Example 26 with FilePermission
use of java.io.FilePermission in project elasticsearch by elastic.
the class ESPolicy method implies.
@Override
@SuppressForbidden(reason = "fast equals check is desired")
public boolean implies(ProtectionDomain domain, Permission permission) {
CodeSource codeSource = domain.getCodeSource();
// codesource can be null when reducing privileges via doPrivileged()
if (codeSource == null) {
return false;
}
URL location = codeSource.getLocation();
// https://bugs.openjdk.java.net/browse/JDK-8129972
if (location != null) {
// run scripts with limited permissions
if (BootstrapInfo.UNTRUSTED_CODEBASE.equals(location.getFile())) {
return untrusted.implies(domain, permission);
}
// check for an additional plugin permission: plugin policy is
// only consulted for its codesources.
Policy plugin = plugins.get(location.getFile());
if (plugin != null && plugin.implies(domain, permission)) {
return true;
}
}
// yeah right, REMOVE THIS when hadoop is fixed
if (permission instanceof FilePermission && "<<ALL FILES>>".equals(permission.getName())) {
for (StackTraceElement element : Thread.currentThread().getStackTrace()) {
if ("org.apache.hadoop.util.Shell".equals(element.getClassName()) && "runCommand".equals(element.getMethodName())) {
// we found the horrible method: the hack begins!
// force the hadoop code to back down, by throwing an exception that it catches.
rethrow(new IOException("no hadoop, you cannot do this."));
}
}
}
// otherwise defer to template + dynamic file permissions
return template.implies(domain, permission) || dynamic.implies(permission) || system.implies(domain, permission);
}
Also used :
Policy(java.security.Policy)
IOException(java.io.IOException)
CodeSource(java.security.CodeSource)
FilePermission(java.io.FilePermission)
URL(java.net.URL)
SuppressForbidden(org.elasticsearch.common.SuppressForbidden)
Example 27 with FilePermission
use of java.io.FilePermission in project elasticsearch by elastic.
the class Security method addPath.
/**
* Add access to path (and all files underneath it)
* @param policy current policy to add permissions to
* @param configurationName the configuration name associated with the path (for error messages only)
* @param path the path itself
* @param permissions set of file permissions to grant to the path
*/
static void addPath(Permissions policy, String configurationName, Path path, String permissions) {
// paths may not exist yet, this also checks accessibility
try {
ensureDirectoryExists(path);
} catch (IOException e) {
throw new IllegalStateException("Unable to access '" + configurationName + "' (" + path + ")", e);
}
// add each path twice: once for itself, again for files underneath it
policy.add(new FilePermission(path.toString(), permissions));
policy.add(new FilePermission(path.toString() + path.getFileSystem().getSeparator() + "-", permissions));
}
Also used :
IOException(java.io.IOException)
FilePermission(java.io.FilePermission)
Example 28 with FilePermission
use of java.io.FilePermission in project elasticsearch by elastic.
the class TikaImpl method getRestrictedPermissions.
// compute some minimal permissions for parsers. they only get r/w access to the java temp directory,
// the ability to load some resources from JARs, and read sysprops
static PermissionCollection getRestrictedPermissions() {
Permissions perms = new Permissions();
// property/env access needed for parsing
perms.add(new PropertyPermission("*", "read"));
perms.add(new RuntimePermission("getenv.TIKA_CONFIG"));
// add permissions for resource access:
// classpath
addReadPermissions(perms, JarHell.parseClassPath());
// plugin jars
if (TikaImpl.class.getClassLoader() instanceof URLClassLoader) {
addReadPermissions(perms, ((URLClassLoader) TikaImpl.class.getClassLoader()).getURLs());
}
// jvm's java.io.tmpdir (needs read/write)
perms.add(new FilePermission(System.getProperty("java.io.tmpdir") + System.getProperty("file.separator") + "-", "read,readlink,write,delete"));
// current hacks needed for POI/PDFbox issues:
perms.add(new SecurityPermission("putProviderProperty.BC"));
perms.add(new SecurityPermission("insertProvider"));
perms.add(new ReflectPermission("suppressAccessChecks"));
// xmlbeans, use by POI, needs to get the context classloader
perms.add(new RuntimePermission("getClassLoader"));
perms.setReadOnly();
return perms;
}
Also used :
PropertyPermission(java.util.PropertyPermission)
URLClassLoader(java.net.URLClassLoader)
Permissions(java.security.Permissions)
ReflectPermission(java.lang.reflect.ReflectPermission)
FilePermission(java.io.FilePermission)
SecurityPermission(java.security.SecurityPermission)
Example 29 with FilePermission
use of java.io.FilePermission in project elasticsearch by elastic.
the class TikaImpl method addReadPermissions.
// add resources to (what is typically) a jar, but might not be (e.g. in tests/IDE)
@SuppressForbidden(reason = "adds access to jar resources")
static void addReadPermissions(Permissions perms, URL[] resources) {
try {
for (URL url : resources) {
Path path = PathUtils.get(url.toURI());
// resource itself
perms.add(new FilePermission(path.toString(), "read,readlink"));
// classes underneath
perms.add(new FilePermission(path.toString() + System.getProperty("file.separator") + "-", "read,readlink"));
}
} catch (URISyntaxException bogus) {
throw new RuntimeException(bogus);
}
}
Also used :
Path(java.nio.file.Path)
URISyntaxException(java.net.URISyntaxException)
FilePermission(java.io.FilePermission)
URL(java.net.URL)
SuppressForbidden(org.elasticsearch.common.SuppressForbidden)
Example 30 with FilePermission
use of java.io.FilePermission in project elasticsearch by elastic.
the class EvilSecurityTests method testSymlinkPermissions.
/** When a configured dir is a symlink, test that permissions work on link target */
public void testSymlinkPermissions() throws IOException {
// see https://github.com/elastic/elasticsearch/issues/12170
assumeFalse("windows does not automatically grant permission to the target of symlinks", Constants.WINDOWS);
Path dir = createTempDir();
Path target = dir.resolve("target");
Files.createDirectory(target);
// symlink
Path link = dir.resolve("link");
try {
Files.createSymbolicLink(link, target);
} catch (UnsupportedOperationException | IOException e) {
assumeNoException("test requires filesystem that supports symbolic links", e);
} catch (SecurityException e) {
assumeNoException("test cannot create symbolic links with security manager enabled", e);
}
Permissions permissions = new Permissions();
Security.addPath(permissions, "testing", link, "read");
assertExactPermissions(new FilePermission(link.toString(), "read"), permissions);
assertExactPermissions(new FilePermission(link.resolve("foo").toString(), "read"), permissions);
assertExactPermissions(new FilePermission(target.toString(), "read"), permissions);
assertExactPermissions(new FilePermission(target.resolve("foo").toString(), "read"), permissions);
}
Also used :
Path(java.nio.file.Path)
Permissions(java.security.Permissions)
IOException(java.io.IOException)
FilePermission(java.io.FilePermission)
Aggregations
FilePermission (java.io.FilePermission)57
IOException (java.io.IOException)16
File (java.io.File)14
URL (java.net.URL)13
PermissionCollection (java.security.PermissionCollection)11
SocketPermission (java.net.SocketPermission)9
Permission (java.security.Permission)9
Permissions (java.security.Permissions)9
Test (org.junit.Test)9
CodeSource (java.security.CodeSource)7
PropertyPermission (java.util.PropertyPermission)7
Path (java.nio.file.Path)6
Deployment (org.jboss.arquillian.container.test.api.Deployment)6
Policy (java.security.Policy)5
URLClassLoader (java.net.URLClassLoader)4
ProtectionDomain (java.security.ProtectionDomain)4
Properties (java.util.Properties)4
WebArchive (org.jboss.shrinkwrap.api.spec.WebArchive)4
FileInputStream (java.io.FileInputStream)3
ReflectPermission (java.lang.reflect.ReflectPermission)3
