honeymoose/OpenSearch
1
0
Fork 0
mirror of https://github.com/honeymoose/OpenSearch.git synced 2025-02-17 10:25:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Generate access to tests paths like other paths.

Browse Source
This commit is contained in:
Robert Muir 2015-05-11 18:04:14 -04:00
parent 852482844c
commit 3ccdde7e2a
2 changed files with 18 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/main/resources/org/elasticsearch/bootstrap/security.policy
View File

@ -32,18 +32,6 @@ grant codeBase "file:${{java.ext.dirs}}/*" {
grant { grant {
// system jar resources
permission java.io.FilePermission "${java.home}${/}-", "read";
// paths used for running tests
// compiled classes
permission java.io.FilePermission "${project.basedir}${/}target${/}classes${/}-", "read";
permission java.io.FilePermission "${project.basedir}${/}target${/}test-classes${/}-", "read";
// read permission for lib sigar
permission java.io.FilePermission "${project.basedir}${/}lib${/}sigar${/}-", "read";
// mvn custom ./m2/repository for dependency jars
permission java.io.FilePermission "${m2.repository}${/}-", "read";
permission java.nio.file.LinkPermission "symbolic"; permission java.nio.file.LinkPermission "symbolic";
permission groovy.security.GroovyCodeSourcePermission "/groovy/script"; permission groovy.security.GroovyCodeSourcePermission "/groovy/script";

20
src/test/java/org/elasticsearch/test/SecurityBootstrap.java
View File

@ -25,8 +25,10 @@ import org.elasticsearch.bootstrap.ESPolicy;
import org.elasticsearch.bootstrap.Security; import org.elasticsearch.bootstrap.Security;
import org.elasticsearch.common.io.PathUtils; import org.elasticsearch.common.io.PathUtils;
import java.nio.file.Path;
import java.security.Permissions; import java.security.Permissions;
import java.security.Policy; import java.security.Policy;
import java.util.Objects;
import static com.carrotsearch.randomizedtesting.RandomizedTest.systemPropertyAsBoolean; import static com.carrotsearch.randomizedtesting.RandomizedTest.systemPropertyAsBoolean;
@ -48,9 +50,23 @@ class SecurityBootstrap {
// install security manager if requested // install security manager if requested
if (systemPropertyAsBoolean("tests.security.manager", false)) { if (systemPropertyAsBoolean("tests.security.manager", false)) {
try { try {
// initialize tmpdir the same exact way as bootstrap. // initialize paths the same exact way as bootstrap.
Permissions perms = new Permissions(); Permissions perms = new Permissions();
Security.addPath(perms, PathUtils.get(System.getProperty("java.io.tmpdir")), "read,readlink,write,delete"); Path basedir = PathUtils.get(Objects.requireNonNull(System.getProperty("project.basedir"),
"please set ${project.basedir} in pom.xml"));
// target/classes, target/test-classes
Security.addPath(perms, basedir.resolve("target").resolve("classes"), "read,readlink");
Security.addPath(perms, basedir.resolve("target").resolve("test-classes"), "read,readlink");
// lib/sigar
Security.addPath(perms, basedir.resolve("lib").resolve("sigar"), "read,readlink");
// .m2/repository
Path m2repoDir = PathUtils.get(Objects.requireNonNull(System.getProperty("m2.repository"),
"please set ${m2.repository} in pom.xml"));
Security.addPath(perms, m2repoDir, "read,readlink");
// java.io.tmpdir
Path javaTmpDir = PathUtils.get(Objects.requireNonNull(System.getProperty("java.io.tmpdir"),
"please set ${java.io.tmpdir} in pom.xml"));
Security.addPath(perms, javaTmpDir, "read,readlink,write,delete");
Policy.setPolicy(new ESPolicy(perms)); Policy.setPolicy(new ESPolicy(perms));
System.setSecurityManager(new TestSecurityManager()); System.setSecurityManager(new TestSecurityManager());
Security.selfTest(); Security.selfTest();