[jira] [Commented] (FELIX-5910) [ConfigAdmin] Set correct AccessControlContext when firing events
[ https://issues.apache.org/jira/browse/FELIX-5910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16612533#comment-16612533 ] Christoph Nölle commented on FELIX-5910: In general you are right, [~timothyjward]. Note however that here the issue is not that SCR is on the call stack where it shouldn't, but rather that ConfigAdmin is (although the root cause for this is in SCR). > [ConfigAdmin] Set correct AccessControlContext when firing events > - > > Key: FELIX-5910 > URL: https://issues.apache.org/jira/browse/FELIX-5910 > Project: Felix > Issue Type: Bug > Components: Configuration Admin >Affects Versions: configadmin-1.9.4 > Environment: - Felix fwk 6.0.0 > - Felix security 2.6.0 > - Felix config admin 1.9.4 and 1.9.5-SNAPSHOT >Reporter: Christoph Nölle >Assignee: Carsten Ziegeler >Priority: Major > Fix For: configadmin-1.9.6 > > > ConfigAdmin requests a restricted set of permissions by means of a > permissions.perm file, which must not restrict the permissions of other > bundles to which it sends events. There is in fact a mechanism in place to > prevent this, using the protection domain of the bundle, in the class > ManagedServiceTracker (resolving the related issue > https://issues.apache.org/jira/browse/FELIX-4362). However, the UpdateThread > class does not use this mechanism; instead it explicitly sets an > AccessControlContext based on its own protection domain, hence enforcing its > own restricted set of permissions to the event listeners. Below are two > examples of the resulting AccessControlExceptions I get... there is just one > additional bundle in the stack trace, felix-scr, which has all permissions > and can be ignored from the permissions point of view. > By the way, removing the permissions.perm file from ConfigAdmin resolves the > problem, confirming that the bug is indeed in ConfigAdmin. > rg.slf4j.osgi-over-slf4j[org.apache.felix.configadmin.1.9.4] : > [[org.osgi.service.cm.ConfigurationAdmin]]Unexpected problem delivering > configuration event to [org.osgi.service.cm.ConfigurationListener, id=18, > bundle=24/mvn:org.apache.felix/org.apache.felix.configadmin/1.9.4] > java.security.AccessControlException: access denied > ("java.lang.RuntimePermission" "getClassLoader") > at > java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) > at > java.base/java.security.AccessController.checkPermission(AccessController.java:895) > at > java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:335) > at > java.base/java.lang.ClassLoader.checkClassLoaderPermission(ClassLoader.java:2042) > at java.base/java.lang.Class.getClassLoader(Class.java:807) > at > org.apache.felix.scr.impl.inject.methods.BaseMethod.findMethod(BaseMethod.java:158) > at > org.apache.felix.scr.impl.inject.methods.BaseMethod.access$400(BaseMethod.java:41) > at > org.apache.felix.scr.impl.inject.methods.BaseMethod$NotResolved.resolve(BaseMethod.java:602) > at > org.apache.felix.scr.impl.inject.methods.BaseMethod$NotResolved.methodExists(BaseMethod.java:626) > at > org.apache.felix.scr.impl.inject.methods.BaseMethod.methodExists(BaseMethod.java:528) > at > org.apache.felix.scr.impl.inject.methods.ActivateMethod.invoke(ActivateMethod.java:315) > at > org.apache.felix.scr.impl.inject.methods.ActivateMethod.invoke(ActivateMethod.java:307) > at > org.apache.felix.scr.impl.manager.SingleComponentManager.invokeModifiedMethod(SingleComponentManager.java:810) > at > org.apache.felix.scr.impl.manager.SingleComponentManager.modify(SingleComponentManager.java:765) > at > org.apache.felix.scr.impl.manager.SingleComponentManager.reconfigure(SingleComponentManager.java:683) > at > org.apache.felix.scr.impl.manager.SingleComponentManager.reconfigure(SingleComponentManager.java:647) > at > org.apache.felix.scr.impl.manager.ConfigurableComponentHolder.configurationUpdated(ConfigurableComponentHolder.java:435) > at > org.apache.felix.scr.impl.manager.RegionConfigurationSupport.configurationEvent(RegionConfigurationSupport.java:288) > at > org.apache.felix.scr.impl.manager.RegionConfigurationSupport$1.configurationEvent(RegionConfigurationSupport.java:91) > at > org.apache.felix.cm.impl.ConfigurationManager$FireConfigurationEvent.sendEvent(ConfigurationManager.java:1667) > at > org.apache.felix.cm.impl.ConfigurationManager$FireConfigurationEvent.run(ConfigurationManager.java:1635) > at org.apache.felix.cm.impl.UpdateThread$1.run(UpdateThread.java:126) > at org.apache.felix.cm.impl.UpdateThread$1.run(UpdateThread.java:123) > at java.base/java.security.AccessController.doPrivileged(Native Method) > at org.apache.felix.cm.impl.UpdateThread.run0(UpdateThread.java:122) > at
[jira] [Commented] (FELIX-5910) [ConfigAdmin] Set correct AccessControlContext when firing events
[ https://issues.apache.org/jira/browse/FELIX-5910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16612491#comment-16612491 ] Timothy Ward commented on FELIX-5910: - {quote}Thanks, yes this looks like a SCR bug {quote} I agree with this. SCR should definitely be removing itself from the stack by setting the relevant access control context before calling any lifecycle methods on the component. Otherwise SCR requires AllPermission (which is probably what it has if nobody has created a proper permissions file for it) which is a bad thing. > [ConfigAdmin] Set correct AccessControlContext when firing events > - > > Key: FELIX-5910 > URL: https://issues.apache.org/jira/browse/FELIX-5910 > Project: Felix > Issue Type: Bug > Components: Configuration Admin >Affects Versions: configadmin-1.9.4 > Environment: - Felix fwk 6.0.0 > - Felix security 2.6.0 > - Felix config admin 1.9.4 and 1.9.5-SNAPSHOT >Reporter: Christoph Nölle >Assignee: Carsten Ziegeler >Priority: Major > Fix For: configadmin-1.9.6 > > > ConfigAdmin requests a restricted set of permissions by means of a > permissions.perm file, which must not restrict the permissions of other > bundles to which it sends events. There is in fact a mechanism in place to > prevent this, using the protection domain of the bundle, in the class > ManagedServiceTracker (resolving the related issue > https://issues.apache.org/jira/browse/FELIX-4362). However, the UpdateThread > class does not use this mechanism; instead it explicitly sets an > AccessControlContext based on its own protection domain, hence enforcing its > own restricted set of permissions to the event listeners. Below are two > examples of the resulting AccessControlExceptions I get... there is just one > additional bundle in the stack trace, felix-scr, which has all permissions > and can be ignored from the permissions point of view. > By the way, removing the permissions.perm file from ConfigAdmin resolves the > problem, confirming that the bug is indeed in ConfigAdmin. > rg.slf4j.osgi-over-slf4j[org.apache.felix.configadmin.1.9.4] : > [[org.osgi.service.cm.ConfigurationAdmin]]Unexpected problem delivering > configuration event to [org.osgi.service.cm.ConfigurationListener, id=18, > bundle=24/mvn:org.apache.felix/org.apache.felix.configadmin/1.9.4] > java.security.AccessControlException: access denied > ("java.lang.RuntimePermission" "getClassLoader") > at > java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) > at > java.base/java.security.AccessController.checkPermission(AccessController.java:895) > at > java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:335) > at > java.base/java.lang.ClassLoader.checkClassLoaderPermission(ClassLoader.java:2042) > at java.base/java.lang.Class.getClassLoader(Class.java:807) > at > org.apache.felix.scr.impl.inject.methods.BaseMethod.findMethod(BaseMethod.java:158) > at > org.apache.felix.scr.impl.inject.methods.BaseMethod.access$400(BaseMethod.java:41) > at > org.apache.felix.scr.impl.inject.methods.BaseMethod$NotResolved.resolve(BaseMethod.java:602) > at > org.apache.felix.scr.impl.inject.methods.BaseMethod$NotResolved.methodExists(BaseMethod.java:626) > at > org.apache.felix.scr.impl.inject.methods.BaseMethod.methodExists(BaseMethod.java:528) > at > org.apache.felix.scr.impl.inject.methods.ActivateMethod.invoke(ActivateMethod.java:315) > at > org.apache.felix.scr.impl.inject.methods.ActivateMethod.invoke(ActivateMethod.java:307) > at > org.apache.felix.scr.impl.manager.SingleComponentManager.invokeModifiedMethod(SingleComponentManager.java:810) > at > org.apache.felix.scr.impl.manager.SingleComponentManager.modify(SingleComponentManager.java:765) > at > org.apache.felix.scr.impl.manager.SingleComponentManager.reconfigure(SingleComponentManager.java:683) > at > org.apache.felix.scr.impl.manager.SingleComponentManager.reconfigure(SingleComponentManager.java:647) > at > org.apache.felix.scr.impl.manager.ConfigurableComponentHolder.configurationUpdated(ConfigurableComponentHolder.java:435) > at > org.apache.felix.scr.impl.manager.RegionConfigurationSupport.configurationEvent(RegionConfigurationSupport.java:288) > at > org.apache.felix.scr.impl.manager.RegionConfigurationSupport$1.configurationEvent(RegionConfigurationSupport.java:91) > at > org.apache.felix.cm.impl.ConfigurationManager$FireConfigurationEvent.sendEvent(ConfigurationManager.java:1667) > at > org.apache.felix.cm.impl.ConfigurationManager$FireConfigurationEvent.run(ConfigurationManager.java:1635) > at org.apache.felix.cm.impl.UpdateThread$1.run(UpdateThread.java:126) > at
[jira] [Commented] (FELIX-5910) [ConfigAdmin] Set correct AccessControlContext when firing events
[ https://issues.apache.org/jira/browse/FELIX-5910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16612312#comment-16612312 ] Christoph Nölle commented on FELIX-5910: By the way, to reproduce the issue: * create/use a ds-component which expects a component property type (@interface) in the activate method * start with security enabled * create a configuration with location "?" for the component (I did this by means of the configurator; when running with security you need to use a snapshot version and remove the permissions.perm file, due to some other bugs; but it shouldn't matter how the configuration is created) * change the configuration at runtime > [ConfigAdmin] Set correct AccessControlContext when firing events > - > > Key: FELIX-5910 > URL: https://issues.apache.org/jira/browse/FELIX-5910 > Project: Felix > Issue Type: Bug > Components: Configuration Admin >Affects Versions: configadmin-1.9.4 > Environment: - Felix fwk 6.0.0 > - Felix security 2.6.0 > - Felix config admin 1.9.4 and 1.9.5-SNAPSHOT >Reporter: Christoph Nölle >Assignee: Carsten Ziegeler >Priority: Major > Fix For: configadmin-1.9.6 > > > ConfigAdmin requests a restricted set of permissions by means of a > permissions.perm file, which must not restrict the permissions of other > bundles to which it sends events. There is in fact a mechanism in place to > prevent this, using the protection domain of the bundle, in the class > ManagedServiceTracker (resolving the related issue > https://issues.apache.org/jira/browse/FELIX-4362). However, the UpdateThread > class does not use this mechanism; instead it explicitly sets an > AccessControlContext based on its own protection domain, hence enforcing its > own restricted set of permissions to the event listeners. Below are two > examples of the resulting AccessControlExceptions I get... there is just one > additional bundle in the stack trace, felix-scr, which has all permissions > and can be ignored from the permissions point of view. > By the way, removing the permissions.perm file from ConfigAdmin resolves the > problem, confirming that the bug is indeed in ConfigAdmin. > rg.slf4j.osgi-over-slf4j[org.apache.felix.configadmin.1.9.4] : > [[org.osgi.service.cm.ConfigurationAdmin]]Unexpected problem delivering > configuration event to [org.osgi.service.cm.ConfigurationListener, id=18, > bundle=24/mvn:org.apache.felix/org.apache.felix.configadmin/1.9.4] > java.security.AccessControlException: access denied > ("java.lang.RuntimePermission" "getClassLoader") > at > java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) > at > java.base/java.security.AccessController.checkPermission(AccessController.java:895) > at > java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:335) > at > java.base/java.lang.ClassLoader.checkClassLoaderPermission(ClassLoader.java:2042) > at java.base/java.lang.Class.getClassLoader(Class.java:807) > at > org.apache.felix.scr.impl.inject.methods.BaseMethod.findMethod(BaseMethod.java:158) > at > org.apache.felix.scr.impl.inject.methods.BaseMethod.access$400(BaseMethod.java:41) > at > org.apache.felix.scr.impl.inject.methods.BaseMethod$NotResolved.resolve(BaseMethod.java:602) > at > org.apache.felix.scr.impl.inject.methods.BaseMethod$NotResolved.methodExists(BaseMethod.java:626) > at > org.apache.felix.scr.impl.inject.methods.BaseMethod.methodExists(BaseMethod.java:528) > at > org.apache.felix.scr.impl.inject.methods.ActivateMethod.invoke(ActivateMethod.java:315) > at > org.apache.felix.scr.impl.inject.methods.ActivateMethod.invoke(ActivateMethod.java:307) > at > org.apache.felix.scr.impl.manager.SingleComponentManager.invokeModifiedMethod(SingleComponentManager.java:810) > at > org.apache.felix.scr.impl.manager.SingleComponentManager.modify(SingleComponentManager.java:765) > at > org.apache.felix.scr.impl.manager.SingleComponentManager.reconfigure(SingleComponentManager.java:683) > at > org.apache.felix.scr.impl.manager.SingleComponentManager.reconfigure(SingleComponentManager.java:647) > at > org.apache.felix.scr.impl.manager.ConfigurableComponentHolder.configurationUpdated(ConfigurableComponentHolder.java:435) > at > org.apache.felix.scr.impl.manager.RegionConfigurationSupport.configurationEvent(RegionConfigurationSupport.java:288) > at > org.apache.felix.scr.impl.manager.RegionConfigurationSupport$1.configurationEvent(RegionConfigurationSupport.java:91) > at > org.apache.felix.cm.impl.ConfigurationManager$FireConfigurationEvent.sendEvent(ConfigurationManager.java:1667) > at > org.apache.felix.cm.impl.ConfigurationManager$FireConfigurationEvent.run(ConfigurationManager.java:1635) > at
[jira] [Commented] (FELIX-5910) [ConfigAdmin] Set correct AccessControlContext when firing events
[ https://issues.apache.org/jira/browse/FELIX-5910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16612155#comment-16612155 ] Christoph Nölle commented on FELIX-5910: Ok, sorry. In any case, the issue is still there. I tracked it down a little further: there are these two arrays in the FireConfigurationEvent class, private final ConfigurationListener[] listeners; private final Bundle[] listenerProvider; In my case there is an entry of type org.apache.felix.scr.impl.manager.RegionConfigurationSupport$1 in the listeners array, with the configadmin bundle in the listenersProvider array at the corresponding position. Hence the scr-callback is executed with permissions of the configadmin bundle. The reason is that scr uses the CA bundle context to register a service, see the #start-method in [https://github.com/apache/felix/blob/trunk/scr/src/main/java/org/apache/felix/scr/impl/manager/RegionConfigurationSupport.java] So maybe it's rather an scr issue now. > [ConfigAdmin] Set correct AccessControlContext when firing events > - > > Key: FELIX-5910 > URL: https://issues.apache.org/jira/browse/FELIX-5910 > Project: Felix > Issue Type: Bug > Components: Configuration Admin >Affects Versions: configadmin-1.9.4 > Environment: - Felix fwk 6.0.0 > - Felix security 2.6.0 > - Felix config admin 1.9.4 and 1.9.5-SNAPSHOT >Reporter: Christoph Nölle >Assignee: Carsten Ziegeler >Priority: Major > Fix For: configadmin-1.9.6 > > > ConfigAdmin requests a restricted set of permissions by means of a > permissions.perm file, which must not restrict the permissions of other > bundles to which it sends events. There is in fact a mechanism in place to > prevent this, using the protection domain of the bundle, in the class > ManagedServiceTracker (resolving the related issue > https://issues.apache.org/jira/browse/FELIX-4362). However, the UpdateThread > class does not use this mechanism; instead it explicitly sets an > AccessControlContext based on its own protection domain, hence enforcing its > own restricted set of permissions to the event listeners. Below are two > examples of the resulting AccessControlExceptions I get... there is just one > additional bundle in the stack trace, felix-scr, which has all permissions > and can be ignored from the permissions point of view. > By the way, removing the permissions.perm file from ConfigAdmin resolves the > problem, confirming that the bug is indeed in ConfigAdmin. > rg.slf4j.osgi-over-slf4j[org.apache.felix.configadmin.1.9.4] : > [[org.osgi.service.cm.ConfigurationAdmin]]Unexpected problem delivering > configuration event to [org.osgi.service.cm.ConfigurationListener, id=18, > bundle=24/mvn:org.apache.felix/org.apache.felix.configadmin/1.9.4] > java.security.AccessControlException: access denied > ("java.lang.RuntimePermission" "getClassLoader") > at > java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) > at > java.base/java.security.AccessController.checkPermission(AccessController.java:895) > at > java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:335) > at > java.base/java.lang.ClassLoader.checkClassLoaderPermission(ClassLoader.java:2042) > at java.base/java.lang.Class.getClassLoader(Class.java:807) > at > org.apache.felix.scr.impl.inject.methods.BaseMethod.findMethod(BaseMethod.java:158) > at > org.apache.felix.scr.impl.inject.methods.BaseMethod.access$400(BaseMethod.java:41) > at > org.apache.felix.scr.impl.inject.methods.BaseMethod$NotResolved.resolve(BaseMethod.java:602) > at > org.apache.felix.scr.impl.inject.methods.BaseMethod$NotResolved.methodExists(BaseMethod.java:626) > at > org.apache.felix.scr.impl.inject.methods.BaseMethod.methodExists(BaseMethod.java:528) > at > org.apache.felix.scr.impl.inject.methods.ActivateMethod.invoke(ActivateMethod.java:315) > at > org.apache.felix.scr.impl.inject.methods.ActivateMethod.invoke(ActivateMethod.java:307) > at > org.apache.felix.scr.impl.manager.SingleComponentManager.invokeModifiedMethod(SingleComponentManager.java:810) > at > org.apache.felix.scr.impl.manager.SingleComponentManager.modify(SingleComponentManager.java:765) > at > org.apache.felix.scr.impl.manager.SingleComponentManager.reconfigure(SingleComponentManager.java:683) > at > org.apache.felix.scr.impl.manager.SingleComponentManager.reconfigure(SingleComponentManager.java:647) > at > org.apache.felix.scr.impl.manager.ConfigurableComponentHolder.configurationUpdated(ConfigurableComponentHolder.java:435) > at > org.apache.felix.scr.impl.manager.RegionConfigurationSupport.configurationEvent(RegionConfigurationSupport.java:288) > at >
[jira] [Commented] (FELIX-5910) [ConfigAdmin] Set correct AccessControlContext when firing events
[ https://issues.apache.org/jira/browse/FELIX-5910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16612114#comment-16612114 ] Carsten Ziegeler commented on FELIX-5910: - [~cnoelle] Is there an easy way to reproduce the issue? > [ConfigAdmin] Set correct AccessControlContext when firing events > - > > Key: FELIX-5910 > URL: https://issues.apache.org/jira/browse/FELIX-5910 > Project: Felix > Issue Type: Bug > Components: Configuration Admin >Affects Versions: configadmin-1.9.4 > Environment: - Felix fwk 6.0.0 > - Felix security 2.6.0 > - Felix config admin 1.9.4 and 1.9.5-SNAPSHOT >Reporter: Christoph Nölle >Assignee: Carsten Ziegeler >Priority: Major > Fix For: configadmin-1.9.6 > > > ConfigAdmin requests a restricted set of permissions by means of a > permissions.perm file, which must not restrict the permissions of other > bundles to which it sends events. There is in fact a mechanism in place to > prevent this, using the protection domain of the bundle, in the class > ManagedServiceTracker (resolving the related issue > https://issues.apache.org/jira/browse/FELIX-4362). However, the UpdateThread > class does not use this mechanism; instead it explicitly sets an > AccessControlContext based on its own protection domain, hence enforcing its > own restricted set of permissions to the event listeners. Below are two > examples of the resulting AccessControlExceptions I get... there is just one > additional bundle in the stack trace, felix-scr, which has all permissions > and can be ignored from the permissions point of view. > By the way, removing the permissions.perm file from ConfigAdmin resolves the > problem, confirming that the bug is indeed in ConfigAdmin. > rg.slf4j.osgi-over-slf4j[org.apache.felix.configadmin.1.9.4] : > [[org.osgi.service.cm.ConfigurationAdmin]]Unexpected problem delivering > configuration event to [org.osgi.service.cm.ConfigurationListener, id=18, > bundle=24/mvn:org.apache.felix/org.apache.felix.configadmin/1.9.4] > java.security.AccessControlException: access denied > ("java.lang.RuntimePermission" "getClassLoader") > at > java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) > at > java.base/java.security.AccessController.checkPermission(AccessController.java:895) > at > java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:335) > at > java.base/java.lang.ClassLoader.checkClassLoaderPermission(ClassLoader.java:2042) > at java.base/java.lang.Class.getClassLoader(Class.java:807) > at > org.apache.felix.scr.impl.inject.methods.BaseMethod.findMethod(BaseMethod.java:158) > at > org.apache.felix.scr.impl.inject.methods.BaseMethod.access$400(BaseMethod.java:41) > at > org.apache.felix.scr.impl.inject.methods.BaseMethod$NotResolved.resolve(BaseMethod.java:602) > at > org.apache.felix.scr.impl.inject.methods.BaseMethod$NotResolved.methodExists(BaseMethod.java:626) > at > org.apache.felix.scr.impl.inject.methods.BaseMethod.methodExists(BaseMethod.java:528) > at > org.apache.felix.scr.impl.inject.methods.ActivateMethod.invoke(ActivateMethod.java:315) > at > org.apache.felix.scr.impl.inject.methods.ActivateMethod.invoke(ActivateMethod.java:307) > at > org.apache.felix.scr.impl.manager.SingleComponentManager.invokeModifiedMethod(SingleComponentManager.java:810) > at > org.apache.felix.scr.impl.manager.SingleComponentManager.modify(SingleComponentManager.java:765) > at > org.apache.felix.scr.impl.manager.SingleComponentManager.reconfigure(SingleComponentManager.java:683) > at > org.apache.felix.scr.impl.manager.SingleComponentManager.reconfigure(SingleComponentManager.java:647) > at > org.apache.felix.scr.impl.manager.ConfigurableComponentHolder.configurationUpdated(ConfigurableComponentHolder.java:435) > at > org.apache.felix.scr.impl.manager.RegionConfigurationSupport.configurationEvent(RegionConfigurationSupport.java:288) > at > org.apache.felix.scr.impl.manager.RegionConfigurationSupport$1.configurationEvent(RegionConfigurationSupport.java:91) > at > org.apache.felix.cm.impl.ConfigurationManager$FireConfigurationEvent.sendEvent(ConfigurationManager.java:1667) > at > org.apache.felix.cm.impl.ConfigurationManager$FireConfigurationEvent.run(ConfigurationManager.java:1635) > at org.apache.felix.cm.impl.UpdateThread$1.run(UpdateThread.java:126) > at org.apache.felix.cm.impl.UpdateThread$1.run(UpdateThread.java:123) > at java.base/java.security.AccessController.doPrivileged(Native Method) > at org.apache.felix.cm.impl.UpdateThread.run0(UpdateThread.java:122) > at org.apache.felix.cm.impl.UpdateThread.run(UpdateThread.java:105) > at java.base/java.lang.Thread.run(Thread.java:844) >
[jira] [Commented] (FELIX-5910) [ConfigAdmin] Set correct AccessControlContext when firing events
[ https://issues.apache.org/jira/browse/FELIX-5910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16612099#comment-16612099 ] Carsten Ziegeler commented on FELIX-5910: - [~cnoelle] The change is in FireConfigurationEvent > [ConfigAdmin] Set correct AccessControlContext when firing events > - > > Key: FELIX-5910 > URL: https://issues.apache.org/jira/browse/FELIX-5910 > Project: Felix > Issue Type: Bug > Components: Configuration Admin >Affects Versions: configadmin-1.9.4 > Environment: - Felix fwk 6.0.0 > - Felix security 2.6.0 > - Felix config admin 1.9.4 and 1.9.5-SNAPSHOT >Reporter: Christoph Nölle >Assignee: Carsten Ziegeler >Priority: Major > Fix For: configadmin-1.9.6 > > > ConfigAdmin requests a restricted set of permissions by means of a > permissions.perm file, which must not restrict the permissions of other > bundles to which it sends events. There is in fact a mechanism in place to > prevent this, using the protection domain of the bundle, in the class > ManagedServiceTracker (resolving the related issue > https://issues.apache.org/jira/browse/FELIX-4362). However, the UpdateThread > class does not use this mechanism; instead it explicitly sets an > AccessControlContext based on its own protection domain, hence enforcing its > own restricted set of permissions to the event listeners. Below are two > examples of the resulting AccessControlExceptions I get... there is just one > additional bundle in the stack trace, felix-scr, which has all permissions > and can be ignored from the permissions point of view. > By the way, removing the permissions.perm file from ConfigAdmin resolves the > problem, confirming that the bug is indeed in ConfigAdmin. > rg.slf4j.osgi-over-slf4j[org.apache.felix.configadmin.1.9.4] : > [[org.osgi.service.cm.ConfigurationAdmin]]Unexpected problem delivering > configuration event to [org.osgi.service.cm.ConfigurationListener, id=18, > bundle=24/mvn:org.apache.felix/org.apache.felix.configadmin/1.9.4] > java.security.AccessControlException: access denied > ("java.lang.RuntimePermission" "getClassLoader") > at > java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) > at > java.base/java.security.AccessController.checkPermission(AccessController.java:895) > at > java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:335) > at > java.base/java.lang.ClassLoader.checkClassLoaderPermission(ClassLoader.java:2042) > at java.base/java.lang.Class.getClassLoader(Class.java:807) > at > org.apache.felix.scr.impl.inject.methods.BaseMethod.findMethod(BaseMethod.java:158) > at > org.apache.felix.scr.impl.inject.methods.BaseMethod.access$400(BaseMethod.java:41) > at > org.apache.felix.scr.impl.inject.methods.BaseMethod$NotResolved.resolve(BaseMethod.java:602) > at > org.apache.felix.scr.impl.inject.methods.BaseMethod$NotResolved.methodExists(BaseMethod.java:626) > at > org.apache.felix.scr.impl.inject.methods.BaseMethod.methodExists(BaseMethod.java:528) > at > org.apache.felix.scr.impl.inject.methods.ActivateMethod.invoke(ActivateMethod.java:315) > at > org.apache.felix.scr.impl.inject.methods.ActivateMethod.invoke(ActivateMethod.java:307) > at > org.apache.felix.scr.impl.manager.SingleComponentManager.invokeModifiedMethod(SingleComponentManager.java:810) > at > org.apache.felix.scr.impl.manager.SingleComponentManager.modify(SingleComponentManager.java:765) > at > org.apache.felix.scr.impl.manager.SingleComponentManager.reconfigure(SingleComponentManager.java:683) > at > org.apache.felix.scr.impl.manager.SingleComponentManager.reconfigure(SingleComponentManager.java:647) > at > org.apache.felix.scr.impl.manager.ConfigurableComponentHolder.configurationUpdated(ConfigurableComponentHolder.java:435) > at > org.apache.felix.scr.impl.manager.RegionConfigurationSupport.configurationEvent(RegionConfigurationSupport.java:288) > at > org.apache.felix.scr.impl.manager.RegionConfigurationSupport$1.configurationEvent(RegionConfigurationSupport.java:91) > at > org.apache.felix.cm.impl.ConfigurationManager$FireConfigurationEvent.sendEvent(ConfigurationManager.java:1667) > at > org.apache.felix.cm.impl.ConfigurationManager$FireConfigurationEvent.run(ConfigurationManager.java:1635) > at org.apache.felix.cm.impl.UpdateThread$1.run(UpdateThread.java:126) > at org.apache.felix.cm.impl.UpdateThread$1.run(UpdateThread.java:123) > at java.base/java.security.AccessController.doPrivileged(Native Method) > at org.apache.felix.cm.impl.UpdateThread.run0(UpdateThread.java:122) > at org.apache.felix.cm.impl.UpdateThread.run(UpdateThread.java:105) > at java.base/java.lang.Thread.run(Thread.java:844) >
[jira] [Commented] (FELIX-5910) [ConfigAdmin] Set correct AccessControlContext when firing events
[ https://issues.apache.org/jira/browse/FELIX-5910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16612043#comment-16612043 ] Christoph Nölle commented on FELIX-5910: [~cziegeler], I think you forgot to include the fix in the commit. No changes in UpdateThread so far, the bug is still present. > [ConfigAdmin] Set correct AccessControlContext when firing events > - > > Key: FELIX-5910 > URL: https://issues.apache.org/jira/browse/FELIX-5910 > Project: Felix > Issue Type: Bug > Components: Configuration Admin >Affects Versions: configadmin-1.9.4 > Environment: - Felix fwk 6.0.0 > - Felix security 2.6.0 > - Felix config admin 1.9.4 and 1.9.5-SNAPSHOT >Reporter: Christoph Nölle >Assignee: Carsten Ziegeler >Priority: Major > Fix For: configadmin-1.9.6 > > > ConfigAdmin requests a restricted set of permissions by means of a > permissions.perm file, which must not restrict the permissions of other > bundles to which it sends events. There is in fact a mechanism in place to > prevent this, using the protection domain of the bundle, in the class > ManagedServiceTracker (resolving the related issue > https://issues.apache.org/jira/browse/FELIX-4362). However, the UpdateThread > class does not use this mechanism; instead it explicitly sets an > AccessControlContext based on its own protection domain, hence enforcing its > own restricted set of permissions to the event listeners. Below are two > examples of the resulting AccessControlExceptions I get... there is just one > additional bundle in the stack trace, felix-scr, which has all permissions > and can be ignored from the permissions point of view. > By the way, removing the permissions.perm file from ConfigAdmin resolves the > problem, confirming that the bug is indeed in ConfigAdmin. > rg.slf4j.osgi-over-slf4j[org.apache.felix.configadmin.1.9.4] : > [[org.osgi.service.cm.ConfigurationAdmin]]Unexpected problem delivering > configuration event to [org.osgi.service.cm.ConfigurationListener, id=18, > bundle=24/mvn:org.apache.felix/org.apache.felix.configadmin/1.9.4] > java.security.AccessControlException: access denied > ("java.lang.RuntimePermission" "getClassLoader") > at > java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) > at > java.base/java.security.AccessController.checkPermission(AccessController.java:895) > at > java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:335) > at > java.base/java.lang.ClassLoader.checkClassLoaderPermission(ClassLoader.java:2042) > at java.base/java.lang.Class.getClassLoader(Class.java:807) > at > org.apache.felix.scr.impl.inject.methods.BaseMethod.findMethod(BaseMethod.java:158) > at > org.apache.felix.scr.impl.inject.methods.BaseMethod.access$400(BaseMethod.java:41) > at > org.apache.felix.scr.impl.inject.methods.BaseMethod$NotResolved.resolve(BaseMethod.java:602) > at > org.apache.felix.scr.impl.inject.methods.BaseMethod$NotResolved.methodExists(BaseMethod.java:626) > at > org.apache.felix.scr.impl.inject.methods.BaseMethod.methodExists(BaseMethod.java:528) > at > org.apache.felix.scr.impl.inject.methods.ActivateMethod.invoke(ActivateMethod.java:315) > at > org.apache.felix.scr.impl.inject.methods.ActivateMethod.invoke(ActivateMethod.java:307) > at > org.apache.felix.scr.impl.manager.SingleComponentManager.invokeModifiedMethod(SingleComponentManager.java:810) > at > org.apache.felix.scr.impl.manager.SingleComponentManager.modify(SingleComponentManager.java:765) > at > org.apache.felix.scr.impl.manager.SingleComponentManager.reconfigure(SingleComponentManager.java:683) > at > org.apache.felix.scr.impl.manager.SingleComponentManager.reconfigure(SingleComponentManager.java:647) > at > org.apache.felix.scr.impl.manager.ConfigurableComponentHolder.configurationUpdated(ConfigurableComponentHolder.java:435) > at > org.apache.felix.scr.impl.manager.RegionConfigurationSupport.configurationEvent(RegionConfigurationSupport.java:288) > at > org.apache.felix.scr.impl.manager.RegionConfigurationSupport$1.configurationEvent(RegionConfigurationSupport.java:91) > at > org.apache.felix.cm.impl.ConfigurationManager$FireConfigurationEvent.sendEvent(ConfigurationManager.java:1667) > at > org.apache.felix.cm.impl.ConfigurationManager$FireConfigurationEvent.run(ConfigurationManager.java:1635) > at org.apache.felix.cm.impl.UpdateThread$1.run(UpdateThread.java:126) > at org.apache.felix.cm.impl.UpdateThread$1.run(UpdateThread.java:123) > at java.base/java.security.AccessController.doPrivileged(Native Method) > at org.apache.felix.cm.impl.UpdateThread.run0(UpdateThread.java:122) > at org.apache.felix.cm.impl.UpdateThread.run(UpdateThread.java:105) > at