simplify toRealPath

Author: mosche

libs/entitlement/src/main/java/org/elasticsearch/entitlement/runtime/api/ElasticsearchEntitlementChecker.java

@@ -14,7 +14,6 @@
 import org.elasticsearch.entitlement.runtime.policy.PolicyManager;
 
 import java.io.File;
-import java.io.IOException;
 import java.io.InputStream;
 import java.io.PrintStream;
 import java.io.PrintWriter;
@@ -1375,21 +1374,8 @@ public void checkType(Class<?> callerClass, FileStore that) {
 
     @Override
     public void checkPathToRealPath(Class<?> callerClass, Path that, LinkOption... options) {
-        if (EntitlementChecker.class.isAssignableFrom(callerClass)) {
-            return;
-        }
-
-        boolean followLinks = true;
-        for (LinkOption option : options) {
-            if (option == LinkOption.NOFOLLOW_LINKS) {
-                followLinks = false;
-            }
-        }
-        if (followLinks) {
-            try {
-                policyManager.checkFileRead(callerClass, that.toRealPath());
-            } catch (IOException e) {}
-        }
+        // We deliberately don't check read permissions on the returned read path if following links.
+        // While this allows for an "exists" check on the real target, any file operation still require adequate read permissions.
         policyManager.checkFileRead(callerClass, that);
     }