honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Reduce security permissions in CCR plugin (#41391) 

It looks like these permissions were copy/pasted from another plugin yet
almost none of these permissions are needed for the CCR plugin. This
commit removes all these unneeded permissions from the CCR plugin.
This commit is contained in:
Jason Tedor 2019-04-20 08:21:10 -04:00
parent 2b20bd0b8d
commit 21bf2fe3c4
No known key found for this signature in database
GPG Key ID: FA89F05560F16BC5
1 changed files with 0 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
x-pack/plugin/ccr/src/main/plugin-metadata/plugin-security.policy
View File

@ -1,50 +1,4 @@
grant {
// needed because of problems in unbound LDAP library
permission java.util.PropertyPermission "*", "read,write";
// required to configure the custom mailcap for watcher
permission java.lang.RuntimePermission "setFactory";
// needed when sending emails for javax.activation
// otherwise a classnotfound exception is thrown due to trying
// to load the class with the application class loader
permission java.lang.RuntimePermission "setContextClassLoader";
permission java.lang.RuntimePermission "getClassLoader";
// TODO: remove use of this jar as soon as possible!!!!
permission java.lang.RuntimePermission "accessClassInPackage.com.sun.activation.registries";
// bouncy castle
permission java.security.SecurityPermission "putProviderProperty.BC";
// needed for x-pack security extension
permission java.security.SecurityPermission "createPolicy.JavaPolicy";
permission java.security.SecurityPermission "getPolicy";
permission java.security.SecurityPermission "setPolicy";
// needed for multiple server implementations used in tests
permission java.net.SocketPermission "*", "accept,connect";
// needed for Windows named pipes in machine learning
permission java.io.FilePermission "\\\\.\\pipe\\*", "read,write";
};
grant codeBase "${codebase.netty-common}" {
// for reading the system-wide configuration for the backlog of established sockets
permission java.io.FilePermission "/proc/sys/net/core/somaxconn", "read";
};
grant codeBase "${codebase.netty-transport}" {
// Netty NioEventLoop wants to change this, because of https://bugs.openjdk.java.net/browse/JDK-6427854
// the bug says it only happened rarely, and that its fixed, but apparently it still happens rarely!
permission java.util.PropertyPermission "sun.nio.ch.bugLevel", "write";
};
grant codeBase "${codebase.elasticsearch-rest-client}" {
// rest client uses system properties which gets the default proxy
permission java.net.NetPermission "getProxySelector";
};
grant codeBase "${codebase.httpasyncclient}" {
// rest client uses system properties which gets the default proxy
permission java.net.NetPermission "getProxySelector";
};