Author: cziegeler
Date: Wed Jun 28 07:47:29 2017
New Revision: 1800130
URL: http://svn.apache.org/viewvc?rev=1800130&view=rev
Log:
Update security checks, add permissions
Added:
felix/trunk/osgi-r7/configurator/src/main/resources/
felix/trunk/osgi-r7/configurator/src/main/resources/OSGI-INF/
felix/trunk/osgi-r7/configurator/src/main/resources/OSGI-INF/permissions.perm
Modified:
felix/trunk/osgi-r7/configurator/src/main/java/org/apache/felix/configurator/impl/Configurator.java
felix/trunk/osgi-r7/configurator/src/main/java/org/apache/felix/configurator/impl/json/JSONUtil.java
Modified:
felix/trunk/osgi-r7/configurator/src/main/java/org/apache/felix/configurator/impl/Configurator.java
URL:
http://svn.apache.org/viewvc/felix/trunk/osgi-r7/configurator/src/main/java/org/apache/felix/configurator/impl/Configurator.java?rev=1800130&r1=1800129&r2=1800130&view=diff
==============================================================================
---
felix/trunk/osgi-r7/configurator/src/main/java/org/apache/felix/configurator/impl/Configurator.java
(original)
+++
felix/trunk/osgi-r7/configurator/src/main/java/org/apache/felix/configurator/impl/Configurator.java
Wed Jun 28 07:47:29 2017
@@ -48,6 +48,7 @@ import org.osgi.framework.BundleContext;
import org.osgi.framework.BundleEvent;
import org.osgi.framework.Constants;
import org.osgi.framework.InvalidSyntaxException;
+import org.osgi.framework.ServicePermission;
import org.osgi.framework.ServiceReference;
import org.osgi.service.cm.Configuration;
import org.osgi.service.cm.ConfigurationAdmin;
@@ -496,21 +497,24 @@ public class Configurator {
if ( configAdminServiceBundleId == null ) {
final Bundle configBundle = cfg.getBundleId() == -1 ?
this.bundleContext.getBundle() :
this.bundleContext.getBundle(Constants.SYSTEM_BUNDLE_LOCATION).getBundleContext().getBundle(cfg.getBundleId());
if ( configBundle != null ) {
- try {
- final Collection<ServiceReference<ConfigurationAdmin>>
refs =
configBundle.getBundleContext().getServiceReferences(ConfigurationAdmin.class,
null);
- final List<ServiceReference<ConfigurationAdmin>>
sortedRefs = new ArrayList<>(refs);
- Collections.sort(sortedRefs);
- for(int i=sortedRefs.size();i>0;i--) {
- final ServiceReference<ConfigurationAdmin> r =
sortedRefs.get(i-1);
- synchronized ( this.configAdminReferences ) {
- if ( this.configAdminReferences.contains(r) ) {
- configAdminServiceBundleId =
r.getBundle().getBundleId();
- break;
+ if ( System.getSecurityManager() == null
+ || configBundle.hasPermission( new
ServicePermission(ConfigurationAdmin.class.getName(), ServicePermission.GET)) )
{
+ try {
+ final Collection<ServiceReference<ConfigurationAdmin>>
refs =
configBundle.getBundleContext().getServiceReferences(ConfigurationAdmin.class,
null);
+ final List<ServiceReference<ConfigurationAdmin>>
sortedRefs = new ArrayList<>(refs);
+ Collections.sort(sortedRefs);
+ for(int i=sortedRefs.size();i>0;i--) {
+ final ServiceReference<ConfigurationAdmin> r =
sortedRefs.get(i-1);
+ synchronized ( this.configAdminReferences ) {
+ if ( this.configAdminReferences.contains(r) ) {
+ configAdminServiceBundleId =
r.getBundle().getBundleId();
+ break;
+ }
}
}
+ } catch (final InvalidSyntaxException e) {
+ // this can never happen as we pass {@code null} as
the filter
}
- } catch (final InvalidSyntaxException e) {
- // this can never happen as we pass {@code null} as the
filter
}
}
}
Modified:
felix/trunk/osgi-r7/configurator/src/main/java/org/apache/felix/configurator/impl/json/JSONUtil.java
URL:
http://svn.apache.org/viewvc/felix/trunk/osgi-r7/configurator/src/main/java/org/apache/felix/configurator/impl/json/JSONUtil.java?rev=1800130&r1=1800129&r2=1800130&view=diff
==============================================================================
---
felix/trunk/osgi-r7/configurator/src/main/java/org/apache/felix/configurator/impl/json/JSONUtil.java
(original)
+++
felix/trunk/osgi-r7/configurator/src/main/java/org/apache/felix/configurator/impl/json/JSONUtil.java
Wed Jun 28 07:47:29 2017
@@ -56,7 +56,7 @@ public class JSONUtil {
private static final String INTERNAL_PREFIX = ":configurator:";
- private static final String PROP_VERSION = INTERNAL_PREFIX +
"json-version";
+ private static final String PROP_VERSION = INTERNAL_PREFIX +
"resource-version";
private static final String PROP_RANKING = "ranking";
Added:
felix/trunk/osgi-r7/configurator/src/main/resources/OSGI-INF/permissions.perm
URL:
http://svn.apache.org/viewvc/felix/trunk/osgi-r7/configurator/src/main/resources/OSGI-INF/permissions.perm?rev=1800130&view=auto
==============================================================================
---
felix/trunk/osgi-r7/configurator/src/main/resources/OSGI-INF/permissions.perm
(added)
+++
felix/trunk/osgi-r7/configurator/src/main/resources/OSGI-INF/permissions.perm
Wed Jun 28 07:47:29 2017
@@ -0,0 +1,36 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Imported packages
+# -> MANIFEST.MF
+(org.osgi.framework.PackagePermission "org.osgi.framework" "import")
+(org.osgi.framework.PackagePermission "org.osgi.framework.wiring" "import")
+(org.osgi.framework.PackagePermission "org.osgi.util.tracker" "import")
+(org.osgi.framework.PackagePermission "org.osgi.service.cm" "import")
+(org.osgi.framework.PackagePermission "org.osgi.service.log" "import")
+(org.osgi.framework.PackagePermission "org.osgi.service.coordinator" "import")
+
+# General bundle permissions
+(java.util.PropertyPermission "configurator.*" "read")
+(org.osgi.framework.ServicePermission "org.osgi.service.cm.Configuration"
"get")
+(org.osgi.framework.ServicePermission
"org.osgi.service.coordinator.Coordinator" "get")
+(org.osgi.framework.ServicePermission "org.osgi.service.log.LogService" "get")
+
+# Manage configurations
+(org.osgi.service.cm.ConfigurationPermission "*" "configure")
+
+# Handle binaries
+(java.io.FilePermission "-" "read,write,execute,delete")
+
