[jira] [Comment Edited] (FELIX-1908) PreferencesService doesn't work if a PermissionAdmin is present

Wed, 22 May 2013 00:38:22 -0700 

    [ 
https://issues.apache.org/jira/browse/FELIX-1908?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13663888#comment-13663888
 ] 

Sahoo edited comment on FELIX-1908 at 5/22/13 7:36 AM:
-------------------------------------------------------

To reproduce the issue please follow these steps:

0) Unzip the attached zip file. It contains sources as well as ready to use jar 
files in respective target directories. It has 2 netbeans/maven projects, viz:

a) FelixPrefsServiceTestLauncher -> This contains the launcher that embeds 
Felix, configures security & deploys the test

b) FelixPrefsServiceTest -> This contains a test that just tries to use 
FelixPreferencesService. This test configured to have limited permissions ( 
package import & service get only) by the launcher

1) Download 
http://mirrors.gigenet.com/apache//felix/org.apache.felix.main.distribution-4.2.1.zip
2) Extract the zip file & goto felix-framework-4.2.1 directory
3) Download the following & copy to the bundle directory
a) 
http://mirrors.gigenet.com/apache//felix/org.apache.felix.framework.security-2.2.0.jar
b) http://mirrors.gigenet.com/apache//felix/org.apache.felix.log-1.0.1.jar
c) http://mirrors.gigenet.com/apache//felix/org.apache.felix.prefs-1.0.4.jar
4) create a all.policy file with the following content
grant { permission java.security.AllPermission; };
5) Run the following command after replacing <path> with the full path to the 
directory where you extracted the FelixPrefsServiceTest.zip file
java -Djava.security.policy=./all.policy -cp 
./bundle/org.apache.felix.framework.security-2.2.0.jar:./bin/felix.jar:<path>/FelixPrefsServiceTestLauncher/target/FelixPrefsServiceTestLauncher-1.0-SNAPSHOT.jar
 test.felixprefsservicetestlauncher.Main 
file:<path>/FelixPrefsServiceTest/target/FelixPrefsServiceTest-1.0-SNAPSHOT.jar

6) You should see the following message

Starting framework...
Configuring framework security...
Deploying system bundles...
deployed 
file:/Users/riaz/Work/embedded/jes8/felix-framework-4.2.1/bundle/org.apache.felix.log-1.0.1.jar
deployed 
file:/Users/riaz/Work/embedded/jes8/felix-framework-4.2.1/bundle/org.apache.felix.prefs-1.0.4.jar
Deploying application bundle...
deployed 
file:/Users/riaz/NetBeansProjects/FelixPrefsServiceTest/target/FelixPrefsServiceTest-1.0-SNAPSHOT.jar
Exception in thread "main" org.osgi.framework.BundleException: Activator start 
error in bundle test.FelixPrefsServiceTest [4].
at org.apache.felix.framework.Felix.activateBundle(Felix.java:2196)
at org.apache.felix.framework.Felix.startBundle(Felix.java:2064)
at org.apache.felix.framework.BundleImpl.start(BundleImpl.java:955)
at org.apache.felix.framework.BundleImpl.start(BundleImpl.java:942)
at test.felixprefsservicetestlauncher.Main.main(Main.java:66)
Caused by: java.security.AccessControlException: access denied 
(java.io.FilePermission ./felix-cache/bundle3/data/P4.ser read)
at 
java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)
at java.security.AccessController.checkPermission(AccessController.java:549)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
at java.io.File.exists(File.java:731)
at 
org.apache.felix.prefs.impl.DataFileBackingStoreImpl.load(DataFileBackingStoreImpl.java:155)
at 
org.apache.felix.prefs.impl.StreamBackingStoreImpl.update(StreamBackingStoreImpl.java:102)
at org.apache.felix.prefs.PreferencesImpl.sync(PreferencesImpl.java:588)
at 
org.apache.felix.prefs.impl.PreferencesServiceImpl.getSystemPreferences(PreferencesServiceImpl.java:80)
at test.felixprefsservicetest.Activator.start(Activator.java:18)
at 
org.apache.felix.framework.util.SecureAction$Actions.run(SecureAction.java:1605)
at java.security.AccessController.doPrivileged(Native Method)
at 
org.apache.felix.framework.util.SecureAction.startActivator(SecureAction.java:636)
at org.apache.felix.framework.Felix.activateBundle(Felix.java:2146)
... 4 more
                
      was (Author: sahoo):
    To reproduce the issue please follow these steps:

0) Unzip the attached zip file. It contains sources as well as ready to use jar 
files in respective target directories. 
1) Download 
http://mirrors.gigenet.com/apache//felix/org.apache.felix.main.distribution-4.2.1.zip
2) Extract the zip file & goto felix-framework-4.2.1 directory
3) Download the following & copy to the bundle directory
a) 
http://mirrors.gigenet.com/apache//felix/org.apache.felix.framework.security-2.2.0.jar
b) http://mirrors.gigenet.com/apache//felix/org.apache.felix.log-1.0.1.jar
c) http://mirrors.gigenet.com/apache//felix/org.apache.felix.prefs-1.0.4.jar
4) create a all.policy file with the following content
grant { permission java.security.AllPermission; };
5) Run the following command after replacing <path> with the full path to the 
directory where you extracted the FelixPrefsServiceTest.zip file
java -Djava.security.policy=./all.policy -cp 
./bundle/org.apache.felix.framework.security-2.2.0.jar:./bin/felix.jar:<path>/FelixPrefsServiceTestLauncher/target/FelixPrefsServiceTestLauncher-1.0-SNAPSHOT.jar
 test.felixprefsservicetestlauncher.Main 
file:<path>/FelixPrefsServiceTest/target/FelixPrefsServiceTest-1.0-SNAPSHOT.jar

6) You should see the following message

Starting framework...
Configuring framework security...
Deploying system bundles...
deployed 
file:/Users/riaz/Work/embedded/jes8/felix-framework-4.2.1/bundle/org.apache.felix.log-1.0.1.jar
deployed 
file:/Users/riaz/Work/embedded/jes8/felix-framework-4.2.1/bundle/org.apache.felix.prefs-1.0.4.jar
Deploying application bundle...
deployed 
file:/Users/riaz/NetBeansProjects/FelixPrefsServiceTest/target/FelixPrefsServiceTest-1.0-SNAPSHOT.jar
Exception in thread "main" org.osgi.framework.BundleException: Activator start 
error in bundle test.FelixPrefsServiceTest [4].
at org.apache.felix.framework.Felix.activateBundle(Felix.java:2196)
at org.apache.felix.framework.Felix.startBundle(Felix.java:2064)
at org.apache.felix.framework.BundleImpl.start(BundleImpl.java:955)
at org.apache.felix.framework.BundleImpl.start(BundleImpl.java:942)
at test.felixprefsservicetestlauncher.Main.main(Main.java:66)
Caused by: java.security.AccessControlException: access denied 
(java.io.FilePermission ./felix-cache/bundle3/data/P4.ser read)
at 
java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)
at java.security.AccessController.checkPermission(AccessController.java:549)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkRead(SecurityManager.java:871)
at java.io.File.exists(File.java:731)
at 
org.apache.felix.prefs.impl.DataFileBackingStoreImpl.load(DataFileBackingStoreImpl.java:155)
at 
org.apache.felix.prefs.impl.StreamBackingStoreImpl.update(StreamBackingStoreImpl.java:102)
at org.apache.felix.prefs.PreferencesImpl.sync(PreferencesImpl.java:588)
at 
org.apache.felix.prefs.impl.PreferencesServiceImpl.getSystemPreferences(PreferencesServiceImpl.java:80)
at test.felixprefsservicetest.Activator.start(Activator.java:18)
at 
org.apache.felix.framework.util.SecureAction$Actions.run(SecureAction.java:1605)
at java.security.AccessController.doPrivileged(Native Method)
at 
org.apache.felix.framework.util.SecureAction.startActivator(SecureAction.java:636)
at org.apache.felix.framework.Felix.activateBundle(Felix.java:2146)
... 4 more
                  
> PreferencesService doesn't work if a PermissionAdmin is present
> ---------------------------------------------------------------
>
>                 Key: FELIX-1908
>                 URL: https://issues.apache.org/jira/browse/FELIX-1908
>             Project: Felix
>          Issue Type: Bug
>          Components: Permission Admin, Preferences Service
>    Affects Versions: prefs-1.0.4
>            Reporter: Ulf Dittmer
>         Attachments: FelixPrefsServiceTest.zip
>
>
> If a PermissionAdmin service is present, then a bundle making use of 
> PreferencesService currently needs a 
> "org.osgi.service.prefs.PreferencesService" "get" ServicePermission (which is 
> as it should be), but also a FilePermission for the felix-cache subdirectory 
> that contains the data for the PreferencesService bundle. WIthout it, an 
> attempt to alter preferences results in a security exception.
> A bundle should not have (or need) file access to another bundle's private 
> data.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to