diff options
| author | Hilko Bengen <bengen@debian.org> | 2014-06-07 12:02:12 +0200 |
|---|---|---|
| committer | Hilko Bengen <bengen@debian.org> | 2014-06-07 12:02:12 +0200 |
| commit | d5ed89b946297270ec28abf44bef2371a06f1f4f (patch) | |
| tree | ce2d945e4dde69af90bd9905a70d8d27f4936776 /dev-tools/tests.policy | |
| download | elasticsearch-d5ed89b946297270ec28abf44bef2371a06f1f4f.tar.gz | |
Imported Upstream version 1.0.3upstream/1.0.3
Diffstat (limited to 'dev-tools/tests.policy')
| -rw-r--r-- | dev-tools/tests.policy | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/dev-tools/tests.policy b/dev-tools/tests.policy new file mode 100644 index 0000000..8abbfd8 --- /dev/null +++ b/dev-tools/tests.policy @@ -0,0 +1,53 @@ +/* + * Licensed to Elasticsearch under one or more contributor + * license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright + * ownership. Elasticsearch licenses this file to you under + * the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +// Policy file to prevent tests from writing outside the test sandbox directory +// PLEASE NOTE: You may need to enable other permissions when new tests are added, +// everything not allowed here is forbidden! + +grant { + // permissions for file access, write access only to sandbox: + permission java.io.FilePermission "<<ALL FILES>>", "read,execute"; + permission java.io.FilePermission "${junit4.childvm.cwd}", "read,execute,write"; + permission java.io.FilePermission "${junit4.childvm.cwd}${/}-", "read,execute,write,delete"; + permission java.io.FilePermission "${junit4.tempDir}${/}*", "read,execute,write,delete"; + + // Allow connecting to the internet anywhere + permission java.net.SocketPermission "*", "accept,listen,connect,resolve"; + + // Basic permissions needed for Lucene / Elasticsearch to work: + permission java.util.PropertyPermission "*", "read,write"; + permission java.lang.reflect.ReflectPermission "*"; + permission java.lang.RuntimePermission "*"; + + // These two *have* to be spelled out a separate + permission java.lang.management.ManagementPermission "control"; + permission java.lang.management.ManagementPermission "monitor"; + + permission java.net.NetPermission "*"; + permission java.util.logging.LoggingPermission "control"; + permission javax.management.MBeanPermission "*", "*"; + permission javax.management.MBeanServerPermission "*"; + permission javax.management.MBeanTrustPermission "*"; + + // Needed for some things in DNS caching in the JVM + permission java.security.SecurityPermission "getProperty.networkaddress.cache.ttl"; + permission java.security.SecurityPermission "getProperty.networkaddress.cache.negative.ttl"; + +}; |