2012-08-30 09:38:29 -04:00
|
|
|
/*
|
|
|
|
* Licensed to the Apache Software Foundation (ASF) under one or more
|
|
|
|
* contributor license agreements. See the NOTICE file distributed with
|
|
|
|
* this work for additional information regarding copyright ownership.
|
|
|
|
* The ASF licenses this file to You under the Apache License, Version 2.0
|
|
|
|
* (the "License"); you may not use this file except in compliance with
|
|
|
|
* the License. You may obtain a copy of the License at
|
|
|
|
*
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
*
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
* limitations under the License.
|
|
|
|
*/
|
|
|
|
|
2015-02-25 11:23:44 -05:00
|
|
|
// Policy file for lucene tests. Please keep minimal and avoid wildcards.
|
2012-08-30 09:38:29 -04:00
|
|
|
|
2012-08-30 13:56:15 -04:00
|
|
|
grant {
|
2020-01-21 23:43:31 -05:00
|
|
|
// let TestIndexWriterOnJRECrash fork its jvm
|
2015-02-25 11:23:44 -05:00
|
|
|
permission java.io.FilePermission "${java.home}${/}-", "read,execute";
|
2020-01-21 23:43:31 -05:00
|
|
|
|
|
|
|
// test-files/ resources
|
|
|
|
permission java.io.FilePermission "${common.dir}${/}-", "read";
|
|
|
|
// classpath-as-file, eg getDataPath, and only rarely (this acts like a JDK bug...)
|
|
|
|
permission java.io.FilePermission ".", "read";
|
2012-09-04 19:54:13 -04:00
|
|
|
|
2015-02-25 11:23:44 -05:00
|
|
|
// write only to sandbox
|
2016-08-21 14:48:42 -04:00
|
|
|
permission java.io.FilePermission "${tests.linedocsfile}", "read";
|
2020-01-21 23:43:31 -05:00
|
|
|
permission java.io.FilePermission "${java.io.tmpdir}", "read,write";
|
|
|
|
permission java.io.FilePermission "${java.io.tmpdir}${/}-", "read,write,delete";
|
2016-05-25 05:16:18 -04:00
|
|
|
|
|
|
|
// misc HardlinkCopyDirectoryWrapper needs this to test if hardlinks can be created
|
|
|
|
permission java.nio.file.LinkPermission "hard";
|
2015-06-26 23:35:00 -04:00
|
|
|
// needed by SSD detection tests in TestIOUtils (creates symlinks)
|
|
|
|
permission java.nio.file.LinkPermission "symbolic";
|
2012-09-04 19:54:13 -04:00
|
|
|
|
2020-01-21 23:43:31 -05:00
|
|
|
// needed by randomizedtesting runner to identify test methods.
|
2015-02-25 11:23:44 -05:00
|
|
|
permission java.lang.RuntimePermission "accessDeclaredMembers";
|
2020-01-21 23:43:31 -05:00
|
|
|
// needed by certain tests to capture sysout/syserr:
|
2015-02-25 11:23:44 -05:00
|
|
|
permission java.lang.RuntimePermission "setIO";
|
|
|
|
// needed by randomized runner to catch failures from other threads:
|
|
|
|
permission java.lang.RuntimePermission "setDefaultUncaughtExceptionHandler";
|
|
|
|
// needed by randomized runner getTopThreadGroup:
|
|
|
|
permission java.lang.RuntimePermission "modifyThreadGroup";
|
|
|
|
// needed by tests e.g. shutting down executors:
|
|
|
|
permission java.lang.RuntimePermission "modifyThread";
|
|
|
|
// needed for tons of test hacks etc
|
|
|
|
permission java.lang.RuntimePermission "getStackTrace";
|
|
|
|
// needed for mock filesystems in tests
|
|
|
|
permission java.lang.RuntimePermission "fileSystemProvider";
|
2018-07-07 09:20:40 -04:00
|
|
|
// analyzers/uima: needed by lucene expressions' JavascriptCompiler
|
2015-02-25 11:23:44 -05:00
|
|
|
permission java.lang.RuntimePermission "createClassLoader";
|
|
|
|
// needed to test unmap hack on platforms that support it
|
|
|
|
permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
|
2020-01-21 23:43:31 -05:00
|
|
|
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
|
2015-06-03 23:37:13 -04:00
|
|
|
// needed by cyberneko usage by benchmarks on J9
|
|
|
|
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.xerces.util";
|
2019-04-10 06:15:57 -04:00
|
|
|
// needed by org.apache.logging.log4j
|
|
|
|
permission java.lang.RuntimePermission "getenv.*";
|
|
|
|
permission java.lang.RuntimePermission "getClassLoader";
|
|
|
|
permission java.lang.RuntimePermission "setContextClassLoader";
|
|
|
|
|
2020-11-16 03:40:03 -05:00
|
|
|
// Needed for loading native library (lucene:misc:native) in lucene:misc
|
2021-01-17 17:57:56 -05:00
|
|
|
permission java.lang.RuntimePermission "getFileStoreAttributes";
|
2020-11-16 03:40:03 -05:00
|
|
|
permission java.lang.RuntimePermission "writeFileDescriptor";
|
|
|
|
|
2020-09-09 12:42:30 -04:00
|
|
|
// TestLockFactoriesMultiJVM opens a random port on 127.0.0.1 (port 0 = ephemeral port range):
|
|
|
|
permission java.net.SocketPermission "127.0.0.1:0", "accept,listen,resolve";
|
|
|
|
|
2015-02-25 11:23:44 -05:00
|
|
|
// read access to all system properties:
|
2015-03-01 15:25:41 -05:00
|
|
|
permission java.util.PropertyPermission "*", "read";
|
|
|
|
// write access to only these:
|
|
|
|
// locale randomization
|
|
|
|
permission java.util.PropertyPermission "user.language", "write";
|
|
|
|
// timezone randomization
|
|
|
|
permission java.util.PropertyPermission "user.timezone", "write";
|
|
|
|
|
2015-04-18 12:28:00 -04:00
|
|
|
// CMS randomization
|
|
|
|
permission java.util.PropertyPermission "lucene.cms.override_core_count", "write";
|
|
|
|
|
2015-03-01 15:25:41 -05:00
|
|
|
// used by nested tests? (e.g. TestLeaveFilesIfTestFails). TODO: look into this
|
|
|
|
permission java.util.PropertyPermission "tests.runnested", "write";
|
|
|
|
|
|
|
|
// solr properties. TODO: move these out to SolrTestCase
|
|
|
|
permission java.util.PropertyPermission "solr.data.dir", "write";
|
|
|
|
permission java.util.PropertyPermission "solr.solr.home", "write";
|
|
|
|
permission java.util.PropertyPermission "solr.directoryFactory", "write";
|
2013-02-13 18:04:38 -05:00
|
|
|
|
2015-06-30 20:16:37 -04:00
|
|
|
// allows LuceneTestCase#runWithRestrictedPermissions to execute with lower (or no) permission
|
|
|
|
permission java.security.SecurityPermission "createAccessControlContext";
|
2021-02-02 04:46:14 -05:00
|
|
|
|
2021-02-08 04:50:25 -05:00
|
|
|
// Hunspell regression and validation tests can read from external files
|
|
|
|
// specified in system properties.
|
2021-02-02 04:46:14 -05:00
|
|
|
permission java.io.FilePermission "${hunspell.repo.path}${/}-", "read";
|
2021-02-05 03:47:02 -05:00
|
|
|
permission java.io.FilePermission "${hunspell.corpora}${/}-", "read";
|
2021-02-08 04:50:25 -05:00
|
|
|
permission java.io.FilePermission "${hunspell.dictionaries}", "read";
|
|
|
|
permission java.io.FilePermission "${hunspell.dictionaries}${/}-", "read";
|
2012-08-30 09:38:29 -04:00
|
|
|
};
|
2020-01-21 23:43:31 -05:00
|
|
|
|
|
|
|
// Permissions to support ant build
|
|
|
|
grant {
|
|
|
|
permission java.io.FilePermission "${user.home}${/}.ivy2${/}cache${/}-", "read";
|
|
|
|
permission java.io.FilePermission "${junit4.tempDir}${/}*", "read,write,delete";
|
|
|
|
permission java.io.FilePermission "${clover.db.dir}${/}-", "read,write,delete";
|
2021-05-02 10:24:06 -04:00
|
|
|
};
|
|
|
|
|
|
|
|
// Permissions for jacoco code coverage
|
|
|
|
grant {
|
|
|
|
// permission to write the per-jvm code coverage output
|
|
|
|
permission java.io.FilePermission "${user.dir}${/}jacoco.exec", "write";
|
2020-01-21 23:43:31 -05:00
|
|
|
// needed by jacoco to dump coverage on shutdown
|
|
|
|
permission java.lang.RuntimePermission "shutdownHooks";
|
2021-05-02 10:24:06 -04:00
|
|
|
// needed by jacoco to instrument classes
|
|
|
|
permission java.lang.RuntimePermission "defineClass";
|
2020-01-21 23:43:31 -05:00
|
|
|
};
|
|
|
|
|
|
|
|
// Grant all permissions to Gradle test runner classes.
|
|
|
|
grant codeBase "file:${gradle.lib.dir}${/}-" {
|
|
|
|
permission java.security.AllPermission;
|
|
|
|
};
|
|
|
|
|
|
|
|
grant codeBase "file:${gradle.worker.jar}" {
|
|
|
|
permission java.security.AllPermission;
|
|
|
|
};
|
|
|
|
|
|
|
|
grant {
|
|
|
|
// Allow reading gradle worker JAR.
|
|
|
|
permission java.io.FilePermission "${gradle.worker.jar}", "read";
|
|
|
|
// Allow reading from classpath JARs (resources).
|
|
|
|
permission java.io.FilePermission "${gradle.user.home}${/}-", "read";
|
|
|
|
};
|
|
|
|
|