Search in sources :

Example 1 with PackagePermission

use of org.osgi.framework.PackagePermission in project rt.equinox.framework by eclipse.

the class PermissionTests method badPackagePermission.

protected void badPackagePermission(String name, String actions) {
    try {
        PackagePermission p = new PackagePermission(name, actions);
        // $NON-NLS-1$
        fail(p + " created with invalid actions");
    } catch (IllegalArgumentException e) {
    // expected
    }
}
Also used : PackagePermission(org.osgi.framework.PackagePermission)

Example 2 with PackagePermission

use of org.osgi.framework.PackagePermission in project rt.equinox.framework by eclipse.

the class PackagePermissionTests method testPackagePermission.

public void testPackagePermission() {
    // $NON-NLS-1$ //$NON-NLS-2$
    badPackagePermission("a.b.c", "x");
    // $NON-NLS-1$ //$NON-NLS-2$
    badPackagePermission("a.b.c", "   get  ,  x   ");
    // $NON-NLS-1$ //$NON-NLS-2$
    badPackagePermission("a.b.c", "");
    // $NON-NLS-1$ //$NON-NLS-2$
    badPackagePermission("a.b.c", "      ");
    // $NON-NLS-1$
    badPackagePermission("a.b.c", null);
    // $NON-NLS-1$ //$NON-NLS-2$
    badPackagePermission("a.b.c", ",");
    // $NON-NLS-1$ //$NON-NLS-2$
    badPackagePermission("a.b.c", ",xxx");
    // $NON-NLS-1$ //$NON-NLS-2$
    badPackagePermission("a.b.c", "xxx,");
    // $NON-NLS-1$ //$NON-NLS-2$
    badPackagePermission("a.b.c", "import,");
    // $NON-NLS-1$ //$NON-NLS-2$
    badPackagePermission("a.b.c", "export,   ");
    // $NON-NLS-1$ //$NON-NLS-2$
    badPackagePermission("a.b.c", "importme,");
    // $NON-NLS-1$ //$NON-NLS-2$
    badPackagePermission("a.b.c", "exportme,");
    // $NON-NLS-1$ //$NON-NLS-2$
    badPackagePermission("a.b.c", ",import");
    // $NON-NLS-1$ //$NON-NLS-2$
    badPackagePermission("a.b.c", ",export");
    // $NON-NLS-1$ //$NON-NLS-2$
    badPackagePermission("a.b.c", "   importme   ");
    // $NON-NLS-1$ //$NON-NLS-2$
    badPackagePermission("a.b.c", "   exportme     ");
    // $NON-NLS-1$ //$NON-NLS-2$
    badPackagePermission("a.b.c", "   impor");
    // $NON-NLS-1$ //$NON-NLS-2$
    badPackagePermission("a.b.c", "   expor");
    // $NON-NLS-1$ //$NON-NLS-2$
    Permission op = new PropertyPermission("java.home", "read");
    // $NON-NLS-1$ //$NON-NLS-2$
    PackagePermission p11 = new PackagePermission("com.foo.service1", "    IMPORT,export   ");
    // $NON-NLS-1$ //$NON-NLS-2$
    PackagePermission p12 = new PackagePermission("com.foo.service1", "EXPORT  ,   import");
    // $NON-NLS-1$ //$NON-NLS-2$
    PackagePermission p13 = new PackagePermission("com.foo.service1", "expORT   ");
    // $NON-NLS-1$ //$NON-NLS-2$
    PackagePermission p14 = new PackagePermission("com.foo.service1", "    Import    ");
    shouldImply(p11, p11);
    shouldImply(p11, p12);
    shouldImply(p11, p13);
    shouldImply(p11, p14);
    shouldImply(p12, p11);
    shouldImply(p12, p12);
    shouldImply(p12, p13);
    shouldImply(p12, p14);
    shouldImply(p13, p11);
    shouldImply(p13, p12);
    shouldImply(p13, p13);
    shouldImply(p13, p14);
    shouldImply(p14, p14);
    shouldNotImply(p14, p11);
    shouldNotImply(p14, p12);
    shouldNotImply(p14, p13);
    shouldNotImply(p11, op);
    shouldEqual(p11, p11);
    shouldEqual(p11, p12);
    shouldEqual(p11, p13);
    shouldEqual(p12, p11);
    shouldEqual(p12, p12);
    shouldEqual(p12, p13);
    shouldEqual(p13, p11);
    shouldEqual(p13, p12);
    shouldEqual(p13, p13);
    shouldNotEqual(p11, p14);
    shouldNotEqual(p12, p14);
    shouldNotEqual(p13, p14);
    shouldNotEqual(p14, p11);
    shouldNotEqual(p14, p12);
    shouldNotEqual(p14, p13);
    PermissionCollection pc = p13.newPermissionCollection();
    checkEnumeration(pc.elements(), true);
    shouldNotImply(pc, p11);
    shouldAdd(pc, p14);
    shouldImply(pc, p14);
    shouldNotImply(pc, p11);
    shouldNotImply(pc, p12);
    shouldNotImply(pc, p13);
    shouldAdd(pc, p13);
    shouldImply(pc, p11);
    shouldImply(pc, p12);
    shouldImply(pc, p13);
    shouldImply(pc, p14);
    shouldNotAdd(pc, op);
    pc = p13.newPermissionCollection();
    shouldAdd(pc, p13);
    shouldImply(pc, p11);
    shouldImply(pc, p12);
    shouldImply(pc, p13);
    shouldImply(pc, p14);
    pc = p11.newPermissionCollection();
    shouldAdd(pc, p11);
    shouldImply(pc, p11);
    shouldImply(pc, p12);
    shouldImply(pc, p13);
    shouldImply(pc, p14);
    pc.setReadOnly();
    shouldNotAdd(pc, p12);
    checkEnumeration(pc.elements(), false);
    // $NON-NLS-1$ //$NON-NLS-2$
    PackagePermission p21 = new PackagePermission("com.foo.service2", "import");
    // $NON-NLS-1$ //$NON-NLS-2$
    PackagePermission p22 = new PackagePermission("com.foo.*", "import");
    // $NON-NLS-1$ //$NON-NLS-2$
    PackagePermission p23 = new PackagePermission("com.*", "import");
    // $NON-NLS-1$ //$NON-NLS-2$
    PackagePermission p24 = new PackagePermission("*", "import");
    shouldImply(p21, p21);
    shouldImply(p22, p21);
    shouldImply(p23, p21);
    shouldImply(p24, p21);
    shouldImply(p22, p22);
    shouldImply(p23, p22);
    shouldImply(p24, p22);
    shouldImply(p23, p23);
    shouldImply(p24, p23);
    shouldImply(p24, p24);
    shouldNotImply(p21, p22);
    shouldNotImply(p21, p23);
    shouldNotImply(p21, p24);
    shouldNotImply(p22, p23);
    shouldNotImply(p22, p24);
    shouldNotImply(p23, p24);
    pc = p21.newPermissionCollection();
    shouldAdd(pc, p21);
    shouldImply(pc, p21);
    shouldNotImply(pc, p22);
    shouldNotImply(pc, p23);
    shouldNotImply(pc, p24);
    shouldAdd(pc, p22);
    shouldImply(pc, p21);
    shouldImply(pc, p22);
    shouldNotImply(pc, p23);
    shouldNotImply(pc, p24);
    shouldAdd(pc, p23);
    shouldImply(pc, p21);
    shouldImply(pc, p22);
    shouldImply(pc, p23);
    shouldNotImply(pc, p24);
    shouldAdd(pc, p24);
    shouldImply(pc, p21);
    shouldImply(pc, p22);
    shouldImply(pc, p23);
    shouldImply(pc, p24);
    pc = p22.newPermissionCollection();
    shouldAdd(pc, p22);
    shouldImply(pc, p21);
    shouldImply(pc, p22);
    shouldNotImply(pc, p23);
    shouldNotImply(pc, p24);
    pc = p23.newPermissionCollection();
    shouldAdd(pc, p23);
    shouldImply(pc, p21);
    shouldImply(pc, p22);
    shouldImply(pc, p23);
    shouldNotImply(pc, p24);
    pc = p24.newPermissionCollection();
    shouldAdd(pc, p24);
    shouldImply(pc, p21);
    shouldImply(pc, p22);
    shouldImply(pc, p23);
    shouldImply(pc, p24);
    testSerialization(p11);
    testSerialization(p12);
    testSerialization(p13);
    testSerialization(p14);
    testSerialization(p21);
    testSerialization(p22);
    testSerialization(p23);
    testSerialization(p24);
}
Also used : PermissionCollection(java.security.PermissionCollection) PropertyPermission(java.util.PropertyPermission) PackagePermission(org.osgi.framework.PackagePermission) Permission(java.security.Permission) PropertyPermission(java.util.PropertyPermission) PackagePermission(org.osgi.framework.PackagePermission)

Example 3 with PackagePermission

use of org.osgi.framework.PackagePermission in project rt.equinox.framework by eclipse.

the class DynamicImportList method validateSyntaxAndCheckPackagePermission.

private void validateSyntaxAndCheckPackagePermission(String dynamicImportPackageDescription) {
    ManifestElement[] clauses;
    // Validate the syntax of imports that are added.
    try {
        clauses = ManifestElement.parseHeader(Constants.IMPORT_PACKAGE, dynamicImportPackageDescription);
    } catch (Exception e) {
        throw new IllegalArgumentException(e);
    }
    SecurityManager sm = System.getSecurityManager();
    if (sm == null)
        return;
    // for each dynamic import added.
    for (ManifestElement clause : clauses) for (String pkg : clause.getValueComponents()) sm.checkPermission(new PackagePermission(pkg, PackagePermission.IMPORT));
}
Also used : ManifestElement(org.eclipse.osgi.util.ManifestElement) PackagePermission(org.osgi.framework.PackagePermission)

Example 4 with PackagePermission

use of org.osgi.framework.PackagePermission in project aries by apache.

the class ScopeSecurityTest method testScopeSecurityWithServiceShared.

// @Test
public void testScopeSecurityWithServiceShared() throws Exception {
    SecurityManager security = System.getSecurityManager();
    assertNotNull("Security manager should not be null", security);
    Bundle[] bundles = bundleContext.getBundles();
    for (Bundle b : bundles) {
        // set up condition permission for scope
        if (b.getSymbolicName().indexOf("subsystem.scope.impl") > -1) {
            ServiceReference permRef = bundleContext.getServiceReference(ConditionalPermissionAdmin.class.getName());
            ConditionalPermissionAdmin permAdmin = (ConditionalPermissionAdmin) bundleContext.getService(permRef);
            ConditionalPermissionUpdate update = permAdmin.newConditionalPermissionUpdate();
            List<ConditionalPermissionInfo> infos = update.getConditionalPermissionInfos();
            // infos.clear();
            // set up the conditionInfo
            ConditionInfo[] conditionInfo = new ConditionInfo[] { new ConditionInfo("org.osgi.service.condpermadmin.BundleLocationCondition", new String[] { b.getLocation() }) };
            // Set up permissions which are common to all applications
            infos.add(permAdmin.newConditionalPermissionInfo(null, conditionInfo, adminAllowInfo, "allow"));
            update.commit();
        }
    }
    ScopeUpdate su = scope.newScopeUpdate();
    ScopeUpdate childScopeUpdate = su.newChild("scope_test1");
    Map<String, List<SharePolicy>> sharePolicies = childScopeUpdate.getSharePolicies(SharePolicy.TYPE_EXPORT);
    final Filter filter1 = FrameworkUtil.createFilter("(&" + "(osgi.package=org.apache.aries.subsystem.example.helloIsolation)" + ")");
    final Filter filter2 = FrameworkUtil.createFilter("(&" + "(osgi.service=org.apache.aries.subsystem.example.helloIsolation.HelloIsolation)" + ")");
    List<SharePolicy> packagePolicies = sharePolicies.get(BundleRevision.PACKAGE_NAMESPACE);
    if (packagePolicies == null) {
        packagePolicies = new ArrayList<SharePolicy>();
        sharePolicies.put(BundleRevision.PACKAGE_NAMESPACE, packagePolicies);
    }
    packagePolicies.add(new SharePolicy(SharePolicy.TYPE_EXPORT, BundleRevision.PACKAGE_NAMESPACE, filter1));
    List<SharePolicy> servicePolicies = sharePolicies.get("scope.share.service");
    if (servicePolicies == null) {
        servicePolicies = new ArrayList<SharePolicy>();
        sharePolicies.put("scope.share.service", servicePolicies);
    }
    servicePolicies.add(new SharePolicy(SharePolicy.TYPE_EXPORT, "scope.share.service", filter2));
    // build up installInfo object for the scope
    InstallInfo info1 = new InstallInfo("helloIsolation", new URL("mvn:org.apache.aries.subsystem.example/org.apache.aries.subsystem.example.helloIsolation/0.4-SNAPSHOT"));
    InstallInfo info2 = new InstallInfo("helloIsolationRef", new URL("mvn:org.apache.aries.subsystem.example/org.apache.aries.subsystem.example.helloIsolationRef/0.4-SNAPSHOT"));
    List<InstallInfo> bundlesToInstall = childScopeUpdate.getBundlesToInstall();
    bundlesToInstall.add(info1);
    bundlesToInstall.add(info2);
    // add bundles to be installed, based on subsystem content
    su.commit();
    // start all bundles in the scope scope_test1
    Collection<Bundle> bundlesToStart = childScopeUpdate.getBundles();
    for (Bundle b : bundlesToStart) {
        b.start();
    }
    try {
        ServiceReference sr = bundleContext.getServiceReference("org.apache.aries.subsystem.example.helloIsolation.HelloIsolation");
        fail("should not be able to get the sr for HelloIsolation service");
    } catch (Exception ex) {
    // expected
    } catch (Error er) {
    // expected
    }
    // test bundle find hooks
    bundles = bundleContext.getBundles();
    for (Bundle b : bundles) {
        System.out.println("Bundle is " + b.getBundleId() + ": " + b.getSymbolicName());
        if (b.getSymbolicName().indexOf("org.apache.aries.subsystem.example.helloIsolation") > -1) {
            fail("bundles with name starts with org.apache.aries.subsystem.example.helloIsolation should be in a different scope");
        }
    }
    // test bundle service find hook
    // ServiceReference sr = bundleContext.getServiceReference(HelloIsolation.class.getName());
    // assertNull("sr should be null", sr);
    Collection<Scope> children = scope.getChildren();
    assertEquals(1, children.size());
    for (Scope child : children) {
        if (child.getName().equals("scope_test1")) {
            Collection<Bundle> buns = child.getBundles();
            assertEquals(2, buns.size());
            assertEquals(0, child.getChildren().size());
            BundleContext childScopebundleContext = null;
            for (Bundle b : buns) {
                assertTrue(b.getSymbolicName().indexOf("org.apache.aries.subsystem.example.helloIsolation") > -1);
                if (b.getSymbolicName().indexOf("org.apache.aries.subsystem.example.helloIsolationRef") > -1) {
                    childScopebundleContext = b.getBundleContext();
                }
            }
            assertNotNull(childScopebundleContext);
            ServiceReference sr = childScopebundleContext.getServiceReference("org.apache.aries.subsystem.example.helloIsolation.HelloIsolation");
            assertNotNull("sr is not null", sr);
            System.out.println("got the sr, go get service next");
            HelloIsolation hi = (HelloIsolation) childScopebundleContext.getService(sr);
            hi.hello();
            Permission permission = new PackagePermission("*", PackagePermission.IMPORT);
            hi.checkPermission(permission);
        }
    }
    // install a test bundle in the root scope
    URL url = new URL("mvn:org.apache.felix/org.apache.felix.fileinstall/2.0.8");
    bundleContext.installBundle("org.apache.felix.fileinstall-rootScope", url.openStream());
    // remove child scope
    su = scope.newScopeUpdate();
    Collection<ScopeUpdate> scopes = su.getChildren();
    // obtain child scope admin from service registry
    // String filter = "ScopeName=scope_test1";
    Scope childScopeAdmin = childScopeUpdate.getScope();
    assertEquals(scope, childScopeAdmin.getParent());
    scopes.remove(childScopeUpdate);
    su.commit();
    assertFalse(scope.getChildren().contains(childScopeAdmin));
    su = scope.newScopeUpdate();
    assertFalse(su.getChildren().contains(childScopeUpdate));
// childScopeAdmin = null;
// try {
// childScopeAdmin = getOsgiService(Scope.class, filter, DEFAULT_TIMEOUT);
// } catch (Exception ex) {
// // ignore
// }
// assertNull("scope admin service for the scope should be unregistered", childScopeAdmin);
}
Also used : SharePolicy(org.apache.aries.subsystem.scope.SharePolicy) URL(java.net.URL) HelloIsolation(org.apache.aries.subsystem.example.helloIsolation.HelloIsolation) ConditionalPermissionInfo(org.osgi.service.condpermadmin.ConditionalPermissionInfo) PackagePermission(org.osgi.framework.PackagePermission) Permission(java.security.Permission) ArrayList(java.util.ArrayList) List(java.util.List) ConditionalPermissionUpdate(org.osgi.service.condpermadmin.ConditionalPermissionUpdate) ConditionInfo(org.osgi.service.condpermadmin.ConditionInfo) ConditionalPermissionAdmin(org.osgi.service.condpermadmin.ConditionalPermissionAdmin) InstallInfo(org.apache.aries.subsystem.scope.InstallInfo) Bundle(org.osgi.framework.Bundle) CoreOptions.mavenBundle(org.ops4j.pax.exam.CoreOptions.mavenBundle) ScopeUpdate(org.apache.aries.subsystem.scope.ScopeUpdate) PackagePermission(org.osgi.framework.PackagePermission) ServiceReference(org.osgi.framework.ServiceReference) Scope(org.apache.aries.subsystem.scope.Scope) Filter(org.osgi.framework.Filter) BundleContext(org.osgi.framework.BundleContext)

Aggregations

PackagePermission (org.osgi.framework.PackagePermission)4 Permission (java.security.Permission)2 URL (java.net.URL)1 PermissionCollection (java.security.PermissionCollection)1 ArrayList (java.util.ArrayList)1 List (java.util.List)1 PropertyPermission (java.util.PropertyPermission)1 HelloIsolation (org.apache.aries.subsystem.example.helloIsolation.HelloIsolation)1 InstallInfo (org.apache.aries.subsystem.scope.InstallInfo)1 Scope (org.apache.aries.subsystem.scope.Scope)1 ScopeUpdate (org.apache.aries.subsystem.scope.ScopeUpdate)1 SharePolicy (org.apache.aries.subsystem.scope.SharePolicy)1 ManifestElement (org.eclipse.osgi.util.ManifestElement)1 CoreOptions.mavenBundle (org.ops4j.pax.exam.CoreOptions.mavenBundle)1 Bundle (org.osgi.framework.Bundle)1 BundleContext (org.osgi.framework.BundleContext)1 Filter (org.osgi.framework.Filter)1 ServiceReference (org.osgi.framework.ServiceReference)1 ConditionInfo (org.osgi.service.condpermadmin.ConditionInfo)1 ConditionalPermissionAdmin (org.osgi.service.condpermadmin.ConditionalPermissionAdmin)1