[jira] [Commented] (FELIX-4039) Add Permissions file in ConfigAdmin bundle

Wed, 14 Aug 2013 01:04:30 -0700 

    [ 
https://issues.apache.org/jira/browse/FELIX-4039?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13739377#comment-13739377
 ] 

Felix Meschberger commented on FELIX-4039:
------------------------------------------

Thanks for reporting and providing the file. The contents sounds reasonable to 
me.
                
> Add Permissions file in ConfigAdmin bundle 
> -------------------------------------------
>
>                 Key: FELIX-4039
>                 URL: https://issues.apache.org/jira/browse/FELIX-4039
>             Project: Felix
>          Issue Type: Improvement
>          Components: Configuration Admin
>    Affects Versions: configadmin-1.6.0
>            Reporter: Romain Dubois
>            Assignee: Felix Meschberger
>            Priority: Minor
>              Labels: security
>             Fix For: configadmin-1.6.2
>
>
> Most of felix bundles should have a permissions file.
> For ConfigAdmin bundle, I suggest the following content for 
> "OSGI-INF/permissions.perm" file:
> # Apache Felix Configuration Admin Service
> # Bundle permissions
> #
> # Imported/Exported packages 
> # -> MANIFEST.MF
> (org.osgi.framework.PackagePermission   "org.osgi.service.log"          
> "import")
> (org.osgi.framework.PackagePermission   "org.osgi.framework"            
> "import")
> (org.osgi.framework.PackagePermission   "org.osgi.service.cm"           
> "import,exportonly")
> (org.osgi.framework.PackagePermission   "org.apache.felix.cm"           
> "import,exportonly")
> (org.osgi.framework.PackagePermission   "org.apache.felix.cm.file"      
> "import,exportonly")
> # General bundle permissions
> (java.util.PropertyPermission           "felix.cm.*"                        
> "read")
> (org.osgi.framework.ServicePermission   "org.apache.felix.cm.*"             
> "get,register")
> (org.osgi.framework.ServicePermission   "org.osgi.service.cm.*"             
> "get,register")
> (org.osgi.framework.ServicePermission   "org.osgi.service.log.LogService"   
> "get")
> # Manage configurations
> # -> ConfigurationAdminImpl
> (org.osgi.framework.AdminPermission             "*" "metadata")
> (org.osgi.service.cm.ConfigurationPermission    "*" "configure,target")
> # Handle persistent configuration files
> # -> FilePersistenceManager
> (java.util.PropertyPermission   "user.dir"  "read")
> (java.io.FilePermission         "-"         "read,write,execute,delete")
> # -> ConfigurationManager
> (org.osgi.framework.ServicePermission   
> "org.apache.felix.cm.PersistenceManager"    "register")
> Note: I have extracted those permissions from code analysis then tested the 
> suggested file in simple examples. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to