groovy-core/security/groovy.policy - groovy - Git at Google

 /* Notes on the contents of this policy file:
  *
  * The following methods in groovy have privileged operations wrapping
  * setAccessible.  If these wrappers are not provided, most codebases below
  * must have the following grant:
  * permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
  *  MetaMethod.createMetaMethod
  *  MetaMethod.invoke(Object Object[])
  *  ReflectionMetaMethod.invoke(Object Object[])
  *  DefaultGoovyMethods.dump(Object)
  */

 /*
  * This keystore contains the public key of the pair used to sign GroovyTestJar.jar
  * See SecurityTest.testReadSignedJar()
  */
 keystore "file:${user.dir}/security/groovykeys";

 /*
  * ================= Codebases requiring java.security.AllPermission ===============
  * The following codebases require java.security.AllPermission.  They are considered trusted
  * for purposes of groovy security enforcement.  In a deployed groovy environment, these classes
  * would all be in a set of jars.  If these jars are signed, the grants could be strengthened to
  * by adding a signedBy clause to the grant.
  */

 //spg:  Looks like james switched the output destination to bin from target/classes
 //in his 7/13/04 update to the eclipse .classpath.  This permission allows the
 //Security tests to run properly in eclipse (they were unaffected when running from maven)
 grant codeBase "file:${user.dir}/bin/-" {
 	permission java.security.AllPermission;
 };

 grant codeBase "file:${user.dir}/target/classes/-" {
 	permission java.security.AllPermission;
 };

 grant codeBase "file:${user.dir}/target/instrumented-classes/-" {
 	permission java.security.AllPermission;
 };

 grant codeBase "file:${user.dir}/target/test-classes/-" {
 	permission java.security.AllPermission;
 };

 grant codeBase "file:${groovy.lib}/-" {
 	permission java.security.AllPermission;
 };

 /*
  * When running from maven, this codebase is required.
  * If not running from maven, the codesource will not be found, but will not cause an error.
  */
 grant codeBase "file:${maven.home}/-" {
 	permission java.security.AllPermission;
 };

 /*
  * When running from ant, this codebase is required.
  * If not running from ant, the codesource will not be found, but will not cause an error.
  * TODO: narrow this down to specific jars
  */
 grant codeBase "file:${user.dir}/target/lib/-" {
 	permission java.security.AllPermission;
 };

 /*
  * When running the junit plugin from within eclipse, this codebase is required.
  * If not running from eclipse, the codesource will not be found, but will not cause an error.
  */
 grant codeBase "file:${user.dir}/../../plugins/-" {
 	permission java.security.AllPermission;
 };

 /*
  * ================= Default codebases created by groovy. ===============
  * The following codebases are assigned when groovy parses a groovy script
  */

 /*
  * GroovyShell.parse(InputStream,...) is given a codebase of "groovy.shell" because no actual
  * codebase can be determined.  The other forms of parse(File) and parse(GroovyCodeSource) allow
  * for more control.  These permission should be set to control scripts that are passed into
  * the shell in the form of a string or other groovy code of unknown provenance.
  */
 grant codeBase "file:/groovy/shell" {
 	permission java.lang.RuntimePermission "accessDeclaredMembers";
 };

 /*
  * Similar to "file:/groovy/shell", but implying a direct call to GroovyClassLoader.parse() without
  * passing through GroovyShell.
  */
 grant codeBase "file:/groovy/script" {
 	permission java.lang.RuntimePermission "accessDeclaredMembers";
 	//permission java.util.PropertyPermission "groovy.output.dir", "read";
 };

 /*
  * The TestSupport class has a loadClass method that takes a ClassNode and runs it
  * through defineClass() of the class loader.  The codebase for this operation is
  * set to "/groovy/testSupport".
  */
 grant codeBase "file:/groovy/testSupport" {
 	permission java.lang.RuntimePermission "accessDeclaredMembers";
 };

 /*
  * ================= SecurityTest codebases  ===============
  * The following grants are for individual security test cases where the
  * codebase is explicity specified (e.g. the script is a raw string rather
  * than read from a file).  Note that even though the codebases conform to
  * the file URL syntax, they are not physical files: they represent virtual
  * codebases.
  * The permission grant that is commented out is the permission that is
  * expected to be missing by the test case.  It is here as a comment for
  * information.
  */

 //Since a codebase is a URL, we can make use of the natural hierarchy permission implications
 //to grant a 'global' accessDeclaredPermission here.
 grant codeBase "file:/groovy/security/-" {
 	permission java.lang.RuntimePermission "accessDeclaredMembers";
 };

 grant codeBase "file:/groovy/security/testForbiddenPackage" {
 	//permission java.lang.RuntimePermission "accessClassInPackage.sun.*";
 };

 grant codeBase "file:/groovy/security/javax/print/deny" {
 	//permission java.lang.RuntimePermission "accessClassInPackage.javax.print";
 };

 grant codeBase "file:/groovy/security/javax/print/allow" {
 	permission java.lang.RuntimePermission "accessClassInPackage.javax.print";
 };

 /*
  * ================= .groovy script file codebases  ===============
  * The following grants are for individual security test cases.
  * The permission grant that is commented out is the permission that is
  * expected to be missing by the test case.  It is here as a comment for
  * information.
  */
 grant codeBase "file:${user.dir}/src/test/-" {
 	// Required by most groovy scripts during execution because of the heavy use of reflection/
  	// introspection.  The groovy code could potentially be changed to eliminate this requirement
  	// by adding privileged operations in many places.
 	permission java.lang.RuntimePermission "accessDeclaredMembers";

 	// SHOULD NOT HAVE TO DO THIS! - Level.getLocalizedName() should have a doPrivileged block.
 	// Any test that logs, will encounter this (although it will be masked by the method
 	permission java.lang.RuntimePermission "accessClassInPackage.sun.util.logging.resources";
 };

 grant codeBase "file:${user.dir}/src/test/groovy/security/forbiddenCodeBase.gvy" {
 	//The following grant is commented out so that the test case will throw an AccessControlException
 	permission groovy.security.GroovyCodeSourcePermission "groovy/security/forbiddenCodeBase";
 };

 // Grant permission to .groovy files extracted from a signed jar that has been signedBy "Groovy"
 grant signedBy "Groovy" {
 	permission java.lang.RuntimePermission "accessDeclaredMembers";
 	permission java.util.PropertyPermission "user.home", "read";
 };

 grant codeBase "file:${user.dir}/src/test/groovy/bugs/BadScriptNameBug.groovy" {
 	permission java.util.PropertyPermission "java.class.path", "read";
 	permission java.io.FilePermission "<<ALL FILES>>", "read";
 	permission java.lang.RuntimePermission "createClassLoader";
 };

 grant codeBase "file:${user.dir}/src/test/groovy/ClosureListenerTest.groovy" {
 	permission java.util.PropertyPermission "java.awt.headless", "read";
 	// below seems like a new requirement in jdk 1.6/1.7
 	permission java.util.PropertyPermission "os.version", "read";
 };

 grant codeBase "file:${user.dir}/src/test/groovy/ClosureMethodTest.groovy" {
 	permission java.io.FilePermission "${user.dir}${/}src${/}test${/}-", "read";
 	permission java.util.PropertyPermission "file.encoding", "read";
 };

 grant codeBase "file:${user.dir}/src/test/groovy/GroovyMethodsTest.groovy" {
 	permission java.util.PropertyPermission "*", "read,write";
 	//spg 2006-02-09 added ALL FILES execute because a test case
 	//invokes Runtime.exec().  This is OK and permission should be granted here.
 	permission java.io.FilePermission "<<ALL FILES>>", "execute";
 };

 grant codeBase "file:${user.dir}/src/test/groovy/ClosureWithDefaultParamTest.groovy" {
 	permission java.io.FilePermission "src${/}test${/}-", "read";
 	permission java.util.PropertyPermission "file.encoding", "read";
 };

 grant codeBase "file:${user.dir}/src/test/groovy/bugs/ConstructorBug.groovy" {
 	permission java.lang.RuntimePermission "createClassLoader";
 	permission java.io.FilePermission "src${/}test${/}groovy${/}bugs${/}TestBase.groovy", "read";
 	permission java.io.FilePermission "src${/}test${/}groovy${/}bugs${/}TestDerived.groovy", "read";
 };

 grant codeBase "file:${user.dir}/src/test/groovy/bugs/ForAndSqlBug.groovy" {
 	permission java.io.FilePermission "target${/}test-classes${/}*", "read, write";
 };

 grant codeBase "file:${user.dir}/src/test/groovy/bugs/ForLoopBug.groovy" {
 	permission java.io.FilePermission "target${/}test-classes${/}*", "read, write";
 	permission java.io.FilePermission "target${/}test-classes${/}*", "read, write";
 };

 grant codeBase "file:${user.dir}/src/test/groovy/bugs/Groovy303_Bug.groovy" {
 	permission java.awt.AWTPermission "showWindowWithoutWarningBanner";
 	// below seems like a new requirement in jdk 1.5
 	permission java.util.PropertyPermission "os.version", "read";
 };

 grant codeBase "file:${user.dir}/src/test/groovy/script/ScriptTest.groovy" {
 	permission java.io.FilePermission "src${/}test${/}groovy${/}-", "read";
 };

 grant codeBase "file:${user.dir}/src/test/groovy/script/EvalInScript.groovy" {
 	permission java.io.FilePermission "src${/}test${/}groovy${/}script${/}HelloWorld.groovy", "read";
 };

 grant codeBase "file:${user.dir}/src/test/groovy/sql/PersonTest.groovy" {
 	permission java.io.FilePermission "target${/}test-classes${/}groovy${/}sql${/}-", "read";
 };

 grant codeBase "file:${user.dir}/src/test/groovy/sql/SqlCompleteTest.groovy" {
 	permission java.io.FilePermission "target${/}test-classes${/}groovy${/}sql${/}-", "read";
 };

 grant codeBase "file:${user.dir}/src/test/groovy/sql/SqlCompleteWithoutDataSourceTest.groovy" {
     //TODO: what should this be see other TODO about narrowing down main directories
 	//permission java.io.FilePermission "${groovy.lib}${/}axion${/}jars${/}axion-1.0-M3-dev.jar", "read";
 };

 grant codeBase "file:${user.dir}/src/test/groovy/sql/SqlTest.groovy" {
 	permission java.io.FilePermission "target${/}test-classes${/}groovy${/}sql${/}-", "read";
 };

 grant codeBase "file:${user.dir}/src/test/groovy/util/AntTest.groovy" {
 	permission java.security.AllPermission;
 };

 grant codeBase "file:${user.dir}/src/test/org/codehaus/groovy/classgen/MetaClassTest.groovy" {
 	permission java.io.FilePermission "target${/}test-classes${/}-", "read";
 };
	/* Notes on the contents of this policy file:
	*
	* The following methods in groovy have privileged operations wrapping
	* setAccessible. If these wrappers are not provided, most codebases below
	* must have the following grant:
	* permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
	* MetaMethod.createMetaMethod
	* MetaMethod.invoke(Object Object[])
	* ReflectionMetaMethod.invoke(Object Object[])
	* DefaultGoovyMethods.dump(Object)
	*/

	/*
	* This keystore contains the public key of the pair used to sign GroovyTestJar.jar
	* See SecurityTest.testReadSignedJar()
	*/
	keystore "file:${user.dir}/security/groovykeys";

	/*
	* ================= Codebases requiring java.security.AllPermission ===============
	* The following codebases require java.security.AllPermission. They are considered trusted
	* for purposes of groovy security enforcement. In a deployed groovy environment, these classes
	* would all be in a set of jars. If these jars are signed, the grants could be strengthened to
	* by adding a signedBy clause to the grant.
	*/

	//spg: Looks like james switched the output destination to bin from target/classes
	//in his 7/13/04 update to the eclipse .classpath. This permission allows the
	//Security tests to run properly in eclipse (they were unaffected when running from maven)
	grant codeBase "file:${user.dir}/bin/-" {
	permission java.security.AllPermission;
	};

	grant codeBase "file:${user.dir}/target/classes/-" {
	permission java.security.AllPermission;
	};

	grant codeBase "file:${user.dir}/target/instrumented-classes/-" {
	permission java.security.AllPermission;
	};

	grant codeBase "file:${user.dir}/target/test-classes/-" {
	permission java.security.AllPermission;
	};

	grant codeBase "file:${groovy.lib}/-" {
	permission java.security.AllPermission;
	};

	/*
	* When running from maven, this codebase is required.
	* If not running from maven, the codesource will not be found, but will not cause an error.
	*/
	grant codeBase "file:${maven.home}/-" {
	permission java.security.AllPermission;
	};

	/*
	* When running from ant, this codebase is required.
	* If not running from ant, the codesource will not be found, but will not cause an error.
	* TODO: narrow this down to specific jars
	*/
	grant codeBase "file:${user.dir}/target/lib/-" {
	permission java.security.AllPermission;
	};

	/*
	* When running the junit plugin from within eclipse, this codebase is required.
	* If not running from eclipse, the codesource will not be found, but will not cause an error.
	*/
	grant codeBase "file:${user.dir}/../../plugins/-" {
	permission java.security.AllPermission;
	};

	/*
	* ================= Default codebases created by groovy. ===============
	* The following codebases are assigned when groovy parses a groovy script
	*/

	/*
	* GroovyShell.parse(InputStream,...) is given a codebase of "groovy.shell" because no actual
	* codebase can be determined. The other forms of parse(File) and parse(GroovyCodeSource) allow
	* for more control. These permission should be set to control scripts that are passed into
	* the shell in the form of a string or other groovy code of unknown provenance.
	*/
	grant codeBase "file:/groovy/shell" {
	permission java.lang.RuntimePermission "accessDeclaredMembers";
	};

	/*
	* Similar to "file:/groovy/shell", but implying a direct call to GroovyClassLoader.parse() without
	* passing through GroovyShell.
	*/
	grant codeBase "file:/groovy/script" {
	permission java.lang.RuntimePermission "accessDeclaredMembers";
	//permission java.util.PropertyPermission "groovy.output.dir", "read";
	};

	/*
	* The TestSupport class has a loadClass method that takes a ClassNode and runs it
	* through defineClass() of the class loader. The codebase for this operation is
	* set to "/groovy/testSupport".
	*/
	grant codeBase "file:/groovy/testSupport" {
	permission java.lang.RuntimePermission "accessDeclaredMembers";
	};

	/*
	* ================= SecurityTest codebases ===============
	* The following grants are for individual security test cases where the
	* codebase is explicity specified (e.g. the script is a raw string rather
	* than read from a file). Note that even though the codebases conform to
	* the file URL syntax, they are not physical files: they represent virtual
	* codebases.
	* The permission grant that is commented out is the permission that is
	* expected to be missing by the test case. It is here as a comment for
	* information.
	*/

	//Since a codebase is a URL, we can make use of the natural hierarchy permission implications
	//to grant a 'global' accessDeclaredPermission here.
	grant codeBase "file:/groovy/security/-" {
	permission java.lang.RuntimePermission "accessDeclaredMembers";
	};

	grant codeBase "file:/groovy/security/testForbiddenPackage" {
	//permission java.lang.RuntimePermission "accessClassInPackage.sun.*";
	};

	grant codeBase "file:/groovy/security/javax/print/deny" {
	//permission java.lang.RuntimePermission "accessClassInPackage.javax.print";
	};

	grant codeBase "file:/groovy/security/javax/print/allow" {
	permission java.lang.RuntimePermission "accessClassInPackage.javax.print";
	};

	/*
	* ================= .groovy script file codebases ===============
	* The following grants are for individual security test cases.
	* The permission grant that is commented out is the permission that is
	* expected to be missing by the test case. It is here as a comment for
	* information.
	*/
	grant codeBase "file:${user.dir}/src/test/-" {
	// Required by most groovy scripts during execution because of the heavy use of reflection/
	// introspection. The groovy code could potentially be changed to eliminate this requirement
	// by adding privileged operations in many places.
	permission java.lang.RuntimePermission "accessDeclaredMembers";

	// SHOULD NOT HAVE TO DO THIS! - Level.getLocalizedName() should have a doPrivileged block.
	// Any test that logs, will encounter this (although it will be masked by the method
	permission java.lang.RuntimePermission "accessClassInPackage.sun.util.logging.resources";
	};

	grant codeBase "file:${user.dir}/src/test/groovy/security/forbiddenCodeBase.gvy" {
	//The following grant is commented out so that the test case will throw an AccessControlException
	permission groovy.security.GroovyCodeSourcePermission "groovy/security/forbiddenCodeBase";
	};

	// Grant permission to .groovy files extracted from a signed jar that has been signedBy "Groovy"
	grant signedBy "Groovy" {
	permission java.lang.RuntimePermission "accessDeclaredMembers";
	permission java.util.PropertyPermission "user.home", "read";
	};

	grant codeBase "file:${user.dir}/src/test/groovy/bugs/BadScriptNameBug.groovy" {
	permission java.util.PropertyPermission "java.class.path", "read";
	permission java.io.FilePermission "<<ALL FILES>>", "read";
	permission java.lang.RuntimePermission "createClassLoader";
	};

	grant codeBase "file:${user.dir}/src/test/groovy/ClosureListenerTest.groovy" {
	permission java.util.PropertyPermission "java.awt.headless", "read";
	// below seems like a new requirement in jdk 1.6/1.7
	permission java.util.PropertyPermission "os.version", "read";
	};

	grant codeBase "file:${user.dir}/src/test/groovy/ClosureMethodTest.groovy" {
	permission java.io.FilePermission "${user.dir}${/}src${/}test${/}-", "read";
	permission java.util.PropertyPermission "file.encoding", "read";
	};

	grant codeBase "file:${user.dir}/src/test/groovy/GroovyMethodsTest.groovy" {
	permission java.util.PropertyPermission "*", "read,write";
	//spg 2006-02-09 added ALL FILES execute because a test case
	//invokes Runtime.exec(). This is OK and permission should be granted here.
	permission java.io.FilePermission "<<ALL FILES>>", "execute";
	};

	grant codeBase "file:${user.dir}/src/test/groovy/ClosureWithDefaultParamTest.groovy" {
	permission java.io.FilePermission "src${/}test${/}-", "read";
	permission java.util.PropertyPermission "file.encoding", "read";
	};

	grant codeBase "file:${user.dir}/src/test/groovy/bugs/ConstructorBug.groovy" {
	permission java.lang.RuntimePermission "createClassLoader";
	permission java.io.FilePermission "src${/}test${/}groovy${/}bugs${/}TestBase.groovy", "read";
	permission java.io.FilePermission "src${/}test${/}groovy${/}bugs${/}TestDerived.groovy", "read";
	};

	grant codeBase "file:${user.dir}/src/test/groovy/bugs/ForAndSqlBug.groovy" {
	permission java.io.FilePermission "target${/}test-classes${/}*", "read, write";
	};

	grant codeBase "file:${user.dir}/src/test/groovy/bugs/ForLoopBug.groovy" {
	permission java.io.FilePermission "target${/}test-classes${/}*", "read, write";
	permission java.io.FilePermission "target${/}test-classes${/}*", "read, write";
	};

	grant codeBase "file:${user.dir}/src/test/groovy/bugs/Groovy303_Bug.groovy" {
	permission java.awt.AWTPermission "showWindowWithoutWarningBanner";
	// below seems like a new requirement in jdk 1.5
	permission java.util.PropertyPermission "os.version", "read";
	};

	grant codeBase "file:${user.dir}/src/test/groovy/script/ScriptTest.groovy" {
	permission java.io.FilePermission "src${/}test${/}groovy${/}-", "read";
	};

	grant codeBase "file:${user.dir}/src/test/groovy/script/EvalInScript.groovy" {
	permission java.io.FilePermission "src${/}test${/}groovy${/}script${/}HelloWorld.groovy", "read";
	};

	grant codeBase "file:${user.dir}/src/test/groovy/sql/PersonTest.groovy" {
	permission java.io.FilePermission "target${/}test-classes${/}groovy${/}sql${/}-", "read";
	};

	grant codeBase "file:${user.dir}/src/test/groovy/sql/SqlCompleteTest.groovy" {
	permission java.io.FilePermission "target${/}test-classes${/}groovy${/}sql${/}-", "read";
	};

	grant codeBase "file:${user.dir}/src/test/groovy/sql/SqlCompleteWithoutDataSourceTest.groovy" {
	//TODO: what should this be see other TODO about narrowing down main directories
	//permission java.io.FilePermission "${groovy.lib}${/}axion${/}jars${/}axion-1.0-M3-dev.jar", "read";
	};

	grant codeBase "file:${user.dir}/src/test/groovy/sql/SqlTest.groovy" {
	permission java.io.FilePermission "target${/}test-classes${/}groovy${/}sql${/}-", "read";
	};

	grant codeBase "file:${user.dir}/src/test/groovy/util/AntTest.groovy" {
	permission java.security.AllPermission;
	};

	grant codeBase "file:${user.dir}/src/test/org/codehaus/groovy/classgen/MetaClassTest.groovy" {
	permission java.io.FilePermission "target${/}test-classes${/}-", "read";
	};