• Home
• org.elasticsearch
• elasticsearch
• 8.15.2
• source code
• test-framework.policy

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.elasticsearch.bootstrap.test-framework.policy Maven / Gradle / Ivy

/*
 * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
 * or more contributor license agreements. Licensed under the Elastic License
 * 2.0 and the Server Side Public License, v 1; you may not use this file except
 * in compliance with, at your election, the Elastic License 2.0 or the Server
 * Side Public License, v 1.
 */

//// additional test framework permissions.
//// These are mock objects and test management that we allow test framework libs
//// to provide on our behalf. But tests themselves cannot do this stuff!

grant codeBase "${codebase.mockito-core}" {
  // needed to access ReflectionFactory (see below)
  permission java.lang.RuntimePermission "accessClassInPackage.sun.reflect";
  permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal";
  // needed for reflection in ibm jdk
  permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
  // needed to support creation of mocks
  permission java.lang.RuntimePermission "reflectionFactoryAccess";
  // needed for spy interception, etc
  permission java.lang.RuntimePermission "accessDeclaredMembers";
  permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
  permission java.lang.RuntimePermission "getClassLoader";
};

grant codeBase "${codebase.byte-buddy}" {
  permission java.lang.RuntimePermission "getClassLoader";
  permission java.lang.RuntimePermission "createClassLoader";
  permission java.lang.RuntimePermission "accessDeclaredMembers";
  permission java.lang.RuntimePermission "net.bytebuddy.createJavaDispatcher";
  permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
  permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal";
  permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
  permission java.lang.reflect.ReflectPermission "newProxyInPackage.net.bytebuddy.utility";
  permission java.lang.reflect.ReflectPermission "newProxyInPackage.net.bytebuddy.dynamic.loading";
  permission java.lang.reflect.ReflectPermission "newProxyInPackage.net.bytebuddy.description.type";
  permission java.lang.reflect.ReflectPermission "newProxyInPackage.net.bytebuddy.description.method";
};

grant codeBase "${codebase.objenesis}" {
  permission java.lang.RuntimePermission "reflectionFactoryAccess";
  permission java.lang.RuntimePermission "accessClassInPackage.sun.reflect";
  permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal";
  permission java.lang.RuntimePermission "accessDeclaredMembers";
  permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
};

grant codeBase "${codebase.lucene-test-framework}" {
  // needed by RamUsageTester
  permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
  // needed for testing hardlinks in StoreRecoveryTests since we install MockFS
  permission java.nio.file.LinkPermission "hard";
  // needed for RAMUsageTester
  permission java.lang.RuntimePermission "accessDeclaredMembers";
};

grant codeBase "${codebase.randomizedtesting-runner}" {
  // optionally needed for access to private test methods (e.g. beforeClass)
  permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
  // needed to fail tests on uncaught exceptions from other threads
  permission java.lang.RuntimePermission "setDefaultUncaughtExceptionHandler";
  // needed for top threads handling
  permission org.elasticsearch.secure_sm.ThreadPermission "modifyArbitraryThreadGroup";
  // needed for TestClass creation
  permission java.lang.RuntimePermission "accessDeclaredMembers";
};

grant codeBase "${codebase.junit}" {
  // needed for TestClass creation
  permission java.lang.RuntimePermission "accessDeclaredMembers";
  // needed for test listener notifications
  permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
};

grant codeBase "${codebase.mocksocket}" {
  // mocksocket makes and accepts socket connections
  permission java.net.SocketPermission "*", "accept,connect";
};

// the test framework can dynamically remove the security manager
// for tests that need to run without it
grant codeBase "${codebase.elasticsearch}" {
  permission java.lang.RuntimePermission "setSecurityManager";
};

// this is the test-framework, but the jar is horribly named
grant codeBase "${codebase.framework}" {
  permission java.lang.RuntimePermission "setSecurityManager";
};

grant codeBase "${codebase.elasticsearch-rest-client}" {
  // rest makes socket connections for rest tests
  permission java.net.SocketPermission "*", "connect";
  // rest client uses system properties which gets the default proxy
  permission java.net.NetPermission "getProxySelector";
};

grant codeBase "${codebase.httpcore-nio}" {
  // httpcore makes socket connections for rest tests
  permission java.net.SocketPermission "*", "connect";
};

grant codeBase "${codebase.httpasyncclient}" {
  // httpasyncclient makes socket connections for rest tests
  permission java.net.SocketPermission "*", "connect";
  // rest client uses system properties which gets the default proxy
  permission java.net.NetPermission "getProxySelector";
};

grant codeBase "${codebase.netty-common}" {
   // for reading the system-wide configuration for the backlog of established sockets
   permission java.io.FilePermission "/proc/sys/net/core/somaxconn", "read";
   // Netty sets custom classloader for some of its internal threads
   permission java.lang.RuntimePermission "setContextClassLoader";
   permission java.net.SocketPermission "*", "accept,connect";
};

grant codeBase "${codebase.netty-transport}" {
   // Netty NioEventLoop wants to change this, because of https://bugs.openjdk.java.net/browse/JDK-6427854
   // the bug says it only happened rarely, and that its fixed, but apparently it still happens rarely!
   permission java.util.PropertyPermission "sun.nio.ch.bugLevel", "write";
   permission java.net.SocketPermission "*", "accept,connect";
};

grant {
  permission java.net.SocketPermission "127.0.0.1", "accept, connect, resolve";
  permission java.nio.file.LinkPermission "symbolic";
  // needed for keystore tests
  permission java.lang.RuntimePermission "accessUserInformation";
};