| /* |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| */ |
| |
| /* Notes on the contents of this policy file: |
| * |
| * The following methods in groovy have privileged operations wrapping |
| * setAccessible. If these wrappers are not provided, most codebases below |
| * must have the following grant: |
| * permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; |
| * MetaMethod.createMetaMethod |
| * MetaMethod.invoke(Object Object[]) |
| * ReflectionMetaMethod.invoke(Object Object[]) |
| * DefaultGoovyMethods.dump(Object) |
| */ |
| |
| /* |
| * This keystore contains the public key of the pair used to sign GroovyTestJar.jar |
| * See SecurityTest.testReadSignedJar() |
| */ |
| keystore "file:${user.dir}/security/groovykeys"; |
| |
| /* |
| * ================= Codebases requiring java.security.AllPermission =============== |
| * The following codebases require java.security.AllPermission. They are considered trusted |
| * for purposes of groovy security enforcement. In a deployed groovy environment, these classes |
| * would all be in a set of jars. If these jars are signed, the grants could be strengthened to |
| * by adding a signedBy clause to the grant. |
| */ |
| |
| // Eclipse default output directory to allow running security tests in that IDE |
| grant codeBase "file:${user.dir}/bin/-" { |
| permission java.security.AllPermission; |
| }; |
| |
| // IntelliJ IDEA default output directory to allow running security tests in that IDE |
| grant codeBase "file:${user.dir}/out/-" { |
| permission java.security.AllPermission; |
| }; |
| |
| // Gradle build output directory |
| grant codeBase "file:${user.dir}/target/-" { |
| permission java.security.AllPermission; |
| }; |
| |
| grant codeBase "file:${user.dir}/subprojects/groovy-test/target/-" { |
| permission java.security.AllPermission; |
| }; |
| |
| // Gradle dependency cache |
| grant codeBase "file:${user.home}/.gradle/-" { |
| permission java.security.AllPermission; |
| }; |
| |
| grant codeBase "file:${groovy.lib}/-" { |
| permission java.security.AllPermission; |
| }; |
| |
| /* |
| * When running from maven, this codebase is required. |
| * If not running from maven, the codesource will not be found, but will not cause an error. |
| */ |
| grant codeBase "file:${maven.home}/-" { |
| permission java.security.AllPermission; |
| }; |
| |
| /* |
| * When running from Gradle, this codebase is required. |
| * If not running from Gradle, the codesource will not be found, but will not cause an error. |
| */ |
| grant codeBase "file:${gradle.home}/-" { |
| permission java.security.AllPermission; |
| }; |
| |
| grant codeBase "file:${gradle.junit}" { |
| permission java.security.AllPermission; |
| }; |
| |
| /* |
| * When running the junit plugin from within eclipse, this codebase is required. |
| * If not running from eclipse, the codesource will not be found, but will not cause an error. |
| */ |
| grant codeBase "file:${user.dir}/../../plugins/-" { |
| permission java.security.AllPermission; |
| }; |
| |
| /* |
| * ================= Default codebases created by groovy. =============== |
| * The following codebases are assigned when groovy parses a groovy script |
| */ |
| |
| /* |
| * GroovyShell.parse(InputStream,...) is given a codebase of "groovy.shell" because no actual |
| * codebase can be determined. The other forms of parse(File) and parse(GroovyCodeSource) allow |
| * for more control. These permission should be set to control scripts that are passed into |
| * the shell in the form of a string or other groovy code of unknown provenance. |
| */ |
| grant codeBase "file:/groovy/shell" { |
| permission java.lang.RuntimePermission "accessDeclaredMembers"; |
| |
| // For StreamClassloaderInScriptTest.groovy test |
| permission java.io.FilePermission "${user.dir}${/}blahblah.dat", "read,write,delete"; |
| }; |
| |
| /* |
| * Similar to "file:/groovy/shell", but implying a direct call to GroovyClassLoader.parse() without |
| * passing through GroovyShell. |
| */ |
| grant codeBase "file:/groovy/script" { |
| permission java.lang.RuntimePermission "accessDeclaredMembers"; |
| }; |
| |
| /* |
| * The TestSupport class has a loadClass method that takes a ClassNode and runs it |
| * through defineClass() of the class loader. The codebase for this operation is |
| * set to "/groovy/testSupport". |
| */ |
| grant codeBase "file:/groovy/testSupport" { |
| permission java.lang.RuntimePermission "accessDeclaredMembers"; |
| }; |
| |
| /* |
| * ================= SecurityTest codebases =============== |
| * The following grants are for individual security test cases where the |
| * codebase is explicitly specified (e.g. the script is a raw string rather |
| * than read from a file). Note that even though the codebases conform to |
| * the file URL syntax, they are not physical files: they represent virtual |
| * codebases. |
| * The permission grant that is commented out is the permission that is |
| * expected to be missing by the test case. It is here as a comment for |
| * information. |
| */ |
| |
| //Since a codebase is a URL, we can make use of the natural hierarchy permission implications |
| //to grant a 'global' accessDeclaredPermission here. |
| grant codeBase "file:/groovy/security/-" { |
| permission java.lang.RuntimePermission "accessDeclaredMembers"; |
| permission java.lang.RuntimePermission "getClassLoader"; |
| }; |
| |
| grant codeBase "file:/groovy/security/testForbiddenPackage" { |
| //permission java.lang.RuntimePermission "accessClassInPackage.sun.*"; |
| }; |
| |
| grant codeBase "file:/groovy/security/javax/print/deny" { |
| //permission java.lang.RuntimePermission "accessClassInPackage.javax.print"; |
| }; |
| |
| grant codeBase "file:/groovy/security/javax/print/allow" { |
| permission java.lang.RuntimePermission "accessClassInPackage.javax.print"; |
| }; |
| |
| /* |
| * ================= .groovy script file codebases =============== |
| * The following grants are for individual security test cases. |
| * The permission grant that is commented out is the permission that is |
| * expected to be missing by the test case. It is here as a comment for |
| * information. |
| */ |
| grant codeBase "file:${user.dir}/src/test/-" { |
| // Required by most groovy scripts during execution because of the heavy use of reflection/ |
| // introspection. The groovy code could potentially be changed to eliminate this requirement |
| // by adding privileged operations in many places. |
| permission java.lang.RuntimePermission "accessDeclaredMembers"; |
| }; |
| |
| grant codeBase "file:${user.dir}/src/test/groovy/security/forbiddenCodeBase.gvy" { |
| //The following grant is commented out so that the test case will throw an AccessControlException |
| //permission groovy.security.GroovyCodeSourcePermission "/groovy/security/forbiddenCodeBase"; |
| }; |
| |
| // Grant permission to .groovy files extracted from a signed jar that has been signedBy "Groovy" |
| grant signedBy "Groovy" { |
| permission java.lang.RuntimePermission "accessDeclaredMembers"; |
| permission java.util.PropertyPermission "user.home", "read"; |
| }; |
| |
| grant codeBase "file:${user.dir}/src/test/groovy/bugs/BadScriptNameBug.groovy" { |
| permission java.lang.RuntimePermission "createClassLoader"; |
| permission java.util.PropertyPermission "groovy.compiler.strictNames", "read"; |
| }; |
| |
| grant codeBase "file:${user.dir}/src/test/groovy/ClosureMethodTest.groovy" { |
| permission java.lang.RuntimePermission "getClassLoader"; |
| }; |
| |
| grant codeBase "file:${user.dir}/src/test/groovy/ClosureWithDefaultParamTest.groovy" { |
| permission java.lang.RuntimePermission "getClassLoader"; |
| permission java.io.FilePermission "src${/}test${/}-", "read"; |
| |
| // Required because test calls File.eachLine which eventually invokes |
| // groovy.util.CharsetToolkit#getDefaultSystemCharset which does not wrap |
| // the property access in a privileged block. |
| permission java.util.PropertyPermission "file.encoding", "read"; |
| }; |
| |
| grant codeBase "file:${user.dir}/src/test/groovy/bugs/ConstructorBug.groovy" { |
| permission java.lang.RuntimePermission "createClassLoader"; |
| |
| // Required because GroovyCodeSource calls to File#getCanonicalPath (at least on the Windows FileSystem) |
| permission java.util.PropertyPermission "user.dir", "read"; |
| permission java.util.PropertyPermission "groovy.compiler.strictNames", "read"; |
| |
| permission java.io.FilePermission "src${/}test${/}groovy${/}bugs${/}TestBase.groovy", "read"; |
| permission java.io.FilePermission "src${/}test${/}groovy${/}bugs${/}TestDerived.groovy", "read"; |
| permission java.io.FilePermission "${user.dir}${/}target${/}classes${/}test${/}groovy${/}bugs${/}TestBase.class", "read"; |
| permission java.io.FilePermission "${user.dir}${/}target${/}classes${/}test${/}groovy${/}bugs${/}TestDerived.class", "read"; |
| }; |
| |
| grant codeBase "file:${user.dir}/src/test/groovy/script/ScriptTest.groovy" { |
| permission java.io.FilePermission "src${/}test${/}groovy${/}-", "read"; |
| permission groovy.security.GroovyCodeSourcePermission "/groovy/shell"; |
| |
| // Required because GroovyCodeSource calls to File#getCanonicalPath (at least on the Windows FileSystem) |
| permission java.util.PropertyPermission "user.dir", "read"; |
| |
| // Required by MethodTestScript.groovy run as a script |
| permission java.lang.RuntimePermission "accessClassInPackage.sun.reflect"; |
| |
| // Required by StreamClassloaderInScriptTest.groovy run as a script |
| permission java.io.FilePermission "${user.dir}${/}blahblah.dat", "read,write,delete"; |
| |
| // Required for JUnit to report errors for scripts that are junit test cases |
| permission java.util.PropertyPermission "user.home", "read"; |
| permission java.io.FilePermission "${user.home}${/}junit.properties", "read"; |
| |
| // Required for Gradle 4.7+ printing a line triggered by running the script |
| permission java.util.PropertyPermission "line.separator", "read"; |
| }; |
| |
| grant codeBase "file:${user.dir}/src/test/groovy/script/EvalInScript.groovy" { |
| permission java.io.FilePermission "src${/}test${/}groovy${/}script${/}HelloWorld.groovy", "read"; |
| permission groovy.security.GroovyCodeSourcePermission "/groovy/shell"; |
| |
| // Required because GroovyCodeSource calls to File#getCanonicalPath (at least on the Windows FileSystem) |
| permission java.util.PropertyPermission "user.dir", "read"; |
| }; |
| |
| grant codeBase "file:${user.dir}/src/test/groovy/script/MethodTestScript.groovy" { |
| permission java.lang.RuntimePermission "accessClassInPackage.sun.reflect"; |
| }; |
| |
| grant codeBase "file:${user.dir}/src/test/groovy/script/StreamClassloaderInScriptTest.groovy" { |
| permission groovy.security.GroovyCodeSourcePermission "/groovy/shell"; |
| permission java.io.FilePermission "${user.dir}${/}blahblah.dat", "read,write,delete"; |
| }; |
| |
| grant { |
| // Required to load Global AST Transforms |
| permission java.io.FilePermission "${user.dir}${/}target${/}resources${/}main${/}META-INF${/}services${/}-", "read"; |
| permission java.io.FilePermission "${user.dir}${/}target${/}libs${/}-", "read"; |
| |
| // Required for StreamClassloaderInScriptTest |
| permission java.io.FilePermission "${java.home}${/}-", "read"; |
| }; |
