gradle/testing/randomization/policies/replicator-tests.policy - lucene-solr - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 // Policy file for :lucene:replicator tests. Please keep minimal and avoid wildcards.
 // this differs from the standard lucene policy in that it must allow read-write access
 // to all system properties, because of jetty calls to System.getProperties()

 grant {
   // jetty-specific:
   permission java.lang.RuntimePermission "getenv.JETTY_AVAILABLE_PROCESSORS";
   permission java.lang.RuntimePermission "getenv.JETTY_WORKER_INSTANCE";
   // servlet stuff
   permission java.lang.RuntimePermission "setContextClassLoader";
   // allow TestNRTReplication fork its jvm
   permission java.io.FilePermission "${java.home}${/}-", "read,execute";
   // read/write access to all system properties (required by jetty in these tests)
   permission java.util.PropertyPermission "*", "read,write";
   // all possibilities of accepting/binding/connecting on localhost with ports >= 1024:
   permission java.net.SocketPermission "localhost:1024-", "accept,connect,resolve";
   permission java.net.SocketPermission "127.0.0.1:1024-", "accept,connect,resolve";
   permission java.net.SocketPermission "[::1]:1024-", "accept,connect,resolve";

   // test-files/ resources
   permission java.io.FilePermission "${common.dir}${/}-", "read";

   // write only to sandbox
   permission java.io.FilePermission "${tests.linedocsfile}", "read";
   permission java.io.FilePermission "${java.io.tmpdir}", "read,write";
   permission java.io.FilePermission "${java.io.tmpdir}${/}-", "read,write,delete";

   // needed by randomizedtesting runner to identify test methods.
   permission java.lang.RuntimePermission "accessDeclaredMembers";
   // needed by certain tests to redirect sysout/syserr:
   permission java.lang.RuntimePermission "setIO";
   // needed by randomized runner to catch failures from other threads:
   permission java.lang.RuntimePermission "setDefaultUncaughtExceptionHandler";
   // needed by randomized runner getTopThreadGroup:
   permission java.lang.RuntimePermission "modifyThreadGroup";
   // needed by tests e.g. shutting down executors:
   permission java.lang.RuntimePermission "modifyThread";
   // needed for tons of test hacks etc
   permission java.lang.RuntimePermission "getStackTrace";
   // needed for mock filesystems in tests
   permission java.lang.RuntimePermission "fileSystemProvider";
   // needed to test unmap hack on platforms that support it
   permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
 };

 // Permissions to support ant build
 grant {
   permission java.io.FilePermission "${user.home}${/}.ivy2${/}cache${/}-", "read";
   permission java.io.FilePermission "${junit4.tempDir}${/}*", "read,write,delete";
   permission java.io.FilePermission "${clover.db.dir}${/}-", "read,write,delete";
   permission java.io.FilePermission "${junit4.childvm.cwd}${/}jacoco.db", "write";
   // needed by jacoco to dump coverage on shutdown
   permission java.lang.RuntimePermission "shutdownHooks";
 };

 // Grant all permissions to Gradle test runner classes.
 grant codeBase "file:${gradle.lib.dir}${/}-" {
   permission java.security.AllPermission;
 };

 grant codeBase "file:${gradle.worker.jar}" {
   permission java.security.AllPermission;
 };

 grant {
   // Allow reading gradle worker JAR.
   permission java.io.FilePermission "${gradle.worker.jar}", "read";
   // Allow reading from classpath JARs (resources).
   permission java.io.FilePermission "${gradle.user.home}${/}-", "read";
 };
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	// Policy file for :lucene:replicator tests. Please keep minimal and avoid wildcards.
	// this differs from the standard lucene policy in that it must allow read-write access
	// to all system properties, because of jetty calls to System.getProperties()

	grant {
	// jetty-specific:
	permission java.lang.RuntimePermission "getenv.JETTY_AVAILABLE_PROCESSORS";
	permission java.lang.RuntimePermission "getenv.JETTY_WORKER_INSTANCE";
	// servlet stuff
	permission java.lang.RuntimePermission "setContextClassLoader";
	// allow TestNRTReplication fork its jvm
	permission java.io.FilePermission "${java.home}${/}-", "read,execute";
	// read/write access to all system properties (required by jetty in these tests)
	permission java.util.PropertyPermission "*", "read,write";
	// all possibilities of accepting/binding/connecting on localhost with ports >= 1024:
	permission java.net.SocketPermission "localhost:1024-", "accept,connect,resolve";
	permission java.net.SocketPermission "127.0.0.1:1024-", "accept,connect,resolve";
	permission java.net.SocketPermission "[::1]:1024-", "accept,connect,resolve";

	// test-files/ resources
	permission java.io.FilePermission "${common.dir}${/}-", "read";

	// write only to sandbox
	permission java.io.FilePermission "${tests.linedocsfile}", "read";
	permission java.io.FilePermission "${java.io.tmpdir}", "read,write";
	permission java.io.FilePermission "${java.io.tmpdir}${/}-", "read,write,delete";

	// needed by randomizedtesting runner to identify test methods.
	permission java.lang.RuntimePermission "accessDeclaredMembers";
	// needed by certain tests to redirect sysout/syserr:
	permission java.lang.RuntimePermission "setIO";
	// needed by randomized runner to catch failures from other threads:
	permission java.lang.RuntimePermission "setDefaultUncaughtExceptionHandler";
	// needed by randomized runner getTopThreadGroup:
	permission java.lang.RuntimePermission "modifyThreadGroup";
	// needed by tests e.g. shutting down executors:
	permission java.lang.RuntimePermission "modifyThread";
	// needed for tons of test hacks etc
	permission java.lang.RuntimePermission "getStackTrace";
	// needed for mock filesystems in tests
	permission java.lang.RuntimePermission "fileSystemProvider";
	// needed to test unmap hack on platforms that support it
	permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
	};

	// Permissions to support ant build
	grant {
	permission java.io.FilePermission "${user.home}${/}.ivy2${/}cache${/}-", "read";
	permission java.io.FilePermission "${junit4.tempDir}${/}*", "read,write,delete";
	permission java.io.FilePermission "${clover.db.dir}${/}-", "read,write,delete";
	permission java.io.FilePermission "${junit4.childvm.cwd}${/}jacoco.db", "write";
	// needed by jacoco to dump coverage on shutdown
	permission java.lang.RuntimePermission "shutdownHooks";
	};

	// Grant all permissions to Gradle test runner classes.
	grant codeBase "file:${gradle.lib.dir}${/}-" {
	permission java.security.AllPermission;
	};

	grant codeBase "file:${gradle.worker.jar}" {
	permission java.security.AllPermission;
	};

	grant {
	// Allow reading gradle worker JAR.
	permission java.io.FilePermission "${gradle.worker.jar}", "read";
	// Allow reading from classpath JARs (resources).
	permission java.io.FilePermission "${gradle.user.home}${/}-", "read";
	};