Alex Alex - 1 month ago 20
Java Question

Setting permissions for OSGi bundles

I've run into a problem trying to limit actions that the OSGi bundle can perform. According to the documents I've read, permissions for OSGi bundles should be set in OSGI-INF/permissions.perm file within bundle's JAR. However, no matter what I write in that file (and no matter if this file exists or not), bundles seem to have AllPermissions. More specifically, I start OSGi from command line with command

D:\temp\2>java -jar org.eclipse.osgi_3.3.2.R33x_v20080105.jar -console
-Djava.security.manager=org.eclipse.osgi.framework.internal.core.FrameworkSecurityManager


Then I install bundle with command

osgi> install file:/d:/temp/2/J1.jar


and start it. When I try to perform an operation that should be restricted (e.g., accessing a file, loading a library, etc.), operation always succeeds, even with empty permissions.perm file. How do I make permissions specified in permissions.perm file active?

Answer

The permissions.perm does not specify what the bundle may do. It specifies what the bundle wants to do: See http://www.javacodegeeks.com/2012/11/permissions-in-osgi.html

So this file seems to be there to be able to fail fast if permissions are missing. You can even leave it out if this is not necessary for you.

The real security settings have to be done on the framework. See this for felix: https://felix.apache.org/documentation/subprojects/apache-felix-framework-security.html

Comments