Merge pull request #15378 from rmuir/tame_reflection

Remove RuntimePermission("accessDeclaredMembers")

buildSrc/src/main/resources/forbidden/all-signatures.txt

@@ -92,6 +92,13 @@ java.net.InetAddress#getCanonicalHostName()
 java.net.InetSocketAddress#getHostName() @ Use getHostString() instead, which avoids a DNS lookup
 
 @defaultMessage Do not violate java's access system
+java.lang.Class#getDeclaredClasses() @ Do not violate java's access system: Use getClasses() instead
+java.lang.Class#getDeclaredConstructor(java.lang.Class[]) @ Do not violate java's access system: Use getConstructor() instead
+java.lang.Class#getDeclaredConstructors() @ Do not violate java's access system: Use getConstructors() instead
+java.lang.Class#getDeclaredField(java.lang.String) @ Do not violate java's access system: Use getField() instead
+java.lang.Class#getDeclaredFields() @ Do not violate java's access system: Use getFields() instead
+java.lang.Class#getDeclaredMethod(java.lang.String, java.lang.Class[]) @ Do not violate java's access system: Use getMethod() instead
+java.lang.Class#getDeclaredMethods() @ Do not violate java's access system: Use getMethods() instead
 java.lang.reflect.AccessibleObject#setAccessible(boolean)
 java.lang.reflect.AccessibleObject#setAccessible(java.lang.reflect.AccessibleObject[], boolean)
 

buildSrc/version.properties

@@ -1,5 +1,5 @@
 elasticsearch     = 3.0.0-SNAPSHOT
-lucene            = 5.4.0-snapshot-1715952
+lucene            = 5.5.0-snapshot-1719088
 
 # optional dependencies
 spatial4j         = 0.5
@@ -11,7 +11,7 @@ jna               = 4.1.0
 
 
 # test dependencies
-randomizedrunner  = 2.2.0
+randomizedrunner  = 2.3.2
 junit             = 4.11
 httpclient        = 4.3.6
 httpcore          = 4.3.3

core/src/main/java/org/elasticsearch/Version.java

@@ -276,7 +276,7 @@ public class Version {
     public static final int V_2_2_0_ID = 2020099;
     public static final Version V_2_2_0 = new Version(V_2_2_0_ID, true, org.apache.lucene.util.Version.LUCENE_5_4_0);
     public static final int V_3_0_0_ID = 3000099;
-    public static final Version V_3_0_0 = new Version(V_3_0_0_ID, true, org.apache.lucene.util.Version.LUCENE_5_4_0);
+    public static final Version V_3_0_0 = new Version(V_3_0_0_ID, true, org.apache.lucene.util.Version.LUCENE_5_5_0);
     public static final Version CURRENT = V_3_0_0;
 
     static {

core/src/main/java/org/elasticsearch/common/inject/Key.java

@@ -333,7 +333,7 @@ public class Key<T> {
      * Returns {@code true} if the given annotation type has no attributes.
      */
     static boolean isMarker(Class<? extends Annotation> annotationType) {
-        return annotationType.getDeclaredMethods().length == 0;
+        return annotationType.getMethods().length == 0;
     }
 
     /**
@@ -345,7 +345,7 @@ public class Key<T> {
         ensureRetainedAtRuntime(annotationType);
         ensureIsBindingAnnotation(annotationType);
 
-        if (annotationType.getDeclaredMethods().length == 0) {
+        if (annotationType.getMethods().length == 0) {
             return new AnnotationTypeStrategy(annotationType, annotation);
         }
 

core/src/main/java/org/elasticsearch/common/inject/Reflection.java

@@ -41,7 +41,7 @@ class Reflection {
     @SuppressWarnings("unchecked")
     static <T> Constructor<T> invalidConstructor() {
         try {
-            return (Constructor<T>) InvalidConstructor.class.getDeclaredConstructor();
+            return (Constructor<T>) InvalidConstructor.class.getConstructor();
         } catch (NoSuchMethodException e) {
             throw new AssertionError(e);
         }

core/src/main/java/org/elasticsearch/common/inject/assistedinject/FactoryProvider.java

@@ -212,7 +212,7 @@ public class FactoryProvider<F> implements Provider<F>, HasDependencies {
             TypeLiteral<?> factoryType, TypeLiteral<?> implementationType) {
         List<AssistedConstructor<?>> constructors = new ArrayList<>();
 
-        for (Constructor<?> constructor : implementationType.getRawType().getDeclaredConstructors()) {
+        for (Constructor<?> constructor : implementationType.getRawType().getConstructors()) {
             if (constructor.getAnnotation(AssistedInject.class) != null) {
                 @SuppressWarnings("unchecked") // the constructor type and implementation type agree
                         AssistedConstructor assistedConstructor = new AssistedConstructor(

core/src/main/java/org/elasticsearch/common/inject/internal/ProviderMethodsModule.java

@@ -83,7 +83,7 @@ public final class ProviderMethodsModule implements Module {
     public List<ProviderMethod<?>> getProviderMethods(Binder binder) {
         List<ProviderMethod<?>> result = new ArrayList<>();
         for (Class<?> c = delegate.getClass(); c != Object.class; c = c.getSuperclass()) {
-            for (Method method : c.getDeclaredMethods()) {
+            for (Method method : c.getMethods()) {
                 if (method.getAnnotation(Provides.class) != null) {
                     result.add(createProviderMethod(binder, method));
                 }

core/src/main/java/org/elasticsearch/common/inject/spi/InjectionPoint.java

@@ -188,7 +188,7 @@ public final class InjectionPoint {
         Errors errors = new Errors(rawType);
 
         Constructor<?> injectableConstructor = null;
-        for (Constructor<?> constructor : rawType.getDeclaredConstructors()) {
+        for (Constructor<?> constructor : rawType.getConstructors()) {
             Inject inject = constructor.getAnnotation(Inject.class);
             if (inject != null) {
                 if (inject.optional()) {
@@ -212,7 +212,7 @@ public final class InjectionPoint {
 
         // If no annotated constructor is found, look for a no-arg constructor instead.
         try {
-            Constructor<?> noArgConstructor = rawType.getDeclaredConstructor();
+            Constructor<?> noArgConstructor = rawType.getConstructor();
 
             // Disallow private constructors on non-private classes (unless they have @Inject)
             if (Modifier.isPrivate(noArgConstructor.getModifiers())
@@ -334,7 +334,7 @@ public final class InjectionPoint {
         // name. In Scala, fields always get accessor methods (that we need to ignore). See bug 242.
         if (member instanceof Method) {
             try {
-                if (member.getDeclaringClass().getDeclaredField(member.getName()) != null) {
+                if (member.getDeclaringClass().getField(member.getName()) != null) {
                     return;
                 }
             } catch (NoSuchFieldException ignore) {
@@ -390,7 +390,7 @@ public final class InjectionPoint {
         Factory<Field> FIELDS = new Factory<Field>() {
             @Override
             public Field[] getMembers(Class<?> type) {
-                return type.getDeclaredFields();
+                return type.getFields();
             }
 
             @Override
@@ -402,7 +402,7 @@ public final class InjectionPoint {
         Factory<Method> METHODS = new Factory<Method>() {
             @Override
             public Method[] getMembers(Class<?> type) {
-                return type.getDeclaredMethods();
+                return type.getMethods();
             }
 
             @Override

core/src/main/resources/org/elasticsearch/bootstrap/security.policy

@@ -31,10 +31,12 @@ grant codeBase "${codebase.securesm-1.0.jar}" {
 //// Very special jar permissions:
 //// These are dangerous permissions that we don't want to grant to everything.
 
-grant codeBase "${codebase.lucene-core-5.4.0-snapshot-1715952.jar}" {
+grant codeBase "${codebase.lucene-core-5.5.0-snapshot-1719088.jar}" {
   // needed to allow MMapDirectory's "unmap hack"
   permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
   permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
+  // NOTE: also needed for RAMUsageEstimator size calculations
+  permission java.lang.RuntimePermission "accessDeclaredMembers";
 };
 
 //// Everything else:
@@ -97,9 +99,6 @@ grant {
   // (TODO: clean this up?)
   permission java.lang.RuntimePermission "getProtectionDomain";
   
-  // likely not low hanging fruit...
-  permission java.lang.RuntimePermission "accessDeclaredMembers";
-
   // needed by HotThreads and potentially more
   // otherwise can be provided only to test libraries
   permission java.lang.RuntimePermission "getStackTrace";

core/src/main/resources/org/elasticsearch/bootstrap/test-framework.policy

@@ -21,30 +21,38 @@
 //// These are mock objects and test management that we allow test framework libs
 //// to provide on our behalf. But tests themselves cannot do this stuff!
 
-grant codeBase "${codebase.securemock-1.1.jar}" {
+grant codeBase "${codebase.securemock-1.2.jar}" {
   // needed to access ReflectionFactory (see below)
   permission java.lang.RuntimePermission "accessClassInPackage.sun.reflect";
   // needed to support creation of mocks
   permission java.lang.RuntimePermission "reflectionFactoryAccess";
   // needed for spy interception, etc
+  permission java.lang.RuntimePermission "accessDeclaredMembers";
   permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
 };
 
-grant codeBase "${codebase.lucene-test-framework-5.4.0-snapshot-1715952.jar}" {
+grant codeBase "${codebase.lucene-test-framework-5.5.0-snapshot-1719088.jar}" {
   // needed by RamUsageTester
   permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
 };
 
-grant codeBase "${codebase.randomizedtesting-runner-2.2.0.jar}" {
+grant codeBase "${codebase.randomizedtesting-runner-2.3.2.jar}" {
   // optionally needed for access to private test methods (e.g. beforeClass)
   permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
   // needed to fail tests on uncaught exceptions from other threads
   permission java.lang.RuntimePermission "setDefaultUncaughtExceptionHandler";
   // needed for top threads handling
   permission org.elasticsearch.ThreadPermission "modifyArbitraryThreadGroup";
+  // needed for TestClass creation
+  permission java.lang.RuntimePermission "accessDeclaredMembers";
 };
 
-grant codeBase "${codebase.junit4-ant-2.2.0.jar}" {
+grant codeBase "${codebase.junit4-ant-2.3.2.jar}" {
   // needed for stream redirection
   permission java.lang.RuntimePermission "setIO";
 };
+
+grant codeBase "${codebase.junit-4.11.jar}" {
+  // needed for TestClass creation
+  permission java.lang.RuntimePermission "accessDeclaredMembers";
+};

core/src/test/java/org/elasticsearch/ExceptionSerializationTests.java

@@ -136,7 +136,7 @@ public class ExceptionSerializationTests extends ESTestCase {
                                 } else if (ElasticsearchException.isRegistered((Class<? extends Throwable>) clazz)) {
                                     registered.add(clazz);
                                     try {
-                                        if (clazz.getDeclaredMethod("writeTo", StreamOutput.class) != null) {
+                                        if (clazz.getMethod("writeTo", StreamOutput.class) != null) {
                                             hasDedicatedWrite.add(clazz);
                                         }
                                     } catch (Exception e) {

core/src/test/java/org/elasticsearch/VersionTests.java

@@ -191,7 +191,7 @@ public class VersionTests extends ESTestCase {
 
     public void testAllVersionsMatchId() throws Exception {
         Map<String, Version> maxBranchVersions = new HashMap<>();
-        for (java.lang.reflect.Field field : Version.class.getDeclaredFields()) {
+        for (java.lang.reflect.Field field : Version.class.getFields()) {
             if (field.getName().endsWith("_ID")) {
                 assertTrue(field.getName() + " should be static", Modifier.isStatic(field.getModifiers()));
                 assertTrue(field.getName() + " should be final", Modifier.isFinal(field.getModifiers()));

core/src/test/java/org/elasticsearch/bwcompat/NodesStatsBasicBackwardsCompatIT.java

@@ -69,7 +69,7 @@ public class NodesStatsBasicBackwardsCompatIT extends ESBackcompatTestCase {
             NodesStatsRequestBuilder nsBuilder = tc.admin().cluster().prepareNodesStats();
 
             Class c = nsBuilder.getClass();
-            for (Method method : c.getDeclaredMethods()) {
+            for (Method method : c.getMethods()) {
                 if (method.getName().startsWith("set")) {
                     if (method.getParameterTypes().length == 1 && method.getParameterTypes()[0] == boolean.class) {
                         method.invoke(nsBuilder, randomBoolean());

core/src/test/java/org/elasticsearch/bwcompat/RestoreBackwardsCompatIT.java

@@ -92,7 +92,7 @@ public class RestoreBackwardsCompatIT extends AbstractSnapshotIntegTestCase {
         }
 
         SortedSet<String> expectedVersions = new TreeSet<>();
-        for (java.lang.reflect.Field field : Version.class.getDeclaredFields()) {
+        for (java.lang.reflect.Field field : Version.class.getFields()) {
             if (Modifier.isStatic(field.getModifiers()) && field.getType() == Version.class) {
                 Version v = (Version) field.get(Version.class);
                 if (v.snapshot()) continue;

core/src/test/java/org/elasticsearch/index/analysis/NGramTokenizerFactoryTests.java

@@ -237,7 +237,7 @@ public class NGramTokenizerFactoryTests extends ESTokenStreamTestCase {
 
 
     private Version randomVersion(Random random) throws IllegalArgumentException, IllegalAccessException {
-        Field[] declaredFields = Version.class.getDeclaredFields();
+        Field[] declaredFields = Version.class.getFields();
         List<Field> versionFields = new ArrayList<>();
         for (Field field : declaredFields) {
             if ((field.getModifiers() & Modifier.STATIC) != 0 && field.getName().startsWith("V_") && field.getType() == Version.class) {

core/src/test/java/org/elasticsearch/index/query/AbstractQueryTestCase.java

@@ -828,21 +828,21 @@ public abstract class AbstractQueryTestCase<QB extends AbstractQueryBuilder<QB>>
         AbstractQueryTestCase delegate;
         @Override
         public Object invoke(Object proxy, Method method, Object[] args) throws Throwable {
-            if (method.equals(Client.class.getDeclaredMethod("get", GetRequest.class))) {
+            if (method.equals(Client.class.getMethod("get", GetRequest.class))) {
                 return new PlainActionFuture<GetResponse>() {
                     @Override
                     public GetResponse get() throws InterruptedException, ExecutionException {
                         return delegate.executeGet((GetRequest) args[0]);
                     }
                 };
-            } else if (method.equals(Client.class.getDeclaredMethod("multiTermVectors", MultiTermVectorsRequest.class))) {
+            } else if (method.equals(Client.class.getMethod("multiTermVectors", MultiTermVectorsRequest.class))) {
                     return new PlainActionFuture<MultiTermVectorsResponse>() {
                         @Override
                         public MultiTermVectorsResponse get() throws InterruptedException, ExecutionException {
                             return delegate.executeMultiTermVectors((MultiTermVectorsRequest) args[0]);
                         }
                     };
-            } else if (method.equals(Object.class.getDeclaredMethod("toString"))) {
+            } else if (method.equals(Object.class.getMethod("toString"))) {
                 return "MockClient";
             }
             throw new UnsupportedOperationException("this test can't handle calls to: " + method);

distribution/licenses/lucene-analyzers-common-5.4.0-snapshot-1715952.jar.sha1

@@ -1 +0,0 @@
-feaf885ed4155fb7202c1f90ac2eb40503961efc

distribution/licenses/lucene-analyzers-common-5.5.0-snapshot-1719088.jar.sha1

@@ -0,0 +1 @@
+9f2b9811a4f4a57a1b3a98bdc1e1b63476b9f628

distribution/licenses/lucene-backward-codecs-5.4.0-snapshot-1715952.jar.sha1

@@ -1 +0,0 @@
-5b5b5c950b4fcac38cf48fab911f75da61e780fa

distribution/licenses/lucene-backward-codecs-5.5.0-snapshot-1719088.jar.sha1

@@ -0,0 +1 @@
+038071889a5dbeb279e37fa46225e194139a427c

distribution/licenses/lucene-core-5.4.0-snapshot-1715952.jar.sha1

@@ -1 +0,0 @@
-84685d37a34b4d87e2928566ed266a7f005ca67d

distribution/licenses/lucene-core-5.5.0-snapshot-1719088.jar.sha1

@@ -0,0 +1 @@
+b986d0ad8ee4dda8172a5a61875c47631e4b21d4

distribution/licenses/lucene-grouping-5.4.0-snapshot-1715952.jar.sha1

@@ -1 +0,0 @@
-ff92011208ed5c28f041acc37bd77728a89fc6a5

distribution/licenses/lucene-grouping-5.5.0-snapshot-1719088.jar.sha1

@@ -0,0 +1 @@
+f46574fbdfbcc81d936c77e15ba5b3af2c2b7253

distribution/licenses/lucene-highlighter-5.4.0-snapshot-1715952.jar.sha1

@@ -1 +0,0 @@
-5d46f26a6cb36aede89b8728b6fcbc427d4f9416

distribution/licenses/lucene-highlighter-5.5.0-snapshot-1719088.jar.sha1

@@ -0,0 +1 @@
+f620262d667a294d390e8df7575cc2cca2626559

distribution/licenses/lucene-join-5.4.0-snapshot-1715952.jar.sha1

@@ -1 +0,0 @@
-726ea07bbfdfbfbee80522353496fc6667dc33c9

distribution/licenses/lucene-join-5.5.0-snapshot-1719088.jar.sha1

@@ -0,0 +1 @@
+4c44b07242fd706f6f7f14c9063a725e0e5b98cd

distribution/licenses/lucene-memory-5.4.0-snapshot-1715952.jar.sha1

@@ -1 +0,0 @@
-d8d7a7b573a4cfc54745a126e905ccfd523b7a24

distribution/licenses/lucene-memory-5.5.0-snapshot-1719088.jar.sha1

@@ -0,0 +1 @@
+1e33e0aa5fc227e90c8314f61b4cba1090035e33

distribution/licenses/lucene-misc-5.4.0-snapshot-1715952.jar.sha1

@@ -1 +0,0 @@
-cd9d4fb4492bd2680cea2f038a051311329f6443

distribution/licenses/lucene-misc-5.5.0-snapshot-1719088.jar.sha1

@@ -0,0 +1 @@
+e416893f7b781239a15d3e2c7200ff26574d14de

distribution/licenses/lucene-queries-5.4.0-snapshot-1715952.jar.sha1

@@ -1 +0,0 @@
-a1a04d191443e51f992ed3dd02d0e14fd48493c9

distribution/licenses/lucene-queries-5.5.0-snapshot-1719088.jar.sha1

@@ -0,0 +1 @@
+b153b63b9333feedb18af2673eb6ccaf95bcc8bf

distribution/licenses/lucene-queryparser-5.4.0-snapshot-1715952.jar.sha1

@@ -1 +0,0 @@
-c4d34b29b8b14ad3deb300a6d699e9d8965a3c2c

distribution/licenses/lucene-queryparser-5.5.0-snapshot-1719088.jar.sha1

@@ -0,0 +1 @@
+0aa2758d70a79f2e0f33a87624fd9d31e155c864

distribution/licenses/lucene-sandbox-5.4.0-snapshot-1715952.jar.sha1

@@ -1 +0,0 @@
-bf45dbd653d66ce9d2c3f19b69997b8098d8b416

distribution/licenses/lucene-sandbox-5.5.0-snapshot-1719088.jar.sha1

@@ -0,0 +1 @@
+873c716ba629dae389b12ddb1aedf2f5c5f57fea

distribution/licenses/lucene-spatial-5.4.0-snapshot-1715952.jar.sha1

@@ -1 +0,0 @@
-2bddfda70f5c657064d12860b03c2cd8a5029bfc

distribution/licenses/lucene-spatial-5.5.0-snapshot-1719088.jar.sha1

@@ -0,0 +1 @@
+9d7e47c2fb73c614cc5ca41529b2c273c73b0ce7

distribution/licenses/lucene-spatial3d-5.4.0-snapshot-1715952.jar.sha1

@@ -1 +0,0 @@
-881b8cd571fb3ccdcc69f1316468d816812513fb

distribution/licenses/lucene-spatial3d-5.5.0-snapshot-1719088.jar.sha1

@@ -0,0 +1 @@
+4766305088797a66fe02d5aaa98e086867816e42

distribution/licenses/lucene-suggest-5.4.0-snapshot-1715952.jar.sha1

@@ -1 +0,0 @@
-466e2bc02f45f04cbf516e5df78b9c2ebd99e944

distribution/licenses/lucene-suggest-5.5.0-snapshot-1719088.jar.sha1

@@ -0,0 +1 @@
+f0ee6fb780ea8aa9ec6d31e6a9cc7d48700bd2ca

modules/lang-expression/licenses/lucene-expressions-5.4.0-snapshot-1715952.jar.sha1

@@ -1 +0,0 @@
-414dfcf600b6c02b90a21bd219a5e115bbda0d14

modules/lang-expression/licenses/lucene-expressions-5.5.0-snapshot-1719088.jar.sha1

@@ -0,0 +1 @@
+787356d4ae6142bb8ca7e9713d0a281a797b57fb

modules/lang-expression/src/main/java/org/elasticsearch/script/expression/ExpressionPlugin.java

@@ -19,38 +19,11 @@
 
 package org.elasticsearch.script.expression;
 
-import org.apache.lucene.expressions.js.JavascriptCompiler;
-import org.elasticsearch.SpecialPermission;
 import org.elasticsearch.plugins.Plugin;
 import org.elasticsearch.script.ScriptModule;
 
-import java.security.AccessController;
-import java.security.PrivilegedAction;
-import java.text.ParseException;
-
 public class ExpressionPlugin extends Plugin {
     
-    // lucene expressions has crazy checks in its clinit for the functions map
-    // it violates rules of classloaders to detect accessibility
-    // TODO: clean that up
-    static {
-        SecurityManager sm = System.getSecurityManager();
-        if (sm != null) {
-            sm.checkPermission(new SpecialPermission());
-        }
-        AccessController.doPrivileged(new PrivilegedAction<Void>() {
-            @Override
-            public Void run() {
-                try {
-                    JavascriptCompiler.compile("0");
-                } catch (ParseException e) {
-                    throw new RuntimeException(e);
-                }
-                return null;
-            }
-        });
-    }
-
     @Override
     public String name() {
         return "lang-expression";

modules/lang-expression/src/main/plugin-metadata/plugin-security.policy

@@ -20,8 +20,6 @@
 grant {
   // needed to generate runtime classes
   permission java.lang.RuntimePermission "createClassLoader";
-  // needed because of security problems in JavascriptCompiler
-  permission java.lang.RuntimePermission "getClassLoader";
   
   // expression runtime
   permission org.elasticsearch.script.ClassPermission "java.lang.String";

modules/lang-groovy/src/main/plugin-metadata/plugin-security.policy

@@ -23,6 +23,7 @@ grant {
   // needed by IndyInterface
   permission java.lang.RuntimePermission "getClassLoader";
   // needed by groovy engine
+  permission java.lang.RuntimePermission "accessDeclaredMembers";
   permission java.lang.RuntimePermission "accessClassInPackage.sun.reflect";
   // needed by GroovyScriptEngineService to close its classloader (why?)
   permission java.lang.RuntimePermission "closeClassLoader";

modules/lang-mustache/src/main/java/org/elasticsearch/script/mustache/MustacheScriptEngineService.java

@@ -19,6 +19,8 @@
 package org.elasticsearch.script.mustache;
 
 import com.github.mustachejava.Mustache;
+
+import org.elasticsearch.SpecialPermission;
 import org.elasticsearch.common.Nullable;
 import org.elasticsearch.common.component.AbstractComponent;
 import org.elasticsearch.common.inject.Inject;
@@ -34,6 +36,8 @@ import org.elasticsearch.script.SearchScript;
 import org.elasticsearch.search.lookup.SearchLookup;
 
 import java.lang.ref.SoftReference;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
 import java.util.Collections;
 import java.util.Map;
 
@@ -123,6 +127,9 @@ public class MustacheScriptEngineService extends AbstractComponent implements Sc
         // Nothing to do here
     }
 
+    // permission checked before doing crazy reflection
+    static final SpecialPermission SPECIAL_PERMISSION = new SpecialPermission();
+
     /**
      * Used at query execution time by script service in order to execute a query template.
      * */
@@ -148,9 +155,20 @@ public class MustacheScriptEngineService extends AbstractComponent implements Sc
 
         @Override
         public Object run() {
-            BytesStreamOutput result = new BytesStreamOutput();
+            final BytesStreamOutput result = new BytesStreamOutput();
             try (UTF8StreamWriter writer = utf8StreamWriter().setOutput(result)) {
+                // crazy reflection here
+                SecurityManager sm = System.getSecurityManager();
+                if (sm != null) {
+                    sm.checkPermission(SPECIAL_PERMISSION);
+                }
+                AccessController.doPrivileged(new PrivilegedAction<Void>() {
+                    @Override
+                    public Void run() {
                         ((Mustache) template.compiled()).execute(writer, vars);
+                        return null;
+                    }
+                });
             } catch (Exception e) {
                 logger.error("Error running " + template, e);
                 throw new ScriptException("Error running " + template, e);

modules/lang-mustache/src/main/plugin-metadata/plugin-security.policy

@@ -0,0 +1,23 @@
+/*
+ * Licensed to Elasticsearch under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+grant {
+  // needed to do crazy reflection
+  permission java.lang.RuntimePermission "accessDeclaredMembers";
+};

plugins/analysis-icu/licenses/lucene-analyzers-icu-5.4.0-snapshot-1715952.jar.sha1

@@ -1 +0,0 @@
-d957c3956797c9c057e65f6342eeb104fa20951e

plugins/analysis-icu/licenses/lucene-analyzers-icu-5.5.0-snapshot-1719088.jar.sha1

@@ -0,0 +1 @@
+4e56ba76d6b23756b2bd4d9e42b2b00122cd4fa5

plugins/analysis-kuromoji/licenses/lucene-analyzers-kuromoji-5.4.0-snapshot-1715952.jar.sha1

@@ -1 +0,0 @@
-2ea1253cd3a704dea02382d6f9abe7c2a58874ac

plugins/analysis-kuromoji/licenses/lucene-analyzers-kuromoji-5.5.0-snapshot-1719088.jar.sha1

@@ -0,0 +1 @@
+d6ccac802dc1e4c177be043a173377cf5e517cff

plugins/analysis-phonetic/licenses/lucene-analyzers-phonetic-5.4.0-snapshot-1715952.jar.sha1

@@ -1 +0,0 @@
-7f2132a00895c6eacfc735a4d6056275a692363b

plugins/analysis-phonetic/licenses/lucene-analyzers-phonetic-5.5.0-snapshot-1719088.jar.sha1

@@ -0,0 +1 @@
+70ad9f6c3738727229867419d949527cc7789f62

plugins/analysis-smartcn/licenses/lucene-analyzers-smartcn-5.4.0-snapshot-1715952.jar.sha1

@@ -1 +0,0 @@
-5eff0c934476356fcd608d574ce0af4104e5e2a4

plugins/analysis-smartcn/licenses/lucene-analyzers-smartcn-5.5.0-snapshot-1719088.jar.sha1

@@ -0,0 +1 @@
+75504fd906929700e7d11f9600e4a79de48e1090

plugins/analysis-stempel/licenses/lucene-analyzers-stempel-5.4.0-snapshot-1715952.jar.sha1

@@ -1 +0,0 @@
-210cab15ecf74e5a1bf35173ef5b0d420475694c

plugins/analysis-stempel/licenses/lucene-analyzers-stempel-5.5.0-snapshot-1719088.jar.sha1

@@ -0,0 +1 @@
+9eeeeabeab89ec305e831d80bdcc7e85a1140fbb

plugins/discovery-ec2/src/main/plugin-metadata/plugin-security.policy

@@ -19,7 +19,8 @@
 
 grant {
   // needed because of problems in ClientConfiguration
-  // TODO: get this fixed in aws sdk
+  // TODO: get these fixed in aws sdk
+  permission java.lang.RuntimePermission "accessDeclaredMembers";
   // NOTE: no tests fail without this, but we know the problem
   // exists in AWS sdk, and tests here are not thorough
   permission java.lang.RuntimePermission "getClassLoader";

plugins/discovery-gce/src/main/java/org/elasticsearch/cloud/gce/GceComputeServiceImpl.java

@@ -45,6 +45,7 @@ import java.io.IOException;
 import java.net.URL;
 import java.security.AccessController;
 import java.security.GeneralSecurityException;
+import java.security.PrivilegedAction;
 import java.security.PrivilegedActionException;
 import java.security.PrivilegedExceptionAction;
 import java.util.*;
@@ -103,23 +104,33 @@ public class GceComputeServiceImpl extends AbstractLifecycleComponent<GceCompute
     public String metadata(String metadataPath) throws IOException {
         String urlMetadataNetwork = GCE_METADATA_URL + "/" + metadataPath;
         logger.debug("get metadata from [{}]", urlMetadataNetwork);
-        URL url = new URL(urlMetadataNetwork);
+        final URL url = new URL(urlMetadataNetwork);
         HttpHeaders headers;
         try {
             // hack around code messiness in GCE code
             // TODO: get this fixed
+            SecurityManager sm = System.getSecurityManager();
+            if (sm != null) {
+                sm.checkPermission(new SpecialPermission());
+            }
             headers = AccessController.doPrivileged(new PrivilegedExceptionAction<HttpHeaders>() {
                 @Override
                 public HttpHeaders run() throws IOException {
                     return new HttpHeaders();
                 }
             });
+            GenericUrl genericUrl = AccessController.doPrivileged(new PrivilegedAction<GenericUrl>() {
+                @Override
+                public GenericUrl run() {
+                    return new GenericUrl(url);
+                }
+            });
 
             // This is needed to query meta data: https://cloud.google.com/compute/docs/metadata
             headers.put("Metadata-Flavor", "Google");
             HttpResponse response;
             response = getGceHttpTransport().createRequestFactory()
-                    .buildGetRequest(new GenericUrl(url))
+                    .buildGetRequest(genericUrl)
                     .setHeaders(headers)
                     .execute();
             String metadata = response.parseAsString();

plugins/discovery-gce/src/main/java/org/elasticsearch/discovery/gce/RetryHttpInitializerWrapper.java

@@ -20,13 +20,18 @@
 package org.elasticsearch.discovery.gce;
 
 import com.google.api.client.auth.oauth2.Credential;
+import com.google.api.client.googleapis.testing.auth.oauth2.MockGoogleCredential;
 import com.google.api.client.http.*;
 import com.google.api.client.util.ExponentialBackOff;
 import com.google.api.client.util.Sleeper;
+
+import org.elasticsearch.SpecialPermission;
 import org.elasticsearch.common.logging.ESLogger;
 import org.elasticsearch.common.logging.ESLoggerFactory;
 
 import java.io.IOException;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
 import java.util.Objects;
 
 public class RetryHttpInitializerWrapper implements HttpRequestInitializer {
@@ -61,6 +66,21 @@ public class RetryHttpInitializerWrapper implements HttpRequestInitializer {
         this.maxWait = maxWait;
     }
     
+    // Use only for testing
+    static MockGoogleCredential.Builder newMockCredentialBuilder() {
+        // TODO: figure out why GCE is so bad like this
+        SecurityManager sm = System.getSecurityManager();
+        if (sm != null) {
+            sm.checkPermission(new SpecialPermission());
+        }
+        return AccessController.doPrivileged(new PrivilegedAction<MockGoogleCredential.Builder>() {
+            @Override
+            public MockGoogleCredential.Builder run() {
+                return new MockGoogleCredential.Builder();
+            }
+        });
+    }
+
     @Override
     public void initialize(HttpRequest httpRequest) {
         final HttpUnsuccessfulResponseHandler backoffHandler =

plugins/discovery-gce/src/main/plugin-metadata/plugin-security.policy

@@ -19,5 +19,6 @@
 
 grant {
   // needed because of problems in gce
+  permission java.lang.RuntimePermission "accessDeclaredMembers";
   permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
 };

plugins/discovery-gce/src/test/java/org/elasticsearch/discovery/gce/RetryHttpInitializerWrapperTests.java

@@ -97,7 +97,7 @@ public class RetryHttpInitializerWrapperTests extends ESTestCase {
         FailThenSuccessBackoffTransport fakeTransport =
                 new FailThenSuccessBackoffTransport(HttpStatusCodes.STATUS_CODE_SERVER_ERROR, 3);
 
-        MockGoogleCredential credential = new MockGoogleCredential.Builder()
+        MockGoogleCredential credential = RetryHttpInitializerWrapper.newMockCredentialBuilder()
                 .build();
         MockSleeper mockSleeper = new MockSleeper();
 
@@ -122,7 +122,7 @@ public class RetryHttpInitializerWrapperTests extends ESTestCase {
         FailThenSuccessBackoffTransport fakeTransport =
                 new FailThenSuccessBackoffTransport(HttpStatusCodes.STATUS_CODE_SERVER_ERROR, maxRetryTimes);
         JsonFactory jsonFactory = new JacksonFactory();
-        MockGoogleCredential credential = new MockGoogleCredential.Builder()
+        MockGoogleCredential credential = RetryHttpInitializerWrapper.newMockCredentialBuilder()
                 .build();
 
         MockSleeper oneTimeSleeper = new MockSleeper() {
@@ -155,7 +155,7 @@ public class RetryHttpInitializerWrapperTests extends ESTestCase {
         FailThenSuccessBackoffTransport fakeTransport =
                 new FailThenSuccessBackoffTransport(HttpStatusCodes.STATUS_CODE_SERVER_ERROR, 1, true);
 
-        MockGoogleCredential credential = new MockGoogleCredential.Builder()
+        MockGoogleCredential credential = RetryHttpInitializerWrapper.newMockCredentialBuilder()
                 .build();
         MockSleeper mockSleeper = new MockSleeper();
         RetryHttpInitializerWrapper retryHttpInitializerWrapper = new RetryHttpInitializerWrapper(credential, mockSleeper, 500);

plugins/repository-s3/src/main/plugin-metadata/plugin-security.policy

@@ -19,6 +19,7 @@
 
 grant {
   // needed because of problems in ClientConfiguration
-  // TODO: get this fixed in aws sdk
+  // TODO: get these fixed in aws sdk
+  permission java.lang.RuntimePermission "accessDeclaredMembers";
   permission java.lang.RuntimePermission "getClassLoader";
 };

test-framework/src/main/java/org/elasticsearch/test/VersionUtils.java

@@ -35,7 +35,7 @@ public class VersionUtils {
 
     private static final List<Version> SORTED_VERSIONS;
     static {
-        Field[] declaredFields = Version.class.getDeclaredFields();
+        Field[] declaredFields = Version.class.getFields();
         Set<Integer> ids = new HashSet<>();
         for (Field field : declaredFields) {
             final int mod = field.getModifiers();

test-framework/src/main/java/org/elasticsearch/test/hamcrest/ElasticsearchAssertions.java

@@ -705,7 +705,7 @@ public class ElasticsearchAssertions {
             IllegalAccessException, InvocationTargetException {
         try {
             Class<? extends Streamable> clazz = streamable.getClass();
-            Constructor<? extends Streamable> constructor = clazz.getDeclaredConstructor();
+            Constructor<? extends Streamable> constructor = clazz.getConstructor();
             assertThat(constructor, Matchers.notNullValue());
             Streamable newInstance = constructor.newInstance();
             return newInstance;

test-framework/src/test/java/org/elasticsearch/test/test/LoggingListenerTests.java

@@ -47,7 +47,7 @@ public class LoggingListenerTests extends ESTestCase {
         assertThat(xyzLogger.getLevel(), nullValue());
         assertThat(abcLogger.getLevel(), nullValue());
 
-        Method method = TestClass.class.getDeclaredMethod("annotatedTestMethod");
+        Method method = TestClass.class.getMethod("annotatedTestMethod");
         TestLogging annotation = method.getAnnotation(TestLogging.class);
         Description testDescription = Description.createTestDescription(LoggingListenerTests.class, "annotatedTestMethod", annotation);
         loggingListener.testStarted(testDescription);
@@ -105,7 +105,7 @@ public class LoggingListenerTests extends ESTestCase {
         assertThat(abcLogger.getLevel(), equalTo("ERROR"));
         assertThat(xyzLogger.getLevel(), nullValue());
 
-        Method method = TestClass.class.getDeclaredMethod("annotatedTestMethod");
+        Method method = TestClass.class.getMethod("annotatedTestMethod");
         TestLogging annotation = method.getAnnotation(TestLogging.class);
         Description testDescription = Description.createTestDescription(LoggingListenerTests.class, "annotatedTestMethod", annotation);
         loggingListener.testStarted(testDescription);
@@ -116,7 +116,7 @@ public class LoggingListenerTests extends ESTestCase {
         assertThat(abcLogger.getLevel(), equalTo("ERROR"));
         assertThat(xyzLogger.getLevel(), nullValue());
 
-        Method method2 = TestClass.class.getDeclaredMethod("annotatedTestMethod2");
+        Method method2 = TestClass.class.getMethod("annotatedTestMethod2");
         TestLogging annotation2 = method2.getAnnotation(TestLogging.class);
         Description testDescription2 = Description.createTestDescription(LoggingListenerTests.class, "annotatedTestMethod2", annotation2);
         loggingListener.testStarted(testDescription2);