You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@felix.apache.org by "Felix Meschberger (JIRA)" <ji...@apache.org> on 2013/08/14 10:01:53 UTC
[jira] [Assigned] (FELIX-4039) Add Permissions file in ConfigAdmin
bundle
[ https://issues.apache.org/jira/browse/FELIX-4039?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Felix Meschberger reassigned FELIX-4039:
----------------------------------------
Assignee: Felix Meschberger
> Add Permissions file in ConfigAdmin bundle
> -------------------------------------------
>
> Key: FELIX-4039
> URL: https://issues.apache.org/jira/browse/FELIX-4039
> Project: Felix
> Issue Type: Improvement
> Components: Configuration Admin
> Affects Versions: configadmin-1.6.0
> Reporter: Romain Dubois
> Assignee: Felix Meschberger
> Priority: Minor
> Labels: security
> Fix For: configadmin-1.6.2
>
>
> Most of felix bundles should have a permissions file.
> For ConfigAdmin bundle, I suggest the following content for "OSGI-INF/permissions.perm" file:
> # Apache Felix Configuration Admin Service
> # Bundle permissions
> #
> # Imported/Exported packages
> # -> MANIFEST.MF
> (org.osgi.framework.PackagePermission "org.osgi.service.log" "import")
> (org.osgi.framework.PackagePermission "org.osgi.framework" "import")
> (org.osgi.framework.PackagePermission "org.osgi.service.cm" "import,exportonly")
> (org.osgi.framework.PackagePermission "org.apache.felix.cm" "import,exportonly")
> (org.osgi.framework.PackagePermission "org.apache.felix.cm.file" "import,exportonly")
> # General bundle permissions
> (java.util.PropertyPermission "felix.cm.*" "read")
> (org.osgi.framework.ServicePermission "org.apache.felix.cm.*" "get,register")
> (org.osgi.framework.ServicePermission "org.osgi.service.cm.*" "get,register")
> (org.osgi.framework.ServicePermission "org.osgi.service.log.LogService" "get")
> # Manage configurations
> # -> ConfigurationAdminImpl
> (org.osgi.framework.AdminPermission "*" "metadata")
> (org.osgi.service.cm.ConfigurationPermission "*" "configure,target")
> # Handle persistent configuration files
> # -> FilePersistenceManager
> (java.util.PropertyPermission "user.dir" "read")
> (java.io.FilePermission "-" "read,write,execute,delete")
> # -> ConfigurationManager
> (org.osgi.framework.ServicePermission "org.apache.felix.cm.PersistenceManager" "register")
> Note: I have extracted those permissions from code analysis then tested the suggested file in simple examples.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira