You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@felix.apache.org by "Richard S. Hall (Updated) (JIRA)" <ji...@apache.org> on 2012/02/29 21:15:57 UTC
[jira] [Updated] (FELIX-3367) getClassloader permission
[ https://issues.apache.org/jira/browse/FELIX-3367?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Richard S. Hall updated FELIX-3367:
-----------------------------------
Fix Version/s: framework-4.2.0
It looks like the issue is in getBootDelegationClassLoader(), we should be have a privileged block around getting the parent class loader, which is what is causing the issue. Putting the privileged block around creating the instance is probably too broad.
> getClassloader permission
> -------------------------
>
> Key: FELIX-3367
> URL: https://issues.apache.org/jira/browse/FELIX-3367
> Project: Felix
> Issue Type: Bug
> Components: Framework
> Affects Versions: framework-3.2.2
> Reporter: Andie Similon
> Fix For: framework-4.2.0
>
>
> When I deny getClassloader with conditional permission admin for a specific bundle the bundle throws a securityexception when starting the bundle.
> org.osgi.framework.BundleException: Activator start error in bundle HelloBundle [3].
> at org.apache.felix.framework.Felix.activateBundle (Felix.java:1908)
> at org.apache.felix.framework.Felix.startBundle (Felix.java:1783)
> at org.apache.felix.framework.BundleImpl.start (BundleImpl.java:919)
> at com.technicolor.osgi.bundle.bm.tasks.StartTask.run (StartTask.java:77)
> at com.technicolor.osgi.bundle.bm.TaskQueue$1.run (TaskQueue.java:92)
> at java.lang.Thread.run (Unknown Source, bco=16)
> Caused by: java.lang.SecurityException: java.security.AccessControlException: permission failure
> at org.apache.felix.framework.Felix$1.checkPermission (Felix.java:586)
> at java.lang.ClassLoader.getParent (Unknown Source, bco=36)
> at org.apache.felix.framework.ModuleImpl.getBootDelegationClassLoader (ModuleImpl.java:1654)
> at org.apache.felix.framework.ModuleImpl.findClassOrResourceByDelegation (ModuleImpl.java:697)
> at org.apache.felix.framework.ModuleImpl.access$400 (ModuleImpl.java:71)
> at org.apache.felix.framework.ModuleImpl$ModuleClassLoader.loadClass (ModuleImpl.java:1768)
> at java.lang.ClassLoader.loadClass (Native Method)
> at java.lang.ClassLoader.handleLoadClass (Native Method)
> at java.lang.ClassLoader.handleLoadClass (Native Method)
> at HelloBundle.Activator.<init> (Activator.java:12)
> at org.apache.felix.framework.Felix.createBundleActivator (Felix.java:3716)
> at org.apache.felix.framework.Felix.activateBundle (Felix.java:1856)
> ... 5 more
> Caused by: java.security.AccessControlException: permission failure
> at java.security.AccessControlContext.checkPermission (Unknown Source, bco=47)
> at java.security.AccessController.checkPermission (Unknown Source, bco=21)
> at java.lang.SecurityManager.checkPermission (Unknown Source, bco=4)
> at org.apache.felix.framework.Felix$1.checkPermission (Felix.java:587)
> ... 16 more
> shouldn't "activator = (BundleActivator) clazz.newInstance();" in createBundleActivator happen in doPrivileged ? For example:
> try {
> activator = (BundleActivator) AccessController.doPrivileged(new PrivilegedExceptionAction() {
> public Object run() throws Exception {
> return (BundleActivator) clazz.newInstance();
> }
> });
> } catch (PrivilegedActionException e) {
> throw e.getException();
> }
> works.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira