org.elasticsearch.bootstrap.untrusted.policy Maven / Gradle / Ivy
The newest version!
/*
* Licensed to Elasticsearch under one or more contributor
* license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright
* ownership. Elasticsearch licenses this file to you under
* the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
/*
* Limited security policy for scripts.
* This is what is needed for basic functionality to work.
*/
grant {
// groovy IndyInterface bootstrap requires this property for indy logging
permission java.util.PropertyPermission "groovy.indy.logging", "read";
// groovy requires this to enable workaround for certain JVMs (https://github.com/apache/groovy/pull/137)
permission java.util.PropertyPermission "java.vm.name", "read";
permission java.util.PropertyPermission "groovy.use.classvalue", "read";
// groovy JsonOutput, just allow it to read these props so it works (unsafe is not allowed)
permission java.util.PropertyPermission "groovy.json.faststringutils.disable", "read";
permission java.util.PropertyPermission "groovy.json.faststringutils.write.to.final.fields", "read";
// needed by Rhino engine exception handling
permission java.util.PropertyPermission "rhino.stack.style", "read";
// needed IndyInterface selectMethod (setCallSiteTarget)
// TODO: clean this up / only give it to engines that really must have it
permission java.lang.RuntimePermission "getClassLoader";
};