Update necessary permissions

jkakavas · jkakavas · commit 1ae371e12db0 · 2018-09-21T18:51:55.000+03:00
diff --git a/plugins/ingest-attachment/src/main/java/org/elasticsearch/ingest/attachment/TikaImpl.java b/plugins/ingest-attachment/src/main/java/org/elasticsearch/ingest/attachment/TikaImpl.java
@@ -94,9 +94,20 @@ final class TikaImpl {
     private static final AutoDetectParser PARSER_INSTANCE = new AutoDetectParser(PARSERS);
 
     /** singleton tika instance */
-    private static final Tika TIKA_INSTANCE = new Tika(PARSER_INSTANCE.getDetector(), PARSER_INSTANCE);
+    private static final Tika TIKA_INSTANCE = getTikaInstance();
+
+    private static Tika getTikaInstance() {
+        SpecialPermission.check();
+        try {
+            return AccessController.doPrivileged((PrivilegedExceptionAction<Tika>)
+                () -> new Tika(PARSER_INSTANCE.getDetector(), PARSER_INSTANCE));
+        } catch (PrivilegedActionException e) {
+            throw new RuntimeException(e.getCause());
+        }
+    }
 
     /**
+     *
      * parses with tika, throwing any exception hit while parsing the document
      */
     static String parse(final byte content[], final Metadata metadata, final int limit) throws TikaException, IOException {
@@ -122,7 +133,7 @@ static String parse(final byte content[], final Metadata metadata, final int lim
     // apply additional containment for parsers, this is intersected with the current permissions
     // its hairy, but worth it so we don't have some XML flaw reading random crap from the FS
     private static final AccessControlContext RESTRICTED_CONTEXT = new AccessControlContext(
-        new ProtectionDomain[] {
+        new ProtectionDomain[]{
             new ProtectionDomain(null, getRestrictedPermissions())
         }
     );
diff --git a/plugins/ingest-attachment/src/main/plugin-metadata/plugin-security.policy b/plugins/ingest-attachment/src/main/plugin-metadata/plugin-security.policy
@@ -33,4 +33,6 @@ grant {
   permission java.lang.RuntimePermission "accessDeclaredMembers";
   // PDFBox checks for the existence of this class
   permission java.lang.RuntimePermission "accessClassInPackage.sun.java2d.cmm.kcms";
+  // TODO: Remove once https://issues.apache.org/jira/browse/TIKA-2731 is resolved
+  permission java.util.PropertyPermission "*", "read,write";
 };
