You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@felix.apache.org by fm...@apache.org on 2013/12/28 20:53:25 UTC
svn commit: r1553904 - in /felix/trunk/configadmin/src/main:
java/org/apache/felix/cm/impl/helper/ resources/OSGI-INF/
Author: fmeschbe
Date: Sat Dec 28 19:53:25 2013
New Revision: 1553904
URL: http://svn.apache.org/r1553904
Log:
FELIX-4362 Call ManagedService[Factory] methods as privileged actions
The privileged actions are called with an AccessControlContext
created from the ProtectionDomain of the called service's class.
Modified:
felix/trunk/configadmin/src/main/java/org/apache/felix/cm/impl/helper/BaseTracker.java
felix/trunk/configadmin/src/main/java/org/apache/felix/cm/impl/helper/ManagedServiceFactoryTracker.java
felix/trunk/configadmin/src/main/java/org/apache/felix/cm/impl/helper/ManagedServiceTracker.java
felix/trunk/configadmin/src/main/resources/OSGI-INF/permissions.perm
Modified: felix/trunk/configadmin/src/main/java/org/apache/felix/cm/impl/helper/BaseTracker.java
URL: http://svn.apache.org/viewvc/felix/trunk/configadmin/src/main/java/org/apache/felix/cm/impl/helper/BaseTracker.java?rev=1553904&r1=1553903&r2=1553904&view=diff
==============================================================================
--- felix/trunk/configadmin/src/main/java/org/apache/felix/cm/impl/helper/BaseTracker.java (original)
+++ felix/trunk/configadmin/src/main/java/org/apache/felix/cm/impl/helper/BaseTracker.java Sat Dec 28 19:53:25 2013
@@ -19,6 +19,8 @@
package org.apache.felix.cm.impl.helper;
+import java.security.AccessControlContext;
+import java.security.ProtectionDomain;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
@@ -50,7 +52,6 @@ public abstract class BaseTracker<S> ext
private final boolean managedServiceFactory;
-
protected BaseTracker( final ConfigurationManager cm, final boolean managedServiceFactory )
{
super( cm.getBundleContext(), ( managedServiceFactory ? ManagedServiceFactory.class.getName()
@@ -284,4 +285,10 @@ public abstract class BaseTracker<S> ext
return null;
}
+
+ protected AccessControlContext getAccessControlContext( final Object ref )
+ {
+ return new AccessControlContext( new ProtectionDomain[]
+ { ref.getClass().getProtectionDomain() } );
+ }
}
\ No newline at end of file
Modified: felix/trunk/configadmin/src/main/java/org/apache/felix/cm/impl/helper/ManagedServiceFactoryTracker.java
URL: http://svn.apache.org/viewvc/felix/trunk/configadmin/src/main/java/org/apache/felix/cm/impl/helper/ManagedServiceFactoryTracker.java?rev=1553904&r1=1553903&r2=1553904&view=diff
==============================================================================
--- felix/trunk/configadmin/src/main/java/org/apache/felix/cm/impl/helper/ManagedServiceFactoryTracker.java (original)
+++ felix/trunk/configadmin/src/main/java/org/apache/felix/cm/impl/helper/ManagedServiceFactoryTracker.java Sat Dec 28 19:53:25 2013
@@ -18,10 +18,15 @@
*/
package org.apache.felix.cm.impl.helper;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import java.util.Dictionary;
import org.apache.felix.cm.impl.ConfigurationManager;
import org.osgi.framework.ServiceReference;
+import org.osgi.service.cm.ConfigurationException;
import org.osgi.service.cm.ManagedServiceFactory;
public class ManagedServiceFactoryTracker extends BaseTracker<ManagedServiceFactory>
@@ -85,7 +90,7 @@ public class ManagedServiceFactoryTracke
{
Dictionary props = getProperties( properties, reference, configPid.toString(),
factoryPid.toString() );
- service.updated( configPid.toString(), props );
+ updated( service, configPid.toString(), props );
configs.record( configPid, factoryPid, revision );
}
catch ( Throwable t )
@@ -112,7 +117,7 @@ public class ManagedServiceFactoryTracke
{
try
{
- service.deleted( configPid.toString() );
+ deleted( service, configPid.toString() );
configs.record( configPid, factoryPid, -1 );
}
catch ( Throwable t )
@@ -126,4 +131,52 @@ public class ManagedServiceFactoryTracke
}
}
}
+
+
+ private void updated( final ManagedServiceFactory service, final String pid, final Dictionary properties )
+ throws ConfigurationException
+ {
+ if ( System.getSecurityManager() != null )
+ {
+ try
+ {
+ AccessController.doPrivileged( new PrivilegedExceptionAction()
+ {
+ public Object run() throws ConfigurationException
+ {
+ service.updated( pid, properties );
+ return null;
+ }
+ }, getAccessControlContext( service ) );
+ }
+ catch ( PrivilegedActionException e )
+ {
+ throw ( ConfigurationException ) e.getException();
+ }
+ }
+ else
+ {
+ service.updated( pid, properties );
+ }
+ }
+
+
+ private void deleted( final ManagedServiceFactory service, final String pid )
+ {
+ if ( System.getSecurityManager() != null )
+ {
+ AccessController.doPrivileged( new PrivilegedAction()
+ {
+ public Object run()
+ {
+ service.deleted( pid );
+ return null;
+ }
+ }, getAccessControlContext( service ) );
+ }
+ else
+ {
+ service.deleted( pid );
+ }
+ }
}
\ No newline at end of file
Modified: felix/trunk/configadmin/src/main/java/org/apache/felix/cm/impl/helper/ManagedServiceTracker.java
URL: http://svn.apache.org/viewvc/felix/trunk/configadmin/src/main/java/org/apache/felix/cm/impl/helper/ManagedServiceTracker.java?rev=1553904&r1=1553903&r2=1553904&view=diff
==============================================================================
--- felix/trunk/configadmin/src/main/java/org/apache/felix/cm/impl/helper/ManagedServiceTracker.java (original)
+++ felix/trunk/configadmin/src/main/java/org/apache/felix/cm/impl/helper/ManagedServiceTracker.java Sat Dec 28 19:53:25 2013
@@ -19,11 +19,15 @@
package org.apache.felix.cm.impl.helper;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import java.util.Dictionary;
import java.util.Hashtable;
import org.apache.felix.cm.impl.ConfigurationManager;
import org.osgi.framework.ServiceReference;
+import org.osgi.service.cm.ConfigurationException;
import org.osgi.service.cm.ManagedService;
@@ -145,7 +149,7 @@ public class ManagedServiceTracker exten
{
try
{
- srv.updated( properties );
+ updated( srv, properties );
configs.record( configPid, null, revision );
}
catch ( Throwable t )
@@ -157,5 +161,32 @@ public class ManagedServiceTracker exten
this.ungetRealService( service );
}
}
- }
+ }
+
+
+ private void updated( final ManagedService service, final Dictionary properties ) throws ConfigurationException
+ {
+ if ( System.getSecurityManager() != null )
+ {
+ try
+ {
+ AccessController.doPrivileged( new PrivilegedExceptionAction()
+ {
+ public Object run() throws ConfigurationException
+ {
+ service.updated( properties );
+ return null;
+ }
+ }, getAccessControlContext( service ) );
+ }
+ catch ( PrivilegedActionException e )
+ {
+ throw ( ConfigurationException ) e.getException();
+ }
+ }
+ else
+ {
+ service.updated( properties );
+ }
+ }
}
\ No newline at end of file
Modified: felix/trunk/configadmin/src/main/resources/OSGI-INF/permissions.perm
URL: http://svn.apache.org/viewvc/felix/trunk/configadmin/src/main/resources/OSGI-INF/permissions.perm?rev=1553904&r1=1553903&r2=1553904&view=diff
==============================================================================
--- felix/trunk/configadmin/src/main/resources/OSGI-INF/permissions.perm (original)
+++ felix/trunk/configadmin/src/main/resources/OSGI-INF/permissions.perm Sat Dec 28 19:53:25 2013
@@ -41,5 +41,9 @@
# -> FilePersistenceManager
(java.util.PropertyPermission "user.dir" "read")
(java.io.FilePermission "-" "read,write,execute,delete")
+
# -> ConfigurationManager
(org.osgi.framework.ServicePermission "org.apache.felix.cm.PersistenceManager" "register")
+
+# -> BaseTracker.getAccessControlContext
+(java.lang.RuntimePermission "getProtectionDomain")