From 519ed997da39984e8b144c2d52552606148fb17a Mon Sep 17 00:00:00 2001 From: Dawid Weiss Date: Fri, 6 Dec 2019 19:25:57 +0100 Subject: [PATCH] Enable solr testing with solr security manager. --- gradle/testing/defaults-tests.gradle | 3 +- .../testing/policies/replicator-tests.policy | 2 +- gradle/testing/policies/solr-tests.policy | 187 ++++++++++++++++++ gradle/testing/randomization.gradle | 8 +- 4 files changed, 193 insertions(+), 7 deletions(-) create mode 100644 gradle/testing/policies/solr-tests.policy diff --git a/gradle/testing/defaults-tests.gradle b/gradle/testing/defaults-tests.gradle index 7997916b965..c454b5c52a7 100644 --- a/gradle/testing/defaults-tests.gradle +++ b/gradle/testing/defaults-tests.gradle @@ -4,9 +4,10 @@ import org.gradle.api.tasks.testing.logging.* allprojects { plugins.withType(JavaPlugin) { project.ext { - commonDir = project(":lucene").projectDir testsWorkDir = file("${buildDir}/tmp/tests-cwd") testsTmpDir = file("${buildDir}/tmp/tests-tmp") + commonDir = project(":lucene").projectDir + commonSolrDir = project(":solr").projectDir } test { diff --git a/gradle/testing/policies/replicator-tests.policy b/gradle/testing/policies/replicator-tests.policy index 9508a04a754..584379a504e 100644 --- a/gradle/testing/policies/replicator-tests.policy +++ b/gradle/testing/policies/replicator-tests.policy @@ -15,7 +15,7 @@ * limitations under the License. */ -// Policy file for lucene tests. Please keep minimal and avoid wildcards. +// Policy file for :lucene:replicator tests. Please keep minimal and avoid wildcards. grant { // 3rd party jar resources (where symlinks are not supported), test-files/ resources diff --git a/gradle/testing/policies/solr-tests.policy b/gradle/testing/policies/solr-tests.policy new file mode 100644 index 00000000000..332a83fddbf --- /dev/null +++ b/gradle/testing/policies/solr-tests.policy @@ -0,0 +1,187 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +// Policy file for :solr tests. Please keep minimal and avoid wildcards. + +grant { + // 3rd party jar resources (where symlinks are not supported), test-files/ resources + permission java.io.FilePermission "${common.dir}${/}-", "read"; + permission java.io.FilePermission "${common-solr.dir}${/}-", "read"; + + // system jar resources + permission java.io.FilePermission "${java.home}${/}-", "read"; + + // write only to sandbox + permission java.io.FilePermission "${java.io.tmpdir}", "read,write"; + permission java.io.FilePermission "${java.io.tmpdir}${/}-", "read,write,delete"; + permission java.io.FilePermission "${tests.linedocsfile}", "read"; + + // hadoop + // permission java.io.FilePermission "${ant.library.dir}${/}-", "read"; + // permission java.io.FilePermission "${user.home}${/}.ant${/}lib${/}-", "read"; + + permission java.io.FilePermission "${user.home}${/}hadoop-metrics2.properties", "read"; + permission java.io.FilePermission "${user.home}${/}hadoop-metrics2-namenode.properties", "read"; + // kerberos + permission java.io.FilePermission "${user.home}${/}.java.login.config", "read"; + // SolrTestCaseJ4 explicitly uses these + permission java.io.FilePermission "/dev/./urandom", "read"; + permission java.io.FilePermission "/dev/random", "read"; + // DirectoryFactoryTest messes with these (wtf?) + permission java.io.FilePermission "/tmp/inst1/conf/solrcore.properties", "read"; + permission java.io.FilePermission "/path/to/myinst/conf/solrcore.properties", "read"; + // TestConfigSets messes with these (wtf?) + permission java.io.FilePermission "/path/to/solr/home/lib", "read"; + + permission java.nio.file.LinkPermission "hard"; + + // all possibilities of accepting/binding connections on localhost with ports >=1024: + permission java.net.SocketPermission "localhost:1024-", "accept,listen"; + permission java.net.SocketPermission "127.0.0.1:1024-", "accept,listen"; + permission java.net.SocketPermission "[::1]:1024-", "accept,listen"; + + // Allow connecting to the internet anywhere + permission java.net.SocketPermission "*", "connect,resolve"; + + // Basic permissions needed for Lucene to work: + permission java.util.PropertyPermission "*", "read,write"; + + // needed by randomizedtesting runner to identify test methods. + permission java.lang.RuntimePermission "accessDeclaredMembers"; + permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; + // needed by certain tests to redirect sysout/syserr: + permission java.lang.RuntimePermission "setIO"; + // needed by randomized runner to catch failures from other threads: + permission java.lang.RuntimePermission "setDefaultUncaughtExceptionHandler"; + // needed by randomized runner getTopThreadGroup: + permission java.lang.RuntimePermission "modifyThreadGroup"; + // needed by tests e.g. shutting down executors: + permission java.lang.RuntimePermission "modifyThread"; + // needed for tons of test hacks etc + permission java.lang.RuntimePermission "getStackTrace"; + // needed for mock filesystems in tests + permission java.lang.RuntimePermission "fileSystemProvider"; + // needed for test of IOUtils.spins (maybe it can be avoided) + permission java.lang.RuntimePermission "getFileStoreAttributes"; + // analyzers/uima: needed by lucene expressions' JavascriptCompiler + permission java.lang.RuntimePermission "createClassLoader"; + // needed to test unmap hack on platforms that support it + permission java.lang.RuntimePermission "accessClassInPackage.sun.misc"; + // needed by jacoco to dump coverage + permission java.lang.RuntimePermission "shutdownHooks"; + // needed by org.apache.logging.log4j + permission java.lang.RuntimePermission "getenv.*"; + permission java.lang.RuntimePermission "getClassLoader"; + permission java.lang.RuntimePermission "setContextClassLoader"; + permission java.lang.RuntimePermission "getStackWalkerWithClassReference"; + // needed by bytebuddy + permission java.lang.RuntimePermission "defineClass"; + // needed by mockito + permission java.lang.RuntimePermission "accessClassInPackage.sun.reflect"; + permission java.lang.RuntimePermission "reflectionFactoryAccess"; + // needed by SolrResourceLoader + permission java.lang.RuntimePermission "closeClassLoader"; + // needed by HttpSolrClient + permission java.lang.RuntimePermission "getFileSystemAttributes"; + // needed by hadoop auth (TODO: there is a cleaner way to handle this) + permission java.lang.RuntimePermission "loadLibrary.jaas"; + permission java.lang.RuntimePermission "loadLibrary.jaas_unix"; + permission java.lang.RuntimePermission "loadLibrary.jaas_nt"; + // needed by hadoop hdfs + permission java.lang.RuntimePermission "readFileDescriptor"; + permission java.lang.RuntimePermission "writeFileDescriptor"; + // needed by hadoop http + permission java.lang.RuntimePermission "getProtectionDomain"; + + // These two *have* to be spelled out a separate + permission java.lang.management.ManagementPermission "control"; + permission java.lang.management.ManagementPermission "monitor"; + + // needed by hadoop htrace + permission java.net.NetPermission "getNetworkInformation"; + + // needed by DIH + permission java.sql.SQLPermission "deregisterDriver"; + + permission java.util.logging.LoggingPermission "control"; + + // needed by solr mbeans feature/tests + // TODO: can we remove wildcard for class names/members? + permission javax.management.MBeanPermission "*", "getAttribute"; + permission javax.management.MBeanPermission "*", "getMBeanInfo"; + permission javax.management.MBeanPermission "*", "queryMBeans"; + permission javax.management.MBeanPermission "*", "queryNames"; + permission javax.management.MBeanPermission "*", "registerMBean"; + permission javax.management.MBeanPermission "*", "unregisterMBean"; + permission javax.management.MBeanServerPermission "createMBeanServer"; + permission javax.management.MBeanServerPermission "findMBeanServer"; + permission javax.management.MBeanServerPermission "releaseMBeanServer"; + permission javax.management.MBeanTrustPermission "register"; + + // needed by hadoop auth + permission javax.security.auth.AuthPermission "getSubject"; + permission javax.security.auth.AuthPermission "modifyPrincipals"; + permission javax.security.auth.AuthPermission "doAs"; + permission javax.security.auth.AuthPermission "getLoginConfiguration"; + permission javax.security.auth.AuthPermission "setLoginConfiguration"; + permission javax.security.auth.AuthPermission "modifyPrivateCredentials"; + permission javax.security.auth.AuthPermission "modifyPublicCredentials"; + permission javax.security.auth.PrivateCredentialPermission "org.apache.hadoop.security.Credentials * \"*\"", "read"; + + // needed by hadoop security + permission java.security.SecurityPermission "putProviderProperty.SaslPlainServer"; + permission java.security.SecurityPermission "insertProvider"; + + permission javax.xml.bind.JAXBPermission "setDatatypeConverter"; + + // SSL related properties for Solr tests + permission javax.net.ssl.SSLPermission "setDefaultSSLContext"; + + // SASL/Kerberos related properties for Solr tests + permission javax.security.auth.PrivateCredentialPermission "javax.security.auth.kerberos.KerberosTicket * \"*\"", "read"; + + // may only be necessary with Java 7? + permission javax.security.auth.PrivateCredentialPermission "javax.security.auth.kerberos.KeyTab * \"*\"", "read"; + permission javax.security.auth.PrivateCredentialPermission "sun.security.jgss.krb5.Krb5Util$KeysFromKeyTab * \"*\"", "read"; + + permission javax.security.auth.kerberos.ServicePermission "*", "initiate"; + permission javax.security.auth.kerberos.ServicePermission "*", "accept"; + permission javax.security.auth.kerberos.DelegationPermission "\"*\" \"krbtgt/EXAMPLE.COM@EXAMPLE.COM\""; + + // java 8 accessibility requires this perm - should not after 8 I believe (rrd4j is the root reason we hit an accessibility code path) + permission java.awt.AWTPermission "*"; + + // used by solr to create sandboxes (e.g. script execution) + permission java.security.SecurityPermission "createAccessControlContext"; +}; + +// Grant all permissions to Gradle test runner classes. + +grant codeBase "file:${gradle.lib.dir}${/}-" { + permission java.security.AllPermission; +}; + +grant codeBase "file:${gradle.worker.jar}" { + permission java.security.AllPermission; +}; + +grant { + // Allow reading gradle worker JAR. + permission java.io.FilePermission "${gradle.worker.jar}", "read"; + // Allow reading from classpath JARs (resources). + permission java.io.FilePermission "${gradle.user.home}${/}-", "read"; +}; \ No newline at end of file diff --git a/gradle/testing/randomization.gradle b/gradle/testing/randomization.gradle index bdbb1575f6d..5983a7275d7 100644 --- a/gradle/testing/randomization.gradle +++ b/gradle/testing/randomization.gradle @@ -163,11 +163,9 @@ allprojects { systemProperty 'java.security.manager', "org.apache.lucene.util.TestSecurityManager" systemProperty 'java.security.policy', rootProject.file("gradle/testing/policies/tests.policy") } else { - // systemProperty 'java.security.manager', "org.apache.solr.util.SolrSecurityManager" - // systemProperty 'java.security.policy', file("${commonDir}/tools/junit4/solr-tests.policy") - doFirst { - logger.log(LogLevel.WARN, "Running with security manager not implemented for: ${project.path}") - } + systemProperty 'common-solr.dir', commonSolrDir + systemProperty 'java.security.manager', "org.apache.solr.util.SolrSecurityManager" + systemProperty 'java.security.policy', rootProject.file("gradle/testing/policies/solr-tests.policy") } systemProperty 'common.dir', commonDir