"Fossies" - the Fresh Open Source Software Archive

Member "elasticsearch-6.8.23/modules/x-pack-security/plugin-security.policy" (6 Jan 2022, 3154 Bytes) of package /linux/www/elasticsearch-6.8.23.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 grant {
    2   permission java.lang.RuntimePermission "setFactory";
    3 
    4   // needed because of problems in unbound LDAP library
    5   permission java.util.PropertyPermission "*", "read,write";
    6 
    7   // needed because of SAML (cf. o.e.x.s.s.RestorableContextClassLoader)
    8   permission java.lang.RuntimePermission "getClassLoader";
    9   permission java.lang.RuntimePermission "setContextClassLoader";
   10 
   11   // needed for multiple server implementations used in tests
   12   permission java.net.SocketPermission "*", "accept,connect";
   13 
   14   // needed for Kerberos login
   15   permission javax.security.auth.AuthPermission "modifyPrincipals";
   16   permission javax.security.auth.AuthPermission "modifyPrivateCredentials";
   17   permission javax.security.auth.PrivateCredentialPermission "javax.security.auth.kerberos.KerberosKey * \"*\"", "read";
   18   permission javax.security.auth.PrivateCredentialPermission "javax.security.auth.kerberos.KeyTab * \"*\"", "read";
   19   permission javax.security.auth.PrivateCredentialPermission "javax.security.auth.kerberos.KerberosTicket * \"*\"", "read";
   20   permission javax.security.auth.AuthPermission "doAs";
   21   permission javax.security.auth.kerberos.ServicePermission "*","initiate,accept";
   22 
   23   permission java.util.PropertyPermission "javax.security.auth.useSubjectCredsOnly","write";
   24   permission java.util.PropertyPermission "java.security.krb5.conf","write";
   25   permission java.util.PropertyPermission "sun.security.krb5.debug","write";
   26   permission java.util.PropertyPermission "java.security.debug","write";
   27   permission java.util.PropertyPermission "sun.security.spnego.debug","write";
   28 };
   29 
   30 grant codeBase "${codebase.xmlsec-2.0.8.jar}" {
   31   // needed during initialization of OpenSAML library where xml security algorithms are registered
   32   // see https://github.com/apache/santuario-java/blob/e79f1fe4192de73a975bc7246aee58ed0703343d/src/main/java/org/apache/xml/security/utils/JavaUtils.java#L205-L220
   33   // and https://git.shibboleth.net/view/?p=java-opensaml.git;a=blob;f=opensaml-xmlsec-impl/src/main/java/org/opensaml/xmlsec/signature/impl/SignatureMarshaller.java;hb=db0eaa64210f0e32d359cd6c57bedd57902bf811#l52
   34   // which uses it in the opensaml-xmlsec-impl
   35   permission java.security.SecurityPermission "org.apache.xml.security.register";
   36 };
   37 
   38 grant codeBase "${codebase.netty-common}" {
   39    // for reading the system-wide configuration for the backlog of established sockets
   40    permission java.io.FilePermission "/proc/sys/net/core/somaxconn", "read";
   41 };
   42 
   43 grant codeBase "${codebase.netty-transport}" {
   44    // Netty NioEventLoop wants to change this, because of https://bugs.openjdk.java.net/browse/JDK-6427854
   45    // the bug says it only happened rarely, and that its fixed, but apparently it still happens rarely!
   46    permission java.util.PropertyPermission "sun.nio.ch.bugLevel", "write";
   47 };
   48 
   49 grant codeBase "${codebase.elasticsearch-rest-client}" {
   50   // rest client uses system properties which gets the default proxy
   51   permission java.net.NetPermission "getProxySelector";
   52 };
   53 
   54 grant codeBase "${codebase.httpasyncclient}" {
   55   // rest client uses system properties which gets the default proxy
   56   permission java.net.NetPermission "getProxySelector";
   57 };