Thanks Tom, that was really helpful. At this point I wonder if the only way to configure a secure framework is to make sure you start a bundle right after the framework has booted which will configure the (C)PA? Any other ways to achieve that in addition to having a custom launcher? I'm looking for a best practice here :-) Why custom launcher - I suppose that's safer because it won't be affected by any provisioning mechanism that can reorder your bundles' start or rewrite your config.ini.
Thanks, Borislav On Dec 7, 2011 8:56 PM, "Thomas Watson" <[email protected]> wrote: > The policy file (specified by java.security.policy) is only used by class > loaders that extend SecureClassloader. So things like the URLClassLoader, > the application and extension class loader etc. A bundle's class loader > does not pay attention to the java.security.policy file. > > The protection domains used by the OSGi bundle class loaders are only > configured by the ConditionalPermissionAdmin and the deprecated > PermissionAdmin services. By default if no permissions are set through the > [Conditional]PermissionAdmin services then the bundles get AllPermission by > default. Section 50.11 of the Core OSGi specification gives more details > on this. > > Tom > > > > > > From: Borislav Kapukaranov <[email protected]> > > To: Equinox development mailing list <[email protected]>, > > Date: 12/07/2011 11:18 AM > > Subject: [equinox-dev] OSGi security manager in Equinox > > > > > > > Hi folks, > > I'm playing with OSGi's security manager in Equinox and the implementation > of the Conditional Permissions Admin called SecurityAdmin. > My setup is Equinox + some other bundles. This is launched by the > equinox.launcher and I've passed the following as system properties: > -Declipse.security=osgi > -Djava.security.policy="my.policy > The policy looks like that > keystore "myKeystore"; > grant signedBy "myself" { > permission java.security.AllPermission; > }; > I have signed all bundles in /plugins with that keystore and granted them > all premissions with the policy. > > The first thing I noticed is that without a policy file the framework still > starts. That is because when we are in OSGi security mode the launcher adds > all permissions to itself and the framework. > I created a simple bundle that in its Activator creates a directory at a > location different from it's data file. It doesn't have any local > permissions. > The call went into the EquinoxSecurityManager then started checking for > implied permissions at the AccessControlContext. The important point is > checking the Protection Domains. It went through two of them: > 1. The system bundle's protection domain as the system bundle triggered the > Activator of my bundle. > 2. The bundle's protection domain, probably for local permissions. > 1) has all permission as it is the framework and 2) doesn't have any local > permission therefore by specification gets AllPermission. > So far so good. > > My question is how the EquinoxSecurityManager is expected to be configured? > From what I've seen the policy file syntax doesn't support the permission > syntax defined in the OSGi specification(ALLOW, DENY). > Does that mean OSGi's security manager is configured only by a bundle > interacting with the Conditional Permission Admin service? > Also does the policy file play any role at all in such setup? I suspect > it's relevant only for pure Java security setup. > > Thanks, > Borislav_______________________________________________ > equinox-dev mailing list > [email protected] > https://dev.eclipse.org/mailman/listinfo/equinox-dev > > > > _______________________________________________ > equinox-dev mailing list > [email protected] > https://dev.eclipse.org/mailman/listinfo/equinox-dev >
_______________________________________________ equinox-dev mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/equinox-dev
