org.elasticsearch.bootstrap.security.policy Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of elasticsearch Show documentation
Show all versions of elasticsearch Show documentation
Elasticsearch subproject :server
/*
* Licensed to Elasticsearch under one or more contributor
* license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright
* ownership. Elasticsearch licenses this file to you under
* the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
// Default security policy file.
// On startup, BootStrap reads environment and adds additional permissions
// for configured paths and network binding to these.
//// SecurityManager impl:
//// Must have all permissions to properly perform access checks
grant codeBase "${codebase.securesm-1.0.jar}" {
permission java.security.AllPermission;
};
//// Very special jar permissions:
//// These are dangerous permissions that we don't want to grant to everything.
grant codeBase "${codebase.lucene-core-5.5.2.jar}" {
// needed to allow MMapDirectory's "unmap hack" (die unmap hack, die)
permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
};
grant codeBase "${codebase.jsr166e-1.1.0.jar}" {
// needed for LongAdder etc
// TODO: remove this in java 8!
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
};
//// Everything else:
grant {
// checked by scripting engines, and before hacks and other issues in
// third party code, to safeguard these against unprivileged code like scripts.
permission org.elasticsearch.SpecialPermission;
// Allow connecting to the internet anywhere
permission java.net.SocketPermission "*", "accept,connect,resolve";
// Allow read/write to all system properties
permission java.util.PropertyPermission "*", "read,write";
// needed by Settings
permission java.lang.RuntimePermission "getenv.*";
// thread permission for the same thread group and ancestor groups
// (this logic is more strict than the JDK, see SecureSM)
permission java.lang.RuntimePermission "modifyThread";
permission java.lang.RuntimePermission "modifyThreadGroup";
// needed by ExceptionSerializationTests and RestTestCase for
// some hackish things they do. otherwise only needed by groovy
// (TODO: clean this up?)
permission java.lang.RuntimePermission "getProtectionDomain";
// likely not low hanging fruit...
permission java.lang.RuntimePermission "accessDeclaredMembers";
// needed by HotThreads and potentially more
// otherwise can be provided only to test libraries
permission java.lang.RuntimePermission "getStackTrace";
// needed by JMX instead of getFileSystemAttributes, seems like a bug...
permission java.lang.RuntimePermission "getFileStoreAttributes";
// needed for jimfs and NewPathForShardsTests
// otherwise can be provided only to test libraries
permission java.lang.RuntimePermission "fileSystemProvider";
// needed by plugin manager to set unix permissions
permission java.lang.RuntimePermission "accessUserInformation";
// needed by jvminfo for monitoring the jvm
permission java.lang.management.ManagementPermission "monitor";
// needed by JDKESLoggerTests
permission java.util.logging.LoggingPermission "control";
};