Hi,
I am trying to configure OSGi security such that bundles from certain
locations are forbidden from performing anything that requires
AdminPermission. To that end, I have created the following conditional
permission (in Kotlin):
val forbidAdmin = conditionalPermissionAdmin.newConditionalPermissionInfo(
"forbidAdmin",
arrayOf(ConditionInfo(BundleLocationCondition::class.java.name,
arrayOf("CAGE/*"))),
arrayOf(PermissionInfo(AdminPermission::class.java.name, "*", "*")),
DENY
)
My understanding is that OSGi security will apply this to any bundle
whose location matches "CAGE/*", thus preventing code inside these
bundles from executing (say) Bundle.getBundleContext().
However, Felix does not appear to be applying the ConditionInfo
correctly because my bundles are still successfully invoking
Bundle.getBundleContext(). Even more frustrating is that I have
already used this exact same ConditonInfo to restrict these bundles'
ServicePermissions.
I cannot understand why Felix Security is parsing this ConditionInfo
differently for AdminPermission than it is for ServicePermission. Can
anyone see what I may be doing wrong please?
Thanks,
Chris Rankin
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@felix.apache.org
For additional commands, e-mail: users-h...@felix.apache.org
