[jira] [Reopened] (FELIX-4039) Add Permissions file in ConfigAdmin bundle

Wed, 18 Dec 2013 06:25:15 -0800 

     [ 
https://issues.apache.org/jira/browse/FELIX-4039?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Guillaume Nodet reopened FELIX-4039:
------------------------------------


It seems to cause lots of issues for me when testing.
For example, I end up with lots of exceptions like:
{code}
[CM Configuration Updater (ManagedServiceFactory Update: 
factoryPid=[org.apache.felix.fileinstall])] ERROR org.apache.felix.configadmin 
- [org.osgi.service.cm.ManagedServiceFactory, id=233, 
bundle=7/mvn:org.apache.felix/org.apache.felix.fileinstall/3.2.6]: Unexpected 
problem updating configuration 
org.apache.felix.fileinstall.c0eba252-35f7-4ab6-bc11-ad11e131711c
java.security.AccessControlException: access denied 
("java.util.PropertyPermission" "java.io.tmpdir" "read")
        at 
java.security.AccessControlContext.checkPermission(AccessControlContext.java:372)
        at 
java.security.AccessController.checkPermission(AccessController.java:559)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
        at 
java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1302)
        at java.lang.System.getProperty(System.java:708)
        at 
org.apache.felix.fileinstall.internal.DirectoryWatcher.<init>(DirectoryWatcher.java:109)
        at 
org.apache.felix.fileinstall.internal.FileInstall.updated(FileInstall.java:246)
        at 
org.apache.felix.fileinstall.internal.FileInstall$ConfigAdminSupport$Tracker.updated(FileInstall.java:422)
        at 
org.apache.felix.cm.impl.helper.ManagedServiceFactoryTracker.provideConfiguration(ManagedServiceFactoryTracker.java:88)
        at 
org.apache.felix.cm.impl.ConfigurationManager$ManagedServiceFactoryUpdate.provide(ConfigurationManager.java:1605)
        at 
org.apache.felix.cm.impl.ConfigurationManager$ManagedServiceFactoryUpdate.run(ConfigurationManager.java:1548)
        at org.apache.felix.cm.impl.UpdateThread.run(UpdateThread.java:103)
        at java.lang.Thread.run(Thread.java:744)
{code}

I think if we want to allow such a permissions file, we also need to ensure 
that all access to bundles are not conditioned by it.
In the above stack trace and when running with a security manager, the call to 
service.updated() should be done inside a priviledged action I think:

            return AccessController.doPrivileged(new PrivilegedAction<Object>() 
{
                public Object run() {
                    service.updated( configPid.toString(), props );
                }            
            }, accessControlContext);

so that permissions of ConfigAdmin bundle are not inherited by other bundles.

> Add Permissions file in ConfigAdmin bundle 
> -------------------------------------------
>
>                 Key: FELIX-4039
>                 URL: https://issues.apache.org/jira/browse/FELIX-4039
>             Project: Felix
>          Issue Type: Improvement
>          Components: Configuration Admin
>    Affects Versions: configadmin-1.6.0
>            Reporter: Romain Dubois
>            Assignee: Felix Meschberger
>            Priority: Minor
>              Labels: security
>             Fix For: configadmin-1.8.0
>
>
> Most of felix bundles should have a permissions file.
> For ConfigAdmin bundle, I suggest the following content for 
> "OSGI-INF/permissions.perm" file:
> # Apache Felix Configuration Admin Service
> # Bundle permissions
> #
> # Imported/Exported packages 
> # -> MANIFEST.MF
> (org.osgi.framework.PackagePermission   "org.osgi.service.log"          
> "import")
> (org.osgi.framework.PackagePermission   "org.osgi.framework"            
> "import")
> (org.osgi.framework.PackagePermission   "org.osgi.service.cm"           
> "import,exportonly")
> (org.osgi.framework.PackagePermission   "org.apache.felix.cm"           
> "import,exportonly")
> (org.osgi.framework.PackagePermission   "org.apache.felix.cm.file"      
> "import,exportonly")
> # General bundle permissions
> (java.util.PropertyPermission           "felix.cm.*"                        
> "read")
> (org.osgi.framework.ServicePermission   "org.apache.felix.cm.*"             
> "get,register")
> (org.osgi.framework.ServicePermission   "org.osgi.service.cm.*"             
> "get,register")
> (org.osgi.framework.ServicePermission   "org.osgi.service.log.LogService"   
> "get")
> # Manage configurations
> # -> ConfigurationAdminImpl
> (org.osgi.framework.AdminPermission             "*" "metadata")
> (org.osgi.service.cm.ConfigurationPermission    "*" "configure,target")
> # Handle persistent configuration files
> # -> FilePersistenceManager
> (java.util.PropertyPermission   "user.dir"  "read")
> (java.io.FilePermission         "-"         "read,write,execute,delete")
> # -> ConfigurationManager
> (org.osgi.framework.ServicePermission   
> "org.apache.felix.cm.PersistenceManager"    "register")
> Note: I have extracted those permissions from code analysis then tested the 
> suggested file in simple examples. 



--
This message was sent by Atlassian JIRA
(v6.1.4#6159)

Reply via email to