This should be possible. But keep in mind that the local permissions in OSGi are a way to restrict a bundle to a particular set of permissions regardless of what permissions have been granted to the bundle from the PermissionAdmin or ConditionalPermissionAdmin. Have you made any calls to PermissionAdmin or ConditionalPermissionAdmin to manage bundle permissions? If so, have you granted the bundles your custom permission or AllPermissions? Even though you specified the permission in a bundle's local permission, the bundle will not actually have that permission unless you also make sure it is granted the permission from one of the permission admin services. Keep in mind that if you have not made any calls to the permission admin services then the default default permissions for all bundles is AllPermissions.
Also keep in mind that the protection domains for the bundles are controlled exclusively by the Framework's PermissionsAdmin and ConditionalPermissionAdmin. The policy file you use is only to grant permission to code running outside of a bundle class loader. Typically you need to grant AllPermissions to the Framework implementation which it looks like you have done. Tom |------------> | From: | |------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| |[email protected] | >--------------------------------------------------------------------------------------------------------------------------------------------------| |------------> | To: | |------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| |"Equinox development mailing list" <[email protected]> | >--------------------------------------------------------------------------------------------------------------------------------------------------| |------------> | Date: | |------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| |09/06/2009 02:10 PM | >--------------------------------------------------------------------------------------------------------------------------------------------------| |------------> | Subject: | |------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| |Re: [equinox-dev] Problem with custom local permissions | >--------------------------------------------------------------------------------------------------------------------------------------------------| Hi again, Maybe what I am trying to do which was explained in my previous thread is not possible. I would like to know if it is possible to specify custom permissions as local permission setting them in permission.perm file or do I have to specify them by program in the same way as conditional permissions? I have created a custom permission class called MyPermission class which extends from java.security.Permission and I have tried set them in a permissions.perm file as local permissions, is this possible? Thank you in advance > Hi, > > I did not write any bundle which neither reads the permissions nor parses > the text into PermissionInfo. I supposed that I could work in the same way > that I worked with other permissions different to custom permissions, I > mean , I created a policy.policy file where I set ALLPermissions > > grant { > permission java.security.AllPermission; > }; > > then I launched Equinox with SecurityManager in the command line > > > -Djava.security.manager=org.eclipse.osgi.framework.internal.core.FrameworkSe > curityManager > -Djava.security.policy=policy > > and placed the OSGI-INF folder with permissions.perm file into the bundle > directory, what I do not understand is why I have to do what you explained > me if I did not do when I did not use custom permissions. I mean, are > custom permission dealed in different way as ServicePermission or > FilePermission? > > > I have done some tests with local permissions without using custom > permissions and I did not have to create any bundle which read the > permissions.perm file nor parse the text into PermissionInfo. > > Is there some example about how I have to do this? > > Thank you in advance > > >> Have you written (or installed) a bundle which reads the >> permissions.perm >> file, parses the text into PermissionInfos and calls either >> PermissionAdmin or ConditionalPermissionAdmin to set the permissions of >> the bundle? >> >> permissions.perm files are not read by the framework. You need s >> security >> policy bundle installed (for example, as I describe above) to set bundle >> permissions. The framework is policy free. >> -- >> >> BJ Hargrave >> Senior Technical Staff Member, IBM >> OSGi Fellow and CTO of the OSGi Alliance >> [email protected] >> >> office: +1 386 848 1781 >> mobile: +1 386 848 3788 >> >> >> >> >> From: >> "David Conde" <[email protected]> >> To: >> "'Equinox development mailing list'" <[email protected]> >> Date: >> 2009/09/04 07:59 >> Subject: >> [equinox-dev] Problem with custom local permissions >> Sent by: >> [email protected] >> >> >> >> Hi, >> >> I have the next scenario: >> Bundle Service which has a method called addVALUE as shown: >> >> public boolean addValue(String key, Object value) { >> >> SecurityManager security = System.getSecurityManager(); >> if (security != null) { >> security.checkPermission(new >> PlatformConfigurationPermission( >> PlatformConfigurationPermission.WRITE_VALUE)); >> } >> >> } >> >> The problem is that other bundle called consumer which has the next >> permissions.perm file, tries to call this method getting the Security >> Exception shown below: >> >> #TestPlatformConfiguration Permissions File >> (java.io.FilePermission "C:\TestingLog3.log" "write") >> (es.citic.osgi.system.platformConfiguration.PlatformConfigurationPermission >> "PlatformConfigurationPermission" "writeValue") >> >> >> The Exception which was got is: >> Java.security.AccessControlException: Access denied >> (es.citic.osgi.system.platformConfiguration.PlatoformConfigurationPermission >> PlatformConfigurationPermission writeValue) >> >> >> My PlatformConfigurationPermission class extends from Permission. >> >> What am I missing in this implementation? >> >> It looks like as does not recognice what I am writing in the >> permission.perm file. >> >> Any idea >> >> Thank you in advance >> >> David_______________________________________________ >> equinox-dev mailing list >> [email protected] >> https://dev.eclipse.org/mailman/listinfo/equinox-dev >> >> _______________________________________________ >> equinox-dev mailing list >> [email protected] >> https://dev.eclipse.org/mailman/listinfo/equinox-dev >> > > > _______________________________________________ > equinox-dev mailing list > [email protected] > https://dev.eclipse.org/mailman/listinfo/equinox-dev > > _______________________________________________ equinox-dev mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/equinox-dev
<<inline: graycol.gif>>
<<inline: ecblank.gif>>
_______________________________________________ equinox-dev mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/equinox-dev
