This is a complete re-write of the AC Debugger which adds continuous mode support which allows the attached VM to continue running as if no security failures had occurred.
This new version will automatically analyze all possible solutions to a given failure and report all solutions that might include a mixture of permissions granting and doPrivileged() blocks. It also provides an option to ignore doPrivileged() blocks which can be useful for admin or when debugging in production where modifying the code is not an possible. There is also an option to automatically grant missing permissions which allows the system to no longer fail (until the next restart). Finally, it can now also monitor Eclipse's service registry for service events notifications because of missing service permissions.
There is also 2 bundles that are built in order to be included in an OSGi product to allow a more optimal and a more stable experience.
✏️ (Pencil) This comment is a nitpick or style suggestion, no action required for approval. This comment should provide a suggestion either as an in line code snippet or a gist.
❓ (Question Mark) This comment is to gain a clearer understanding of design or code choices, clarification is required but action may not be necessary for approval.
❗ (Exclamation Mark) This comment is critical and requires clarification or action before approval.
What does this PR do?
This is a complete re-write of the AC Debugger which adds continuous mode support which allows the attached VM to continue running as if no security failures had occurred.
This new version will automatically analyze all possible solutions to a given failure and report all solutions that might include a mixture of permissions granting and
doPrivileged()
blocks. It also provides an option to ignoredoPrivileged()
blocks which can be useful for admin or when debugging in production where modifying the code is not an possible. There is also an option to automatically grant missing permissions which allows the system to no longer fail (until the next restart). Finally, it can now also monitor Eclipse's service registry for service events notifications because of missing service permissions.There is also 2 bundles that are built in order to be included in an OSGi product to allow a more optimal and a more stable experience.
Who is reviewing it?
@coyotesqrl @stustison @tyler30clemens @figliold
Select relevant component teams:
https://github.com/orgs/codice/teams/security
Review Comment Legend: