Karl,
Thank you kindly for your advice. As you suggested, I was able to load
the security provider by passing it as a system bundle activator. Both
the PermissionAdmin and ConditionalPermissionAdmin services are now
starting with the framework. I am using a config file that includes
org.osgi.framework.security=osgi and I have verified that Felix starts
up with a SecurityManager installed. I'm using Felix version is 3.2.2
and Framework Security version 1.4.2.
Unfortunately, I'm running into another problem: I cannot seem to
enforce Java permissions, such as java.io.FilePermission or
java.net.NetPermission. When Felix starts, I immediately give
AllPermission to the System Bundle and PackagePermission to the Log and
configadmin Bundles. I'm not using a policy file, so I apply permissions
pragmatically, like this:
final ConditionalPermissionAdmin cpa = (ConditionalPermissionAdmin)
context.getService(context
.getServiceReference(ConditionalPermissionAdmin.class.getName()));
final ConditionalPermissionUpdate u =
cpa.newConditionalPermissionUpdate();
List<ConditionalPermissionInfo> permlist =
u.getConditionalPermissionInfos();
permlist.clear();
// Give the System Bundle AllPermissions
permlist.add(cpa.newConditionalPermissionInfo(null, new
ConditionInfo[] { new ConditionInfo(
BundleLocationCondition.class.getName(), new String[] {
context.getBundle(0).getLocation() }) },
new PermissionInfo[] { new
PermissionInfo(AllPermission.class.getName(), "*", "*") },
ConditionalPermissionInfo.ALLOW));
// Allow the first two system bundles (Log and ConfigAdmin) to
import org.osgi.framework
permlist.add(cpa.newConditionalPermissionInfo(null, new
ConditionInfo[] { new ConditionInfo(
BundleLocationCondition.class.getName(), new String[] {
context.getBundle(1).getLocation() }) },
new PermissionInfo[] { new
PermissionInfo(PackagePermission.class.getName(), "org.osgi.framework",
PackagePermission.IMPORT) }, ConditionalPermissionInfo.ALLOW));
permlist.add(cpa.newConditionalPermissionInfo(null, new
ConditionInfo[] { new ConditionInfo(
BundleLocationCondition.class.getName(), new String[] {
context.getBundle(2).getLocation() }) },
new PermissionInfo[] { new
PermissionInfo(PackagePermission.class.getName(), "org.osgi.framework",
PackagePermission.IMPORT) }, ConditionalPermissionInfo.ALLOW));
if (!u.commit()) {
throw new ConcurrentModificationException("Permissions changed
during update");
}
When loading untrusted Bundles, I am applying permissions like this:
final ConditionalPermissionAdmin cpa = (ConditionalPermissionAdmin)
context.getService(context
.getServiceReference(ConditionalPermissionAdmin.class.getName()));
final ConditionalPermissionUpdate u =
cpa.newConditionalPermissionUpdate();
final List<ConditionalPermissionInfo> permlist =
u.getConditionalPermissionInfos();
permlist.clear();
// Give the System Bundle AllPermissions
permlist.add(cpa.newConditionalPermissionInfo(null, new
ConditionInfo[] { new ConditionInfo(
BundleLocationCondition.class.getName(), new String[] {
context.getBundle(0).getLocation() }) },
new PermissionInfo[] { new
PermissionInfo(AllPermission.class.getName(), "*", "*") },
ConditionalPermissionInfo.ALLOW));
// Allow the first two system bundles (Log and ConfigAdmin) to
import org.osgi.framework
permlist.add(cpa.newConditionalPermissionInfo(null, new
ConditionInfo[] { new ConditionInfo(
BundleLocationCondition.class.getName(), new String[] {
context.getBundle(1).getLocation() }) },
new PermissionInfo[] { new
PermissionInfo(PackagePermission.class.getName(), "org.osgi.framework",
PackagePermission.IMPORT) }, ConditionalPermissionInfo.ALLOW));
permlist.add(cpa.newConditionalPermissionInfo(null, new
ConditionInfo[] { new ConditionInfo(
BundleLocationCondition.class.getName(), new String[] {
context.getBundle(2).getLocation() }) },
new PermissionInfo[] { new
PermissionInfo(PackagePermission.class.getName(), "org.osgi.framework",
PackagePermission.IMPORT) }, ConditionalPermissionInfo.ALLOW));
// Lock down the untrusted Bundle
permlist.add(cpa.newConditionalPermissionInfo(null, new
ConditionInfo[] { new ConditionInfo(
BundleLocationCondition.class.getName(), new String[] {
newBundle.getLocation() }) }, new PermissionInfo[] {
new PermissionInfo(FilePermission.class.getName(), "<<ALL
FILES>>", "read,write,delete"),
new PermissionInfo(NetPermission.class.getName(), "*", "") },
ConditionalPermissionInfo.DENY));
if (!u.commit()) {
throw new ConcurrentModificationException("Permissions changed
during update");
}
After the above operations, the example untrusted bundle is *not*
prevented from accessing the filesystem or network (I have some test
code in the example untrusted Bundle that writes, reads and deletes a
local temp file and then performs some network operations). If I remove
the PackagePermissions, the Log and configadmin are unable to import the
necessary framework classes, which seems to suggest that OSGi
permissions are being applied. I also installed a tracing
SecurityManager to make sure that permission checks were being performed
(which they were).
Am I running into some default permissions here? Am I missing something?
Thanks,
DCA
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@felix.apache.org
For additional commands, e-mail: users-h...@felix.apache.org