-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add ThreadContextPermission for markAsSystemContext and allow core to perform the method #15016
Add ThreadContextPermission for markAsSystemContext and allow core to perform the method #15016
Conversation
…rm the method Signed-off-by: Craig Perkins <cwperx@amazon.com>
@cwperks Something along these lines:
|
That's smart. Thanks @reta! |
Should I open up a manual backport with the change from here or wait for backport bot to create a backport and push a commit to the branch? |
I will add backport label (so the changelog check passes), but we could take it from there |
… perform the method (#15016) * Add RuntimePermission for markAsSystemContext and allow core to perform the method Signed-off-by: Craig Perkins <cwperx@amazon.com> * private Signed-off-by: Craig Perkins <cwperx@amazon.com> * Surround with doPrivileged Signed-off-by: Craig Perkins <cwperx@amazon.com> * Create ThreadContextAccess Signed-off-by: Craig Perkins <cwperx@amazon.com> * Create notion of ThreadContextPermission Signed-off-by: Craig Perkins <cwperx@amazon.com> * Add to CHANGELOG Signed-off-by: Craig Perkins <cwperx@amazon.com> * Add javadoc Signed-off-by: Craig Perkins <cwperx@amazon.com> * Add to test-framework.policy file Signed-off-by: Craig Perkins <cwperx@amazon.com> * Mark as internal Signed-off-by: Craig Perkins <cwperx@amazon.com> --------- Signed-off-by: Craig Perkins <cwperx@amazon.com> (cherry picked from commit 597747d) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
… perform the method (opensearch-project#15016) * Add RuntimePermission for markAsSystemContext and allow core to perform the method Signed-off-by: Craig Perkins <cwperx@amazon.com> * private Signed-off-by: Craig Perkins <cwperx@amazon.com> * Surround with doPrivileged Signed-off-by: Craig Perkins <cwperx@amazon.com> * Create ThreadContextAccess Signed-off-by: Craig Perkins <cwperx@amazon.com> * Create notion of ThreadContextPermission Signed-off-by: Craig Perkins <cwperx@amazon.com> * Add to CHANGELOG Signed-off-by: Craig Perkins <cwperx@amazon.com> * Add javadoc Signed-off-by: Craig Perkins <cwperx@amazon.com> * Add to test-framework.policy file Signed-off-by: Craig Perkins <cwperx@amazon.com> * Mark as internal Signed-off-by: Craig Perkins <cwperx@amazon.com> --------- Signed-off-by: Craig Perkins <cwperx@amazon.com>
…d allow core to perform the method (#15038) * Add ThreadContextPermission for markAsSystemContext and allow core to perform the method (#15016) * Add RuntimePermission for markAsSystemContext and allow core to perform the method Signed-off-by: Craig Perkins <cwperx@amazon.com> * private Signed-off-by: Craig Perkins <cwperx@amazon.com> * Surround with doPrivileged Signed-off-by: Craig Perkins <cwperx@amazon.com> * Create ThreadContextAccess Signed-off-by: Craig Perkins <cwperx@amazon.com> * Create notion of ThreadContextPermission Signed-off-by: Craig Perkins <cwperx@amazon.com> * Add to CHANGELOG Signed-off-by: Craig Perkins <cwperx@amazon.com> * Add javadoc Signed-off-by: Craig Perkins <cwperx@amazon.com> * Add to test-framework.policy file Signed-off-by: Craig Perkins <cwperx@amazon.com> * Mark as internal Signed-off-by: Craig Perkins <cwperx@amazon.com> --------- Signed-off-by: Craig Perkins <cwperx@amazon.com> * Add deprecationLogger Signed-off-by: Craig Perkins <cwperx@amazon.com> --------- Signed-off-by: Craig Perkins <cwperx@amazon.com>
… perform the method (opensearch-project#15016) * Add RuntimePermission for markAsSystemContext and allow core to perform the method Signed-off-by: Craig Perkins <cwperx@amazon.com> * private Signed-off-by: Craig Perkins <cwperx@amazon.com> * Surround with doPrivileged Signed-off-by: Craig Perkins <cwperx@amazon.com> * Create ThreadContextAccess Signed-off-by: Craig Perkins <cwperx@amazon.com> * Create notion of ThreadContextPermission Signed-off-by: Craig Perkins <cwperx@amazon.com> * Add to CHANGELOG Signed-off-by: Craig Perkins <cwperx@amazon.com> * Add javadoc Signed-off-by: Craig Perkins <cwperx@amazon.com> * Add to test-framework.policy file Signed-off-by: Craig Perkins <cwperx@amazon.com> * Mark as internal Signed-off-by: Craig Perkins <cwperx@amazon.com> --------- Signed-off-by: Craig Perkins <cwperx@amazon.com>
… perform the method (opensearch-project#15016) * Add RuntimePermission for markAsSystemContext and allow core to perform the method Signed-off-by: Craig Perkins <cwperx@amazon.com> * private Signed-off-by: Craig Perkins <cwperx@amazon.com> * Surround with doPrivileged Signed-off-by: Craig Perkins <cwperx@amazon.com> * Create ThreadContextAccess Signed-off-by: Craig Perkins <cwperx@amazon.com> * Create notion of ThreadContextPermission Signed-off-by: Craig Perkins <cwperx@amazon.com> * Add to CHANGELOG Signed-off-by: Craig Perkins <cwperx@amazon.com> * Add javadoc Signed-off-by: Craig Perkins <cwperx@amazon.com> * Add to test-framework.policy file Signed-off-by: Craig Perkins <cwperx@amazon.com> * Mark as internal Signed-off-by: Craig Perkins <cwperx@amazon.com> --------- Signed-off-by: Craig Perkins <cwperx@amazon.com>
Description
This PR replaces a previous PR and takes a different approach to protect methods in the ThreadContext class. Instead of changing the access modifier, this PR shows how permissions can be declared to protect methods within the ThreadContext class that should not be accessible outside of the core without explicit permission.
With this change, plugins would be able to utilize the method but permission needs to be granted through an entry in the
plugin-security.policy
file. The permissions would be:Related Issues
Resolves #14931
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.