felix-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From alpha sparc <alphasp...@gmail.com>
Subject Re: Embedding Felix Security
Date Sun, 02 Oct 2011 12:23:39 GMT
Hi, I am attempting to run felix security bundle.
I have given all.permission to felix, installed the security bundle and
tried to load policy using the policy bundle in the examples as well as
tried to programatically set the policy but the bundle still run regardless
of how I tried to deny read and write to <<ALL FILES>>.

Can anyone help me to point out what I missed? The result of this code is
that all the bundles run even when I tried to stop them
 public static void main( String[] args ) throws BundleException
    {
        String [] bundledir=null;

        System.setProperty("java.security.policy","./Policy/all.policy");
//OSGi need all Permission
        System.setProperty("org.osgi.framework.security=osgi","true");


        Map<String, String> fmap = new HashMap<String, String>();
        fmap.put(FelixConstants.FRAMEWORK_STORAGE, "./Bundles/"); //Run in
the bundle directory
        fmap.put(FelixConstants.FRAMEWORK_STORAGE_CLEAN, "true");
        fmap.put(FelixConstants.FRAMEWORK_SECURITY_OSGI, "true");

        Felix felix = new Felix(fmap);

        try{
        felix.start();

                SimpleSecurityManager sm = new SimpleSecurityManager();
                System.setSecurityManager(sm);

            Bundle securitybundle = null;
            File file = new
File("./Bundles/Security/framework.security.jar");
            URL url = file.toURI().toURL();
            securitybundle = felix.getBundleContext().
                    installBundle(
                    url.toString());
            securitybundle.start();

            Bundle policybundle = null;
            File file2 = new File("./Bundles/Security/PolicyActivator.jar");
            URL url2 = file2.toURI().toURL();
            policybundle =
felix.getBundleContext().installBundle(url2.toString());
            policybundle.start();


final ConditionalPermissionAdmin cpa = (ConditionalPermissionAdmin)
felix.getBundleContext().getService(felix.getBundleContext().getServiceReference(ConditionalPermissionAdmin.class.getName()));
final ConditionalPermissionUpdate u = cpa.newConditionalPermissionUpdate();
List<ConditionalPermissionInfo> permlist =
u.getConditionalPermissionInfos();
permlist.clear();
// Give the System Bundle AllPermissions
permlist.add(cpa.newConditionalPermissionInfo(null, new ConditionInfo[] {
new ConditionInfo(
BundleLocationCondition.class.getName(), new String[] {
felix.getBundleContext().getBundle(0).getLocation() }) },
new PermissionInfo[] { new PermissionInfo(AllPermission.class.getName(),
"*", "*") },
ConditionalPermissionInfo.DENY));
// Allow the first two system bundles (Log and ConfigAdmin) to import
org.osgi.framework
permlist.add(cpa.newConditionalPermissionInfo(null, new ConditionInfo[] {
new ConditionInfo(
BundleLocationCondition.class.getName(), new String[] {
felix.getBundleContext().getBundle(1).getLocation() }) },
new PermissionInfo[] { new PermissionInfo(PackagePermission.class.getName(),
"org.osgi.framework",
PackagePermission.IMPORT) }, ConditionalPermissionInfo.DENY));

permlist.add(cpa.newConditionalPermissionInfo(null, new ConditionInfo[] {
new ConditionInfo(
BundleLocationCondition.class.getName(), new String[] {
felix.getBundleContext().getBundle().getLocation(),"C:/Users/User/Documents/NetBeansProjects/OSGiVerify/Bundles/*"
}) },
new PermissionInfo[] { new PermissionInfo(
java.io.FilePermission.class.getName(),"<<ALL FILES>>","read,write") },
ConditionalPermissionInfo.DENY));
u.commit();

        for(int i=0;(bundledir[i]!=null);i++)
        {
            System.out.println(bundledir[i]);

            Bundle bundlelauncher=null;
            File file1 = new File(bundledir[i]);
            URL url1 = file1.toURI().toURL();

bundlelauncher=felix.getBundleContext().installBundle(url1.toString());
            bundlelauncher.start();
        }

}catch(Exception e){e.printStackTrace();}

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message