felix-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hans L' Hoest <Hans.Lho...@mendix.com>
Subject RE: Problem with Felix security and bundle policies
Date Wed, 22 Jan 2014 16:36:09 GMT
Hello,

May be you forgot to give your bundle all permissions?

For an example see:
https://code.google.com/p/osgi-in-action/source/browse/trunk/chapter14/combined-example/org.foo.policy/src/org/foo/policy/Activator.java

HTH,

Hans

-----Original Message-----
From: felixandre [mailto:andrea.carlinoa@gmail.com] 
Sent: Wednesday, January 22, 2014 10:02 AM
To: users@felix.apache.org
Subject: Problem with Felix security and bundle policies

Hello everyone,
I hope someone can help me...
I'm having some problems with policies under felix.
I see my security bundle implementing the ConditionalPermissionAdmin is working...and even
too much! 
As soon as I install the security bundle I cannot even interact with the framework via the
gogo shell.
in the all.policy file I granted AllPermission to everyone and then I read the permissions
from the security.policy file where I tried many different syntax for the org.osgi.service.condpermadmin.BundleLocationCondition
field without success.

My goal is to limit the permissions to read/write file to bundles in subfolder "./bundle/plugins"
while system bundles are in "./bin" and "./bundle" subfolder. I also tried with full path
but it is not working...

Examples of what I tried in the security.policy file (I'm working under Windows OS):

ALLOW {
  [org.osgi.service.condpermadmin.BundleLocationCondition
"file:d:\\Programmi_D\\felix-framework-4.2.1*"]
  (java.security.AllPermission)
} "My Security Manager - bundles in bundle-folder get AllPermission"

or 

ALLOW {
  [org.osgi.service.condpermadmin.BundleLocationCondition "file:.\\bin*"]
  (java.security.AllPermission)
} "My Security Manager - bundles in bundle-folder get AllPermission"

or 

ALLOW {
  [org.osgi.service.condpermadmin.BundleLocationCondition "file:.\\bin\\\*"] (need a backslash
to avoid the escape character  '\' and get the char '*')
  (java.security.AllPermission)
} "My Security Manager - bundles in bundle-folder get AllPermission"

and similar variants...

Anyhow, after running the security bundle as soon as I type simply "lb"
copmmand in the osgi shell I get this exception: 
"gogo: AccessControlException: access denied ("org.osgi.framework.ServicePermission" "(service.id=7)"
"get")"

Is there anyone who have any clue of what I'm doing wrong here?

Thx a lot!
Andrea



--
View this message in context: http://apache-felix.18485.x6.nabble.com/Problem-with-Felix-security-and-bundle-policies-tp5006903.html
Sent from the Apache Felix - Users mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
For additional commands, e-mail: users-help@felix.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
For additional commands, e-mail: users-help@felix.apache.org


Mime
View raw message