1

The documentation is not helping at all, OSGi in Action does not have an example head to toes on how to do things. For example, I want bundle A to deny a package import from Bundle B, etc. Simple examples, from start to end - I can't find them.

But back to my question, I want to block calls to System.exit for obvious reasons, besides "do not implement your own Security Manager", I did not get much from the Virgo forum, thus my question here.

EDIT

Since I want this to happen in Virgo, here is what I have tried:

 public void start(BundleContext context) throws Exception {
     System.out.println("===== Starting Bundle PermissionsTest =====");
     SecurityManager securityManager = System.getSecurityManager();
     if(securityManager == null) throw new IllegalArgumentException("Security Manager is not defined!");

     ServiceReference serviceReference = 
            (ServiceReference) context.getServiceReference(ConditionalPermissionAdmin.class.getName());
     if(serviceReference == null) throw new IllegalArgumentException(ConditionalPermissionAdmin.class.getName() + " IS NULL");
    else System.out.println("===== Good so far 1 =====");

     ConditionalPermissionAdmin conditionalPermissionAdmin = 
            (ConditionalPermissionAdmin)context.getService(serviceReference);
     if(conditionalPermissionAdmin == null) throw new IllegalArgumentException("ConditionalPermissionAdmin can not be found");
    else System.out.println("===== Good so far 2 =====");

What I did first in Virgo ie enable the Equinox Security Manager (because this is the one Virgo uses). The specification of the OSGi says that each container has to implement it's own Security Manager extended with a bunch of OSGi specific actions.

In case of Virgo this is Equinox Security Manager. Enabling it is pretty easy - just add two lines in bin/dmk.sh and thus you have it.

Ok, so I do have the ConditionalPermissionAdmin - good! Now, I can for example, add a Security Check, like, BundlePermission say for a Bundle. Sure, but that happens for bundle specific actions, like start/stop/export, etc etc. I can't seem to figure out how to do it for a LifeCycle action - System.exit in my case.

btw, I use version 4.2.0 of the osgi-core, and nope I can't upgrade to 4.3.0, at least not now.

4

1 回答 1

4

System.exit 由 RuntimePermission("exitVm", "<>") 管理,因此规范中的示例语法给出

DENY {
   ( java.lang.RuntimePermission "exitVm" "*" )
}

在Java代码中(还没有测试过,所以要小心):

ConditionalPermissionInfo info = admin.newConditionalPermissionInfo(
    "name", 
    null, 
    new PermissionInfo[] { new PermissionInfo(
       "java.lang.RuntimePermission", "exitVm", "*") },
    ConditionalPermissionInfo.DENY
);

ConditionalPermissionUpdate update = admin
   .newConditionalPermissionUpdate();
update.getConditionalPermissionInfos().add(0, info);
update.commit();

该主题在“OSGi in Action”一书中得到了很好的处理。请记住,规范的主要受众是规范的实施者,而不是最终用户。成员应该提供教育材料来弥合这一差距。后来的规范试图对最终用户更具教育意义。

于 2012-09-04T06:57:27.877 回答