Implement a java agent based file interceptor

Signed-off-by: Gulshan <[email protected]>

Author: kumargu

libs/agent-sm/agent/src/main/java/org/opensearch/javaagent/Agent.java

@@ -11,7 +11,9 @@
 import org.opensearch.javaagent.bootstrap.AgentPolicy;
 
 import java.lang.instrument.Instrumentation;
+import java.nio.channels.FileChannel;
 import java.nio.channels.SocketChannel;
+import java.nio.file.Files;
 import java.util.Map;
 
 import net.bytebuddy.ByteBuddy;
@@ -55,12 +57,32 @@ public static void agentmain(String agentArguments, Instrumentation instrumentat
 
     private static AgentBuilder createAgentBuilder(Instrumentation inst) throws Exception {
         final Junction<TypeDescription> systemType = ElementMatchers.isSubTypeOf(SocketChannel.class);
+        final Junction<TypeDescription> pathType = ElementMatchers.isSubTypeOf(Files.class);
+        final Junction<TypeDescription> fileChannelType = ElementMatchers.isSubTypeOf(FileChannel.class);
 
-        final AgentBuilder.Transformer transformer = (b, typeDescription, classLoader, module, pd) -> b.visit(
+        final AgentBuilder.Transformer socketTransformer = (b, typeDescription, classLoader, module, pd) -> b.visit(
             Advice.to(SocketChannelInterceptor.class)
                 .on(ElementMatchers.named("connect").and(ElementMatchers.not(ElementMatchers.isAbstract())))
         );
 
+        final AgentBuilder.Transformer fileTransformer = (b, typeDescription, classLoader, module, pd) -> b.visit(
+            Advice.to(FileInterceptor.class)
+                .on(
+                    ElementMatchers.named("delete")
+                        .or(ElementMatchers.named("deleteIfExists"))
+                        .or(ElementMatchers.named("createFile"))
+                        .or(ElementMatchers.named("createDirectories"))
+                        .or(ElementMatchers.named("createLink"))
+                        .or(ElementMatchers.named("move"))
+                        .or(ElementMatchers.named("copy"))
+                        .or(ElementMatchers.named("newByteChannel"))
+                        .or(ElementMatchers.named("open"))
+                        .or(ElementMatchers.named("write"))
+                        .or(ElementMatchers.named("read"))
+                        .or(ElementMatchers.isConstructor())
+                )
+        );
+
         ClassInjector.UsingUnsafe.ofBootLoader()
             .inject(
                 Map.of(
@@ -72,15 +94,15 @@ private static AgentBuilder createAgentBuilder(Instrumentation inst) throws Exce
             );
 
         final ByteBuddy byteBuddy = new ByteBuddy().with(Implementation.Context.Disabled.Factory.INSTANCE);
-        final AgentBuilder agentBuilder = new AgentBuilder.Default(byteBuddy).with(AgentBuilder.InitializationStrategy.NoOp.INSTANCE)
+        return new AgentBuilder.Default(byteBuddy).with(AgentBuilder.InitializationStrategy.NoOp.INSTANCE)
             .with(AgentBuilder.RedefinitionStrategy.REDEFINITION)
             .with(AgentBuilder.RedefinitionStrategy.Listener.StreamWriting.toSystemError())
             .with(AgentBuilder.TypeStrategy.Default.REDEFINE)
             .ignore(ElementMatchers.none())
             .type(systemType)
-            .transform(transformer);
-
-        return agentBuilder;
+            .transform(socketTransformer)
+            .type(pathType.or(fileChannelType))
+            .transform(fileTransformer);
     }
 
     private static void initAgent(Instrumentation instrumentation) throws Exception {

libs/agent-sm/agent/src/main/java/org/opensearch/javaagent/FileInterceptor.java

@@ -0,0 +1,91 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ */
+
+package org.opensearch.javaagent;
+
+import org.opensearch.javaagent.bootstrap.AgentPolicy;
+
+import java.io.FilePermission;
+import java.lang.reflect.Method;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.security.Policy;
+import java.security.ProtectionDomain;
+import java.util.List;
+
+import net.bytebuddy.asm.Advice;
+
+/**
+ * FileInterceptor
+ */
+public class FileInterceptor {
+    /**
+     * FileInterceptor
+     */
+    public FileInterceptor() {}
+
+    /**
+     * Intercepts file operations
+     *
+     * @param args   arguments
+     * @param method method
+     * @throws Exception exceptions
+     */
+    @Advice.OnMethodEnter
+    @SuppressWarnings("removal")
+    @SuppressForbidden(reason = "Using FilePermissions directly is ok")
+    public static void intercept(@Advice.AllArguments Object[] args, @Advice.Origin Method method) throws Exception {
+        final Policy policy = AgentPolicy.getPolicy();
+        if (policy == null) {
+            return; /* noop */
+        }
+
+        String filePath = null;
+        if (args.length > 0 && args[0] instanceof String pathStr) {
+            filePath = Paths.get(pathStr).toAbsolutePath().toString();
+        } else if (args.length > 0 && args[0] instanceof Path path) {
+            filePath = path.toAbsolutePath().toString();
+        }
+
+        if (filePath == null) {
+            return; // No valid file path found
+        }
+
+        final StackWalker walker = StackWalker.getInstance(StackWalker.Option.RETAIN_CLASS_REFERENCE);
+        final List<ProtectionDomain> callers = walker.walk(new StackCallerChainExtractor());
+
+        boolean isMutating = method.getName().startsWith("write")
+            || method.getName().equals("createFile")
+            || method.getName().equals("createDirectories")
+            || method.getName().equals("createLink")
+            || method.getName().equals("copy")
+            || method.getName().equals("move")
+            || method.getName().equals("newByteChannel");
+        boolean isDelete = method.getName().equals("delete") || method.getName().equals("deleteIfExists");
+
+        // Check each permission separately
+        for (final ProtectionDomain domain : callers) {
+            // Handle FileChannel.open() separately to check read/write permissions properly
+            if (method.getName().equals("open")) {
+                if (!policy.implies(domain, new FilePermission(filePath, "read, write"))) {
+                    throw new SecurityException("Denied OPEN access to file: " + filePath + ", domain: " + domain);
+                }
+            }
+
+            // File mutating operations
+            if (isMutating && !policy.implies(domain, new FilePermission(filePath, "write"))) {
+                throw new SecurityException("Denied WRITE access to file: " + filePath + ", domain: " + domain);
+            }
+
+            // File deletion operations
+            if (isDelete && !policy.implies(domain, new FilePermission(filePath, "delete"))) {
+                throw new SecurityException("Denied DELETE access to file: " + filePath + ", domain: " + domain);
+            }
+        }
+    }
+}

libs/agent-sm/agent/src/main/java/org/opensearch/javaagent/SuppressForbidden.java

@@ -0,0 +1,47 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ */
+
+/*
+ * Licensed to Elasticsearch under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+/*
+ * Modifications Copyright OpenSearch Contributors. See
+ * GitHub history for details.
+ */
+
+package org.opensearch.javaagent;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+/**
+ * Annotation to suppress forbidden-apis errors inside a whole class, a method, or a field.
+ */
+@Retention(RetentionPolicy.CLASS)
+@Target({ ElementType.CONSTRUCTOR, ElementType.FIELD, ElementType.METHOD, ElementType.TYPE })
+@interface SuppressForbidden {
+    String reason();
+}