Re: Osgi security

Sat, 19 Jun 2010 00:35:10 -0700 

Hi Roshan,
Policy files can't handle the dynamic permissions you need. You just have to grant AllPermission to any code in your policy file. Then, permissions regarding each bundle are handle by PermissionAdmin or ConditionalPermissionAdmin services from framework.security. When you use those services, you first have to grant AllPermission to the system core bundle & the bundle using the PermissionAdmin service. For example, to grant AllPermission to the system bundle (bundle number 0): 


           final ConditionalPermissionAdmin cpa =

                (ConditionalPermissionAdmin)  
context.getService(context.getServiceReference(ConditionalPermissionAdmin.class.getName()));




            final ConditionalPermissionUpdate condPermUpdate =  
cpa.newConditionalPermissionUpdate();
            final List<ConditionalPermissionInfo> permlist =  
condPermUpdate.getConditionalPermissionInfos();


            permlist.add(cpa.newConditionalPermissionInfo(null,
                        new ConditionInfo[]{

                                new  
ConditionInfo(BundleLocationCondition.class.getName(),

                                        new String[]{

                                                 
context.getBundle(0).getLocation()

                                        }
                                )
                        },
                        new PermissionInfo[]{

                                new  
PermissionInfo(AllPermission.class.getName(),"", "")

                        },
                        "allow"));

Hope that helps,

François


"Roshan A. Punnoose" <rpunno...@proteuseng.com> a écrit :


Hi,


I am new to Java/OSGi security. I want to be able to specify a  
policy file that will be able to start up my OSGi container but will  
only install bundles that I have signed. Currently, I have  
downloaded the felix framework, and I have the framework.security  
project installed in it.


My current policy file looks like this:

grant codeBase "file:./bin/-" {
 permission java.security.AllPermission;
};

grant codeBase "http://felix.extensions:9/"; {
 permission java.security.AllPermission;
};


This will let me let the felix.jar start and access file/system  
permissions, and the second grant allows the framework.security jar  
to be installed.



Now what do I have to add to this to force only my signed bundles to  
be installed? It seems like right now it lets any bundles install  
and run. (I guess it is using the felix.jar AllPermission to run?)


Any ideas?


Also, I noticed that there are Bundle/Package/Service Permissions in  
felix. How do I go about using that? (I read the spec, but I'm  
unsure where framework.security fits in this?)


Any help would be greatly appreciated.

Roshan Punnoose
rpunno...@proteuseng.com
Proteus Technologies




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@felix.apache.org
For additional commands, e-mail: users-h...@felix.apache.org







---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@felix.apache.org
For additional commands, e-mail: users-h...@felix.apache.org























					Reply via email to