Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.
Bug 366123 - Add an option to configure default security permissions
Summary: Add an option to configure default security permissions
Status: NEW
Alias: None
Product: Equinox
Classification: Eclipse Project
Component: Framework (show other bugs)
Version: 3.7.1   Edit
Hardware: PC Mac OS X - Carbon (unsup.)
: P3 enhancement (vote)
Target Milestone: ---   Edit
Assignee: equinox.framework-inbox CLA
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-12-08 17:43 EST by Borislav Kapukaranov CLA
Modified: 2013-05-29 00:59 EDT (History)
5 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Borislav Kapukaranov CLA 2011-12-08 17:43:02 EST 
Eclipse, all Eclipse-like platforms and Equinox-based products lack a way to configure OSGi security permissions right at the framework's startup using the standard equinox launcher jar. 
This is a major draw-back for securing the platform as it could not be easily ensured a bundle security agent will always start first, so that adds a certain element of uncertainty when users try to configure that platform's security.

With this enhancement I propose to add an option to the equinox launcher that can enable configuring the OSGi security's initial set of permissions, until a security agent bundle comes into play.
To be more specific this option can accept a policy file that defines the desired permissions using the appropriate syntax (defined in the OSGi specification).

Do you feel that users can benefit from that?
Comment 1 Thomas Watson CLA 2011-12-09 11:13:52 EST 
Moving to framework since I think this option should probably be implemented in EclipseStarter.  Actually doing it in the launcher will require a fair amount of reflection since the launcher does not actually have the org.osgi classes available on its class path.


(In reply to comment #0)
> To be more specific this option can accept a policy file that defines the
> desired permissions using the appropriate syntax (defined in the OSGi
> specification).

Specifically you mean to use the format specified by org.osgi.service.condpermadmin.ConditionalPermissionInfo.getEncoded(), correct?

> 
> Do you feel that users can benefit from that?


Seems reasonable.
Comment 2 Borislav Kapukaranov CLA 2011-12-09 11:24:29 EST 
(In reply to comment #1)
> Moving to framework since I think this option should probably be implemented in
> EclipseStarter.  Actually doing it in the launcher will require a fair amount
> of reflection since the launcher does not actually have the org.osgi classes
> available on its class path.
Agreed. Looking at code, I realize I was refering to Eclipse Starter too.

> Specifically you mean to use the format specified by
> org.osgi.service.condpermadmin.ConditionalPermissionInfo.getEncoded(), correct?
Yes.

I'll try to get something running in a separate branch and bring it up for review.