Skip absolute/relative path validation if platform is "any" (null)

ldematte · ldematte · commit db4f96b0faea · 2025-02-24T12:51:40.000+01:00
diff --git a/libs/entitlement/src/main/java/org/elasticsearch/entitlement/runtime/policy/entitlements/FilesEntitlement.java b/libs/entitlement/src/main/java/org/elasticsearch/entitlement/runtime/policy/entitlements/FilesEntitlement.java
@@ -276,13 +276,13 @@ public static FilesEntitlement build(List<Object> paths) {
                 }
 
                 Path relativePath = Path.of(relativePathAsString);
-                if ((platform == null || platform.isCurrent()) && relativePath.isAbsolute()) {
+                if (platform != null && platform.isCurrent() && relativePath.isAbsolute()) {
                     throw new PolicyValidationException("'relative_path' [" + relativePathAsString + "] must be relative");
                 }
                 fileData = FileData.ofRelativePath(relativePath, baseDir, mode);
             } else if (pathAsString != null) {
                 Path path = Path.of(pathAsString);
-                if ((platform == null || platform.isCurrent()) && path.isAbsolute() == false) {
+                if (platform != null && platform.isCurrent() && path.isAbsolute() == false) {
                     throw new PolicyValidationException("'path' [" + pathAsString + "] must be absolute");
                 }
                 fileData = FileData.ofPath(path, mode);
diff --git a/modules/repository-azure/src/main/plugin-metadata/entitlement-policy.yaml b/modules/repository-azure/src/main/plugin-metadata/entitlement-policy.yaml
@@ -4,13 +4,10 @@ io.netty.common:
   - files:
     - path: "/etc/os-release"
       mode: "read"
-      platform: linux
     - path: "/usr/lib/os-release"
       mode: "read"
-      platform: linux
     - path: "/proc/sys/net/core/somaxconn"
       mode: read
-      platform: linux
 com.azure.identity:
   - files:
     - relative_path: "storage-azure/" #/config/storage-azure/azure-federated-token
diff --git a/modules/transport-netty4/src/main/plugin-metadata/entitlement-policy.yaml b/modules/transport-netty4/src/main/plugin-metadata/entitlement-policy.yaml
@@ -9,10 +9,7 @@ io.netty.common:
   - files:
     - path: "/etc/os-release"
       mode: "read"
-      platform: linux
     - path: "/usr/lib/os-release"
       mode: "read"
-      platform: linux
     - path: "/proc/sys/net/core/somaxconn"
       mode: read
-      platform: linux
diff --git a/x-pack/plugin/security/src/main/plugin-metadata/entitlement-policy.yaml b/x-pack/plugin/security/src/main/plugin-metadata/entitlement-policy.yaml
@@ -15,13 +15,10 @@ io.netty.common:
   - files:
     - path: "/etc/os-release"
       mode: "read"
-      platform: linux
     - path: "/usr/lib/os-release"
       mode: "read"
-      platform: linux
     - path: "/proc/sys/net/core/somaxconn"
       mode: read
-      platform: linux
 org.opensaml.xmlsec.impl:
   - write_system_properties:
       properties:

Original file line number	Diff line number	Diff line change
`@@ -276,13 +276,13 @@ public static FilesEntitlement build(List<Object> paths) {`
`276`	`276`	`}`
`277`	`277`
`278`	`278`	`Path relativePath = Path.of(relativePathAsString);`
`279`		`- if ((platform == null \|\| platform.isCurrent()) && relativePath.isAbsolute()) {`
	`279`	`+ if (platform != null && platform.isCurrent() && relativePath.isAbsolute()) {`
`280`	`280`	`throw new PolicyValidationException("'relative_path' [" + relativePathAsString + "] must be relative");`
`281`	`281`	`}`
`282`	`282`	`fileData = FileData.ofRelativePath(relativePath, baseDir, mode);`
`283`	`283`	`} else if (pathAsString != null) {`
`284`	`284`	`Path path = Path.of(pathAsString);`
`285`		`- if ((platform == null \|\| platform.isCurrent()) && path.isAbsolute() == false) {`
	`285`	`+ if (platform != null && platform.isCurrent() && path.isAbsolute() == false) {`
`286`	`286`	`throw new PolicyValidationException("'path' [" + pathAsString + "] must be absolute");`
`287`	`287`	`}`
`288`	`288`	`fileData = FileData.ofPath(path, mode);`