/* * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ // Policy file for solr. Please keep minimal and avoid wildcards. // permissions needed for tests to pass, based on properties set by the build system // NOTE: if the property is not set, the permission entry is ignored. grant { // 3rd party jar resources (where symlinks are not supported), test-files/ resources permission java.io.FilePermission "${common.dir}${/}-", "read"; permission java.io.FilePermission "${common.dir}${/}..${/}solr${/}-", "read"; // system jar resources permission java.io.FilePermission "${java.home}${/}-", "read"; // Test launchers (randomizedtesting, etc.) permission java.io.FilePermission "${java.io.tmpdir}", "read,write"; permission java.io.FilePermission "${java.io.tmpdir}${/}-", "read,write,delete"; permission java.io.FilePermission "${tests.linedocsfile}", "read"; // DirectoryFactoryTest messes with these (wtf?) permission java.io.FilePermission "/tmp/inst1/conf/solrcore.properties", "read"; permission java.io.FilePermission "/path/to/myinst/conf/solrcore.properties", "read"; // TestConfigSets messes with these (wtf?) permission java.io.FilePermission "/path/to/solr/home/lib", "read"; permission java.nio.file.LinkPermission "hard"; // all possibilities of accepting/binding/connections on localhost with ports >=1024: permission java.net.SocketPermission "localhost:1024-", "accept,listen,connect,resolve"; permission java.net.SocketPermission "127.0.0.1:1024-", "accept,listen,connect,resolve"; permission java.net.SocketPermission "[::1]:1024-", "accept,listen,connect,resolve"; // "dead hosts", we try to keep it fast permission java.net.SocketPermission "[::1]:4", "connect,resolve"; permission java.net.SocketPermission "[::1]:6", "connect,resolve"; permission java.net.SocketPermission "[::1]:8", "connect,resolve"; // Basic permissions needed for Lucene to work: permission java.util.PropertyPermission "*", "read,write"; // needed by randomizedtesting runner to identify test methods. permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; permission java.lang.RuntimePermission "accessDeclaredMembers"; // needed by certain tests to redirect sysout/syserr: permission java.lang.RuntimePermission "setIO"; // needed by randomized runner to catch failures from other threads: permission java.lang.RuntimePermission "setDefaultUncaughtExceptionHandler"; // needed by randomized runner getTopThreadGroup: permission java.lang.RuntimePermission "modifyThreadGroup"; // needed by tests e.g. shutting down executors: permission java.lang.RuntimePermission "modifyThread"; // needed for tons of test hacks etc permission java.lang.RuntimePermission "getStackTrace"; // needed for mock filesystems in tests permission java.lang.RuntimePermission "fileSystemProvider"; // needed by IndexFetcher permission java.lang.RuntimePermission "getFileStoreAttributes"; // analyzers/uima: needed by lucene expressions' JavascriptCompiler permission java.lang.RuntimePermission "createClassLoader"; // needed to test unmap hack on platforms that support it permission java.lang.RuntimePermission "accessClassInPackage.sun.misc"; // needed by jacoco to dump coverage permission java.lang.RuntimePermission "shutdownHooks"; // needed by org.apache.logging.log4j permission java.lang.RuntimePermission "getenv.*"; permission java.lang.RuntimePermission "getClassLoader"; permission java.lang.RuntimePermission "setContextClassLoader"; permission java.lang.RuntimePermission "getStackWalkerWithClassReference"; // needed by bytebuddy permission java.lang.RuntimePermission "defineClass"; // needed by mockito permission java.lang.RuntimePermission "accessClassInPackage.sun.reflect"; permission java.lang.RuntimePermission "reflectionFactoryAccess"; // needed by SolrResourceLoader permission java.lang.RuntimePermission "closeClassLoader"; // needed by HttpSolrClient permission java.lang.RuntimePermission "getFileSystemAttributes"; // needed by hadoop auth (TODO: there is a cleaner way to handle this) permission java.lang.RuntimePermission "loadLibrary.jaas"; permission java.lang.RuntimePermission "loadLibrary.jaas_unix"; permission java.lang.RuntimePermission "loadLibrary.jaas_nt"; // needed by hadoop common RawLocalFileSystem for java nio getOwner permission java.lang.RuntimePermission "accessUserInformation"; // needed by hadoop hdfs permission java.lang.RuntimePermission "readFileDescriptor"; permission java.lang.RuntimePermission "writeFileDescriptor"; // needed by hadoop http permission java.lang.RuntimePermission "getProtectionDomain"; // These two *have* to be spelled out a separate permission java.lang.management.ManagementPermission "control"; permission java.lang.management.ManagementPermission "monitor"; // needed by hadoop htrace permission java.net.NetPermission "getNetworkInformation"; // needed by DIH - possibly even after DIH is a package permission java.sql.SQLPermission "deregisterDriver"; permission java.util.logging.LoggingPermission "control"; // needed by solr mbeans feature/tests // TODO: can we remove wildcard for class names/members? permission javax.management.MBeanPermission "*", "getAttribute"; permission javax.management.MBeanPermission "*", "getMBeanInfo"; permission javax.management.MBeanPermission "*", "queryMBeans"; permission javax.management.MBeanPermission "*", "queryNames"; permission javax.management.MBeanPermission "*", "registerMBean"; permission javax.management.MBeanPermission "*", "unregisterMBean"; permission javax.management.MBeanServerPermission "createMBeanServer"; permission javax.management.MBeanServerPermission "findMBeanServer"; permission javax.management.MBeanServerPermission "releaseMBeanServer"; permission javax.management.MBeanTrustPermission "register"; // needed by hadoop auth permission javax.security.auth.AuthPermission "getSubject"; permission javax.security.auth.AuthPermission "modifyPrincipals"; permission javax.security.auth.AuthPermission "doAs"; permission javax.security.auth.AuthPermission "getLoginConfiguration"; permission javax.security.auth.AuthPermission "setLoginConfiguration"; permission javax.security.auth.AuthPermission "modifyPrivateCredentials"; permission javax.security.auth.AuthPermission "modifyPublicCredentials"; permission javax.security.auth.PrivateCredentialPermission "org.apache.hadoop.security.Credentials * \"*\"", "read"; // needed by hadoop security permission java.security.SecurityPermission "putProviderProperty.SaslPlainServer"; permission java.security.SecurityPermission "insertProvider"; permission javax.xml.bind.JAXBPermission "setDatatypeConverter"; // SSL related properties for Solr tests permission javax.net.ssl.SSLPermission "setDefaultSSLContext"; // SASL/Kerberos related properties for Solr tests permission javax.security.auth.PrivateCredentialPermission "javax.security.auth.kerberos.KerberosTicket * \"*\"", "read"; // may only be necessary with Java 7? permission javax.security.auth.PrivateCredentialPermission "javax.security.auth.kerberos.KeyTab * \"*\"", "read"; permission javax.security.auth.PrivateCredentialPermission "sun.security.jgss.krb5.Krb5Util$KeysFromKeyTab * \"*\"", "read"; permission javax.security.auth.kerberos.ServicePermission "*", "initiate"; permission javax.security.auth.kerberos.ServicePermission "*", "accept"; permission javax.security.auth.kerberos.DelegationPermission "\"*\" \"krbtgt/EXAMPLE.COM@EXAMPLE.COM\""; // java 8 accessibility requires this perm - should not after 8 I believe (rrd4j is the root reason we hit an accessibility code path) permission java.awt.AWTPermission "*"; // used by solr to create sandboxes (e.g. script execution) permission java.security.SecurityPermission "createAccessControlContext"; }; // additional permissions based on system properties set by /bin/solr // NOTE: if the property is not set, the permission entry is ignored. grant { permission java.io.FilePermission "${hadoop.security.credential.provider.path}", "read,write,delete,readlink"; permission java.io.FilePermission "${hadoop.security.credential.provider.path}${/}-", "read,write,delete,readlink"; permission java.io.FilePermission "${solr.jetty.keystore}", "read,write,delete,readlink"; permission java.io.FilePermission "${solr.jetty.keystore}${/}-", "read,write,delete,readlink"; permission java.io.FilePermission "${solr.jetty.truststore}", "read,write,delete,readlink"; permission java.io.FilePermission "${solr.jetty.truststore}${/}-", "read,write,delete,readlink"; permission java.io.FilePermission "${solr.install.dir}", "read,write,delete,readlink"; permission java.io.FilePermission "${solr.install.dir}${/}-", "read,write,delete,readlink"; permission java.io.FilePermission "${jetty.home}", "read,write,delete,readlink"; permission java.io.FilePermission "${jetty.home}${/}-", "read,write,delete,readlink"; permission java.io.FilePermission "${solr.solr.home}", "read,write,delete,readlink"; permission java.io.FilePermission "${solr.solr.home}${/}-", "read,write,delete,readlink"; permission java.io.FilePermission "${solr.data.home}", "read,write,delete,readlink"; permission java.io.FilePermission "${solr.data.home}${/}-", "read,write,delete,readlink"; permission java.io.FilePermission "${solr.default.confdir}", "read,write,delete,readlink"; permission java.io.FilePermission "${solr.default.confdir}${/}-", "read,write,delete,readlink"; permission java.io.FilePermission "${solr.log.dir}", "read,write,delete,readlink"; permission java.io.FilePermission "${solr.log.dir}${/}-", "read,write,delete,readlink"; permission java.io.FilePermission "${log4j.configurationFile}", "read,write,delete,readlink"; // expanded to a wildcard if set, allows all networking everywhere permission java.net.SocketPermission "${solr.internal.network.permission}", "accept,listen,connect,resolve"; }; // Grant all permissions to Gradle test runner classes. grant codeBase "file:${gradle.lib.dir}${/}-" { permission java.security.AllPermission; }; grant codeBase "file:${gradle.worker.jar}" { permission java.security.AllPermission; }; grant { // Allow reading gradle worker JAR. permission java.io.FilePermission "${gradle.worker.jar}", "read"; // Allow reading from classpath JARs (resources). permission java.io.FilePermission "${gradle.user.home}${/}-", "read"; };