Re: [equinox-dev] Enabling security in Equinox

2009-10-30 Thread Marcel Offermans 
On Oct 30, 2009, at 1:31 , tom@oracle.com tom@oracle.com  
wrote:



Hi all,

I now realized that I need to provide system permissions for the  
Conditional Permission Admin service in order to secure behaviors of  
some installed bundles. Please confirm my understanding:
1. The example showed in the PDF seem to suggest achieving this  
using privileged bundle to assign restricted permission objects for  
the new bundles.

2. #1 approach needs to be done programmatcally?


Yes, in various places in the OSGi specification, a bundle called the  
management agent is mentioned. This bundle has a couple of  
responsibilities (scattered throughout the spec) and one of them is to  
setup and maintain security policies.


3. Is there a way to achieve the restriction of bundles coming from  
known location A to have a limited set of permissions with a  
configuration file like custo_java.policy?


Not that I know of, you'd have to do that programmatically.

Greetings, Marcel

___
equinox-dev mailing list
equinox-dev@eclipse.org
https://dev.eclipse.org/mailman/listinfo/equinox-dev

Re: [equinox-dev] Enabling security in Equinox

2009-10-30 Thread Marcel Offermans 

On Oct 30, 2009, at 8:53 , David Conde wrote:


IF you do not want to do it programatically, you should use
Local Permission which are defined in permissions.perm file.  I  
think this

restriction in Conditional Permission is because of security matters.


Local permissions only allow a bundle to declare to the framework the  
permissions it wants. The framework then makes sure it will never get  
more than that (but maybe less). This is a good way to prevent having  
to audit third party bundles/code before accepting it, but I don't  
think it's a solution to prevent having to setup security.


Greetings, Marcel

___
equinox-dev mailing list
equinox-dev@eclipse.org
https://dev.eclipse.org/mailman/listinfo/equinox-dev