/** Initializes SecurityManager for the environment Can only happen once! */ static void configure(Environment environment) throws Exception { // set properties for jar locations setCodebaseProperties(); // enable security policy: union of template and environment-based paths, and possibly plugin // permissions Policy.setPolicy( new ESPolicy(createPermissions(environment), getPluginPermissions(environment))); // enable security manager System.setSecurityManager( new SecurityManager() { // we disable this completely, because its granted otherwise: // 'Note: The "exitVM.*" permission is automatically granted to // all code loaded from the application class path, thus enabling // applications to terminate themselves.' @Override public void checkExit(int status) { throw new SecurityException("exit(" + status + ") not allowed by system policy"); } }); // do some basic tests selfTest(); }
/** * Initializes SecurityManager for the environment Can only happen once! * * @param environment configuration for generating dynamic permissions * @param filterBadDefaults true if we should filter out bad java defaults in the system policy. */ static void configure(Environment environment, boolean filterBadDefaults) throws Exception { // enable security policy: union of template and environment-based paths, and possibly plugin // permissions Policy.setPolicy( new ESPolicy( createPermissions(environment), getPluginPermissions(environment), filterBadDefaults)); // enable security manager System.setSecurityManager(new SecureSM(new String[] {"org.elasticsearch.bootstrap."})); // do some basic tests selfTest(); }
static { // just like bootstrap, initialize natives, then SM Bootstrap.initializeNatives(true, true); // initialize probes Bootstrap.initializeProbes(); // check for jar hell try { JarHell.checkJarHell(); } catch (Exception e) { if (Boolean.parseBoolean(System.getProperty("tests.maven"))) { throw new RuntimeException("found jar hell in test classpath", e); } else { Loggers.getLogger(BootstrapForTesting.class) .warn( "Your ide or custom test runner has jar hell issues, " + "you might want to look into that", e); } } // make sure java.io.tmpdir exists always (in case code uses it in a static initializer) Path javaTmpDir = PathUtils.get( Objects.requireNonNull( System.getProperty("java.io.tmpdir"), "please set ${java.io.tmpdir} in pom.xml")); try { Security.ensureDirectoryExists(javaTmpDir); } catch (Exception e) { throw new RuntimeException("unable to create test temp directory", e); } // install security manager if requested if (systemPropertyAsBoolean("tests.security.manager", true)) { try { Security.setCodebaseProperties(); // if its an insecure plugin, its not easy to simulate here, since we don't have a real // plugin install. // we just do our best so unit testing can work. integration tests for such plugins are // essential. String artifact = System.getProperty("tests.artifact"); String insecurePluginProp = Security.INSECURE_PLUGINS.get(artifact); if (insecurePluginProp != null) { System.setProperty(insecurePluginProp, "file:/-"); } // initialize paths the same exact way as bootstrap. Permissions perms = new Permissions(); // add permissions to everything in classpath for (URL url : JarHell.parseClassPath()) { Path path = PathUtils.get(url.toURI()); // resource itself perms.add(new FilePermission(path.toString(), "read,readlink")); // classes underneath perms.add( new FilePermission( path.toString() + path.getFileSystem().getSeparator() + "-", "read,readlink")); // crazy jython... String filename = path.getFileName().toString(); if (filename.contains("jython") && filename.endsWith(".jar")) { // just enough so it won't fail when it does not exist perms.add(new FilePermission(path.getParent().toString(), "read,readlink")); perms.add( new FilePermission(path.getParent().resolve("Lib").toString(), "read,readlink")); } } // java.io.tmpdir Security.addPath(perms, "java.io.tmpdir", javaTmpDir, "read,readlink,write,delete"); // custom test config file if (Strings.hasLength(System.getProperty("tests.config"))) { perms.add(new FilePermission(System.getProperty("tests.config"), "read,readlink")); } // jacoco coverage output file if (Boolean.getBoolean("tests.coverage")) { Path coverageDir = PathUtils.get(System.getProperty("tests.coverage.dir")); perms.add( new FilePermission(coverageDir.resolve("jacoco.exec").toString(), "read,write")); // in case we get fancy and use the -integration goals later: perms.add( new FilePermission(coverageDir.resolve("jacoco-it.exec").toString(), "read,write")); } Policy.setPolicy(new ESPolicy(perms)); System.setSecurityManager(new TestSecurityManager()); Security.selfTest(); if (insecurePluginProp != null) { // initialize the plugin class, in case it has one-time hacks (unit tests often won't do // this) String clazz = System.getProperty("tests.plugin.classname"); if (clazz == null) { throw new IllegalStateException( "plugin classname is needed for insecure plugin unit tests"); } Class.forName(clazz); } } catch (Exception e) { throw new RuntimeException("unable to install test security manager", e); } } }