[
https://issues.apache.org/jira/browse/KARAF-6073?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jean-Baptiste Onofré reassigned KARAF-6073:
-------------------------------------------
Assignee: (was: Jean-Baptiste Onofré)
> framework-security not properly applying Conditional Permission Admin policy
> ----------------------------------------------------------------------------
>
> Key: KARAF-6073
> URL: https://issues.apache.org/jira/browse/KARAF-6073
> Project: Karaf
> Issue Type: Bug
> Components: karaf
> Affects Versions: 4.2.2
> Environment: *custom.system.properties:*
> java.security.policy=${karaf.etc}/all.policy
> org.osgi.framework.security=osgi
> org.osgi.framework.trust.repositories=${karaf.etc}/test.truststore
> *startup.properties:*
> mvn\:org.apache.felix/org.apache.felix.framework.security/2.6.1 = 1
> mvn\:com.test/test-security/1.0-SNAPSHOT = 40
> *security.policy:*
> ALLOW {
> ( java.security.AllPermission "*" "*" )
> } "Allow All"
> Reporter: Charles George
> Priority: Major
> Labels: conditionalpermissionadmin, framework-security, karaf,
> security
>
> There seems to be an issue with felix framework security not respecting the
> "AllPermission" I'm giving to all bundles. The test-security bundle has an
> Activator to update ConditionalPermissionAdmin by reading the security.policy
> file. I've verified through the webconsole that the permissions are applied
> correctly.
> I receive the following exception:
> java.security.AccessControlException: access denied ("java.io.FilePermission"
> "/home/test/Desktop/blah.txt" "write")
> I've verified that I can, in fact, deny all permissions to bundles and stop
> the system from even starting which tells me it is applying my policy, but
> the logic is wrong. I am installing a feature on the system of my own bundles
> which forces some bundles to stop and restart. As a result of this is it
> reverting back to just the implicit permissions? There are no
> permissions.perm file in any of the bundles.
> This is the first time I'm testing this on karaf and have not tried it on any
> previous versions.(though I have tested this policy on a plain felix)
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
