[License] Add SPDX License Header to security policies (#531)

This commit adds the SPDX license header and modifications copyright to security
policy files.

Signed-off-by: Nicholas Walter Knize <nknize@apache.org>
This commit is contained in:
Nick Knize 2021-04-12 22:59:36 -05:00 committed by GitHub
parent 3563b72c7e
commit ee6d15e26a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
29 changed files with 368 additions and 2 deletions

View File

@ -1,3 +1,14 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*
* Modifications Copyright OpenSearch Contributors. See
* GitHub history for details.
*/
// Security Policy for JDK 11 and higher, with BouncyCastle FIPS provider and BouncyCastleJsseProvider in FIPS mode // Security Policy for JDK 11 and higher, with BouncyCastle FIPS provider and BouncyCastleJsseProvider in FIPS mode
grant { grant {

View File

@ -1,3 +1,14 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*
* Modifications Copyright OpenSearch Contributors. See
* GitHub history for details.
*/
// Security Policy for JDK 8, with BouncyCastle FIPS provider and BouncyCastleJsseProvider in FIPS mode // Security Policy for JDK 8, with BouncyCastle FIPS provider and BouncyCastleJsseProvider in FIPS mode
grant codeBase "file:${java.home}/lib/ext/localedata.jar" { grant codeBase "file:${java.home}/lib/ext/localedata.jar" {

View File

@ -1,3 +1,14 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*
* Modifications Copyright OpenSearch Contributors. See
* GitHub history for details.
*/
// Security Policy for JDK 8, with BouncyCastle FIPS provider and SunJSSE in FIPS mode // Security Policy for JDK 8, with BouncyCastle FIPS provider and SunJSSE in FIPS mode
grant codeBase "file:${java.home}/lib/ext/localedata.jar" { grant codeBase "file:${java.home}/lib/ext/localedata.jar" {

View File

@ -1,3 +1,14 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*
* Modifications Copyright OpenSearch Contributors. See
* GitHub history for details.
*/
grant { grant {
// Needed to read the log file // Needed to read the log file
permission java.io.FilePermission "${tests.logfile}", "read"; permission java.io.FilePermission "${tests.logfile}", "read";

View File

@ -1,3 +1,11 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*/
/* /*
* Licensed to Elasticsearch under one or more contributor * Licensed to Elasticsearch under one or more contributor
* license agreements. See the NOTICE file distributed with * license agreements. See the NOTICE file distributed with
@ -17,6 +25,12 @@
* under the License. * under the License.
*/ */
/*
*
* Modifications Copyright OpenSearch Contributors. See
* GitHub history for details.
*/
grant { grant {
// needed because jackson-databind is using Class#getDeclaredConstructors(), Class#getDeclaredMethods() and // needed because jackson-databind is using Class#getDeclaredConstructors(), Class#getDeclaredMethods() and
// Class#getDeclaredAnnotations() to find all public, private, protected, package protected and // Class#getDeclaredAnnotations() to find all public, private, protected, package protected and

View File

@ -1,3 +1,11 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*/
/* /*
* Licensed to Elasticsearch under one or more contributor * Licensed to Elasticsearch under one or more contributor
* license agreements. See the NOTICE file distributed with * license agreements. See the NOTICE file distributed with
@ -17,6 +25,11 @@
* under the License. * under the License.
*/ */
/*
* Modifications Copyright OpenSearch Contributors. See
* GitHub history for details.
*/
grant { grant {
// needed to generate runtime classes // needed to generate runtime classes
permission java.lang.RuntimePermission "createClassLoader"; permission java.lang.RuntimePermission "createClassLoader";

View File

@ -1,3 +1,11 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*/
/* /*
* Licensed to Elasticsearch under one or more contributor * Licensed to Elasticsearch under one or more contributor
* license agreements. See the NOTICE file distributed with * license agreements. See the NOTICE file distributed with
@ -17,6 +25,11 @@
* under the License. * under the License.
*/ */
/*
* Modifications Copyright OpenSearch Contributors. See
* GitHub history for details.
*/
grant { grant {
// needed to do crazy reflection // needed to do crazy reflection
permission java.lang.RuntimePermission "accessDeclaredMembers"; permission java.lang.RuntimePermission "accessDeclaredMembers";

View File

@ -1,3 +1,11 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*/
/* /*
* Licensed to Elasticsearch under one or more contributor * Licensed to Elasticsearch under one or more contributor
* license agreements. See the NOTICE file distributed with * license agreements. See the NOTICE file distributed with
@ -17,6 +25,11 @@
* under the License. * under the License.
*/ */
/*
* Modifications Copyright OpenSearch Contributors. See
* GitHub history for details.
*/
grant { grant {
// needed to generate runtime classes // needed to generate runtime classes
permission java.lang.RuntimePermission "createClassLoader"; permission java.lang.RuntimePermission "createClassLoader";

View File

@ -1,3 +1,11 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*/
/* /*
* Licensed to Elasticsearch under one or more contributor * Licensed to Elasticsearch under one or more contributor
* license agreements. See the NOTICE file distributed with * license agreements. See the NOTICE file distributed with
@ -17,6 +25,11 @@
* under the License. * under the License.
*/ */
/*
* Modifications Copyright OpenSearch Contributors. See
* GitHub history for details.
*/
grant { grant {
// reindex opens socket connections using the rest client // reindex opens socket connections using the rest client
permission java.net.SocketPermission "*", "connect"; permission java.net.SocketPermission "*", "connect";

View File

@ -1,3 +1,11 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*/
/* /*
* Licensed to Elasticsearch under one or more contributor * Licensed to Elasticsearch under one or more contributor
* license agreements. See the NOTICE file distributed with * license agreements. See the NOTICE file distributed with
@ -17,6 +25,11 @@
* under the License. * under the License.
*/ */
/*
* Modifications Copyright OpenSearch Contributors. See
* GitHub history for details.
*/
grant { grant {
permission java.net.SocketPermission "*", "connect"; permission java.net.SocketPermission "*", "connect";
}; };

View File

@ -1,3 +1,11 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*/
/* /*
* Licensed to Elasticsearch under one or more contributor * Licensed to Elasticsearch under one or more contributor
* license agreements. See the NOTICE file distributed with * license agreements. See the NOTICE file distributed with
@ -17,6 +25,11 @@
* under the License. * under the License.
*/ */
/*
* Modifications Copyright OpenSearch Contributors. See
* GitHub history for details.
*/
grant codeBase "${codebase.systemd}" { grant codeBase "${codebase.systemd}" {
// for registering native methods // for registering native methods
permission java.lang.RuntimePermission "accessDeclaredMembers"; permission java.lang.RuntimePermission "accessDeclaredMembers";

View File

@ -1,3 +1,11 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*/
/* /*
* Licensed to Elasticsearch under one or more contributor * Licensed to Elasticsearch under one or more contributor
* license agreements. See the NOTICE file distributed with * license agreements. See the NOTICE file distributed with
@ -17,6 +25,11 @@
* under the License. * under the License.
*/ */
/*
* Modifications Copyright OpenSearch Contributors. See
* GitHub history for details.
*/
grant codeBase "${codebase.netty-common}" { grant codeBase "${codebase.netty-common}" {
// for reading the system-wide configuration for the backlog of established sockets // for reading the system-wide configuration for the backlog of established sockets
permission java.io.FilePermission "/proc/sys/net/core/somaxconn", "read"; permission java.io.FilePermission "/proc/sys/net/core/somaxconn", "read";

View File

@ -1,3 +1,11 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*/
/* /*
* Licensed to Elasticsearch under one or more contributor * Licensed to Elasticsearch under one or more contributor
* license agreements. See the NOTICE file distributed with * license agreements. See the NOTICE file distributed with
@ -17,6 +25,11 @@
* under the License. * under the License.
*/ */
/*
* Modifications Copyright OpenSearch Contributors. See
* GitHub history for details.
*/
grant { grant {
// azure client opens socket connections for discovery // azure client opens socket connections for discovery
permission java.net.SocketPermission "*", "connect"; permission java.net.SocketPermission "*", "connect";

View File

@ -1,3 +1,11 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*/
/* /*
* Licensed to Elasticsearch under one or more contributor * Licensed to Elasticsearch under one or more contributor
* license agreements. See the NOTICE file distributed with * license agreements. See the NOTICE file distributed with
@ -17,6 +25,11 @@
* under the License. * under the License.
*/ */
/*
* Modifications Copyright OpenSearch Contributors. See
* GitHub history for details.
*/
grant { grant {
// needed because of problems in ClientConfiguration // needed because of problems in ClientConfiguration
// TODO: get these fixed in aws sdk // TODO: get these fixed in aws sdk

View File

@ -1,3 +1,11 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*/
/* /*
* Licensed to Elasticsearch under one or more contributor * Licensed to Elasticsearch under one or more contributor
* license agreements. See the NOTICE file distributed with * license agreements. See the NOTICE file distributed with
@ -17,6 +25,11 @@
* under the License. * under the License.
*/ */
/*
* Modifications Copyright OpenSearch Contributors. See
* GitHub history for details.
*/
grant { grant {
// needed because of problems in gce // needed because of problems in gce
permission java.lang.RuntimePermission "accessDeclaredMembers"; permission java.lang.RuntimePermission "accessDeclaredMembers";

View File

@ -1,3 +1,11 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*/
/* /*
* Licensed to Elasticsearch under one or more contributor * Licensed to Elasticsearch under one or more contributor
* license agreements. See the NOTICE file distributed with * license agreements. See the NOTICE file distributed with
@ -17,6 +25,11 @@
* under the License. * under the License.
*/ */
/*
* Modifications Copyright OpenSearch Contributors. See
* GitHub history for details.
*/
// NOTE: when modifying this file, look at restrictions in TikaImpl too // NOTE: when modifying this file, look at restrictions in TikaImpl too
grant { grant {
// needed to apply additional sandboxing to tika parsing // needed to apply additional sandboxing to tika parsing

View File

@ -1,3 +1,11 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*/
/* /*
* Licensed to Elasticsearch under one or more contributor * Licensed to Elasticsearch under one or more contributor
* license agreements. See the NOTICE file distributed with * license agreements. See the NOTICE file distributed with
@ -17,6 +25,11 @@
* under the License. * under the License.
*/ */
/*
* Modifications Copyright OpenSearch Contributors. See
* GitHub history for details.
*/
grant { grant {
// azure client opens socket connections for to access repository // azure client opens socket connections for to access repository
permission java.net.SocketPermission "*", "connect"; permission java.net.SocketPermission "*", "connect";

View File

@ -1,3 +1,11 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*/
/* /*
* Licensed to Elasticsearch under one or more contributor * Licensed to Elasticsearch under one or more contributor
* license agreements. See the NOTICE file distributed with * license agreements. See the NOTICE file distributed with
@ -17,6 +25,11 @@
* under the License. * under the License.
*/ */
/*
* Modifications Copyright OpenSearch Contributors. See
* GitHub history for details.
*/
grant { grant {
// required by: com.google.api.client.json.JsonParser#parseValue // required by: com.google.api.client.json.JsonParser#parseValue
permission java.lang.RuntimePermission "accessDeclaredMembers"; permission java.lang.RuntimePermission "accessDeclaredMembers";

View File

@ -1,3 +1,11 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*/
/* /*
* Licensed to Elasticsearch under one or more contributor * Licensed to Elasticsearch under one or more contributor
* license agreements. See the NOTICE file distributed with * license agreements. See the NOTICE file distributed with
@ -17,6 +25,11 @@
* under the License. * under the License.
*/ */
/*
* Modifications Copyright OpenSearch Contributors. See
* GitHub history for details.
*/
grant { grant {
// Hadoop UserGroupInformation, HdfsConstants, PipelineAck clinit // Hadoop UserGroupInformation, HdfsConstants, PipelineAck clinit
permission java.lang.RuntimePermission "getClassLoader"; permission java.lang.RuntimePermission "getClassLoader";
@ -35,7 +48,7 @@ grant {
// org.apache.hadoop.util.ShutdownHookManager clinit // org.apache.hadoop.util.ShutdownHookManager clinit
permission java.lang.RuntimePermission "shutdownHooks"; permission java.lang.RuntimePermission "shutdownHooks";
// JAAS is used by Hadoop for authentication purposes // JAAS is used by Hadoop for authentication purposes
// The Hadoop Login JAAS module modifies a Subject's private credentials and principals // The Hadoop Login JAAS module modifies a Subject's private credentials and principals
// The Hadoop RPC Layer must be able to read these credentials, and initiate Kerberos connections // The Hadoop RPC Layer must be able to read these credentials, and initiate Kerberos connections

View File

@ -1,3 +1,11 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*/
/* /*
* Licensed to Elasticsearch under one or more contributor * Licensed to Elasticsearch under one or more contributor
* license agreements. See the NOTICE file distributed with * license agreements. See the NOTICE file distributed with
@ -17,6 +25,11 @@
* under the License. * under the License.
*/ */
/*
* Modifications Copyright OpenSearch Contributors. See
* GitHub history for details.
*/
grant { grant {
// needed because of problems in ClientConfiguration // needed because of problems in ClientConfiguration
// TODO: get these fixed in aws sdk // TODO: get these fixed in aws sdk

View File

@ -1,3 +1,11 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*/
/* /*
* Licensed to Elasticsearch under one or more contributor * Licensed to Elasticsearch under one or more contributor
* license agreements. See the NOTICE file distributed with * license agreements. See the NOTICE file distributed with
@ -17,6 +25,11 @@
* under the License. * under the License.
*/ */
/*
* Modifications Copyright OpenSearch Contributors. See
* GitHub history for details.
*/
grant codeBase "${codebase.opensearch-nio}" { grant codeBase "${codebase.opensearch-nio}" {
// opensearch-nio makes and accepts socket connections // opensearch-nio makes and accepts socket connections
permission java.net.SocketPermission "*", "accept,connect"; permission java.net.SocketPermission "*", "accept,connect";

View File

@ -1,3 +1,11 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*/
/* /*
* Licensed to Elasticsearch under one or more contributor * Licensed to Elasticsearch under one or more contributor
* license agreements. See the NOTICE file distributed with * license agreements. See the NOTICE file distributed with
@ -17,6 +25,11 @@
* under the License. * under the License.
*/ */
/*
* Modifications Copyright OpenSearch Contributors. See
* GitHub history for details.
*/
grant { grant {
// needed to cause problems // needed to cause problems
permission java.lang.RuntimePermission "getClassLoader"; permission java.lang.RuntimePermission "getClassLoader";

View File

@ -1,3 +1,11 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*/
/* /*
* Licensed to Elasticsearch under one or more contributor * Licensed to Elasticsearch under one or more contributor
* license agreements. See the NOTICE file distributed with * license agreements. See the NOTICE file distributed with
@ -17,6 +25,11 @@
* under the License. * under the License.
*/ */
/*
* Modifications Copyright OpenSearch Contributors. See
* GitHub history for details.
*/
grant { grant {
// needed to waste paper // needed to waste paper
permission java.lang.RuntimePermission "queuePrintJob"; permission java.lang.RuntimePermission "queuePrintJob";

View File

@ -1,3 +1,11 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*/
/* /*
* Licensed to Elasticsearch under one or more contributor * Licensed to Elasticsearch under one or more contributor
* license agreements. See the NOTICE file distributed with * license agreements. See the NOTICE file distributed with
@ -17,6 +25,11 @@
* under the License. * under the License.
*/ */
/*
* Modifications Copyright OpenSearch Contributors. See
* GitHub history for details.
*/
grant { grant {
// an unresolved permission // an unresolved permission
permission org.fake.FakePermission "fakeName"; permission org.fake.FakePermission "fakeName";

View File

@ -1,3 +1,14 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*
* Modifications Copyright OpenSearch Contributors. See
* GitHub history for details.
*/
grant { grant {
// Needed to read the log file // Needed to read the log file
permission java.io.FilePermission "${tests.logfile}", "read"; permission java.io.FilePermission "${tests.logfile}", "read";

View File

@ -1,3 +1,14 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*
* Modifications Copyright OpenSearch Contributors. See
* GitHub history for details.
*/
grant { grant {
// Needed to read the log file // Needed to read the log file
permission java.io.FilePermission "${tests.logfile}", "read"; permission java.io.FilePermission "${tests.logfile}", "read";

View File

@ -1,3 +1,11 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*/
/* /*
* Licensed to Elasticsearch under one or more contributor * Licensed to Elasticsearch under one or more contributor
* license agreements. See the NOTICE file distributed with * license agreements. See the NOTICE file distributed with
@ -17,6 +25,11 @@
* under the License. * under the License.
*/ */
/*
* Modifications Copyright OpenSearch Contributors. See
* GitHub history for details.
*/
// Default security policy file. // Default security policy file.
// On startup, BootStrap reads environment and adds additional permissions // On startup, BootStrap reads environment and adds additional permissions
// for configured paths and network binding to these. // for configured paths and network binding to these.

View File

@ -1,3 +1,11 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*/
/* /*
* Licensed to Elasticsearch under one or more contributor * Licensed to Elasticsearch under one or more contributor
* license agreements. See the NOTICE file distributed with * license agreements. See the NOTICE file distributed with
@ -17,6 +25,11 @@
* under the License. * under the License.
*/ */
/*
* Modifications Copyright OpenSearch Contributors. See
* GitHub history for details.
*/
//// additional test framework permissions. //// additional test framework permissions.
//// These are mock objects and test management that we allow test framework libs //// These are mock objects and test management that we allow test framework libs
//// to provide on our behalf. But tests themselves cannot do this stuff! //// to provide on our behalf. But tests themselves cannot do this stuff!

View File

@ -1,3 +1,11 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache-2.0 license or a
* compatible open source license.
*/
/* /*
* Licensed to Elasticsearch under one or more contributor * Licensed to Elasticsearch under one or more contributor
* license agreements. See the NOTICE file distributed with * license agreements. See the NOTICE file distributed with
@ -16,7 +24,12 @@
* specific language governing permissions and limitations * specific language governing permissions and limitations
* under the License. * under the License.
*/ */
/*
* Modifications Copyright OpenSearch Contributors. See
* GitHub history for details.
*/
/* /*
* Limited security policy for scripts. * Limited security policy for scripts.
* This is what is needed for basic functionality to work. * This is what is needed for basic functionality to work.