@Override public ModuleEnvironment loadEnvironment(Set<Module> modules, boolean asPrimary) { Set<Module> finalModules = Sets.newLinkedHashSet(modules); finalModules.addAll(registry.stream().filter(Module::isOnClasspath).collect(Collectors.toList())); ModuleEnvironment newEnvironment; boolean permissiveSecurityEnabled = Boolean.parseBoolean(System.getProperty(SystemConfig.PERMISSIVE_SECURITY_ENABLED_PROPERTY)); if (permissiveSecurityEnabled) { newEnvironment = new ModuleEnvironment(finalModules, wrappingPermissionProviderFactory, Collections.<BytecodeInjector>emptyList()); } else { newEnvironment = new ModuleEnvironment(finalModules, permissionProviderFactory, Collections.<BytecodeInjector>emptyList()); } if (asPrimary) { environment = newEnvironment; } return newEnvironment; }
private void setupSandbox() { ExternalApiWhitelist.CLASSES.stream().forEach(clazz -> permissionProviderFactory.getBasePermissionSet().addAPIClass(clazz)); ExternalApiWhitelist.PACKAGES.stream().forEach(packagee -> permissionProviderFactory.getBasePermissionSet().addAPIPackage(packagee)); APIScanner apiScanner = new APIScanner(permissionProviderFactory); registry.stream().filter(Module::isOnClasspath).forEach(apiScanner::scan); permissionProviderFactory.getBasePermissionSet().grantPermission("com.google.gson", ReflectPermission.class); permissionProviderFactory.getBasePermissionSet().grantPermission("com.google.gson.internal", ReflectPermission.class); Policy.setPolicy(new ModuleSecurityPolicy()); System.setSecurityManager(new ModuleSecurityManager()); }
engineDep.setMaxVersion(engineModule.getVersion().getNextPatchVersion()); registry.stream().filter(mod -> mod != engineModule).forEach(mod -> mod.getMetadata().getDependencies().add(engineDep));