From 8b9e23de9347ef014429f9c03c86952c0adb7045 Mon Sep 17 00:00:00 2001 From: Ryan Ernst Date: Fri, 10 Nov 2017 11:00:09 -0800 Subject: [PATCH] Plugins: Add versionless alias to all security policy codebase properties (#26756) This is a followup to #26521. This commit expands the alias added for the elasticsearch client codebase to all codebases. The original full jar name property is left intact. This only adds an alias without the version, which should help ease the pain in updating any versions (ES itself or dependencies). --- .../org/elasticsearch/bootstrap/Security.java | 32 +++++++++---------- .../elasticsearch/bootstrap/security.policy | 6 ++-- .../bootstrap/test-framework.policy | 14 ++++---- .../plugin-metadata/plugin-security.policy | 2 +- .../plugin-metadata/plugin-security.policy | 4 +-- 5 files changed, 29 insertions(+), 29 deletions(-) diff --git a/core/src/main/java/org/elasticsearch/bootstrap/Security.java b/core/src/main/java/org/elasticsearch/bootstrap/Security.java index a1ce20a0e27c8..c742fdf7f84c6 100644 --- a/core/src/main/java/org/elasticsearch/bootstrap/Security.java +++ b/core/src/main/java/org/elasticsearch/bootstrap/Security.java @@ -199,28 +199,28 @@ static Policy readPolicy(URL policyFile, Set codebases) { try { // set codebase properties for (URL url : codebases) { - String shortName = PathUtils.get(url.toURI()).getFileName().toString(); - if (shortName.endsWith(".jar") == false) { + String fileName = PathUtils.get(url.toURI()).getFileName().toString(); + if (fileName.endsWith(".jar") == false) { continue; // tests :( } - String property = "codebase." + shortName; - if (shortName.startsWith("elasticsearch-rest-client")) { - // The rest client is currently the only example where we have an elasticsearch built artifact - // which needs special permissions in policy files when used. This temporary solution is to - // pass in an extra system property that omits the -version.jar suffix the other properties have. - // That allows the snapshots to reference snapshot builds of the client, and release builds to - // referenced release builds of the client, all with the same grant statements. - final String esVersion = Version.CURRENT + (Build.CURRENT.isSnapshot() ? "-SNAPSHOT" : ""); - final int index = property.indexOf("-" + esVersion + ".jar"); - assert index >= 0; - String restClientAlias = property.substring(0, index); - propertiesSet.add(restClientAlias); - System.setProperty(restClientAlias, url.toString()); + // We attempt to use a versionless identifier for each codebase. This assumes a specific version + // format in the jar filename. While we cannot ensure all jars in all plugins use this format, nonconformity + // only means policy grants would need to include the entire jar filename as they always have before. + String property = "codebase." + fileName; + String aliasProperty = "codebase." + fileName.replaceFirst("-\\d+\\.\\d+.*\\.jar", ""); + if (aliasProperty.equals(property) == false) { + propertiesSet.add(aliasProperty); + String previous = System.setProperty(aliasProperty, url.toString()); + if (previous != null) { + throw new IllegalStateException("codebase property already set: " + aliasProperty + " -> " + previous + + ", cannot set to " + url.toString()); + } } propertiesSet.add(property); String previous = System.setProperty(property, url.toString()); if (previous != null) { - throw new IllegalStateException("codebase property already set: " + shortName + "->" + previous); + throw new IllegalStateException("codebase property already set: " + property + " -> " + previous + + ", cannot set to " + url.toString()); } } return Policy.getInstance("JavaPolicy", new URIParameter(policyFile.toURI())); diff --git a/core/src/main/resources/org/elasticsearch/bootstrap/security.policy b/core/src/main/resources/org/elasticsearch/bootstrap/security.policy index 7268e0f72380b..603e95c3102d0 100644 --- a/core/src/main/resources/org/elasticsearch/bootstrap/security.policy +++ b/core/src/main/resources/org/elasticsearch/bootstrap/security.policy @@ -24,14 +24,14 @@ //// SecurityManager impl: //// Must have all permissions to properly perform access checks -grant codeBase "${codebase.securesm-1.1.jar}" { +grant codeBase "${codebase.securesm}" { permission java.security.AllPermission; }; //// Very special jar permissions: //// These are dangerous permissions that we don't want to grant to everything. -grant codeBase "${codebase.lucene-core-7.1.0.jar}" { +grant codeBase "${codebase.lucene-core}" { // needed to allow MMapDirectory's "unmap hack" (die unmap hack, die) // java 8 package permission java.lang.RuntimePermission "accessClassInPackage.sun.misc"; @@ -42,7 +42,7 @@ grant codeBase "${codebase.lucene-core-7.1.0.jar}" { permission java.lang.RuntimePermission "accessDeclaredMembers"; }; -grant codeBase "${codebase.lucene-misc-7.1.0.jar}" { +grant codeBase "${codebase.lucene-misc}" { // needed to allow shard shrinking to use hard-links if possible via lucenes HardlinkCopyDirectoryWrapper permission java.nio.file.LinkPermission "hard"; }; diff --git a/core/src/main/resources/org/elasticsearch/bootstrap/test-framework.policy b/core/src/main/resources/org/elasticsearch/bootstrap/test-framework.policy index 453621b138e0a..539587c409d42 100644 --- a/core/src/main/resources/org/elasticsearch/bootstrap/test-framework.policy +++ b/core/src/main/resources/org/elasticsearch/bootstrap/test-framework.policy @@ -21,7 +21,7 @@ //// These are mock objects and test management that we allow test framework libs //// to provide on our behalf. But tests themselves cannot do this stuff! -grant codeBase "${codebase.securemock-1.2.jar}" { +grant codeBase "${codebase.securemock}" { // needed to access ReflectionFactory (see below) permission java.lang.RuntimePermission "accessClassInPackage.sun.reflect"; // needed for reflection in ibm jdk @@ -33,7 +33,7 @@ grant codeBase "${codebase.securemock-1.2.jar}" { permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; }; -grant codeBase "${codebase.lucene-test-framework-7.1.0.jar}" { +grant codeBase "${codebase.lucene-test-framework}" { // needed by RamUsageTester permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; // needed for testing hardlinks in StoreRecoveryTests since we install MockFS @@ -42,7 +42,7 @@ grant codeBase "${codebase.lucene-test-framework-7.1.0.jar}" { permission java.lang.RuntimePermission "accessDeclaredMembers"; }; -grant codeBase "${codebase.randomizedtesting-runner-2.5.2.jar}" { +grant codeBase "${codebase.randomizedtesting-runner}" { // optionally needed for access to private test methods (e.g. beforeClass) permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; // needed to fail tests on uncaught exceptions from other threads @@ -53,12 +53,12 @@ grant codeBase "${codebase.randomizedtesting-runner-2.5.2.jar}" { permission java.lang.RuntimePermission "accessDeclaredMembers"; }; -grant codeBase "${codebase.junit-4.12.jar}" { +grant codeBase "${codebase.junit}" { // needed for TestClass creation permission java.lang.RuntimePermission "accessDeclaredMembers"; }; -grant codeBase "${codebase.mocksocket-1.2.jar}" { +grant codeBase "${codebase.mocksocket}" { // mocksocket makes and accepts socket connections permission java.net.SocketPermission "*", "accept,connect"; }; @@ -70,12 +70,12 @@ grant codeBase "${codebase.elasticsearch-rest-client}" { permission java.net.NetPermission "getProxySelector"; }; -grant codeBase "${codebase.httpcore-nio-4.4.5.jar}" { +grant codeBase "${codebase.httpcore-nio}" { // httpcore makes socket connections for rest tests permission java.net.SocketPermission "*", "connect"; }; -grant codeBase "${codebase.httpasyncclient-4.1.2.jar}" { +grant codeBase "${codebase.httpasyncclient}" { // httpasyncclient makes socket connections for rest tests permission java.net.SocketPermission "*", "connect"; // rest client uses system properties which gets the default proxy diff --git a/modules/reindex/src/main/plugin-metadata/plugin-security.policy b/modules/reindex/src/main/plugin-metadata/plugin-security.policy index 70fb51b845ce1..a2482eaf4bd57 100644 --- a/modules/reindex/src/main/plugin-metadata/plugin-security.policy +++ b/modules/reindex/src/main/plugin-metadata/plugin-security.policy @@ -27,7 +27,7 @@ grant codeBase "${codebase.elasticsearch-rest-client}" { permission java.net.NetPermission "getProxySelector"; }; -grant codeBase "${codebase.httpasyncclient-4.1.2.jar}" { +grant codeBase "${codebase.httpasyncclient}" { // rest client uses system properties which gets the default proxy permission java.net.NetPermission "getProxySelector"; }; diff --git a/modules/transport-netty4/src/main/plugin-metadata/plugin-security.policy b/modules/transport-netty4/src/main/plugin-metadata/plugin-security.policy index 4c87e1ef9c598..32b2dc9bd1540 100644 --- a/modules/transport-netty4/src/main/plugin-metadata/plugin-security.policy +++ b/modules/transport-netty4/src/main/plugin-metadata/plugin-security.policy @@ -17,7 +17,7 @@ * under the License. */ -grant codeBase "${codebase.netty-common-4.1.13.Final.jar}" { +grant codeBase "${codebase.netty-common}" { // for reading the system-wide configuration for the backlog of established sockets permission java.io.FilePermission "/proc/sys/net/core/somaxconn", "read"; @@ -25,7 +25,7 @@ grant codeBase "${codebase.netty-common-4.1.13.Final.jar}" { permission java.net.SocketPermission "*", "accept,connect"; }; -grant codeBase "${codebase.netty-transport-4.1.13.Final.jar}" { +grant codeBase "${codebase.netty-transport}" { // Netty NioEventLoop wants to change this, because of https://bugs.openjdk.java.net/browse/JDK-6427854 // the bug says it only happened rarely, and that its fixed, but apparently it still happens rarely! permission java.util.PropertyPermission "sun.nio.ch.bugLevel", "write";