[osgi-dev] Query on permission file

Peter Kriens Peter.Kriens at aQute.biz
Mon Sep 4 05:34:10 EDT 2006

The default default (2x!) is AllPermission; this is just to get
started. However, any sane installation will set the default
permissions for a bundle to something more restricted before it
downloads any untrusted bundle.

One policy could be to read the bundle permission file and associate these
permissions with the bundle location. This is perfectly valid, and
even secure if you can ensure that only the responsible party can
install bundles and that the connection over which the bundles are
download can be trusted. This is all in the realm of the bundle
management agent and not specified in detail by OSGi, the spec only
enables such models.

Conditional Permission Admin standardized signing to solve many of the
uncertainties around operator policies. It is, like all services,

Kind regards,

     Peter Kriens

kb> That means that even if a bundle is having a permission resource,
kb> default permissions for that bundle will be AllPermissions
kb> if nobody sets the permissions. (Only permission admin present)
kb> .  But I think the bundle need not be given all permissions 
kb> in that case. Please let me know what should be the default permissions for that bundle.
kb>   Also can you please let me know if conditional permission admin
kb> service is a mandatory service or optional as of R4?
kb>   Regards,
kb>   Kiran Bharadwaj

kb> Peter Kriens <Peter.Kriens at aQute.biz> wrote:
kb>   The Bundle permission file is part of the Conditional Permission
kb> specification so it has no semantics defined for Permission Admin.
kb> According to the spec you should ignore the bundle permission file
kb> when you only have  permission admin.

kb> Kind regards,

kb> Peter Kriens

kb>> Hello All,
kb>>    If conditional permission admin service is absent in the
kb>> framework and only permission admin service is present,
kb>> then if any bundle is being installed with the optional
kb>> "permissions.perm" file. Does that perm file need to be 
kb>> considered or not. If it has to be considered what is the use of the file. Do we have
kb>> to assign the permissions in the perm file to the given bundle.
kb>> Regards,
kb>> Kiran Bharadwaj


kb>> All-new Yahoo! Mail - Fire up a more powerful email and get things done faster.

Peter Kriens                              Tel +33467542167
9C, Avenue St. Drézéry                    AOL,Yahoo: pkriens
34160 Beaulieu, France                    ICQ 255570717
Skype pkriens                             Fax +1 8153772599

More information about the osgi-dev mailing list