Example 1 with ConditionalPermissionUpdate
use of org.osgi.service.condpermadmin.ConditionalPermissionUpdate in project felix by apache.
the class ConditionalPermissionAdminImpl method newConditionalPermissionUpdate.
public ConditionalPermissionUpdate newConditionalPermissionUpdate() {
return new ConditionalPermissionUpdate() {
List current = null;
List out = null;
{
synchronized (m_condPermInfos) {
current = new ArrayList(m_condPermInfos.values());
out = new ArrayList(m_condPermInfos.values());
}
}
public boolean commit() {
synchronized (m_condPermInfos) {
if (current.equals(new ArrayList(m_condPermInfos.values()))) {
m_condPermInfos.clear();
write(null, null);
for (Iterator iter = out.iterator(); iter.hasNext(); ) {
ConditionalPermissionInfoImpl cpii = (ConditionalPermissionInfoImpl) iter.next();
write(cpii.getName(), cpii);
}
} else {
return false;
}
}
return true;
}
public List getConditionalPermissionInfos() {
return out;
}
};
}
Also used :
ArrayList(java.util.ArrayList)
Iterator(java.util.Iterator)
List(java.util.List)
ArrayList(java.util.ArrayList)
ConditionalPermissionUpdate(org.osgi.service.condpermadmin.ConditionalPermissionUpdate)
Example 2 with ConditionalPermissionUpdate
use of org.osgi.service.condpermadmin.ConditionalPermissionUpdate in project ddf by codice.
the class PermissionActivator method start.
@SuppressWarnings("squid:S1149")
@Override
public void start(BundleContext bundleContext) throws Exception {
System.setProperty("/", File.separator);
this.conditionalPermissionAdmin = getConditionalPermissionAdmin(bundleContext);
String policyDir = SecurityActions.getSystemProperty("ddf.home") + File.separator + "security";
if (policyDir.startsWith("=")) {
policyDir = policyDir.substring(1);
}
File policyDirFile = new File(policyDir);
List<ParsedPolicy> parsedPolicies = new ArrayList<>();
for (File file : Objects.requireNonNull(policyDirFile.listFiles())) {
ParsedPolicy parse = null;
try {
parse = new Parser(false).parse(file);
} catch (Exception e) {
systemExit(file);
}
parsedPolicies.add(parse);
}
ConditionalPermissionUpdate conditionalPermissionUpdate = conditionalPermissionAdmin.newConditionalPermissionUpdate();
conditionalPermissionUpdate.getConditionalPermissionInfos().clear();
this.priorityResult = null;
List<ConditionalPermissionInfo> allGrantInfos = new ArrayList<>();
List<ConditionalPermissionInfo> allDenyInfos = new ArrayList<>();
for (ParsedPolicy parsedPolicy : parsedPolicies) {
List<ParsedPolicyEntry> grantEntries = parsedPolicy.getGrantEntries();
List<ParsedPolicyEntry> denyEntries = parsedPolicy.getDenyEntries();
buildConditionalPermissionInfo(grantEntries, allGrantInfos, ConditionalPermissionInfo.ALLOW);
buildConditionalPermissionInfo(denyEntries, allDenyInfos, ConditionalPermissionInfo.DENY);
Priority priority = parsedPolicy.getPriority();
if (priorityResult == null) {
this.priorityResult = priority;
} else if (priority != priorityResult) {
// if they don't match, then we can't make a determination on the priority, so we'll
// default to deny
this.priorityResult = Priority.DENY;
}
}
if (priorityResult == null && !allGrantInfos.isEmpty() && !allDenyInfos.isEmpty()) {
this.priorityResult = Priority.GRANT;
}
if (priorityResult == Priority.GRANT) {
conditionalPermissionUpdate.getConditionalPermissionInfos().addAll(allGrantInfos);
conditionalPermissionUpdate.getConditionalPermissionInfos().addAll(allDenyInfos);
conditionalPermissionUpdate.getConditionalPermissionInfos().add(getAllPermission(ConditionalPermissionInfo.ALLOW));
} else if (priorityResult == Priority.DENY) {
conditionalPermissionUpdate.getConditionalPermissionInfos().addAll(allDenyInfos);
conditionalPermissionUpdate.getConditionalPermissionInfos().addAll(allGrantInfos);
conditionalPermissionUpdate.getConditionalPermissionInfos().add(getAllPermission(ConditionalPermissionInfo.DENY));
}
conditionalPermissionUpdate.commit();
}
Also used :
Priority(net.sourceforge.prograde.type.Priority)
ArrayList(java.util.ArrayList)
Parser(net.sourceforge.prograde.policyparser.Parser)
ConditionalPermissionInfo(org.osgi.service.condpermadmin.ConditionalPermissionInfo)
ParsedPolicy(net.sourceforge.prograde.policyparser.ParsedPolicy)
ParsedPolicyEntry(net.sourceforge.prograde.policyparser.ParsedPolicyEntry)
File(java.io.File)
ConditionalPermissionUpdate(org.osgi.service.condpermadmin.ConditionalPermissionUpdate)
Example 3 with ConditionalPermissionUpdate
use of org.osgi.service.condpermadmin.ConditionalPermissionUpdate in project ddf by codice.
the class PermissionActivator method grantPermission.
public void grantPermission(String bundle, String permission) throws Exception {
synchronized (this) {
// use the parsed policy to make it easier to parse the permission string
final ParsedPolicy parsedPolicy = new Parser(false).parse(new StringReader(String.format("grant codebase \"file:/%s\" { permission %s; }", bundle, permission)));
final List<ParsedPolicyEntry> grantEntries = parsedPolicy.getGrantEntries();
final List<ConditionalPermissionInfo> allGrantInfos = new ArrayList<>();
final ConditionalPermissionUpdate conditionalPermissionUpdate = conditionalPermissionAdmin.newConditionalPermissionUpdate();
buildConditionalPermissionInfo(grantEntries, allGrantInfos, ConditionalPermissionInfo.ALLOW);
final ConditionalPermissionInfo grantInfo = allGrantInfos.get(0);
final List<ConditionalPermissionInfo> conditionalInfos = conditionalPermissionUpdate.getConditionalPermissionInfos();
boolean added = false;
// brand new conditional permission
for (final ListIterator<ConditionalPermissionInfo> i = conditionalInfos.listIterator(); i.hasNext(); ) {
final ConditionalPermissionInfo permInfo = i.next();
if (Objects.equals(grantInfo.getAccessDecision(), permInfo.getAccessDecision()) && Arrays.equals(grantInfo.getPermissionInfos(), permInfo.getPermissionInfos())) {
final ConditionInfo[] conditions = permInfo.getConditionInfos();
if ((conditions != null) && (conditions.length == 1) && BUNDLE_NAME_CONDITION.equals(conditions[0].getType())) {
final String[] bundles = conditions[0].getArgs();
final String[] newBundles = new String[bundles.length + 1];
System.arraycopy(bundles, 0, newBundles, 0, bundles.length);
newBundles[bundles.length] = bundle;
final ConditionalPermissionInfo newPermInfo = conditionalPermissionAdmin.newConditionalPermissionInfo(permInfo.getName(), new ConditionInfo[] { new ConditionInfo(BUNDLE_NAME_CONDITION, newBundles) }, permInfo.getPermissionInfos(), permInfo.getAccessDecision());
i.set(newPermInfo);
added = true;
break;
}
}
}
if (!added) {
// if priority is to grant then insert at the top, otherwise insert before
// the last entry which always reference an all-permission to deny
final int index = (priorityResult == Priority.GRANT) ? 0 : conditionalInfos.size() - 1;
conditionalInfos.add(index, grantInfo);
}
conditionalPermissionUpdate.commit();
}
}
Also used :
ConditionInfo(org.osgi.service.condpermadmin.ConditionInfo)
ArrayList(java.util.ArrayList)
Parser(net.sourceforge.prograde.policyparser.Parser)
ConditionalPermissionInfo(org.osgi.service.condpermadmin.ConditionalPermissionInfo)
ParsedPolicy(net.sourceforge.prograde.policyparser.ParsedPolicy)
StringReader(java.io.StringReader)
ParsedPolicyEntry(net.sourceforge.prograde.policyparser.ParsedPolicyEntry)
ConditionalPermissionUpdate(org.osgi.service.condpermadmin.ConditionalPermissionUpdate)
Example 4 with ConditionalPermissionUpdate
use of org.osgi.service.condpermadmin.ConditionalPermissionUpdate in project jersey by jersey.
the class AbstractWebAppTest method updatePermissionsFromFile.
private void updatePermissionsFromFile() throws IOException {
final ServiceReference cpaRef = bundleContext.getServiceReference(ConditionalPermissionAdmin.class.getName());
final ConditionalPermissionAdmin conditionalPermissionAdmin = (ConditionalPermissionAdmin) bundleContext.getService(cpaRef);
final ConditionalPermissionUpdate permissionUpdate = conditionalPermissionAdmin.newConditionalPermissionUpdate();
final List conditionalPermissionInfos = permissionUpdate.getConditionalPermissionInfos();
try {
final BufferedReader reader = new BufferedReader(new FileReader(felixPolicy));
String line;
final Set<String> cpiNames = new HashSet<String>();
while ((line = reader.readLine()) != null) {
if (!line.startsWith("//")) {
final ConditionalPermissionInfo cpi = conditionalPermissionAdmin.newConditionalPermissionInfo(line);
final String cpiName = cpi.getName();
if (cpiNames.contains(cpiName)) {
throw new RuntimeException("Redundant policy name!");
}
cpiNames.add(cpiName);
conditionalPermissionInfos.add(cpi);
}
}
reader.close();
permissionUpdate.commit();
} finally {
bundleContext.ungetService(cpaRef);
}
}
Also used :
ConditionalPermissionAdmin(org.osgi.service.condpermadmin.ConditionalPermissionAdmin)
ConditionalPermissionInfo(org.osgi.service.condpermadmin.ConditionalPermissionInfo)
BufferedReader(java.io.BufferedReader)
ArrayList(java.util.ArrayList)
LinkedList(java.util.LinkedList)
List(java.util.List)
FileReader(java.io.FileReader)
ConditionalPermissionUpdate(org.osgi.service.condpermadmin.ConditionalPermissionUpdate)
ServiceReference(org.osgi.framework.ServiceReference)
HashSet(java.util.HashSet)
Example 5 with ConditionalPermissionUpdate
use of org.osgi.service.condpermadmin.ConditionalPermissionUpdate in project aries by apache.
the class ScopeSecurityTest method testScopeSecurityWithServiceShared.
// @Test
public void testScopeSecurityWithServiceShared() throws Exception {
SecurityManager security = System.getSecurityManager();
assertNotNull("Security manager should not be null", security);
Bundle[] bundles = bundleContext.getBundles();
for (Bundle b : bundles) {
// set up condition permission for scope
if (b.getSymbolicName().indexOf("subsystem.scope.impl") > -1) {
ServiceReference permRef = bundleContext.getServiceReference(ConditionalPermissionAdmin.class.getName());
ConditionalPermissionAdmin permAdmin = (ConditionalPermissionAdmin) bundleContext.getService(permRef);
ConditionalPermissionUpdate update = permAdmin.newConditionalPermissionUpdate();
List<ConditionalPermissionInfo> infos = update.getConditionalPermissionInfos();
// infos.clear();
// set up the conditionInfo
ConditionInfo[] conditionInfo = new ConditionInfo[] { new ConditionInfo("org.osgi.service.condpermadmin.BundleLocationCondition", new String[] { b.getLocation() }) };
// Set up permissions which are common to all applications
infos.add(permAdmin.newConditionalPermissionInfo(null, conditionInfo, adminAllowInfo, "allow"));
update.commit();
}
}
ScopeUpdate su = scope.newScopeUpdate();
ScopeUpdate childScopeUpdate = su.newChild("scope_test1");
Map<String, List<SharePolicy>> sharePolicies = childScopeUpdate.getSharePolicies(SharePolicy.TYPE_EXPORT);
final Filter filter1 = FrameworkUtil.createFilter("(&" + "(osgi.package=org.apache.aries.subsystem.example.helloIsolation)" + ")");
final Filter filter2 = FrameworkUtil.createFilter("(&" + "(osgi.service=org.apache.aries.subsystem.example.helloIsolation.HelloIsolation)" + ")");
List<SharePolicy> packagePolicies = sharePolicies.get(BundleRevision.PACKAGE_NAMESPACE);
if (packagePolicies == null) {
packagePolicies = new ArrayList<SharePolicy>();
sharePolicies.put(BundleRevision.PACKAGE_NAMESPACE, packagePolicies);
}
packagePolicies.add(new SharePolicy(SharePolicy.TYPE_EXPORT, BundleRevision.PACKAGE_NAMESPACE, filter1));
List<SharePolicy> servicePolicies = sharePolicies.get("scope.share.service");
if (servicePolicies == null) {
servicePolicies = new ArrayList<SharePolicy>();
sharePolicies.put("scope.share.service", servicePolicies);
}
servicePolicies.add(new SharePolicy(SharePolicy.TYPE_EXPORT, "scope.share.service", filter2));
// build up installInfo object for the scope
InstallInfo info1 = new InstallInfo("helloIsolation", new URL("mvn:org.apache.aries.subsystem.example/org.apache.aries.subsystem.example.helloIsolation/0.4-SNAPSHOT"));
InstallInfo info2 = new InstallInfo("helloIsolationRef", new URL("mvn:org.apache.aries.subsystem.example/org.apache.aries.subsystem.example.helloIsolationRef/0.4-SNAPSHOT"));
List<InstallInfo> bundlesToInstall = childScopeUpdate.getBundlesToInstall();
bundlesToInstall.add(info1);
bundlesToInstall.add(info2);
// add bundles to be installed, based on subsystem content
su.commit();
// start all bundles in the scope scope_test1
Collection<Bundle> bundlesToStart = childScopeUpdate.getBundles();
for (Bundle b : bundlesToStart) {
b.start();
}
try {
ServiceReference sr = bundleContext.getServiceReference("org.apache.aries.subsystem.example.helloIsolation.HelloIsolation");
fail("should not be able to get the sr for HelloIsolation service");
} catch (Exception ex) {
// expected
} catch (Error er) {
// expected
}
// test bundle find hooks
bundles = bundleContext.getBundles();
for (Bundle b : bundles) {
System.out.println("Bundle is " + b.getBundleId() + ": " + b.getSymbolicName());
if (b.getSymbolicName().indexOf("org.apache.aries.subsystem.example.helloIsolation") > -1) {
fail("bundles with name starts with org.apache.aries.subsystem.example.helloIsolation should be in a different scope");
}
}
// test bundle service find hook
// ServiceReference sr = bundleContext.getServiceReference(HelloIsolation.class.getName());
// assertNull("sr should be null", sr);
Collection<Scope> children = scope.getChildren();
assertEquals(1, children.size());
for (Scope child : children) {
if (child.getName().equals("scope_test1")) {
Collection<Bundle> buns = child.getBundles();
assertEquals(2, buns.size());
assertEquals(0, child.getChildren().size());
BundleContext childScopebundleContext = null;
for (Bundle b : buns) {
assertTrue(b.getSymbolicName().indexOf("org.apache.aries.subsystem.example.helloIsolation") > -1);
if (b.getSymbolicName().indexOf("org.apache.aries.subsystem.example.helloIsolationRef") > -1) {
childScopebundleContext = b.getBundleContext();
}
}
assertNotNull(childScopebundleContext);
ServiceReference sr = childScopebundleContext.getServiceReference("org.apache.aries.subsystem.example.helloIsolation.HelloIsolation");
assertNotNull("sr is not null", sr);
System.out.println("got the sr, go get service next");
HelloIsolation hi = (HelloIsolation) childScopebundleContext.getService(sr);
hi.hello();
Permission permission = new PackagePermission("*", PackagePermission.IMPORT);
hi.checkPermission(permission);
}
}
// install a test bundle in the root scope
URL url = new URL("mvn:org.apache.felix/org.apache.felix.fileinstall/2.0.8");
bundleContext.installBundle("org.apache.felix.fileinstall-rootScope", url.openStream());
// remove child scope
su = scope.newScopeUpdate();
Collection<ScopeUpdate> scopes = su.getChildren();
// obtain child scope admin from service registry
// String filter = "ScopeName=scope_test1";
Scope childScopeAdmin = childScopeUpdate.getScope();
assertEquals(scope, childScopeAdmin.getParent());
scopes.remove(childScopeUpdate);
su.commit();
assertFalse(scope.getChildren().contains(childScopeAdmin));
su = scope.newScopeUpdate();
assertFalse(su.getChildren().contains(childScopeUpdate));
// childScopeAdmin = null;
// try {
// childScopeAdmin = getOsgiService(Scope.class, filter, DEFAULT_TIMEOUT);
// } catch (Exception ex) {
// // ignore
// }
// assertNull("scope admin service for the scope should be unregistered", childScopeAdmin);
}
Also used :
SharePolicy(org.apache.aries.subsystem.scope.SharePolicy)
URL(java.net.URL)
HelloIsolation(org.apache.aries.subsystem.example.helloIsolation.HelloIsolation)
ConditionalPermissionInfo(org.osgi.service.condpermadmin.ConditionalPermissionInfo)
PackagePermission(org.osgi.framework.PackagePermission)
Permission(java.security.Permission)
ArrayList(java.util.ArrayList)
List(java.util.List)
ConditionalPermissionUpdate(org.osgi.service.condpermadmin.ConditionalPermissionUpdate)
ConditionInfo(org.osgi.service.condpermadmin.ConditionInfo)
ConditionalPermissionAdmin(org.osgi.service.condpermadmin.ConditionalPermissionAdmin)
InstallInfo(org.apache.aries.subsystem.scope.InstallInfo)
Bundle(org.osgi.framework.Bundle)
CoreOptions.mavenBundle(org.ops4j.pax.exam.CoreOptions.mavenBundle)
ScopeUpdate(org.apache.aries.subsystem.scope.ScopeUpdate)
PackagePermission(org.osgi.framework.PackagePermission)
ServiceReference(org.osgi.framework.ServiceReference)
Scope(org.apache.aries.subsystem.scope.Scope)
Filter(org.osgi.framework.Filter)
BundleContext(org.osgi.framework.BundleContext)
Aggregations
ArrayList (java.util.ArrayList)5
ConditionalPermissionUpdate (org.osgi.service.condpermadmin.ConditionalPermissionUpdate)5
ConditionalPermissionInfo (org.osgi.service.condpermadmin.ConditionalPermissionInfo)4
List (java.util.List)3
ParsedPolicy (net.sourceforge.prograde.policyparser.ParsedPolicy)2
ParsedPolicyEntry (net.sourceforge.prograde.policyparser.ParsedPolicyEntry)2
Parser (net.sourceforge.prograde.policyparser.Parser)2
ServiceReference (org.osgi.framework.ServiceReference)2
ConditionInfo (org.osgi.service.condpermadmin.ConditionInfo)2
ConditionalPermissionAdmin (org.osgi.service.condpermadmin.ConditionalPermissionAdmin)2
BufferedReader (java.io.BufferedReader)1
File (java.io.File)1
FileReader (java.io.FileReader)1
StringReader (java.io.StringReader)1
URL (java.net.URL)1
Permission (java.security.Permission)1
HashSet (java.util.HashSet)1
Iterator (java.util.Iterator)1
LinkedList (java.util.LinkedList)1
Priority (net.sourceforge.prograde.type.Priority)1
