Restrict apm agent entitlements to the apm package in an unnamed module (#120546)

This change closes a hole where we assumed any check against an unnamed-module from any 
classloader was for one of our apm agent. This was not the case and made it so scripts could in theory 
have the same entitlements as apm agent. Instead we now check to see if a class is part of the apm 
package in an unnamed module to ensure it's actually for the apm agent.

Relates to ES-10192

Author: jdconrad

docs/changelog/120546.yaml

@@ -0,0 +1,5 @@
+pr: 120546
+summary: Restrict agent entitlements to the system classloader unnamed module
+area: Infra/Plugins
+type: bug
+issues: []

libs/entitlement/src/main/java/org/elasticsearch/entitlement/initialization/EntitlementInitialization.java

@@ -46,6 +46,7 @@
  */
 public class EntitlementInitialization {
 
+    private static final String AGENTS_PACKAGE_NAME = "co.elastic.apm.agent";
     private static final Module ENTITLEMENTS_MODULE = PolicyManager.class.getModule();
 
     private static ElasticsearchEntitlementChecker manager;
@@ -107,7 +108,7 @@ private static PolicyManager createPolicyManager() {
         // this should be removed once https://github.com/elastic/elasticsearch/issues/109335 is completed
         List<Entitlement> agentEntitlements = List.of(new CreateClassLoaderEntitlement());
         var resolver = EntitlementBootstrap.bootstrapArgs().pluginResolver();
-        return new PolicyManager(serverPolicy, agentEntitlements, pluginPolicies, resolver, ENTITLEMENTS_MODULE);
+        return new PolicyManager(serverPolicy, agentEntitlements, pluginPolicies, resolver, AGENTS_PACKAGE_NAME, ENTITLEMENTS_MODULE);
     }
 
     private static ElasticsearchEntitlementChecker initChecker() {

libs/entitlement/src/main/java/org/elasticsearch/entitlement/runtime/policy/PolicyManager.java

@@ -84,6 +84,11 @@ private static Set<Module> findSystemModules() {
             .collect(Collectors.toUnmodifiableSet());
     }
 
+    /**
+     * The package name containing agent classes.
+     */
+    private final String agentsPackageName;
+
     /**
      * Frames originating from this module are ignored in the permission logic.
      */
@@ -94,6 +99,7 @@ public PolicyManager(
         List<Entitlement> agentEntitlements,
         Map<String, Policy> pluginPolicies,
         Function<Class<?>, String> pluginResolver,
+        String agentsPackageName,
         Module entitlementsModule
     ) {
         this.serverEntitlements = buildScopeEntitlementsMap(requireNonNull(serverPolicy));
@@ -102,6 +108,7 @@ public PolicyManager(
             .stream()
             .collect(toUnmodifiableMap(Map.Entry::getKey, e -> buildScopeEntitlementsMap(e.getValue())));
         this.pluginResolver = pluginResolver;
+        this.agentsPackageName = agentsPackageName;
         this.entitlementsModule = entitlementsModule;
     }
 
@@ -318,8 +325,8 @@ private ModuleEntitlements computeEntitlements(Class<?> requestingClass) {
             }
         }
 
-        if (requestingModule.isNamed() == false) {
-            // agents are the only thing running non-modular
+        if (requestingModule.isNamed() == false && requestingClass.getPackageName().startsWith(agentsPackageName)) {
+            // agents are the only thing running non-modular in the system classloader
             return ModuleEntitlements.from(agentEntitlements);
         }
 

libs/entitlement/src/test/java/org/elasticsearch/entitlement/runtime/policy/PolicyManagerTests.java

@@ -10,6 +10,8 @@
 package org.elasticsearch.entitlement.runtime.policy;
 
 import org.elasticsearch.entitlement.runtime.policy.PolicyManager.ModuleEntitlements;
+import org.elasticsearch.entitlement.runtime.policy.agent.TestAgent;
+import org.elasticsearch.entitlement.runtime.policy.agent.inner.TestInnerAgent;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.test.compiler.InMemoryJavaCompiler;
 import org.elasticsearch.test.jar.JarUtils;
@@ -18,6 +20,8 @@
 import java.io.IOException;
 import java.lang.module.Configuration;
 import java.lang.module.ModuleFinder;
+import java.net.URL;
+import java.net.URLClassLoader;
 import java.nio.file.Path;
 import java.util.Arrays;
 import java.util.List;
@@ -36,6 +40,12 @@
 
 @ESTestCase.WithoutSecurityManager
 public class PolicyManagerTests extends ESTestCase {
+
+    /**
+     * A test agent package name for use in tests.
+     */
+    private static final String TEST_AGENTS_PACKAGE_NAME = "org.elasticsearch.entitlement.runtime.policy.agent";
+
     /**
      * A module you can use for test cases that don't actually care about the
      * entitlement module.
@@ -59,6 +69,7 @@ public void testGetEntitlementsThrowsOnMissingPluginUnnamedModule() {
             List.of(),
             Map.of("plugin1", createPluginPolicy("plugin.module")),
             c -> "plugin1",
+            TEST_AGENTS_PACKAGE_NAME,
             NO_ENTITLEMENTS_MODULE
         );
 
@@ -72,7 +83,14 @@ public void testGetEntitlementsThrowsOnMissingPluginUnnamedModule() {
     }
 
     public void testGetEntitlementsThrowsOnMissingPolicyForPlugin() {
-        var policyManager = new PolicyManager(createEmptyTestServerPolicy(), List.of(), Map.of(), c -> "plugin1", NO_ENTITLEMENTS_MODULE);
+        var policyManager = new PolicyManager(
+            createEmptyTestServerPolicy(),
+            List.of(),
+            Map.of(),
+            c -> "plugin1",
+            TEST_AGENTS_PACKAGE_NAME,
+            NO_ENTITLEMENTS_MODULE
+        );
 
         // Any class from the current module (unnamed) will do
         var callerClass = this.getClass();
@@ -84,7 +102,14 @@ public void testGetEntitlementsThrowsOnMissingPolicyForPlugin() {
     }
 
     public void testGetEntitlementsFailureIsCached() {
-        var policyManager = new PolicyManager(createEmptyTestServerPolicy(), List.of(), Map.of(), c -> "plugin1", NO_ENTITLEMENTS_MODULE);
+        var policyManager = new PolicyManager(
+            createEmptyTestServerPolicy(),
+            List.of(),
+            Map.of(),
+            c -> "plugin1",
+            TEST_AGENTS_PACKAGE_NAME,
+            NO_ENTITLEMENTS_MODULE
+        );
 
         // Any class from the current module (unnamed) will do
         var callerClass = this.getClass();
@@ -106,6 +131,7 @@ public void testGetEntitlementsReturnsEntitlementsForPluginUnnamedModule() {
             List.of(),
             Map.ofEntries(entry("plugin2", createPluginPolicy(ALL_UNNAMED))),
             c -> "plugin2",
+            TEST_AGENTS_PACKAGE_NAME,
             NO_ENTITLEMENTS_MODULE
         );
 
@@ -117,7 +143,14 @@ public void testGetEntitlementsReturnsEntitlementsForPluginUnnamedModule() {
     }
 
     public void testGetEntitlementsThrowsOnMissingPolicyForServer() throws ClassNotFoundException {
-        var policyManager = new PolicyManager(createTestServerPolicy("example"), List.of(), Map.of(), c -> null, NO_ENTITLEMENTS_MODULE);
+        var policyManager = new PolicyManager(
+            createTestServerPolicy("example"),
+            List.of(),
+            Map.of(),
+            c -> null,
+            TEST_AGENTS_PACKAGE_NAME,
+            NO_ENTITLEMENTS_MODULE
+        );
 
         // Tests do not run modular, so we cannot use a server class.
         // But we know that in production code the server module and its classes are in the boot layer.
@@ -137,6 +170,7 @@ public void testGetEntitlementsReturnsEntitlementsForServerModule() throws Class
             List.of(),
             Map.of(),
             c -> null,
+            TEST_AGENTS_PACKAGE_NAME,
             NO_ENTITLEMENTS_MODULE
         );
 
@@ -161,6 +195,7 @@ public void testGetEntitlementsReturnsEntitlementsForPluginModule() throws IOExc
             List.of(),
             Map.of("mock-plugin", createPluginPolicy("org.example.plugin")),
             c -> "mock-plugin",
+            TEST_AGENTS_PACKAGE_NAME,
             NO_ENTITLEMENTS_MODULE
         );
 
@@ -181,6 +216,7 @@ public void testGetEntitlementsResultIsCached() {
             List.of(),
             Map.ofEntries(entry("plugin2", createPluginPolicy(ALL_UNNAMED))),
             c -> "plugin2",
+            TEST_AGENTS_PACKAGE_NAME,
             NO_ENTITLEMENTS_MODULE
         );
 
@@ -200,16 +236,17 @@ public void testGetEntitlementsResultIsCached() {
 
     public void testRequestingClassFastPath() throws IOException, ClassNotFoundException {
         var callerClass = makeClassInItsOwnModule();
-        assertEquals(callerClass, policyManagerWithEntitlementsModule(NO_ENTITLEMENTS_MODULE).requestingClass(callerClass));
+        assertEquals(callerClass, policyManager(TEST_AGENTS_PACKAGE_NAME, NO_ENTITLEMENTS_MODULE).requestingClass(callerClass));
     }
 
     public void testRequestingModuleWithStackWalk() throws IOException, ClassNotFoundException {
+        var agentsClass = new TestAgent();
         var entitlementsClass = makeClassInItsOwnModule();    // A class in the entitlements library itself
         var requestingClass = makeClassInItsOwnModule();      // This guy is always the right answer
         var instrumentedClass = makeClassInItsOwnModule();    // The class that called the check method
         var ignorableClass = makeClassInItsOwnModule();
 
-        var policyManager = policyManagerWithEntitlementsModule(entitlementsClass.getModule());
+        var policyManager = policyManager(TEST_AGENTS_PACKAGE_NAME, entitlementsClass.getModule());
 
         assertEquals(
             "Skip entitlement library and the instrumented method",
@@ -229,15 +266,47 @@ public void testRequestingModuleWithStackWalk() throws IOException, ClassNotFoun
         );
     }
 
+    public void testAgentsEntitlements() throws IOException, ClassNotFoundException {
+        Path home = createTempDir();
+        Path unnamedJar = createMockPluginJarForUnnamedModule(home);
+        var notAgentClass = makeClassInItsOwnModule();
+        var policyManager = new PolicyManager(
+            createEmptyTestServerPolicy(),
+            List.of(new CreateClassLoaderEntitlement()),
+            Map.of(),
+            c -> "test",
+            TEST_AGENTS_PACKAGE_NAME,
+            NO_ENTITLEMENTS_MODULE
+        );
+        ModuleEntitlements agentsEntitlements = policyManager.getEntitlements(TestAgent.class);
+        assertThat(agentsEntitlements.hasEntitlement(CreateClassLoaderEntitlement.class), is(true));
+        agentsEntitlements = policyManager.getEntitlements(TestInnerAgent.class);
+        assertThat(agentsEntitlements.hasEntitlement(CreateClassLoaderEntitlement.class), is(true));
+        ModuleEntitlements notAgentsEntitlements = policyManager.getEntitlements(notAgentClass);
+        assertThat(notAgentsEntitlements.hasEntitlement(CreateClassLoaderEntitlement.class), is(false));
+        try (URLClassLoader classLoader = new URLClassLoader(new URL[] { unnamedJar.toUri().toURL() }, getClass().getClassLoader())) {
+            var unnamedNotAgentClass = classLoader.loadClass("q.B");
+            notAgentsEntitlements = policyManager.getEntitlements(unnamedNotAgentClass);
+            assertThat(notAgentsEntitlements.hasEntitlement(CreateClassLoaderEntitlement.class), is(false));
+        }
+    }
+
     private static Class<?> makeClassInItsOwnModule() throws IOException, ClassNotFoundException {
         final Path home = createTempDir();
         Path jar = createMockPluginJar(home);
         var layer = createLayerForJar(jar, "org.example.plugin");
         return layer.findLoader("org.example.plugin").loadClass("q.B");
     }
 
-    private static PolicyManager policyManagerWithEntitlementsModule(Module entitlementsModule) {
-        return new PolicyManager(createEmptyTestServerPolicy(), List.of(), Map.of(), c -> "test", entitlementsModule);
+    private static Class<?> makeClassInItsOwnUnnamedModule() throws IOException, ClassNotFoundException {
+        final Path home = createTempDir();
+        Path jar = createMockPluginJar(home);
+        var layer = createLayerForJar(jar, "org.example.plugin");
+        return layer.findLoader("org.example.plugin").loadClass("q.B");
+    }
+
+    private static PolicyManager policyManager(String agentsPackageName, Module entitlementsModule) {
+        return new PolicyManager(createEmptyTestServerPolicy(), List.of(), Map.of(), c -> "test", agentsPackageName, entitlementsModule);
     }
 
     private static Policy createEmptyTestServerPolicy() {
@@ -262,6 +331,16 @@ private static Policy createPluginPolicy(String... pluginModules) {
         );
     }
 
+    private static Path createMockPluginJarForUnnamedModule(Path home) throws IOException {
+        Path jar = home.resolve("unnamed-mock-plugin.jar");
+
+        Map<String, CharSequence> sources = Map.ofEntries(entry("q.B", "package q; public class B { }"));
+
+        var classToBytes = InMemoryJavaCompiler.compile(sources);
+        JarUtils.createJarWithEntries(jar, Map.ofEntries(entry("q/B.class", classToBytes.get("q.B"))));
+        return jar;
+    }
+
     private static Path createMockPluginJar(Path home) throws IOException {
         Path jar = home.resolve("mock-plugin.jar");
 

libs/entitlement/src/test/java/org/elasticsearch/entitlement/runtime/policy/agent/TestAgent.java

@@ -0,0 +1,15 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the "Elastic License
+ * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
+ * Public License v 1"; you may not use this file except in compliance with, at
+ * your election, the "Elastic License 2.0", the "GNU Affero General Public
+ * License v3.0 only", or the "Server Side Public License, v 1".
+ */
+
+package org.elasticsearch.entitlement.runtime.policy.agent;
+
+/**
+ * Dummy class for testing agent entitlements.
+ */
+public class TestAgent {}

libs/entitlement/src/test/java/org/elasticsearch/entitlement/runtime/policy/agent/inner/TestInnerAgent.java

@@ -0,0 +1,15 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the "Elastic License
+ * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
+ * Public License v 1"; you may not use this file except in compliance with, at
+ * your election, the "Elastic License 2.0", the "GNU Affero General Public
+ * License v3.0 only", or the "Server Side Public License, v 1".
+ */
+
+package org.elasticsearch.entitlement.runtime.policy.agent.inner;
+
+/**
+ * Dummy class for testing agent entitlements.
+ */
+public class TestInnerAgent {}