felix-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Karl Pauls <karlpa...@gmail.com>
Subject Re: Problems with ConditionalPermissionAdmin
Date Fri, 04 Apr 2014 12:10:08 GMT
I don't think there is a way to make this a relative path. Basically,
relative paths are relative to the current user.dir which is set to the dir
the user is in when invoking the jvm. You might be able to create your own
permission that gets this done, however. It would need to imply file
permission but derive relative path from the felix.jar location which it
should be able to figure out.

regards,

Karl


On Thu, Apr 3, 2014 at 3:40 PM, felixandre <andrea.carlinoa@gmail.com>wrote:

> Thanks Karl!
> I report here last attempts with results:
>
> *ATTEMPT 1:*
>
> /ALLOW {
>         [org.osgi.service.condpermadmin.BundleSignerCondition "*; O=OTHER"]
>         ( java.io.FilePermission "readableFolder\-" "read")
> } "Allow bundles signed by OTHER to read file in readableFolder"
>
> DENY {
>         [org.osgi.service.condpermadmin.BundleSignerCondition "*; O=OTHER"]
>         ( java.io.FilePermission "-" "*")
> }  "Deny bundles signed by OTHER to read and write files everywhere else"
>
>  ALLOW {
>    ( java.security.AllPermission "*" "*")
> } "But give all other not denied permissions to all bundles" /
>
> with this, the bundle signed by OTHER can read and write all files under
> Felix folder tree
>
>
> *ATTEMPT 2:*
>
> /ALLOW {
>         [org.osgi.service.condpermadmin.BundleSignerCondition "*; O=OTHER"]
>         ( java.io.FilePermission "readableFolder\-" "read")
> }"Allow bundles signed by OTHER to read file in readableFolder"
>
> DENY {
>         [org.osgi.service.condpermadmin.BundleSignerCondition "*; O=OTHER"]
>         ( java.io.FilePermission "-" "write")
> }  "Deny bundles signed by OTHER to read and write files everywhere else"
>
>  ALLOW {
>    ( java.security.AllPermission "*" "*")
> } "But give all other not denied permissions to all bundles" /
>
> with this, the bundle signed by OTHER cannot write all files under Felix
> folder tree, but can read every file.
> But if within the DENY condition I use "read,write" instead of only "wrte"
> then the bundle cannot read even in the "allowed" folder (first ALLOW
> condition).
> I think the problem here is the syntax of the first parameter of the
> java.io.FilePermission condition.
> What is the correct way to write it? Is it possible to use a path relative
> to the felix execution folder? Is there a way to write it which is
> compatible with both Windows and Linux folder?
> (I'm now working in Windows but I'll have to use the same framework under
> linux too).
>
> Thanks,
> Andrea
>
>
>
> --
> View this message in context:
> http://apache-felix.18485.x6.nabble.com/Problems-with-ConditionalPermissionAdmin-tp5007954p5007961.html
> Sent from the Apache Felix - Users mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
> For additional commands, e-mail: users-help@felix.apache.org
>
>


-- 
Karl Pauls
karlpauls@gmail.com
http://twitter.com/karlpauls
http://www.linkedin.com/in/karlpauls
https://profiles.google.com/karlpauls

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message