This file is indexed.

/etc/solr/tomcat.policy is in solr-tomcat 3.6.2+dfsg-5+deb8u2.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
grant codeBase "file:/usr/share/solr/-" {
  permission java.lang.RuntimePermission "modifyThread";
  permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.util.http";
  permission java.util.PropertyPermission "sun.arch.data.model", "read";
  permission java.util.PropertyPermission "java.io.tmpdir", "read";
  permission java.util.PropertyPermission "user.dir", "read";
  permission java.util.PropertyPermission "solr.*", "read";
  permission java.util.PropertyPermission "org.apache.lucene.lockDir", "read,write";
  permission java.util.PropertyPermission "org.apache.lucene.store.FSDirectoryLockFactoryClass", "read";
  permission java.io.FilePermission "/usr/share/java", "read";
  permission java.io.FilePermission "/usr/share/java/-", "read";
  permission java.io.FilePermission "/usr/share/maven-repo/-", "read";
  permission java.io.FilePermission "/var/log/tomcat7/-", "read,write";
  permission java.io.FilePermission "/var/lib/tomcat7/webapps/solr/-", "read";
  permission java.io.FilePermission "/var/lib/tomcat7/temp/-", "read,write";
  permission java.io.FilePermission "/etc/solr/-", "read";
  permission java.io.FilePermission "/usr/share/solr/-", "read";
  permission java.io.FilePermission "/usr/share/solr", "read";
  permission java.io.FilePermission "/var/lib/solr", "read,write,delete";
  permission java.io.FilePermission "/var/lib/solr/-", "read,write,delete";
  permission javax.management.MBeanServerPermission "findMBeanServer";
  permission javax.management.MBeanPermission "org.apache.solr.core.*", "*";
  permission javax.management.MBeanTrustPermission "register";

  // dataimporthandler
  permission java.io.FilePermission "/usr/share/solr/conf/dataimport.properties", "read,write,delete";
  // really ugly, but we would need to patch solr to get around this:
  permission java.io.FilePermission "/etc/solr/conf/dataimport.properties", "read,write,delete";
  // needed to access mysql via dataimporthandler
  permission java.net.SocketPermission "127.0.0.1:3306", "connect,resolve" ;

  /* needed by admin/get-properties.jsp 
  permission java.util.PropertyPermission "*", "read,write"; */

  /* for admin/threaddump.jsp
  permission java.lang.management.ManagementPermission "monitor"; */
};