search

codice / acdebugger

Purpose-built debugger for determining missing OSGi bundle security permissions
Apache License 2.0
7 stars 10 forks source link

AC Debugger not handling missing permission from io.netty.common as an acceptable behavior #41

Closed tyler30clemens closed 6 years ago

tyler30clemens commented 6 years ago

Description

Installing with the development profile and the acdebugger attached returns a missing file permission stack trace with a provided solution. It should return with it as an acceptable error.

NOTE: Steps to reproduce at bottom.


AC Debugger:     java.io.FilePermission "${/}proc${/}sys${/}net${/}core${/}somaxconn", "read"
AC Debugger: Context:
AC Debugger:      bundle-0
AC Debugger:  --> *io.netty.common
AC Debugger: Stack:
AC Debugger:      at bundle-0(java.security.AccessControlContext:472) <instance of java.security.AccessControlContext(id=5651)>
AC Debugger:      at bundle-0(java.security.AccessController:884) <class of java.security.AccessController>
AC Debugger:      at bundle-0(java.lang.SecurityManager:549) <instance of net.sourceforge.prograde.sm.ProGradeJSM(id=5845)>
AC Debugger:      at bundle-0(java.lang.SecurityManager:888) <instance of net.sourceforge.prograde.sm.ProGradeJSM(id=5845)>
AC Debugger:      at bundle-0(java.io.File:814) <instance of java.io.File(id=5847)>
AC Debugger:  --> at *io.netty.common(io.netty.util.NetUtil$1:267) <instance of io.netty.util.NetUtil$1(id=5848)>
AC Debugger:      at *io.netty.common(io.netty.util.NetUtil$1:253) <instance of io.netty.util.NetUtil$1(id=5848)>
AC Debugger:      at bundle-0(java.security.AccessController.doPrivileged(java.security.PrivilegedAction)+-1) <class of java.security.AccessController>
AC Debugger:      at *io.netty.common(io.netty.util.NetUtil:253) <class of io.netty.util.NetUtil>
AC Debugger:     ----------------------------------------------------------
AC Debugger:      at *io.netty.common(io.netty.util.internal.MacAddressUtil:50) <class of io.netty.util.internal.MacAddressUtil>
AC Debugger:      at *io.netty.common(io.netty.util.internal.MacAddressUtil:138) <class of io.netty.util.internal.MacAddressUtil>
AC Debugger:      at *io.netty.transport(io.netty.channel.DefaultChannelId:99) <class of io.netty.channel.DefaultChannelId>
AC Debugger:      at *io.netty.transport(io.netty.channel.AbstractChannel:111) <instance of io.netty.channel.socket.nio.NioSocketChannel(id=5860)>
AC Debugger:      at *io.netty.transport(io.netty.channel.AbstractChannel:83) <instance of io.netty.channel.socket.nio.NioSocketChannel(id=5860)>
AC Debugger:      at *io.netty.transport(io.netty.channel.nio.AbstractNioChannel:84) <instance of io.netty.channel.socket.nio.NioSocketChannel(id=5860)>
AC Debugger:      at *io.netty.transport(io.netty.channel.nio.AbstractNioByteChannel:66) <instance of io.netty.channel.socket.nio.NioSocketChannel(id=5860)>
AC Debugger:      at *io.netty.transport(io.netty.channel.socket.nio.NioSocketChannel:102) <instance of io.netty.channel.socket.nio.NioSocketChannel(id=5860)>
AC Debugger:      at *io.netty.transport(io.netty.channel.socket.nio.NioSocketChannel:92) <instance of io.netty.channel.socket.nio.NioSocketChannel(id=5860)>
AC Debugger:      at *io.netty.transport(io.netty.channel.socket.nio.NioSocketChannel:85) <instance of io.netty.channel.socket.nio.NioSocketChannel(id=5860)>
AC Debugger:      at *io.netty.transport(io.netty.channel.socket.nio.NioSocketChannel:78) <instance of io.netty.channel.socket.nio.NioSocketChannel(id=5860)>
AC Debugger:      at bundle-0(sun.reflect.NativeConstructorAccessorImpl.newInstance0(java.lang.reflect.Constructor, java.lang.Object[])+-1) <class of sun.reflect.NativeConstructorAccessorImpl>
AC Debugger:      at bundle-0(sun.reflect.NativeConstructorAccessorImpl:62) <instance of sun.reflect.NativeConstructorAccessorImpl(id=5862)>
AC Debugger:      at bundle-0(sun.reflect.DelegatingConstructorAccessorImpl:45) <instance of sun.reflect.DelegatingConstructorAccessorImpl(id=5864)>
AC Debugger:      at bundle-0(java.lang.reflect.Constructor:423) <instance of java.lang.reflect.Constructor(id=5866)>
AC Debugger:      at *io.netty.transport(io.netty.channel.ReflectiveChannelFactory:38) <instance of io.netty.channel.ReflectiveChannelFactory(id=5867)>
AC Debugger:      at *io.netty.transport(io.netty.bootstrap.AbstractBootstrap:320) <instance of io.netty.bootstrap.Bootstrap(id=5868)>
AC Debugger:      at *io.netty.transport(io.netty.bootstrap.Bootstrap:163) <instance of io.netty.bootstrap.Bootstrap(id=5868)>
AC Debugger:      at *io.netty.transport(io.netty.bootstrap.Bootstrap:145) <instance of io.netty.bootstrap.Bootstrap(id=5868)>
AC Debugger:      at *org.apache.activemq.artemis-server-osgi(org.apache.activemq.artemis.core.remoting.impl.netty.NettyConnector:726) <instance of org.apache.activemq.artemis.core.remoting.impl.netty.NettyConnector(id=5869)>
AC Debugger:      at *org.apache.activemq.artemis-server-osgi(org.apache.activemq.artemis.core.client.impl.ClientSessionFactoryImpl:1040) <instance of org.apache.activemq.artemis.core.client.impl.ClientSessionFactoryImpl(id=5872)>
AC Debugger:      at *org.apache.activemq.artemis-server-osgi(org.apache.activemq.artemis.core.client.impl.ClientSessionFactoryImpl:1080) <instance of org.apache.activemq.artemis.core.client.impl.ClientSessionFactoryImpl(id=5872)>
AC Debugger:      at *org.apache.activemq.artemis-server-osgi(org.apache.activemq.artemis.core.client.impl.ClientSessionFactoryImpl:1290) <instance of org.apache.activemq.artemis.core.client.impl.ClientSessionFactoryImpl(id=5872)>
AC Debugger:      at *org.apache.activemq.artemis-server-osgi(org.apache.activemq.artemis.core.client.impl.ClientSessionFactoryImpl:895) <instance of org.apache.activemq.artemis.core.client.impl.ClientSessionFactoryImpl(id=5872)>
AC Debugger:      at *org.apache.activemq.artemis-server-osgi(org.apache.activemq.artemis.core.client.impl.ClientSessionFactoryImpl:799) <instance of org.apache.activemq.artemis.core.client.impl.ClientSessionFactoryImpl(id=5872)>
AC Debugger:      at *org.apache.activemq.artemis-server-osgi(org.apache.activemq.artemis.core.client.impl.ClientSessionFactoryImpl:242) <instance of org.apache.activemq.artemis.core.client.impl.ClientSessionFactoryImpl(id=5872)>
AC Debugger:      at *org.apache.activemq.artemis-server-osgi(org.apache.activemq.artemis.core.client.impl.ServerLocatorImpl$StaticConnector$Connector:1813) <instance of org.apache.activemq.artemis.core.client.impl.ServerLocatorImpl$StaticConnector$Connector(id=5873)>
AC Debugger:      at *org.apache.activemq.artemis-server-osgi(org.apache.activemq.artemis.core.client.impl.ServerLocatorImpl$StaticConnector:1682) <instance of org.apache.activemq.artemis.core.client.impl.ServerLocatorImpl$StaticConnector(id=5874)>
AC Debugger:      at *org.apache.activemq.artemis-server-osgi(org.apache.activemq.artemis.core.client.impl.ServerLocatorImpl:626) <instance of org.apache.activemq.artemis.core.client.impl.ServerLocatorImpl(id=5875)>
AC Debugger:      at *org.apache.activemq.artemis-server-osgi(org.apache.activemq.artemis.core.client.impl.ServerLocatorImpl:641) <instance of org.apache.activemq.artemis.core.client.impl.ServerLocatorImpl(id=5875)>
AC Debugger:      at *org.apache.activemq.artemis-server-osgi(org.apache.activemq.artemis.core.server.impl.SharedNothingLiveActivation:332) <instance of org.apache.activemq.artemis.core.server.impl.SharedNothingLiveActivation(id=5876)>
AC Debugger:      at *org.apache.activemq.artemis-server-osgi(org.apache.activemq.artemis.core.server.impl.SharedNothingLiveActivation:100) <instance of org.apache.activemq.artemis.core.server.impl.SharedNothingLiveActivation(id=5876)>
AC Debugger:      at *org.apache.activemq.artemis-server-osgi(org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl:535) <instance of org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl(id=5877)>
AC Debugger:      at *org.apache.activemq.artemis-server-osgi(org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl:474) <instance of org.apache.activemq.artemis.core.server.impl.ActiveMQServerImpl(id=5877)>
AC Debugger:      at *org.apache.activemq.artemis-server-osgi(org.apache.activemq.artemis.osgi.OsgiBroker$ServerTrackerCallBackImpl:252) <instance of org.apache.activemq.artemis.osgi.OsgiBroker$ServerTrackerCallBackImpl(id=5878)>
AC Debugger:      at *org.apache.activemq.artemis-server-osgi(org.apache.activemq.artemis.osgi.ProtocolTracker:107) <instance of org.apache.activemq.artemis.osgi.ProtocolTracker(id=5879)>
AC Debugger:      at *org.apache.activemq.artemis-server-osgi(org.apache.activemq.artemis.osgi.ProtocolTracker:78) <instance of org.apache.activemq.artemis.osgi.ProtocolTracker(id=5879)>
AC Debugger:      at *org.apache.activemq.artemis-server-osgi(org.apache.activemq.artemis.osgi.ProtocolTracker:38) <instance of org.apache.activemq.artemis.osgi.ProtocolTracker(id=5879)>
AC Debugger:      at bundle-0(org.osgi.util.tracker.ServiceTracker$Tracked:941) <instance of org.osgi.util.tracker.ServiceTracker$Tracked(id=5881)>
AC Debugger:      at bundle-0(org.osgi.util.tracker.ServiceTracker$Tracked:870) <instance of org.osgi.util.tracker.ServiceTracker$Tracked(id=5881)>
AC Debugger:      at bundle-0(org.osgi.util.tracker.AbstractTracked:256) <instance of org.osgi.util.tracker.ServiceTracker$Tracked(id=5881)>
AC Debugger:      at bundle-0(org.osgi.util.tracker.AbstractTracked:183) <instance of org.osgi.util.tracker.ServiceTracker$Tracked(id=5881)>
AC Debugger:      at bundle-0(org.osgi.util.tracker.ServiceTracker:318) <instance of org.osgi.util.tracker.ServiceTracker(id=5887)>
AC Debugger:      at bundle-0(org.osgi.util.tracker.ServiceTracker:261) <instance of org.osgi.util.tracker.ServiceTracker(id=5887)>
AC Debugger:      at *org.apache.activemq.artemis-server-osgi(org.apache.activemq.artemis.osgi.OsgiBroker:118) <instance of org.apache.activemq.artemis.osgi.OsgiBroker(id=5888)>
AC Debugger:      at bundle-0(sun.reflect.NativeMethodAccessorImpl.invoke0(java.lang.reflect.Method, java.lang.Object, java.lang.Object[])+-1) <class of sun.reflect.NativeMethodAccessorImpl>
AC Debugger:      at bundle-0(sun.reflect.NativeMethodAccessorImpl:62) <instance of sun.reflect.NativeMethodAccessorImpl(id=5890)>
AC Debugger:      at bundle-0(sun.reflect.DelegatingMethodAccessorImpl:43) <instance of sun.reflect.DelegatingMethodAccessorImpl(id=5892)>
AC Debugger:      at bundle-0(java.lang.reflect.Method:498) <instance of java.lang.reflect.Method(id=5894)>
AC Debugger:      at *org.apache.felix.scr(org.apache.felix.scr.impl.inject.BaseMethod:229) <instance of org.apache.felix.scr.impl.inject.ActivateMethod(id=5896)>
AC Debugger:      at *org.apache.felix.scr(org.apache.felix.scr.impl.inject.BaseMethod:39) <class of org.apache.felix.scr.impl.inject.BaseMethod>
AC Debugger:      at *org.apache.felix.scr(org.apache.felix.scr.impl.inject.BaseMethod$Resolved:650) <instance of org.apache.felix.scr.impl.inject.BaseMethod$Resolved(id=5907)>
AC Debugger:      at *org.apache.felix.scr(org.apache.felix.scr.impl.inject.BaseMethod:506) <instance of org.apache.felix.scr.impl.inject.ActivateMethod(id=5896)>
AC Debugger:      at *org.apache.felix.scr(org.apache.felix.scr.impl.inject.ActivateMethod:307) <instance of org.apache.felix.scr.impl.inject.ActivateMethod(id=5896)>
AC Debugger:      at *org.apache.felix.scr(org.apache.felix.scr.impl.inject.ActivateMethod:299) <instance of org.apache.felix.scr.impl.inject.ActivateMethod(id=5896)>
AC Debugger:      at *org.apache.felix.scr(org.apache.felix.scr.impl.manager.SingleComponentManager:298) <instance of org.apache.felix.scr.impl.manager.SingleComponentManager(id=5909)>
AC Debugger:      at *org.apache.felix.scr(org.apache.felix.scr.impl.manager.SingleComponentManager:109) <instance of org.apache.felix.scr.impl.manager.SingleComponentManager(id=5909)>
AC Debugger:      at *org.apache.felix.scr(org.apache.felix.scr.impl.manager.SingleComponentManager:907) <instance of org.apache.felix.scr.impl.manager.SingleComponentManager(id=5909)>
AC Debugger:      at *org.apache.felix.scr(org.apache.felix.scr.impl.manager.SingleComponentManager:880) <instance of org.apache.felix.scr.impl.manager.SingleComponentManager(id=5909)>
AC Debugger:      at *org.apache.felix.scr(org.apache.felix.scr.impl.manager.AbstractComponentManager:764) <instance of org.apache.felix.scr.impl.manager.SingleComponentManager(id=5909)>
AC Debugger:      at *org.apache.felix.scr(org.apache.felix.scr.impl.manager.AbstractComponentManager:675) <instance of org.apache.felix.scr.impl.manager.SingleComponentManager(id=5909)>
AC Debugger:      at *org.apache.felix.scr(org.apache.felix.scr.impl.manager.AbstractComponentManager:430) <instance of org.apache.felix.scr.impl.manager.SingleComponentManager(id=5909)>
AC Debugger:      at *org.apache.felix.scr(org.apache.felix.scr.impl.manager.ConfigurableComponentHolder:657) <instance of org.apache.felix.scr.impl.ComponentRegistry$DefaultConfigurableComponentHolder(id=5912)>
AC Debugger:      at *org.apache.felix.scr(org.apache.felix.scr.impl.BundleComponentActivator:341) <instance of org.apache.felix.scr.impl.BundleComponentActivator(id=5915)>
AC Debugger:      at *org.apache.felix.scr(org.apache.felix.scr.impl.Activator:387) <instance of org.apache.felix.scr.impl.Activator(id=5917)>
AC Debugger:      at *org.apache.felix.scr(org.apache.felix.scr.impl.Activator:52) <class of org.apache.felix.scr.impl.Activator>
AC Debugger:      at *org.apache.felix.scr(org.apache.felix.scr.impl.Activator$ScrExtension:262) <instance of org.apache.felix.scr.impl.Activator$ScrExtension(id=5919)>
AC Debugger:      at *org.apache.felix.scr(org.apache.felix.scr.impl.AbstractExtender:196) <instance of org.apache.felix.scr.impl.Activator(id=5917)>
AC Debugger:      at *org.apache.felix.scr(org.apache.felix.scr.impl.AbstractExtender:169) <instance of org.apache.felix.scr.impl.Activator(id=5917)>
AC Debugger:      at *org.apache.felix.scr(org.apache.felix.scr.impl.AbstractExtender:49) <instance of org.apache.felix.scr.impl.Activator(id=5917)>
AC Debugger:      at bundle-0(org.osgi.util.tracker.BundleTracker$Tracked:482) <instance of org.osgi.util.tracker.BundleTracker$Tracked(id=5922)>
AC Debugger:      at bundle-0(org.osgi.util.tracker.BundleTracker$Tracked:415) <instance of org.osgi.util.tracker.BundleTracker$Tracked(id=5922)>
AC Debugger:      at bundle-0(org.osgi.util.tracker.AbstractTracked:232) <instance of org.osgi.util.tracker.BundleTracker$Tracked(id=5922)>
AC Debugger:      at bundle-0(org.osgi.util.tracker.BundleTracker$Tracked:444) <instance of org.osgi.util.tracker.BundleTracker$Tracked(id=5922)>
AC Debugger:      at bundle-0(org.eclipse.osgi.internal.framework.BundleContextImpl:908) <instance of org.eclipse.osgi.internal.framework.BundleContextImpl(id=5924)>
AC Debugger:      at bundle-0(org.eclipse.osgi.framework.eventmgr.EventManager:230) <class of org.eclipse.osgi.framework.eventmgr.EventManager>
AC Debugger:      at bundle-0(org.eclipse.osgi.framework.eventmgr.ListenerQueue:148) <instance of org.eclipse.osgi.framework.eventmgr.ListenerQueue(id=5928)>
AC Debugger:      at bundle-0(org.eclipse.osgi.internal.framework.EquinoxEventPublisher:230) <instance of org.eclipse.osgi.internal.framework.EquinoxEventPublisher(id=5930)>
AC Debugger:      at bundle-0(org.eclipse.osgi.internal.framework.EquinoxEventPublisher$1:141) <instance of org.eclipse.osgi.internal.framework.EquinoxEventPublisher$1(id=5932)>
AC Debugger:      at bundle-0(org.eclipse.osgi.internal.framework.EquinoxEventPublisher$1:1) <instance of org.eclipse.osgi.internal.framework.EquinoxEventPublisher$1(id=5932)>
AC Debugger:      at bundle-0(java.security.AccessController.doPrivileged(java.security.PrivilegedAction)+-1) <class of java.security.AccessController>
AC Debugger:      at bundle-0(org.eclipse.osgi.internal.framework.EquinoxEventPublisher:139) <instance of org.eclipse.osgi.internal.framework.EquinoxEventPublisher(id=5930)>
AC Debugger:      at bundle-0(org.eclipse.osgi.internal.framework.EquinoxEventPublisher:129) <instance of org.eclipse.osgi.internal.framework.EquinoxEventPublisher(id=5930)>
AC Debugger:      at bundle-0(org.eclipse.osgi.internal.framework.EquinoxContainerAdaptor:191) <instance of org.eclipse.osgi.internal.framework.EquinoxContainerAdaptor(id=5934)>
AC Debugger:      at bundle-0(org.eclipse.osgi.container.Module:476) <instance of org.eclipse.osgi.internal.framework.EquinoxBundle$EquinoxModule(id=5936)>
AC Debugger:      at bundle-0(org.eclipse.osgi.container.Module:467) <instance of org.eclipse.osgi.internal.framework.EquinoxBundle$EquinoxModule(id=5936)>
AC Debugger:      at bundle-0(org.eclipse.osgi.internal.framework.EquinoxBundle:428) <instance of org.eclipse.osgi.internal.framework.EquinoxBundle(id=5939)>
AC Debugger:      at bundle-0(org.eclipse.osgi.internal.framework.EquinoxBundle:447) <instance of org.eclipse.osgi.internal.framework.EquinoxBundle(id=5939)>
AC Debugger:      at *org.apache.karaf.features.core(org.apache.karaf.features.internal.service.BundleInstallSupportImpl:161) <instance of org.apache.karaf.features.internal.service.BundleInstallSupportImpl(id=5941)>
AC Debugger:      at *org.apache.karaf.features.core(org.apache.karaf.features.internal.service.FeaturesServiceImpl:1116) <instance of org.apache.karaf.features.internal.service.FeaturesServiceImpl(id=5945)>
AC Debugger:      at *org.apache.karaf.features.core(org.apache.karaf.features.internal.service.Deployer:996) <instance of org.apache.karaf.features.internal.service.Deployer(id=5947)>
AC Debugger:      at *org.apache.karaf.features.core(org.apache.karaf.features.internal.service.FeaturesServiceImpl:1025) <instance of org.apache.karaf.features.internal.service.FeaturesServiceImpl(id=5945)>
AC Debugger:      at *org.apache.karaf.features.core(org.apache.karaf.features.internal.service.FeaturesServiceImpl:964) <instance of org.apache.karaf.features.internal.service.FeaturesServiceImpl(id=5945)>
AC Debugger:      at *org.apache.karaf.features.core(org.apache.karaf.features.internal.service.FeaturesServiceImpl$$Lambda$77.2096570339.call()+28) <instance of org.apache.karaf.features.internal.service.FeaturesServiceImpl$$Lambda$77.2096570339(id=5949)>
AC Debugger:      at bundle-0(java.util.concurrent.FutureTask:266) <instance of java.util.concurrent.FutureTask(id=5951)>
AC Debugger:      at bundle-0(java.util.concurrent.ThreadPoolExecutor:1149) <instance of java.util.concurrent.ThreadPoolExecutor(id=5953)>
AC Debugger:      at bundle-0(java.util.concurrent.ThreadPoolExecutor$Worker:624) <instance of java.util.concurrent.ThreadPoolExecutor$Worker(id=5955)>
AC Debugger:      at bundle-0(java.lang.Thread:748) <instance of java.lang.Thread(name='features-2-thread-1', id=4205)>```

The code that attempts to handle this issue is in the io.netty.common bundle denoted here:

`SOMAXCONN = (Integer)AccessController.doPrivileged(new PrivilegedAction<Integer>() {
public Integer run() {
        int somaxconn = PlatformDependent.isWindows() ? 200 : 128;
        File file = new File("/proc/sys/net/core/somaxconn");
        BufferedReader in = null;

        try {
          if (file.exists()) {
            in = new BufferedReader(new FileReader(file));
            somaxconn = Integer.parseInt(in.readLine());
            if (NetUtil.logger.isDebugEnabled()) {
              NetUtil.logger.debug("{}: {}", file, somaxconn);
            }
          } else {
            Integer tmp = null;
            if (SystemPropertyUtil.getBoolean("io.netty.net.somaxconn.trySysctl", false)) {
              tmp = NetUtil.sysctlGetInt("kern.ipc.somaxconn");
              if (tmp == null) {
                tmp = NetUtil.sysctlGetInt("kern.ipc.soacceptqueue");
                if (tmp != null) {
                  somaxconn = tmp;
                }
              } else {
                somaxconn = tmp;
              }
            }

            if (tmp == null) {
              NetUtil.logger.debug("Failed to get SOMAXCONN from sysctl and file {}. Default: {}", file, somaxconn);
            }
          }
        } catch (Exception var13) {
          NetUtil.logger.debug("Failed to get SOMAXCONN from sysctl and file {}. Default: {}", new Object[]{file, somaxconn, var13});
        } finally {
          if (in != null) {
            try {
              in.close();
            } catch (Exception var12) {
              ;
            }
          }

        }

        return somaxconn;
      }`

### Steps to Reproduce

(ONLY DO THIS STEP IF https://codice.atlassian.net/browse/DDF-4157 is not merged yet to get other missing permissions to focus solely on this issue.)
1. Add these permissions to ddf default.policy file
`grant codeBase "file:/opendj-embedded-server/org.apache.aries.blueprint.core" {
    permission java.lang.RuntimePermission "createClassLoader";
    permission java.io.FilePermission "${ddf.home.perm}etc${/}org.codice.opendj", "read, write";
    permission java.io.FilePermission "${ddf.home.perm}etc${/}org.codice.opendj${/}-", "read, write";
    permission java.io.FilePermission "${ddf.home.perm}etc${/}keystores${/}serverKeystore.jks", "read";
    permission java.io.FilePermission "${ddf.home.perm}etc${/}keystores${/}serverTruststore.jks", "read";
}

grant codeBase "file:/geowebcache-server-standalone/org.eclipse.jetty.server/org.eclipse.jetty.servlet/org.eclipse.jetty.util/org.ops4j.pax.web.pax-web-extender-war/org.ops4j.pax.web.pax-web-jetty/org.ops4j.pax.web.pax-web-runtime/javax.servlet-api/org.ops4j.pax.web.pax-web-spi" {
    permission java.lang.RuntimePermission "createClassLoader";
    permission java.io.FilePermission "${ddf.home.perm}etc", "read, write";
    permission java.io.FilePermission "${ddf.home.perm}etc${/}geowebcache.xml", "read, write";
}`  

2. Install DDF with the development profile with acdebugger attached