Grant Netty necessary permissions

When using the security networking implementations, the Netty jars that
are in play are those that are loaded in the X-Pack classloader. This
means that permissions granted to the Netty jars loaded in the
transport-netty4 module classloader do nothing. Instead, we have to
grant the same permissions to the Netty jars in the X-Pack
classloader. This commit does this.

Relates elastic/x-pack-elasticsearch#3247

Original commit: elastic/x-pack-elasticsearch@91780597b9

plugin/src/main/plugin-metadata/plugin-security.policy

@@ -21,10 +21,6 @@ grant {
   permission java.security.SecurityPermission "getPolicy";
   permission java.security.SecurityPermission "setPolicy";
 
-  // Netty SelectorUtil wants to change this, because of https://bugs.openjdk.java.net/browse/JDK-6427854
-  // the bug says it only happened rarely, and that its fixed, but apparently it still happens rarely!
-  permission java.util.PropertyPermission "sun.nio.ch.bugLevel", "write";
-
   // needed for multiple server implementations used in tests
   permission java.net.SocketPermission "*", "accept,connect";
 
@@ -32,6 +28,17 @@ grant {
   permission java.io.FilePermission "\\\\.\\pipe\\*", "read,write";
 };
 
+grant codeBase "${codebase.netty-common}" {
+   // for reading the system-wide configuration for the backlog of established sockets
+   permission java.io.FilePermission "/proc/sys/net/core/somaxconn", "read";
+};
+
+grant codeBase "${codebase.netty-transport}" {
+   // Netty NioEventLoop wants to change this, because of https://bugs.openjdk.java.net/browse/JDK-6427854
+   // the bug says it only happened rarely, and that its fixed, but apparently it still happens rarely!
+   permission java.util.PropertyPermission "sun.nio.ch.bugLevel", "write";
+};
+
 grant codeBase "${codebase.elasticsearch-rest-client}" {
   // rest client uses system properties which gets the default proxy
   permission java.net.NetPermission "getProxySelector";