You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lucene.apache.org by rm...@apache.org on 2019/12/03 01:34:53 UTC

[lucene-solr] branch master updated: SOLR-13991: clean up permissions in solr-tests.policy AKA break all the tests to hell, please ping the issue for repeated test failures

This is an automated email from the ASF dual-hosted git repository.

rmuir pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/lucene-solr.git


The following commit(s) were added to refs/heads/master by this push:
     new aebf7f7  SOLR-13991: clean up permissions in solr-tests.policy AKA break all the tests to hell, please ping the issue for repeated test failures
aebf7f7 is described below

commit aebf7f7a463329879123b6436dd711e62d3f6d37
Author: Robert Muir <rm...@apache.org>
AuthorDate: Mon Dec 2 20:34:01 2019 -0500

    SOLR-13991: clean up permissions in solr-tests.policy AKA break all the tests to hell, please ping the issue for repeated test failures
---
 lucene/tools/junit4/solr-tests.policy | 97 ++++++++++++++++++++++++++++-------
 1 file changed, 79 insertions(+), 18 deletions(-)

diff --git a/lucene/tools/junit4/solr-tests.policy b/lucene/tools/junit4/solr-tests.policy
index 82ed0bf..8140ddb 100644
--- a/lucene/tools/junit4/solr-tests.policy
+++ b/lucene/tools/junit4/solr-tests.policy
@@ -15,13 +15,7 @@
  * limitations under the License.
  */
 
-// Policy file to prevent tests from writing outside the test sandbox directory
-// (must be given as a sysprop: tests.sandbox.dir)
-// This policy also disallows stuff like listening on network ports of interfaces
-// different than 127.0.0.1.
-
-// PLEASE NOTE: You may need to enable other permissions when new tests are added,
-// everything not allowed here is forbidden!
+// Policy file for solr tests. Please keep minimal and avoid wildcards.
 
 grant {
   // permissions for file access, write access only to sandbox:
@@ -45,27 +39,94 @@ grant {
   
   // Basic permissions needed for Lucene to work:
   permission java.util.PropertyPermission "*", "read,write";
-  permission java.lang.reflect.ReflectPermission "*";
-  permission java.lang.RuntimePermission "*";
+
+  // needed by gson serialization of junit4 runner: TODO clean that up
+  permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
+  permission java.lang.RuntimePermission "accessDeclaredMembers";
+  // needed by junit4 runner to capture sysout/syserr:
+  permission java.lang.RuntimePermission "setIO";
+  // needed by randomized runner to catch failures from other threads:
+  permission java.lang.RuntimePermission "setDefaultUncaughtExceptionHandler";
+  // needed by randomized runner getTopThreadGroup:
+  permission java.lang.RuntimePermission "modifyThreadGroup";
+  // needed by tests e.g. shutting down executors:
+  permission java.lang.RuntimePermission "modifyThread";
+  // needed for tons of test hacks etc
+  permission java.lang.RuntimePermission "getStackTrace";
+  // needed for mock filesystems in tests
+  permission java.lang.RuntimePermission "fileSystemProvider";
+  // needed for test of IOUtils.spins (maybe it can be avoided)
+  permission java.lang.RuntimePermission "getFileStoreAttributes";
+  // analyzers/uima: needed by lucene expressions' JavascriptCompiler
+  permission java.lang.RuntimePermission "createClassLoader";
+  // needed to test unmap hack on platforms that support it
+  permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
+  // needed by jacoco to dump coverage
+  permission java.lang.RuntimePermission "shutdownHooks";
+  // needed by org.apache.logging.log4j
+  permission java.lang.RuntimePermission "getenv.*";
+  permission java.lang.RuntimePermission "getClassLoader";
+  permission java.lang.RuntimePermission "setContextClassLoader";
+  permission java.lang.RuntimePermission "getStackWalkerWithClassReference";
+  // needed by bytebuddy
+  permission java.lang.RuntimePermission "defineClass";
+  // needed by mockito
+  permission java.lang.RuntimePermission "accessClassInPackage.sun.reflect";
+  permission java.lang.RuntimePermission "reflectionFactoryAccess";
+  // needed by SolrResourceLoader
+  permission java.lang.RuntimePermission "closeClassLoader";
+  // needed by HttpSolrClient
+  permission java.lang.RuntimePermission "getFileSystemAttributes";
+  // needed by hadoop auth (TODO: there is a cleaner way to handle this)
+  permission java.lang.RuntimePermission "loadLibrary.jaas";
+  // needed by hadoop hdfs
+  permission java.lang.RuntimePermission "readFileDescriptor";
+  permission java.lang.RuntimePermission "writeFileDescriptor";
+  // needed by hadoop http
+  permission java.lang.RuntimePermission "getProtectionDomain";
 
   // These two *have* to be spelled out a separate
   permission java.lang.management.ManagementPermission "control";
   permission java.lang.management.ManagementPermission "monitor";
 
-  // Solr needs those:
-  permission java.net.NetPermission "*";
-  permission java.sql.SQLPermission "*";
+  // needed by hadoop htrace
+  permission java.net.NetPermission "getNetworkInformation";
+
+  // needed by DIH
+  permission java.sql.SQLPermission "deregisterDriver";
+
   permission java.util.logging.LoggingPermission "control";
-  permission javax.management.MBeanPermission "*", "*";
-  permission javax.management.MBeanServerPermission "*";
-  permission javax.management.MBeanTrustPermission "*";
-  permission javax.security.auth.AuthPermission "*";
+
+  // needed by solr mbeans feature/tests
+  // TODO: can we remove wildcard for class names/members?
+  permission javax.management.MBeanPermission "*", "getAttribute";
+  permission javax.management.MBeanPermission "*", "getMBeanInfo";
+  permission javax.management.MBeanPermission "*", "queryMBeans";
+  permission javax.management.MBeanPermission "*", "queryNames";
+  permission javax.management.MBeanPermission "*", "registerMBean";
+  permission javax.management.MBeanPermission "*", "unregisterMBean";
+  permission javax.management.MBeanServerPermission "createMBeanServer";
+  permission javax.management.MBeanServerPermission "findMBeanServer";
+  permission javax.management.MBeanServerPermission "releaseMBeanServer";
+  permission javax.management.MBeanTrustPermission "register";
+
+  // needed by hadoop auth
+  permission javax.security.auth.AuthPermission "getSubject";
+  permission javax.security.auth.AuthPermission "modifyPrincipals";
+  permission javax.security.auth.AuthPermission "doAs";
+  permission javax.security.auth.AuthPermission "getLoginConfiguration";
+  permission javax.security.auth.AuthPermission "setLoginConfiguration";
+  permission javax.security.auth.AuthPermission "modifyPrivateCredentials";
   permission javax.security.auth.PrivateCredentialPermission "org.apache.hadoop.security.Credentials * \"*\"", "read";
-  permission java.security.SecurityPermission "*";
+
+  // needed by hadoop security
+  permission java.security.SecurityPermission "putProviderProperty.SaslPlainServer";
+  permission java.security.SecurityPermission "insertProvider";
+
   permission javax.xml.bind.JAXBPermission "setDatatypeConverter";
 
   // SSL related properties for Solr tests
-  permission javax.net.ssl.SSLPermission "*";
+  permission javax.net.ssl.SSLPermission "setDefaultSSLContext";
 
   // SASL/Kerberos related properties for Solr tests
   permission javax.security.auth.PrivateCredentialPermission "javax.security.auth.kerberos.KerberosTicket * \"*\"", "read";