use of java.security.PermissionCollection in project elasticsearch by elastic.
the class PluginSecurityTests method testParsePermissions.
/** Test that we can parse the set of permissions correctly for a simple policy */
public void testParsePermissions() throws Exception {
assumeTrue("test cannot run with security manager enabled", System.getSecurityManager() == null);
Path scratch = createTempDir();
Path testFile = this.getDataPath("security/simple-plugin-security.policy");
Permissions expected = new Permissions();
expected.add(new RuntimePermission("queuePrintJob"));
PermissionCollection actual = PluginSecurity.parsePermissions(Terminal.DEFAULT, testFile, scratch);
assertEquals(expected, actual);
}
use of java.security.PermissionCollection in project elasticsearch by elastic.
the class PluginSecurityTests method testFormatUnresolvedPermission.
/** Test that we can format an unresolved permission properly */
public void testFormatUnresolvedPermission() throws Exception {
assumeTrue("test cannot run with security manager enabled", System.getSecurityManager() == null);
Path scratch = createTempDir();
Path testFile = this.getDataPath("security/unresolved-plugin-security.policy");
PermissionCollection actual = PluginSecurity.parsePermissions(Terminal.DEFAULT, testFile, scratch);
List<Permission> permissions = Collections.list(actual.elements());
assertEquals(1, permissions.size());
assertEquals("org.fake.FakePermission fakeName", PluginSecurity.formatPermission(permissions.get(0)));
}
use of java.security.PermissionCollection in project elasticsearch by elastic.
the class ESPolicyTests method testRestrictPrivileges.
/**
* test restricting privileges to no permissions actually works
*/
public void testRestrictPrivileges() {
assumeTrue("test requires security manager", System.getSecurityManager() != null);
try {
System.getProperty("user.home");
} catch (SecurityException e) {
fail("this test needs to be fixed: user.home not available by policy");
}
PermissionCollection noPermissions = new Permissions();
AccessControlContext noPermissionsAcc = new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, noPermissions) });
try {
AccessController.doPrivileged(new PrivilegedAction<Void>() {
public Void run() {
System.getProperty("user.home");
fail("access should have been denied");
return null;
}
}, noPermissionsAcc);
} catch (SecurityException expected) {
// expected exception
}
}
use of java.security.PermissionCollection in project elasticsearch by elastic.
the class ESPolicyUnitTests method testNullCodeSource.
/**
* Test policy with null codesource.
* <p>
* This can happen when restricting privileges with doPrivileged,
* even though ProtectionDomain's ctor javadocs might make you think
* that the policy won't be consulted.
*/
public void testNullCodeSource() throws Exception {
assumeTrue("test cannot run with security manager", System.getSecurityManager() == null);
// create a policy with AllPermission
Permission all = new AllPermission();
PermissionCollection allCollection = all.newPermissionCollection();
allCollection.add(all);
ESPolicy policy = new ESPolicy(allCollection, Collections.emptyMap(), true);
// restrict ourselves to NoPermission
PermissionCollection noPermissions = new Permissions();
assertFalse(policy.implies(new ProtectionDomain(null, noPermissions), new FilePermission("foo", "read")));
}
use of java.security.PermissionCollection in project elasticsearch by elastic.
the class ESPolicyUnitTests method testNullLocation.
/**
* test with null location
* <p>
* its unclear when/if this happens, see https://bugs.openjdk.java.net/browse/JDK-8129972
*/
public void testNullLocation() throws Exception {
assumeTrue("test cannot run with security manager", System.getSecurityManager() == null);
PermissionCollection noPermissions = new Permissions();
ESPolicy policy = new ESPolicy(noPermissions, Collections.emptyMap(), true);
assertFalse(policy.implies(new ProtectionDomain(new CodeSource(null, (Certificate[]) null), noPermissions), new FilePermission("foo", "read")));
}
Aggregations