Search in sources :

Example 1 with ModuleSecurityManager

use of org.terasology.gestalt.module.sandbox.ModuleSecurityManager in project Terasology by MovingBlocks.

the class ModuleManager method setupSandbox.

private void setupSandbox() {
    PermissionSet permissionSet = permissionProviderFactory.getBasePermissionSet();
    ExternalApiWhitelist.CLASSES.forEach(permissionSet::addAPIClass);
    ExternalApiWhitelist.PACKAGES.forEach(permissionSet::addAPIPackage);
    APIScanner apiScanner = new APIScanner(permissionProviderFactory);
    registry.stream().map(Module::getModuleManifest).forEach(apiScanner::scan);
    permissionSet.grantPermission("com.google.gson", ReflectPermission.class);
    permissionSet.grantPermission("com.google.gson.internal", ReflectPermission.class);
    // noinspection ConstantConditions - this reference is to help find this if this method gets separated from the reactor dependency
    if (reactor.core.scheduler.Scheduler.class != null) {
        // lgtm [java/useless-null-check]
        // In theory, PropertyPermission has wildcard matching and "reactor.*" should be sufficient to grant read access to all
        // reactor configuration properties.
        permissionSet.grantPermission(new PropertyPermission("reactor.*", "read"));
        // In practice, the permission checks fail unless these are each named explicitly.
        permissionSet.grantPermission(new PropertyPermission("reactor.bufferSize.x", "read"));
        permissionSet.grantPermission(new PropertyPermission("reactor.bufferSize.small", "read"));
        permissionSet.grantPermission(new PropertyPermission("reactor.trace.operatorStacktrace", "read"));
        permissionSet.grantPermission(new PropertyPermission("reactor.schedulers.defaultPoolSize", "read"));
        permissionSet.grantPermission(new PropertyPermission("reactor.schedulers.defaultBoundedElasticSize", "read"));
        permissionSet.grantPermission(new PropertyPermission("reactor.schedulers.defaultBoundedElasticQueueSize", "read"));
    }
    Policy.setPolicy(new ModuleSecurityPolicy());
    System.setSecurityManager(new ModuleSecurityManager());
}
Also used : ModuleSecurityPolicy(org.terasology.gestalt.module.sandbox.ModuleSecurityPolicy) PermissionSet(org.terasology.gestalt.module.sandbox.PermissionSet) PropertyPermission(java.util.PropertyPermission) ModuleSecurityManager(org.terasology.gestalt.module.sandbox.ModuleSecurityManager) APIScanner(org.terasology.gestalt.module.sandbox.APIScanner)

Aggregations

PropertyPermission (java.util.PropertyPermission)1 APIScanner (org.terasology.gestalt.module.sandbox.APIScanner)1 ModuleSecurityManager (org.terasology.gestalt.module.sandbox.ModuleSecurityManager)1 ModuleSecurityPolicy (org.terasology.gestalt.module.sandbox.ModuleSecurityPolicy)1 PermissionSet (org.terasology.gestalt.module.sandbox.PermissionSet)1