Hi, I am working on a security model based on ConditionalPermissionAdmin. I assume that administrators audit permissions files in bundles and trust them. My model is simple: - If a bundle has a valid permissions file (/OSGI-INF/permissions.perm), I grant it AllPermission (which is reduced by permissions file). - Otherwise (none or invalid permissions file), I grant it the basic permissions (defined externally).
I rely on OSGi Conditions and it works fine, theorically. However, I am facing a problem: 3rd library do not always have a permissions file. So, my first question is: Is it planned to add permissions file into Felix subprojects bundles (Config Admi, Event Admin, etc.)? I also have an other question about Felix security implementation: When a permissions file is invalid, its bundle is considered as if it haven't any permissions file (=AllPermission).Do you consider it is a valid behavior or a bug? I would consider it as a bug because an auditor is not able to detect all syntax problems and will trust a bundle which is not confined to its declared permissions. Romain
