[
https://issues.apache.org/jira/browse/FELIX-5911?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16629185#comment-16629185
]
Christoph Nölle edited comment on FELIX-5911 at 9/26/18 5:42 PM:
-----------------------------------------------------------------
I was not referring to the permissions of the Java runtime. According to the
security spec (50.2.1 Local Permissions):
[https://osgi.org/specification/osgi.core/7.0.0/service.condpermadmin.html#i1534520]
??Local permissions are defined by a Bundle Permission Resource that is
contained in the bundle; this resource defines a set of _permissions_. These
permissions must be enforced by the Framework for the given bundle. That is, a
bundle can get less permissions than the local permissions but it can never get
more permissions.??
The remainder of the section is also very clear about it: adding a permission
to ConditionalPermissionAdmin does not overwrite the local perms.
was (Author: cnoelle):
I was not referring to the permissions of the Java runtime. According to the
security spec [50.2.1 Local Permissions,
https://osgi.org/specification/osgi.core/7.0.0/service.condpermadmin.html#i1534520]:
??Local permissions are defined by a Bundle Permission Resource that is
contained in the bundle; this resource defines a set of _permissions_. These
permissions must be enforced by the Framework for the given bundle. That is, a
bundle can get less permissions than the local permissions but it can never get
more permissions.??
The remainder of the section is also very clear about it: adding a permission
to ConditionalPermissionAdmin does not overwrite the local perms.
> [Configurator] Too restrictive permissions.perm file
> ----------------------------------------------------
>
> Key: FELIX-5911
> URL: https://issues.apache.org/jira/browse/FELIX-5911
> Project: Felix
> Issue Type: Bug
> Components: Configurator
> Affects Versions: configurator-1.0.4, configurator-1.0.6
> Reporter: Christoph Nölle
> Assignee: Carsten Ziegeler
> Priority: Major
> Fix For: configurator-1.0.8
>
>
> Configurator currently requests
> (java.io.FilePermission "-" "read,write,execute,delete")
> in its permissions.perm file (the "-" means all files and subfolders within
> and below the current working dir). However, the bundle tries to access files
> in the bundle storage area as well, whose location we cannot anticipate here.
> It can be configured by means of a framework property, for instance. The
> correct permission would be
> (java.io.FilePermission "<<ALL FILES>>" "read,write,execute,delete")
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
