Guillaume Nodet created FELIX-5385: -------------------------------------- Summary: ConfigAdmin uses wrong security when calling ManagedServices Key: FELIX-5385 URL: https://issues.apache.org/jira/browse/FELIX-5385 Project: Felix Issue Type: Bug Reporter: Guillaume Nodet
When a ManagedService (which bundles has all permissions) is called, we end up with the following exception. The reason is that all code protection domain need to have the permission to actually grant the permission, and ConfigAdmin has very restricted permissions. A DomainCombiner should be used to only apply the bundle's permission to the call. {code} 10:43:43.543 [CM Configuration Updater (ManagedService Update: pid=[org.ops4j.pax.logging])] ERROR org.apache.felix.configadmin - [org.osgi.service.log.LogService, org.knopflerfish.service.log.LogService, org.ops4j.pax.logging.PaxLoggingService, org.osgi.service.cm.ManagedService, id=12, bundle=5/mvn:org.ops4j.pax.logging/pax-logging-log4j2/1.9.1-SNAPSHOT]: Unexpected problem updating configuration org.ops4j.pax.logging java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "getClassLoader") at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) [?:?] at java.security.AccessController.checkPermission(AccessController.java:884) [?:?] at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) [?:?] at java.lang.ClassLoader.checkClassLoaderPermission(ClassLoader.java:1528) [?:?] at java.lang.Thread.getContextClassLoader(Thread.java:1436) [?:?] at org.ops4j.pax.logging.log4j2.internal.PaxLoggingServiceImpl.updated(PaxLoggingServiceImpl.java:150) [5:org.ops4j.pax.logging.pax-logging-log4j2:1.9.1.SNAPSHOT] at org.ops4j.pax.logging.log4j2.internal.PaxLoggingServiceImpl$1ManagedPaxLoggingService.updated(PaxLoggingServiceImpl.java:408) [5:org.ops4j.pax.logging.pax-logging-log4j2:1.9.1.SNAPSHOT] at org.apache.felix.cm.impl.helper.ManagedServiceTracker$1.run(ManagedServiceTracker.java:177) [6:org.apache.felix.configadmin:1.8.8] at java.security.AccessController.doPrivileged(Native Method) ~[?:?] at org.apache.felix.cm.impl.helper.ManagedServiceTracker.updated(ManagedServiceTracker.java:173) [6:org.apache.felix.configadmin:1.8.8] at org.apache.felix.cm.impl.helper.ManagedServiceTracker.updateService(ManagedServiceTracker.java:152) [6:org.apache.felix.configadmin:1.8.8] at org.apache.felix.cm.impl.helper.ManagedServiceTracker.provideConfiguration(ManagedServiceTracker.java:85) [6:org.apache.felix.configadmin:1.8.8] at org.apache.felix.cm.impl.ConfigurationManager$ManagedServiceUpdate.provide(ConfigurationManager.java:1444) [6:org.apache.felix.configadmin:1.8.8] at org.apache.felix.cm.impl.ConfigurationManager$ManagedServiceUpdate.run(ConfigurationManager.java:1400) [6:org.apache.felix.configadmin:1.8.8] at org.apache.felix.cm.impl.UpdateThread$1.run(UpdateThread.java:131) [6:org.apache.felix.configadmin:1.8.8] at org.apache.felix.cm.impl.UpdateThread$1.run(UpdateThread.java:128) [6:org.apache.felix.configadmin:1.8.8] at java.security.AccessController.doPrivileged(Native Method) ~[?:?] at org.apache.felix.cm.impl.UpdateThread.run0(UpdateThread.java:127) [6:org.apache.felix.configadmin:1.8.8] at org.apache.felix.cm.impl.UpdateThread.run(UpdateThread.java:110) [6:org.apache.felix.configadmin:1.8.8] at java.lang.Thread.run(Thread.java:745) [?:?] {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)