Etusivu Tutki Apua
Kirjaudu sisään
lqb
/
elasticsearch
peilaus alkaen https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Tiedostot Ongelmat 0 Wiki
Selaa lähdekoodia

Simplify test-only PrivilegedOperations (#90830)

Simplify test-only PrivilegedOperations, by replacing the esoteric leveraging of a fully privileged existing domain with a trivial permissive implementation.
Chris Hegarty 3 vuotta sitten
vanhempi
aa922754af
commit
36e55ffdba
1 muutettua tiedostoa jossa 25 lisäystä ja 5 poistoa
Jaettu näkymä Näytä diff tilastot
  1. 25 5
      test/framework/src/main/java/org/elasticsearch/test/PrivilegedOperations.java

+ 25 - 5
test/framework/src/main/java/org/elasticsearch/test/PrivilegedOperations.java
Näytä tiedosto 

@@ -15,11 +15,16 @@ import java.io.IOException;
 
 import java.net.URLClassLoader;
 
 import java.security.AccessControlContext;
 
 import java.security.AccessController;
 
+import java.security.CodeSigner;
 
+import java.security.CodeSource;
 
 import java.security.DomainCombiner;
 
+import java.security.Permission;
 
+import java.security.PermissionCollection;
 
 import java.security.PrivilegedAction;
 
 import java.security.PrivilegedActionException;
 
 import java.security.PrivilegedExceptionAction;
 
 import java.security.ProtectionDomain;
 
+import java.util.Enumeration;
 
 import java.util.function.Supplier;
 
 
 import javax.tools.JavaCompiler;
 
@@ -77,19 +82,34 @@ public final class PrivilegedOperations {
 
 
     @SuppressWarnings("removal")
 
     private static AccessControlContext getContext() {
 
-        ProtectionDomain[] pda = new ProtectionDomain[] { privilegedCall(org.elasticsearch.secure_sm.SecureSM.class::getProtectionDomain) };
 
+        ProtectionDomain[] pda = new ProtectionDomain[] {
 
+            new ProtectionDomain(new CodeSource(null, (CodeSigner[]) null), new PermissivePermissionCollection()) };
 
         DomainCombiner combiner = (ignoreCurrent, ignoreAssigned) -> pda;
 
         AccessControlContext acc = new AccessControlContext(AccessController.getContext(), combiner);
 
         // getContext must be called with the new acc so that a combined context will be created
 
         return AccessController.doPrivileged((PrivilegedAction<AccessControlContext>) AccessController::getContext, acc);
 
     }
 
 
-    // Use the all-powerful protection domain of secure_sm for wrapping calls
 
+    // An all-powerful context for wrapping calls
 
     @SuppressWarnings("removal")
 
     private static final AccessControlContext context = getContext();
 
 
-    @SuppressWarnings("removal")
 
-    private static <T> T privilegedCall(Supplier<T> supplier) {
 
-        return AccessController.doPrivileged((PrivilegedAction<T>) supplier::get, context);
 
+    // A permissive permission collection - implies all permissions.
 
+    private static final class PermissivePermissionCollection extends PermissionCollection {
 
+
 
+        private PermissivePermissionCollection() {}
 
+
 
+        @Override
 
+        public void add(Permission permission) {}
 
+
 
+        @Override
 
+        public boolean implies(Permission permission) {
 
+            return true;
 
+        }
 
+
 
+        @Override
 
+        public Enumeration<Permission> elements() {
 
+            return null;
 
+        }
 
     }
 
 }