You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@aries.apache.org by "Teodor Todorov (JIRA)" <ji...@apache.org> on 2012/11/20 10:32:58 UTC
[jira] [Closed] (ARIES-963) Spi-fly requires the bundle, whose
class is being woven, to have AdaptPermission for a successful weaving.
[ https://issues.apache.org/jira/browse/ARIES-963?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Teodor Todorov closed ARIES-963.
--------------------------------
Resolution: Invalid
Sorry, it was my mistake. I made local changes trying to debug another issue and actually the error comes from my local changes.
> Spi-fly requires the bundle, whose class is being woven, to have AdaptPermission for a successful weaving.
> ----------------------------------------------------------------------------------------------------------
>
> Key: ARIES-963
> URL: https://issues.apache.org/jira/browse/ARIES-963
> Project: Aries
> Issue Type: Bug
> Reporter: Teodor Todorov
>
> Hello Colleagues,
> The spi-fly weaving hook inserts in the byte code of the woven class execution of the method "org.apache.aries.spifly.Util.fixContextClassloader(String cls, String method, Class<?> clsArg, ClassLoader bundleLoader)"
> This method in its turn calls the method "org.apache.aries.spifly.Util.findContextClassloader(Bundle consumerBundle, String className, String methodName, Class<?> clsArg)". The latter internally calls "BundleWiring bundleWiring = (BundleWiring)consumerBundle.adapt(BundleWiring.class);" on line 137, which requires the caller to have the AdaptPermission ("org.osgi.framework.AdaptPermission" "org.osgi.framework.wiring.BundleWiring" "adapt").
> Option1)
> Since the spi-fly weaving hook has the WovenClass object, it may obtain the BundleWiring without any security checks through the WovenClass.getBundleWiring() call and may pass this BundleWiring object to the Util methods, which are inserted in the woven class byte code. This would require changes in the signature of the Util.fixContextClassloader(...) and Util.findContextClassloader(...) and in the code in the weaving hook, that uses it.
> Option2)
> Execute the call bundle.adapt(BundleRevision.class) in an AccessController.doPrivileged block.
> This was observed during the execution of the osgi test case for the serviceloader.secure on the spi-fly on top of the OSGi R5 compatible implementation from ProSyst. Here is the stack trace:
> java.security.AccessControlException: access denied ("org.osgi.framework.AdaptPermission" "org.osgi.framework.wiring.BundleWiring" "adapt")
> at java.security.AccessControlContext.checkPermission(AccessControlContext.java:366)
> at com.prosyst.mbs.impl.framework.module.security.SecurityManagerImpl.checkPermission(SecurityManagerImpl.java:110)
> at com.prosyst.mbs.impl.framework.module.security.SecurityManagerImpl.checkPermission(SecurityManagerImpl.java:71)
> at com.prosyst.mbs.impl.framework.module.security.BasicSecurityImpl.checkAdaptPermission(BasicSecurityImpl.java:445)
> at com.prosyst.mbs.impl.framework.BundleImpl.adapt(BundleImpl.java:7437)
> at com.prosyst.mbs.impl.framework.BundleImpl.adapt(BundleImpl.java:7430)
> at org.apache.aries.spifly.Util.findContextClassloader(Util.java:137)
> at org.apache.aries.spifly.Util.fixContextClassloader(Util.java:84)
> at org.osgi.test.cases.serviceloader.secure.client.ColorProviderClient.$$FCCL$$java#util#ServiceLoader$load$java#lang#Class(ColorProviderClient.java)
> at org.osgi.test.cases.serviceloader.secure.client.ColorProviderClient.run(ColorProviderClient.java:38)
> at org.osgi.test.cases.serviceloader.secure.junit.ServiceLoaderSecureTest.testLegacyClientWithPermission(ServiceLoaderSecureTest.java:292)
> ...
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira