Uploaded image for project: 'Felix'
  1. Felix
  2. FELIX-4975

fileinstall's ConfigInstaller leaks it's permission checks to caller

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: fileinstall-3.5.0
    • Fix Version/s: fileinstall-3.5.2
    • Component/s: File Install
    • Labels:
      None
    • Environment:
      any with security enabled

      Description

      The following stack trace shows ConfigInstaller's permission leaking and failing for configadmin (the caller)

      java.security.AccessControlException: access denied ("java.util.PropertyPermission" "felix.fileinstall.enableConfigSave" "read")
      	at java.security.AccessControlContext.checkPermission(AccessControlContext.java:372)
      	at org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager.internalCheckPermission(EquinoxSecurityManager.java:117)
      	at com.liferay.portal.security.pacl.PortalSecurityManagerImpl$PermissionAction.run(PortalSecurityManagerImpl.java:1465)
      	at com.liferay.portal.security.pacl.PortalSecurityManagerImpl$PermissionAction.run(PortalSecurityManagerImpl.java:1451)
      	at java.security.AccessController.doPrivileged(Native Method)
      	at com.liferay.portal.security.pacl.PortalSecurityManagerImpl.checkPermission(PortalSecurityManagerImpl.java:331)
      	at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1298)
      	at org.eclipse.osgi.internal.framework.BundleContextImpl.getProperty(BundleContextImpl.java:117)
      	at org.apache.felix.fileinstall.internal.ConfigInstaller.shouldSaveConfig(ConfigInstaller.java:163)
      	at org.apache.felix.fileinstall.internal.ConfigInstaller.configurationEvent(ConfigInstaller.java:93)
      	at org.apache.felix.cm.impl.ConfigurationManager$FireConfigurationEvent.sendEvent(ConfigurationManager.java:2046)
      	at org.apache.felix.cm.impl.ConfigurationManager$FireConfigurationEvent.run(ConfigurationManager.java:2014)
      	at org.apache.felix.cm.impl.UpdateThread$1.run(UpdateThread.java:131)
      	at org.apache.felix.cm.impl.UpdateThread$1.run(UpdateThread.java:128)
      	at java.security.AccessController.doPrivileged(Native Method)
      	at org.apache.felix.cm.impl.UpdateThread.run0(UpdateThread.java:127)
      	at org.apache.felix.cm.impl.UpdateThread.run(UpdateThread.java:110)
      	at java.lang.Thread.run(Thread.java:745)
      

        Attachments

          Activity

            People

            • Assignee:
              gnodet Guillaume Nodet
              Reporter:
              rotty3000 Raymond Augé
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: