I had tried that and every bundle is (correctly) allowed to do everything;
the problem is when starting to restrict policies...
Anyway, I've just managed to make a further step; even if I'm almost sure I
ha dalready tried this way, now something is working as expected... With
DENY {
[org.osgi.service.condpermadmin.BundleLocationCondition
"file:.\\bundle\\plugins*"]
( java.io.FilePermission "*" "write")
} "We deny bundles to write file otherwise"
ALLOW {
( java.security.AllPermission "*" "*")
} "But give all other not denied permissions to all bundles"/
I'm able to DENY file access permission to the bundles in ".\bundle\plugins"
folder.
In order to distinguish between signed and not signed bundle in that folder
I added a BundleSignerCondition *after* the DENY condition like this:
/ALLOW {
[org.osgi.service.condpermadmin.BundleSignerCondition "CN=logboxIP,
O=CRF,
OU=ITS, L=Trento C=IT"]
( java.io.FilePermission "*" "read, write")
} "We allow signed bundles to write file"
but this is not "overriding" the DENY condition for the whole
".\bundle\plugins" folder... How could be this accomplished?
--
View this message in context:
http://apache-felix.18485.x6.nabble.com/Problem-with-Felix-security-and-bundle-policies-tp5006903p5006948.html
Sent from the Apache Felix - Users mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
