Dear Karl Thank you very much for the tip! Now it works!
With best regards Hasan Karl Pauls wrote:
Well, this really is starting to go more into the java security model but as you can see in the slides too the issue seems to be that scr is on the call stack. You did give your bundle allpermissions but the the scr bundle -- hence, the exception. Now, given scr allpermission with scr being on the call stack is more tricky because you have a circular dependency. The way to solve this is either to give all bundles from a certain location prefix allpermissions or you need to make sure you do security sensitive calls in a doPriviledged block. In other words, try something like: AccessController.doPrivileged(new PrivilegedAction() { public Object run() { ´cpa.addConditionalPermissionInfo(new ConditionInfo[]{ new ConditionInfo(BundleLocationCondition.class.getName(), new String[]{context.getBundleContext().getBundle(1).getLocation()}) }, new PermissionInfo[]{ new PermissionInfo( AllPermission.class.getName(), "", "") }); // Add other permissions return null; // nothing to return } }); regards, Karl On Mon, Nov 24, 2008 at 3:33 PM, Hasan <[EMAIL PROTECTED]> wrote:Dear Karl, We tried your suggestions as follows: we add these lines in the activate method of our management agent cpa.addConditionalPermissionInfo(new ConditionInfo[]{ new ConditionInfo(BundleLocationCondition.class.getName(), new String[]{context.getBundleContext().getBundle().getLocation()}) }, new PermissionInfo[]{ new PermissionInfo( AllPermission.class.getName(), "", "") }); System.out.println("test"); cpa.addConditionalPermissionInfo(new ConditionInfo[]{ new ConditionInfo(BundleLocationCondition.class.getName(), new String[]{context.getBundleContext().getBundle(1).getLocation()}) }, new PermissionInfo[]{ new PermissionInfo( AllPermission.class.getName(), "", "") }); with the following results: -> start file:///home/hasan/workspaces/trialox/spike/permmgmtagent/target/permmgmt-1.0-SNAPSHOT.jar -> Binding ConditionalPermissionAdmin Activating PermissionManager test ERROR: org.example.trialox.permmgmt (6): [org.example.trialox.permmgmt.PermissionManager] The activate method has thrown an exception java.security.AccessControlException: access denied (org.osgi.framework.AdminPermission (id=1) metadata) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323) at java.security.AccessController.checkPermission(AccessController.java:546) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at org.apache.felix.framework.BundleImpl.getLocation(BundleImpl.java:159) at org.example.trialox.permmgmt.PermissionManager.activate(PermissionManager.java:49) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.felix.scr.impl.ImmediateComponentManager.createImplementationObject(ImmediateComponentManager.java:226) at org.apache.felix.scr.impl.ImmediateComponentManager.createComponent(ImmediateComponentManager.java:133) at org.apache.felix.scr.impl.AbstractComponentManager.activateInternal(AbstractComponentManager.java:476) at org.apache.felix.scr.impl.AbstractComponentManager.enableInternal(AbstractComponentManager.java:398) at org.apache.felix.scr.impl.AbstractComponentManager.access$000(AbstractComponentManager.java:36) at org.apache.felix.scr.impl.AbstractComponentManager$1.run(AbstractComponentManager.java:99) at org.apache.felix.scr.impl.ComponentActorThread.run(ComponentActorThread.java:85) It seems we can give the management agent all permissions but we cannot give bundle 1 all permissions. Do we miss something here? We have taken a look at the slide sets from the link. Could we probably have access to the codes of those tasks mentioned in the slides? Thanks and best regards Hasan Karl Pauls wrote:Well, you have to understand that as soon as you use (i.e., set permissions) any of the permission services you define the permission space for all bundles. So the first thing for your management agent (i.e., the bundle that you present below) is to give itself allpermission! Next, it probably is a good idea to give allpermission to bundle 1,2, and 4. In case you want to use obr give allpermission to bundle 3 as well. Then you can define the permissions for your other bundles on a more fine grained basis. regards, Karl p.s.: not sure whether this will help you: http://felix.apache.org/site/presentations.data/Building%20Secure%20OSGi%20Applications.pdf On Mon, Nov 24, 2008 at 2:23 PM, Hasan <[EMAIL PROTECTED]> wrote:Dear Karl We have built the framework.security and installed it as a bundle. Additionally, we have written two bundles: TestBundle and PermissionManager. The TestBundle is supposed to be able to create a file if the PermissionManager sets the required Permissions. We use scr to bind the ConditionalPermissionAdmin service in the PermissionManager. However, we already got errors when we install and start PermissionManager. (the command services in felix listed no service and the command ps in felix said StartLevel service is unavailable). Could you please advice what we may have done wrong? what we have to do before we may define permissions? Please find below the contents of PermissionManager and the output of felix session. The contents of PermissionManager: ---------------------------------- package org.example.permmgmt; import java.io.FilePermission; import org.osgi.service.component.ComponentContext; import org.osgi.service.condpermadmin.BundleLocationCondition; import org.osgi.service.condpermadmin.ConditionInfo; import org.osgi.service.condpermadmin.ConditionalPermissionAdmin; import org.osgi.service.permissionadmin.PermissionInfo; /** * * @scr.component * @scr.reference name="conditionalPermissionAdmin" * cardinality="0..n" policy="dynamic" * interface="org.osgi.service.condpermadmin.ConditionalPermissionAdmin" * */ public class PermissionManager { private ConditionalPermissionAdmin cpa; protected void activate(ComponentContext context) throws Exception { System.out.println("Activating PermissionManager"); if (cpa == null) { System.out.println("No ConditionalPermissionAdmin service"); return; } cpa.addConditionalPermissionInfo( new ConditionInfo[]{ new ConditionInfo( BundleLocationCondition.class.getName(), new String[]{"file:/home/hasan/workspaces/testbundle1/target/testbundle1-1.0-SNAPSHOT.jar"}) }, new PermissionInfo[]{ new PermissionInfo( FilePermission.class.getName(), "helloWorld.txt", "write") }); System.out.println("cpi added"); } protected void bindConditionalPermissionAdmin(ConditionalPermissionAdmin cpa) { System.out.println("Binding ConditionalPermissionAdmin"); this.cpa = cpa; } protected void unbindConditionalPermissionAdmin(ConditionalPermissionAdmin cpa) { this.cpa = null; } } And the output of felix: ------------------------ Welcome to Felix. ================= -> ps START LEVEL 1 ID State Level Name [ 0] [Active ] [ 0] System Bundle (1.4.0) [ 1] [Active ] [ 1] Apache Felix Shell Service (1.0.2) [ 2] [Active ] [ 1] Apache Felix Shell TUI (1.0.2) [ 3] [Active ] [ 1] Apache Felix Bundle Repository (1.2.1) -> start http://mirror.switch.ch/mirror/apache/dist/felix/org.apache.felix.scr-1.0.6.jar -> start file:///home/hasan/workspaces/framework.security/target/org.apache.felix.framework.security-0.9.0-SNAPSHOT.jar -> ps START LEVEL 1 ID State Level Name [ 0] [Active ] [ 0] System Bundle (1.4.0) [ 1] [Active ] [ 1] Apache Felix Shell Service (1.0.2) [ 2] [Active ] [ 1] Apache Felix Shell TUI (1.0.2) [ 3] [Active ] [ 1] Apache Felix Bundle Repository (1.2.1) [ 4] [Active ] [ 1] Apache Felix Declarative Services (1.0.6) [ 5] [Resolved ] [ 1] Apache Felix Security Provider (0.9.0.SNAPSHOT) -> services System Bundle (0) provides: --------------------------- org.osgi.service.startlevel.StartLevel org.osgi.service.packageadmin.PackageAdmin org.osgi.service.permissionadmin.PermissionAdmin org.osgi.service.condpermadmin.ConditionalPermissionAdmin Apache Felix Shell Service (1) provides: ---------------------------------------- org.apache.felix.shell.ShellService, org.ungoverned.osgi.service.shell.ShellService Apache Felix Bundle Repository (3) provides: -------------------------------------------- org.osgi.service.obr.RepositoryAdmin Apache Felix Declarative Services (4) provides: ----------------------------------------------- org.apache.felix.scr.ScrService -> start file:///home/hasan/workspaces/permmgmtagent/target/permmgmt-1.0-SNAPSHOT.jar -> Binding ConditionalPermissionAdmin Activating PermissionManager -> services -> ps StartLevel service is unavailable. ID State Name ShellTui: java.security.AccessControlException: access denied (org.osgi.framework.AdminPermission (id=0) metadata) java.security.AccessControlException: access denied (org.osgi.framework.AdminPermission (id=0) metadata) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:323) at java.security.AccessController.checkPermission(AccessController.java:546) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at org.apache.felix.framework.Felix.getHeaders(Felix.java:480) at org.apache.felix.framework.Felix.getHeaders(Felix.java:471) at org.apache.felix.shell.impl.PsCommandImpl.execute(PsCommandImpl.java:128) at org.apache.felix.shell.impl.Activator$ExecutePrivileged.run(Activator.java:365) at java.security.AccessController.doPrivileged(Native Method) at org.apache.felix.shell.impl.Activator$ShellServiceImpl.executeCommand(Activator.java:264) at org.apache.felix.shell.tui.Activator$ShellTuiRunnable.run(Activator.java:167) at java.lang.Thread.run(Thread.java:619) Thanks and kind regards Hasan Hasan wrote:Dear Karl, dear Pierre, Thanks for the prompt reply. I will try Karl's suggestion. Best regards Hasan Karl Pauls wrote:Hello Hasan, the framework needs allpermission. That is what the OSGi specification requires. It might be possible to limit it to specific permissions but it wouldn't be much left. Now, when the framework has allpermissions that doesn't have to imply that bundles have allpermissions as well. However, at the moment that is the case if you use the standard felix only. What you would have to do is to use the PermissionAdmin service or the ConditionalPermissionAdmin service to set the permissions for a bundle. Problem is, we don't have released versions of the two services. We do have some implementations in trunk but they are in an alpha state. In case you want to give it a try: build the framework.security subproject (in trunk/framework.security) and install the resulting artifact as a bundle into felix. That will make the two services available. See the core spec for how to use them. regards, Karl On Mon, Nov 24, 2008 at 10:50 AM, Hasan <[EMAIL PROTECTED]> wrote:Thanks Pierre, My intention is just to give as many permissions as necessary to felix, but not all. Thus, I assume there must be a way to define permissions for felix so that it can install a new bundle without throwing exceptions. Since, if I gave felix all permissions there is no such exception thrown. Kind regards Hasan Pierre Parrend wrote:Dear Hassan, with the permissions, you have to define a specific URL Handler for the http protocol. See the class org.apache.felix.framework.URLHandlers (from my memory, the name may be slighty different) for examples for other protocols. I have an implementation on another computer, you should manage to adapt the code yourself, otherwise I can look for my old code. best regards, Pierre Hasan wrote:Dear Pierre, dear all Thanks for the file. I use and modify your file (see below). With this policy file however, I cannot install a new bundle. It throwed java.net.MalformedURLException: Welcome to Felix. ================= -> install http://mirror.switch.ch/mirror/apache/dist/felix/org.apache.felix.scr-1.0.6.jar java.net.MalformedURLException: Unknown protocol: http What must be added to the policy file so that it works? Thanks in advance for answering. -- BEGIN of my additional policy file used when starting felix-1.4.0 -- grant codeBase "file:${user.home}/sw/felix-1.4.0/-" { permission java.util.PropertyPermission "*", "read,write"; permission java.io.FilePermission "${user.home}/sw/felix-1.4.0/conf/*", "read"; permission java.io.FilePermission "${user.home}/sw/felix-1.4.0/-", "read,write,delete"; // permission java.io.FilePermission "${user.home}/-", "read,write,delete"; permission java.io.FilePermission "bundle.lastmodified", "read"; permission java.io.FilePermission "bundle/*", "read"; permission java.io.FilePermission "./felix-cache", "read,write"; permission java.io.FilePermission "./felix-cache/-", "read,write,delete"; permission java.net.NetPermission "specifyStreamHandler"; // permission java.net.SocketPermission "*", "resolve, connect"; permission java.net.SocketPermission "*", "accept,connect,listen,resolve"; permission java.lang.RuntimePermission "createSecurityManager"; permission java.lang.RuntimePermission "getProtectionDomain"; permission java.lang.RuntimePermission "setFactory"; permission java.lang.RuntimePermission "createClassLoader"; permission java.lang.RuntimePermission "accessClassInPackage.sun.reflect"; permission java.lang.RuntimePermission "accessDeclaredMembers"; permission java.lang.RuntimePermission "shutdownHooks"; permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; permission org.osgi.framework.AdminPermission "*", "lifecycle"; permission org.osgi.framework.AdminPermission "*", "metadata"; permission org.osgi.framework.AdminPermission "*", "listener"; permission org.osgi.framework.AdminPermission "*", "execute"; permission org.osgi.framework.AdminPermission "*", "startlevel"; permission org.osgi.framework.AdminPermission "*", "extensionLifecycle"; permission org.osgi.framework.PackagePermission "*", "export,import"; permission org.osgi.framework.ServicePermission "*", "register,get"; }; -- END of my additional policy file used when starting felix-1.4.0 -- Kind regards Hasan Pierre Parrend wrote:Dear Hasan, dear all, here is a permission file which I used some times ago. You need to adapt it to your own configuration, and probably to update it to match the current state of the Felix implementation: grant codeBase "file:$FELIX_HOME/-" { permission java.util.PropertyPermission "*", "read,write"; permission java.io.FilePermission "$FELIX_HOME/main/conf/*", "read"; permission java.io.FilePermission "$USER_HOME/-", "read,write,delete"; permission java.io.FilePermission "bundle.lastmodified", "read"; permission java.io.FilePermission "bundle/*", "read"; permission java.net.NetPermission "specifyStreamHandler"; permission java.net.SocketPermission "*", "resolve, connect"; permission java.lang.RuntimePermission "createSecurityManager"; permission java.lang.RuntimePermission "getProtectionDomain"; permission java.lang.RuntimePermission "setFactory"; permission java.lang.RuntimePermission "createClassLoader"; permission java.lang.RuntimePermission "accessClassInPackage.sun.reflect"; permission java.lang.RuntimePermission "accessDeclaredMembers"; permission java.lang.RuntimePermission "shutdownHooks"; permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; permission org.osgi.framework.AdminPermission "*", "lifecycle"; permission org.osgi.framework.AdminPermission "*", "metadata"; permission org.osgi.framework.AdminPermission "*", "listener"; permission org.osgi.framework.AdminPermission "*", "execute"; permission org.osgi.framework.PackagePermission "*", "export"; permission org.osgi.framework.ServicePermission "*", "register, get"; }; When reading the file, I wonder while the PackagePermission is set to 'export' only, and do not include 'import'. If you get errors you should add it simply. best regards, Pierre -- ============================================================== Pierre Parrend Software Engineering (SE) Tel: +49 721 9654 - 620 Fax: +49 721 9654 - 623 E-Mail: [EMAIL PROTECTED] ============================================================== FZI Forschungszentrum Informatik an der Universität Karlsruhe Haid-und-Neu-Str. 10-14, 76131 Karlsruhe Tel.: +49 721 9654 - 0, Fax: +49 721 9654 - 959 Stiftung des bürgerlichen Rechts Stiftung Az: 14-0563.1 Regierungspräsidium Karlsruhe Vorstand: Prof. Dr.-Ing. Rüdiger Dillmann Dipl. Wi.-Ing. Michael Flor Prof. Dr. Dr.-Ing. Jivka Ovtcharova Prof. Dr. rer. nat. Rudi Studer Vorsitzender des Kuratoriums: Ministerialdirigent Günther Leßnerkraus ============================================================== -----Original Message----- From: Hasan [mailto:[EMAIL PROTECTED] Sent: Wed 11/19/2008 11:36 AM To: [email protected] Subject: Re: Please help in enabling security Hi again, If I put the following line in all.policy grant { permission java.security.AllPermission; }; then I can start felix successfully. I hope this solve my problem starting felix with security enabled. Note, that in the slide set "Building Secure OSGi Applications" the line reads as follows which I think is wrong: grant { permission java.lang.AllPermission }; Regards Hasan Hasan wrote:Dear all We would like to use osgi security mechanism (conditional permission admin) and thus are trying to enable security when invoking felix (version 1.4.0) as follows $ java -Djava.security.manager -Djava.security.policy=all.policy -jar bin/felix.jar There were some AccessControlException which we could fix by adapting java.policy file In the end however, we got a NullPointerException as shown below. -- BEGIN OF FELIX ERROR MESSAGE -- Welcome to Felix. ================= ERROR: Unable to start system bundle. (java.lang.NullPointerException: Specified service reference cannot be null.) java.lang.NullPointerException: Specified service reference cannot be null. atorg.apache.felix.framework.BundleContextImpl.getService(BundleContextImpl.ja va:320)atorg.apache.felix.main.AutoActivator.processAutoProperties(AutoActivator.java :77)at org.apache.felix.main.AutoActivator.start(AutoActivator.java:55) atorg.apache.felix.framework.util.SecureAction$Actions.run(SecureAction.java:1 071)at java.security.AccessController.doPrivileged(Native Method) atorg.apache.felix.framework.util.SecureAction.startActivator(SecureAction.jav a:580)atorg.apache.felix.framework.Felix$SystemBundleActivator.start(Felix.java:3761 )atorg.apache.felix.framework.util.SecureAction$Actions.run(SecureAction.java:1 071)at java.security.AccessController.doPrivileged(Native Method) atorg.apache.felix.framework.util.SecureAction.startActivator(SecureAction.jav a:580)at org.apache.felix.framework.Felix.init(Felix.java:849) at org.apache.felix.framework.Felix.start(Felix.java:881) at org.apache.felix.main.Main.main(Main.java:213) Could not create framework: java.lang.RuntimeException: Unable to start system bundle. java.lang.RuntimeException: Unable to start system bundle. at org.apache.felix.framework.Felix.init(Felix.java:857) at org.apache.felix.framework.Felix.start(Felix.java:881) at org.apache.felix.main.Main.main(Main.java:213) -- END OF FELIX ERROR MESSAGE -- Any help and tips to enable security and solve this problem is highly appreciated. Kind regards Hasan-- --trialox ag-------------------------------------- Hasan Hasan Binzmühlestrasse 14 CH-8050 Zürich Tel: 0041-44-63 57577 Fax: 0041-44-63 57574 URL: http://www.trialox.ch --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]-- --trialox ag-------------------------------------- Hasan Hasan Binzmühlestrasse 14 CH-8050 Zürich Tel: 0041-44-63 57577 Fax: 0041-44-63 57574 URL: http://www.trialox.ch-- --trialox ag-------------------------------------- Hasan Hasan Binzmühlestrasse 14 CH-8050 Zürich Tel: 0041-44-63 57577 Fax: 0041-44-63 57574 URL: http://www.trialox.ch --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
-- --trialox ag-------------------------------------- Hasan Hasan Binzmühlestrasse 14 CH-8050 Zürich Tel: 0041-44-63 57577 Fax: 0041-44-63 57574 URL: http://www.trialox.ch --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
