Uploaded image for project: 'Felix'
  1. Felix
  2. FELIX-6697

ServiceReference.isAssignableTo() allows any bundle to get access to unexported services from any other bundle

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Critical
    • Resolution: Not A Bug
    • framework-3.0.0, framework-4.0.0, framework-5.0.0, framework-6.0.0, framework-7.0.5
    • None
    • Framework
    • None

    Description

      I was investigating some code that does a call similar to:

      bundleContext.getService(bundleContext.getServiceReference("anyClassYouWant"));

      where anyClassYouWant is indeed a service provided by a different bundle than the caller, but not exported. Therefore, there is no wire in between the two. The requester seems to get the service without any issue. This seems to boil down to this [0] commit, where the thrown exception gets ignored.

       

      [0]  - https://github.com/apache/felix-dev/commit/fd69ad6b9fd510588d858e4e06a31dee1fb59199

      Attachments

        Activity

          People

            Unassigned Unassigned
            radu Radu Cotescu
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: