|
|
Re: Restricting package access with PackagePermission [message #810227 is a reply to message #810154] |
Wed, 29 February 2012 21:43 |
Cristian Spiescu Messages: 100 Registered: July 2009 |
Senior Member |
|
|
Hello Tom,
Thank you for your reply.
Quote:Also, I have to confirm you are launching eclipse with security enabled
I start equinox with a security manager that points to a policy that grants AllPermission:
-Djava.security.manager -Djava.security.policy=${workspace_loc}\test.permisiuni_osgi.main\all.policy
Quote:When you use PackagePermission how are you using it?
First: I install the plugin:
pluginB = Activator.getDefault().getBundle().getBundleContext().installBundle(bLocationString);
Second: I add a new permission using ConditionalPermissionAdmin:
// add deny permissions
ConditionalPermissionInfo info = permissionAdmin.newConditionalPermissionInfo(
bundle.getLocation() + "_2",
new ConditionInfo[]{
new ConditionInfo(BundleLocationCondition.class.getName(), new String[] {bundle.getLocation()})
}
, new PermissionInfo[]{
new PermissionInfo(PackagePermission.class.getName(), "p2", "import")
},
ConditionalPermissionInfo.DENY
);
Using the above construct, I wish to restrict the access to the "p2" package.
Third: I start the plugin.
Results:
If the plugin declares in the manifest file that it imports package "p2", then the start methods throws an exception, and the plugin won't start. However, if the plugin doesn't declare the "p2" import, but its code tries to access the class (e.g. Class.forName("p2.MyClass"), I get no security exception. And I would expect/want to have one (security exception).
Best regards,
Cristian.
|
|
|
|
|
|
Re: Restricting package access with PackagePermission [message #810743 is a reply to message #810454] |
Thu, 01 March 2012 13:54 |
Thomas Watson Messages: 503 Registered: July 2009 |
Senior Member |
|
|
Cristian Mising name wrote on Wed, 29 February 2012 23:36Yes indeed, I use the Require Bundle.
So if I understand correctly, my only option is to deny the use of "Require bundle" and to force the third party plugins use the "import package" statements. This way, if the plugin uses "illegal" packages, it is stopped from the beginning (i.e. during the plugin startup). So there is no way to make equinox control the package access during runtime (i.e. during class instantiation).
Is this understanding correct?
Cristian Mising name wrote on Wed, 29 February 2012 23:36
If yes, another thought crosses my mind: using a custom classloader for the plugin, that checks for permissions during "findClass()" calls.
Thank you.
Best regards,
Cristian.
If you don't mind using Equinox specific APIs then you could hook into the class loader of the bundles. Equinox Framework Hooks
I would suggest using the org.eclipse.osgi.framework.adaptor.ClassLoaderDelegateHook hook and the preFind* methods. This would allow you to throw a runtime exception (like SecurityException) or a ClassNotFoundException if you detect a particular bundle is trying to load a class you don't want them to.
HTH.
|
|
|
|
Re: Restricting package access with PackagePermission [message #810784 is a reply to message #810747] |
Thu, 01 March 2012 14:55 |
Thomas Watson Messages: 503 Registered: July 2009 |
Senior Member |
|
|
Cristian Mising name wrote on Thu, 01 March 2012 08:02Thanks for the tip.
I understand that my first statement is also correct, right? I.e., besides modifying the class loader (or using a hook), I can block the access to a class only by doing this:
Quote:
So if I understand correctly, my only option is to deny the use of "Require bundle" and to force the third party plugins use the "import package" statements. This way, if the plugin uses "illegal" packages, it is stopped from the beginning (i.e. during the plugin startup). So there is no way to make equinox control the package access during runtime (i.e. during class instantiation).
Best regards,
Cristian.
Sorry, I split your comment to insert my reply and forgot to
Yes, your understanding is correct. Require-Bundle is a coarse grained dependency and therefore only has a coarse grain permission that allows you to either allow the whole bundle to be required or deny the whole thing.
Tom.
|
|
|
|
Powered by
FUDForum. Page generated in 0.04406 seconds