[jira] [Created] (FELIX-5385) ConfigAdmin uses wrong security when calling ManagedServices

Thu, 20 Oct 2016 01:49:04 -0700 

Guillaume Nodet created FELIX-5385:
--------------------------------------

             Summary: ConfigAdmin uses wrong security when calling 
ManagedServices
                 Key: FELIX-5385
                 URL: https://issues.apache.org/jira/browse/FELIX-5385
             Project: Felix
          Issue Type: Bug
            Reporter: Guillaume Nodet


When a ManagedService (which bundles has all permissions) is called, we end up 
with the following exception.
The reason is that all code protection domain need to have the permission to 
actually grant the permission, and ConfigAdmin has very restricted permissions. 
 A DomainCombiner should be used to only apply the bundle's permission to the 
call.

{code}
10:43:43.543 [CM Configuration Updater (ManagedService Update: 
pid=[org.ops4j.pax.logging])] ERROR org.apache.felix.configadmin - 
[org.osgi.service.log.LogService, org.knopflerfish.service.log.LogService, 
org.ops4j.pax.logging.PaxLoggingService, org.osgi.service.cm.ManagedService, 
id=12, bundle=5/mvn:org.ops4j.pax.logging/pax-logging-log4j2/1.9.1-SNAPSHOT]: 
Unexpected problem updating configuration org.ops4j.pax.logging
java.security.AccessControlException: access denied 
("java.lang.RuntimePermission" "getClassLoader")
        at 
java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
 [?:?]
        at 
java.security.AccessController.checkPermission(AccessController.java:884) [?:?]
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) 
[?:?]
        at 
java.lang.ClassLoader.checkClassLoaderPermission(ClassLoader.java:1528) [?:?]
        at java.lang.Thread.getContextClassLoader(Thread.java:1436) [?:?]
        at 
org.ops4j.pax.logging.log4j2.internal.PaxLoggingServiceImpl.updated(PaxLoggingServiceImpl.java:150)
 [5:org.ops4j.pax.logging.pax-logging-log4j2:1.9.1.SNAPSHOT]
        at 
org.ops4j.pax.logging.log4j2.internal.PaxLoggingServiceImpl$1ManagedPaxLoggingService.updated(PaxLoggingServiceImpl.java:408)
 [5:org.ops4j.pax.logging.pax-logging-log4j2:1.9.1.SNAPSHOT]
        at 
org.apache.felix.cm.impl.helper.ManagedServiceTracker$1.run(ManagedServiceTracker.java:177)
 [6:org.apache.felix.configadmin:1.8.8]
        at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
        at 
org.apache.felix.cm.impl.helper.ManagedServiceTracker.updated(ManagedServiceTracker.java:173)
 [6:org.apache.felix.configadmin:1.8.8]
        at 
org.apache.felix.cm.impl.helper.ManagedServiceTracker.updateService(ManagedServiceTracker.java:152)
 [6:org.apache.felix.configadmin:1.8.8]
        at 
org.apache.felix.cm.impl.helper.ManagedServiceTracker.provideConfiguration(ManagedServiceTracker.java:85)
 [6:org.apache.felix.configadmin:1.8.8]
        at 
org.apache.felix.cm.impl.ConfigurationManager$ManagedServiceUpdate.provide(ConfigurationManager.java:1444)
 [6:org.apache.felix.configadmin:1.8.8]
        at 
org.apache.felix.cm.impl.ConfigurationManager$ManagedServiceUpdate.run(ConfigurationManager.java:1400)
 [6:org.apache.felix.configadmin:1.8.8]
        at org.apache.felix.cm.impl.UpdateThread$1.run(UpdateThread.java:131) 
[6:org.apache.felix.configadmin:1.8.8]
        at org.apache.felix.cm.impl.UpdateThread$1.run(UpdateThread.java:128) 
[6:org.apache.felix.configadmin:1.8.8]
        at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
        at org.apache.felix.cm.impl.UpdateThread.run0(UpdateThread.java:127) 
[6:org.apache.felix.configadmin:1.8.8]
        at org.apache.felix.cm.impl.UpdateThread.run(UpdateThread.java:110) 
[6:org.apache.felix.configadmin:1.8.8]
        at java.lang.Thread.run(Thread.java:745) [?:?]
{code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to