On 10/6/14 06:13 , Andrew Scully wrote:
Hello,
I'm looking into domain security in OSGI. I've assembled a fairly complete
picture of what this would involve, but I have a question which I would
appreciate your thoughts on. It would also be useful to me to check that I
have correctly understood so far.
To reiterate what I think I know (please correct if wrong!):
-I understand that setting permissions for the OSGI framework is something
that must be done programatically using the ConditionalPermissionAdmin
service. This is installed into Felix by an extension bundle.
-A file format is specified for defining permissions declaratively, but no
facility exists to automatically read a file in this format and bootstrap
the policy into the framework during startup (as you can with standard Java
security policies using a -D argument).
-You can implement your own service for reading in such a file and passing
the instructions to the ConditionalPermissionAdmin. Example code for this is
given in the "OSGI in Action" book, which I have seen.
Now here's my question!
As noted in both in OSGI in Action and in this post --
http://apache-felix.18485.x6.nabble.com/Felix-security-td4837010.html -- the
first bundle to "get" the ConditionalPermissionAdmin service effectively
controls the security for the entire framework, as it can change the
permissions to prevent others from changing permissions.
Obviously this is undesirable. The developer trying to secure the runtime
environment will want to ensure that the correct policy is applied without
the possibility of interference.
Furthermore, timing seems important. Surely, if a developer is trying to
prevent certain bundles from being installed, it would be no good if Felix
had already installed those bundles before the "security policy reader"
service had completed?
Therefore my question is this: Is it possible for a developer to guarantee
that their security policy is applied and is being enforced before the
framework starts "proper"?
To put that another way: If I implemented a bundle that read in an OSGI
security policy file and applied these settings to the framework (and then
locked it down preventing any further changes), how would I make sure that
this bundle ran "first"? Ideally, initialization of the rest of the
framework would be postponed until after this bundle had finished its work.
Assuming you are in control of the framework configuration and it is not
compromised, you just need to configure your framework to launch your
security bundle in start level 1 and put all other bundles in start
level 2 or above.
Another option is to not actually create a security bundle per se, but
to simply do it in your launcher. When you create a framework, you get
back the system bundle which you can then use its bundle context to get
the conditional permission service while still in the init phase and
then set up your permission policy before it even attempts to start any
other bundles.
-> richard
Any help hugely appreciated -- it feels like I'm just missing some small
step here!
Cheers, Andy.
--
View this message in context:
http://apache-felix.18485.x6.nabble.com/OSGI-Security-in-Felix-tp5010083.html
Sent from the Apache Felix - Users mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@felix.apache.org
For additional commands, e-mail: users-h...@felix.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@felix.apache.org
For additional commands, e-mail: users-h...@felix.apache.org
