| /* |
| * Licensed to the Apache Software Foundation (ASF) under one or more |
| * contributor license agreements. See the NOTICE file distributed with |
| * this work for additional information regarding copyright ownership. |
| * The ASF licenses this file to You under the Apache License, Version 2.0 |
| * (the "License"); you may not use this file except in compliance with |
| * the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| // Policy file for :lucene:replicator tests. Please keep minimal and avoid wildcards. |
| // this differs from the standard lucene policy in that it must allow read-write access |
| // to all system properties, because of jetty calls to System.getProperties() |
| |
| grant { |
| // jetty-specific: |
| permission java.lang.RuntimePermission "getenv.JETTY_AVAILABLE_PROCESSORS"; |
| permission java.lang.RuntimePermission "getenv.JETTY_WORKER_INSTANCE"; |
| // servlet stuff |
| permission java.lang.RuntimePermission "setContextClassLoader"; |
| // allow TestNRTReplication fork its jvm |
| permission java.io.FilePermission "${java.home}${/}-", "read,execute"; |
| // read/write access to all system properties (required by jetty in these tests) |
| permission java.util.PropertyPermission "*", "read,write"; |
| // all possibilities of accepting/binding/connecting on localhost with ports >= 1024: |
| permission java.net.SocketPermission "localhost:1024-", "accept,connect,resolve"; |
| permission java.net.SocketPermission "127.0.0.1:1024-", "accept,connect,resolve"; |
| permission java.net.SocketPermission "[::1]:1024-", "accept,connect,resolve"; |
| |
| // test-files/ resources |
| permission java.io.FilePermission "${common.dir}${/}-", "read"; |
| |
| // write only to sandbox |
| permission java.io.FilePermission "${tests.linedocsfile}", "read"; |
| permission java.io.FilePermission "${java.io.tmpdir}", "read,write"; |
| permission java.io.FilePermission "${java.io.tmpdir}${/}-", "read,write,delete"; |
| |
| // needed by randomizedtesting runner to identify test methods. |
| permission java.lang.RuntimePermission "accessDeclaredMembers"; |
| // needed by certain tests to redirect sysout/syserr: |
| permission java.lang.RuntimePermission "setIO"; |
| // needed by randomized runner to catch failures from other threads: |
| permission java.lang.RuntimePermission "setDefaultUncaughtExceptionHandler"; |
| // needed by randomized runner getTopThreadGroup: |
| permission java.lang.RuntimePermission "modifyThreadGroup"; |
| // needed by tests e.g. shutting down executors: |
| permission java.lang.RuntimePermission "modifyThread"; |
| // needed for tons of test hacks etc |
| permission java.lang.RuntimePermission "getStackTrace"; |
| // needed for mock filesystems in tests |
| permission java.lang.RuntimePermission "fileSystemProvider"; |
| // needed to test unmap hack on platforms that support it |
| permission java.lang.RuntimePermission "accessClassInPackage.sun.misc"; |
| }; |
| |
| // Permissions to support ant build |
| grant { |
| permission java.io.FilePermission "${user.home}${/}.ivy2${/}cache${/}-", "read"; |
| permission java.io.FilePermission "${junit4.tempDir}${/}*", "read,write,delete"; |
| permission java.io.FilePermission "${clover.db.dir}${/}-", "read,write,delete"; |
| permission java.io.FilePermission "${junit4.childvm.cwd}${/}jacoco.db", "write"; |
| // needed by jacoco to dump coverage on shutdown |
| permission java.lang.RuntimePermission "shutdownHooks"; |
| }; |
| |
| // Grant all permissions to Gradle test runner classes. |
| grant codeBase "file:${gradle.lib.dir}${/}-" { |
| permission java.security.AllPermission; |
| }; |
| |
| grant codeBase "file:${gradle.worker.jar}" { |
| permission java.security.AllPermission; |
| }; |
| |
| grant { |
| // Allow reading gradle worker JAR. |
| permission java.io.FilePermission "${gradle.worker.jar}", "read"; |
| // Allow reading from classpath JARs (resources). |
| permission java.io.FilePermission "${gradle.user.home}${/}-", "read"; |
| }; |