[GRPC] Add accessUnixDomainSocket permission for transport-grpc (opensearch-project#20463)

* [GRPC] Add security policy for transport-grpc

Signed-off-by: Karen X <karenxyr@gmail.com>

* more granular

Signed-off-by: Karen X <karenxyr@gmail.com>

* Update modules/transport-grpc/src/main/plugin-metadata/plugin-security.policy

Co-authored-by: Andriy Redko <drreta@gmail.com>
Signed-off-by: Karen X <karenxyr@gmail.com>

* update changelog

Signed-off-by: Karen X <karenxyr@gmail.com>

---------

Signed-off-by: Karen X <karenxyr@gmail.com>
Co-authored-by: Andriy Redko <drreta@gmail.com>

Author: karenyrx

CHANGELOG.md

@@ -7,6 +7,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 ### Added
 - Add getWrappedScorer method to ProfileScorer for plugin access to wrapped scorers ([#20548](https://github.com/opensearch-project/OpenSearch/issues/20548))
 - Support expected cluster name with validation in CCS Sniff mode ([#20532](https://github.com/opensearch-project/OpenSearch/pull/20532))
+- Add security policy to allow `accessUnixDomainSocket` in `transport-grpc` module ([#20463](https://github.com/opensearch-project/OpenSearch/pull/20463))
 
 ### Changed
 

modules/transport-grpc/src/main/plugin-metadata/plugin-security.policy

@@ -15,4 +15,7 @@ grant codeBase "${codebase.grpc-netty-shaded}" {
 
    // Netty sets custom classloader for some of its internal threads
    permission java.lang.RuntimePermission "*", "setContextClassLoader";
+
+   // Netty on Windows uses WEPollSelectorImpl which needs to delete temporary socket files
+   permission java.net.NetPermission "accessUnixDomainSocket";
 };