diff --git a/.pom.xml.swp b/.pom.xml.swp
deleted file mode 100644
index 08f99ccc7b2..00000000000
Binary files a/.pom.xml.swp and /dev/null differ
diff --git a/pom.xml b/pom.xml
index 4a5528cf074..718e98e91ea 100644
--- a/pom.xml
+++ b/pom.xml
@@ -37,7 +37,7 @@
2.1.14
auto
true
- always
+ onerror
${project.basedir}/backwards
random
@@ -584,7 +584,6 @@
-Des.logger.prefix=
-XX:+HeapDumpOnOutOfMemoryError
-XX:HeapDumpPath=${tests.heapdump.path}
- -Djava.security.debug=access:failure,policy
${tests.shuffle}
${tests.verbose}
diff --git a/src/main/java/org/elasticsearch/bootstrap/ESPolicy.java b/src/main/java/org/elasticsearch/bootstrap/ESPolicy.java
index 5bf7f7ce299..befef74251b 100644
--- a/src/main/java/org/elasticsearch/bootstrap/ESPolicy.java
+++ b/src/main/java/org/elasticsearch/bootstrap/ESPolicy.java
@@ -19,8 +19,6 @@
package org.elasticsearch.bootstrap;
-import org.elasticsearch.common.SuppressForbidden;
-
import java.net.URI;
import java.security.Permission;
import java.security.PermissionCollection;
@@ -37,17 +35,14 @@ public class ESPolicy extends Policy {
final Policy template;
final PermissionCollection dynamic;
- @SuppressForbidden(reason = "ok")
public ESPolicy(PermissionCollection dynamic) throws Exception {
URI uri = getClass().getResource(POLICY_RESOURCE).toURI();
- System.out.println("temp=" + System.getProperty("java.io.tmpdir"));
this.template = Policy.getInstance("JavaPolicy", new URIParameter(uri));
this.dynamic = dynamic;
}
- @Override @SuppressForbidden(reason = "ok")
+ @Override
public boolean implies(ProtectionDomain domain, Permission permission) {
- //System.out.println("domain=" + domain);
return template.implies(domain, permission) || dynamic.implies(permission);
}
}
diff --git a/src/main/java/org/elasticsearch/bootstrap/Security.java b/src/main/java/org/elasticsearch/bootstrap/Security.java
index 9ed66af4499..82a6edf752f 100644
--- a/src/main/java/org/elasticsearch/bootstrap/Security.java
+++ b/src/main/java/org/elasticsearch/bootstrap/Security.java
@@ -19,10 +19,10 @@
package org.elasticsearch.bootstrap;
+import org.elasticsearch.common.io.PathUtils;
import org.elasticsearch.env.Environment;
import java.io.*;
-import java.net.URI;
import java.nio.file.Files;
import java.nio.file.Path;
import java.security.Permissions;
@@ -34,7 +34,7 @@ import java.security.Policy;
* We use a template file (the one we test with), and add additional
* permissions based on the environment (data paths, etc)
*/
-class Security {
+public class Security {
/**
* Initializes securitymanager for the environment
@@ -42,7 +42,7 @@ class Security {
*/
static void configure(Environment environment) throws Exception {
// enable security policy: union of template and environment-based paths.
- Policy.setPolicy(new ESPolicy(createPermissions(environment)));
+ Policy.setPolicy(new ESPolicy(createPermissions(environment, true)));
// enable security manager
System.setSecurityManager(new SecurityManager());
@@ -52,10 +52,13 @@ class Security {
}
/** returns dynamic Permissions to configured paths */
- static Permissions createPermissions(Environment environment) throws IOException {
+ static Permissions createPermissions(Environment environment, boolean addTempDir) throws IOException {
// TODO: improve test infra so we can reduce permissions where read/write
// is not really needed...
Permissions policy = new Permissions();
+ if (addTempDir) {
+ addPath(policy, PathUtils.get(System.getProperty("java.io.tmpdir")), "read,readlink,write,delete");
+ }
addPath(policy, environment.homeFile(), "read,readlink,write,delete");
addPath(policy, environment.configFile(), "read,readlink,write,delete");
addPath(policy, environment.logsFile(), "read,readlink,write,delete");
@@ -71,7 +74,7 @@ class Security {
}
/** Add access to path (and all files underneath it */
- static void addPath(Permissions policy, Path path, String permissions) throws IOException {
+ public static void addPath(Permissions policy, Path path, String permissions) throws IOException {
// paths may not exist yet
Files.createDirectories(path);
// add each path twice: once for itself, again for files underneath it
@@ -80,7 +83,7 @@ class Security {
}
/** Simple checks that everything is ok */
- static void selfTest() {
+ public static void selfTest() {
// check we can manipulate temporary files
try {
Files.delete(Files.createTempFile(null, null));
diff --git a/src/main/resources/org/elasticsearch/bootstrap/security.policy b/src/main/resources/org/elasticsearch/bootstrap/security.policy
index ac5df915bd2..b10a2949df3 100644
--- a/src/main/resources/org/elasticsearch/bootstrap/security.policy
+++ b/src/main/resources/org/elasticsearch/bootstrap/security.policy
@@ -21,15 +21,36 @@
// On startup, BootStrap reads environment and adds additional permissions
// for configured paths to these.
+//// System code permissions:
+
+// These permissions apply to javac
+grant codeBase "file:${java.home}/lib/-" {
+ permission java.security.AllPermission;
+};
+
+// These permissions apply to all shared system extensions
+grant codeBase "file:${java.home}/jre/lib/ext/-" {
+ permission java.security.AllPermission;
+};
+
+// These permissions apply to javac when ${java.home] points at $JAVA_HOME/jre
+grant codeBase "file:${java.home}/../lib/-" {
+ permission java.security.AllPermission;
+};
+
+// These permissions apply to all shared system extensions when
+// ${java.home} points at $JAVA_HOME/jre
+grant codeBase "file:${java.home}/lib/ext/-" {
+ permission java.security.AllPermission;
+};
+
+//// Everything else:
+
grant {
// system jar resources
permission java.io.FilePermission "${java.home}${/}-", "read";
- // temporary files
- permission java.io.FilePermission "${java.io.tmpdir}", "read,write";
- permission java.io.FilePermission "${java.io.tmpdir}${/}-", "read,write,delete";
-
// paths used for running tests
// compiled classes
permission java.io.FilePermission "${project.basedir}${/}target${/}classes${/}-", "read";
diff --git a/src/test/java/org/elasticsearch/bootstrap/SecurityTests.java b/src/test/java/org/elasticsearch/bootstrap/SecurityTests.java
index edbcafdddbd..01f370b0037 100644
--- a/src/test/java/org/elasticsearch/bootstrap/SecurityTests.java
+++ b/src/test/java/org/elasticsearch/bootstrap/SecurityTests.java
@@ -40,11 +40,12 @@ public class SecurityTests extends ElasticsearchTestCase {
Settings settings = settingsBuilder.build();
Environment environment = new Environment(settings);
- Permissions permissions = Security.createPermissions(environment);
+ // we pass false to not include temp (or it will grant permissions to everything here)
+ Permissions permissions = Security.createPermissions(environment, false);
// the fake es home
assertTrue(permissions.implies(new FilePermission(esHome.toString(), "read")));
- // its parent
+ // its filesystem root
assertFalse(permissions.implies(new FilePermission(path.toString(), "read")));
// some other sibling
assertFalse(permissions.implies(new FilePermission(path.resolve("other").toString(), "read")));
@@ -63,7 +64,7 @@ public class SecurityTests extends ElasticsearchTestCase {
Settings settings = settingsBuilder.build();
Environment environment = new Environment(settings);
- Permissions permissions = Security.createPermissions(environment);
+ Permissions permissions = Security.createPermissions(environment, false);
// check that all directories got permissions:
// homefile: this is needed unless we break out rules for "lib" dir.
diff --git a/src/test/java/org/elasticsearch/test/ElasticsearchTestCase.java b/src/test/java/org/elasticsearch/test/ElasticsearchTestCase.java
index 02c02b2ed6e..f102087b2b4 100644
--- a/src/test/java/org/elasticsearch/test/ElasticsearchTestCase.java
+++ b/src/test/java/org/elasticsearch/test/ElasticsearchTestCase.java
@@ -93,7 +93,7 @@ import static com.google.common.collect.Lists.newArrayList;
public abstract class ElasticsearchTestCase extends LuceneTestCase {
static {
- SecurityHack.ensureInitialized();
+ SecurityBootstrap.ensureInitialized();
}
protected final ESLogger logger = Loggers.getLogger(getClass());
diff --git a/src/test/java/org/elasticsearch/test/ElasticsearchTokenStreamTestCase.java b/src/test/java/org/elasticsearch/test/ElasticsearchTokenStreamTestCase.java
index a61fe704867..8374472dba8 100644
--- a/src/test/java/org/elasticsearch/test/ElasticsearchTokenStreamTestCase.java
+++ b/src/test/java/org/elasticsearch/test/ElasticsearchTokenStreamTestCase.java
@@ -43,7 +43,7 @@ import org.elasticsearch.test.junit.listeners.ReproduceInfoPrinter;
public abstract class ElasticsearchTokenStreamTestCase extends BaseTokenStreamTestCase {
static {
- SecurityHack.ensureInitialized();
+ SecurityBootstrap.ensureInitialized();
}
public static Version randomVersion() {
diff --git a/src/test/java/org/elasticsearch/test/SecurityHack.java b/src/test/java/org/elasticsearch/test/SecurityBootstrap.java
similarity index 72%
rename from src/test/java/org/elasticsearch/test/SecurityHack.java
rename to src/test/java/org/elasticsearch/test/SecurityBootstrap.java
index 9aa44e4f5da..d5e050a0d3e 100644
--- a/src/test/java/org/elasticsearch/test/SecurityHack.java
+++ b/src/test/java/org/elasticsearch/test/SecurityBootstrap.java
@@ -22,6 +22,8 @@ package org.elasticsearch.test;
import org.apache.lucene.util.TestSecurityManager;
import org.elasticsearch.bootstrap.Bootstrap;
import org.elasticsearch.bootstrap.ESPolicy;
+import org.elasticsearch.bootstrap.Security;
+import org.elasticsearch.common.io.PathUtils;
import java.security.Permissions;
import java.security.Policy;
@@ -32,10 +34,13 @@ import static com.carrotsearch.randomizedtesting.RandomizedTest.systemPropertyAs
* Installs test security manager (ensures it happens regardless of which
* test case happens to be first, test ordering, etc).
*
- * Note that this is BS, this should be done by the jvm (by passing -Djava.security.manager).
- * turning it on/off needs to be the role of maven, not this stuff.
+ * The idea is to mimic as much as possible what happens with ES in production
+ * mode (e.g. assign permissions and install security manager the same way)
*/
-class SecurityHack {
+class SecurityBootstrap {
+
+ // TODO: can we share more code with the non-test side here
+ // without making things complex???
static {
// just like bootstrap, initialize natives, then SM
@@ -43,8 +48,12 @@ class SecurityHack {
// install security manager if requested
if (systemPropertyAsBoolean("tests.security.manager", false)) {
try {
- Policy.setPolicy(new ESPolicy(new Permissions()));
+ // initialize tmpdir the same exact way as bootstrap.
+ Permissions perms = new Permissions();
+ Security.addPath(perms, PathUtils.get(System.getProperty("java.io.tmpdir")), "read,readlink,write,delete");
+ Policy.setPolicy(new ESPolicy(perms));
System.setSecurityManager(new TestSecurityManager());
+ Security.selfTest();
} catch (Exception e) {
throw new RuntimeException("unable to install test security manager", e);
}