You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@felix.apache.org by "Christoph Nölle (JIRA)" <ji...@apache.org> on 2018/09/26 17:43:00 UTC
[jira] [Comment Edited] (FELIX-5911) [Configurator] Too restrictive
permissions.perm file
[ https://issues.apache.org/jira/browse/FELIX-5911?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16629185#comment-16629185 ]
Christoph Nölle edited comment on FELIX-5911 at 9/26/18 5:42 PM:
-----------------------------------------------------------------
I was not referring to the permissions of the Java runtime. According to the security spec (50.2.1 Local Permissions):
[https://osgi.org/specification/osgi.core/7.0.0/service.condpermadmin.html#i1534520]
??Local permissions are defined by a Bundle Permission Resource that is contained in the bundle; this resource defines a set of _permissions_. These permissions must be enforced by the Framework for the given bundle. That is, a bundle can get less permissions than the local permissions but it can never get more permissions.??
The remainder of the section is also very clear about it: adding a permission to ConditionalPermissionAdmin does not overwrite the local perms.
was (Author: cnoelle):
I was not referring to the permissions of the Java runtime. According to the security spec [50.2.1 Local Permissions, https://osgi.org/specification/osgi.core/7.0.0/service.condpermadmin.html#i1534520]:
??Local permissions are defined by a Bundle Permission Resource that is contained in the bundle; this resource defines a set of _permissions_. These permissions must be enforced by the Framework for the given bundle. That is, a bundle can get less permissions than the local permissions but it can never get more permissions.??
The remainder of the section is also very clear about it: adding a permission to ConditionalPermissionAdmin does not overwrite the local perms.
> [Configurator] Too restrictive permissions.perm file
> ----------------------------------------------------
>
> Key: FELIX-5911
> URL: https://issues.apache.org/jira/browse/FELIX-5911
> Project: Felix
> Issue Type: Bug
> Components: Configurator
> Affects Versions: configurator-1.0.4, configurator-1.0.6
> Reporter: Christoph Nölle
> Assignee: Carsten Ziegeler
> Priority: Major
> Fix For: configurator-1.0.8
>
>
> Configurator currently requests
> (java.io.FilePermission "-" "read,write,execute,delete")
> in its permissions.perm file (the "-" means all files and subfolders within and below the current working dir). However, the bundle tries to access files in the bundle storage area as well, whose location we cannot anticipate here. It can be configured by means of a framework property, for instance. The correct permission would be
> (java.io.FilePermission "<<ALL FILES>>" "read,write,execute,delete")
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)