Example 6 with ServicePermission
use of org.osgi.framework.ServicePermission in project rt.equinox.framework by eclipse.
the class ServicePermissionTests method testServicePermission.
public void testServicePermission() {
// $NON-NLS-1$ //$NON-NLS-2$
badServicePermission("a.b.c", "x");
// $NON-NLS-1$ //$NON-NLS-2$
badServicePermission("a.b.c", " get , x ");
// $NON-NLS-1$ //$NON-NLS-2$
badServicePermission("a.b.c", "");
// $NON-NLS-1$ //$NON-NLS-2$
badServicePermission("a.b.c", " ");
// $NON-NLS-1$
badServicePermission("a.b.c", null);
// $NON-NLS-1$ //$NON-NLS-2$
badServicePermission("a.b.c", ",");
// $NON-NLS-1$ //$NON-NLS-2$
badServicePermission("a.b.c", ",xxx");
// $NON-NLS-1$ //$NON-NLS-2$
badServicePermission("a.b.c", "xxx,");
// $NON-NLS-1$ //$NON-NLS-2$
badServicePermission("a.b.c", "get,");
// $NON-NLS-1$ //$NON-NLS-2$
badServicePermission("a.b.c", "register, ");
// $NON-NLS-1$ //$NON-NLS-2$
badServicePermission("a.b.c", "getme,");
// $NON-NLS-1$ //$NON-NLS-2$
badServicePermission("a.b.c", "registerme,");
// $NON-NLS-1$ //$NON-NLS-2$
badServicePermission("a.b.c", ",get");
// $NON-NLS-1$ //$NON-NLS-2$
badServicePermission("a.b.c", ",register");
// $NON-NLS-1$ //$NON-NLS-2$
badServicePermission("a.b.c", " getme ");
// $NON-NLS-1$ //$NON-NLS-2$
badServicePermission("a.b.c", " registerme ");
// $NON-NLS-1$ //$NON-NLS-2$
badServicePermission("a.b.c", " ge");
// $NON-NLS-1$ //$NON-NLS-2$
badServicePermission("a.b.c", " registe");
// $NON-NLS-1$ //$NON-NLS-2$
Permission op = new PropertyPermission("java.home", "read");
// $NON-NLS-1$ //$NON-NLS-2$
ServicePermission p11 = new ServicePermission("com.foo.service1", " GET,register ");
// $NON-NLS-1$ //$NON-NLS-2$
ServicePermission p12 = new ServicePermission("com.foo.service1", "REGISTER , get");
// $NON-NLS-1$ //$NON-NLS-2$
ServicePermission p13 = new ServicePermission("com.foo.service1", "regisTER ");
// $NON-NLS-1$ //$NON-NLS-2$
ServicePermission p14 = new ServicePermission("com.foo.service1", " Get ");
shouldImply(p11, p11);
shouldImply(p11, p12);
shouldImply(p11, p13);
shouldImply(p11, p14);
shouldImply(p12, p11);
shouldImply(p12, p12);
shouldImply(p12, p13);
shouldImply(p12, p14);
shouldImply(p13, p13);
shouldImply(p14, p14);
shouldNotImply(p13, p11);
shouldNotImply(p13, p12);
shouldNotImply(p14, p11);
shouldNotImply(p14, p12);
shouldNotImply(p13, p14);
shouldNotImply(p14, p13);
shouldNotImply(p11, op);
shouldEqual(p11, p11);
shouldEqual(p11, p12);
shouldEqual(p12, p11);
shouldEqual(p12, p12);
shouldEqual(p13, p13);
shouldEqual(p14, p14);
shouldNotEqual(p11, p13);
shouldNotEqual(p11, p14);
shouldNotEqual(p12, p13);
shouldNotEqual(p12, p14);
shouldNotEqual(p13, p11);
shouldNotEqual(p13, p12);
shouldNotEqual(p13, p14);
shouldNotEqual(p14, p11);
shouldNotEqual(p14, p12);
shouldNotEqual(p14, p13);
PermissionCollection pc = p13.newPermissionCollection();
checkEnumeration(pc.elements(), true);
shouldNotImply(pc, p11);
shouldAdd(pc, p14);
shouldImply(pc, p14);
shouldNotImply(pc, p11);
shouldNotImply(pc, p12);
shouldNotImply(pc, p13);
shouldAdd(pc, p13);
shouldImply(pc, p11);
shouldImply(pc, p12);
shouldImply(pc, p13);
shouldImply(pc, p14);
shouldNotAdd(pc, op);
pc = p13.newPermissionCollection();
shouldAdd(pc, p13);
shouldImply(pc, p13);
shouldNotImply(pc, p11);
shouldNotImply(pc, p12);
shouldNotImply(pc, p14);
shouldAdd(pc, p14);
shouldImply(pc, p11);
shouldImply(pc, p12);
shouldImply(pc, p13);
shouldImply(pc, p14);
pc = p11.newPermissionCollection();
shouldAdd(pc, p11);
shouldImply(pc, p11);
shouldImply(pc, p12);
shouldImply(pc, p13);
shouldImply(pc, p14);
pc.setReadOnly();
shouldNotAdd(pc, p12);
checkEnumeration(pc.elements(), false);
// $NON-NLS-1$ //$NON-NLS-2$
ServicePermission p21 = new ServicePermission("com.foo.service2", "get");
// $NON-NLS-1$ //$NON-NLS-2$
ServicePermission p22 = new ServicePermission("com.foo.*", "get");
// $NON-NLS-1$ //$NON-NLS-2$
ServicePermission p23 = new ServicePermission("com.*", "get");
// $NON-NLS-1$ //$NON-NLS-2$
ServicePermission p24 = new ServicePermission("*", "get");
shouldImply(p21, p21);
shouldImply(p22, p21);
shouldImply(p23, p21);
shouldImply(p24, p21);
shouldImply(p22, p22);
shouldImply(p23, p22);
shouldImply(p24, p22);
shouldImply(p23, p23);
shouldImply(p24, p23);
shouldImply(p24, p24);
shouldNotImply(p21, p22);
shouldNotImply(p21, p23);
shouldNotImply(p21, p24);
shouldNotImply(p22, p23);
shouldNotImply(p22, p24);
shouldNotImply(p23, p24);
pc = p21.newPermissionCollection();
shouldAdd(pc, p21);
shouldImply(pc, p21);
shouldNotImply(pc, p22);
shouldNotImply(pc, p23);
shouldNotImply(pc, p24);
shouldAdd(pc, p22);
shouldImply(pc, p21);
shouldImply(pc, p22);
shouldNotImply(pc, p23);
shouldNotImply(pc, p24);
shouldAdd(pc, p23);
shouldImply(pc, p21);
shouldImply(pc, p22);
shouldImply(pc, p23);
shouldNotImply(pc, p24);
shouldAdd(pc, p24);
shouldImply(pc, p21);
shouldImply(pc, p22);
shouldImply(pc, p23);
shouldImply(pc, p24);
pc = p22.newPermissionCollection();
shouldAdd(pc, p22);
shouldImply(pc, p21);
shouldImply(pc, p22);
shouldNotImply(pc, p23);
shouldNotImply(pc, p24);
pc = p23.newPermissionCollection();
shouldAdd(pc, p23);
shouldImply(pc, p21);
shouldImply(pc, p22);
shouldImply(pc, p23);
shouldNotImply(pc, p24);
pc = p24.newPermissionCollection();
shouldAdd(pc, p24);
shouldImply(pc, p21);
shouldImply(pc, p22);
shouldImply(pc, p23);
shouldImply(pc, p24);
testSerialization(p11);
testSerialization(p12);
testSerialization(p13);
testSerialization(p14);
testSerialization(p21);
testSerialization(p22);
testSerialization(p23);
testSerialization(p24);
}
Also used :
PermissionCollection(java.security.PermissionCollection)
PropertyPermission(java.util.PropertyPermission)
ServicePermission(org.osgi.framework.ServicePermission)
Permission(java.security.Permission)
ServicePermission(org.osgi.framework.ServicePermission)
PropertyPermission(java.util.PropertyPermission)
Example 7 with ServicePermission
use of org.osgi.framework.ServicePermission in project aries by apache.
the class ProviderBundleTrackerCustomizer method addingBundle.
@Override
public List<ServiceRegistration> addingBundle(final Bundle bundle, BundleEvent event) {
BundleRevision bundleRevision = bundle.adapt(BundleRevision.class);
if (bundle.equals(spiBundle) || ((bundleRevision != null) && ((bundleRevision.getTypes() & TYPE_FRAGMENT) == TYPE_FRAGMENT)))
// don't process the SPI bundle itself
return null;
log(Level.FINE, "Bundle Considered for SPI providers: " + bundle.getSymbolicName());
DiscoveryMode discoveryMode = DiscoveryMode.SERVICELOADER_CAPABILITIES;
List<String> providedServices = null;
Map<String, Object> customAttributes = new HashMap<String, Object>();
if (bundle.getHeaders().get(SpiFlyConstants.REQUIRE_CAPABILITY) != null) {
try {
providedServices = readServiceLoaderMediatorCapabilityMetadata(bundle, customAttributes);
} catch (InvalidSyntaxException e) {
log(Level.FINE, "Unable to read capabilities from bundle " + bundle, e);
}
}
String spiProviderHeader = getHeaderFromBundleOrFragment(bundle, SpiFlyConstants.SPI_PROVIDER_HEADER);
if (providedServices == null && spiProviderHeader != null) {
String header = spiProviderHeader.trim();
if ("*".equals(header)) {
providedServices = new ArrayList<String>();
} else {
providedServices = Stream.of(header.split(",")).map(String::trim).collect(toList());
}
discoveryMode = DiscoveryMode.SPI_PROVIDER_HEADER;
}
List<URL> serviceFileURLs = null;
if (providedServices == null) {
Entry<List<String>, List<URL>> autoServices = getFromAutoProviderProperty(bundle, customAttributes);
providedServices = autoServices.getKey();
serviceFileURLs = autoServices.getValue();
discoveryMode = DiscoveryMode.AUTO_PROVIDERS_PROPERTY;
}
if (providedServices == null) {
log(Level.FINE, "No provided SPI services. Skipping bundle: " + bundle.getSymbolicName());
return null;
} else {
log(Level.FINE, "Examining bundle for SPI provider: " + bundle.getSymbolicName());
}
for (String serviceType : providedServices) {
// Eagerly register any services that are explicitly listed, as they may not be found in META-INF/services
activator.registerProviderBundle(serviceType, bundle, customAttributes);
}
if (serviceFileURLs == null) {
serviceFileURLs = getServiceFileUrls(bundle);
}
final List<ServiceRegistration> registrations = new ArrayList<ServiceRegistration>();
for (ServiceDetails details : collectServiceDetails(bundle, serviceFileURLs, discoveryMode)) {
if (providedServices.size() > 0 && !providedServices.contains(details.serviceType))
continue;
try {
final Class<?> cls = bundle.loadClass(details.instanceType);
log(Level.FINE, "Loaded SPI provider: " + cls);
if (details.properties != null) {
ServiceRegistration reg = null;
Object instance = (details.properties.containsKey("service.scope") && "prototype".equalsIgnoreCase(String.valueOf(details.properties.get("service.scope")))) ? new ProviderPrototypeServiceFactory(cls) : new ProviderServiceFactory(cls);
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
if (bundle.hasPermission(new ServicePermission(details.serviceType, ServicePermission.REGISTER))) {
reg = bundle.getBundleContext().registerService(details.serviceType, instance, details.properties);
} else {
log(Level.FINE, "Bundle " + bundle + " does not have the permission to register services of type: " + details.serviceType);
}
} else {
reg = bundle.getBundleContext().registerService(details.serviceType, instance, details.properties);
}
if (reg != null) {
registrations.add(reg);
log(Level.FINE, "Registered service: " + reg);
}
}
activator.registerProviderBundle(details.serviceType, bundle, details.properties);
log(Level.INFO, "Registered provider " + details.instanceType + " of service " + details.serviceType + " in bundle " + bundle.getSymbolicName());
} catch (Exception e) {
log(Level.FINE, "Could not load provider " + details.instanceType + " of service " + details.serviceType, e);
}
}
return registrations;
}
Also used :
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
URL(java.net.URL)
InvalidSyntaxException(org.osgi.framework.InvalidSyntaxException)
IOException(java.io.IOException)
ServicePermission(org.osgi.framework.ServicePermission)
BundleRevision(org.osgi.framework.wiring.BundleRevision)
InvalidSyntaxException(org.osgi.framework.InvalidSyntaxException)
ArrayList(java.util.ArrayList)
Collectors.toList(java.util.stream.Collectors.toList)
List(java.util.List)
ServiceRegistration(org.osgi.framework.ServiceRegistration)
Example 8 with ServicePermission
use of org.osgi.framework.ServicePermission in project felix by apache.
the class Felix method getAllowedServiceReferences.
/**
* Retrieves Array of {@link ServiceReference} objects based on calling bundle, service class name,
* optional filter expression, and optionally filters further on the version.
* If running under a {@link SecurityManager}, checks that the calling bundle has permissions to
* see the service references and removes references that aren't.
* @param bundle Calling Bundle
* @param className Service Classname or <code>null</code> for all
* @param expr Filter Criteria or <code>null</code>
* @param checkAssignable <code>true</code> to check for isAssignable, <code>false</code> to return all versions
* @return Array of ServiceReference objects that meet the criteria
* @throws InvalidSyntaxException
*/
ServiceReference[] getAllowedServiceReferences(BundleImpl bundle, String className, String expr, boolean checkAssignable) throws InvalidSyntaxException {
ServiceReference[] refs = getServiceReferences(bundle, className, expr, checkAssignable);
Object sm = System.getSecurityManager();
if ((sm == null) || (refs == null)) {
return refs;
}
List result = new ArrayList();
for (int i = 0; i < refs.length; i++) {
try {
((SecurityManager) sm).checkPermission(new ServicePermission(refs[i], ServicePermission.GET));
result.add(refs[i]);
} catch (Exception ex) {
// Ignore, since we are just testing permission.
}
}
if (result.isEmpty()) {
return null;
}
return (ServiceReference[]) result.toArray(new ServiceReference[result.size()]);
}
Also used :
ServicePermission(org.osgi.framework.ServicePermission)
ArrayList(java.util.ArrayList)
List(java.util.List)
ArrayList(java.util.ArrayList)
ServiceException(org.osgi.framework.ServiceException)
BundleException(org.osgi.framework.BundleException)
InvalidSyntaxException(org.osgi.framework.InvalidSyntaxException)
FileNotFoundException(java.io.FileNotFoundException)
AccessControlException(java.security.AccessControlException)
ResolutionException(org.osgi.service.resolver.ResolutionException)
MalformedURLException(java.net.MalformedURLException)
IOException(java.io.IOException)
ServiceReference(org.osgi.framework.ServiceReference)
Example 9 with ServicePermission
use of org.osgi.framework.ServicePermission in project felix by apache.
the class AbstractComponentManager method hasServiceRegistrationPermissions.
private boolean hasServiceRegistrationPermissions() {
boolean allowed = true;
if (System.getSecurityManager() != null) {
final ServiceMetadata serviceMetadata = getComponentMetadata().getServiceMetadata();
if (serviceMetadata != null) {
final String[] services = serviceMetadata.getProvides();
if (services != null && services.length > 0) {
final Bundle bundle = getBundle();
for (String service : services) {
final Permission perm = new ServicePermission(service, ServicePermission.REGISTER);
if (!bundle.hasPermission(perm)) {
log(LogService.LOG_DEBUG, "Permission to register service {0} is denied", new Object[] { service }, null);
allowed = false;
}
}
}
}
}
// no security manager or no services to register
return allowed;
}
Also used :
Bundle(org.osgi.framework.Bundle)
ServicePermission(org.osgi.framework.ServicePermission)
Permission(java.security.Permission)
ServicePermission(org.osgi.framework.ServicePermission)
ServiceMetadata(org.apache.felix.scr.impl.metadata.ServiceMetadata)
Example 10 with ServicePermission
use of org.osgi.framework.ServicePermission in project felix by apache.
the class Configurator method activate.
/**
* Try to activate a configuration
* Check policy and change count
* @param configList The configuration list
* @param cfg The configuration to activate
* @return {@code true} if activation was successful
*/
public boolean activate(final ConfigList configList, final Config cfg) {
// check for configuration admin
Long configAdminServiceBundleId = this.state.getConfigAdminBundleId(cfg.getBundleId());
if (configAdminServiceBundleId == null) {
final Bundle configBundle = cfg.getBundleId() == -1 ? this.bundleContext.getBundle() : this.bundleContext.getBundle(Constants.SYSTEM_BUNDLE_LOCATION).getBundleContext().getBundle(cfg.getBundleId());
// we check the state again, just to be sure (to avoid race conditions)
if (configBundle != null && (configBundle.getState() == Bundle.STARTING || configBundle.getState() == Bundle.ACTIVE)) {
if (System.getSecurityManager() == null || configBundle.hasPermission(new ServicePermission(ConfigurationAdmin.class.getName(), ServicePermission.GET))) {
try {
final BundleContext ctx = configBundle.getBundleContext();
if (ctx != null) {
final Collection<ServiceReference<ConfigurationAdmin>> refs = ctx.getServiceReferences(ConfigurationAdmin.class, null);
final List<ServiceReference<ConfigurationAdmin>> sortedRefs = new ArrayList<>(refs);
Collections.sort(sortedRefs);
for (int i = sortedRefs.size(); i > 0; i--) {
final ServiceReference<ConfigurationAdmin> r = sortedRefs.get(i - 1);
synchronized (this.configAdminReferences) {
if (this.configAdminReferences.contains(r)) {
configAdminServiceBundleId = r.getBundle().getBundleId();
break;
}
}
}
}
} catch (final IllegalStateException e) {
// this might happen if the config admin bundle gets deactivated while we use it
// we can ignore this and retry later on
} catch (final InvalidSyntaxException e) {
// this can never happen as we pass {@code null} as the filter
}
}
}
}
if (configAdminServiceBundleId == null) {
// no configuration admin found, we have to retry
return false;
}
final ConfigurationAdmin configAdmin = this.getConfigurationAdmin(configAdminServiceBundleId);
if (configAdmin == null) {
// getting configuration admin failed, we have to retry
return false;
}
this.state.setConfigAdminBundleId(cfg.getBundleId(), configAdminServiceBundleId);
boolean ignore = false;
try {
// get existing configuration - if any
boolean update = false;
Configuration configuration = ConfigUtil.getOrCreateConfiguration(configAdmin, cfg.getPid(), false);
if (configuration == null) {
// new configuration
configuration = ConfigUtil.getOrCreateConfiguration(configAdmin, cfg.getPid(), true);
update = true;
} else {
if (cfg.getPolicy() == ConfigPolicy.FORCE) {
update = true;
} else {
if (configList.getLastInstalled() == null || configList.getChangeCount() != configuration.getChangeCount()) {
ignore = true;
} else {
update = true;
}
}
}
if (update) {
configuration.updateIfDifferent(cfg.getProperties());
cfg.setState(ConfigState.INSTALLED);
configList.setChangeCount(configuration.getChangeCount());
configList.setLastInstalled(cfg);
}
} catch (final InvalidSyntaxException | IOException e) {
SystemLogger.error("Unable to update configuration " + cfg.getPid() + " : " + e.getMessage(), e);
ignore = true;
}
if (ignore) {
cfg.setState(ConfigState.IGNORED);
configList.setChangeCount(-1);
configList.setLastInstalled(null);
}
return true;
}
Also used :
Configuration(org.osgi.service.cm.Configuration)
Bundle(org.osgi.framework.Bundle)
ArrayList(java.util.ArrayList)
IOException(java.io.IOException)
ServiceReference(org.osgi.framework.ServiceReference)
ServicePermission(org.osgi.framework.ServicePermission)
InvalidSyntaxException(org.osgi.framework.InvalidSyntaxException)
ConfigurationAdmin(org.osgi.service.cm.ConfigurationAdmin)
BundleContext(org.osgi.framework.BundleContext)
Aggregations
ServicePermission (org.osgi.framework.ServicePermission)13
ArrayList (java.util.ArrayList)6
IOException (java.io.IOException)5
ServiceReference (org.osgi.framework.ServiceReference)5
List (java.util.List)4
Bundle (org.osgi.framework.Bundle)3
BundleException (org.osgi.framework.BundleException)3
InvalidSyntaxException (org.osgi.framework.InvalidSyntaxException)3
AccessControlException (java.security.AccessControlException)2
Permission (java.security.Permission)2
FileNotFoundException (java.io.FileNotFoundException)1
MalformedURLException (java.net.MalformedURLException)1
URL (java.net.URL)1
PermissionCollection (java.security.PermissionCollection)1
PrivilegedAction (java.security.PrivilegedAction)1
EventObject (java.util.EventObject)1
HashMap (java.util.HashMap)1
PropertyPermission (java.util.PropertyPermission)1
Collectors.toList (java.util.stream.Collectors.toList)1
ServiceMetadata (org.apache.felix.scr.impl.metadata.ServiceMetadata)1
