svn commit: r1454470 - in /felix/trunk/framework/src/main/java/org/apache/felix/framework: BundleProtectionDomain.java ExtensionManager.java Felix.java util/FelixConstants.java

Fri, 08 Mar 2013 09:03:57 -0800 

Author: pauls
Date: Fri Mar  8 17:03:32 2013
New Revision: 1454470

URL: http://svn.apache.org/r1454470
Log:
Use the default java security policy if no security provider is present and 
don't check for allpermission if an extension bundle is installed and there is 
no security manager present. (FELIX-3961,FELIX-3950)

Modified:
    
felix/trunk/framework/src/main/java/org/apache/felix/framework/BundleProtectionDomain.java
    
felix/trunk/framework/src/main/java/org/apache/felix/framework/ExtensionManager.java
    felix/trunk/framework/src/main/java/org/apache/felix/framework/Felix.java
    
felix/trunk/framework/src/main/java/org/apache/felix/framework/util/FelixConstants.java

Modified: 
felix/trunk/framework/src/main/java/org/apache/felix/framework/BundleProtectionDomain.java
URL: 
http://svn.apache.org/viewvc/felix/trunk/framework/src/main/java/org/apache/felix/framework/BundleProtectionDomain.java?rev=1454470&r1=1454469&r2=1454470&view=diff
==============================================================================
--- 
felix/trunk/framework/src/main/java/org/apache/felix/framework/BundleProtectionDomain.java
 (original)
+++ 
felix/trunk/framework/src/main/java/org/apache/felix/framework/BundleProtectionDomain.java
 Fri Mar  8 17:03:32 2013
@@ -43,11 +43,13 @@ public class BundleProtectionDomain exte
             new CodeSource(
                 Felix.m_secureAction.createURL(
                     Felix.m_secureAction.createURL(null, "location:", new 
FakeURLStreamHandler()),
-                    bundle._getLocation(),
+                    bundle._getLocation().startsWith("reference:") ? 
+                        bundle._getLocation().substring("reference:".length()) 
: 
+                        bundle._getLocation(),
                     new FakeURLStreamHandler()
                     ),
                 (Certificate[]) certificates),
-            null);
+            null, null, null);
         m_felix = new WeakReference(felix);
         m_bundle = new WeakReference(bundle);
         m_revision = new WeakReference(bundle.adapt(BundleRevisionImpl.class));
@@ -67,6 +69,11 @@ public class BundleProtectionDomain exte
             felix.impliesBundlePermission(this, permission, false) : false;
     }
 
+    boolean superImplies(Permission permission)
+    {
+        return super.implies(permission);
+    }
+
     public boolean impliesDirect(Permission permission)
     {
         Felix felix = (Felix) m_felix.get();
@@ -101,4 +108,4 @@ public class BundleProtectionDomain exte
     {
         return m_toString;
     }
-}
\ No newline at end of file
+}

Modified: 
felix/trunk/framework/src/main/java/org/apache/felix/framework/ExtensionManager.java
URL: 
http://svn.apache.org/viewvc/felix/trunk/framework/src/main/java/org/apache/felix/framework/ExtensionManager.java?rev=1454470&r1=1454469&r2=1454470&view=diff
==============================================================================
--- 
felix/trunk/framework/src/main/java/org/apache/felix/framework/ExtensionManager.java
 (original)
+++ 
felix/trunk/framework/src/main/java/org/apache/felix/framework/ExtensionManager.java
 Fri Mar  8 17:03:32 2013
@@ -330,13 +330,13 @@ class ExtensionManager extends URLStream
         Object sm = System.getSecurityManager();
         if (sm != null)
         {
-                ((SecurityManager) sm).checkPermission(
-                    new AdminPermission(bundle, 
AdminPermission.EXTENSIONLIFECYCLE));
-        }
+            ((SecurityManager) sm).checkPermission(
+                new AdminPermission(bundle, 
AdminPermission.EXTENSIONLIFECYCLE));
 
-        if (!((BundleProtectionDomain) 
bundle.getProtectionDomain()).impliesDirect(new AllPermission()))
-        {
-            throw new SecurityException("Extension Bundles must have 
AllPermission");
+            if (!((BundleProtectionDomain) 
bundle.getProtectionDomain()).impliesDirect(new AllPermission()))
+            {
+                throw new SecurityException("Extension Bundles must have 
AllPermission");
+            }
         }
 
         String directive = ManifestParser.parseExtensionBundleHeader((String)

Modified: 
felix/trunk/framework/src/main/java/org/apache/felix/framework/Felix.java
URL: 
http://svn.apache.org/viewvc/felix/trunk/framework/src/main/java/org/apache/felix/framework/Felix.java?rev=1454470&r1=1454469&r2=1454470&view=diff
==============================================================================
--- felix/trunk/framework/src/main/java/org/apache/felix/framework/Felix.java 
(original)
+++ felix/trunk/framework/src/main/java/org/apache/felix/framework/Felix.java 
Fri Mar  8 17:03:32 2013
@@ -170,6 +170,9 @@ public class Felix extends BundleImpl im
     // Security Manager created by the framework
     private SecurityManager m_securityManager = null;
 
+    // Do we need to consult the default java security policy if no security 
provider is present?
+    private volatile boolean m_securityDefaultPolicy;
+
     /**
      * <p>
      * This constructor creates a framework instance with a specified 
<tt>Map</tt>
@@ -283,6 +286,11 @@ public class Felix extends BundleImpl im
      *       unsupported fragment bundles throws an exception or logs a 
warning.
      *       Possible values are "<tt>exception</tt>" or "<tt>warning</tt>". 
The
      *       default value is "<tt>exception</tt>".
+     *   </li>
+     *   <li><tt>felix.security.defaultpolicy</tt> - Flag to indicate whether
+     *       to consult the default java securtiy policy if no security 
extension
+     *       is present. The default value is "<tt>false</tt>".
+     *   </li>
      * </ul>
      * <p>
      * The <a href="Main.html"><tt>Main</tt></a> class implements some
@@ -363,6 +371,9 @@ public class Felix extends BundleImpl im
             m_bootPkgs[i] = s;
         }
 
+        // Read the security default policy property
+        m_securityDefaultPolicy = 
"true".equals(getProperty(FelixConstants.SECURITY_DEFAULT_POLICY)); 
+
         // Create default bundle stream handler.
         m_bundleStreamHandler = new URLHandlersBundleStreamHandler(this);
 
@@ -4288,7 +4299,13 @@ public class Felix extends BundleImpl im
         {
             return 
m_securityProvider.hasBundlePermission(bundleProtectionDomain, permission, 
direct);
         }
-        return true;
+        else
+        {
+            Bundle source = bundleProtectionDomain.getBundle();
+
+            return (m_securityDefaultPolicy && (source == null || 
source.getBundleId() != 0)) ? 
+                bundleProtectionDomain.superImplies(permission) : true;
+        }
     }
 
     private BundleActivator createBundleActivator(Bundle impl)

Modified: 
felix/trunk/framework/src/main/java/org/apache/felix/framework/util/FelixConstants.java
URL: 
http://svn.apache.org/viewvc/felix/trunk/framework/src/main/java/org/apache/felix/framework/util/FelixConstants.java?rev=1454470&r1=1454469&r2=1454470&view=diff
==============================================================================
--- 
felix/trunk/framework/src/main/java/org/apache/felix/framework/util/FelixConstants.java
 (original)
+++ 
felix/trunk/framework/src/main/java/org/apache/felix/framework/util/FelixConstants.java
 Fri Mar  8 17:03:32 2013
@@ -64,4 +64,5 @@ public interface FelixConstants extends 
     // Miscellaneous properties values.
     String FAKE_URL_PROTOCOL_VALUE = "location:";
     String FELIX_EXTENSION_ACTIVATOR = "Felix-Activator";
-}
\ No newline at end of file
+    String SECURITY_DEFAULT_POLICY = "felix.security.defaultpolicy";
+}

Reply via email to