You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@felix.apache.org by Chris Rankin <ra...@gmail.com> on 2022/02/02 11:12:12 UTC

Trouble creating a conditional AdminPermission with Felix 7.0.3 and OSGi Secutiry 2.8.3

Hi,

I am trying to configure OSGi security such that bundles from certain
locations are forbidden from performing anything that requires
AdminPermission. To that end, I have created the following conditional
permission (in Kotlin):

val forbidAdmin = conditionalPermissionAdmin.newConditionalPermissionInfo(
    "forbidAdmin",
    arrayOf(ConditionInfo(BundleLocationCondition::class.java.name,
arrayOf("CAGE/*"))),
    arrayOf(PermissionInfo(AdminPermission::class.java.name, "*", "*")),
    DENY
)

My understanding is that OSGi security will apply this to any bundle
whose location matches "CAGE/*", thus preventing code inside these
bundles from executing (say) Bundle.getBundleContext().

However, Felix does not appear to be applying the ConditionInfo
correctly because my bundles are still successfully invoking
Bundle.getBundleContext(). Even more frustrating is that I have
already used this exact same ConditonInfo to restrict these bundles'
ServicePermissions.

I cannot understand why Felix Security is parsing this ConditionInfo
differently for AdminPermission than it is for ServicePermission. Can
anyone see what I may be doing wrong please?

Thanks,
Chris Rankin

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@felix.apache.org
For additional commands, e-mail: users-help@felix.apache.org