felix-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From felixandre <andrea.carli...@gmail.com>
Subject Re: Problem with Felix security and bundle policies
Date Thu, 23 Jan 2014 10:05:33 GMT
I had tried that and every bundle is (correctly) allowed to do everything;
the problem is when starting to restrict policies...
Anyway, I've just managed to make a further step; even if I'm almost sure I
ha dalready tried this way, now something is working as expected... With 

DENY {
	[org.osgi.service.condpermadmin.BundleLocationCondition
"file:.\\bundle\\plugins*"]
   ( java.io.FilePermission "*" "write")
} "We deny bundles to write file otherwise"

ALLOW {
   ( java.security.AllPermission "*" "*")
} "But give all other not denied permissions to all bundles"/

I'm able to DENY file access permission to the bundles in ".\bundle\plugins"
folder.
In order to distinguish between signed and not signed bundle in that folder
I added a BundleSignerCondition *after* the DENY condition like this:

/ALLOW {
	[org.osgi.service.condpermadmin.BundleSignerCondition "CN=logboxIP, O=CRF,
OU=ITS, L=Trento C=IT"]
   ( java.io.FilePermission "*" "read, write")
} "We allow signed bundles to write file"

but this is not "overriding" the DENY condition for the whole
".\bundle\plugins" folder... How could be this accomplished?






--
View this message in context: http://apache-felix.18485.x6.nabble.com/Problem-with-Felix-security-and-bundle-policies-tp5006903p5006948.html
Sent from the Apache Felix - Users mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
For additional commands, e-mail: users-help@felix.apache.org


Mime
View raw message