From: Mathieu Baudier Date: Wed, 10 Aug 2016 13:05:16 +0000 (+0000) Subject: Last building Kernel X-Git-Tag: argeo-commons-2.1.45~35 X-Git-Url: http://git.argeo.org/?a=commitdiff_plain;h=fe647a3bb2330ecac77b9f9be87632b51e64063d;p=lgpl%2Fargeo-commons.git Last building Kernel git-svn-id: https://svn.argeo.org/commons/trunk@9076 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc --- diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/Kernel.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/Kernel.java index 6746292f0..7ad7fccd6 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/Kernel.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/Kernel.java @@ -163,256 +163,6 @@ final class Kernel implements KernelHeader, KernelConstants { httpService.open(); permissionAdmin = bc.getService(bc.getServiceReference(ConditionalPermissionAdmin.class)); - - applySystemPermissions(); - } - - private void applySystemPermissions() { - ConditionalPermissionUpdate update = permissionAdmin.newConditionalPermissionUpdate(); - // Self - update.getConditionalPermissionInfos() - .add(permissionAdmin.newConditionalPermissionInfo(null, - new ConditionInfo[] { new ConditionInfo(BundleLocationCondition.class.getName(), - new String[] { locate(Kernel.class) }) }, - new PermissionInfo[] { new PermissionInfo(AllPermission.class.getName(), null, null) }, - ConditionalPermissionInfo.ALLOW)); - update.getConditionalPermissionInfos() - .add(permissionAdmin.newConditionalPermissionInfo(null, - new ConditionInfo[] { new ConditionInfo(BundleLocationCondition.class.getName(), - new String[] { bc.getBundle(0).getLocation() }) }, - new PermissionInfo[] { new PermissionInfo(AllPermission.class.getName(), null, null) }, - ConditionalPermissionInfo.ALLOW)); - // All - // FIXME understand why Jetty and Jackrabbit require that - update.getConditionalPermissionInfos() - .add(permissionAdmin.newConditionalPermissionInfo(null, null, new PermissionInfo[] { - new PermissionInfo(SocketPermission.class.getName(), "localhost:7070", "listen,resolve"), - new PermissionInfo(FilePermission.class.getName(), "<>", "read,write,delete"), - new PermissionInfo(PropertyPermission.class.getName(), "DEBUG", "read"), - new PermissionInfo(PropertyPermission.class.getName(), "STOP.*", "read"), - new PermissionInfo(PropertyPermission.class.getName(), "org.apache.jackrabbit.*", "read"), - new PermissionInfo(RuntimePermission.class.getName(), "*", "*"), }, - ConditionalPermissionInfo.ALLOW)); - - // Eclipse - // update.getConditionalPermissionInfos() - // .add(permissionAdmin.newConditionalPermissionInfo(null, - // new ConditionInfo[] { new - // ConditionInfo(BundleLocationCondition.class.getName(), - // new String[] { "*/org.eclipse.*" }) }, - // new PermissionInfo[] { new - // PermissionInfo(RuntimePermission.class.getName(), "*", "*"), - // new PermissionInfo(AdminPermission.class.getName(), "*", "*"), - // new PermissionInfo(ServicePermission.class.getName(), "*", "get"), - // new PermissionInfo(ServicePermission.class.getName(), "*", - // "register"), - // new PermissionInfo(TopicPermission.class.getName(), "*", "publish"), - // new PermissionInfo(TopicPermission.class.getName(), "*", - // "subscribe"), - // new PermissionInfo(PropertyPermission.class.getName(), "osgi.*", - // "read"), - // new PermissionInfo(PropertyPermission.class.getName(), "eclipse.*", - // "read"), - // new PermissionInfo(PropertyPermission.class.getName(), - // "org.eclipse.*", "read"), - // new PermissionInfo(PropertyPermission.class.getName(), "equinox.*", - // "read"), - // new PermissionInfo(PropertyPermission.class.getName(), "xml.*", - // "read"), - // new PermissionInfo("org.eclipse.equinox.log.LogPermission", "*", - // "log"), }, - // ConditionalPermissionInfo.ALLOW)); - update.getConditionalPermissionInfos() - .add(permissionAdmin.newConditionalPermissionInfo(null, - new ConditionInfo[] { new ConditionInfo(BundleLocationCondition.class.getName(), - new String[] { "*/org.eclipse.*" }) }, - new PermissionInfo[] { new PermissionInfo(AllPermission.class.getName(), null, null), }, - ConditionalPermissionInfo.ALLOW)); - update.getConditionalPermissionInfos() - .add(permissionAdmin.newConditionalPermissionInfo(null, - new ConditionInfo[] { new ConditionInfo(BundleLocationCondition.class.getName(), - new String[] { "*/org.apache.felix.*" }) }, - new PermissionInfo[] { new PermissionInfo(AllPermission.class.getName(), null, null), }, - ConditionalPermissionInfo.ALLOW)); - - // Configuration admin - update.getConditionalPermissionInfos().add(permissionAdmin.newConditionalPermissionInfo(null, - new ConditionInfo[] { new ConditionInfo(BundleLocationCondition.class.getName(), - new String[] { locate(configurationAdmin.getService().getClass()) }) }, - new PermissionInfo[] { new PermissionInfo(ConfigurationPermission.class.getName(), "*", "configure"), - new PermissionInfo(AdminPermission.class.getName(), "*", "*"), - new PermissionInfo(PropertyPermission.class.getName(), "osgi.*", "read"), }, - ConditionalPermissionInfo.ALLOW)); - - // Bitronix - update.getConditionalPermissionInfos().add(permissionAdmin.newConditionalPermissionInfo(null, - new ConditionInfo[] { new ConditionInfo(BundleLocationCondition.class.getName(), - new String[] { locate(BitronixTransactionManager.class) }) }, - new PermissionInfo[] { new PermissionInfo(PropertyPermission.class.getName(), "bitronix.tm.*", "read"), - new PermissionInfo(RuntimePermission.class.getName(), "getClassLoader", null), - new PermissionInfo(MBeanServerPermission.class.getName(), "createMBeanServer", null), - new PermissionInfo(MBeanPermission.class.getName(), "bitronix.tm.*", "registerMBean"), - new PermissionInfo(MBeanTrustPermission.class.getName(), "register", null) }, - ConditionalPermissionInfo.ALLOW)); - - // DS - Bundle dsBundle = findBundle("org.eclipse.equinox.ds"); - update.getConditionalPermissionInfos().add(permissionAdmin.newConditionalPermissionInfo(null, - new ConditionInfo[] { new ConditionInfo(BundleLocationCondition.class.getName(), - new String[] { dsBundle.getLocation() }) }, - new PermissionInfo[] { new PermissionInfo(ConfigurationPermission.class.getName(), "*", "configure"), - new PermissionInfo(AdminPermission.class.getName(), "*", "*"), - new PermissionInfo(ServicePermission.class.getName(), "*", "get"), - new PermissionInfo(ServicePermission.class.getName(), "*", "register"), - new PermissionInfo(PropertyPermission.class.getName(), "osgi.*", "read"), - new PermissionInfo(PropertyPermission.class.getName(), "xml.*", "read"), - new PermissionInfo(PropertyPermission.class.getName(), "equinox.*", "read"), - new PermissionInfo(RuntimePermission.class.getName(), "accessDeclaredMembers", null), - new PermissionInfo(RuntimePermission.class.getName(), "getClassLoader", null), - new PermissionInfo(ReflectPermission.class.getName(), "suppressAccessChecks", null), }, - ConditionalPermissionInfo.ALLOW)); - - // Jetty - Bundle jettyUtilBundle = findBundle("org.eclipse.equinox.http.jetty"); - update.getConditionalPermissionInfos().add(permissionAdmin.newConditionalPermissionInfo(null, - new ConditionInfo[] { new ConditionInfo(BundleLocationCondition.class.getName(), - new String[] { "*/org.eclipse.jetty.*" }) }, - new PermissionInfo[] { - new PermissionInfo(FilePermission.class.getName(), "<>", "read,write,delete"), }, - ConditionalPermissionInfo.ALLOW)); - - // Blueprint - Bundle blueprintBundle = findBundle("org.eclipse.gemini.blueprint.core"); - update.getConditionalPermissionInfos() - .add(permissionAdmin.newConditionalPermissionInfo(null, - new ConditionInfo[] { new ConditionInfo(BundleLocationCondition.class.getName(), - new String[] { blueprintBundle.getLocation() }) }, - new PermissionInfo[] { new PermissionInfo(RuntimePermission.class.getName(), "*", null), - new PermissionInfo(AdminPermission.class.getName(), "*", "*"), }, - ConditionalPermissionInfo.ALLOW)); - Bundle blueprintExtenderBundle = findBundle("org.eclipse.gemini.blueprint.extender"); - update.getConditionalPermissionInfos() - .add(permissionAdmin - .newConditionalPermissionInfo(null, - new ConditionInfo[] { new ConditionInfo(BundleLocationCondition.class.getName(), - new String[] { blueprintExtenderBundle.getLocation() }) }, - new PermissionInfo[] { new PermissionInfo(RuntimePermission.class.getName(), "*", null), - new PermissionInfo(PropertyPermission.class.getName(), "org.eclipse.gemini.*", - "read"), - new PermissionInfo(AdminPermission.class.getName(), "*", "*"), - new PermissionInfo(ServicePermission.class.getName(), "*", "register"), }, - ConditionalPermissionInfo.ALLOW)); - Bundle springCoreBundle = findBundle("org.springframework.core"); - update.getConditionalPermissionInfos() - .add(permissionAdmin.newConditionalPermissionInfo(null, - new ConditionInfo[] { new ConditionInfo(BundleLocationCondition.class.getName(), - new String[] { springCoreBundle.getLocation() }) }, - new PermissionInfo[] { new PermissionInfo(RuntimePermission.class.getName(), "*", null), - new PermissionInfo(AdminPermission.class.getName(), "*", "*"), }, - ConditionalPermissionInfo.ALLOW)); - Bundle blueprintIoBundle = findBundle("org.eclipse.gemini.blueprint.io"); - update.getConditionalPermissionInfos() - .add(permissionAdmin.newConditionalPermissionInfo(null, - new ConditionInfo[] { new ConditionInfo(BundleLocationCondition.class.getName(), - new String[] { blueprintIoBundle.getLocation() }) }, - new PermissionInfo[] { new PermissionInfo(RuntimePermission.class.getName(), "*", null), - new PermissionInfo(AdminPermission.class.getName(), "*", "*"), }, - ConditionalPermissionInfo.ALLOW)); - - // Equinox - Bundle registryBundle = findBundle("org.eclipse.equinox.registry"); - update.getConditionalPermissionInfos().add(permissionAdmin.newConditionalPermissionInfo(null, - new ConditionInfo[] { new ConditionInfo(BundleLocationCondition.class.getName(), - new String[] { registryBundle.getLocation() }) }, - new PermissionInfo[] { new PermissionInfo(PropertyPermission.class.getName(), "eclipse.*", "read"), - new PermissionInfo(PropertyPermission.class.getName(), "osgi.*", "read"), - new PermissionInfo(FilePermission.class.getName(), "<>", "read,write,delete"), }, - ConditionalPermissionInfo.ALLOW)); - - Bundle equinoxUtilBundle = findBundle("org.eclipse.equinox.util"); - update.getConditionalPermissionInfos().add(permissionAdmin.newConditionalPermissionInfo(null, - new ConditionInfo[] { new ConditionInfo(BundleLocationCondition.class.getName(), - new String[] { equinoxUtilBundle.getLocation() }) }, - new PermissionInfo[] { new PermissionInfo(PropertyPermission.class.getName(), "equinox.*", "read"), - new PermissionInfo(ServicePermission.class.getName(), "*", "get"), - new PermissionInfo(ServicePermission.class.getName(), "*", "register"), }, - ConditionalPermissionInfo.ALLOW)); - Bundle equinoxCommonBundle = findBundle("org.eclipse.equinox.common"); - update.getConditionalPermissionInfos() - .add(permissionAdmin.newConditionalPermissionInfo(null, - new ConditionInfo[] { new ConditionInfo(BundleLocationCondition.class.getName(), - new String[] { equinoxCommonBundle.getLocation() }) }, - new PermissionInfo[] { new PermissionInfo(AdminPermission.class.getName(), "*", "*"), }, - ConditionalPermissionInfo.ALLOW)); - - Bundle consoleBundle = findBundle("org.eclipse.equinox.console"); - update.getConditionalPermissionInfos() - .add(permissionAdmin.newConditionalPermissionInfo(null, - new ConditionInfo[] { new ConditionInfo(BundleLocationCondition.class.getName(), - new String[] { consoleBundle.getLocation() }) }, - new PermissionInfo[] { new PermissionInfo(ServicePermission.class.getName(), "*", "register"), - new PermissionInfo(AdminPermission.class.getName(), "*", "listener") }, - ConditionalPermissionInfo.ALLOW)); - Bundle preferencesBundle = findBundle("org.eclipse.equinox.preferences"); - update.getConditionalPermissionInfos().add(permissionAdmin.newConditionalPermissionInfo(null, - new ConditionInfo[] { new ConditionInfo(BundleLocationCondition.class.getName(), - new String[] { preferencesBundle.getLocation() }) }, - new PermissionInfo[] { - new PermissionInfo(FilePermission.class.getName(), "<>", "read,write,delete"), }, - ConditionalPermissionInfo.ALLOW)); - Bundle appBundle = findBundle("org.eclipse.equinox.app"); - update.getConditionalPermissionInfos().add(permissionAdmin.newConditionalPermissionInfo(null, - new ConditionInfo[] { new ConditionInfo(BundleLocationCondition.class.getName(), - new String[] { appBundle.getLocation() }) }, - new PermissionInfo[] { - new PermissionInfo(FilePermission.class.getName(), "<>", "read,write,delete"), }, - ConditionalPermissionInfo.ALLOW)); - - // Jackrabbit - Bundle jackrabbitCoreBundle = findBundle("org.apache.jackrabbit.core"); - update.getConditionalPermissionInfos().add(permissionAdmin.newConditionalPermissionInfo(null, - new ConditionInfo[] { new ConditionInfo(BundleLocationCondition.class.getName(), - new String[] { jackrabbitCoreBundle.getLocation() }) }, - new PermissionInfo[] { - new PermissionInfo(FilePermission.class.getName(), "<>", "read,write,delete"), - new PermissionInfo(PropertyPermission.class.getName(), "*", "read,write"), - new PermissionInfo(AuthPermission.class.getName(), "getLoginConfiguration", null), - new PermissionInfo(AuthPermission.class.getName(), "createLoginContext.Jackrabbit", null), }, - ConditionalPermissionInfo.ALLOW)); - Bundle jackrabbitCommonBundle = findBundle("org.apache.jackrabbit.jcr.commons"); - update.getConditionalPermissionInfos().add(permissionAdmin.newConditionalPermissionInfo(null, - new ConditionInfo[] { new ConditionInfo(BundleLocationCondition.class.getName(), - new String[] { jackrabbitCommonBundle.getLocation() }) }, - new PermissionInfo[] { - new PermissionInfo(AuthPermission.class.getName(), "createLoginContext.Jackrabbit", null), }, - ConditionalPermissionInfo.ALLOW)); - Bundle tikaCoreBundle = findBundle("org.apache.tika.core"); - update.getConditionalPermissionInfos() - .add(permissionAdmin.newConditionalPermissionInfo(null, - new ConditionInfo[] { new ConditionInfo(BundleLocationCondition.class.getName(), - new String[] { tikaCoreBundle.getLocation() }) }, - new PermissionInfo[] { new PermissionInfo(PropertyPermission.class.getName(), "*", "read"), - new PermissionInfo(AdminPermission.class.getName(), "*", "*") }, - ConditionalPermissionInfo.ALLOW)); - Bundle luceneBundle = findBundle("org.apache.lucene"); - update.getConditionalPermissionInfos() - .add(permissionAdmin.newConditionalPermissionInfo(null, - new ConditionInfo[] { new ConditionInfo(BundleLocationCondition.class.getName(), - new String[] { luceneBundle.getLocation() }) }, - new PermissionInfo[] { - new PermissionInfo(FilePermission.class.getName(), "<>", - "read,write,delete"), - new PermissionInfo(PropertyPermission.class.getName(), "*", "read"), - new PermissionInfo(AdminPermission.class.getName(), "*", "*") }, - ConditionalPermissionInfo.ALLOW)); - - // COMMIT - update.commit(); - } - - /** @return bundle location */ - private String locate(Class clzz) { - return FrameworkUtil.getBundle(clzz).getLocation(); } /*