From c213e363756eba7e3f12040f65fbd75c1c86a8f7 Mon Sep 17 00:00:00 2001 From: Andriy Redko Date: Tue, 15 Jul 2025 20:26:46 -0400 Subject: [PATCH] Fix UNIX domain socket permission checks on Windows Signed-off-by: Andriy Redko --- .../opensearch/javaagent/FileInterceptor.java | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/libs/agent-sm/agent/src/main/java/org/opensearch/javaagent/FileInterceptor.java b/libs/agent-sm/agent/src/main/java/org/opensearch/javaagent/FileInterceptor.java index f52f1bc91f559..455be2a83f840 100644 --- a/libs/agent-sm/agent/src/main/java/org/opensearch/javaagent/FileInterceptor.java +++ b/libs/agent-sm/agent/src/main/java/org/opensearch/javaagent/FileInterceptor.java @@ -74,8 +74,23 @@ public static void intercept(@Advice.AllArguments Object[] args, @Advice.Origin final boolean isDelete = isMutating == false ? name.startsWith("delete") : false; // This is Windows implementation of UNIX Domain Sockets (close) - if (isDelete == true - && walker.getCallerClass().getName().equalsIgnoreCase("sun.nio.ch.PipeImpl$Initializer$LoopbackConnector") == true) { + boolean isUnixSocketCaller = false; + if (isDelete == true) { + final Collection> chain = walker.walk(StackCallerClassChainExtractor.INSTANCE); + + if (walker.getCallerClass().getName().equalsIgnoreCase("sun.nio.ch.PipeImpl$Initializer$LoopbackConnector") == true) { + isUnixSocketCaller = true; + } else { + for (final Class caller : chain) { + if (caller.getName().equalsIgnoreCase("sun.nio.ch.PipeImpl$Initializer$LoopbackConnector")) { + isUnixSocketCaller = true; + break; + } + } + } + } + + if (isDelete == true && isUnixSocketCaller == true) { final NetPermission permission = new NetPermission("accessUnixDomainSocket"); for (ProtectionDomain domain : callers) { if (!policy.implies(domain, permission)) {