Search in sources :

Example 1 with PermissionCollection

use of java.security.PermissionCollection in project elasticsearch by elastic.

the class PluginSecurityTests method testParsePermissions.

/** Test that we can parse the set of permissions correctly for a simple policy */
public void testParsePermissions() throws Exception {
    assumeTrue("test cannot run with security manager enabled", System.getSecurityManager() == null);
    Path scratch = createTempDir();
    Path testFile = this.getDataPath("security/simple-plugin-security.policy");
    Permissions expected = new Permissions();
    expected.add(new RuntimePermission("queuePrintJob"));
    PermissionCollection actual = PluginSecurity.parsePermissions(Terminal.DEFAULT, testFile, scratch);
    assertEquals(expected, actual);
}
Also used : Path(java.nio.file.Path) PermissionCollection(java.security.PermissionCollection) Permissions(java.security.Permissions)

Example 2 with PermissionCollection

use of java.security.PermissionCollection in project elasticsearch by elastic.

the class PluginSecurityTests method testFormatUnresolvedPermission.

/** Test that we can format an unresolved permission properly */
public void testFormatUnresolvedPermission() throws Exception {
    assumeTrue("test cannot run with security manager enabled", System.getSecurityManager() == null);
    Path scratch = createTempDir();
    Path testFile = this.getDataPath("security/unresolved-plugin-security.policy");
    PermissionCollection actual = PluginSecurity.parsePermissions(Terminal.DEFAULT, testFile, scratch);
    List<Permission> permissions = Collections.list(actual.elements());
    assertEquals(1, permissions.size());
    assertEquals("org.fake.FakePermission fakeName", PluginSecurity.formatPermission(permissions.get(0)));
}
Also used : Path(java.nio.file.Path) PermissionCollection(java.security.PermissionCollection) Permission(java.security.Permission)

Example 3 with PermissionCollection

use of java.security.PermissionCollection in project elasticsearch by elastic.

the class ESPolicyTests method testRestrictPrivileges.

/** 
     * test restricting privileges to no permissions actually works
     */
public void testRestrictPrivileges() {
    assumeTrue("test requires security manager", System.getSecurityManager() != null);
    try {
        System.getProperty("user.home");
    } catch (SecurityException e) {
        fail("this test needs to be fixed: user.home not available by policy");
    }
    PermissionCollection noPermissions = new Permissions();
    AccessControlContext noPermissionsAcc = new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, noPermissions) });
    try {
        AccessController.doPrivileged(new PrivilegedAction<Void>() {

            public Void run() {
                System.getProperty("user.home");
                fail("access should have been denied");
                return null;
            }
        }, noPermissionsAcc);
    } catch (SecurityException expected) {
    // expected exception
    }
}
Also used : PermissionCollection(java.security.PermissionCollection) ProtectionDomain(java.security.ProtectionDomain) AccessControlContext(java.security.AccessControlContext) Permissions(java.security.Permissions)

Example 4 with PermissionCollection

use of java.security.PermissionCollection in project elasticsearch by elastic.

the class ESPolicyUnitTests method testNullCodeSource.

/**
     * Test policy with null codesource.
     * <p>
     * This can happen when restricting privileges with doPrivileged,
     * even though ProtectionDomain's ctor javadocs might make you think
     * that the policy won't be consulted.
     */
public void testNullCodeSource() throws Exception {
    assumeTrue("test cannot run with security manager", System.getSecurityManager() == null);
    // create a policy with AllPermission
    Permission all = new AllPermission();
    PermissionCollection allCollection = all.newPermissionCollection();
    allCollection.add(all);
    ESPolicy policy = new ESPolicy(allCollection, Collections.emptyMap(), true);
    // restrict ourselves to NoPermission
    PermissionCollection noPermissions = new Permissions();
    assertFalse(policy.implies(new ProtectionDomain(null, noPermissions), new FilePermission("foo", "read")));
}
Also used : PermissionCollection(java.security.PermissionCollection) ProtectionDomain(java.security.ProtectionDomain) Permission(java.security.Permission) FilePermission(java.io.FilePermission) SocketPermission(java.net.SocketPermission) AllPermission(java.security.AllPermission) Permissions(java.security.Permissions) AllPermission(java.security.AllPermission) FilePermission(java.io.FilePermission)

Example 5 with PermissionCollection

use of java.security.PermissionCollection in project elasticsearch by elastic.

the class ESPolicyUnitTests method testNullLocation.

/**
     * test with null location
     * <p>
     * its unclear when/if this happens, see https://bugs.openjdk.java.net/browse/JDK-8129972
     */
public void testNullLocation() throws Exception {
    assumeTrue("test cannot run with security manager", System.getSecurityManager() == null);
    PermissionCollection noPermissions = new Permissions();
    ESPolicy policy = new ESPolicy(noPermissions, Collections.emptyMap(), true);
    assertFalse(policy.implies(new ProtectionDomain(new CodeSource(null, (Certificate[]) null), noPermissions), new FilePermission("foo", "read")));
}
Also used : PermissionCollection(java.security.PermissionCollection) ProtectionDomain(java.security.ProtectionDomain) Permissions(java.security.Permissions) CodeSource(java.security.CodeSource) FilePermission(java.io.FilePermission)

Aggregations

PermissionCollection (java.security.PermissionCollection)107 Permission (java.security.Permission)39 Permissions (java.security.Permissions)29 CodeSource (java.security.CodeSource)25 FilePermission (java.io.FilePermission)20 ProtectionDomain (java.security.ProtectionDomain)19 AllPermission (java.security.AllPermission)16 Policy (java.security.Policy)15 URL (java.net.URL)14 File (java.io.File)10 IOException (java.io.IOException)10 Certificate (java.security.cert.Certificate)8 AccessControlContext (java.security.AccessControlContext)7 PropertyPermission (java.util.PropertyPermission)7 Test (org.junit.Test)7 SocketPermission (java.net.SocketPermission)6 Method (java.lang.reflect.Method)5 Principal (java.security.Principal)5 PrivilegedActionException (java.security.PrivilegedActionException)5 URLClassLoader (java.net.URLClassLoader)4