Re: [cp-patches] Gnu classpath permission patch ?

Thu, 24 May 2007 17:09:35 -0700 

On May 24, 2007, at 1:58 PM, Pierre Parrend wrote:



 Hello,

for instance, I have the following command:


jamvm -Djava.security.manager -Djava.security.policy=conf/ 
java.policy -cp

bin/felix.jar: org.apache.felix.main.Main
(jamvm uses the Gnu classpath, with default configuration)

with following conf/java.policy file:

grant codeBase "/code/osgi-projects/sfelix/sfelix0.2.2/main/-" {

        permission java.io.FilePermission "/home/pierre/.felix/ 
testSF", "read";

        permission java.lang.RuntimePermission "exitVM";
};

which gives me following error:

Error creating bundle cache:

permission (java.io.FilePermission /home/pierre/.felix/testSF read)  
not granted:

no protection domains

Could not create framework: java.security.AccessControlException:  
permission
(java.lang.RuntimePermission exitVM ) not granted: no protection  
domains
java.security.AccessControlException: permission  
(java.lang.RuntimePermission

exitVM ) not granted: no protection domains
   at

java.security.AccessControlContext.checkPermission 
(AccessControlContext.java:149)
   at java.security.AccessController.checkPermission 
(AccessController.java:76)
   at java.lang.SecurityManager.checkPermission 
(SecurityManager.java:356)

   at java.lang.SecurityManager.checkExit(SecurityManager.java:475)
   at java.lang.Runtime.exit(Runtime.java:171)
   at java.lang.System.exit(System.java:506)
   at

org.apache.felix.framework.util.SecureAction$Actions.run 
(SecureAction.java:843)
   at java.security.AccessController.doPrivileged 
(AccessController.java:195)
   at org.apache.felix.framework.util.SecureAction.exit 
(SecureAction.java:624)

   at org.apache.felix.framework.Felix.start(Felix.java:276)
   at org.apache.felix.main.Main.main(Main.java:208)


(executed platform is the Felix OSGi implementation, which work  
well without the

security set)




One problem here is that Classpath still unfortunately uses a bogus  
DefaultPolicy class for its policy, not the one that reads policy  
files. You can force using the policy file reader by adding the option:


  -Dpolicy.provider=gnu.java.security.PolicyFile


...I don't know why the default policy would reject the permission  
checks, though, since (AFAIK) the default policy grants AllPermission.
























					Reply via email to