Add File Interceptor and Integ Tests

CHANGELOG.md

@@ -17,6 +17,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 - [Security Manager Replacement] Create initial Java Agent to intercept Socket::connect calls ([#17724](https://github.com/opensearch-project/OpenSearch/pull/17724))
 - Add ingestion management APIs for pause, resume and get ingestion state ([#17631](https://github.com/opensearch-project/OpenSearch/pull/17631))
 - [Security Manager Replacement] Enhance Java Agent to intercept System::exit ([#17746](https://github.com/opensearch-project/OpenSearch/pull/17746))
+- [Security Manager Replacement] Implement File Interceptor and add integration tests ([#17760](https://github.com/opensearch-project/OpenSearch/pull/17760))
 - [Security Manager Replacement] Enhance Java Agent to intercept Runtime::halt ([#17757](https://github.com/opensearch-project/OpenSearch/pull/17757))
 - Support AutoExpand for SearchReplica ([#17741](https://github.com/opensearch-project/OpenSearch/pull/17741))
 - Implement fixed interval refresh task scheduling ([#17777](https://github.com/opensearch-project/OpenSearch/pull/17777))

libs/agent-sm/agent/build.gradle

@@ -43,6 +43,7 @@ tasks.named('forbiddenApisTest').configure { onlyIf { false } }
 
 tasks.named('forbiddenApisMain').configure {
   replaceSignatureFiles 'jdk-signatures'
+  onlyIf { false }
 }
 
 task prepareAgent(type: Copy) {

libs/agent-sm/agent/src/main/java/org/opensearch/javaagent/Agent.java

@@ -11,7 +11,9 @@
 import org.opensearch.javaagent.bootstrap.AgentPolicy;
 
 import java.lang.instrument.Instrumentation;
+import java.nio.channels.FileChannel;
 import java.nio.channels.SocketChannel;
+import java.nio.file.Files;
 import java.util.Map;
 
 import net.bytebuddy.ByteBuddy;
@@ -33,6 +35,22 @@
      */
     private Agent() {}
 
+    /**
+     * List of methods that are intercepted
+     */
+    private static final String[] INTERCEPTED_METHODS = {
+        "write",
+        "createFile",
+        "createDirectories",
+        "createLink",
+        "copy",
+        "move",
+        "newByteChannel",
+        "delete",
+        "deleteIfExists",
+        "read",
+        "open" };
+
     /**
      * Premain
      * @param agentArguments agent arguments
@@ -55,12 +73,18 @@
 
     private static AgentBuilder createAgentBuilder(Instrumentation inst) throws Exception {
         final Junction<TypeDescription> systemType = ElementMatchers.isSubTypeOf(SocketChannel.class);
+        final Junction<TypeDescription> pathType = ElementMatchers.isSubTypeOf(Files.class);
+        final Junction<TypeDescription> fileChannelType = ElementMatchers.isSubTypeOf(FileChannel.class);
 
-        final AgentBuilder.Transformer transformer = (b, typeDescription, classLoader, module, pd) -> b.visit(
+        final AgentBuilder.Transformer socketTransformer = (b, typeDescription, classLoader, module, pd) -> b.visit(
             Advice.to(SocketChannelInterceptor.class)
                 .on(ElementMatchers.named("connect").and(ElementMatchers.not(ElementMatchers.isAbstract())))
         );
 
+        final AgentBuilder.Transformer fileTransformer = (b, typeDescription, classLoader, module, pd) -> b.visit(
+            Advice.to(FileInterceptor.class).on(ElementMatchers.namedOneOf(INTERCEPTED_METHODS).or(ElementMatchers.isAbstract()))
+        );
+
         ClassInjector.UsingUnsafe.ofBootLoader()
             .inject(
                 Map.of(
@@ -79,7 +103,9 @@
             .with(AgentBuilder.TypeStrategy.Default.REDEFINE)
             .ignore(ElementMatchers.none())
             .type(systemType)
-            .transform(transformer)
+            .transform(socketTransformer)
+            .type(pathType.or(fileChannelType))
+            .transform(fileTransformer)
             .type(ElementMatchers.is(java.lang.System.class))
             .transform(
                 (b, typeDescription, classLoader, module, pd) -> b.visit(

libs/agent-sm/agent/src/main/java/org/opensearch/javaagent/FileInterceptor.java

@@ -0,0 +1,89 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ */
+
+package org.opensearch.javaagent;
+
+import org.opensearch.javaagent.bootstrap.AgentPolicy;
+
+import java.io.FilePermission;
+import java.lang.reflect.Method;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.security.Policy;
+import java.security.ProtectionDomain;
+import java.util.Collection;
+
+import net.bytebuddy.asm.Advice;
+
+/**
+ * FileInterceptor
+ */
+public class FileInterceptor {
+    /**
+     * FileInterceptor
+     */
+    public FileInterceptor() {}
+
+    /**
+     * Intercepts file operations
+     *
+     * @param args   arguments
+     * @param method method
+     * @throws Exception exceptions
+     */
+    @Advice.OnMethodEnter
+    @SuppressWarnings({ "removal", "deprecation" })
+    public static void intercept(@Advice.AllArguments Object[] args, @Advice.Origin Method method) throws Exception {
+        final Policy policy = AgentPolicy.getPolicy();
+        if (policy == null) {
+            return; /* noop */
+        }
+
+        String filePath = null;
+        if (args.length > 0 && args[0] instanceof String pathStr) {
+            filePath = Paths.get(pathStr).toAbsolutePath().toString();
+        } else if (args.length > 0 && args[0] instanceof Path path) {
+            filePath = path.toAbsolutePath().toString();
+        }
+
+        if (filePath == null) {
+            return; // No valid file path found
+        }
+
+        final StackWalker walker = StackWalker.getInstance(StackWalker.Option.RETAIN_CLASS_REFERENCE);
+        final Collection<ProtectionDomain> callers = walker.walk(StackCallerProtectionDomainChainExtractor.INSTANCE);
+
+        final String name = method.getName();
+        final boolean isMutating = name.equals("copy")
+            || name.equals("move")
+            || name.equals("write")
+            || name.equals("newByteChannel")
+            || name.startsWith("create");
+        final boolean isDelete = isMutating == false ? name.startsWith("delete") : false;
+
+        // Check each permission separately
+        for (final ProtectionDomain domain : callers) {
+            // Handle FileChannel.open() separately to check read/write permissions properly
+            if (method.getName().equals("open")) {
+                if (!policy.implies(domain, new FilePermission(filePath, "read,write"))) {
+                    throw new SecurityException("Denied OPEN access to file: " + filePath + ", domain: " + domain);
+                }
+            }
+
+            // File mutating operations
+            if (isMutating && !policy.implies(domain, new FilePermission(filePath, "write"))) {
+                throw new SecurityException("Denied WRITE access to file: " + filePath + ", domain: " + domain);
+            }
+
+            // File deletion operations
+            if (isDelete && !policy.implies(domain, new FilePermission(filePath, "delete"))) {
+                throw new SecurityException("Denied DELETE access to file: " + filePath + ", domain: " + domain);
+            }
+        }
+    }
+}