FELIX-4197 Enforce permission check on Configuration.get/setBundleLocation.
Implicit permission is only applicable to CRUD on configuration itself.
git-svn-id: https://svn.apache.org/repos/asf/felix/trunk@1515315 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/configadmin/src/main/java/org/apache/felix/cm/impl/ConfigurationAdapter.java b/configadmin/src/main/java/org/apache/felix/cm/impl/ConfigurationAdapter.java
index c616938..0bd5c59 100644
--- a/configadmin/src/main/java/org/apache/felix/cm/impl/ConfigurationAdapter.java
+++ b/configadmin/src/main/java/org/apache/felix/cm/impl/ConfigurationAdapter.java
@@ -76,7 +76,7 @@
delegatee.getConfigurationManager().log( LogService.LOG_DEBUG, "getBundleLocation() ==> {0}", new Object[]
{ bundleLocation } );
checkActive();
- configurationAdmin.checkPermission( delegatee.getConfigurationManager(), ( bundleLocation == null ) ? "*" : bundleLocation );
+ configurationAdmin.checkPermission( delegatee.getConfigurationManager(), ( bundleLocation == null ) ? "*" : bundleLocation, true );
checkDeleted();
return bundleLocation;
}
@@ -95,8 +95,8 @@
// CM 1.4 / 104.13.2.4
checkActive();
final String configLocation = delegatee.getBundleLocation();
- configurationAdmin.checkPermission( delegatee.getConfigurationManager(), ( configLocation == null ) ? "*" : configLocation );
- configurationAdmin.checkPermission( delegatee.getConfigurationManager(), ( bundleLocation == null ) ? "*" : bundleLocation );
+ configurationAdmin.checkPermission( delegatee.getConfigurationManager(), ( configLocation == null ) ? "*" : configLocation, true );
+ configurationAdmin.checkPermission( delegatee.getConfigurationManager(), ( bundleLocation == null ) ? "*" : bundleLocation, true );
checkDeleted();
delegatee.setStaticBundleLocation( bundleLocation );
}
diff --git a/configadmin/src/main/java/org/apache/felix/cm/impl/ConfigurationAdminImpl.java b/configadmin/src/main/java/org/apache/felix/cm/impl/ConfigurationAdminImpl.java
index 67efa2e..13fadcd 100644
--- a/configadmin/src/main/java/org/apache/felix/cm/impl/ConfigurationAdminImpl.java
+++ b/configadmin/src/main/java/org/apache/felix/cm/impl/ConfigurationAdminImpl.java
@@ -95,7 +95,7 @@
{ factoryPid, location } );
// CM 1.4 / 104.13.2.3
- this.checkPermission( configurationManager, ( location == null ) ? "*" : location );
+ this.checkPermission( configurationManager, ( location == null ) ? "*" : location, false );
ConfigurationImpl config = configurationManager.createFactoryConfiguration( factoryPid, location );
return this.wrap( config );
@@ -135,7 +135,7 @@
else
{
// CM 1.4 / 104.13.2.3
- this.checkPermission( configurationManager, config.getBundleLocation() );
+ this.checkPermission( configurationManager, config.getBundleLocation(), false );
}
}
@@ -154,7 +154,7 @@
{ pid, location } );
// CM 1.4 / 104.13.2.3
- this.checkPermission( configurationManager, ( location == null ) ? "*" : location );
+ this.checkPermission( configurationManager, ( location == null ) ? "*" : location, false );
ConfigurationImpl config = configurationManager.getConfiguration( pid );
if ( config == null )
@@ -164,7 +164,7 @@
else
{
final String configLocation = config.getBundleLocation();
- this.checkPermission( configurationManager, ( configLocation == null ) ? "*" : configLocation );
+ this.checkPermission( configurationManager, ( configLocation == null ) ? "*" : configLocation, false );
}
return this.wrap( config );
@@ -213,7 +213,7 @@
{
try
{
- checkPermission(configurationManager, name);
+ checkPermission(configurationManager, name, false);
return true;
}
catch ( SecurityException se )
@@ -229,20 +229,21 @@
* <code>SecurityException</code> if this is not the case.
*
* @param name The bundle location to check for permission. If this
- * is <code>null</code> or exactly matches the using bundle's
- * location, permission is always granted.
+ * is <code>null</code> permission is always granted.
+ * @param checkOwn If {@code false} permission is alwas granted if
+ * {@code name} is the same the using bundle's location.
*
* @throws SecurityException if the access control context does not
* have the appropriate permission
*/
- void checkPermission( final ConfigurationManager configurationManager, String name )
+ void checkPermission( final ConfigurationManager configurationManager, String name, boolean checkOwn )
{
// the caller's permission must be checked
final SecurityManager sm = System.getSecurityManager();
if ( sm != null )
{
// CM 1.4 / 104.11.1 Implicit permission
- if ( name != null && !name.equals( getBundle().getLocation() ) )
+ if ( name != null && ( checkOwn || !name.equals( getBundle().getLocation() ) ) )
{
try
{