explicitly initialize some hadoop classes elevated, so we don't rely on classloading order.

maybe this allows us to do less stuff in doPriv later, we will see. at least it makes things like unit testing easier.
2015-12-19 00:21:01 -05:00 · 2015-12-19 00:21:01 -05:00 · f174e96a14
parent 2e8c68d09b
commit f174e96a14
2 changed files with 30 additions and 7 deletions
--- a/plugins/repository-hdfs/src/main/java/org/elasticsearch/plugin/hadoop/hdfs/HdfsPlugin.java
+++ b/plugins/repository-hdfs/src/main/java/org/elasticsearch/plugin/hadoop/hdfs/HdfsPlugin.java
@ -18,6 +18,10 @@
 */
 package org.elasticsearch.plugin.hadoop.hdfs;

+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
+import org.elasticsearch.SpecialPermission;
 import org.elasticsearch.index.snapshots.blobstore.BlobStoreIndexShardRepository;
 import org.elasticsearch.plugins.Plugin;
 import org.elasticsearch.repositories.RepositoriesModule;
@ -26,6 +30,27 @@ import org.elasticsearch.repositories.hdfs.HdfsRepository;

 // Code 
 public class HdfsPlugin extends Plugin {
+  
+    // initialize some problematic classes with elevated privileges
+    static {
+      SecurityManager sm = System.getSecurityManager();
+      if (sm != null) {
+          sm.checkPermission(new SpecialPermission());
+      }
+      AccessController.doPrivileged(new PrivilegedAction<Void>() {
+          @Override
+          public Void run() {
+              try {
+                  Class.forName("org.apache.hadoop.security.UserGroupInformation");
+                  Class.forName("org.apache.hadoop.util.StringUtils");
+                  Class.forName("org.apache.hadoop.util.ShutdownHookManager");
+              } catch (ClassNotFoundException e) {
+                  throw new RuntimeException(e);
+              }
+              return null;
+          }
+      });
+    }

    @Override
    public String name() {
--- a/plugins/repository-hdfs/src/main/plugin-metadata/plugin-security.policy
+++ b/plugins/repository-hdfs/src/main/plugin-metadata/plugin-security.policy
@ -28,13 +28,15 @@ grant {
  // Hadoop 2
  //
  
-  // UserGroupInformation (UGI) Metrics
+  // UserGroupInformation (UGI) Metrics clinit
  permission java.lang.RuntimePermission "accessDeclaredMembers";
-  
  permission java.lang.reflect.ReflectPermission "suppressAccessChecks";

-  // Shell initialization - reading system props
+  // org.apache.hadoop.util.StringUtils clinit
  permission java.util.PropertyPermission "*", "read,write";
+
+  // org.apache.hadoop.util.ShutdownHookManager clinit
+  permission java.lang.RuntimePermission "shutdownHooks";
  
  // UGI triggers JAAS
  permission javax.security.auth.AuthPermission "getSubject";
@ -50,10 +52,6 @@ grant {
  
  permission javax.security.auth.AuthPermission "modifyPrivateCredentials";
  
-  //permission javax.security.auth.PrivateCredentialPermission "org.apache.hadoop.security.Credentials \"*\"", "read";
-  
  permission javax.security.auth.AuthPermission "doAs";
  
-  // DFSClient init (metrics again)
-  permission java.lang.RuntimePermission "shutdownHooks";
 };