------------------------------------------------------
>
>                 Key: FELIX-5385
>                 URL: https://issues.apache.org/jira/browse/FELIX-5385
>             Project: Felix
>          Issue Type: Bug
>    Affects Versions: configadmin-1.8.0
>            Reporter: Guillaume Nodet
>             Fix For: configadmin-1.9.0
>
>
> When a ManagedService (which bundles has all permissions) is called, we end up with the
following exception.
> The reason is that all code protection domain need to have the permission to actually
grant the permission, and ConfigAdmin has very restricted permissions.  A DomainCombiner should
be used to only apply the bundle's permission to the call.
> {code}
> 10:43:43.543 [CM Configuration Updater (ManagedService Update: pid=[org.ops4j.pax.logging])]
ERROR org.apache.felix.configadmin - [org.osgi.service.log.LogService, org.knopflerfish.service.log.LogService,
org.ops4j.pax.logging.PaxLoggingService, org.osgi.service.cm.ManagedService, id=12, bundle=5/mvn:org.ops4j.pax.logging/pax-logging-log4j2/1.9.1-SNAPSHOT]:
Unexpected problem updating configuration org.ops4j.pax.logging
> java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "getClassLoader")
> 	at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
[?:?]
> 	at java.security.AccessController.checkPermission(AccessController.java:884) [?:?]
> 	at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) [?:?]
> 	at java.lang.ClassLoader.checkClassLoaderPermission(ClassLoader.java:1528) [?:?]
> 	at java.lang.Thread.getContextClassLoader(Thread.java:1436) [?:?]
> 	at org.ops4j.pax.logging.log4j2.internal.PaxLoggingServiceImpl.updated(PaxLoggingServiceImpl.java:150)
[5:org.ops4j.pax.logging.pax-logging-log4j2:1.9.1.SNAPSHOT]
> 	at org.ops4j.pax.logging.log4j2.internal.PaxLoggingServiceImpl$1ManagedPaxLoggingService.updated(PaxLoggingServiceImpl.java:408)
[5:org.ops4j.pax.logging.pax-logging-log4j2:1.9.1.SNAPSHOT]
> 	at org.apache.felix.cm.impl.helper.ManagedServiceTracker$1.run(ManagedServiceTracker.java:177)
[6:org.apache.felix.configadmin:1.8.8]
> 	at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
> 	at org.apache.felix.cm.impl.helper.ManagedServiceTracker.updated(ManagedServiceTracker.java:173)
[6:org.apache.felix.configadmin:1.8.8]
> 	at org.apache.felix.cm.impl.helper.ManagedServiceTracker.updateService(ManagedServiceTracker.java:152)
[6:org.apache.felix.configadmin:1.8.8]
> 	at org.apache.felix.cm.impl.helper.ManagedServiceTracker.provideConfiguration(ManagedServiceTracker.java:85)
[6:org.apache.felix.configadmin:1.8.8]
> 	at org.apache.felix.cm.impl.ConfigurationManager$ManagedServiceUpdate.provide(ConfigurationManager.java:1444)
[6:org.apache.felix.configadmin:1.8.8]
> 	at org.apache.felix.cm.impl.ConfigurationManager$ManagedServiceUpdate.run(ConfigurationManager.java:1400)
[6:org.apache.felix.configadmin:1.8.8]
> 	at org.apache.felix.cm.impl.UpdateThread$1.run(UpdateThread.java:131) [6:org.apache.felix.configadmin:1.8.8]
> 	at org.apache.felix.cm.impl.UpdateThread$1.run(UpdateThread.java:128) [6:org.apache.felix.configadmin:1.8.8]
> 	at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
> 	at org.apache.felix.cm.impl.UpdateThread.run0(UpdateThread.java:127) [6:org.apache.felix.configadmin:1.8.8]
> 	at org.apache.felix.cm.impl.UpdateThread.run(UpdateThread.java:110) [6:org.apache.felix.configadmin:1.8.8]
> 	at java.lang.Thread.run(Thread.java:745) [?:?]
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message