Examples with FilePermission java.io.FilePermission used on opensource projects

Example 66 with FilePermission

use of java.io.FilePermission in project elasticsearch by elastic.

the class EvilSecurityTests method testSymlinkPermissions.

/** When a configured dir is a symlink, test that permissions work on link target */
public void testSymlinkPermissions() throws IOException {
    // see https://github.com/elastic/elasticsearch/issues/12170
    assumeFalse("windows does not automatically grant permission to the target of symlinks", Constants.WINDOWS);
    Path dir = createTempDir();
    Path target = dir.resolve("target");
    Files.createDirectory(target);
    // symlink
    Path link = dir.resolve("link");
    try {
        Files.createSymbolicLink(link, target);
    } catch (UnsupportedOperationException | IOException e) {
        assumeNoException("test requires filesystem that supports symbolic links", e);
    } catch (SecurityException e) {
        assumeNoException("test cannot create symbolic links with security manager enabled", e);
    }
    Permissions permissions = new Permissions();
    Security.addPath(permissions, "testing", link, "read");
    assertExactPermissions(new FilePermission(link.toString(), "read"), permissions);
    assertExactPermissions(new FilePermission(link.resolve("foo").toString(), "read"), permissions);
    assertExactPermissions(new FilePermission(target.toString(), "read"), permissions);
    assertExactPermissions(new FilePermission(target.resolve("foo").toString(), "read"), permissions);
}

Example 67 with FilePermission

use of java.io.FilePermission in project elasticsearch by elastic.

the class TikaImpl method getRestrictedPermissions.

// compute some minimal permissions for parsers. they only get r/w access to the java temp directory,
// the ability to load some resources from JARs, and read sysprops
static PermissionCollection getRestrictedPermissions() {
    Permissions perms = new Permissions();
    // property/env access needed for parsing
    perms.add(new PropertyPermission("*", "read"));
    perms.add(new RuntimePermission("getenv.TIKA_CONFIG"));
    // add permissions for resource access:
    // classpath
    addReadPermissions(perms, JarHell.parseClassPath());
    // plugin jars
    if (TikaImpl.class.getClassLoader() instanceof URLClassLoader) {
        addReadPermissions(perms, ((URLClassLoader) TikaImpl.class.getClassLoader()).getURLs());
    }
    // jvm's java.io.tmpdir (needs read/write)
    perms.add(new FilePermission(System.getProperty("java.io.tmpdir") + System.getProperty("file.separator") + "-", "read,readlink,write,delete"));
    // current hacks needed for POI/PDFbox issues:
    perms.add(new SecurityPermission("putProviderProperty.BC"));
    perms.add(new SecurityPermission("insertProvider"));
    perms.add(new ReflectPermission("suppressAccessChecks"));
    // xmlbeans, use by POI, needs to get the context classloader
    perms.add(new RuntimePermission("getClassLoader"));
    perms.setReadOnly();
    return perms;
}

Example 68 with FilePermission

use of java.io.FilePermission in project elasticsearch by elastic.

the class TikaImpl method addReadPermissions.

// add resources to (what is typically) a jar, but might not be (e.g. in tests/IDE)
@SuppressForbidden(reason = "adds access to jar resources")
static void addReadPermissions(Permissions perms, URL[] resources) {
    try {
        for (URL url : resources) {
            Path path = PathUtils.get(url.toURI());
            // resource itself
            perms.add(new FilePermission(path.toString(), "read,readlink"));
            // classes underneath
            perms.add(new FilePermission(path.toString() + System.getProperty("file.separator") + "-", "read,readlink"));
        }
    } catch (URISyntaxException bogus) {
        throw new RuntimeException(bogus);
    }
}

Example 69 with FilePermission

use of java.io.FilePermission in project j2objc by google.

the class FileURLConnection method getPermission.

/**
     * Returns the permission, in this case the subclass, FilePermission object
     * which represents the permission necessary for this URLConnection to
     * establish the connection.
     *
     * @return the permission required for this URLConnection.
     *
     * @throws IOException
     *             if an IO exception occurs while creating the permission.
     */
@Override
public java.security.Permission getPermission() throws IOException {
    if (permission == null) {
        String path = filename;
        if (File.separatorChar != '/') {
            path = path.replace('/', File.separatorChar);
        }
        permission = new FilePermission(path, "read");
    }
    return permission;
}

Example 70 with FilePermission

use of java.io.FilePermission in project robovm by robovm.

the class FileURLConnection method getPermission.

/**
     * Returns the permission, in this case the subclass, FilePermission object
     * which represents the permission necessary for this URLConnection to
     * establish the connection.
     *
     * @return the permission required for this URLConnection.
     *
     * @throws IOException
     *             if an IO exception occurs while creating the permission.
     */
@Override
public java.security.Permission getPermission() throws IOException {
    if (permission == null) {
        String path = filename;
        if (File.separatorChar != '/') {
            path = path.replace('/', File.separatorChar);
        }
        permission = new FilePermission(path, "read");
    }
    return permission;
}