[3/4] lucene-solr:master: SOLR-12801: Relax specific test permissions to help harden tests.

[ma...@apache.org]

SOLR-12801: Relax specific test permissions to help harden tests.


Project: http://git-wip-us.apache.org/repos/asf/lucene-solr/repo
Commit: http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/bf0e9b36
Tree: http://git-wip-us.apache.org/repos/asf/lucene-solr/tree/bf0e9b36
Diff: http://git-wip-us.apache.org/repos/asf/lucene-solr/diff/bf0e9b36

Branch: refs/heads/master
Commit: bf0e9b367aaa50f2c13159d7a2b79ab97bf5291b
Parents: a165761
Author: markrmiller <ma...@apache.org>
Authored: Mon Dec 10 09:38:01 2018 -0600
Committer: markrmiller <ma...@apache.org>
Committed: Mon Dec 10 10:02:58 2018 -0600

----------------------------------------------------------------------
 lucene/tools/junit4/solr-tests.policy | 26 ++++++--------------------
 1 file changed, 6 insertions(+), 20 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/bf0e9b36/lucene/tools/junit4/solr-tests.policy
----------------------------------------------------------------------
diff --git a/lucene/tools/junit4/solr-tests.policy b/lucene/tools/junit4/solr-tests.policy
index d58b82c..69013eb 100644
--- a/lucene/tools/junit4/solr-tests.policy
+++ b/lucene/tools/junit4/solr-tests.policy
@@ -61,21 +61,11 @@ grant {
   permission javax.management.MBeanTrustPermission "*";
   permission javax.security.auth.AuthPermission "*";
   permission javax.security.auth.PrivateCredentialPermission "org.apache.hadoop.security.Credentials * \"*\"", "read";
-  permission java.security.SecurityPermission "putProviderProperty.SaslPlainServer";
-  permission java.security.SecurityPermission "insertProvider.SaslPlainServer";
+  permission java.security.SecurityPermission "*";
   permission javax.xml.bind.JAXBPermission "setDatatypeConverter";
-  
-  // TIKA uses BouncyCastle and that registers new provider for PDF parsing + MSOffice parsing. Maybe report as bug!
-  permission java.security.SecurityPermission "putProviderProperty.BC";
-  permission java.security.SecurityPermission "insertProvider.BC";
-
-  // Needed for some things in DNS caching in the JVM
-  permission java.security.SecurityPermission "getProperty.networkaddress.cache.ttl";
-  permission java.security.SecurityPermission "getProperty.networkaddress.cache.negative.ttl";
 
   // SSL related properties for Solr tests
-  permission java.security.SecurityPermission "getProperty.ssl.*";
-  permission javax.net.ssl.SSLPermission "setDefaultSSLContext";
+  permission javax.net.ssl.SSLPermission "*";
 
   // SASL/Kerberos related properties for Solr tests
   permission javax.security.auth.PrivateCredentialPermission "javax.security.auth.kerberos.KerberosTicket * \"*\"", "read";
@@ -84,15 +74,11 @@ grant {
   permission javax.security.auth.PrivateCredentialPermission "javax.security.auth.kerberos.KeyTab * \"*\"", "read";
   permission javax.security.auth.PrivateCredentialPermission "sun.security.jgss.krb5.Krb5Util$KeysFromKeyTab * \"*\"", "read";
   
-  permission javax.security.auth.kerberos.ServicePermission "krbtgt/EXAMPLE.COM@EXAMPLE.COM", "initiate";
-  permission javax.security.auth.kerberos.ServicePermission "zookeeper/localhost@EXAMPLE.COM", "initiate";
-  permission javax.security.auth.kerberos.ServicePermission "zookeeper/localhost@EXAMPLE.COM", "accept";
-  permission javax.security.auth.kerberos.ServicePermission "HTTP/127.0.0.1@EXAMPLE.COM", "initiate";
-  permission javax.security.auth.kerberos.ServicePermission "HTTP/127.0.0.1@EXAMPLE.COM", "accept";
-  permission javax.security.auth.kerberos.DelegationPermission "\"HTTP/127.0.0.1@EXAMPLE.COM\" \"krbtgt/EXAMPLE.COM@EXAMPLE.COM\"";
+  permission javax.security.auth.kerberos.ServicePermission "*", "initiate";
+  permission javax.security.auth.kerberos.ServicePermission "*", "accept";
+  permission javax.security.auth.kerberos.DelegationPermission "\"*\" \"krbtgt/EXAMPLE.COM@EXAMPLE.COM\"";
   
   // java 8 accessibility requires this perm - should not after 8 I believe (rrd4j is the root reason we hit an accessibility code path)
-  permission java.awt.AWTPermission "listenToAllAWTEvents";
-  permission java.awt.AWTPermission "accessEventQueue";
+  permission java.awt.AWTPermission "*";
 
 };