(this is a breaking change) Remove policy expansion

Author: kumargu

libs/agent-sm/agent-policy/src/main/java/org/opensearch/secure_sm/policy/PolicyFile.java

@@ -54,7 +54,6 @@ public class PolicyFile extends java.security.Policy {
     // can be updated if refresh() is called
     private volatile PolicyInfo policyInfo;
 
-    private boolean expandProperties = true;
     private boolean allowSystemProperties = true;
     private boolean notUtf8 = false;
     private URL url;
@@ -198,7 +197,7 @@ private boolean init(URL policy, PolicyInfo newInfo) {
 
         try (InputStreamReader isr = getInputStreamReader(getInputStream(policy))) {
 
-            PolicyParser pp = new PolicyParser(expandProperties);
+            PolicyParser pp = new PolicyParser();
             pp.read(isr);
 
             Enumeration<PolicyParser.GrantEntry> enum_ = pp.grantElements();
@@ -275,9 +274,6 @@ private void addGrantEntry(PolicyParser.GrantEntry ge, PolicyInfo newInfo) {
                 PolicyParser.PermissionEntry pe = enum_.nextElement();
 
                 try {
-                    // perform ${{ ... }} expansions within permission name
-                    expandPermissionName(pe);
-
                     Permission perm = getInstance(pe.permission, pe.name, pe.action);
 
                     entry.add(perm);
@@ -617,40 +613,6 @@ private static String canonPath(String path) throws IOException {
         }
     }
 
-    private void expandPermissionName(PolicyParser.PermissionEntry pe) throws Exception {
-        // short cut the common case
-        if (pe.name == null || pe.name.indexOf("${{", 0) == -1) {
-            return;
-        }
-
-        int startIndex = 0;
-        int b, e;
-        StringBuilder sb = new StringBuilder();
-        while ((b = pe.name.indexOf("${{", startIndex)) != -1) {
-            e = pe.name.indexOf("}}", b);
-            if (e < 1) {
-                break;
-            }
-            sb.append(pe.name.substring(startIndex, b));
-
-            // get the value in ${{...}}
-            String value = pe.name.substring(b + 3, e);
-
-            // parse up to the first ':'
-            int colonIndex;
-            String prefix = value;
-            String suffix;
-            if ((colonIndex = value.indexOf(':')) != -1) {
-                prefix = value.substring(0, colonIndex);
-            }
-        }
-
-        // copy the rest of the value
-        sb.append(pe.name.substring(startIndex));
-
-        pe.name = sb.toString();
-    }
-
     /**
      * Each entry in the policy configuration file is represented by a
      * PolicyEntry object.

libs/agent-sm/agent-policy/src/main/java/org/opensearch/secure_sm/policy/PolicyParser.java

@@ -27,19 +27,6 @@ public class PolicyParser {
 
     private StreamTokenizer streamTokenizer;
     private int nextToken;
-    private boolean expandProp = false;
-
-    private String expand(String value) throws PropertyExpander.ExpandException {
-        return expand(value, false);
-    }
-
-    private String expand(String value, boolean encodeURL) throws PropertyExpander.ExpandException {
-        if (!expandProp) {
-            return value;
-        } else {
-            return PropertyExpander.expand(value, encodeURL);
-        }
-    }
 
     /**
      * Creates a PolicyParser object.
@@ -49,22 +36,17 @@ public PolicyParser() {
         grantEntries = new Vector<>();
     }
 
-    public PolicyParser(boolean expandProp) {
-        this();
-        this.expandProp = expandProp;
-    }
-
     /**
      * Reads a policy configuration into the Policy object using a
      * Reader object.
      *
      * @param policy the policy Reader object.
      *
      * @exception ParsingException if the policy configuration contains
-     *          a syntax error.
+     *                             a syntax error.
      *
-     * @exception IOException if an error occurs while reading the policy
-     *          configuration.
+     * @exception IOException      if an error occurs while reading the policy
+     *                             configuration.
      */
 
     public void read(Reader policy) throws ParsingException, IOException {
@@ -74,17 +56,17 @@ public void read(Reader policy) throws ParsingException, IOException {
 
         /*
          * Configure the stream tokenizer:
-         *      Recognize strings between "..."
-         *      Don't convert words to lowercase
-         *      Recognize both C-style and C++-style comments
-         *      Treat end-of-line as white space, not as a token
+         * Recognize strings between "..."
+         * Don't convert words to lowercase
+         * Recognize both C-style and C++-style comments
+         * Treat end-of-line as white space, not as a token
          */
         streamTokenizer = Tokenizer.configureTokenizer(policy);
 
         /*
-         * The main parsing loop.  The loop is executed once
-         * for each entry in the config file.      The entries
-         * are delimited by semicolons.   Once we've read in
+         * The main parsing loop. The loop is executed once
+         * for each entry in the config file. The entries
+         * are delimited by semicolons. Once we've read in
          * the information for an entry, go ahead and try to
          * add it to the policy vector.
          *
@@ -223,34 +205,25 @@ private GrantEntry parseGrantEntry() throws ParsingException, IOException {
 
         while (!peekTokenOnMatch("}")) {
             if (peekTokenOnMatch("Permission")) {
-                try {
-                    PermissionEntry pe = parsePermissionEntry();
-                    e.add(pe);
-                } catch (PropertyExpander.ExpandException peee) {
-                    skipEntry(); // BugId 4219343
-                }
+
+                PermissionEntry pe = parsePermissionEntry();
+                e.add(pe);
+
                 consumeTokenOnMatch(";");
             } else {
                 throw new ParsingException(streamTokenizer.lineno(), "Expected permission entry");
             }
         }
         consumeTokenOnMatch("}");
 
-        try {
-            if (e.codeBase != null) {
-                e.codeBase = expand(e.codeBase, true).replace(File.separatorChar, '/');
-            }
-        } catch (PropertyExpander.ExpandException peee) {
-            return null;
+        if (e.codeBase != null) {
+            e.codeBase = e.codeBase.replace(File.separatorChar, '/');
         }
 
         return (ignoreEntry) ? null : e;
     }
 
-    /**
-     * parse a Permission entry
-     */
-    private PermissionEntry parsePermissionEntry() throws ParsingException, IOException, PropertyExpander.ExpandException {
+    private PermissionEntry parsePermissionEntry() throws ParsingException, IOException {
         PermissionEntry e = new PermissionEntry();
 
         // Permission
@@ -259,7 +232,7 @@ private PermissionEntry parsePermissionEntry() throws ParsingException, IOExcept
 
         if (peekTokenOnMatch("\"")) {
             // Permission name
-            e.name = expand(consumeTokenOnMatch("quoted string"));
+            e.name = consumeTokenOnMatch("quoted string");
         }
 
         if (!peekTokenOnMatch(",")) {
@@ -268,7 +241,7 @@ private PermissionEntry parsePermissionEntry() throws ParsingException, IOExcept
         consumeTokenOnMatch(",");
 
         if (peekTokenOnMatch("\"")) {
-            e.action = expand(consumeTokenOnMatch("quoted string"));
+            e.action = consumeTokenOnMatch("quoted string");
             if (!peekTokenOnMatch(",")) {
                 return e;
             }
@@ -455,12 +428,14 @@ public boolean equals(Object obj) {
             }
 
             if (this.name == null) {
+
                 if (that.name != null) return false;
             } else {
                 if (!this.name.equals(that.name)) return false;
             }
 
             if (this.action == null) {
+
                 return that.action == null;
             } else {
                 return this.action.equals(that.action);