felix-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From felixandre <andrea.carli...@gmail.com>
Subject Problem with Felix security and bundle policies
Date Wed, 22 Jan 2014 09:01:46 GMT
Hello everyone, 
I hope someone can help me...
I'm having some problems with policies under felix.
I see my security bundle implementing the ConditionalPermissionAdmin is
working...and even too much! 
As soon as I install the security bundle I cannot even interact with the
framework via the gogo shell.
in the all.policy file I granted AllPermission to everyone and then I read
the permissions from the security.policy file where I tried many different
syntax for the org.osgi.service.condpermadmin.BundleLocationCondition field
without success.

My goal is to limit the permissions to read/write file to bundles in
subfolder "./bundle/plugins" while system bundles are in "./bin" and
"./bundle" subfolder. I also tried with full path but it is not working...

Examples of what I tried in the security.policy file (I'm working under
Windows OS):

ALLOW {
  [org.osgi.service.condpermadmin.BundleLocationCondition
"file:d:\\Programmi_D\\felix-framework-4.2.1*"]
  (java.security.AllPermission)
} "My Security Manager - bundles in bundle-folder get AllPermission"

or 

ALLOW {
  [org.osgi.service.condpermadmin.BundleLocationCondition "file:.\\bin*"]
  (java.security.AllPermission)
} "My Security Manager - bundles in bundle-folder get AllPermission"

or 

ALLOW {
  [org.osgi.service.condpermadmin.BundleLocationCondition "file:.\\bin\\\*"]  
(need a backslash to avoid the escape character  '\' and get the char '*')
  (java.security.AllPermission)
} "My Security Manager - bundles in bundle-folder get AllPermission"

and similar variants...

Anyhow, after running the security bundle as soon as I type simply "lb"
copmmand in the osgi shell I get this exception: 
"gogo: AccessControlException: access denied
("org.osgi.framework.ServicePermission" "(service.id=7)" "get")"

Is there anyone who have any clue of what I'm doing wrong here?

Thx a lot!
Andrea



--
View this message in context: http://apache-felix.18485.x6.nabble.com/Problem-with-Felix-security-and-bundle-policies-tp5006903.html
Sent from the Apache Felix - Users mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
For additional commands, e-mail: users-help@felix.apache.org


Mime
View raw message