-
Notifications
You must be signed in to change notification settings - Fork 1.9k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add ThreadContextPermission for markAsSystemContext and allow core to…
… perform the method (#15016) * Add RuntimePermission for markAsSystemContext and allow core to perform the method Signed-off-by: Craig Perkins <[email protected]> * private Signed-off-by: Craig Perkins <[email protected]> * Surround with doPrivileged Signed-off-by: Craig Perkins <[email protected]> * Create ThreadContextAccess Signed-off-by: Craig Perkins <[email protected]> * Create notion of ThreadContextPermission Signed-off-by: Craig Perkins <[email protected]> * Add to CHANGELOG Signed-off-by: Craig Perkins <[email protected]> * Add javadoc Signed-off-by: Craig Perkins <[email protected]> * Add to test-framework.policy file Signed-off-by: Craig Perkins <[email protected]> * Mark as internal Signed-off-by: Craig Perkins <[email protected]> --------- Signed-off-by: Craig Perkins <[email protected]> (cherry picked from commit 597747d) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
- Loading branch information
1 parent
154b284
commit aa182af
Showing
19 changed files
with
128 additions
and
16 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
40 changes: 40 additions & 0 deletions
40
libs/secure-sm/src/main/java/org/opensearch/secure_sm/ThreadContextPermission.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
/* | ||
* SPDX-License-Identifier: Apache-2.0 | ||
* | ||
* The OpenSearch Contributors require contributions made to | ||
* this file be licensed under the Apache-2.0 license or a | ||
* compatible open source license. | ||
*/ | ||
|
||
package org.opensearch.secure_sm; | ||
|
||
import java.security.BasicPermission; | ||
|
||
/** | ||
* Permission to utilize methods in the ThreadContext class that are normally not accessible | ||
* | ||
* @see ThreadGroup | ||
* @see SecureSM | ||
*/ | ||
public final class ThreadContextPermission extends BasicPermission { | ||
|
||
/** | ||
* Creates a new ThreadContextPermission object. | ||
* | ||
* @param name target name | ||
*/ | ||
public ThreadContextPermission(String name) { | ||
super(name); | ||
} | ||
|
||
/** | ||
* Creates a new ThreadContextPermission object. | ||
* This constructor exists for use by the {@code Policy} object to instantiate new Permission objects. | ||
* | ||
* @param name target name | ||
* @param actions ignored | ||
*/ | ||
public ThreadContextPermission(String name, String actions) { | ||
super(name, actions); | ||
} | ||
Check warning on line 39 in libs/secure-sm/src/main/java/org/opensearch/secure_sm/ThreadContextPermission.java Codecov / codecov/patchlibs/secure-sm/src/main/java/org/opensearch/secure_sm/ThreadContextPermission.java#L38-L39
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
41 changes: 41 additions & 0 deletions
41
server/src/main/java/org/opensearch/common/util/concurrent/ThreadContextAccess.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
/* | ||
* SPDX-License-Identifier: Apache-2.0 | ||
* | ||
* The OpenSearch Contributors require contributions made to | ||
* this file be licensed under the Apache-2.0 license or a | ||
* compatible open source license. | ||
*/ | ||
|
||
package org.opensearch.common.util.concurrent; | ||
|
||
import org.opensearch.SpecialPermission; | ||
import org.opensearch.common.annotation.InternalApi; | ||
|
||
import java.security.AccessController; | ||
import java.security.PrivilegedAction; | ||
|
||
/** | ||
* This class wraps the {@link ThreadContext} operations requiring access in | ||
* {@link AccessController#doPrivileged(PrivilegedAction)} blocks. | ||
* | ||
* @opensearch.internal | ||
*/ | ||
@SuppressWarnings("removal") | ||
@InternalApi | ||
public final class ThreadContextAccess { | ||
|
||
private ThreadContextAccess() {} | ||
|
||
public static <T> T doPrivileged(PrivilegedAction<T> operation) { | ||
SpecialPermission.check(); | ||
return AccessController.doPrivileged(operation); | ||
Check warning on line 31 in server/src/main/java/org/opensearch/common/util/concurrent/ThreadContextAccess.java Codecov / codecov/patchserver/src/main/java/org/opensearch/common/util/concurrent/ThreadContextAccess.java#L30-L31
|
||
} | ||
|
||
public static void doPrivilegedVoid(Runnable action) { | ||
SpecialPermission.check(); | ||
AccessController.doPrivileged((PrivilegedAction<Void>) () -> { | ||
action.run(); | ||
return null; | ||
}); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters