karaf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Charles George (JIRA)" <j...@apache.org>
Subject [jira] [Created] (KARAF-6073) framework-security not properly applying Conditional Permission Admin policy
Date Sun, 06 Jan 2019 04:07:00 GMT
Charles George created KARAF-6073:
-------------------------------------

             Summary: framework-security not properly applying Conditional Permission Admin
policy
                 Key: KARAF-6073
                 URL: https://issues.apache.org/jira/browse/KARAF-6073
             Project: Karaf
          Issue Type: Bug
          Components: karaf
    Affects Versions: 4.2.2
         Environment: *custom.system.properties:*

java.security.policy=${karaf.etc}/all.policy
 org.osgi.framework.security=osgi
 org.osgi.framework.trust.repositories=${karaf.etc}/test.truststore

*startup.properties:*

mvn\:org.apache.felix/org.apache.felix.framework.security/2.6.1 = 1

mvn\:com.test/test-security/1.0-SNAPSHOT = 40

*security.policy:*

ALLOW {
 ( java.security.AllPermission "*" "*" )
 } "Allow All"
            Reporter: Charles George


There seems to be an issue with felix framework security not respecting the "AllPermission"
I'm giving to all bundles. The test-security bundle has an Activator to update ConditionalPermissionAdmin
by reading the security.policy file. I've verified through the webconsole that the permissions
are applied correctly.

I receive the following exception:

java.security.AccessControlException: access denied ("java.io.FilePermission" "/home/test/Desktop/blah.txt"
"write")

I've verified that I can, in fact, deny all permissions to bundles and stop the system from
even starting which tells me it is applying my policy, but the logic is wrong. I am installing
a feature on the system of my own bundles which forces some bundles to stop and restart.
As a result of this is it reverting back to just the implicit permissions? There are no permissions.perm
file in any of the bundles.

This is the first time I'm testing this on karaf and have not tried it on any previous versions.(though
I have tested this policy on a plain felix)

 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message