I've run into a problem trying to limit actions that the OSGi bundle can perform. According to the documents I've read, permissions for OSGi bundles should be set in OSGI-INF/permissions.perm file within bundle's JAR. However, no matter what I write in that file (and no matter if this file exists or not), bundles seem to have AllPermissions. More specifically, I start OSGi from command line with command
D:\temp\2>java -jar org.eclipse.osgi_3.3.2.R33x_v20080105.jar -console
-Djava.security.manager=org.eclipse.osgi.framework.internal.core.FrameworkSecurityManager
Then I install bundle with command
osgi> install file:/d:/temp/2/J1.jar
and start it. When I try to perform an operation that should be restricted (e.g., accessing a file, loading a library, etc.), operation always succeeds, even with empty permissions.perm file. How do I make permissions specified in permissions.perm file active?
The permissions.perm does not specify what the bundle may do. It specifies what the bundle wants to do: See http://www.javacodegeeks.com/2012/11/permissions-in-osgi.html
So this file seems to be there to be able to fail fast if permissions are missing. You can even leave it out if this is not necessary for you.
The real security settings have to be done on the framework. See this for felix: https://felix.apache.org/documentation/subprojects/apache-felix-framework-security.html