Examples with Permissions java.security.Permissions used on opensource projects

Search in sources :

Example 1 with Permissions

use of java.security.Permissions in project elasticsearch by elastic.

the class ESPolicyUnitTests method testNullCodeSource.

/**
     * Test policy with null codesource.
     * <p>
     * This can happen when restricting privileges with doPrivileged,
     * even though ProtectionDomain's ctor javadocs might make you think
     * that the policy won't be consulted.
     */
public void testNullCodeSource() throws Exception {
    assumeTrue("test cannot run with security manager", System.getSecurityManager() == null);
    // create a policy with AllPermission
    Permission all = new AllPermission();
    PermissionCollection allCollection = all.newPermissionCollection();
    allCollection.add(all);
    ESPolicy policy = new ESPolicy(allCollection, Collections.emptyMap(), true);
    // restrict ourselves to NoPermission
    PermissionCollection noPermissions = new Permissions();
    assertFalse(policy.implies(new ProtectionDomain(null, noPermissions), new FilePermission("foo", "read")));
}
Also used : PermissionCollection(java.security.PermissionCollection) ProtectionDomain(java.security.ProtectionDomain) Permission(java.security.Permission) FilePermission(java.io.FilePermission) SocketPermission(java.net.SocketPermission) AllPermission(java.security.AllPermission) Permissions(java.security.Permissions) AllPermission(java.security.AllPermission) FilePermission(java.io.FilePermission)

Example 2 with Permissions

use of java.security.Permissions in project elasticsearch by elastic.

the class ESPolicyUnitTests method testNullLocation.

/**
     * test with null location
     * <p>
     * its unclear when/if this happens, see https://bugs.openjdk.java.net/browse/JDK-8129972
     */
public void testNullLocation() throws Exception {
    assumeTrue("test cannot run with security manager", System.getSecurityManager() == null);
    PermissionCollection noPermissions = new Permissions();
    ESPolicy policy = new ESPolicy(noPermissions, Collections.emptyMap(), true);
    assertFalse(policy.implies(new ProtectionDomain(new CodeSource(null, (Certificate[]) null), noPermissions), new FilePermission("foo", "read")));
}
Also used : PermissionCollection(java.security.PermissionCollection) ProtectionDomain(java.security.ProtectionDomain) Permissions(java.security.Permissions) CodeSource(java.security.CodeSource) FilePermission(java.io.FilePermission)

Example 3 with Permissions

use of java.security.Permissions in project elasticsearch by elastic.

the class PluginSecurityTests method testParsePermissions.

/** Test that we can parse the set of permissions correctly for a simple policy */
public void testParsePermissions() throws Exception {
    assumeTrue("test cannot run with security manager enabled", System.getSecurityManager() == null);
    Path scratch = createTempDir();
    Path testFile = this.getDataPath("security/simple-plugin-security.policy");
    Permissions expected = new Permissions();
    expected.add(new RuntimePermission("queuePrintJob"));
    PermissionCollection actual = PluginSecurity.parsePermissions(Terminal.DEFAULT, testFile, scratch);
    assertEquals(expected, actual);
}
Also used : Path(java.nio.file.Path) PermissionCollection(java.security.PermissionCollection) Permissions(java.security.Permissions)

Example 4 with Permissions

use of java.security.Permissions in project elasticsearch by elastic.

the class EvilSecurityTests method testEnvironmentPaths.

/** test generated permissions for all configured paths */
// needs to check settings for deprecated path
@SuppressWarnings("deprecation")
public void testEnvironmentPaths() throws Exception {
    Path path = createTempDir();
    // make a fake ES home and ensure we only grant permissions to that.
    Path esHome = path.resolve("esHome");
    Settings.Builder settingsBuilder = Settings.builder();
    settingsBuilder.put(Environment.PATH_HOME_SETTING.getKey(), esHome.resolve("home").toString());
    settingsBuilder.put(Environment.PATH_CONF_SETTING.getKey(), esHome.resolve("conf").toString());
    settingsBuilder.put(Environment.PATH_SCRIPTS_SETTING.getKey(), esHome.resolve("scripts").toString());
    settingsBuilder.putArray(Environment.PATH_DATA_SETTING.getKey(), esHome.resolve("data1").toString(), esHome.resolve("data2").toString());
    settingsBuilder.put(Environment.PATH_SHARED_DATA_SETTING.getKey(), esHome.resolve("custom").toString());
    settingsBuilder.put(Environment.PATH_LOGS_SETTING.getKey(), esHome.resolve("logs").toString());
    settingsBuilder.put(Environment.PIDFILE_SETTING.getKey(), esHome.resolve("test.pid").toString());
    Settings settings = settingsBuilder.build();
    Path fakeTmpDir = createTempDir();
    String realTmpDir = System.getProperty("java.io.tmpdir");
    Permissions permissions;
    Environment environment;
    try {
        System.setProperty("java.io.tmpdir", fakeTmpDir.toString());
        environment = new Environment(settings);
        permissions = Security.createPermissions(environment);
    } finally {
        System.setProperty("java.io.tmpdir", realTmpDir);
    }
    // the fake es home
    assertNoPermissions(esHome, permissions);
    // its parent
    assertNoPermissions(esHome.getParent(), permissions);
    // some other sibling
    assertNoPermissions(esHome.getParent().resolve("other"), permissions);
    // double check we overwrote java.io.tmpdir correctly for the test
    assertNoPermissions(PathUtils.get(realTmpDir), permissions);
    // check that all directories got permissions:
    // bin file: ro
    assertExactPermissions(new FilePermission(environment.binFile().toString(), "read,readlink"), permissions);
    // lib file: ro
    assertExactPermissions(new FilePermission(environment.libFile().toString(), "read,readlink"), permissions);
    // modules file: ro
    assertExactPermissions(new FilePermission(environment.modulesFile().toString(), "read,readlink"), permissions);
    // config file: ro
    assertExactPermissions(new FilePermission(environment.configFile().toString(), "read,readlink"), permissions);
    // scripts file: ro
    assertExactPermissions(new FilePermission(environment.scriptsFile().toString(), "read,readlink"), permissions);
    // plugins: ro
    assertExactPermissions(new FilePermission(environment.pluginsFile().toString(), "read,readlink"), permissions);
    // data paths: r/w
    for (Path dataPath : environment.dataFiles()) {
        assertExactPermissions(new FilePermission(dataPath.toString(), "read,readlink,write,delete"), permissions);
    }
    for (Path dataPath : environment.dataWithClusterFiles()) {
        assertExactPermissions(new FilePermission(dataPath.toString(), "read,readlink,write,delete"), permissions);
    }
    assertExactPermissions(new FilePermission(environment.sharedDataFile().toString(), "read,readlink,write,delete"), permissions);
    // logs: r/w
    assertExactPermissions(new FilePermission(environment.logsFile().toString(), "read,readlink,write,delete"), permissions);
    // temp dir: r/w
    assertExactPermissions(new FilePermission(fakeTmpDir.toString(), "read,readlink,write,delete"), permissions);
    // PID file: delete only (for the shutdown hook)
    assertExactPermissions(new FilePermission(environment.pidFile().toString(), "delete"), permissions);
}
Also used : Path(java.nio.file.Path) Permissions(java.security.Permissions) Environment(org.elasticsearch.env.Environment) FilePermission(java.io.FilePermission) Settings(org.elasticsearch.common.settings.Settings)

Example 5 with Permissions

use of java.security.Permissions in project elasticsearch by elastic.

the class EvilSecurityTests method testGeneratedPermissions.

/** test generated permissions */
public void testGeneratedPermissions() throws Exception {
    Path path = createTempDir();
    // make a fake ES home and ensure we only grant permissions to that.
    Path esHome = path.resolve("esHome");
    Settings.Builder settingsBuilder = Settings.builder();
    settingsBuilder.put(Environment.PATH_HOME_SETTING.getKey(), esHome.toString());
    Settings settings = settingsBuilder.build();
    Path fakeTmpDir = createTempDir();
    String realTmpDir = System.getProperty("java.io.tmpdir");
    Permissions permissions;
    try {
        System.setProperty("java.io.tmpdir", fakeTmpDir.toString());
        Environment environment = new Environment(settings);
        permissions = Security.createPermissions(environment);
    } finally {
        System.setProperty("java.io.tmpdir", realTmpDir);
    }
    // the fake es home
    assertNoPermissions(esHome, permissions);
    // its parent
    assertNoPermissions(esHome.getParent(), permissions);
    // some other sibling
    assertNoPermissions(esHome.getParent().resolve("other"), permissions);
    // double check we overwrote java.io.tmpdir correctly for the test
    assertNoPermissions(PathUtils.get(realTmpDir), permissions);
}
Also used : Path(java.nio.file.Path) Permissions(java.security.Permissions) Environment(org.elasticsearch.env.Environment) Settings(org.elasticsearch.common.settings.Settings)

Aggregations

Permissions (java.security.Permissions)35 ProtectionDomain (java.security.ProtectionDomain)21 PermissionCollection (java.security.PermissionCollection)16 AccessControlContext (java.security.AccessControlContext)13 Permission (java.security.Permission)11 FilePermission (java.io.FilePermission)10 CodeSource (java.security.CodeSource)10 SocketPermission (java.net.SocketPermission)7 Path (java.nio.file.Path)6 Policy (java.security.Policy)6 AllPermission (java.security.AllPermission)5 Certificate (java.security.cert.Certificate)5 URLClassLoader (java.net.URLClassLoader)4 File (java.io.File)3 IOException (java.io.IOException)3 SecurityPermission (java.security.SecurityPermission)2 UnresolvedPermission (java.security.UnresolvedPermission)2 ArrayList (java.util.ArrayList)2 Settings (org.elasticsearch.common.settings.Settings)2 Environment (org.elasticsearch.env.Environment)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial