LUCENE-6238: minimize tests.policy

git-svn-id: https://svn.apache.org/repos/asf/lucene/dev/trunk@1662254 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Robert Muir 2015-02-25 16:23:44 +00:00
parent 0e505bcc00
commit 8cfb3a9398
7 changed files with 158 additions and 70 deletions

View File

@ -31,7 +31,7 @@ public class TestFilesystemResourceLoader extends LuceneTestCase {
private void assertNotFound(ResourceLoader rl) throws Exception {
try {
IOUtils.closeWhileHandlingException(rl.openResource("/this-directory-really-really-really-should-not-exist/foo/bar.txt"));
IOUtils.closeWhileHandlingException(rl.openResource("this-directory-really-really-really-should-not-exist/foo/bar.txt"));
fail("The resource does not exist, should fail!");
} catch (IOException ioe) {
// pass

View File

@ -80,7 +80,7 @@ public class BasicAEProvider implements AEProvider {
private XMLInputSource getInputSource() throws IOException {
try {
return new XMLInputSource(aePath);
} catch (IOException e) {
} catch (Exception e) {
return new XMLInputSource(getClass().getResource(aePath));
}
}

View File

@ -125,6 +125,7 @@
<property name="tests.filterstacks" value="true"/>
<property name="tests.luceneMatchVersion" value="${version.base}"/>
<property name="tests.asserts" value="true" />
<property name="tests.policy" location="${common.dir}/tools/junit4/tests.policy"/>
<condition property="tests.asserts.args" value="-ea -esa" else="">
<istrue value="${tests.asserts}"/>
@ -1012,11 +1013,12 @@
<!-- Restrict access to certain Java features and install security manager: -->
<sysproperty key="junit4.tempDir" file="@{workDir}/temp" />
<sysproperty key="common.dir" file="${common.dir}" />
<sysproperty key="clover.db.dir" file="${clover.db.dir}" />
<syspropertyset>
<propertyref prefix="java.security.manager"/>
</syspropertyset>
<sysproperty key="java.security.policy" file="${common.dir}/tools/junit4/tests.policy" />
<sysproperty key="java.security.policy" file="${tests.policy}" />
<sysproperty key="tests.LUCENE_VERSION" value="${version.base}"/>
@ -2501,7 +2503,7 @@ The following arguments can be provided to ant to alter its behaviour and target
<junit4:pickseed property="pitest.seed" />
<property name="pitest.sysprops" value="-Dversion=${version},-Dtest.seed=${pitest.seed},-Djava.security.manager=org.apache.lucene.util.TestSecurityManager,-Djava.security.policy=${common.dir}/tools/junit4/tests.policy,-Djava.io.tmpdir=${tests.workDir},-Djunit4.childvm.cwd=${tests.workDir},-Djunit4.tempDir=${tests.workDir}" />
<property name="pitest.sysprops" value="-Dversion=${version},-Dtest.seed=${pitest.seed},-Djava.security.manager=org.apache.lucene.util.TestSecurityManager,-Djava.security.policy=${tests.policy},-Djava.io.tmpdir=${tests.workDir},-Djunit4.childvm.cwd=${tests.workDir},-Djunit4.tempDir=${tests.workDir}" />
<pitest
classPath="pitest.classpath"

View File

@ -215,7 +215,7 @@ public class TestIOUtils extends LuceneTestCase {
@Override
public void checkAccess(Path path, AccessMode... modes) throws IOException {
// TODO: kinda screwed up how we do this, but it's easy to get lost. just unravel completely.
delegate.checkAccess(FilterPath.unwrap(path), modes);
delegate.checkAccess(maybeChroot(FilterPath.unwrap(path)), modes);
}
@Override

View File

@ -0,0 +1,90 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
// Policy file to prevent tests from writing outside the test sandbox directory
// (must be given as a sysprop: tests.sandbox.dir)
// This policy also disallows stuff like listening on network ports of interfaces
// different than 127.0.0.1.
// PLEASE NOTE: You may need to enable other permissions when new tests are added,
// everything not allowed here is forbidden!
grant {
// permissions for file access, write access only to sandbox:
permission java.io.FilePermission "<<ALL FILES>>", "read,execute";
permission java.io.FilePermission "${junit4.childvm.cwd}", "read,execute";
permission java.io.FilePermission "${junit4.childvm.cwd}${/}temp", "read,execute,write,delete";
permission java.io.FilePermission "${junit4.childvm.cwd}${/}temp${/}-", "read,execute,write,delete";
permission java.io.FilePermission "${junit4.tempDir}${/}*", "read,execute,write,delete";
permission java.io.FilePermission "${clover.db.dir}${/}-", "read,execute,write,delete";
// all possibilities of accepting/binding connections on localhost with ports >=1024:
permission java.net.SocketPermission "localhost:1024-", "accept,listen";
permission java.net.SocketPermission "127.0.0.1:1024-", "accept,listen";
permission java.net.SocketPermission "[::1]:1024-", "accept,listen";
// This is a special case, because the network config of the ASF Jenkins server is broken,
// see: http://freebsd.1045724.n5.nabble.com/jail-external-and-localhost-distinction-td3967320.html
permission java.net.SocketPermission "lucene.zones.apache.org:1024-", "accept,listen";
// Allow connecting to the internet anywhere
permission java.net.SocketPermission "*", "connect,resolve";
// Basic permissions needed for Lucene to work:
permission java.util.PropertyPermission "*", "read,write";
permission java.lang.reflect.ReflectPermission "*";
permission java.lang.RuntimePermission "*";
// These two *have* to be spelled out a separate
permission java.lang.management.ManagementPermission "control";
permission java.lang.management.ManagementPermission "monitor";
// Solr needs those:
permission java.net.NetPermission "*";
permission java.sql.SQLPermission "*";
permission java.util.logging.LoggingPermission "control";
permission javax.management.MBeanPermission "*", "*";
permission javax.management.MBeanServerPermission "*";
permission javax.management.MBeanTrustPermission "*";
permission javax.security.auth.AuthPermission "*";
permission javax.security.auth.PrivateCredentialPermission "org.apache.hadoop.security.Credentials * \"*\"", "read";
permission java.security.SecurityPermission "putProviderProperty.SaslPlainServer";
permission java.security.SecurityPermission "insertProvider.SaslPlainServer";
permission javax.xml.bind.JAXBPermission "setDatatypeConverter";
// TIKA uses BouncyCastle and that registers new provider for PDF parsing + MSOffice parsing. Maybe report as bug!
permission java.security.SecurityPermission "putProviderProperty.BC";
permission java.security.SecurityPermission "insertProvider.BC";
// Needed for some things in DNS caching in the JVM
permission java.security.SecurityPermission "getProperty.networkaddress.cache.ttl";
permission java.security.SecurityPermission "getProperty.networkaddress.cache.negative.ttl";
// SSL related properties for Solr tests
permission java.security.SecurityPermission "getProperty.ssl.*";
// SASL/Kerberos related properties for Solr tests
permission javax.security.auth.PrivateCredentialPermission "javax.security.auth.kerberos.KerberosTicket * \"*\"", "read";
// may only be necessary with Java 7?
permission javax.security.auth.PrivateCredentialPermission "javax.security.auth.kerberos.KeyTab * \"*\"", "read";
permission javax.security.auth.PrivateCredentialPermission "sun.security.jgss.krb5.Krb5Util$KeysFromKeyTab * \"*\"", "read";
permission javax.security.auth.kerberos.ServicePermission "krbtgt/EXAMPLE.COM@EXAMPLE.COM", "initiate";
permission javax.security.auth.kerberos.ServicePermission "zookeeper/127.0.0.1@EXAMPLE.COM", "initiate";
permission javax.security.auth.kerberos.ServicePermission "zookeeper/127.0.0.1@EXAMPLE.COM", "accept";
};

View File

@ -15,76 +15,71 @@
* limitations under the License.
*/
// Policy file to prevent tests from writing outside the test sandbox directory
// (must be given as a sysprop: tests.sandbox.dir)
// This policy also disallows stuff like listening on network ports of interfaces
// different than 127.0.0.1.
// PLEASE NOTE: You may need to enable other permissions when new tests are added,
// everything not allowed here is forbidden!
// Policy file for lucene tests. Please keep minimal and avoid wildcards.
grant {
// permissions for file access, write access only to sandbox:
permission java.io.FilePermission "<<ALL FILES>>", "read,execute";
permission java.io.FilePermission "${junit4.childvm.cwd}", "read,execute";
permission java.io.FilePermission "${junit4.childvm.cwd}${/}temp", "read,execute,write,delete";
permission java.io.FilePermission "${junit4.childvm.cwd}${/}temp${/}-", "read,execute,write,delete";
permission java.io.FilePermission "${junit4.tempDir}${/}*", "read,execute,write,delete";
permission java.io.FilePermission "${clover.db.dir}${/}-", "read,execute,write,delete";
// contain read access to only what we need:
// 3rd party jar resources (where symlinks are not supported), test-files/ resources
permission java.io.FilePermission "${common.dir}${/}-", "read";
// 3rd party jar resources (where symlinks are supported)
permission java.io.FilePermission "${user.home}${/}.ivy2${/}cache${/}-", "read";
// system jar resources, and let TestIndexWriterOnJRECrash fork its jvm
permission java.io.FilePermission "${java.home}${/}-", "read,execute";
// should be enclosed within common.dir, but just in case:
permission java.io.FilePermission "${junit4.childvm.cwd}", "read";
// write only to sandbox
permission java.io.FilePermission "${junit4.childvm.cwd}${/}temp", "read,write,delete";
permission java.io.FilePermission "${junit4.childvm.cwd}${/}temp${/}-", "read,write,delete";
permission java.io.FilePermission "${junit4.tempDir}${/}*", "read,write,delete";
permission java.io.FilePermission "${clover.db.dir}${/}-", "read,write,delete";
// needed by gson serialization of junit4 runner: TODO clean that up
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
// needed by junit4 runner to capture sysout/syserr:
permission java.lang.RuntimePermission "setIO";
// needed by randomized runner to catch failures from other threads:
permission java.lang.RuntimePermission "setDefaultUncaughtExceptionHandler";
// needed by randomized runner getTopThreadGroup:
permission java.lang.RuntimePermission "modifyThreadGroup";
// needed by tests e.g. shutting down executors:
permission java.lang.RuntimePermission "modifyThread";
// needed for tons of test hacks etc
permission java.lang.RuntimePermission "getStackTrace";
// needed for mock filesystems in tests
permission java.lang.RuntimePermission "fileSystemProvider";
// needed for mock filesystems in tests (to capture implCloseChannel)
permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
// needed by junit nested compat tests (due to static fields reflection), TODO clean these up:
permission java.lang.RuntimePermission "accessClassInPackage.sun.util.calendar";
permission java.lang.RuntimePermission "accessClassInPackage.sun.util.locale";
permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.fs";
// needed for test of IOUtils.spins (maybe it can be avoided)
permission java.lang.RuntimePermission "getFileStoreAttributes";
// analyzers/morfologik: needed for a horrible context classloader hack for solr in morfologikfilter: nuke this
permission java.lang.RuntimePermission "setContextClassLoader";
// analyzers/uima: needed by UIMA message localization... (?)
permission java.lang.RuntimePermission "createSecurityManager";
permission java.lang.RuntimePermission "createClassLoader";
// needed to test unmap hack on platforms that support it
permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
// all possibilities of accepting/binding connections on localhost with ports >=1024:
permission java.net.SocketPermission "localhost:1024-", "accept,listen";
permission java.net.SocketPermission "127.0.0.1:1024-", "accept,listen";
permission java.net.SocketPermission "[::1]:1024-", "accept,listen";
// read access to all system properties:
// needed by junit4 BootstrapEvent (it calls System.getProperties, used by ant xml reporting?)
permission java.util.PropertyPermission "*", "read,write";
// replicator: jetty tests require some network permissions:
// all possibilities of accepting/binding/connecting on localhost with ports >= 1024:
permission java.net.SocketPermission "localhost:1024-", "accept,listen,connect,resolve";
permission java.net.SocketPermission "127.0.0.1:1024-", "accept,listen,connect,resolve";
permission java.net.SocketPermission "[::1]:1024-", "accept,listen,connect,resolve";
// This is a special case, because the network config of the ASF Jenkins server is broken,
// see: http://freebsd.1045724.n5.nabble.com/jail-external-and-localhost-distinction-td3967320.html
permission java.net.SocketPermission "lucene.zones.apache.org:1024-", "accept,listen";
// Allow connecting to the internet anywhere
permission java.net.SocketPermission "*", "connect,resolve";
// Basic permissions needed for Lucene to work:
permission java.util.PropertyPermission "*", "read,write";
permission java.lang.reflect.ReflectPermission "*";
permission java.lang.RuntimePermission "*";
permission java.net.SocketPermission "lucene.zones.apache.org:1024-", "accept,listen,connect,resolve";
// These two *have* to be spelled out a separate
permission java.lang.management.ManagementPermission "control";
permission java.lang.management.ManagementPermission "monitor";
// Solr needs those:
permission java.net.NetPermission "*";
permission java.sql.SQLPermission "*";
permission java.util.logging.LoggingPermission "control";
permission javax.management.MBeanPermission "*", "*";
permission javax.management.MBeanServerPermission "*";
permission javax.management.MBeanTrustPermission "*";
permission javax.security.auth.AuthPermission "*";
permission javax.security.auth.PrivateCredentialPermission "org.apache.hadoop.security.Credentials * \"*\"", "read";
permission java.security.SecurityPermission "putProviderProperty.SaslPlainServer";
permission java.security.SecurityPermission "insertProvider.SaslPlainServer";
permission javax.xml.bind.JAXBPermission "setDatatypeConverter";
// TIKA uses BouncyCastle and that registers new provider for PDF parsing + MSOffice parsing. Maybe report as bug!
permission java.security.SecurityPermission "putProviderProperty.BC";
permission java.security.SecurityPermission "insertProvider.BC";
// Needed for some things in DNS caching in the JVM
permission java.security.SecurityPermission "getProperty.networkaddress.cache.ttl";
permission java.security.SecurityPermission "getProperty.networkaddress.cache.negative.ttl";
// SSL related properties for Solr tests
permission java.security.SecurityPermission "getProperty.ssl.*";
// SASL/Kerberos related properties for Solr tests
permission javax.security.auth.PrivateCredentialPermission "javax.security.auth.kerberos.KerberosTicket * \"*\"", "read";
// may only be necessary with Java 7?
permission javax.security.auth.PrivateCredentialPermission "javax.security.auth.kerberos.KeyTab * \"*\"", "read";
permission javax.security.auth.PrivateCredentialPermission "sun.security.jgss.krb5.Krb5Util$KeysFromKeyTab * \"*\"", "read";
permission javax.security.auth.kerberos.ServicePermission "krbtgt/EXAMPLE.COM@EXAMPLE.COM", "initiate";
permission javax.security.auth.kerberos.ServicePermission "zookeeper/127.0.0.1@EXAMPLE.COM", "initiate";
permission javax.security.auth.kerberos.ServicePermission "zookeeper/127.0.0.1@EXAMPLE.COM", "accept";
// SSL related properties for jetty
permission java.security.SecurityPermission "getProperty.ssl.KeyManagerFactory.algorithm";
permission java.security.SecurityPermission "getProperty.ssl.TrustManagerFactory.algorithm";
};

View File

@ -38,6 +38,7 @@
<property name="maven.dist.dir" location="${package.dir}/maven"/>
<property name="lucene-libs" location="${dest}/lucene-libs" />
<property name="tests.userdir" location="src/test-files"/>
<property name="tests.policy" location="${common-solr.dir}/../lucene/tools/junit4/solr-tests.policy"/>
<property name="server.dir" location="${common-solr.dir}/server" />
<property name="example" location="${common-solr.dir}/example" />
<property name="javadoc.dir" location="${dest}/docs"/>