The Permission Admin service allows management agents to manage the
permissions of bundles. There is at most one Permission Admin service present
in the OSGi environment.
Access to the Permission Admin service is protected by corresponding
ServicePermission. In addition
AdminPermission is required to
actually set permissions.
Bundle permissions are managed using a permission table. A bundle's location
serves as the key into this permission table. The value of a table entry is
the set of permissions (of type
PermissionInfo) granted to the bundle
named by the given location. A bundle may have an entry in the permission
table prior to being installed in the Framework.
The permissions specified in
setDefaultPermissions are used as the
default permissions which are granted to all bundles that do not have an
entry in the permission table.
Any changes to a bundle's permissions in the permission table will take
effect no later than when bundle's
java.security.ProtectionDomain is
next involved in a permission check, and will be made persistent.
Only permission classes on the system classpath or from an exported package
are considered during a permission check. Additionally, only permission
classes that are subclasses of
java.security.Permission and define a
2-argument constructor that takes a name string and an actions
string can be used.
Permissions implicitly granted by the Framework (for example, a bundle's
permission to access its persistent storage area) cannot be changed, and are
not reflected in the permissions returned by
getPermissions and
getDefaultPermissions.