karaf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-Baptiste Onofré (JIRA) <j...@apache.org>
Subject [jira] [Assigned] (KARAF-6073) framework-security not properly applying Conditional Permission Admin policy
Date Sun, 06 Jan 2019 05:15:00 GMT

     [ https://issues.apache.org/jira/browse/KARAF-6073?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Jean-Baptiste Onofré reassigned KARAF-6073:
-------------------------------------------

    Assignee: Jean-Baptiste Onofré

> framework-security not properly applying Conditional Permission Admin policy
> ----------------------------------------------------------------------------
>
>                 Key: KARAF-6073
>                 URL: https://issues.apache.org/jira/browse/KARAF-6073
>             Project: Karaf
>          Issue Type: Bug
>          Components: karaf
>    Affects Versions: 4.2.2
>         Environment: *custom.system.properties:*
> java.security.policy=${karaf.etc}/all.policy
>  org.osgi.framework.security=osgi
>  org.osgi.framework.trust.repositories=${karaf.etc}/test.truststore
> *startup.properties:*
> mvn\:org.apache.felix/org.apache.felix.framework.security/2.6.1 = 1
> mvn\:com.test/test-security/1.0-SNAPSHOT = 40
> *security.policy:*
> ALLOW {
>  ( java.security.AllPermission "*" "*" )
>  } "Allow All"
>            Reporter: Charles George
>            Assignee: Jean-Baptiste Onofré
>            Priority: Major
>              Labels: conditionalpermissionadmin, framework-security, karaf, security
>
> There seems to be an issue with felix framework security not respecting the "AllPermission"
I'm giving to all bundles. The test-security bundle has an Activator to update ConditionalPermissionAdmin
by reading the security.policy file. I've verified through the webconsole that the permissions
are applied correctly.
> I receive the following exception:
> java.security.AccessControlException: access denied ("java.io.FilePermission" "/home/test/Desktop/blah.txt"
"write")
> I've verified that I can, in fact, deny all permissions to bundles and stop the system
from even starting which tells me it is applying my policy, but the logic is wrong. I am installing
a feature on the system of my own bundles which forces some bundles to stop and restart.
As a result of this is it reverting back to just the implicit permissions? There are no permissions.perm
file in any of the bundles.
> This is the first time I'm testing this on karaf and have not tried it on any previous
versions.(though I have tested this policy on a plain felix)
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message