add modules/ infra (but no loading via pluginservice yet)
This commit is contained in:
Robert Muir
parent
caf77f7eea
commit
da8fe687fc
|
|
@ -131,34 +131,48 @@ final class Security {
|
||||||
@SuppressForbidden(reason = "proper use of URL")
|
@SuppressForbidden(reason = "proper use of URL")
|
||||||
static Map<String,Policy> getPluginPermissions(Environment environment) throws IOException, NoSuchAlgorithmException {
|
static Map<String,Policy> getPluginPermissions(Environment environment) throws IOException, NoSuchAlgorithmException {
|
||||||
Map<String,Policy> map = new HashMap<>();
|
Map<String,Policy> map = new HashMap<>();
|
||||||
|
// collect up lists of plugins and modules
|
||||||
|
List<Path> pluginsAndModules = new ArrayList<>();
|
||||||
if (Files.exists(environment.pluginsFile())) {
|
if (Files.exists(environment.pluginsFile())) {
|
||||||
try (DirectoryStream<Path> stream = Files.newDirectoryStream(environment.pluginsFile())) {
|
try (DirectoryStream<Path> stream = Files.newDirectoryStream(environment.pluginsFile())) {
|
||||||
for (Path plugin : stream) {
|
for (Path plugin : stream) {
|
||||||
Path policyFile = plugin.resolve(PluginInfo.ES_PLUGIN_POLICY);
|
pluginsAndModules.add(plugin);
|
||||||
if (Files.exists(policyFile)) {
|
}
|
||||||
// first get a list of URLs for the plugins' jars:
|
}
|
||||||
// we resolve symlinks so map is keyed on the normalize codebase name
|
}
|
||||||
List<URL> codebases = new ArrayList<>();
|
if (Files.exists(environment.modulesFile())) {
|
||||||
try (DirectoryStream<Path> jarStream = Files.newDirectoryStream(plugin, "*.jar")) {
|
try (DirectoryStream<Path> stream = Files.newDirectoryStream(environment.modulesFile())) {
|
||||||
for (Path jar : jarStream) {
|
for (Path plugin : stream) {
|
||||||
codebases.add(jar.toRealPath().toUri().toURL());
|
pluginsAndModules.add(plugin);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
// parse the plugin's policy file into a set of permissions
|
// now process each one
|
||||||
Policy policy = readPolicy(policyFile.toUri().toURL(), codebases.toArray(new URL[codebases.size()]));
|
for (Path plugin : pluginsAndModules) {
|
||||||
|
Path policyFile = plugin.resolve(PluginInfo.ES_PLUGIN_POLICY);
|
||||||
// consult this policy for each of the plugin's jars:
|
if (Files.exists(policyFile)) {
|
||||||
for (URL url : codebases) {
|
// first get a list of URLs for the plugins' jars:
|
||||||
if (map.put(url.getFile(), policy) != null) {
|
// we resolve symlinks so map is keyed on the normalize codebase name
|
||||||
// just be paranoid ok?
|
List<URL> codebases = new ArrayList<>();
|
||||||
throw new IllegalStateException("per-plugin permissions already granted for jar file: " + url);
|
try (DirectoryStream<Path> jarStream = Files.newDirectoryStream(plugin, "*.jar")) {
|
||||||
}
|
for (Path jar : jarStream) {
|
||||||
}
|
codebases.add(jar.toRealPath().toUri().toURL());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// parse the plugin's policy file into a set of permissions
|
||||||
|
Policy policy = readPolicy(policyFile.toUri().toURL(), codebases.toArray(new URL[codebases.size()]));
|
||||||
|
|
||||||
|
// consult this policy for each of the plugin's jars:
|
||||||
|
for (URL url : codebases) {
|
||||||
|
if (map.put(url.getFile(), policy) != null) {
|
||||||
|
// just be paranoid ok?
|
||||||
|
throw new IllegalStateException("per-plugin permissions already granted for jar file: " + url);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return Collections.unmodifiableMap(map);
|
return Collections.unmodifiableMap(map);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -228,6 +242,7 @@ final class Security {
|
||||||
// read-only dirs
|
// read-only dirs
|
||||||
addPath(policy, "path.home", environment.binFile(), "read,readlink");
|
addPath(policy, "path.home", environment.binFile(), "read,readlink");
|
||||||
addPath(policy, "path.home", environment.libFile(), "read,readlink");
|
addPath(policy, "path.home", environment.libFile(), "read,readlink");
|
||||||
|
addPath(policy, "path.home", environment.modulesFile(), "read,readlink");
|
||||||
addPath(policy, "path.plugins", environment.pluginsFile(), "read,readlink");
|
addPath(policy, "path.plugins", environment.pluginsFile(), "read,readlink");
|
||||||
addPath(policy, "path.conf", environment.configFile(), "read,readlink");
|
addPath(policy, "path.conf", environment.configFile(), "read,readlink");
|
||||||
addPath(policy, "path.scripts", environment.scriptsFile(), "read,readlink");
|
addPath(policy, "path.scripts", environment.scriptsFile(), "read,readlink");
|
||||||
|
|
|
||||||
|
|
@ -58,6 +58,8 @@ public class Environment {
|
||||||
|
|
||||||
private final Path pluginsFile;
|
private final Path pluginsFile;
|
||||||
|
|
||||||
|
private final Path modulesFile;
|
||||||
|
|
||||||
private final Path sharedDataFile;
|
private final Path sharedDataFile;
|
||||||
|
|
||||||
/** location of bin/, used by plugin manager */
|
/** location of bin/, used by plugin manager */
|
||||||
|
|
@ -157,6 +159,7 @@ public class Environment {
|
||||||
|
|
||||||
binFile = homeFile.resolve("bin");
|
binFile = homeFile.resolve("bin");
|
||||||
libFile = homeFile.resolve("lib");
|
libFile = homeFile.resolve("lib");
|
||||||
|
modulesFile = homeFile.resolve("modules");
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -275,6 +278,10 @@ public class Environment {
|
||||||
return libFile;
|
return libFile;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public Path modulesFile() {
|
||||||
|
return modulesFile;
|
||||||
|
}
|
||||||
|
|
||||||
public Path logsFile() {
|
public Path logsFile() {
|
||||||
return logsFile;
|
return logsFile;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue