Example 6 with FilePermission
use of java.io.FilePermission in project elasticsearch by elastic.
the class Security method addFilePermissions.
/**
* Adds access to all configurable paths.
*/
static void addFilePermissions(Permissions policy, Environment environment) {
// read-only dirs
addPath(policy, Environment.PATH_HOME_SETTING.getKey(), environment.binFile(), "read,readlink");
addPath(policy, Environment.PATH_HOME_SETTING.getKey(), environment.libFile(), "read,readlink");
addPath(policy, Environment.PATH_HOME_SETTING.getKey(), environment.modulesFile(), "read,readlink");
addPath(policy, Environment.PATH_HOME_SETTING.getKey(), environment.pluginsFile(), "read,readlink");
addPath(policy, Environment.PATH_CONF_SETTING.getKey(), environment.configFile(), "read,readlink");
addPath(policy, Environment.PATH_SCRIPTS_SETTING.getKey(), environment.scriptsFile(), "read,readlink");
// read-write dirs
addPath(policy, "java.io.tmpdir", environment.tmpFile(), "read,readlink,write,delete");
addPath(policy, Environment.PATH_LOGS_SETTING.getKey(), environment.logsFile(), "read,readlink,write,delete");
if (environment.sharedDataFile() != null) {
addPath(policy, Environment.PATH_SHARED_DATA_SETTING.getKey(), environment.sharedDataFile(), "read,readlink,write,delete");
}
for (Path path : environment.dataFiles()) {
addPath(policy, Environment.PATH_DATA_SETTING.getKey(), path, "read,readlink,write,delete");
}
for (Path path : environment.repoFiles()) {
addPath(policy, Environment.PATH_REPO_SETTING.getKey(), path, "read,readlink,write,delete");
}
if (environment.pidFile() != null) {
// we just need permission to remove the file if its elsewhere.
policy.add(new FilePermission(environment.pidFile().toString(), "delete"));
}
}
Also used :
Path(java.nio.file.Path)
FilePermission(java.io.FilePermission)
Example 7 with FilePermission
use of java.io.FilePermission in project elasticsearch by elastic.
the class Security method addClasspathPermissions.
/** Adds access to classpath jars/classes for jar hell scan, etc */
@SuppressForbidden(reason = "accesses fully qualified URLs to configure security")
static void addClasspathPermissions(Permissions policy) throws IOException {
// really it should be covered by lib/, but there could be e.g. agents or similar configured)
for (URL url : JarHell.parseClassPath()) {
Path path;
try {
path = PathUtils.get(url.toURI());
} catch (URISyntaxException e) {
throw new RuntimeException(e);
}
// resource itself
policy.add(new FilePermission(path.toString(), "read,readlink"));
// classes underneath
if (Files.isDirectory(path)) {
policy.add(new FilePermission(path.toString() + path.getFileSystem().getSeparator() + "-", "read,readlink"));
}
}
}
Also used :
Path(java.nio.file.Path)
URISyntaxException(java.net.URISyntaxException)
FilePermission(java.io.FilePermission)
URL(java.net.URL)
SuppressForbidden(org.elasticsearch.common.SuppressForbidden)
Example 8 with FilePermission
use of java.io.FilePermission in project guava by google.
the class ClassPathTest method doTestExistsThrowsSecurityException.
private void doTestExistsThrowsSecurityException() throws IOException, URISyntaxException {
URLClassLoader myLoader = (URLClassLoader) getClass().getClassLoader();
URL[] urls = myLoader.getURLs();
ImmutableList.Builder<File> filesBuilder = ImmutableList.builder();
for (URL url : urls) {
if (url.getProtocol().equalsIgnoreCase("file")) {
filesBuilder.add(new File(url.toURI()));
}
}
ImmutableList<File> files = filesBuilder.build();
assertThat(files).isNotEmpty();
SecurityManager disallowFilesSecurityManager = new SecurityManager() {
@Override
public void checkPermission(Permission p) {
if (p instanceof FilePermission) {
throw new SecurityException("Disallowed: " + p);
}
}
};
System.setSecurityManager(disallowFilesSecurityManager);
try {
files.get(0).exists();
fail("Did not get expected SecurityException");
} catch (SecurityException expected) {
}
ClassPath classPath = ClassPath.from(myLoader);
assertThat(classPath.getResources()).isEmpty();
}
Also used :
ImmutableList(com.google.common.collect.ImmutableList)
URLClassLoader(java.net.URLClassLoader)
FilePermission(java.io.FilePermission)
Permission(java.security.Permission)
JarFile(java.util.jar.JarFile)
Files.createFile(java.nio.file.Files.createFile)
File(java.io.File)
FilePermission(java.io.FilePermission)
URL(java.net.URL)
Example 9 with FilePermission
use of java.io.FilePermission in project XobotOS by xamarin.
the class URLClassLoader method getPermissions.
/**
* Gets all permissions for the specified {@code codesource}. First, this
* method retrieves the permissions from the system policy. If the protocol
* is "file:/" then a new permission, {@code FilePermission}, granting the
* read permission to the file is added to the permission collection.
* Otherwise, connecting to and accepting connections from the URL is
* granted.
*
* @param codesource
* the code source object whose permissions have to be known.
* @return the list of permissions according to the code source object.
*/
@Override
protected PermissionCollection getPermissions(final CodeSource codesource) {
PermissionCollection pc = super.getPermissions(codesource);
URL u = codesource.getLocation();
if (u.getProtocol().equals("jar")) {
try {
// Create a URL for the resource the jar refers to
u = ((JarURLConnection) u.openConnection()).getJarFileURL();
} catch (IOException e) {
// This should never occur. If it does continue using the jar
// URL
}
}
if (u.getProtocol().equals("file")) {
String path = u.getFile();
String host = u.getHost();
if (host != null && host.length() > 0) {
path = "//" + host + path;
}
if (File.separatorChar != '/') {
path = path.replace('/', File.separatorChar);
}
if (isDirectory(u)) {
pc.add(new FilePermission(path + "-", "read"));
} else {
pc.add(new FilePermission(path, "read"));
}
} else {
String host = u.getHost();
if (host.length() == 0) {
host = "localhost";
}
pc.add(new SocketPermission(host, "connect, accept"));
}
return pc;
}
Also used :
PermissionCollection(java.security.PermissionCollection)
IOException(java.io.IOException)
FilePermission(java.io.FilePermission)
Example 10 with FilePermission
use of java.io.FilePermission in project XobotOS by xamarin.
the class FileURLConnection method getPermission.
/**
* Returns the permission, in this case the subclass, FilePermission object
* which represents the permission necessary for this URLConnection to
* establish the connection.
*
* @return the permission required for this URLConnection.
*
* @throws IOException
* if an IO exception occurs while creating the permission.
*/
@Override
public java.security.Permission getPermission() throws IOException {
if (permission == null) {
String path = fileName;
if (File.separatorChar != '/') {
path = path.replace('/', File.separatorChar);
}
permission = new FilePermission(path, "read");
}
return permission;
}
Also used :
FilePermission(java.io.FilePermission)
Aggregations
FilePermission (java.io.FilePermission)57
IOException (java.io.IOException)16
File (java.io.File)14
URL (java.net.URL)13
PermissionCollection (java.security.PermissionCollection)11
SocketPermission (java.net.SocketPermission)9
Permission (java.security.Permission)9
Permissions (java.security.Permissions)9
Test (org.junit.Test)9
CodeSource (java.security.CodeSource)7
PropertyPermission (java.util.PropertyPermission)7
Path (java.nio.file.Path)6
Deployment (org.jboss.arquillian.container.test.api.Deployment)6
Policy (java.security.Policy)5
URLClassLoader (java.net.URLClassLoader)4
ProtectionDomain (java.security.ProtectionDomain)4
Properties (java.util.Properties)4
WebArchive (org.jboss.shrinkwrap.api.spec.WebArchive)4
FileInputStream (java.io.FileInputStream)3
ReflectPermission (java.lang.reflect.ReflectPermission)3
