diff --git a/core/src/main/java/org/elasticsearch/bootstrap/Security.java b/core/src/main/java/org/elasticsearch/bootstrap/Security.java index df2f6481739..263af4383d4 100644 --- a/core/src/main/java/org/elasticsearch/bootstrap/Security.java +++ b/core/src/main/java/org/elasticsearch/bootstrap/Security.java @@ -163,9 +163,11 @@ final class Security { static final Map SPECIAL_PLUGINS; static { Map m = new HashMap<>(); - m.put("repository-s3", "org.elasticsearch.plugin.repository.s3.S3RepositoryPlugin"); - m.put("discovery-ec2", "org.elasticsearch.plugin.discovery.ec2.Ec2DiscoveryPlugin"); - m.put("cloud-gce", "org.elasticsearch.plugin.cloud.gce.CloudGcePlugin"); + m.put("repository-s3", "org.elasticsearch.plugin.repository.s3.S3RepositoryPlugin"); + m.put("discovery-ec2", "org.elasticsearch.plugin.discovery.ec2.Ec2DiscoveryPlugin"); + m.put("cloud-gce", "org.elasticsearch.plugin.cloud.gce.CloudGcePlugin"); + m.put("lang-javascript", "org.elasticsearch.plugin.javascript.JavaScriptPlugin"); + m.put("lang-python", "org.elasticsearch.plugin.python.PythonPlugin"); SPECIAL_PLUGINS = Collections.unmodifiableMap(m); } diff --git a/core/src/main/resources/org/elasticsearch/bootstrap/security.policy b/core/src/main/resources/org/elasticsearch/bootstrap/security.policy index c21e58d1d53..47444df9a99 100644 --- a/core/src/main/resources/org/elasticsearch/bootstrap/security.policy +++ b/core/src/main/resources/org/elasticsearch/bootstrap/security.policy @@ -57,13 +57,26 @@ grant codeBase "${es.security.plugin.cloud-gce}" { permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; }; +grant codeBase "${es.security.plugin.lang-javascript}" { + // needed to generate runtime classes + permission java.lang.RuntimePermission "createClassLoader"; +}; + +grant codeBase "${es.security.plugin.lang-python}" { + // needed to generate runtime classes + permission java.lang.RuntimePermission "createClassLoader"; +}; + //// test framework permissions. //// These are mock objects and test management that we allow test framework libs //// to provide on our behalf. But tests themselves cannot do this stuff! grant codeBase "${es.security.jar.elasticsearch.securemock}" { + // needed to access ReflectionFactory (see below) + permission java.lang.RuntimePermission "accessClassInPackage.sun.reflect"; // needed to support creation of mocks permission java.lang.RuntimePermission "reflectionFactoryAccess"; + // needed for spy interception, etc permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; }; diff --git a/plugins/lang-python/src/main/java/org/elasticsearch/script/python/PythonScriptEngineService.java b/plugins/lang-python/src/main/java/org/elasticsearch/script/python/PythonScriptEngineService.java index 4bdf985c58a..199edc3dac3 100644 --- a/plugins/lang-python/src/main/java/org/elasticsearch/script/python/PythonScriptEngineService.java +++ b/plugins/lang-python/src/main/java/org/elasticsearch/script/python/PythonScriptEngineService.java @@ -20,6 +20,8 @@ package org.elasticsearch.script.python; import java.io.IOException; +import java.security.AccessController; +import java.security.PrivilegedAction; import java.util.Map; import org.apache.lucene.index.LeafReaderContext; @@ -54,7 +56,13 @@ public class PythonScriptEngineService extends AbstractComponent implements Scri public PythonScriptEngineService(Settings settings) { super(settings); - this.interp = PythonInterpreter.threadLocalStateInterpreter(null); + // classloader created here + this.interp = AccessController.doPrivileged(new PrivilegedAction () { + @Override + public PythonInterpreter run() { + return PythonInterpreter.threadLocalStateInterpreter(null); + } + }); } @Override @@ -74,7 +82,13 @@ public class PythonScriptEngineService extends AbstractComponent implements Scri @Override public Object compile(String script) { - return interp.compile(script); + // classloader created here + return AccessController.doPrivileged(new PrivilegedAction() { + @Override + public PyCode run() { + return interp.compile(script); + } + }); } @Override