Can you try this on 3.5? The OSGi R4.2 specification (implemented in Equinox 3.5) made a clarification about when the default permissions from PermissionAdmin are used in the presence of the ConditionalPermissionAdmin service.
The default default permissions for PermissionAdmin is AllPermissions. In Equinox 3.4 we would fall back to the PermissionAdmin default permissions if none of the conditions from the ConditionalPermissionAdmin table were satisfied for a particular bundle. The OSGi R4.2 specification has been clarified such that the PermissionAdmin default permissions are ONLY used if the condition table is COMPLETELY empty. Once you add a single condition to the table then bundles must not be granted the PermissionAdmin default permissions. In 3.4 you should set the PermissionAdmin default permissions to a restricted set of permissions or you could set another condition with ConditionalPermissionAdmin which restricts the permissions for all bundle locations. Tom |------------> | From: | |------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| |"David Conde" <[email protected]> | >--------------------------------------------------------------------------------------------------------------------------------------------------| |------------> | To: | |------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| |<[email protected]> | >--------------------------------------------------------------------------------------------------------------------------------------------------| |------------> | Date: | |------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| |05/06/2009 11:08 AM | >--------------------------------------------------------------------------------------------------------------------------------------------------| |------------> | Subject: | |------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| |[equinox-dev] Conditional Permission are not being checked | >--------------------------------------------------------------------------------------------------------------------------------------------------| Hi, I am trying to check Conditional Permssion Admin SErvice in Equinox. For this reason, I create a Bundle consumer, another one called service and another called PermissionManager who will implement the Conditional Permissions for the consumer. The problem is that I do not get any exception when I try to get the service from another location different from my allowed one. My PermissionManager implements BundleActivator and get the service ConditionalPermissionAdmin from the framework in the start method, finally is shown below: private ConditionalPermissionAdmin cpa; condPermRef = context.getServiceReference(ConditionalPermissionAdmin.class .getName()); cpa =(ConditionalPermissionAdmin) context.getService(condPermRef); AccessController.doPrivileged(new PrivilegedAction() { public Object run() { cpa.addConditionalPermissionInfo(new ConditionInfo[]{ new ConditionInfo(BundleLocationCondition.class .getName(), new String[]{context.getBundle().getLocation()}) }, new PermissionInfo[]{ new PermissionInfo( AllPermission.class.getName(), "", "") }); cpa.addConditionalPermissionInfo( new ConditionInfo[]{ new ConditionInfo( BundleLocationCondition.class.getName(), new String[]{"file:C:\\equinoxv34 \\clientserviceconditional.jar"}) }, new PermissionInfo[]{ new PermissionInfo (ServicePermission.class.getName(), "dconde.osgi.serviceconditional.ServiceConditional","GET") }); // Add other permissions return null; // nothing to return } }); If I try to get the Service from another consumer in another location no exception is thrown, and I do not really know what I am missing. What do I need to apply Conditional Permission? I am not applying as the same time Local Permission with permissions.perm, Does this have something to do with my results? I am launching Equinox in this way: java -Djava.security.manager=org.eclipse.osgi.framework.internal.core.FrameworkSecurityManager -Djava.security.policy=policy.policy -jar org.eclipse.osgi_3.4.3.R34x_v20081215-1030.jar –console Any advice will be helpful Thanks in advance David _______________________________________________ equinox-dev mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/equinox-dev
<<inline: graycol.gif>>
<<inline: ecblank.gif>>
_______________________________________________ equinox-dev mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/equinox-dev
