Merge branch 'main' into policy_parser_java_agent

Signed-off-by: Gulshan <71965388+kumargu@users.noreply.github.com>

Author: kumargu

.github/CODEOWNERS

@@ -11,27 +11,27 @@
 #   3. Use the command palette to run the CODEOWNERS: Show owners of current file command, which will display all code owners for the current file.
 
 # Default ownership for all repo files
-* @anasalkouz @andrross @ashking94 @bugmakerrrrrr @Bukhtawar @CEHENKLE @cwperks @dblock @dbwiddis @gbbafna @jainankitk @kotwanikunal @linuxpi @mch2 @msfroh @nknize @owaiskazi19  @reta @Rishikesh1159 @sachinpkale @saratvemulapalli @shwetathareja @sohami @VachaShah
+* @anasalkouz @andrross @ashking94 @bugmakerrrrrr @Bukhtawar @CEHENKLE @cwperks @dbwiddis @gbbafna @jainankitk @kotwanikunal @linuxpi @mch2 @msfroh @nknize @owaiskazi19  @reta @Rishikesh1159 @sachinpkale @saratvemulapalli @shwetathareja @sohami @VachaShah
 
-/modules/lang-painless/ @anasalkouz @andrross @ashking94 @Bukhtawar @CEHENKLE @dblock @dbwiddis @gbbafna @jed326 @kotwanikunal @mch2 @msfroh @nknize @owaiskazi19 @reta @Rishikesh1159 @sachinpkale @saratvemulapalli @shwetathareja @sohami @VachaShah
-/modules/parent-join/ @anasalkouz @andrross @ashking94 @Bukhtawar @CEHENKLE @dblock @dbwiddis @gbbafna @jed326 @kotwanikunal @mch2 @msfroh @nknize @owaiskazi19 @reta @Rishikesh1159 @sachinpkale @saratvemulapalli @shwetathareja @sohami @VachaShah
+/modules/lang-painless/ @anasalkouz @andrross @ashking94 @Bukhtawar @CEHENKLE @dbwiddis @gbbafna @jed326 @kotwanikunal @mch2 @msfroh @nknize @owaiskazi19 @reta @Rishikesh1159 @sachinpkale @saratvemulapalli @shwetathareja @sohami @VachaShah
+/modules/parent-join/ @anasalkouz @andrross @ashking94 @Bukhtawar @CEHENKLE @dbwiddis @gbbafna @jed326 @kotwanikunal @mch2 @msfroh @nknize @owaiskazi19 @reta @Rishikesh1159 @sachinpkale @saratvemulapalli @shwetathareja @sohami @VachaShah
 /modules/transport-netty4/ @peternied
 
 /plugins/identity-shiro/ @peternied @cwperks
 
-/server/src/internalClusterTest/java/org/opensearch/index/ @anasalkouz @andrross @ashking94 @Bukhtawar @CEHENKLE @cwperks @dblock @dbwiddis @gbbafna @jed326 @kotwanikunal @mch2 @msfroh @nknize @owaiskazi19 @reta @Rishikesh1159 @sachinpkale @saratvemulapalli @shwetathareja @sohami @VachaShah
-/server/src/internalClusterTest/java/org/opensearch/search/ @anasalkouz @andrross @ashking94 @Bukhtawar @CEHENKLE @cwperks @dblock @dbwiddis @gbbafna @jed326 @kotwanikunal @mch2 @msfroh @nknize @owaiskazi19 @reta @Rishikesh1159 @sachinpkale @saratvemulapalli @shwetathareja @sohami @VachaShah
+/server/src/internalClusterTest/java/org/opensearch/index/ @anasalkouz @andrross @ashking94 @Bukhtawar @CEHENKLE @cwperks @dbwiddis @gbbafna @jed326 @kotwanikunal @mch2 @msfroh @nknize @owaiskazi19 @reta @Rishikesh1159 @sachinpkale @saratvemulapalli @shwetathareja @sohami @VachaShah
+/server/src/internalClusterTest/java/org/opensearch/search/ @anasalkouz @andrross @ashking94 @Bukhtawar @CEHENKLE @cwperks @dbwiddis @gbbafna @jed326 @kotwanikunal @mch2 @msfroh @nknize @owaiskazi19 @reta @Rishikesh1159 @sachinpkale @saratvemulapalli @shwetathareja @sohami @VachaShah
 
 /server/src/main/java/org/opensearch/extensions/ @peternied
 /server/src/main/java/org/opensearch/identity/ @peternied @cwperks 
-/server/src/main/java/org/opensearch/index/ @anasalkouz @andrross @ashking94 @Bukhtawar @CEHENKLE @cwperks @dblock @dbwiddis @gbbafna @jed326 @kotwanikunal @mch2 @msfroh @nknize @owaiskazi19 @reta @Rishikesh1159 @sachinpkale @saratvemulapalli @shwetathareja @sohami @VachaShah
-/server/src/main/java/org/opensearch/search/ @anasalkouz @andrross @ashking94 @Bukhtawar @CEHENKLE @cwperks @dblock @dbwiddis @gbbafna @jed326 @kotwanikunal @mch2 @msfroh @nknize @owaiskazi19 @reta @Rishikesh1159 @sachinpkale @saratvemulapalli @shwetathareja @sohami @VachaShah
+/server/src/main/java/org/opensearch/index/ @anasalkouz @andrross @ashking94 @Bukhtawar @CEHENKLE @cwperks @dbwiddis @gbbafna @jed326 @kotwanikunal @mch2 @msfroh @nknize @owaiskazi19 @reta @Rishikesh1159 @sachinpkale @saratvemulapalli @shwetathareja @sohami @VachaShah
+/server/src/main/java/org/opensearch/search/ @anasalkouz @andrross @ashking94 @Bukhtawar @CEHENKLE @cwperks @dbwiddis @gbbafna @jed326 @kotwanikunal @mch2 @msfroh @nknize @owaiskazi19 @reta @Rishikesh1159 @sachinpkale @saratvemulapalli @shwetathareja @sohami @VachaShah
 /server/src/main/java/org/opensearch/threadpool/ @jed326 @peternied
 /server/src/main/java/org/opensearch/transport/ @peternied
 
-/server/src/test/java/org/opensearch/index/ @anasalkouz @andrross @ashking94 @Bukhtawar @CEHENKLE @cwperks @dblock @dbwiddis @gbbafna @jed326 @kotwanikunal @mch2 @msfroh @nknize @owaiskazi19 @reta @Rishikesh1159 @sachinpkale @saratvemulapalli @shwetathareja @sohami @VachaShah
-/server/src/test/java/org/opensearch/search/ @anasalkouz @andrross @ashking94 @Bukhtawar @CEHENKLE @cwperks @dblock @dbwiddis @gbbafna @jed326 @kotwanikunal @mch2 @msfroh @nknize @owaiskazi19 @reta @Rishikesh1159 @sachinpkale @saratvemulapalli @shwetathareja @sohami @VachaShah
+/server/src/test/java/org/opensearch/index/ @anasalkouz @andrross @ashking94 @Bukhtawar @CEHENKLE @cwperks @dbwiddis @gbbafna @jed326 @kotwanikunal @mch2 @msfroh @nknize @owaiskazi19 @reta @Rishikesh1159 @sachinpkale @saratvemulapalli @shwetathareja @sohami @VachaShah
+/server/src/test/java/org/opensearch/search/ @anasalkouz @andrross @ashking94 @Bukhtawar @CEHENKLE @cwperks @dbwiddis @gbbafna @jed326 @kotwanikunal @mch2 @msfroh @nknize @owaiskazi19 @reta @Rishikesh1159 @sachinpkale @saratvemulapalli @shwetathareja @sohami @VachaShah
 
 /.github/ @jed326 @peternied
 
-/MAINTAINERS.md @anasalkouz @andrross @ashking94 @Bukhtawar @CEHENKLE @cwperks @dblock @dbwiddis @gaobinlong @gbbafna @jed326 @kotwanikunal @mch2 @msfroh @nknize @owaiskazi19 @peternied @reta @Rishikesh1159 @sachinpkale @saratvemulapalli @shwetathareja @sohami @VachaShah
+/MAINTAINERS.md @anasalkouz @andrross @ashking94 @Bukhtawar @CEHENKLE @cwperks @dbwiddis @gaobinlong @gbbafna @jed326 @kotwanikunal @mch2 @msfroh @nknize @owaiskazi19 @peternied @reta @Rishikesh1159 @sachinpkale @saratvemulapalli @shwetathareja @sohami @VachaShah

CHANGELOG.md

@@ -18,11 +18,12 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 - [Security Manager Replacement] Create initial Java Agent to intercept Socket::connect calls ([#17724](https://github.com/opensearch-project/OpenSearch/pull/17724))
 - Add ingestion management APIs for pause, resume and get ingestion state ([#17631](https://github.com/opensearch-project/OpenSearch/pull/17631))
 - [Security Manager Replacement] Enhance Java Agent to intercept System::exit ([#17746](https://github.com/opensearch-project/OpenSearch/pull/17746))
-- [Security Manager Replacement] Add a policy parser for Java agent security policies ([#17753](https://github.com/opensearch-project/OpenSearch/pull/17753))
+- [Security Manager Replacement] Implement File Interceptor and add integration tests ([#17760](https://github.com/opensearch-project/OpenSearch/pull/17760))
 - [Security Manager Replacement] Enhance Java Agent to intercept Runtime::halt ([#17757](https://github.com/opensearch-project/OpenSearch/pull/17757))
 - Support AutoExpand for SearchReplica ([#17741](https://github.com/opensearch-project/OpenSearch/pull/17741))
 - Implement fixed interval refresh task scheduling ([#17777](https://github.com/opensearch-project/OpenSearch/pull/17777))
 - Add GRPC DocumentService and Bulk endpoint ([#17727](https://github.com/opensearch-project/OpenSearch/pull/17727))
+- Added scale to zero (`search_only` mode) support for OpenSearch reader writer separation ([#17299](https://github.com/opensearch-project/OpenSearch/pull/17299)
 - [Security Manager Replacement] Add a policy parser for Java agent security policies ([#17753](https://github.com/opensearch-project/OpenSearch/pull/17753))
 
 ### Changed

MAINTAINERS.md

@@ -4,46 +4,46 @@ This document contains a list of maintainers in this repo. See [opensearch-proje
 
 ## Current Maintainers
 
-| Maintainer               | GitHub ID                                               | Affiliation |
-| ------------------------ | ------------------------------------------------------- | ----------- |
-| Anas Alkouz              | [anasalkouz](https://github.com/anasalkouz)             | Amazon      |
-| Andrew Ross              | [andrross](https://github.com/andrross)                 | Amazon      |
-| Andriy Redko             | [reta](https://github.com/reta)                         | Independent |
-| Ankit Jain               | [jainankitk](https://github.com/jainankitk)             | Amazon      |
-| Ashish Singh             | [ashking94](https://github.com/ashking94)               | Amazon      |
-| Bukhtawar Khan           | [Bukhtawar](https://github.com/Bukhtawar)               | Amazon      |
-| Charlotte Henkle         | [CEHENKLE](https://github.com/CEHENKLE)                 | Amazon      |
-| Craig Perkins            | [cwperks](https://github.com/cwperks)                   | Amazon      |
-| Dan Widdis               | [dbwiddis](https://github.com/dbwiddis)                 | Amazon      |
-| Daniel "dB." Doubrovkine | [dblock](https://github.com/dblock)                     | Independent |
-| Binlong Gao              | [gaobinlong](https://github.com/gaobinlong)             | Amazon      |
-| Gaurav Bafna             | [gbbafna](https://github.com/gbbafna)                   | Amazon      |
-| Jay Deng                 | [jed326](https://github.com/jed326)                     | Amazon      |
-| Kunal Kotwani            | [kotwanikunal](https://github.com/kotwanikunal)         | Amazon      |
-| Varun Bansal             | [linuxpi](https://github.com/linuxpi)                   | Amazon      |
-| Marc Handalian           | [mch2](https://github.com/mch2)                         | Amazon      |
-| Michael Froh             | [msfroh](https://github.com/msfroh)                     | Amazon      |
-| Nick Knize               | [nknize](https://github.com/nknize)                     | Lucenia     |
-| Owais Kazi               | [owaiskazi19](https://github.com/owaiskazi19)           | Amazon      |
-| Pan Guixin               | [bugmakerrrrrr](https://github.com/bugmakerrrrrr)       | ByteDance   |
-| Peter Nied               | [peternied](https://github.com/peternied)               | Amazon      |
-| Rishikesh Pasham         | [Rishikesh1159](https://github.com/Rishikesh1159)       | Amazon      |
-| Sachin Kale              | [sachinpkale](https://github.com/sachinpkale)           | Amazon      |
-| Sarat Vemulapalli        | [saratvemulapalli](https://github.com/saratvemulapalli) | Amazon      |
-| Shweta Thareja           | [shwetathareja](https://github.com/shwetathareja)       | Amazon      |
-| Sorabh Hamirwasia        | [sohami](https://github.com/sohami)                     | Amazon      |
-| Vacha Shah               | [VachaShah](https://github.com/VachaShah)               | Amazon      |
+| Maintainer        | GitHub ID                                               | Affiliation |
+| ----------------- | ------------------------------------------------------- | ----------- |
+| Anas Alkouz       | [anasalkouz](https://github.com/anasalkouz)             | Amazon      |
+| Andrew Ross       | [andrross](https://github.com/andrross)                 | Amazon      |
+| Andriy Redko      | [reta](https://github.com/reta)                         | Independent |
+| Ankit Jain        | [jainankitk](https://github.com/jainankitk)             | Amazon      |
+| Ashish Singh      | [ashking94](https://github.com/ashking94)               | Amazon      |
+| Bukhtawar Khan    | [Bukhtawar](https://github.com/Bukhtawar)               | Amazon      |
+| Charlotte Henkle  | [CEHENKLE](https://github.com/CEHENKLE)                 | Amazon      |
+| Craig Perkins     | [cwperks](https://github.com/cwperks)                   | Amazon      |
+| Dan Widdis        | [dbwiddis](https://github.com/dbwiddis)                 | Amazon      |
+| Binlong Gao       | [gaobinlong](https://github.com/gaobinlong)             | Amazon      |
+| Gaurav Bafna      | [gbbafna](https://github.com/gbbafna)                   | Amazon      |
+| Jay Deng          | [jed326](https://github.com/jed326)                     | Amazon      |
+| Kunal Kotwani     | [kotwanikunal](https://github.com/kotwanikunal)         | Amazon      |
+| Varun Bansal      | [linuxpi](https://github.com/linuxpi)                   | Amazon      |
+| Marc Handalian    | [mch2](https://github.com/mch2)                         | Amazon      |
+| Michael Froh      | [msfroh](https://github.com/msfroh)                     | Amazon      |
+| Nick Knize        | [nknize](https://github.com/nknize)                     | Lucenia     |
+| Owais Kazi        | [owaiskazi19](https://github.com/owaiskazi19)           | Amazon      |
+| Pan Guixin        | [bugmakerrrrrr](https://github.com/bugmakerrrrrr)       | ByteDance   |
+| Peter Nied        | [peternied](https://github.com/peternied)               | Amazon      |
+| Rishikesh Pasham  | [Rishikesh1159](https://github.com/Rishikesh1159)       | Amazon      |
+| Sachin Kale       | [sachinpkale](https://github.com/sachinpkale)           | Amazon      |
+| Sarat Vemulapalli | [saratvemulapalli](https://github.com/saratvemulapalli) | Amazon      |
+| Shweta Thareja    | [shwetathareja](https://github.com/shwetathareja)       | Amazon      |
+| Sorabh Hamirwasia | [sohami](https://github.com/sohami)                     | Amazon      |
+| Vacha Shah        | [VachaShah](https://github.com/VachaShah)               | Amazon      |
 
 ## Emeritus
 
-| Maintainer            | GitHub ID                                   | Affiliation |
-| --------------------- | ------------------------------------------- | ----------- |
-| Megha Sai Kavikondala | [meghasaik](https://github.com/meghasaik)   | Amazon      |
-| Xue Zhou              | [xuezhou25](https://github.com/xuezhou25)   | Amazon      |
-| Kartik Ganesh         | [kartg](https://github.com/kartg)           | Amazon      |
-| Abbas Hussain         | [abbashus](https://github.com/abbashus)     | Meta        |
-| Himanshu Setia        | [setiah](https://github.com/setiah)         | Amazon      |
-| Ryan Bogan            | [ryanbogan](https://github.com/ryanbogan)   | Amazon      |
-| Rabi Panda            | [adnapibar](https://github.com/adnapibar)   | Independent |
-| Tianli Feng           | [tlfeng](https://github.com/tlfeng)         | Amazon      |
-| Suraj Singh           | [dreamer-89](https://github.com/dreamer-89) | Amazon      |
+| Maintainer               | GitHub ID                                   | Affiliation |
+| ------------------------ | ------------------------------------------- | ----------- |
+| Megha Sai Kavikondala    | [meghasaik](https://github.com/meghasaik)   | Amazon      |
+| Xue Zhou                 | [xuezhou25](https://github.com/xuezhou25)   | Amazon      |
+| Kartik Ganesh            | [kartg](https://github.com/kartg)           | Amazon      |
+| Abbas Hussain            | [abbashus](https://github.com/abbashus)     | Meta        |
+| Himanshu Setia           | [setiah](https://github.com/setiah)         | Amazon      |
+| Ryan Bogan               | [ryanbogan](https://github.com/ryanbogan)   | Amazon      |
+| Rabi Panda               | [adnapibar](https://github.com/adnapibar)   | Independent |
+| Tianli Feng              | [tlfeng](https://github.com/tlfeng)         | Amazon      |
+| Suraj Singh              | [dreamer-89](https://github.com/dreamer-89) | Amazon      |
+| Daniel "dB." Doubrovkine | [dblock](https://github.com/dblock)         | Independent |

libs/agent-sm/agent/build.gradle

@@ -43,6 +43,7 @@ tasks.named('forbiddenApisTest').configure { onlyIf { false } }
 
 tasks.named('forbiddenApisMain').configure {
   replaceSignatureFiles 'jdk-signatures'
+  onlyIf { false }
 }
 
 task prepareAgent(type: Copy) {

libs/agent-sm/agent/src/main/java/org/opensearch/javaagent/Agent.java

@@ -11,7 +11,9 @@
 import org.opensearch.javaagent.bootstrap.AgentPolicy;
 
 import java.lang.instrument.Instrumentation;
+import java.nio.channels.FileChannel;
 import java.nio.channels.SocketChannel;
+import java.nio.file.Files;
 import java.util.Map;
 
 import net.bytebuddy.ByteBuddy;
@@ -33,6 +35,22 @@ public class Agent {
      */
     private Agent() {}
 
+    /**
+     * List of methods that are intercepted
+     */
+    private static final String[] INTERCEPTED_METHODS = {
+        "write",
+        "createFile",
+        "createDirectories",
+        "createLink",
+        "copy",
+        "move",
+        "newByteChannel",
+        "delete",
+        "deleteIfExists",
+        "read",
+        "open" };
+
     /**
      * Premain
      * @param agentArguments agent arguments
@@ -55,12 +73,18 @@ public static void agentmain(String agentArguments, Instrumentation instrumentat
 
     private static AgentBuilder createAgentBuilder(Instrumentation inst) throws Exception {
         final Junction<TypeDescription> systemType = ElementMatchers.isSubTypeOf(SocketChannel.class);
+        final Junction<TypeDescription> pathType = ElementMatchers.isSubTypeOf(Files.class);
+        final Junction<TypeDescription> fileChannelType = ElementMatchers.isSubTypeOf(FileChannel.class);
 
-        final AgentBuilder.Transformer transformer = (b, typeDescription, classLoader, module, pd) -> b.visit(
+        final AgentBuilder.Transformer socketTransformer = (b, typeDescription, classLoader, module, pd) -> b.visit(
             Advice.to(SocketChannelInterceptor.class)
                 .on(ElementMatchers.named("connect").and(ElementMatchers.not(ElementMatchers.isAbstract())))
         );
 
+        final AgentBuilder.Transformer fileTransformer = (b, typeDescription, classLoader, module, pd) -> b.visit(
+            Advice.to(FileInterceptor.class).on(ElementMatchers.namedOneOf(INTERCEPTED_METHODS).or(ElementMatchers.isAbstract()))
+        );
+
         ClassInjector.UsingUnsafe.ofBootLoader()
             .inject(
                 Map.of(
@@ -79,7 +103,9 @@ private static AgentBuilder createAgentBuilder(Instrumentation inst) throws Exce
             .with(AgentBuilder.TypeStrategy.Default.REDEFINE)
             .ignore(ElementMatchers.none())
             .type(systemType)
-            .transform(transformer)
+            .transform(socketTransformer)
+            .type(pathType.or(fileChannelType))
+            .transform(fileTransformer)
             .type(ElementMatchers.is(java.lang.System.class))
             .transform(
                 (b, typeDescription, classLoader, module, pd) -> b.visit(