Re: Problems with ConditionalPermissionAdmin

Thu, 03 Apr 2014 06:42:02 -0700 

Thanks Karl!
I report here last attempts with results:

*ATTEMPT 1:*

/ALLOW {
        [org.osgi.service.condpermadmin.BundleSignerCondition "*; O=OTHER"]
        ( java.io.FilePermission "readableFolder\-" "read")
} "Allow bundles signed by OTHER to read file in readableFolder" 

DENY {
        [org.osgi.service.condpermadmin.BundleSignerCondition "*; O=OTHER"]
        ( java.io.FilePermission "-" "*")
}  "Deny bundles signed by OTHER to read and write files everywhere else" 
 
 ALLOW {
   ( java.security.AllPermission "*" "*")
} "But give all other not denied permissions to all bundles" /

with this, the bundle signed by OTHER can read and write all files under
Felix folder tree


*ATTEMPT 2:*

/ALLOW {
        [org.osgi.service.condpermadmin.BundleSignerCondition "*; O=OTHER"]
        ( java.io.FilePermission "readableFolder\-" "read")
}"Allow bundles signed by OTHER to read file in readableFolder" 

DENY {
        [org.osgi.service.condpermadmin.BundleSignerCondition "*; O=OTHER"]
        ( java.io.FilePermission "-" "write")
}  "Deny bundles signed by OTHER to read and write files everywhere else" 
 
 ALLOW {
   ( java.security.AllPermission "*" "*")
} "But give all other not denied permissions to all bundles" /

with this, the bundle signed by OTHER cannot write all files under Felix
folder tree, but can read every file.
But if within the DENY condition I use "read,write" instead of only "wrte"
then the bundle cannot read even in the "allowed" folder (first ALLOW
condition).
I think the problem here is the syntax of the first parameter of the
java.io.FilePermission condition.
What is the correct way to write it? Is it possible to use a path relative
to the felix execution folder? Is there a way to write it which is
compatible with both Windows and Linux folder?
(I'm now working in Windows but I'll have to use the same framework under
linux too).

Thanks,
Andrea



--
View this message in context: 
http://apache-felix.18485.x6.nabble.com/Problems-with-ConditionalPermissionAdmin-tp5007954p5007961.html
Sent from the Apache Felix - Users mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to