Re: [equinox-dev] Support for launching with just (Conditional) Permissi

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [equinox-dev] Support for launching with just (Conditional) Permission Admin?

From: Thomas Watson <tjwatson@xxxxxxxxxx>
Date: Thu, 7 Feb 2008 11:22:40 -0600
Delivered-to: equinox-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/listinfo/equinox-dev>
List-help: <mailto:equinox-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/equinox-dev>, <mailto:equinox-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/listinfo/equinox-dev>, <mailto:equinox-dev-request@eclipse.org?subject=unsubscribe>

I think your interpretation of the specification is correct according to 9.10. But I think it poses quite a dilemma for boot strapping the Framework with permissions. Imagine a framework that has ConditionalPermissionAdmin with no ConditionalPermissionInfo object. If the "default default" pemissions are ignored in this case then then all bundles installed in the framework will have no permissions by default. This makes it hard for a boot strap bundle to setup permissions because it will not have the right permissions to do so. Here is what Equinox does.

- PA's location bound permissions, if present for a given bundle, are used and all CPA tuples are ignored.
- If at least one tuple condition is satisfied for a given bundle then the permissions granted by CPA are used
- If no tuple exist where the conditions are satisfied for a given bundle then finally the default permissions are use from PA.

This allows for AllPermissions to be granted to all bundles by default until an admin bundle can be executed to setup the policy in CPA. I will have to open a bug against the OSGi specification to get clarification on this situation. There have been some recent threads on the osgi-dev mailing list that implies that the greater OSGi community of experts think that the OSGi Framework is wide open (grant bundles AllPermissions by default) until an admin bundle locks it down by setting permissions with either PA or CPA. But section 9.10 seems to go against this thinking.

Tom

Marcel Offermans ---02/07/2008 09:47:42 AM---The spec, in 9.10, explains the relation between CPA and PA, and states "The default conditions of Permission Admin are therefo

From:	Marcel Offermans <marcel.offermans@xxxxxxxxxx>
To:	Equinox development mailing list <equinox-dev@xxxxxxxxxxx>
Date:	02/07/2008 09:47 AM
Subject:	Re: [equinox-dev] Support for launching with just (Conditional) Permission Admin?

The spec, in 9.10, explains the relation between CPA and PA, and states "The default conditions of Permission Admin are therefore never used when Conditional Permission Admin is present." (last sentence of next to last paragraph).

From your explanation below I get the impression that default conditions still have an influence.

In short my interpretation, when CPA and PA are present, is that:
- PA's default permissions get ignored completely
- PA's location bound permissions, if present, should be used (in which case, the CPA is completely ignored)
- CPA's permissions should be used in all other cases.

What do you think?

Greetings, Marcel

On Feb 7, 2008, at 15:26 , Thomas Watson wrote:

Equinox does not have a way to run with ConditionalPermissionAdmin but without PermissionAdmin. But you can get equivalent behavior by setting the default permissions in PermissionAdmin to an empty array (i.e. permAdmin.setDefaultPermissions(new PermissionInfo[0])). If you don't do this then the "default default" permissions for permission admin is AllPermissions.

This will allow you to control all the permissions with ConditionalPermissionAdmin and the permission checks will not fall back to the default permissions in PermissionAdmin.

Tom

<graycol.gif>

Marcel Offermans ---02/07/2008 06:20:22 AM---The OSGi security model started out with the Permission Admin service.

<ecblank.gif> From:	<ecblank.gif> Marcel Offermans <marcel.offermans@xxxxxxxxxx>
<ecblank.gif> To:	<ecblank.gif> Equinox development mailing list <equinox-dev@xxxxxxxxxxx>
<ecblank.gif> Date:	<ecblank.gif> 02/07/2008 06:20 AM
<ecblank.gif> Subject:	<ecblank.gif> [equinox-dev] Support for launching with just (Conditional) Permission Admin?

The OSGi security model started out with the Permission Admin service. Lateron, the Conditional Permission Admin was added. Frameworks are allowed to publish: - none of these services (the default, no security is active); - just Permission Admin (the "older" model); - just Conditional Permission Admin (encouraged, the "new way" to do it); - both Permission Admin and Conditional Permission Admin (most compatible option, with some special restrictions). My question: I can run both without and with both services published, but does equinox also allow me to run with just PermissionAdmin or ConditionalPermissionAdmin? If so, how? _______________________________________________ equinox-dev mailing list

equinox-dev@xxxxxxxxxxx

https://dev.eclipse.org/mailman/listinfo/equinox-dev

_______________________________________________
equinox-dev mailing list

equinox-dev@xxxxxxxxxxx

https://dev.eclipse.org/mailman/listinfo/equinox-dev

_______________________________________________ equinox-dev mailing list equinox-dev@xxxxxxxxxxxhttps://dev.eclipse.org/mailman/listinfo/equinox-dev

References:
- [equinox-dev] Support for launching with just (Conditional) Permission Admin?
  - From: Marcel Offermans
- Re: [equinox-dev] Support for launching with just (Conditional) Permission Admin?
  - From: Thomas Watson
- Re: [equinox-dev] Support for launching with just (Conditional) Permission Admin?
  - From: Marcel Offermans

Prev by Date: Re: [equinox-dev] [launcher] Showsplash
Next by Date: [equinox-dev] p2 projects tagged for build
Previous by thread: Re: [equinox-dev] Support for launching with just (Conditional) Permission Admin?
Next by thread: [equinox-dev] [prov] I20080207-0010 metadata not usable
Index(es):
- Date
- Thread

Breadcrumbs