Class PolicyManager
To find a component:
- For plugins, we use the Module -> Plugin name (String) passed to the ctor
-
For the system component, we build a set (
SYSTEM_LAYER_MODULES) of references to modules that belong that component, i.e. the component containing what we consider system modules. These are the modules that:-
are in the boot module layer (
ModuleLayer.boot()); -
are defined in
ModuleFinder.ofSystem(); -
are not in the (
MODULES_EXCLUDED_FROM_SYSTEM_MODULES) (currently:java.desktop)
-
are in the boot module layer (
-
For the server component, we build a set (
SERVER_LAYER_MODULES) as the set of modules that are in the boot module layer but not in the system component.
When a check is performed (e.g. checkExitVM(Class), we get the module the caller class belongs to via
Class.getModule() and try (in order) to see if that class belongs to:
-
The system component - if a module is contained in
SYSTEM_LAYER_MODULES -
The server component - if a module is contained in
SERVER_LAYER_MODULES -
One of the plugins or modules - if the module is present in the
PluginsResolvermap - A known agent (APM)
- Something else
Once it has a component, this class maps it to a policy and check the action performed by the caller class against its entitlements,
either allowing it to proceed or raising a NotEntitledException if the caller class is not entitled to perform the action.
All these methods start in the same way: the components identified in the previous section are used to establish if and how to check:
If the caller class belongs to SYSTEM_LAYER_MODULES, no check is performed (the call is trivially allowed, see
isTriviallyAllowed(java.lang.Class<?>)).
Otherwise, we lazily compute and create a PolicyManager.ModuleEntitlements record (see
computeEntitlements(java.lang.Class<?>)). The record is cached so it can be used in following checks, stored in a
Module -> ModuleEntitlement map.
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic enumstatic final record -
Field Summary
Fields -
Constructor Summary
ConstructorsConstructorDescriptionPolicyManager(Policy serverPolicy, List<Entitlement> apmAgentEntitlements, Map<String, Policy> pluginPolicies, Function<Class<?>, PolicyManager.PolicyScope> scopeResolver, Map<String, Path> sourcePaths, Module entitlementsModule, PathLookup pathLookup, Set<Package> suppressFailureLogPackages) -
Method Summary
Modifier and TypeMethodDescriptionvoidcheckAllNetworkAccess(Class<?> callerClass) voidcheckChangeFilesHandling(Class<?> callerClass) Check for operations that can modify the way file operations are handledvoidcheckChangeJVMGlobalState(Class<?> callerClass) voidcheckChangeNetworkHandling(Class<?> callerClass) Check for operations that can modify the way network operations are handledvoidcheckCreateClassLoader(Class<?> callerClass) voidcheckCreateTempFile(Class<?> callerClass) voidcheckExitVM(Class<?> callerClass) voidcheckFileDescriptorRead(Class<?> callerClass) voidcheckFileDescriptorWrite(Class<?> callerClass) voidcheckFileRead(Class<?> callerClass, File file) voidcheckFileRead(Class<?> callerClass, Path path) voidcheckFileRead(Class<?> callerClass, Path path, boolean followLinks) voidcheckFileWithZipMode(Class<?> callerClass, File file, int zipMode) voidcheckFileWrite(Class<?> callerClass, File file) voidcheckFileWrite(Class<?> callerClass, Path path) voidcheckGetFileAttributeView(Class<?> callerClass) Invoked when we try to get an arbitraryFileAttributeViewclass.voidcheckInboundNetworkAccess(Class<?> callerClass) voidcheckLoadingNativeLibraries(Class<?> callerClass) Check for operations that can access sensitive network information, e.g.voidcheckLoggingFileHandler(Class<?> callerClass) voidcheckManageThreadsEntitlement(Class<?> callerClass) voidcheckOutboundNetworkAccess(Class<?> callerClass) voidcheckReadStoreAttributes(Class<?> callerClass) voidcheckSetHttpsConnectionProperties(Class<?> callerClass) voidcheckStartProcess(Class<?> callerClass) voidcheckUnsupportedURLProtocolConnection(Class<?> callerClass, String protocol) voidcheckWriteProperty(Class<?> callerClass, String property) voidcheckWriteStoreAttributes(Class<?> callerClass) toString()
-
Field Details
-
ALL_UNNAMED
- See Also:
-
SERVER_LAYER_MODULES
-
-
Constructor Details
-
PolicyManager
-
-
Method Details
-
checkStartProcess
-
checkWriteStoreAttributes
-
checkReadStoreAttributes
-
checkExitVM
-
checkCreateClassLoader
-
checkSetHttpsConnectionProperties
-
checkChangeJVMGlobalState
-
checkLoggingFileHandler
-
checkChangeNetworkHandling
Check for operations that can modify the way network operations are handled -
checkChangeFilesHandling
Check for operations that can modify the way file operations are handled -
checkFileRead
-
checkFileRead
-
checkFileRead
public void checkFileRead(Class<?> callerClass, Path path, boolean followLinks) throws NoSuchFileException - Throws:
NoSuchFileException
-
checkFileWrite
-
checkFileWrite
-
checkCreateTempFile
-
checkFileWithZipMode
-
checkFileDescriptorRead
-
checkFileDescriptorWrite
-
checkGetFileAttributeView
Invoked when we try to get an arbitraryFileAttributeViewclass. Such a class can modify attributes, like owner etc.; we could think about introducing checks for each of the operations, but for now we over-approximate this and simply deny when it is used directly. -
checkLoadingNativeLibraries
Check for operations that can access sensitive network information, e.g. secrets, tokens or SSL sessions -
checkInboundNetworkAccess
-
checkOutboundNetworkAccess
-
checkAllNetworkAccess
-
checkUnsupportedURLProtocolConnection
-
checkWriteProperty
-
checkManageThreadsEntitlement
-
toString
-