We need to have a way to still maintain a notion of default permissions in case that there is a condpermadmin present and no permissions have been set yet. This follows the way it is currently done in other frameworks and just uses the default permisssions of the permissionadmin in case there are no conditionpermission tuples present. This might change when the spec is clarified.
git-svn-id: https://svn.apache.org/repos/asf/felix/trunk@638949 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/framework/security/src/main/java/org/apache/felix/framework/SecurityProviderImpl.java b/framework/security/src/main/java/org/apache/felix/framework/SecurityProviderImpl.java
index 6c0a482..bb31fff 100644
--- a/framework/security/src/main/java/org/apache/felix/framework/SecurityProviderImpl.java
+++ b/framework/security/src/main/java/org/apache/felix/framework/SecurityProviderImpl.java
@@ -100,6 +100,7 @@
return true;
}
+ // System.out.println(info.getBundleId() + " - " + permission);
// TODO: using true, false, or null seems a bit awkward. Improve this.
Boolean result = null;
if (m_pai != null)
@@ -122,7 +123,7 @@
info.getCurrentModule().getContentLoader(),
bundle.getBundleId() + "-" +
info.getArchive().getLastModified(),null, pd,
- permission, direct);
+ permission, direct, m_pai);
}
catch (Exception e)
{
diff --git a/framework/security/src/main/java/org/apache/felix/framework/security/condpermadmin/ConditionalPermissionAdminImpl.java b/framework/security/src/main/java/org/apache/felix/framework/security/condpermadmin/ConditionalPermissionAdminImpl.java
index f1f3264..d5c5ed2 100644
--- a/framework/security/src/main/java/org/apache/felix/framework/security/condpermadmin/ConditionalPermissionAdminImpl.java
+++ b/framework/security/src/main/java/org/apache/felix/framework/security/condpermadmin/ConditionalPermissionAdminImpl.java
@@ -163,7 +163,7 @@
public boolean implies(Permission permission)
{
return hasPermission(null, null, null, finalSigners,
- this, permission, true);
+ this, permission, true, null);
}
} };
}
@@ -305,7 +305,7 @@
*/
public boolean hasPermission(Bundle felixBundle, IContentLoader loader, String root,
String[] signers, ProtectionDomain pd, Permission permission,
- boolean direct)
+ boolean direct, Object admin)
{
// System.out.println(felixBundle + "-" + permission);
List domains = null;
@@ -331,7 +331,7 @@
if (entry == null)
{
entry =
- new Object[] { new ArrayList(DomainGripper.grep()),
+ new Object[] { new ArrayList(DomainGripper.grab()),
new ArrayList() };
}
else
@@ -359,7 +359,7 @@
List posts = new ArrayList();
- boolean result = eval(posts, felixBundle, signers, permission);
+ boolean result = eval(posts, felixBundle, signers, permission, admin);
if (signers != null)
{
@@ -395,19 +395,27 @@
return result;
}
+ public boolean isEmpty()
+ {
+ synchronized (m_condPermInfos)
+ {
+ return m_condPermInfos.isEmpty();
+ }
+ }
+
// we need to find all conditions that apply and then check whether they
// de note the permission in question unless the conditions are postponed
// then we make sure their permissions imply the permission and add them
// to the list of posts. Return true in case we pass or have posts
// else falls and clear the posts first.
private boolean eval(List posts, Bundle bundle, String[] signers,
- Permission permission)
+ Permission permission, Object admin)
{
List condPermInfos = null;
synchronized (m_condPermInfos)
{
- if (m_condPermInfos.isEmpty())
+ if (isEmpty() && (admin == null))
{
return true;
}
diff --git a/framework/security/src/main/java/org/apache/felix/framework/security/condpermadmin/DomainGripper.java b/framework/security/src/main/java/org/apache/felix/framework/security/condpermadmin/DomainGripper.java
index a7aee58..ed0dd0c 100644
--- a/framework/security/src/main/java/org/apache/felix/framework/security/condpermadmin/DomainGripper.java
+++ b/framework/security/src/main/java/org/apache/felix/framework/security/condpermadmin/DomainGripper.java
@@ -87,7 +87,7 @@
* Get the current bundle protection domains on the stack up to the last
* privileged call.
*/
- public static List grep()
+ public static List grab()
{
// First try to get a cached version. We cache by thread.
DomainGripper gripper = (DomainGripper) m_cache.get();
diff --git a/framework/security/src/main/java/org/apache/felix/framework/security/permissionadmin/PermissionAdminImpl.java b/framework/security/src/main/java/org/apache/felix/framework/security/permissionadmin/PermissionAdminImpl.java
index 3bb2a1a..5052f98 100644
--- a/framework/security/src/main/java/org/apache/felix/framework/security/permissionadmin/PermissionAdminImpl.java
+++ b/framework/security/src/main/java/org/apache/felix/framework/security/permissionadmin/PermissionAdminImpl.java
@@ -132,7 +132,7 @@
permissions = (PermissionInfo[]) m_store.get(location);
file = true;
}
- else if (cpai == null)
+ else if ((cpai == null) || (cpai.isEmpty()))
{
if (m_default != null)
{
@@ -144,7 +144,7 @@
}
}
}
- if ((cpai == null) || file)
+ if ((cpai == null) || cpai.isEmpty() || file)
{
if (check(permissions, permission, file ? bundle : null))
{
diff --git a/framework/security/src/main/java/org/apache/felix/framework/security/util/Permissions.java b/framework/security/src/main/java/org/apache/felix/framework/security/util/Permissions.java
index 2e93d61..2b359dc 100644
--- a/framework/security/src/main/java/org/apache/felix/framework/security/util/Permissions.java
+++ b/framework/security/src/main/java/org/apache/felix/framework/security/util/Permissions.java
@@ -278,8 +278,7 @@
break;
}
name =
- (new File(context.getDataFile(""), name))
- .getAbsolutePath();
+ m_action.getAbsolutePath(new File(context.getDataFile(""), name));
}
if (postfix.length() > 0)
{