public void testReadPermission() throws SAXException, IOException, ParserConfigurationException {
final InputStream inputStream = this.getClass().getResourceAsStream("policy-def-test.xml");
final FilePermissionStore permStore = new FilePermissionStore(inputStream);
final Permissions perms = permStore.loadPermissions(new SimplePrincipal("christian"));
assertTrue(perms != null);
final Enumeration<Permission> enumPerms = perms.elements();
Permission p;
int count = 0;
while (enumPerms.hasMoreElements()) {
p = enumPerms.nextElement();
count++;
if (p instanceof FilePermission) {
final FilePermission fp = (FilePermission) p;
assertEquals("*.tmp", fp.getName());
assertTrue(fp.getActions().equals("read"));
} else {
if (p instanceof TestcasePermission) {
final TestcasePermission tcp = (TestcasePermission) p;
assertEquals("testPerm", tcp.getName());
} else {
assertTrue("unknown permission " + p, false);
}
}
}
assertTrue(count == 2);
}
static void addBindPermissions(Permissions policy, Settings settings) throws IOException {
// http is simple
String httpRange = HttpTransportSettings.SETTING_HTTP_PORT.get(settings).getPortRangeString();
// listen is always called with 'localhost' but use wildcard to be sure, no name service is
// consulted.
// see SocketPermission implies() code
policy.add(new SocketPermission("*:" + httpRange, "listen,resolve"));
// transport is waaaay overengineered
Map<String, Settings> profiles =
TransportSettings.TRANSPORT_PROFILES_SETTING.get(settings).getAsGroups();
if (!profiles.containsKey(TransportSettings.DEFAULT_PROFILE)) {
profiles = new HashMap<>(profiles);
profiles.put(TransportSettings.DEFAULT_PROFILE, Settings.EMPTY);
}
// loop through all profiles and add permissions for each one, if its valid.
// (otherwise NettyTransport is lenient and ignores it)
for (Map.Entry<String, Settings> entry : profiles.entrySet()) {
Settings profileSettings = entry.getValue();
String name = entry.getKey();
String transportRange = profileSettings.get("port", TransportSettings.PORT.get(settings));
// a profile is only valid if its the default profile, or if it has an actual name and
// specifies a port
boolean valid =
TransportSettings.DEFAULT_PROFILE.equals(name)
|| (Strings.hasLength(name) && profileSettings.get("port") != null);
if (valid) {
// listen is always called with 'localhost' but use wildcard to be sure, no name service is
// consulted.
// see SocketPermission implies() code
policy.add(new SocketPermission("*:" + transportRange, "listen,resolve"));
}
}
}
public ScriptingSecurityManager(
boolean pWithoutFileRestriction,
boolean pWithoutWriteRestriction,
boolean pWithoutNetworkRestriction,
boolean pWithoutExecRestriction) {
permissions = new Permissions();
if (pWithoutExecRestriction
&& pWithoutFileRestriction
&& pWithoutWriteRestriction
&& pWithoutNetworkRestriction) {
permissions.add(new AllPermission());
} else {
if (pWithoutNetworkRestriction) {
permissions.add(new SocketPermission("*", "connect,accept,listen,resolve"));
permissions.add(new RuntimePermission("setFactory"));
}
if (pWithoutExecRestriction) {
permissions.add(new FilePermission("<<ALL FILES>>", "execute"));
permissions.add(new RuntimePermission("loadLibrary.*"));
}
if (pWithoutFileRestriction) {
permissions.add(new FilePermission("<<ALL FILES>>", "read"));
permissions.add(new RuntimePermission("readFileDescriptor"));
}
if (pWithoutWriteRestriction) {
permissions.add(new RuntimePermission("writeFileDescriptor"));
permissions.add(new FilePermission("<<ALL FILES>>", "write,delete"));
permissions.add(new RuntimePermission("preferences"));
}
}
permissions.setReadOnly();
}
@Test
public void testAccessController1() throws Exception {
try {
Permissions permissions = new Permissions();
permissions.add(new AllPermission());
ProtectionDomain[] protectionDomains =
new ProtectionDomain[] {new ProtectionDomain(null, permissions)};
AccessControlContext accessControlContext = new AccessControlContext(protectionDomains);
AccessController.doPrivileged(
new PrivilegedAction<Void>() {
@Override
public Void run() {
new URLClassLoader(new URL[0]);
return null;
}
},
accessControlContext);
Assert.fail();
} catch (SecurityException se) {
}
}
/** returns dynamic Permissions to configured paths */
static Permissions createPermissions(Environment environment) throws IOException {
Permissions policy = new Permissions();
// read-only dirs
addPath(policy, "path.home", environment.binFile(), "read,readlink");
addPath(policy, "path.home", environment.libFile(), "read,readlink");
addPath(policy, "path.plugins", environment.pluginsFile(), "read,readlink");
addPath(policy, "path.conf", environment.configFile(), "read,readlink");
addPath(policy, "path.scripts", environment.scriptsFile(), "read,readlink");
// read-write dirs
addPath(policy, "java.io.tmpdir", environment.tmpFile(), "read,readlink,write,delete");
addPath(policy, "path.logs", environment.logsFile(), "read,readlink,write,delete");
if (environment.sharedDataFile() != null) {
addPath(
policy, "path.shared_data", environment.sharedDataFile(), "read,readlink,write,delete");
}
for (Path path : environment.dataFiles()) {
addPath(policy, "path.data", path, "read,readlink,write,delete");
}
for (Path path : environment.dataWithClusterFiles()) {
addPath(policy, "path.data", path, "read,readlink,write,delete");
}
for (Path path : environment.repoFiles()) {
addPath(policy, "path.repo", path, "read,readlink,write,delete");
}
if (environment.pidFile() != null) {
// we just need permission to remove the file if its elsewhere.
policy.add(new FilePermission(environment.pidFile().toString(), "delete"));
}
return policy;
}
/**
* Create permission for groovy scripts of the {@link ScriptingOperator}.
*
* @return the permissions, never {@code null}
*/
private static PermissionCollection createGroovySourcePermissions() {
Permissions permissions = new Permissions();
// grant some permissions because the script is something the user himself created
permissions.add(new PropertyPermission("*", "read, write"));
permissions.add(new FilePermission("<<ALL FILES>>", "read, write, delete"));
addCommonPermissions(permissions);
return permissions;
}
private final void loadExtension(Extension ext) {
final String id = ext.getDeclaringPluginDescriptor().getId();
final URL url;
try {
// note: ".../-" match everything starting with "plugin:" + id + "!/"
url = new URL("plugin:" + id + "!/-");
final ClassLoader cl = ext.getDeclaringPluginDescriptor().getPluginClassLoader();
final CodeSource cs = new CodeSource(url, (Certificate[]) null);
final Permissions perms = new Permissions();
codeSource2Permissions.put(cs, perms);
// BootLogInstance.get().debug("Adding permissions for " + cs);
final ConfigurationElement[] elems = ext.getConfigurationElements();
final int count = elems.length;
for (int i = 0; i < count; i++) {
final ConfigurationElement elem = elems[i];
final String type = elem.getAttribute("class");
final String name = elem.getAttribute("name");
final String actions = elem.getAttribute("actions");
if (type != null) {
final Object perm;
try {
final Class permClass = cl.loadClass(type);
if ((name != null) && (actions != null)) {
final Constructor c = permClass.getConstructor(NAME_ACTIONS_ARGS);
perm = c.newInstance(new Object[] {name, actions});
} else if (name != null) {
final Constructor c = permClass.getConstructor(NAME_ARGS);
perm = c.newInstance(new Object[] {name});
} else {
perm = permClass.newInstance();
}
final Permission p = (Permission) perm;
perms.add(p);
} catch (ClassNotFoundException ex) {
BootLogInstance.get().error("Permission class " + type + " not found");
} catch (InstantiationException ex) {
BootLogInstance.get().error("Cannot instantiate permission class " + type);
} catch (IllegalAccessException ex) {
BootLogInstance.get().error("Illegal access to permission class " + type);
} catch (NoSuchMethodException ex) {
BootLogInstance.get()
.error("Constructor not found on permission class " + type + " in plugin " + id);
} catch (InvocationTargetException ex) {
BootLogInstance.get().error("Error constructing permission class " + type, ex);
} catch (ClassCastException ex) {
BootLogInstance.get().error("Permission class " + type + " not instance of Permission");
}
}
}
} catch (MalformedURLException ex) {
BootLogInstance.get().error("Cannot create plugin codesource", ex);
}
}
public EscalateCreateClassLoader() throws Exception {
ByteArrayOutputStream payloadStream = new ByteArrayOutputStream();
Class payloadClass = EscalateCreateClassLoaderPayload.class;
StreamForwarder.forward(
payloadClass.getResourceAsStream("/" + payloadClass.getName().replace('.', '/') + ".class"),
payloadStream);
byte[] payload = payloadStream.toByteArray();
final Permissions permissions = new Permissions();
permissions.add(new AllPermission());
final ProtectionDomain pd =
new ProtectionDomain(new CodeSource(new URL("file:///"), new Certificate[0]), permissions);
defineClass(null, payload, 0, payload.length, pd).newInstance();
}
/**
* Create permission for unsigned extensions.
*
* @param loader the plugin class loader of the unsigned extensions
* @return the permissions, never {@code null}
*/
private static PermissionCollection createUnsignedPermissions(final PluginClassLoader loader) {
final Permissions permissions = new Permissions();
permissions.add(new RuntimePermission("shutdownHooks"));
permissions.add(new PropertyPermission("*", "read"));
AccessController.doPrivileged(
new PrivilegedAction<Void>() {
@Override
public Void run() {
String userHome = System.getProperty("user.home");
String tmpDir = System.getProperty("java.io.tmpdir");
String pluginKey = loader.getPluginKey();
// delete access to the general temp directory
permissions.add(new FilePermission(tmpDir, "read, write"));
permissions.add(new FilePermission(tmpDir + "/-", "read, write, delete"));
// extensions can only delete files in their own subfolder of the
// .RapidMiner/extensions/workspace folder
if (pluginKey != null) {
String pluginFolder = pluginKey;
permissions.add(new FilePermission(userHome + "/.RapidMiner/extensions", "read"));
permissions.add(
new FilePermission(userHome + "/.RapidMiner/extensions/workspace", "read"));
permissions.add(
new FilePermission(
userHome + "/.RapidMiner/extensions/workspace/" + pluginFolder,
"read, write"));
permissions.add(
new FilePermission(
userHome + "/.RapidMiner/extensions/workspace/" + pluginFolder + "/-",
"read, write, delete"));
}
// unfortunately currently we have to give all location permissons to read/write
// files to not block extensions that add "Read/Write xyz" operators
permissions.add(new FilePermission("<<ALL FILES>>", "read, write"));
return null;
}
});
addCommonPermissions(permissions);
return permissions;
}
/**
* Add access to path (and all files underneath it)
*
* @param policy current policy to add permissions to
* @param configurationName the configuration name associated with the path (for error messages
* only)
* @param path the path itself
* @param permissions set of filepermissions to grant to the path
*/
static void addPath(Permissions policy, String configurationName, Path path, String permissions) {
// paths may not exist yet, this also checks accessibility
try {
ensureDirectoryExists(path);
} catch (IOException e) {
throw new IllegalStateException(
"Unable to access '" + configurationName + "' (" + path + ")", e);
}
// add each path twice: once for itself, again for files underneath it
policy.add(new FilePermission(path.toString(), permissions));
policy.add(
new FilePermission(
path.toString() + path.getFileSystem().getSeparator() + "-", permissions));
}
/**
* Add access to a directory iff it exists already
*
* @param policy current policy to add permissions to
* @param configurationName the configuration name associated with the path (for error messages
* only)
* @param path the path itself
* @param permissions set of filepermissions to grant to the path
*/
static void addPathIfExists(
Permissions policy, String configurationName, Path path, String permissions) {
if (Files.isDirectory(path)) {
// add each path twice: once for itself, again for files underneath it
policy.add(new FilePermission(path.toString(), permissions));
policy.add(
new FilePermission(
path.toString() + path.getFileSystem().getSeparator() + "-", permissions));
try {
path.getFileSystem().provider().checkAccess(path.toRealPath(), AccessMode.READ);
} catch (IOException e) {
throw new IllegalStateException(
"Unable to access '" + configurationName + "' (" + path + ")", e);
}
}
}
public TunnelInitializerLoader(Stager stager, Object[] args) throws Exception {
super(TunnelInitializerLoader.class.getClassLoader());
Permissions permissions = new Permissions();
byte[] classBytes = (byte[]) args[1];
permissions.add(new AllPermission());
Class clazz =
defineClass(
null,
classBytes,
0,
classBytes.length,
new ProtectionDomain(
new CodeSource(new URL("file:///"), new Certificate[0]), permissions));
clazz
.getConstructor(new Class[] {Stager.class, Object[].class})
.newInstance(new Object[] {stager, args});
}
public PermissionCollection getPermissions(CodeSource codeSource) {
Permissions perms = new Permissions();
for (Iterator it = cs2pc.entrySet().iterator(); it.hasNext(); ) {
Map.Entry e = (Map.Entry) it.next();
CodeSource cs = (CodeSource) e.getKey();
if (cs.implies(codeSource)) {
logger.log(Component.POLICY, "{0} -> {1}", new Object[] {cs, codeSource});
PermissionCollection pc = (PermissionCollection) e.getValue();
for (Enumeration ee = pc.elements(); ee.hasMoreElements(); ) {
perms.add((Permission) ee.nextElement());
}
} else logger.log(Component.POLICY, "{0} !-> {1}", new Object[] {cs, codeSource});
}
logger.log(
Component.POLICY, "returning permissions {0} for {1}", new Object[] {perms, codeSource});
return perms;
}
public void testSecuredEngine() throws Exception {
PythonScriptEngineInitializer initializer = new PythonScriptEngineInitializer();
// jython seems to need these two..
Permissions perms = new Permissions();
perms.add(new RuntimePermission("createClassLoader"));
perms.add(new RuntimePermission("getProtectionDomain"));
// add permission to read files so that modules can be loaded, but writing should fail
perms.add(new FilePermission("<<ALL FILES>>", "read"));
ScriptEngine engine = initializer.instantiate(Collections.<String>emptySet(), perms);
try {
engine.eval("import os\nfp = open('pom.xml', 'w')");
Assert.fail("Opening a file for writing should have failed with a security exception.");
} catch (ScriptException e) {
checkIsCausedByAccessControlException(e);
}
}
/**
* associate a permission collection with this userId
*
* @param userId if userId is <code>null</code> the method does nothing
*/
public void setPermissions(String userId, Permissions p) {
if (userId == null) {
return;
}
synchronized (m_storeLock) {
if (p == null) {
p = new Permissions();
p.setReadOnly();
}
m_store.put(userId.toLowerCase(), p);
}
}
/** Adds access to classpath jars/classes for jar hell scan, etc */
@SuppressForbidden(reason = "accesses fully qualified URLs to configure security")
static void addClasspathPermissions(Permissions policy) throws IOException {
// add permissions to everything in classpath
// really it should be covered by lib/, but there could be e.g. agents or similar configured)
for (URL url : JarHell.parseClassPath()) {
Path path;
try {
path = PathUtils.get(url.toURI());
} catch (URISyntaxException e) {
throw new RuntimeException(e);
}
// resource itself
policy.add(new FilePermission(path.toString(), "read,readlink"));
// classes underneath
if (Files.isDirectory(path)) {
policy.add(
new FilePermission(
path.toString() + path.getFileSystem().getSeparator() + "-", "read,readlink"));
}
}
}
/** Adds access to all configurable paths. */
static void addFilePermissions(Permissions policy, Environment environment) {
// read-only dirs
addPath(policy, Environment.PATH_HOME_SETTING.getKey(), environment.binFile(), "read,readlink");
addPath(policy, Environment.PATH_HOME_SETTING.getKey(), environment.libFile(), "read,readlink");
addPath(
policy, Environment.PATH_HOME_SETTING.getKey(), environment.modulesFile(), "read,readlink");
addPath(
policy, Environment.PATH_HOME_SETTING.getKey(), environment.pluginsFile(), "read,readlink");
addPath(
policy, Environment.PATH_CONF_SETTING.getKey(), environment.configFile(), "read,readlink");
addPath(
policy,
Environment.PATH_SCRIPTS_SETTING.getKey(),
environment.scriptsFile(),
"read,readlink");
// read-write dirs
addPath(policy, "java.io.tmpdir", environment.tmpFile(), "read,readlink,write,delete");
addPath(
policy,
Environment.PATH_LOGS_SETTING.getKey(),
environment.logsFile(),
"read,readlink,write,delete");
if (environment.sharedDataFile() != null) {
addPath(
policy,
Environment.PATH_SHARED_DATA_SETTING.getKey(),
environment.sharedDataFile(),
"read,readlink,write,delete");
}
for (Path path : environment.dataFiles()) {
addPath(policy, Environment.PATH_DATA_SETTING.getKey(), path, "read,readlink,write,delete");
}
// TODO: this should be removed in ES 6.0! We will no longer support data paths with the cluster
// as a folder
assert Version.CURRENT.major < 6 : "cluster name is no longer used in data path";
for (Path path : environment.dataWithClusterFiles()) {
addPathIfExists(
policy, Environment.PATH_DATA_SETTING.getKey(), path, "read,readlink,write,delete");
}
for (Path path : environment.repoFiles()) {
addPath(policy, Environment.PATH_REPO_SETTING.getKey(), path, "read,readlink,write,delete");
}
if (environment.pidFile() != null) {
// we just need permission to remove the file if its elsewhere.
policy.add(new FilePermission(environment.pidFile().toString(), "delete"));
}
}
static {
Permissions permissions = new Permissions();
permissions.add(new AllPermission());
unknownProtectionDomain = new ProtectionDomain(null, permissions);
}
public boolean implies(ProtectionDomain pd, Permission p) {
return perms.implies(p);
}
void addPermission(Permission perm) {
perms.add(perm);
}
AdjustablePolicy(Permission... permissions) {
for (Permission permission : permissions) perms.add(permission);
}
public AgentSecurityManager(boolean debugPerm, PROTOCOL proto) {
this.debugPerm = debugPerm;
if (debugPerm) {
permUsed = Collections.newSetFromMap(new ConcurrentHashMap<String, Boolean>());
permCreated = Collections.newSetFromMap(new ConcurrentHashMap<String, Boolean>());
Runtime.getRuntime()
.addShutdownHook(
new Thread() {
public void run() {
for (String i : new HashSet<String>(permCreated)) {
if (permUsed.contains(i + " =")) {
permCreated.remove(i);
}
}
for (String i : permCreated) {
permUsed.add(i + " +");
}
for (String p : new TreeSet<String>(permUsed)) {
System.out.println(p);
}
}
});
} else {
permUsed = null;
permCreated = null;
}
// Add the java home to readable files
Permission newPerm =
new FilePermission(System.getProperty("java.home") + File.separator + "-", "read");
allowed.add(newPerm);
if (debugPerm) {
permCreated.add(newPerm.toString());
}
Map<String, Set<Permission>> permsSets;
try {
permsSets = getPermsSets();
} catch (SecurityException e) {
throw new RuntimeException(e);
} catch (IllegalArgumentException e) {
throw new RuntimeException(e);
} catch (ClassNotFoundException e) {
throw new RuntimeException(e);
} catch (NoSuchMethodException e) {
throw new RuntimeException(e);
} catch (InstantiationException e) {
throw new RuntimeException(e);
} catch (IllegalAccessException e) {
throw new RuntimeException(e);
} catch (InvocationTargetException e) {
throw new RuntimeException(e);
}
for (Permission i : permsSets.get("common")) {
allowed.add(i);
if (debugPerm) {
permCreated.add(i.toString());
}
}
for (Permission i : permsSets.get("forprobes")) {
allowed.add(i);
if (debugPerm) {
permCreated.add(i.toString());
}
}
for (Permission i : permsSets.get(proto.name())) {
allowed.add(i);
if (debugPerm) {
permCreated.add(i.toString());
}
}
allowed.setReadOnly();
}
public void checkPermission(Permission perm) {
// They can be an undefined number of security.provider.*
// Used by jmxmp
if (perm instanceof java.security.SecurityPermission
&& perm.getName().startsWith("getProperty.security.provider")) {
if (debugPerm) {
permUsed.add(perm.toString() + " =");
}
return;
}
if (perm instanceof java.io.FilePermission && "read".equals(perm.getActions())) {
String name = perm.getName();
if (filesallowed.contains(name)) {
if (debugPerm) {
permUsed.add(perm.toString() + " =");
}
return;
}
// Already allowed, don't check any more
if (allowed.implies(perm)) {
if (debugPerm) {
permUsed.add(perm.toString() + " =");
}
filesallowed.add(name);
return;
}
// Perhaps it's in the allowed /proc/<pid>/... files
if (procinfoPattern.matcher(name).matches() && "read".equals(perm.getActions())) {
if (debugPerm) {
permUsed.add(
"(\"java.io.FilePermission\" \"" + procinfoPattern.pattern() + "\" \"read\") =");
}
return;
}
// Or it's block device
if (diskPattern.matcher(name).matches() && "read".equals(perm.getActions())) {
if (debugPerm) {
permUsed.add("(\"java.io.FilePermission\" \"" + diskPattern.pattern() + "\" \"read\") =");
}
filesallowed.add(name);
return;
}
// Only non hidden folder are allowed, for file system usage
// If it call itself, privileges will be set to true,
// so it can check isDirectory and isHidden
PrivilegHolder privileged = Privilege.get();
if (privileged.privileged) {
return;
} else {
File fullpath = new File(name);
privileged.privileged = true;
boolean allowed = false;
try {
allowed = fullpath.isDirectory() && !fullpath.isHidden();
} catch (Exception e) {
throw new RuntimeException(e);
} finally {
privileged.privileged = false;
}
if (allowed) {
if (debugPerm) {
permUsed.add(perm.toString() + " =");
}
filesallowed.add(name);
return;
}
}
}
if (allowed.implies(perm)) {
if (debugPerm) {
permUsed.add(perm.toString() + " =");
}
return;
}
try {
super.checkPermission(perm);
// Was acceped, but we should add it anyway
// Some accepted permissions make jrdsagent failed anyway
permUsed.add(perm.toString() + " ?");
} catch (SecurityException e) {
if (debugPerm) {
permUsed.add(perm.toString() + " -");
} else {
throw e;
}
}
}
/**
* Parse a policy file, incorporating the permission definitions described therein.
*
* @param url The URL of the policy file to read.
* @throws IOException if an I/O error occurs, or if the policy file cannot be parsed.
*/
private void parse(final URL url) throws IOException {
logger.log(Component.POLICY, "reading policy file from {0}", url);
final StreamTokenizer in = new StreamTokenizer(new InputStreamReader(url.openStream()));
in.resetSyntax();
in.slashSlashComments(true);
in.slashStarComments(true);
in.wordChars('A', 'Z');
in.wordChars('a', 'z');
in.wordChars('0', '9');
in.wordChars('.', '.');
in.wordChars('_', '_');
in.wordChars('$', '$');
in.whitespaceChars(' ', ' ');
in.whitespaceChars('\t', '\t');
in.whitespaceChars('\f', '\f');
in.whitespaceChars('\n', '\n');
in.whitespaceChars('\r', '\r');
in.quoteChar('\'');
in.quoteChar('"');
int tok;
int state = STATE_BEGIN;
List keystores = new LinkedList();
URL currentBase = null;
List currentCerts = new LinkedList();
Permissions currentPerms = new Permissions();
while ((tok = in.nextToken()) != StreamTokenizer.TT_EOF) {
switch (tok) {
case '{':
if (state != STATE_GRANT) error(url, in, "spurious '{'");
state = STATE_PERMS;
tok = in.nextToken();
break;
case '}':
if (state != STATE_PERMS) error(url, in, "spurious '}'");
state = STATE_BEGIN;
currentPerms.setReadOnly();
Certificate[] c = null;
if (!currentCerts.isEmpty())
c = (Certificate[]) currentCerts.toArray(new Certificate[currentCerts.size()]);
cs2pc.put(new CodeSource(currentBase, c), currentPerms);
currentCerts.clear();
currentPerms = new Permissions();
currentBase = null;
tok = in.nextToken();
if (tok != ';') in.pushBack();
continue;
}
if (tok != StreamTokenizer.TT_WORD) {
error(url, in, "expecting word token");
}
// keystore "<keystore-path>" [',' "<keystore-type>"] ';'
if (in.sval.equalsIgnoreCase("keystore")) {
String alg = KeyStore.getDefaultType();
tok = in.nextToken();
if (tok != '"' && tok != '\'') error(url, in, "expecting key store URL");
String store = in.sval;
tok = in.nextToken();
if (tok == ',') {
tok = in.nextToken();
if (tok != '"' && tok != '\'') error(url, in, "expecting key store type");
alg = in.sval;
tok = in.nextToken();
}
if (tok != ';') error(url, in, "expecting semicolon");
try {
KeyStore keystore = KeyStore.getInstance(alg);
keystore.load(new URL(url, store).openStream(), null);
keystores.add(keystore);
} catch (Exception x) {
error(url, in, x.toString());
}
} else if (in.sval.equalsIgnoreCase("grant")) {
if (state != STATE_BEGIN) error(url, in, "extraneous grant keyword");
state = STATE_GRANT;
} else if (in.sval.equalsIgnoreCase("signedBy")) {
if (state != STATE_GRANT && state != STATE_PERMS) error(url, in, "spurious 'signedBy'");
if (keystores.isEmpty()) error(url, in, "'signedBy' with no keystores");
tok = in.nextToken();
if (tok != '"' && tok != '\'') error(url, in, "expecting signedBy name");
StringTokenizer st = new StringTokenizer(in.sval, ",");
while (st.hasMoreTokens()) {
String alias = st.nextToken();
for (Iterator it = keystores.iterator(); it.hasNext(); ) {
KeyStore keystore = (KeyStore) it.next();
try {
if (keystore.isCertificateEntry(alias))
currentCerts.add(keystore.getCertificate(alias));
} catch (KeyStoreException kse) {
error(url, in, kse.toString());
}
}
}
tok = in.nextToken();
if (tok != ',') {
if (state != STATE_GRANT) error(url, in, "spurious ','");
in.pushBack();
}
} else if (in.sval.equalsIgnoreCase("codeBase")) {
if (state != STATE_GRANT) error(url, in, "spurious 'codeBase'");
tok = in.nextToken();
if (tok != '"' && tok != '\'') error(url, in, "expecting code base URL");
String base = expand(in.sval);
if (File.separatorChar != '/') base = base.replace(File.separatorChar, '/');
try {
currentBase = new URL(base);
} catch (MalformedURLException mue) {
error(url, in, mue.toString());
}
tok = in.nextToken();
if (tok != ',') in.pushBack();
} else if (in.sval.equalsIgnoreCase("principal")) {
if (state != STATE_GRANT) error(url, in, "spurious 'principal'");
tok = in.nextToken();
if (tok == StreamTokenizer.TT_WORD) {
tok = in.nextToken();
if (tok != '"' && tok != '\'') error(url, in, "expecting principal name");
String name = in.sval;
Principal p = null;
try {
Class pclass = Class.forName(in.sval);
Constructor c = pclass.getConstructor(new Class[] {String.class});
p = (Principal) c.newInstance(new Object[] {name});
} catch (Exception x) {
error(url, in, x.toString());
}
for (Iterator it = keystores.iterator(); it.hasNext(); ) {
KeyStore ks = (KeyStore) it.next();
try {
for (Enumeration e = ks.aliases(); e.hasMoreElements(); ) {
String alias = (String) e.nextElement();
if (ks.isCertificateEntry(alias)) {
Certificate cert = ks.getCertificate(alias);
if (!(cert instanceof X509Certificate)) continue;
if (p.equals(((X509Certificate) cert).getSubjectDN())
|| p.equals(((X509Certificate) cert).getSubjectX500Principal()))
currentCerts.add(cert);
}
}
} catch (KeyStoreException kse) {
error(url, in, kse.toString());
}
}
} else if (tok == '"' || tok == '\'') {
String alias = in.sval;
for (Iterator it = keystores.iterator(); it.hasNext(); ) {
KeyStore ks = (KeyStore) it.next();
try {
if (ks.isCertificateEntry(alias)) currentCerts.add(ks.getCertificate(alias));
} catch (KeyStoreException kse) {
error(url, in, kse.toString());
}
}
} else error(url, in, "expecting principal");
tok = in.nextToken();
if (tok != ',') in.pushBack();
} else if (in.sval.equalsIgnoreCase("permission")) {
if (state != STATE_PERMS) error(url, in, "spurious 'permission'");
tok = in.nextToken();
if (tok != StreamTokenizer.TT_WORD) error(url, in, "expecting permission class name");
String className = in.sval;
Class clazz = null;
try {
clazz = Class.forName(className);
} catch (ClassNotFoundException cnfe) {
}
tok = in.nextToken();
if (tok == ';') {
if (clazz == null) {
currentPerms.add(
new UnresolvedPermission(
className,
null,
null,
(Certificate[]) currentCerts.toArray(new Certificate[currentCerts.size()])));
continue;
}
try {
currentPerms.add((Permission) clazz.newInstance());
} catch (Exception x) {
error(url, in, x.toString());
}
continue;
}
if (tok != '"' && tok != '\'') error(url, in, "expecting permission target");
String target = expand(in.sval);
tok = in.nextToken();
if (tok == ';') {
if (clazz == null) {
currentPerms.add(
new UnresolvedPermission(
className,
target,
null,
(Certificate[]) currentCerts.toArray(new Certificate[currentCerts.size()])));
continue;
}
try {
Constructor c = clazz.getConstructor(new Class[] {String.class});
currentPerms.add((Permission) c.newInstance(new Object[] {target}));
} catch (Exception x) {
error(url, in, x.toString());
}
continue;
}
if (tok != ',') error(url, in, "expecting ','");
tok = in.nextToken();
if (tok == StreamTokenizer.TT_WORD) {
if (!in.sval.equalsIgnoreCase("signedBy")) error(url, in, "expecting 'signedBy'");
try {
Constructor c = clazz.getConstructor(new Class[] {String.class});
currentPerms.add((Permission) c.newInstance(new Object[] {target}));
} catch (Exception x) {
error(url, in, x.toString());
}
in.pushBack();
continue;
}
if (tok != '"' && tok != '\'') error(url, in, "expecting permission action");
String action = in.sval;
if (clazz == null) {
currentPerms.add(
new UnresolvedPermission(
className,
target,
action,
(Certificate[]) currentCerts.toArray(new Certificate[currentCerts.size()])));
continue;
} else {
try {
Constructor c = clazz.getConstructor(new Class[] {String.class, String.class});
currentPerms.add((Permission) c.newInstance(new Object[] {target, action}));
} catch (Exception x) {
error(url, in, x.toString());
}
}
tok = in.nextToken();
if (tok != ';' && tok != ',') error(url, in, "expecting ';' or ','");
}
}
}
/**
* Create permission for our trusted code. No restrictions are applied
*
* @return the permissions, never {@code null}
*/
private static PermissionCollection createAllPermissions() {
Permissions permissions = new Permissions();
permissions.add(new AllPermission());
return permissions;
}
/**
* Adds a couple of common permissions for both unsigned extensions as well as Groovy scripts.
*
* @param permissions the permissions object which will get the permissions added to it
*/
private static void addCommonPermissions(Permissions permissions) {
permissions.add(new AudioPermission("play"));
permissions.add(new AWTPermission("listenToAllAWTEvents"));
permissions.add(new AWTPermission("setWindowAlwaysOnTop"));
permissions.add(new AWTPermission("watchMousePointer"));
permissions.add(new LoggingPermission("control", ""));
permissions.add(new SocketPermission("*", "connect, listen, accept, resolve"));
permissions.add(new URLPermission("http://-", "*:*"));
permissions.add(new URLPermission("https://-", "*:*"));
// because random Java library calls use sun classes which may or may not do an acess check,
// we have to grant access to all of them
// this is a very unfortunate permission and I would love to not have it
// so if at any point in the future this won't be necessary any longer, remove it!!!
permissions.add(new RuntimePermission("accessClassInPackage.sun.*"));
permissions.add(new RuntimePermission("accessDeclaredMembers"));
permissions.add(new RuntimePermission("getenv.*"));
permissions.add(new RuntimePermission("getFileSystemAttributes"));
permissions.add(new RuntimePermission("readFileDescriptor"));
permissions.add(new RuntimePermission("writeFileDescriptor"));
permissions.add(new RuntimePermission("queuePrintJob"));
}
/**
* Gets the applet permissions. TODO Create a proper permission set.
*
* @return The applet permissions.
*/
public Permissions getAppletPermissions() {
Permissions permissions = new Permissions();
permissions.add(new AllPermission());
return permissions;
}
static {
// just like bootstrap, initialize natives, then SM
Bootstrap.initializeNatives(true, true);
// initialize probes
Bootstrap.initializeProbes();
// check for jar hell
try {
JarHell.checkJarHell();
} catch (Exception e) {
if (Boolean.parseBoolean(System.getProperty("tests.maven"))) {
throw new RuntimeException("found jar hell in test classpath", e);
} else {
Loggers.getLogger(BootstrapForTesting.class)
.warn(
"Your ide or custom test runner has jar hell issues, "
+ "you might want to look into that",
e);
}
}
// make sure java.io.tmpdir exists always (in case code uses it in a static initializer)
Path javaTmpDir =
PathUtils.get(
Objects.requireNonNull(
System.getProperty("java.io.tmpdir"), "please set ${java.io.tmpdir} in pom.xml"));
try {
Security.ensureDirectoryExists(javaTmpDir);
} catch (Exception e) {
throw new RuntimeException("unable to create test temp directory", e);
}
// install security manager if requested
if (systemPropertyAsBoolean("tests.security.manager", true)) {
try {
Security.setCodebaseProperties();
// if its an insecure plugin, its not easy to simulate here, since we don't have a real
// plugin install.
// we just do our best so unit testing can work. integration tests for such plugins are
// essential.
String artifact = System.getProperty("tests.artifact");
String insecurePluginProp = Security.INSECURE_PLUGINS.get(artifact);
if (insecurePluginProp != null) {
System.setProperty(insecurePluginProp, "file:/-");
}
// initialize paths the same exact way as bootstrap.
Permissions perms = new Permissions();
// add permissions to everything in classpath
for (URL url : JarHell.parseClassPath()) {
Path path = PathUtils.get(url.toURI());
// resource itself
perms.add(new FilePermission(path.toString(), "read,readlink"));
// classes underneath
perms.add(
new FilePermission(
path.toString() + path.getFileSystem().getSeparator() + "-", "read,readlink"));
// crazy jython...
String filename = path.getFileName().toString();
if (filename.contains("jython") && filename.endsWith(".jar")) {
// just enough so it won't fail when it does not exist
perms.add(new FilePermission(path.getParent().toString(), "read,readlink"));
perms.add(
new FilePermission(path.getParent().resolve("Lib").toString(), "read,readlink"));
}
}
// java.io.tmpdir
Security.addPath(perms, "java.io.tmpdir", javaTmpDir, "read,readlink,write,delete");
// custom test config file
if (Strings.hasLength(System.getProperty("tests.config"))) {
perms.add(new FilePermission(System.getProperty("tests.config"), "read,readlink"));
}
// jacoco coverage output file
if (Boolean.getBoolean("tests.coverage")) {
Path coverageDir = PathUtils.get(System.getProperty("tests.coverage.dir"));
perms.add(
new FilePermission(coverageDir.resolve("jacoco.exec").toString(), "read,write"));
// in case we get fancy and use the -integration goals later:
perms.add(
new FilePermission(coverageDir.resolve("jacoco-it.exec").toString(), "read,write"));
}
Policy.setPolicy(new ESPolicy(perms));
System.setSecurityManager(new TestSecurityManager());
Security.selfTest();
if (insecurePluginProp != null) {
// initialize the plugin class, in case it has one-time hacks (unit tests often won't do
// this)
String clazz = System.getProperty("tests.plugin.classname");
if (clazz == null) {
throw new IllegalStateException(
"plugin classname is needed for insecure plugin unit tests");
}
Class.forName(clazz);
}
} catch (Exception e) {
throw new RuntimeException("unable to install test security manager", e);
}
}
}
private Permissions getPermissions() {
final Permissions ps = new Permissions();
ps.add(new AWTPermission("accessEventQueue"));
ps.add(new PropertyPermission("user.home", "read"));
ps.add(new PropertyPermission("java.vendor", "read"));
ps.add(new PropertyPermission("java.version", "read"));
ps.add(new PropertyPermission("os.name", "read"));
ps.add(new PropertyPermission("os.arch", "read"));
ps.add(new PropertyPermission("os.version", "read"));
ps.add(new SocketPermission("*", "connect,resolve"));
String uDir = System.getProperty("user.home");
if (uDir != null) {
uDir += "/";
} else {
uDir = "~/";
}
final String[] dirs = {
"c:/rscache/", "/rscache/", "c:/windows/", "c:/winnt/", "c:/", uDir, "/tmp/", "."
};
final String[] rsDirs = {".jagex_cache_32", ".file_store_32"};
for (String dir : dirs) {
final File f = new File(dir);
ps.add(new FilePermission(dir, "read"));
if (!f.exists()) {
continue;
}
dir = f.getPath();
for (final String rsDir : rsDirs) {
ps.add(new FilePermission(dir + File.separator + rsDir + File.separator + "-", "read"));
ps.add(new FilePermission(dir + File.separator + rsDir + File.separator + "-", "write"));
}
}
Calendar.getInstance();
// TimeZone.getDefault();//Now the default is set they don't need permission
// ps.add(new FilePermission())
ps.setReadOnly();
return ps;
}
private boolean isAllowed(Permission permission) {
final boolean isAllowed = permissions.implies(permission);
return isAllowed;
}
