Implement the security checks and clean-up the left-overs.
Now we are free to start switching to protection domains.
Then we need to get signed bundles working. (FELIX-21)
git-svn-id: https://svn.apache.org/repos/asf/incubator/felix/trunk@424253 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/org.apache.felix.framework/src/main/java/org/apache/felix/framework/BundleContextImpl.java b/org.apache.felix.framework/src/main/java/org/apache/felix/framework/BundleContextImpl.java
index 393def6..cdae189 100644
--- a/org.apache.felix.framework/src/main/java/org/apache/felix/framework/BundleContextImpl.java
+++ b/org.apache.felix.framework/src/main/java/org/apache/felix/framework/BundleContextImpl.java
@@ -18,7 +18,9 @@
import java.io.File;
import java.io.InputStream;
+import java.util.ArrayList;
import java.util.Dictionary;
+import java.util.List;
import org.apache.felix.framework.ext.FelixBundleContext;
import org.osgi.framework.*;
@@ -64,6 +66,22 @@
{
checkValidity();
+ Object sm = System.getSecurityManager();
+
+ if (sm != null)
+ {
+ if (!(Constants.FRAMEWORK_VERSION.equals(name) ||
+ Constants.FRAMEWORK_VENDOR.equals(name) ||
+ Constants.FRAMEWORK_LANGUAGE.equals(name)||
+ Constants.FRAMEWORK_OS_NAME.equals(name) ||
+ Constants.FRAMEWORK_OS_VERSION.equals(name) ||
+ Constants.FRAMEWORK_PROCESSOR.equals(name)))
+ {
+ ((SecurityManager) sm).checkPermission(
+ new java.util.PropertyPermission(name, "read"));
+ }
+ }
+
return m_felix.getProperty(name);
}
@@ -93,7 +111,24 @@
{
checkValidity();
- return m_felix.installBundle(location, is);
+ Bundle result = null;
+
+ Object sm = System.getSecurityManager();
+
+ if (sm != null)
+ {
+ result = m_felix.installBundle(location, is);
+ // Do check the bundle again in case that is was installed
+ // already.
+ ((SecurityManager) sm).checkPermission(
+ new AdminPermission(result, AdminPermission.LIFECYCLE));
+ }
+ else
+ {
+ result = m_felix.installBundle(location, is);
+ }
+
+ return result;
}
public Bundle getBundle(long id)
@@ -114,6 +149,17 @@
{
checkValidity();
+ Object sm = System.getSecurityManager();
+
+ if (sm != null)
+ {
+ if(l instanceof SynchronousBundleListener)
+ {
+ ((SecurityManager) sm).checkPermission(new AdminPermission(m_bundle,
+ AdminPermission.LISTENER));
+ }
+ }
+
m_felix.addBundleListener(m_bundle, l);
}
@@ -121,6 +167,17 @@
{
checkValidity();
+ Object sm = System.getSecurityManager();
+
+ if (sm != null)
+ {
+ if(l instanceof SynchronousBundleListener)
+ {
+ ((SecurityManager) sm).checkPermission(new AdminPermission(m_bundle,
+ AdminPermission.LISTENER));
+ }
+ }
+
m_felix.removeBundleListener(m_bundle, l);
}
@@ -176,6 +233,20 @@
{
checkValidity();
+ Object sm = System.getSecurityManager();
+
+ if (sm != null)
+ {
+ if (clazzes != null)
+ {
+ for (int i = 0;i < clazzes.length;i++)
+ {
+ ((SecurityManager) sm).checkPermission(
+ new ServicePermission(clazzes[i], ServicePermission.REGISTER));
+ }
+ }
+ }
+
return m_felix.registerService(m_bundle, clazzes, svcObj, dict);
}
@@ -284,7 +355,58 @@
checkValidity();
// TODO: Implement BundleContext.getAllServiceReferences()
- return null;
+ Object sm = System.getSecurityManager();
+
+ if (sm != null)
+ {
+ ServiceReference[] refs = null;
+
+ if (refs == null)
+ {
+ return refs;
+ }
+
+ List result = new ArrayList();
+
+ for (int i = 0;i < refs.length;i++)
+ {
+ String[] objectClass = (String[]) refs[i].getProperty(
+ Constants.OBJECTCLASS);
+
+ if (objectClass == null)
+ {
+ continue;
+ }
+
+ for (int j = 0;j < objectClass.length;j++)
+ {
+ try
+ {
+ ((SecurityManager) sm).checkPermission(new ServicePermission(
+ objectClass[j], ServicePermission.GET));
+
+ result.add(refs[i]);
+
+ break;
+ }
+ catch (Exception e)
+ {
+
+ }
+ }
+ }
+
+ if (result.isEmpty())
+ {
+ return null;
+ }
+
+ return (ServiceReference[]) result.toArray(new ServiceReference[result.size()]);
+ }
+ else
+ {
+ return null;
+ }
}
public ServiceReference[] getServiceReferences(String clazz, String filter)
@@ -292,7 +414,58 @@
{
checkValidity();
- return m_felix.getServiceReferences(m_bundle, clazz, filter);
+ Object sm = System.getSecurityManager();
+
+ if (sm != null)
+ {
+ ServiceReference[] refs = m_felix.getServiceReferences(m_bundle, clazz, filter);
+
+ if (refs == null)
+ {
+ return refs;
+ }
+
+ List result = new ArrayList();
+
+ for (int i = 0;i < refs.length;i++)
+ {
+ String[] objectClass = (String[]) refs[i].getProperty(
+ Constants.OBJECTCLASS);
+
+ if (objectClass == null)
+ {
+ continue;
+ }
+
+ for (int j = 0;j < objectClass.length;j++)
+ {
+ try
+ {
+ ((SecurityManager) sm).checkPermission(new ServicePermission(
+ objectClass[j], ServicePermission.GET));
+
+ result.add(refs[i]);
+
+ break;
+ }
+ catch (Exception e)
+ {
+
+ }
+ }
+ }
+
+ if (result.isEmpty())
+ {
+ return null;
+ }
+
+ return (ServiceReference[]) result.toArray(new ServiceReference[result.size()]);
+ }
+ else
+ {
+ return m_felix.getServiceReferences(m_bundle, clazz, filter);
+ }
}
public Object getService(ServiceReference ref)
@@ -303,6 +476,41 @@
{
throw new NullPointerException("Specified service reference cannot be null.");
}
+
+ Object sm = System.getSecurityManager();
+
+ if (sm != null)
+ {
+ String[] objectClass = (String[]) ref.getProperty(Constants.OBJECTCLASS);
+
+ if (objectClass == null)
+ {
+ return null;
+ }
+
+ boolean hasPermission = false;
+
+ for (int i = 0;(i < objectClass.length) && !hasPermission;i++)
+ {
+ try
+ {
+ ((SecurityManager) sm).checkPermission(
+ new ServicePermission(objectClass[i], ServicePermission.GET));
+
+ hasPermission = true;
+ }
+ catch (Exception ex)
+ {
+
+ }
+ }
+
+ if (!hasPermission)
+ {
+ throw new SecurityException("No permission");
+ }
+ }
+
return m_felix.getService(m_bundle, ref);
}
diff --git a/org.apache.felix.framework/src/main/java/org/apache/felix/framework/BundleImpl.java b/org.apache.felix.framework/src/main/java/org/apache/felix/framework/BundleImpl.java
index 8e83861..09e1d9e 100644
--- a/org.apache.felix.framework/src/main/java/org/apache/felix/framework/BundleImpl.java
+++ b/org.apache.felix.framework/src/main/java/org/apache/felix/framework/BundleImpl.java
@@ -19,8 +19,10 @@
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
+import java.util.ArrayList;
import java.util.Dictionary;
import java.util.Enumeration;
+import java.util.List;
import org.osgi.framework.*;
@@ -73,21 +75,73 @@
public URL getEntry(String name)
{
+ Object sm = System.getSecurityManager();
+
+ if (sm != null)
+ {
+ try
+ {
+ ((SecurityManager) sm).checkPermission(new AdminPermission(this,
+ AdminPermission.RESOURCE));
+ }
+ catch (Exception e)
+ {
+ return null; // No permission
+ }
+ }
+
return m_felix.getBundleEntry(this, name);
}
public Enumeration getEntryPaths(String path)
{
+ Object sm = System.getSecurityManager();
+
+ if (sm != null)
+ {
+ try
+ {
+ ((SecurityManager) sm).checkPermission(new AdminPermission(this,
+ AdminPermission.RESOURCE));
+ }
+ catch (Exception e)
+ {
+ return null; // No permission
+ }
+ }
+
return m_felix.getBundleEntryPaths(this, path);
}
public Enumeration findEntries(String path, String filePattern, boolean recurse)
{
+ Object sm = System.getSecurityManager();
+
+ if (sm != null)
+ {
+ try
+ {
+ ((SecurityManager) sm).checkPermission(new AdminPermission(this,
+ AdminPermission.RESOURCE));
+ }
+ catch (Exception e)
+ {
+ return null; // No permission
+ }
+ }
+
return m_felix.findBundleEntries(this, path, filePattern, recurse);
}
public Dictionary getHeaders()
{
+ Object sm = System.getSecurityManager();
+
+ if (sm != null)
+ {
+ ((SecurityManager) sm).checkPermission(new AdminPermission(this,
+ AdminPermission.METADATA));
+ }
return m_felix.getBundleHeaders(this);
}
@@ -98,6 +152,13 @@
public String getLocation()
{
+ Object sm = System.getSecurityManager();
+
+ if (sm != null)
+ {
+ ((SecurityManager) sm).checkPermission(new AdminPermission(this,
+ AdminPermission.METADATA));
+ }
return m_felix.getBundleLocation(this);
}
@@ -119,11 +180,111 @@
**/
public ServiceReference[] getRegisteredServices()
{
- return m_felix.getBundleRegisteredServices(this);
+ Object sm = System.getSecurityManager();
+
+ if (sm != null)
+ {
+ ServiceReference[] refs = m_felix.getBundleRegisteredServices(this);
+
+ if (refs == null)
+ {
+ return refs;
+ }
+
+ List result = new ArrayList();
+
+ for (int i = 0;i < refs.length;i++)
+ {
+ String[] objectClass = (String[]) refs[i].getProperty(
+ Constants.OBJECTCLASS);
+
+ if (objectClass == null)
+ {
+ continue;
+ }
+
+ for (int j = 0;j < objectClass.length;j++)
+ {
+ try
+ {
+ ((SecurityManager) sm).checkPermission(new ServicePermission(
+ objectClass[j], ServicePermission.GET));
+
+ result.add(refs[i]);
+
+ break;
+ }
+ catch (Exception e)
+ {
+
+ }
+ }
+ }
+
+ if (result.isEmpty())
+ {
+ return null;
+ }
+
+ return (ServiceReference[]) result.toArray(new ServiceReference[result.size()]);
+ }
+ else
+ {
+ return m_felix.getBundleRegisteredServices(this);
+ }
}
public ServiceReference[] getServicesInUse()
{
+ Object sm = System.getSecurityManager();
+
+ if (sm != null)
+ {
+ ServiceReference[] refs = m_felix.getBundleServicesInUse(this);
+
+ if (refs == null)
+ {
+ return refs;
+ }
+
+ List result = new ArrayList();
+
+ for (int i = 0;i < refs.length;i++)
+ {
+ String[] objectClass = (String[]) refs[i].getProperty(
+ Constants.OBJECTCLASS);
+
+ if (objectClass == null)
+ {
+ continue;
+ }
+
+ for (int j = 0;j < objectClass.length;j++)
+ {
+ try
+ {
+ ((SecurityManager) sm).checkPermission(new ServicePermission(
+ objectClass[j], ServicePermission.GET));
+
+ result.add(refs[i]);
+
+ break;
+ }
+ catch (Exception e)
+ {
+
+ }
+ }
+ }
+
+ if (result.isEmpty())
+ {
+ return null;
+ }
+
+ return (ServiceReference[]) result.toArray(new ServiceReference[result.size()]);
+ }
+
return m_felix.getBundleServicesInUse(this);
}
@@ -134,7 +295,8 @@
public String getSymbolicName()
{
- return (String) getHeaders().get(Constants.BUNDLE_SYMBOLICNAME);
+ return (String) m_felix.getBundleHeaders(this).get(
+ Constants.BUNDLE_SYMBOLICNAME);
}
public boolean hasPermission(Object obj)
@@ -144,11 +306,34 @@
public Class loadClass(String name) throws ClassNotFoundException
{
+ Object sm = System.getSecurityManager();
+
+ if (sm != null)
+ {
+ try
+ {
+ ((SecurityManager) sm).checkPermission(new AdminPermission(this,
+ AdminPermission.CLASS));
+ }
+ catch (Exception e)
+ {
+ throw new ClassNotFoundException("No permission.", e);
+ }
+ }
+
return m_felix.loadBundleClass(this, name);
}
public void start() throws BundleException
{
+ Object sm = System.getSecurityManager();
+
+ if (sm != null)
+ {
+ ((SecurityManager) sm).checkPermission(new AdminPermission(this,
+ AdminPermission.EXECUTE));
+ }
+
m_felix.startBundle(this, true);
}
@@ -159,16 +344,40 @@
public void update(InputStream is) throws BundleException
{
+ Object sm = System.getSecurityManager();
+
+ if (sm != null)
+ {
+ ((SecurityManager) sm).checkPermission(new AdminPermission(this,
+ AdminPermission.LIFECYCLE));
+ }
+
m_felix.updateBundle(this, is);
}
public void stop() throws BundleException
{
+ Object sm = System.getSecurityManager();
+
+ if (sm != null)
+ {
+ ((SecurityManager) sm).checkPermission(new AdminPermission(this,
+ AdminPermission.EXECUTE));
+ }
+
m_felix.stopBundle(this, true);
}
public void uninstall() throws BundleException
{
+ Object sm = System.getSecurityManager();
+
+ if (sm != null)
+ {
+ ((SecurityManager) sm).checkPermission(new AdminPermission(this,
+ AdminPermission.LIFECYCLE));
+ }
+
m_felix.uninstallBundle(this);
}
@@ -184,13 +393,36 @@
public Dictionary getHeaders(String locale)
{
// TODO: Implement Bundle.getHeaders(String locale)
- // Should be done after [#FELIX-27] resolution
+ // Should be done after [#FELIX-27] resolution
+ Object sm = System.getSecurityManager();
+
+ if (sm != null)
+ {
+ ((SecurityManager) sm).checkPermission(new AdminPermission(this,
+ AdminPermission.METADATA));
+ }
+
return null;
}
public Enumeration getResources(String name) throws IOException
{
// TODO: Implement Bundle.getResources()
+ Object sm = System.getSecurityManager();
+
+ if (sm != null)
+ {
+ try
+ {
+ ((SecurityManager) sm).checkPermission(new AdminPermission(this,
+ AdminPermission.RESOURCE));
+ }
+ catch (Exception e)
+ {
+ return null; // No permission
+ }
+ }
+
return null;
}
diff --git a/org.apache.felix.framework/src/main/java/org/apache/felix/framework/Felix.java b/org.apache.felix.framework/src/main/java/org/apache/felix/framework/Felix.java
index 42ed90c..f371004 100644
--- a/org.apache.felix.framework/src/main/java/org/apache/felix/framework/Felix.java
+++ b/org.apache.felix.framework/src/main/java/org/apache/felix/framework/Felix.java
@@ -18,10 +18,7 @@
import java.io.*;
import java.net.*;
-import java.security.AccessController;
-import java.security.PrivilegedActionException;
import java.util.*;
-import java.util.zip.ZipEntry;
import org.apache.felix.framework.cache.*;
import org.apache.felix.framework.searchpolicy.*;
@@ -101,10 +98,6 @@
// Reusable bundle URL stream handler.
private URLStreamHandler m_bundleStreamHandler = null;
- // Reusable admin permission object for all instances
- // of the BundleImpl.
- private static AdminPermission m_adminPerm = new AdminPermission();
-
/**
* <p>
* This method starts the framework instance; instances of the framework
@@ -252,7 +245,23 @@
? false : embedded.equals("true");
if (!isEmbedded)
{
- System.exit(-1);
+ if (System.getSecurityManager() != null)
+ {
+ java.security.AccessController.doPrivileged(
+ new java.security.PrivilegedAction()
+ {
+ public Object run()
+ {
+ System.exit(-1);
+
+ return null;
+ }
+ });
+ }
+ else
+ {
+ System.exit(-1);
+ }
}
else
{
@@ -497,11 +506,6 @@
**/
public synchronized void shutdown()
{
- if (System.getSecurityManager() != null)
- {
- AccessController.checkPermission(m_adminPerm);
- }
-
// Change framework status from running to stopping.
// If framework is not running, then just return.
if (m_frameworkStatus != RUNNING_STATUS)
@@ -838,11 +842,6 @@
**/
protected void setInitialBundleStartLevel(int startLevel)
{
- if (System.getSecurityManager() != null)
- {
- AccessController.checkPermission(m_adminPerm);
- }
-
if (startLevel <= 0)
{
throw new IllegalArgumentException(
@@ -968,10 +967,6 @@
**/
protected Dictionary getBundleHeaders(BundleImpl bundle)
{
- if (System.getSecurityManager() != null)
- {
- AccessController.checkPermission(m_adminPerm);
- }
return new MapToDictionary(bundle.getInfo().getCurrentHeader());
}
@@ -980,10 +975,6 @@
**/
protected String getBundleLocation(BundleImpl bundle)
{
- if (System.getSecurityManager() != null)
- {
- AccessController.checkPermission(m_adminPerm);
- }
return bundle.getInfo().getLocation();
}
@@ -996,19 +987,6 @@
{
throw new IllegalStateException("The bundle is uninstalled.");
}
- else if (System.getSecurityManager() != null)
- {
- try
- {
- AccessController.checkPermission(
- new AdminPermission(bundle, AdminPermission.RESOURCE));
- }
- catch (SecurityException ex)
- {
- // Spec says to return null if there is a security exception.
- return null;
- }
- }
return bundle.getInfo().getCurrentModule().getResource(name);
}
@@ -1021,19 +999,6 @@
{
throw new IllegalStateException("The bundle is uninstalled.");
}
- else if (System.getSecurityManager() != null)
- {
- try
- {
- AccessController.checkPermission(
- new AdminPermission(bundle, AdminPermission.RESOURCE));
- }
- catch (SecurityException ex)
- {
- // Spec says to return null if there is a security exception.
- return null;
- }
- }
return ((ContentLoaderImpl) bundle.getInfo().getCurrentModule()
.getContentLoader()).getResourceFromContent(name);
}
@@ -1047,19 +1012,6 @@
{
throw new IllegalStateException("The bundle is uninstalled.");
}
- else if (System.getSecurityManager() != null)
- {
- try
- {
- AccessController.checkPermission(
- new AdminPermission(bundle, AdminPermission.RESOURCE));
- }
- catch (SecurityException ex)
- {
- // Spec says to return null if there is a security exception.
- return null;
- }
- }
// Get the entry enumeration from the module content and
// create a wrapper enumeration to filter it.
@@ -1075,7 +1027,6 @@
public Enumeration findBundleEntries(
BundleImpl bundle, String path, String filePattern, boolean recurse)
{
-
// Try to resolve the bundle per the spec.
resolveBundles(new Bundle[] { bundle });
@@ -1097,114 +1048,16 @@
// Filter list of registered service references.
ServiceReference[] refs = m_registry.getRegisteredServices(bundle);
- List list = new ArrayList();
- for (int refIdx = 0; (refs != null) && (refIdx < refs.length); refIdx++)
- {
- // Check that the current security context has permission
- // to get at least one of the service interfaces; the
- // objectClass property of the service stores its service
- // interfaces.
- boolean hasPermission = false;
- if (System.getSecurityManager() != null)
- {
- String[] objectClass = (String[])
- refs[refIdx].getProperty(Constants.OBJECTCLASS);
- if (objectClass == null)
- {
- return null;
- }
- for (int ifcIdx = 0;
- !hasPermission && (ifcIdx < objectClass.length);
- ifcIdx++)
- {
- try
- {
- ServicePermission perm =
- new ServicePermission(
- objectClass[ifcIdx], ServicePermission.GET);
- AccessController.checkPermission(perm);
- hasPermission = true;
- }
- catch (Exception ex)
- {
- }
- }
- }
- else
- {
- hasPermission = true;
- }
- if (hasPermission)
- {
- list.add(refs[refIdx]);
- }
- }
-
- if (list.size() > 0)
- {
- return (ServiceReference[])
- list.toArray(new ServiceReference[list.size()]);
- }
-
- return null;
+ return refs;
}
protected ServiceReference[] getBundleServicesInUse(Bundle bundle)
{
// Filter list of "in use" service references.
ServiceReference[] refs = m_registry.getServicesInUse(bundle);
- List list = new ArrayList();
- for (int refIdx = 0; (refs != null) && (refIdx < refs.length); refIdx++)
- {
- // Check that the current security context has permission
- // to get at least one of the service interfaces; the
- // objectClass property of the service stores its service
- // interfaces.
- boolean hasPermission = false;
- if (System.getSecurityManager() != null)
- {
- String[] objectClass = (String[])
- refs[refIdx].getProperty(Constants.OBJECTCLASS);
- if (objectClass == null)
- {
- return null;
- }
- for (int ifcIdx = 0;
- !hasPermission && (ifcIdx < objectClass.length);
- ifcIdx++)
- {
- try
- {
- ServicePermission perm =
- new ServicePermission(
- objectClass[ifcIdx], ServicePermission.GET);
- AccessController.checkPermission(perm);
- hasPermission = true;
- }
- catch (Exception ex)
- {
- }
- }
- }
- else
- {
- hasPermission = true;
- }
- if (hasPermission)
- {
- list.add(refs[refIdx]);
- }
- }
-
- if (list.size() > 0)
- {
- return (ServiceReference[])
- list.toArray(new ServiceReference[list.size()]);
- }
-
- return null;
+ return refs;
}
protected boolean bundleHasPermission(BundleImpl bundle, Object obj)
@@ -1266,11 +1119,6 @@
protected void startBundle(BundleImpl bundle, boolean record)
throws BundleException
{
- if (System.getSecurityManager() != null)
- {
- AccessController.checkPermission(m_adminPerm);
- }
-
// CONCURRENCY NOTE:
// Starting a bundle may actually impact many bundles, since
// the bundle being started my need to be resolved, which in
@@ -1360,9 +1208,9 @@
if (System.getSecurityManager() != null)
{
-// m_startStopPrivileged.setAction(StartStopPrivileged.START_ACTION);
-// m_startStopPrivileged.setBundle(bundle);
-// AccessController.doPrivileged(m_startStopPrivileged);
+ java.security.AccessController.doPrivileged(
+ new PrivilegedActivatorCall(PrivilegedActivatorCall.START,
+ info.getActivator(), info.getContext()));
}
else
{
@@ -1409,11 +1257,10 @@
{
throw (SecurityException) th;
}
- // Convert a privileged action exception to the
- // nested exception.
- else if (th instanceof PrivilegedActionException)
+ else if ((System.getSecurityManager() != null) &&
+ (th instanceof java.security.PrivilegedActionException))
{
- th = ((PrivilegedActionException) th).getException();
+ th = ((java.security.PrivilegedActionException) th).getException();
}
// Rethrow all other exceptions as a BundleException.
@@ -1438,23 +1285,25 @@
throw new BundleException("Cannot resolve, bad URL "
+ bundle.getInfo().getLocation());
}
-
-// try
-// {
-// AccessController.doPrivileged(new CheckImportsPrivileged(url, bundle));
-// }
-// catch (PrivilegedActionException ex)
-// {
-// Exception thrown = ((PrivilegedActionException) ex).getException();
-// if (thrown instanceof AccessControlException)
-// {
-// throw (AccessControlException) thrown;
-// }
-// else
-// {
-// throw new BundleException("Problem resolving: " + ex);
-// }
-// }
+
+ try
+ {
+ java.security.AccessController.doPrivileged(
+ new CheckImportsPrivileged(url, bundle));
+ }
+ catch (java.security.PrivilegedActionException ex)
+ {
+ Exception thrown =
+ ((java.security.PrivilegedActionException) ex).getException();
+ if (thrown instanceof SecurityException)
+ {
+ throw (SecurityException) thrown;
+ }
+ else
+ {
+ throw new BundleException("Problem resolving: " + ex);
+ }
+ }
}
IModule module = bundle.getInfo().getCurrentModule();
@@ -1483,11 +1332,6 @@
protected void updateBundle(BundleImpl bundle, InputStream is)
throws BundleException
{
- if (System.getSecurityManager() != null)
- {
- AccessController.checkPermission(m_adminPerm);
- }
-
// Acquire bundle lock.
acquireBundleLock(bundle);
@@ -1549,6 +1393,15 @@
info.getBundleId(),
archive.getRevisionCount() - 1,
info.getCurrentHeader());
+
+ Object sm = System.getSecurityManager();
+
+ if (sm != null)
+ {
+ ((SecurityManager) sm).checkPermission(
+ new AdminPermission(bundle, AdminPermission.LIFECYCLE));
+ }
+
// Add module to bundle info.
info.addModule(module);
}
@@ -1595,6 +1448,12 @@
// If update failed, rethrow exception.
if (rethrow != null)
{
+ if ((System.getSecurityManager() != null) &&
+ (rethrow instanceof SecurityException))
+ {
+ throw (SecurityException) rethrow;
+ }
+
throw new BundleException("Update failed.", rethrow);
}
}
@@ -1614,11 +1473,6 @@
protected void stopBundle(BundleImpl bundle, boolean record)
throws BundleException
{
- if (System.getSecurityManager() != null)
- {
- AccessController.checkPermission(m_adminPerm);
- }
-
// Acquire bundle lock.
acquireBundleLock(bundle);
@@ -1667,9 +1521,9 @@
{
if (System.getSecurityManager() != null)
{
-// m_startStopPrivileged.setAction(StartStopPrivileged.STOP_ACTION);
-// m_startStopPrivileged.setBundle(bundle);
-// AccessController.doPrivileged(m_startStopPrivileged);
+ java.security.AccessController.doPrivileged(
+ new PrivilegedActivatorCall(PrivilegedActivatorCall.STOP,
+ info.getActivator(), info.getContext()));
}
else
{
@@ -1735,9 +1589,10 @@
{
throw (SecurityException) rethrow;
}
- else if (rethrow instanceof PrivilegedActionException)
+ else if ((System.getSecurityManager() != null) &&
+ (rethrow instanceof java.security.PrivilegedActionException))
{
- rethrow = ((PrivilegedActionException) rethrow).getException();
+ rethrow = ((java.security.PrivilegedActionException) rethrow).getException();
}
// Rethrow all other exceptions as a BundleException.
@@ -1747,11 +1602,6 @@
protected void uninstallBundle(BundleImpl bundle) throws BundleException
{
- if (System.getSecurityManager() != null)
- {
- AccessController.checkPermission(m_adminPerm);
- }
-
// Acquire bundle lock.
acquireBundleLock(bundle);
@@ -1768,11 +1618,6 @@
private void _uninstallBundle(BundleImpl bundle) throws BundleException
{
- if (System.getSecurityManager() != null)
- {
- AccessController.checkPermission(m_adminPerm);
- }
-
BundleInfo info = bundle.getInfo();
if (info.getState() == Bundle.UNINSTALLED)
{
@@ -1854,11 +1699,6 @@
private Bundle installBundle(long id, String location, InputStream is)
throws BundleException
{
- if (System.getSecurityManager() != null)
- {
- AccessController.checkPermission(m_adminPerm);
- }
-
BundleImpl bundle = null;
// Acquire an install lock.
@@ -1940,6 +1780,14 @@
{
BundleArchive archive = m_cache.getArchive(id);
bundle = new BundleImpl(this, createBundleInfo(archive));
+
+ Object sm = System.getSecurityManager();
+
+ if (sm != null)
+ {
+ ((SecurityManager) sm).checkPermission(
+ new AdminPermission(bundle, AdminPermission.LIFECYCLE));
+ }
}
catch (Exception ex)
{
@@ -1958,6 +1806,13 @@
"Could not remove from cache.", ex1);
}
}
+
+ if ((System.getSecurityManager() != null) &&
+ (ex instanceof SecurityException))
+ {
+ throw (SecurityException) ex;
+ }
+
throw new BundleException("Could not create bundle object.", ex);
}
@@ -2252,17 +2107,6 @@
throw new IllegalArgumentException("Service object cannot be null.");
}
- // Check for permission to register all passed in interface names.
- if (System.getSecurityManager() != null)
- {
- for (int i = 0; i < classNames.length; i++)
- {
- ServicePermission perm = new ServicePermission(
- classNames[i], ServicePermission.REGISTER);
- AccessController.checkPermission(perm);
- }
- }
-
// Acquire bundle lock.
acquireBundleLock(bundle);
@@ -2345,47 +2189,6 @@
// Get the current service reference.
ServiceReference ref = (ServiceReference) refList.get(refIdx);
- // Get the service's objectClass property.
- String[] objectClass = (String[]) ref.getProperty(FelixConstants.OBJECTCLASS);
-
- // Boolean flag.
- boolean allow = false;
-
- // Filter the service reference if the requesting bundle
- // does not have permission.
- if (System.getSecurityManager() != null)
- {
- for (int classIdx = 0;
- !allow && (classIdx < objectClass.length);
- classIdx++)
- {
- try
- {
- ServicePermission perm = new ServicePermission(
- objectClass[classIdx], ServicePermission.GET);
- AccessController.checkPermission(perm);
- // The bundle only needs permission for one
- // of the service interfaces, so break out
- // of the loop when permission is granted.
- allow = true;
- }
- catch (Exception ex)
- {
- // We do not throw this exception since the bundle
- // is not supposed to know about the service at all
- // if it does not have permission.
- m_logger.log(Logger.LOG_ERROR, ex.getMessage());
- }
- }
-
- if (!allow)
- {
- refList.remove(refIdx);
- refIdx--;
- continue;
- }
- }
-
// Now check for castability.
if (!isServiceAssignable(bundle, ref))
{
@@ -2445,38 +2248,6 @@
return null;
}
- boolean hasPermission = false;
- if (System.getSecurityManager() != null)
- {
- for (int i = 0;
- !hasPermission && (i < objectClass.length);
- i++)
- {
- try
- {
- ServicePermission perm =
- new ServicePermission(
- objectClass[i], ServicePermission.GET);
- AccessController.checkPermission(perm);
- hasPermission = true;
- }
- catch (Exception ex)
- {
- }
- }
- }
- else
- {
- hasPermission = true;
- }
-
- // If the bundle does not permission to access the service,
- // then return null.
- if (!hasPermission)
- {
- return null;
- }
-
return m_registry.getService(bundle, ref);
}
@@ -2731,12 +2502,6 @@
protected boolean resolveBundles(Bundle[] targets)
{
- if (System.getSecurityManager() != null)
- {
-// TODO: FW SECURITY - Perform proper security check.
- AccessController.checkPermission(m_adminPerm);
- }
-
// Acquire locks for all bundles to be resolved.
BundleImpl[] bundles = acquireBundleResolveLocks(targets);
@@ -2775,12 +2540,6 @@
protected void refreshPackages(Bundle[] targets)
{
- if (System.getSecurityManager() != null)
- {
-// TODO: FW SECURITY - Perform proper security check.
- AccessController.checkPermission(m_adminPerm);
- }
-
// Acquire locks for all impacted bundles.
BundleImpl[] bundles = acquireBundleRefreshLocks(targets);
@@ -4126,4 +3885,100 @@
m_bundleLock.notifyAll();
}
}
+
+ private static class PrivilegedActivatorCall implements
+ java.security.PrivilegedExceptionAction
+ {
+ private static final int START = 1;
+ private static final int STOP = 2;
+ private int m_action;
+ private BundleActivator m_activator;
+ private BundleContext m_context;
+
+ PrivilegedActivatorCall(int action, BundleActivator activator, BundleContext context)
+ {
+ m_action = action;
+ m_activator = activator;
+ m_context = context;
+ }
+ public Object run() throws Exception
+ {
+ switch (m_action)
+ {
+ case START:
+ m_activator.start(m_context);
+ break;
+ case STOP:
+ m_activator.stop(m_context);
+ break;
+ default:
+ throw new IllegalStateException("Unknown activator action.");
+ }
+
+ return null;
+ }
+ }
+
+ /**
+ * This simple class is used to perform the privileged action of
+ * checking if a bundle has permission to import its packages.
+ **/
+ private class CheckImportsPrivileged implements java.security.PrivilegedExceptionAction
+ {
+ private URL m_url = null;
+ private BundleImpl m_bundle = null;
+
+ public CheckImportsPrivileged(URL url, BundleImpl bundle)
+ {
+ m_url = url;
+ m_bundle = bundle;
+ }
+
+ public Object run() throws Exception
+ {
+ // Get permission collection for code source; we cannot
+ // call AccessController.checkPermission() directly since
+ // the bundle's code is not on the access context yet because
+ // it has not started yet...we are simply resolving it to see
+ // if we can start it. We must check for import permission
+ // on the exports as well, since export implies import.
+ java.security.CodeSource cs = new java.security.CodeSource(m_url,
+ (java.security.cert.Certificate[]) null);
+
+ java.security.PermissionCollection pc =
+ java.security.Policy.getPolicy().getPermissions(cs);
+
+ R4Import[] imports = m_policyCore.getImports(
+ m_bundle.getInfo().getCurrentModule());
+
+ for (int i = 0;i < imports.length; i++)
+ {
+ PackagePermission perm = new PackagePermission(imports[i].getName(),
+ PackagePermission.IMPORT);
+ if (!pc.implies(perm))
+ {
+ throw new java.security.AccessControlException(
+ "PackagePermission.IMPORT denied for import: " +
+ imports[i].getName(), perm);
+ }
+ }
+ // Check export permission for all exports of the current module.
+ R4Export[] implicitImports = m_policyCore.getExports(
+ m_bundle.getInfo().getCurrentModule());
+
+ for (int i = 0;i < implicitImports.length; i++)
+ {
+ PackagePermission perm = new PackagePermission(
+ implicitImports[i].getName(), PackagePermission.EXPORT);
+ if (!pc.implies(perm))
+ {
+ throw new java.security.AccessControlException(
+ "PackagePermission.EXPORT denied for implicit export: " +
+ implicitImports[i].getName(), perm);
+ }
+ }
+
+ return null;
+ }
+ }
}
diff --git a/org.apache.felix.framework/src/main/java/org/apache/felix/framework/PackageAdminActivator.java b/org.apache.felix.framework/src/main/java/org/apache/felix/framework/PackageAdminActivator.java
index 46a9b7a..3cf1543 100644
--- a/org.apache.felix.framework/src/main/java/org/apache/felix/framework/PackageAdminActivator.java
+++ b/org.apache.felix.framework/src/main/java/org/apache/felix/framework/PackageAdminActivator.java
@@ -32,8 +32,7 @@
{
m_reg = context.registerService(
org.osgi.service.packageadmin.PackageAdmin.class.getName(),
- new PackageAdminImpl(m_felix),
- null);
+ new PackageAdminImpl(m_felix), null);
}
public void stop(BundleContext context) throws Exception
diff --git a/org.apache.felix.framework/src/main/java/org/apache/felix/framework/PackageAdminImpl.java b/org.apache.felix.framework/src/main/java/org/apache/felix/framework/PackageAdminImpl.java
index 250e429..f7c8013 100644
--- a/org.apache.felix.framework/src/main/java/org/apache/felix/framework/PackageAdminImpl.java
+++ b/org.apache.felix.framework/src/main/java/org/apache/felix/framework/PackageAdminImpl.java
@@ -26,10 +26,12 @@
{
private Felix m_felix = null;
private Bundle[][] m_reqBundles = null;
+ private Bundle m_systemBundle = null;
public PackageAdminImpl(Felix felix)
{
m_felix = felix;
+ m_systemBundle = m_felix.getBundle(0);
// Start a thread to perform asynchronous package refreshes.
Thread t = new Thread(this, "FelixPackageAdmin");
@@ -165,6 +167,14 @@
public synchronized void refreshPackages(Bundle[] bundles)
throws SecurityException
{
+ Object sm = System.getSecurityManager();
+
+ if (sm != null)
+ {
+ ((SecurityManager) sm).checkPermission(
+ new AdminPermission(m_systemBundle, AdminPermission.RESOLVE));
+ }
+
// Save our request parameters and notify all.
if (m_reqBundles == null)
{
@@ -234,6 +244,14 @@
public boolean resolveBundles(Bundle[] bundles)
{
+ Object sm = System.getSecurityManager();
+
+ if (sm != null)
+ {
+ ((SecurityManager) sm).checkPermission(
+ new AdminPermission(m_systemBundle, AdminPermission.RESOLVE));
+ }
+
return m_felix.resolveBundles(bundles);
}
diff --git a/org.apache.felix.framework/src/main/java/org/apache/felix/framework/StartLevelActivator.java b/org.apache.felix.framework/src/main/java/org/apache/felix/framework/StartLevelActivator.java
index fd30425..c903f6f 100644
--- a/org.apache.felix.framework/src/main/java/org/apache/felix/framework/StartLevelActivator.java
+++ b/org.apache.felix.framework/src/main/java/org/apache/felix/framework/StartLevelActivator.java
@@ -32,8 +32,7 @@
{
m_reg = context.registerService(
org.osgi.service.startlevel.StartLevel.class.getName(),
- new StartLevelImpl(m_felix),
- null);
+ new StartLevelImpl(m_felix), null);
}
public void stop(BundleContext context) throws Exception
diff --git a/org.apache.felix.framework/src/main/java/org/apache/felix/framework/StartLevelImpl.java b/org.apache.felix.framework/src/main/java/org/apache/felix/framework/StartLevelImpl.java
index 8bf012c..9785dfd 100644
--- a/org.apache.felix.framework/src/main/java/org/apache/felix/framework/StartLevelImpl.java
+++ b/org.apache.felix.framework/src/main/java/org/apache/felix/framework/StartLevelImpl.java
@@ -16,7 +16,6 @@
*/
package org.apache.felix.framework;
-import java.security.AccessController;
import java.util.ArrayList;
import java.util.List;
@@ -37,14 +36,13 @@
private Felix m_felix = null;
private List m_requestList = null;
- // Reusable admin permission.
- private static AdminPermission m_adminPerm = new AdminPermission();
+ private Bundle m_systemBundle = null;
public StartLevelImpl(Felix felix)
{
m_felix = felix;
m_requestList = new ArrayList();
-
+ m_systemBundle = m_felix.getBundle(0);
// Start a thread to perform asynchronous package refreshes.
Thread t = new Thread(this, "FelixStartLevel");
t.setDaemon(true);
@@ -64,15 +62,20 @@
**/
public void setStartLevel(int startlevel)
{
- if (System.getSecurityManager() != null)
+ Object sm = System.getSecurityManager();
+
+ if (sm != null)
{
- AccessController.checkPermission(m_adminPerm);
+ ((SecurityManager) sm).checkPermission(
+ new AdminPermission(m_systemBundle, AdminPermission.STARTLEVEL));
}
- else if (startlevel <= 0)
+
+ if (startlevel <= 0)
{
throw new IllegalArgumentException(
"Start level must be greater than zero.");
}
+
synchronized (m_requestList)
{
m_requestList.add(new Integer(startlevel));
@@ -124,11 +127,15 @@
**/
public void setBundleStartLevel(Bundle bundle, int startlevel)
{
- if (System.getSecurityManager() != null)
+ Object sm = System.getSecurityManager();
+
+ if (sm != null)
{
- AccessController.checkPermission(m_adminPerm);
+ ((SecurityManager) sm).checkPermission(
+ new AdminPermission(bundle, AdminPermission.STARTLEVEL));
}
- else if (bundle.getBundleId() == 0)
+
+ if (bundle.getBundleId() == 0)
{
throw new IllegalArgumentException(
"Cannot change system bundle start level.");
@@ -158,6 +165,13 @@
**/
public void setInitialBundleStartLevel(int startlevel)
{
+ Object sm = System.getSecurityManager();
+
+ if (sm != null)
+ {
+ ((SecurityManager) sm).checkPermission(
+ new AdminPermission(m_systemBundle, AdminPermission.STARTLEVEL));
+ }
m_felix.setInitialBundleStartLevel(startlevel);
}
diff --git a/org.apache.felix.framework/src/main/java/org/apache/felix/framework/SystemBundle.java b/org.apache.felix.framework/src/main/java/org/apache/felix/framework/SystemBundle.java
index dfe99e4..46c4a63 100644
--- a/org.apache.felix.framework/src/main/java/org/apache/felix/framework/SystemBundle.java
+++ b/org.apache.felix.framework/src/main/java/org/apache/felix/framework/SystemBundle.java
@@ -17,8 +17,6 @@
package org.apache.felix.framework;
import java.io.InputStream;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
import java.util.*;
import org.apache.felix.framework.cache.SystemBundleArchive;
@@ -159,11 +157,14 @@
public synchronized void stop() throws BundleException
{
- if (System.getSecurityManager() != null)
+ Object sm = System.getSecurityManager();
+
+ if(sm != null)
{
- AccessController.checkPermission(new AdminPermission());
+ ((SecurityManager) sm).checkPermission(new AdminPermission(this,
+ AdminPermission.EXECUTE));
}
-
+
// Spec says stop() on SystemBundle should return immediately and
// shutdown framework on another thread.
if (getFelix().getStatus() == Felix.RUNNING_STATUS)
@@ -192,13 +193,16 @@
{
if (System.getSecurityManager() != null)
{
- AccessController.doPrivileged(new PrivilegedAction() {
- public Object run()
+ java.security.AccessController.doPrivileged(
+ new java.security.PrivilegedAction()
{
- System.exit(0);
- return null;
- }
- });
+ public Object run()
+ {
+ System.exit(0);
+
+ return null;
+ }
+ });
}
else
{
@@ -238,9 +242,12 @@
public synchronized void update(InputStream is) throws BundleException
{
- if (System.getSecurityManager() != null)
+ Object sm = System.getSecurityManager();
+
+ if (sm != null)
{
- AccessController.checkPermission(new AdminPermission());
+ ((SecurityManager) sm).checkPermission(new AdminPermission(this,
+ AdminPermission.EXECUTE));
}
// TODO: This is supposed to stop and then restart the framework.
diff --git a/org.apache.felix.framework/src/main/java/org/apache/felix/framework/cache/JarRevision.java b/org.apache.felix.framework/src/main/java/org/apache/felix/framework/cache/JarRevision.java
index 48c703d..faa24c1 100644
--- a/org.apache.felix.framework/src/main/java/org/apache/felix/framework/cache/JarRevision.java
+++ b/org.apache.felix.framework/src/main/java/org/apache/felix/framework/cache/JarRevision.java
@@ -290,7 +290,7 @@
"Proxy-Authorization", "Basic " + base64);
}
}
- is = conn.getInputStream();
+ is = BundleCache.getSecureAction().getURLConnectionInputStream(conn);
}
// Save the bundle jar file.
diff --git a/org.apache.felix.framework/src/main/java/org/apache/felix/framework/searchpolicy/ContentClassLoader.java b/org.apache.felix.framework/src/main/java/org/apache/felix/framework/searchpolicy/ContentClassLoader.java
index a41e1ff..0e4696d 100644
--- a/org.apache.felix.framework/src/main/java/org/apache/felix/framework/searchpolicy/ContentClassLoader.java
+++ b/org.apache.felix.framework/src/main/java/org/apache/felix/framework/searchpolicy/ContentClassLoader.java
@@ -31,7 +31,7 @@
{
private ContentLoaderImpl m_contentLoader = null;
- ContentClassLoader(ContentLoaderImpl contentLoader)
+ public ContentClassLoader(ContentLoaderImpl contentLoader)
{
m_contentLoader = contentLoader;
}
diff --git a/org.apache.felix.framework/src/main/java/org/apache/felix/framework/searchpolicy/ContentLoaderImpl.java b/org.apache.felix.framework/src/main/java/org/apache/felix/framework/searchpolicy/ContentLoaderImpl.java
index 8f4379a..fe45fa6 100644
--- a/org.apache.felix.framework/src/main/java/org/apache/felix/framework/searchpolicy/ContentLoaderImpl.java
+++ b/org.apache.felix.framework/src/main/java/org/apache/felix/framework/searchpolicy/ContentLoaderImpl.java
@@ -23,6 +23,7 @@
import java.util.Vector;
import org.apache.felix.framework.Logger;
+import org.apache.felix.framework.util.SecureAction;
import org.apache.felix.moduleloader.*;
public class ContentLoaderImpl implements IContentLoader
@@ -33,6 +34,7 @@
private ISearchPolicy m_searchPolicy = null;
private IURLPolicy m_urlPolicy = null;
private ContentClassLoader m_classLoader = null;
+ private static SecureAction m_secureAction = new SecureAction();
public ContentLoaderImpl(Logger logger, IContent content, IContent[] contentPath)
{
@@ -98,7 +100,7 @@
{
if (m_classLoader == null)
{
- m_classLoader = new ContentClassLoader(this);
+ m_classLoader = m_secureAction.createContentClassLoader(this);
}
try
diff --git a/org.apache.felix.framework/src/main/java/org/apache/felix/framework/util/SecureAction.java b/org.apache.felix.framework/src/main/java/org/apache/felix/framework/util/SecureAction.java
index 12b374e..c2cacc0 100644
--- a/org.apache.felix.framework/src/main/java/org/apache/felix/framework/util/SecureAction.java
+++ b/org.apache.felix.framework/src/main/java/org/apache/felix/framework/util/SecureAction.java
@@ -21,6 +21,8 @@
import java.security.*;
import java.util.jar.JarFile;
+import org.apache.felix.framework.searchpolicy.ContentClassLoader;
+import org.apache.felix.framework.searchpolicy.ContentLoaderImpl;
import org.apache.felix.moduleloader.JarFileX;
/**
@@ -310,6 +312,31 @@
return new FileOutputStream(file);
}
}
+
+ public synchronized InputStream getURLConnectionInputStream(URLConnection conn)
+ throws IOException
+ {
+ if (System.getSecurityManager() != null)
+ {
+ try
+ {
+ m_actions.set(Actions.GET_URL_INPUT_ACTION, conn);
+ return (InputStream) AccessController.doPrivileged(m_actions, m_acc);
+ }
+ catch (PrivilegedActionException ex)
+ {
+ if (ex.getException() instanceof IOException)
+ {
+ throw (IOException) ex.getException();
+ }
+ throw (RuntimeException) ex.getException();
+ }
+ }
+ else
+ {
+ return conn.getInputStream();
+ }
+ }
public synchronized boolean deleteFile(File target)
{
@@ -332,14 +359,14 @@
}
}
- public synchronized JarFile openJAR(File file) throws IOException
+ public synchronized JarFileX openJAR(File file) throws IOException
{
if (System.getSecurityManager() != null)
{
try
{
m_actions.set(Actions.OPEN_JAR_ACTION, file);
- return (JarFile) AccessController.doPrivileged(m_actions, m_acc);
+ return (JarFileX) AccessController.doPrivileged(m_actions, m_acc);
}
catch (PrivilegedActionException ex)
{
@@ -355,6 +382,26 @@
return new JarFileX(file);
}
}
+
+ public synchronized ContentClassLoader createContentClassLoader(ContentLoaderImpl impl)
+ {
+ if (System.getSecurityManager() != null)
+ {
+ try
+ {
+ m_actions.set(Actions.CREATE_CONTENTCLASSLOADER_ACTION, impl);
+ return (ContentClassLoader) AccessController.doPrivileged(m_actions);
+ }
+ catch (PrivilegedActionException ex)
+ {
+ throw (RuntimeException) ex.getException();
+ }
+ }
+ else
+ {
+ return new ContentClassLoader(impl);
+ }
+ }
private class Actions implements PrivilegedExceptionAction
{
@@ -372,6 +419,8 @@
public static final int GET_FILE_OUTPUT_ACTION = 11;
public static final int DELETE_FILE_ACTION = 12;
public static final int OPEN_JAR_ACTION = 13;
+ public static final int GET_URL_INPUT_ACTION = 14;
+ public static final int CREATE_CONTENTCLASSLOADER_ACTION = 15;
private int m_action = -1;
private Object m_arg1 = null;
@@ -481,6 +530,14 @@
{
return new JarFileX((File) m_arg1);
}
+ else if (m_action == GET_URL_INPUT_ACTION)
+ {
+ return ((URLConnection) m_arg1).getInputStream();
+ }
+ else if (m_action == CREATE_CONTENTCLASSLOADER_ACTION)
+ {
+ return new ContentClassLoader((ContentLoaderImpl) m_arg1);
+ }
return null;
}
}
diff --git a/org.apache.felix.framework/src/main/java/org/apache/felix/framework/util/ServiceListenerWrapper.java b/org.apache.felix.framework/src/main/java/org/apache/felix/framework/util/ServiceListenerWrapper.java
index 9b30a43..2d5f992 100644
--- a/org.apache.felix.framework/src/main/java/org/apache/felix/framework/util/ServiceListenerWrapper.java
+++ b/org.apache.felix.framework/src/main/java/org/apache/felix/framework/util/ServiceListenerWrapper.java
@@ -1,5 +1,5 @@
/*
- * Copyright 2005 The Apache Software Foundation
+ * Copyright 2006 The Apache Software Foundation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -25,7 +25,7 @@
// LDAP query filter.
private Filter m_filter = null;
// Remember the security context.
- private AccessControlContext m_acc = null;
+ private Object m_acc = null;
public ServiceListenerWrapper(Bundle bundle, ServiceListener l, Filter filter)
{
@@ -34,9 +34,11 @@
// Remember security context for filtering
// events based on security.
- if (System.getSecurityManager() != null)
+ Object sm = System.getSecurityManager();
+
+ if (sm != null)
{
- m_acc = AccessController.getContext();
+ m_acc = ((SecurityManager) sm).getSecurityContext();
}
}
@@ -67,19 +69,25 @@
if (objectClass != null)
{
boolean hasPermission = false;
- if (m_acc != null)
+
+ Object sm = System.getSecurityManager();
+
+ if ((m_acc != null) && (sm != null))
{
for (int i = 0;
!hasPermission && (i < objectClass.length);
i++)
{
- try {
+ try
+ {
ServicePermission perm =
new ServicePermission(
objectClass[i], ServicePermission.GET);
- m_acc.checkPermission(perm);
+ ((SecurityManager) sm).checkPermission(perm, m_acc);
hasPermission = true;
- } catch (Exception ex) {
+ }
+ catch (Exception ex)
+ {
}
}
}
diff --git a/org.apache.felix.framework/src/main/java/org/apache/felix/moduleloader/JarContent.java b/org.apache.felix.framework/src/main/java/org/apache/felix/moduleloader/JarContent.java
index 6a89fbc..4df78b1 100644
--- a/org.apache.felix.framework/src/main/java/org/apache/felix/moduleloader/JarContent.java
+++ b/org.apache.felix.framework/src/main/java/org/apache/felix/moduleloader/JarContent.java
@@ -22,6 +22,8 @@
import java.util.NoSuchElementException;
import java.util.zip.ZipEntry;
+import org.apache.felix.framework.util.SecureAction;
+
public class JarContent implements IContent
{
private static final int BUFSIZE = 4096;
@@ -29,6 +31,8 @@
private File m_file = null;
private JarFileX m_jarFile = null;
private boolean m_opened = false;
+
+ private static SecureAction m_secureAction = new SecureAction();
public JarContent(File file)
{
@@ -256,7 +260,7 @@
{
if (m_jarFile == null)
{
- m_jarFile = new JarFileX(m_file);
+ m_jarFile = m_secureAction.openJAR(m_file);
}
}