Skip to content

Replace usages of java.security.AccessController in modules/ #20137

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
+31 −122
Open

Replace usages of java.security.AccessController in modules/ #20137

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 7 additions & 31 deletions ...ang-expression/src/main/java/org/opensearch/script/expression/ExpressionScriptEngine.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,6 @@
import org.opensearch.script.AggregationScript;
import org.opensearch.script.BucketAggregationScript;
import org.opensearch.script.BucketAggregationSelectorScript;
import org.opensearch.script.ClassPermission;
import org.opensearch.script.FieldScript;
import org.opensearch.script.FilterScript;
import org.opensearch.script.NumberSortScript;
Expand All @@ -58,12 +57,10 @@
import org.opensearch.script.ScriptException;
import org.opensearch.script.TermsSetQueryScript;
import org.opensearch.search.lookup.SearchLookup;
import org.opensearch.secure_sm.AccessController;

import java.io.IOException;
import java.io.UncheckedIOException;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Collections;
Expand Down Expand Up @@ -172,37 +169,16 @@ public String getType() {
return NAME;
}

@SuppressWarnings("removal")
@Override
public <T> T compile(String scriptName, String scriptSource, ScriptContext<T> context, Map<String, String> params) {
// classloader created here
final SecurityManager sm = System.getSecurityManager();
SpecialPermission.check();
Expression expr = AccessController.doPrivileged(new PrivilegedAction<Expression>() {
@Override
public Expression run() {
try {
// snapshot our context here, we check on behalf of the expression
AccessControlContext engineContext = AccessController.getContext();
ClassLoader loader = getClass().getClassLoader();
if (sm != null) {
loader = new ClassLoader(loader) {
@Override
protected Class<?> loadClass(String name, boolean resolve) throws ClassNotFoundException {
try {
engineContext.checkPermission(new ClassPermission(name));
} catch (SecurityException e) {
throw new ClassNotFoundException(name, e);
}
return super.loadClass(name, resolve);
}
};
}
// NOTE: validation is delayed to allow runtime vars, and we don't have access to per index stuff here
return JavascriptCompiler.compile(scriptSource, JavascriptCompiler.DEFAULT_FUNCTIONS);
} catch (ParseException e) {
throw convertToScriptException("compile error", scriptSource, scriptSource, e);
}
Expression expr = AccessController.doPrivileged(() -> {
try {
// NOTE: validation is delayed to allow runtime vars, and we don't have access to per index stuff here
return JavascriptCompiler.compile(scriptSource, JavascriptCompiler.DEFAULT_FUNCTIONS);
} catch (ParseException e) {
throw convertToScriptException("compile error", scriptSource, scriptSource, e);
}
});
if (contexts.containsKey(context) == false) {
Expand Down
9 changes: 2 additions & 7 deletions modules/lang-mustache/src/main/java/org/opensearch/script/mustache/MustacheScriptEngine.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,12 +46,11 @@
import org.opensearch.script.ScriptEngine;
import org.opensearch.script.ScriptException;
import org.opensearch.script.TemplateScript;
import org.opensearch.secure_sm.AccessController;

import java.io.Reader;
import java.io.StringReader;
import java.io.StringWriter;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Collections;
import java.util.Map;
import java.util.Set;
Expand Down Expand Up @@ -128,17 +127,13 @@ private class MustacheExecutableScript extends TemplateScript {
this.params = params;
}

@SuppressWarnings("removal")
@Override
public String execute() {
final StringWriter writer = new StringWriter();
try {
// crazy reflection here
SpecialPermission.check();
AccessController.doPrivileged((PrivilegedAction<Void>) () -> {
template.execute(writer, params);
return null;
});
AccessController.doPrivileged(() -> template.execute(writer, params));
} catch (Exception e) {
logger.error((Supplier<?>) () -> new ParameterizedMessage("Error running {}", template), e);
throw new GeneralScriptException("Error running " + template, e);
Expand Down
6 changes: 2 additions & 4 deletions modules/lang-painless/spi/src/main/java/org/opensearch/painless/spi/AllowlistLoader.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,15 +33,14 @@
package org.opensearch.painless.spi;

import org.opensearch.painless.spi.annotation.AllowlistAnnotationParser;
import org.opensearch.secure_sm.AccessController;

import java.io.InputStreamReader;
import java.io.LineNumberReader;
import java.lang.reflect.Constructor;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.nio.charset.StandardCharsets;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
Expand Down Expand Up @@ -513,8 +512,7 @@ public static Allowlist loadFromResourceFiles(Class<?> resource, Map<String, All
}
}

@SuppressWarnings("removal")
ClassLoader loader = AccessController.doPrivileged((PrivilegedAction<ClassLoader>) resource::getClassLoader);
ClassLoader loader = AccessController.doPrivileged(resource::getClassLoader);

return new Allowlist(loader, allowlistClasses, allowlistStatics, allowlistClassBindings, Collections.emptyList());
}
Expand Down
8 changes: 2 additions & 6 deletions modules/lang-painless/src/main/java/org/opensearch/painless/LambdaBootstrap.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@

package org.opensearch.painless;

import org.opensearch.secure_sm.AccessController;
import org.objectweb.asm.ClassWriter;
import org.objectweb.asm.FieldVisitor;
import org.objectweb.asm.Handle;
Expand All @@ -45,8 +46,6 @@
import java.lang.invoke.MethodHandle;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.security.AccessController;
import java.security.PrivilegedAction;

import static java.lang.invoke.MethodHandles.Lookup;
import static org.opensearch.painless.WriterConstants.CLASS_VERSION;
Expand Down Expand Up @@ -501,15 +500,12 @@ private static void endLambdaClass(ClassWriter cw) {
* Defines the {@link Class} for the lambda class using the same {@link Compiler.Loader}
* that originally defined the class for the Painless script.
*/
@SuppressWarnings("removal")
private static Class<?> createLambdaClass(Compiler.Loader loader, ClassWriter cw, Type lambdaClassType) {

byte[] classBytes = cw.toByteArray();
// DEBUG:
// new ClassReader(classBytes).accept(new TraceClassVisitor(new PrintWriter(System.out)), ClassReader.SKIP_DEBUG);
return AccessController.doPrivileged(
(PrivilegedAction<Class<?>>) () -> loader.defineLambda(lambdaClassType.getClassName(), classBytes)
);
return AccessController.doPrivileged(() -> loader.defineLambda(lambdaClassType.getClassName(), classBytes));
}

/**
Expand Down
39 changes: 6 additions & 33 deletions modules/lang-painless/src/main/java/org/opensearch/painless/PainlessScriptEngine.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,18 +42,14 @@
import org.opensearch.script.ScriptContext;
import org.opensearch.script.ScriptEngine;
import org.opensearch.script.ScriptException;
import org.opensearch.secure_sm.AccessController;
import org.objectweb.asm.ClassWriter;
import org.objectweb.asm.Opcodes;
import org.objectweb.asm.Type;
import org.objectweb.asm.commons.GeneratorAdapter;

import java.lang.invoke.MethodType;
import java.lang.reflect.Method;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.Permissions;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
Expand All @@ -75,20 +71,6 @@ public final class PainlessScriptEngine implements ScriptEngine {
*/
public static final String NAME = "painless";

/**
* Permissions context used during compilation.
*/
private static final AccessControlContext COMPILATION_CONTEXT;

/*
* Setup the allowed permissions.
*/
static {
final Permissions none = new Permissions();
none.setReadOnly();
COMPILATION_CONTEXT = new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, none) });
}

/**
* Default compiler settings to be used. Note that {@link CompilerSettings} is mutable but this instance shouldn't be mutated outside
* of {@link PainlessScriptEngine#PainlessScriptEngine(Settings, Map)}.
Expand Down Expand Up @@ -144,12 +126,7 @@ public <T> T compile(String scriptName, String scriptSource, ScriptContext<T> co
SpecialPermission.check();

// Create our loader (which loads compiled code with no permissions).
final Loader loader = AccessController.doPrivileged(new PrivilegedAction<Loader>() {
@Override
public Loader run() {
return compiler.createLoader(getClass().getClassLoader());
}
});
final Loader loader = AccessController.doPrivileged(() -> compiler.createLoader(getClass().getClassLoader()));

ScriptScope scriptScope = compile(contextsToCompilers.get(context), loader, scriptName, scriptSource, params);

Expand Down Expand Up @@ -451,14 +428,10 @@ ScriptScope compile(Compiler compiler, Loader loader, String scriptName, String
final CompilerSettings compilerSettings = buildCompilerSettings(params);

try {
// Drop all permissions to actually compile the code itself.
return AccessController.doPrivileged(new PrivilegedAction<ScriptScope>() {
@Override
public ScriptScope run() {
String name = scriptName == null ? source : scriptName;
return compiler.compile(loader, name, source, compilerSettings);
}
}, COMPILATION_CONTEXT);
return AccessController.doPrivileged(() -> {
String name = scriptName == null ? source : scriptName;
return compiler.compile(loader, name, source, compilerSettings);
});
// Note that it is safe to catch any of the following errors since Painless is stateless.
} catch (OutOfMemoryError | StackOverflowError | VerifyError | Exception e) {
throw convertToScriptException(source, e);
Expand Down
13 changes: 4 additions & 9 deletions ...les/lang-painless/src/main/java/org/opensearch/painless/lookup/PainlessLookupBuilder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@
import org.opensearch.painless.spi.AllowlistMethod;
import org.opensearch.painless.spi.annotation.InjectConstantAnnotation;
import org.opensearch.painless.spi.annotation.NoImportAnnotation;
import org.opensearch.secure_sm.AccessController;
import org.objectweb.asm.ClassWriter;
import org.objectweb.asm.Opcodes;
import org.objectweb.asm.commons.GeneratorAdapter;
Expand All @@ -58,9 +59,7 @@
import java.lang.reflect.Modifier;
import java.net.MalformedURLException;
import java.net.URI;
import java.security.AccessController;
import java.security.CodeSource;
import java.security.PrivilegedAction;
import java.security.SecureClassLoader;
import java.security.cert.Certificate;
import java.util.ArrayList;
Expand Down Expand Up @@ -2189,13 +2188,9 @@ private void generateBridgeMethod(PainlessClassBuilder painlessClassBuilder, Pai
bridgeClassWriter.visitEnd();

try {
@SuppressWarnings("removal")
BridgeLoader bridgeLoader = AccessController.doPrivileged(new PrivilegedAction<BridgeLoader>() {
@Override
public BridgeLoader run() {
return new BridgeLoader(javaMethod.getDeclaringClass().getClassLoader());
}
});
BridgeLoader bridgeLoader = AccessController.doPrivileged(
() -> new BridgeLoader(javaMethod.getDeclaringClass().getClassLoader())
);

Class<?> bridgeClass = bridgeLoader.defineBridge(bridgeClassName.replace('/', '.'), bridgeClassWriter.toByteArray());
Method bridgeMethod = bridgeClass.getMethod(
Expand Down
12 changes: 2 additions & 10 deletions modules/lang-painless/src/test/java/org/opensearch/painless/DocFieldsPhaseTests.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,23 +32,20 @@

package org.opensearch.painless;

import org.opensearch.painless.Compiler.Loader;
import org.opensearch.painless.lookup.PainlessLookup;
import org.opensearch.painless.lookup.PainlessLookupBuilder;
import org.opensearch.painless.spi.Allowlist;
import org.opensearch.painless.symbol.ScriptScope;
import org.opensearch.script.ScriptContext;
import org.opensearch.secure_sm.AccessController;

import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Collections;
import java.util.List;
import java.util.Map;

public class DocFieldsPhaseTests extends ScriptTestCase {
PainlessLookup lookup = PainlessLookupBuilder.buildFromAllowlists(Allowlist.BASE_ALLOWLISTS);

@SuppressWarnings("removal")
ScriptScope compile(String script) {
Compiler compiler = new Compiler(
MockDocTestScript.CONTEXT.instanceClazz,
Expand All @@ -58,12 +55,7 @@ ScriptScope compile(String script) {
);

// Create our loader (which loads compiled code with no permissions).
final Compiler.Loader loader = AccessController.doPrivileged(new PrivilegedAction<Loader>() {
@Override
public Compiler.Loader run() {
return compiler.createLoader(getClass().getClassLoader());
}
});
final Compiler.Loader loader = AccessController.doPrivileged(() -> compiler.createLoader(getClass().getClassLoader()));

return compiler.compile(loader, "test", script, new CompilerSettings());
}
Expand Down
11 changes: 2 additions & 9 deletions ...es/repository-url/src/main/java/org/opensearch/common/blobstore/url/URLBlobContainer.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@
import org.opensearch.common.blobstore.BlobPath;
import org.opensearch.common.blobstore.DeleteResult;
import org.opensearch.common.blobstore.support.AbstractBlobContainer;
import org.opensearch.secure_sm.AccessController;

import java.io.BufferedInputStream;
import java.io.FileNotFoundException;
Expand All @@ -46,9 +47,6 @@
import java.net.URISyntaxException;
import java.net.URL;
import java.nio.file.NoSuchFileException;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.List;
import java.util.Map;

Expand Down Expand Up @@ -160,14 +158,9 @@ public void writeBlobAtomic(String blobName, InputStream inputStream, long blobS
throw new UnsupportedOperationException("URL repository doesn't support this operation");
}

@SuppressWarnings("removal")
@SuppressForbidden(reason = "We call connect in doPrivileged and provide SocketPermission")
private static InputStream getInputStream(URL url) throws IOException {
try {
return AccessController.doPrivileged((PrivilegedExceptionAction<InputStream>) url::openStream);
} catch (PrivilegedActionException e) {
throw (IOException) e.getCause();
}
return AccessController.doPrivilegedChecked(url::openStream);
}

}
9 changes: 2 additions & 7 deletions modules/systemd/src/main/java/org/opensearch/systemd/Libsystemd.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,20 +34,15 @@

import com.sun.jna.Native;

import java.security.AccessController;
import java.security.PrivilegedAction;
import org.opensearch.secure_sm.AccessController;

/**
* Provides access to the native method sd_notify from libsystemd.
*/
@SuppressWarnings("removal")
class Libsystemd {

static {
AccessController.doPrivileged((PrivilegedAction<Object>) () -> {
Native.register(Libsystemd.class, "libsystemd.so.0");
return null;
});
AccessController.doPrivileged(() -> Native.register(Libsystemd.class, "libsystemd.so.0"));
}

/**
Expand Down
Loading
Loading