diff --git a/modules/apm/src/main/plugin-metadata/plugin-security.policy b/modules/apm/src/main/plugin-metadata/plugin-security.policy index 763ae7f582d38..cd88fa8cebb63 100644 --- a/modules/apm/src/main/plugin-metadata/plugin-security.policy +++ b/modules/apm/src/main/plugin-metadata/plugin-security.policy @@ -19,7 +19,7 @@ grant { grant codeBase "${codebase.elastic-apm-agent}" { permission java.lang.RuntimePermission "accessDeclaredMembers"; permission java.lang.RuntimePermission "setContextClassLoader"; - permission java.lang.RuntimePermission "setFactory"; + //permission java.lang.RuntimePermission "setFactory"; permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; permission java.net.SocketPermission "*", "connect,resolve"; // profiling function in APM agent diff --git a/modules/repository-gcs/src/main/plugin-metadata/plugin-security.policy b/modules/repository-gcs/src/main/plugin-metadata/plugin-security.policy index 36149b5d4ecd5..c824ca748c14b 100644 --- a/modules/repository-gcs/src/main/plugin-metadata/plugin-security.policy +++ b/modules/repository-gcs/src/main/plugin-metadata/plugin-security.policy @@ -13,7 +13,7 @@ grant { // required by: com.google.api.client.json.GenericJson# permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; // required to add google certs to the gcs client trustore - permission java.lang.RuntimePermission "setFactory"; + // permission java.lang.RuntimePermission "setFactory"; // gcs client opens socket connections for to access repository permission java.net.SocketPermission "*", "connect"; diff --git a/plugins/discovery-gce/src/main/plugin-metadata/plugin-security.policy b/plugins/discovery-gce/src/main/plugin-metadata/plugin-security.policy index 467d6d4502869..74f3911bb7fbc 100644 --- a/plugins/discovery-gce/src/main/plugin-metadata/plugin-security.policy +++ b/plugins/discovery-gce/src/main/plugin-metadata/plugin-security.policy @@ -10,7 +10,7 @@ grant { // needed because of problems in gce permission java.lang.RuntimePermission "accessDeclaredMembers"; - permission java.lang.RuntimePermission "setFactory"; + //permission java.lang.RuntimePermission "setFactory"; permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; // gce client opens socket connections for discovery diff --git a/x-pack/plugin/core/src/main/plugin-metadata/plugin-security.policy b/x-pack/plugin/core/src/main/plugin-metadata/plugin-security.policy index 753667c37cd95..37be044947a36 100644 --- a/x-pack/plugin/core/src/main/plugin-metadata/plugin-security.policy +++ b/x-pack/plugin/core/src/main/plugin-metadata/plugin-security.policy @@ -1,6 +1,6 @@ grant { // CommandLineHttpClient - permission java.lang.RuntimePermission "setFactory"; + // permission java.lang.RuntimePermission "setFactory"; // bouncy castle permission java.security.SecurityPermission "putProviderProperty.BC"; diff --git a/x-pack/plugin/identity-provider/src/main/plugin-metadata/plugin-security.policy b/x-pack/plugin/identity-provider/src/main/plugin-metadata/plugin-security.policy index 0310ce4542dbb..5b6d56d0a4deb 100644 --- a/x-pack/plugin/identity-provider/src/main/plugin-metadata/plugin-security.policy +++ b/x-pack/plugin/identity-provider/src/main/plugin-metadata/plugin-security.policy @@ -1,5 +1,5 @@ grant { - permission java.lang.RuntimePermission "setFactory"; + //permission java.lang.RuntimePermission "setFactory"; // ApacheXMLSecurityInitializer permission java.util.PropertyPermission "org.apache.xml.security.ignoreLineBreaks", "read,write"; diff --git a/x-pack/plugin/inference/src/main/plugin-metadata/plugin-security.policy b/x-pack/plugin/inference/src/main/plugin-metadata/plugin-security.policy index 8ec8ff9ad4ddc..16eda6d0a28b0 100644 --- a/x-pack/plugin/inference/src/main/plugin-metadata/plugin-security.policy +++ b/x-pack/plugin/inference/src/main/plugin-metadata/plugin-security.policy @@ -16,7 +16,7 @@ grant { permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; // required to add google certs to the gcs client trustore - permission java.lang.RuntimePermission "setFactory"; + //permission java.lang.RuntimePermission "setFactory"; // gcs client opens socket connections for to access repository // also, AWS Bedrock client opens socket connections and needs resolve for to access to resources diff --git a/x-pack/plugin/monitoring/src/main/plugin-metadata/plugin-security.policy b/x-pack/plugin/monitoring/src/main/plugin-metadata/plugin-security.policy index ef079a5c16e46..d62ef764c7940 100644 --- a/x-pack/plugin/monitoring/src/main/plugin-metadata/plugin-security.policy +++ b/x-pack/plugin/monitoring/src/main/plugin-metadata/plugin-security.policy @@ -3,7 +3,7 @@ grant { permission java.util.PropertyPermission "*", "read,write"; // required to configure the custom mailcap for watcher - permission java.lang.RuntimePermission "setFactory"; + //permission java.lang.RuntimePermission "setFactory"; // needed when sending emails for javax.activation // otherwise a classnotfound exception is thrown due to trying diff --git a/x-pack/plugin/security/src/main/plugin-metadata/plugin-security.policy b/x-pack/plugin/security/src/main/plugin-metadata/plugin-security.policy index d814dfbb1c117..5d681a633d488 100644 --- a/x-pack/plugin/security/src/main/plugin-metadata/plugin-security.policy +++ b/x-pack/plugin/security/src/main/plugin-metadata/plugin-security.policy @@ -1,5 +1,5 @@ grant { - permission java.lang.RuntimePermission "setFactory"; + //permission java.lang.RuntimePermission "setFactory"; // secure the users file from other things (current and legacy locations) permission org.elasticsearch.SecuredConfigFileAccessPermission "users"; diff --git a/x-pack/plugin/sql/qa/jdbc/security/src/test/resources/plugin-security.policy b/x-pack/plugin/sql/qa/jdbc/security/src/test/resources/plugin-security.policy index 434fdee0a8d20..c5c7ef3b7772d 100644 --- a/x-pack/plugin/sql/qa/jdbc/security/src/test/resources/plugin-security.policy +++ b/x-pack/plugin/sql/qa/jdbc/security/src/test/resources/plugin-security.policy @@ -5,5 +5,5 @@ grant { //// Required by ssl subproject: // Required for the net client to setup ssl rather than use global ssl. - permission java.lang.RuntimePermission "setFactory"; + //permission java.lang.RuntimePermission "setFactory"; }; diff --git a/x-pack/plugin/sql/qa/server/security/src/test/resources/plugin-security.policy b/x-pack/plugin/sql/qa/server/security/src/test/resources/plugin-security.policy index 434fdee0a8d20..c5c7ef3b7772d 100644 --- a/x-pack/plugin/sql/qa/server/security/src/test/resources/plugin-security.policy +++ b/x-pack/plugin/sql/qa/server/security/src/test/resources/plugin-security.policy @@ -5,5 +5,5 @@ grant { //// Required by ssl subproject: // Required for the net client to setup ssl rather than use global ssl. - permission java.lang.RuntimePermission "setFactory"; + //permission java.lang.RuntimePermission "setFactory"; }; diff --git a/x-pack/plugin/watcher/src/main/plugin-metadata/plugin-security.policy b/x-pack/plugin/watcher/src/main/plugin-metadata/plugin-security.policy index d27ded771b86f..ca75b92726050 100644 --- a/x-pack/plugin/watcher/src/main/plugin-metadata/plugin-security.policy +++ b/x-pack/plugin/watcher/src/main/plugin-metadata/plugin-security.policy @@ -1,6 +1,6 @@ grant { // required to configure the custom mailcap for watcher - permission java.lang.RuntimePermission "setFactory"; + // permission java.lang.RuntimePermission "setFactory"; // needed when sending emails for javax.activation // otherwise a classnotfound exception is thrown due to trying