/*
 *  Licensed to the Apache Software Foundation (ASF) under one
 *  or more contributor license agreements.  See the NOTICE file
 *  distributed with this work for additional information
 *  regarding copyright ownership.  The ASF licenses this file
 *  to you under the Apache License, Version 2.0 (the
 *  "License"); you may not use this file except in compliance
 *  with the License.  You may obtain a copy of the License at
 *
 *    http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing,
 *  software distributed under the License is distributed on an
 *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 *  KIND, either express or implied.  See the License for the
 *  specific language governing permissions and limitations
 *  under the License.
 */

/* Notes on the contents of this policy file:
 *
 * The following methods in groovy have privileged operations wrapping
 * setAccessible.  If these wrappers are not provided, most codebases below
 * must have the following grant: 
 * permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
 *  MetaMethod.createMetaMethod
 *  MetaMethod.invoke(Object Object[])
 *  ReflectionMetaMethod.invoke(Object Object[])
 *  DefaultGoovyMethods.dump(Object)
 */

/*
 * This keystore contains the public key of the pair used to sign GroovyTestJar.jar
 * See SecurityTest.testReadSignedJar()
 */
keystore "file:${user.dir}/security/groovykeys";

/*
 * ================= Codebases requiring java.security.AllPermission ===============
 * The following codebases require java.security.AllPermission.  They are considered trusted
 * for purposes of groovy security enforcement.  In a deployed groovy environment, these classes
 * would all be in a set of jars.  If these jars are signed, the grants could be strengthened to
 * by adding a signedBy clause to the grant.
 */

// Eclipse default output directory to allow running security tests in that IDE
grant codeBase "file:${user.dir}/bin/-" {
    permission java.security.AllPermission;
};

// IntelliJ IDEA default output directory to allow running security tests in that IDE
grant codeBase "file:${user.dir}/out/-" {
    permission java.security.AllPermission;
};

// Gradle build output directory
grant codeBase "file:${user.dir}/target/-" {
    permission java.security.AllPermission;
};

grant codeBase "file:${user.dir}/subprojects/groovy-test/target/-" {
    permission java.security.AllPermission;
};

// Gradle dependency cache
grant codeBase "file:${user.home}/.gradle/-" {
    permission java.security.AllPermission;
};

grant codeBase "file:${groovy.lib}/-" {
    permission java.security.AllPermission;
};

/*
 * When running from maven, this codebase is required.
 * If not running from maven, the codesource will not be found, but will not cause an error.
 */
grant codeBase "file:${maven.home}/-" {
    permission java.security.AllPermission;
};

/*
 * When running from Gradle, this codebase is required.
 * If not running from Gradle, the codesource will not be found, but will not cause an error.
 */
grant codeBase "file:${gradle.home}/-" {
    permission java.security.AllPermission;
};

grant codeBase "file:${gradle.junit}" {
    permission java.security.AllPermission;
};

/*
 * When running the junit plugin from within eclipse, this codebase is required.
 * If not running from eclipse, the codesource will not be found, but will not cause an error.
 */
grant codeBase "file:${user.dir}/../../plugins/-" {
    permission java.security.AllPermission;
};

/*
 * ================= Default codebases created by groovy. ===============
 * The following codebases are assigned when groovy parses a groovy script
 */

/* 
 * GroovyShell.parse(InputStream,...) is given a codebase of "groovy.shell" because no actual
 * codebase can be determined.  The other forms of parse(File) and parse(GroovyCodeSource) allow
 * for more control.  These permission should be set to control scripts that are passed into
 * the shell in the form of a string or other groovy code of unknown provenance.
 */
grant codeBase "file:/groovy/shell" {
    permission java.lang.RuntimePermission "accessDeclaredMembers";

    // For StreamClassloaderInScriptTest.groovy test
    permission java.io.FilePermission "${user.dir}${/}blahblah.dat", "read,write,delete";
};

/*
 * Similar to "file:/groovy/shell", but implying a direct call to GroovyClassLoader.parse() without
 * passing through GroovyShell.
 */
grant codeBase "file:/groovy/script" {
    permission java.lang.RuntimePermission "accessDeclaredMembers";
};

/*
 * The TestSupport class has a loadClass method that takes a ClassNode and runs it
 * through defineClass() of the class loader.  The codebase for this operation is
 * set to "/groovy/testSupport".
 */
grant codeBase "file:/groovy/testSupport" {
    permission java.lang.RuntimePermission "accessDeclaredMembers";
};

/*
 * ================= SecurityTest codebases  ===============
 * The following grants are for individual security test cases where the
 * codebase is explicitly specified (e.g. the script is a raw string rather
 * than read from a file).  Note that even though the codebases conform to
 * the file URL syntax, they are not physical files: they represent virtual
 * codebases.
 * The permission grant that is commented out is the permission that is 
 * expected to be missing by the test case.  It is here as a comment for
 * information.
 */

//Since a codebase is a URL, we can make use of the natural hierarchy permission implications
//to grant a 'global' accessDeclaredPermission here.
grant codeBase "file:/groovy/security/-" {
    permission java.lang.RuntimePermission "accessDeclaredMembers";
    permission java.lang.RuntimePermission "getClassLoader";
};

grant codeBase "file:/groovy/security/testForbiddenPackage" {
    //permission java.lang.RuntimePermission "accessClassInPackage.sun.*";
};

grant codeBase "file:/groovy/security/javax/print/deny" {
    //permission java.lang.RuntimePermission "accessClassInPackage.javax.print";
};

grant codeBase "file:/groovy/security/javax/print/allow" {
    permission java.lang.RuntimePermission "accessClassInPackage.javax.print";
};

/*
 * ================= .groovy script file codebases  ===============
 * The following grants are for individual security test cases.
 * The permission grant that is commented out is the permission that is 
 * expected to be missing by the test case.  It is here as a comment for
 * information.
 */
grant codeBase "file:${user.dir}/src/test/-" {
    // Required by most groovy scripts during execution because of the heavy use of reflection/
    // introspection.  The groovy code could potentially be changed to eliminate this requirement
    // by adding privileged operations in many places.
    permission java.lang.RuntimePermission "accessDeclaredMembers";
};

grant codeBase "file:${user.dir}/src/test/groovy/security/forbiddenCodeBase.gvy" {
    //The following grant is commented out so that the test case will throw an AccessControlException
    //permission groovy.security.GroovyCodeSourcePermission "/groovy/security/forbiddenCodeBase";
};

// Grant permission to .groovy files extracted from a signed jar that has been signedBy "Groovy"
grant signedBy "Groovy" {
    permission java.lang.RuntimePermission "accessDeclaredMembers";
    permission java.util.PropertyPermission "user.home", "read";
};

grant codeBase "file:${user.dir}/src/test/groovy/bugs/BadScriptNameBug.groovy" {
    permission java.lang.RuntimePermission "createClassLoader";
    permission java.util.PropertyPermission "groovy.compiler.strictNames", "read";
};

grant codeBase "file:${user.dir}/src/test/groovy/ClosureMethodTest.groovy" {
    permission java.lang.RuntimePermission "getClassLoader";
};

grant codeBase "file:${user.dir}/src/test/groovy/ClosureWithDefaultParamTest.groovy" {
    permission java.lang.RuntimePermission "getClassLoader";
    permission java.io.FilePermission "src${/}test${/}-", "read";

    // Required because test calls File.eachLine which eventually invokes
    // groovy.util.CharsetToolkit#getDefaultSystemCharset which does not wrap
    // the property access in a privileged block.
    permission java.util.PropertyPermission "file.encoding", "read";
};

grant codeBase "file:${user.dir}/src/test/groovy/bugs/ConstructorBug.groovy" {
    permission java.lang.RuntimePermission "createClassLoader";

    // Required because GroovyCodeSource calls to File#getCanonicalPath (at least on the Windows FileSystem)
    permission java.util.PropertyPermission "user.dir", "read";
    permission java.util.PropertyPermission "groovy.compiler.strictNames", "read";

    permission java.io.FilePermission "src${/}test${/}groovy${/}bugs${/}TestBase.groovy", "read";
    permission java.io.FilePermission "src${/}test${/}groovy${/}bugs${/}TestDerived.groovy", "read";
    permission java.io.FilePermission "${user.dir}${/}target${/}classes${/}test${/}groovy${/}bugs${/}TestBase.class", "read";
    permission java.io.FilePermission "${user.dir}${/}target${/}classes${/}test${/}groovy${/}bugs${/}TestDerived.class", "read";
};

grant codeBase "file:${user.dir}/src/test/groovy/script/ScriptTest.groovy" {
    permission java.io.FilePermission "src${/}test${/}groovy${/}-", "read";
    permission groovy.security.GroovyCodeSourcePermission "/groovy/shell";

    // Required because GroovyCodeSource calls to File#getCanonicalPath (at least on the Windows FileSystem)
    permission java.util.PropertyPermission "user.dir", "read";

    // Required by MethodTestScript.groovy run as a script
    permission java.lang.RuntimePermission "accessClassInPackage.sun.reflect";

    // Required by StreamClassloaderInScriptTest.groovy run as a script
    permission java.io.FilePermission "${user.dir}${/}blahblah.dat", "read,write,delete";

    // Required for JUnit to report errors for scripts that are junit test cases
    permission java.util.PropertyPermission "user.home", "read";
    permission java.io.FilePermission "${user.home}${/}junit.properties", "read";

    // Required for Gradle 4.7+ printing a line triggered by running the script
    permission java.util.PropertyPermission "line.separator", "read";
};

grant codeBase "file:${user.dir}/src/test/groovy/script/EvalInScript.groovy" {
    permission java.io.FilePermission "src${/}test${/}groovy${/}script${/}HelloWorld.groovy", "read";
    permission groovy.security.GroovyCodeSourcePermission "/groovy/shell";

    // Required because GroovyCodeSource calls to File#getCanonicalPath (at least on the Windows FileSystem)
    permission java.util.PropertyPermission "user.dir", "read";
};

grant codeBase "file:${user.dir}/src/test/groovy/script/MethodTestScript.groovy" {
    permission java.lang.RuntimePermission "accessClassInPackage.sun.reflect";
};

grant codeBase "file:${user.dir}/src/test/groovy/script/StreamClassloaderInScriptTest.groovy" {
    permission groovy.security.GroovyCodeSourcePermission "/groovy/shell";
    permission java.io.FilePermission "${user.dir}${/}blahblah.dat", "read,write,delete";
};

grant {
    // Required to load Global AST Transforms
    permission java.io.FilePermission "${user.dir}${/}target${/}resources${/}main${/}META-INF${/}services${/}-", "read";
    permission java.io.FilePermission "${user.dir}${/}target${/}libs${/}-", "read";

    // Required for StreamClassloaderInScriptTest
    permission java.io.FilePermission "${java.home}${/}-", "read";
};