commit 622519c79176bcb7927ddc90c0fde343a8330d52
author Richard S. Hall <rickhall@apache.org> Mon Mar 14 21:31:50 2011 +0000
committer Richard S. Hall <rickhall@apache.org> Mon Mar 14 21:31:50 2011 +0000
tree 19c1e75704fae5cd208dfa44bd9b8db8daed5427
parent 533b4ac70ab26eb2247e6568308665a4f80ff94a

Need to perform security check for fragments and hosts. (FELIX-2858)


git-svn-id: https://svn.apache.org/repos/asf/felix/trunk@1081571 13f79535-47bb-0310-9956-ffa450edef68

framework/src/main/java/org/apache/felix/framework/ResolverStateImpl.java

diff --git a/framework/src/main/java/org/apache/felix/framework/ResolverStateImpl.java b/framework/src/main/java/org/apache/felix/framework/ResolverStateImpl.java
index a81d33d..f9937b0 100644
--- a/framework/src/main/java/org/apache/felix/framework/ResolverStateImpl.java
+++ b/framework/src/main/java/org/apache/felix/framework/ResolverStateImpl.java
@@ -205,8 +205,21 @@
                     {
                         continue;
                     }
+                    else if (req.getNamespace().equals(Capability.HOST_NAMESPACE) &&
+                        (!((BundleProtectionDomain) req.getModule().getSecurityContext())
+                            .impliesDirect(new BundlePermission(
+                                req.getModule().getSymbolicName(),
+                                BundlePermission.FRAGMENT))
+                        || !((BundleProtectionDomain) cap.getModule().getSecurityContext())
+                            .impliesDirect(new BundlePermission(
+                                cap.getModule().getSymbolicName(),
+                                BundlePermission.HOST))))
+                    {
+                        continue;
+                    }
                 }
-                else if (req.getNamespace().equals(Capability.HOST_NAMESPACE)
+
+                if (req.getNamespace().equals(Capability.HOST_NAMESPACE)
                     && cap.getModule().isResolved())
                 {
                     continue;