1 // permissions required by each component 2 grant codeBase "file:${java.home}/lib/ext/zipfs.jar" { 3 permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete"; 4 permission java.lang.RuntimePermission "fileSystemProvider"; 5 permission java.util.PropertyPermission "*", "read"; 6 }; 7 8 grant codeBase "file:${java.home}/lib/ext/cldrdata.jar" { 9 permission java.lang.RuntimePermission "accessClassInPackage.sun.text.*"; 10 permission java.lang.RuntimePermission "accessClassInPackage.sun.util.*"; 11 permission java.util.PropertyPermission "*", "read"; 12 }; 13 14 grant codeBase "file:${java.home}/lib/ext/localedata.jar" { 15 permission java.lang.RuntimePermission "accessClassInPackage.sun.text.*"; 16 permission java.lang.RuntimePermission "accessClassInPackage.sun.util.*"; 17 permission java.util.PropertyPermission "*", "read"; 18 }; 19 20 grant codeBase "file:${java.home}/lib/ext/dnsns.jar" { 21 permission java.security.AllPermission; 22 }; 23 24 grant codeBase "file:${java.home}/lib/ext/nashorn.jar" { 25 permission java.security.AllPermission; 26 }; 27 28 grant codeBase "file:${java.home}/lib/ext/ucrypto.jar" { 29 permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; 30 permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch"; 31 permission java.lang.RuntimePermission "loadLibrary.j2ucrypto"; 32 // need "com.oracle.security.ucrypto.debug" for debugging 33 permission java.util.PropertyPermission "*", "read"; 34 permission java.security.SecurityPermission "putProviderProperty.OracleUcrypto"; 35 permission java.security.SecurityPermission "clearProviderProperties.OracleUcrypto"; 36 permission java.security.SecurityPermission "removeProviderProperty.OracleUcrypto"; 37 permission java.io.FilePermission "${java.home}/lib/security/ucrypto-solaris.cfg", "read"; 38 }; 39 40 grant codeBase "file:${java.home}/lib/ext/sunec.jar" { 41 permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; 42 permission java.lang.RuntimePermission "loadLibrary.sunec"; 43 permission java.util.PropertyPermission "*", "read"; 44 permission java.security.SecurityPermission "putProviderProperty.SunEC"; 45 permission java.security.SecurityPermission "clearProviderProperties.SunEC"; 46 permission java.security.SecurityPermission "removeProviderProperty.SunEC"; 47 }; 48 49 grant codeBase "file:${java.home}/lib/ext/sunjce_provider.jar" { 50 permission java.lang.RuntimePermission "accessClassInPackage.sun.misc"; 51 permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; 52 permission java.util.PropertyPermission "*", "read"; 53 permission java.security.SecurityPermission "putProviderProperty.SunJCE"; 54 permission java.security.SecurityPermission "clearProviderProperties.SunJCE"; 55 permission java.security.SecurityPermission "removeProviderProperty.SunJCE"; 56 }; 57 58 grant codeBase "file:${java.home}/lib/ext/sunpkcs11.jar" { 59 permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; 60 permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch"; 61 permission java.lang.RuntimePermission "loadLibrary.j2pkcs11"; 62 // needs "security.pkcs11.allowSingleThreadedModules" 63 permission java.util.PropertyPermission "*", "read"; 64 permission java.security.SecurityPermission "putProviderProperty.*"; 65 permission java.security.SecurityPermission "clearProviderProperties.*"; 66 permission java.security.SecurityPermission "removeProviderProperty.*"; 67 permission java.security.SecurityPermission "getProperty.auth.login.defaultCallbackHandler"; 68 permission java.security.SecurityPermission "authProvider.*"; 69 // Needed for reading PKCS11 config file and NSS library check 70 permission java.io.FilePermission "<<ALL FILES>>", "read"; 71 }; 72 73 // default permissions granted to all domains 74 75 grant { 76 // Allows any thread to stop itself using the java.lang.Thread.stop() 77 // method that takes no argument. 78 // Note that this permission is granted by default only to remain 79 // backwards compatible. 80 // It is strongly recommended that you either remove this permission 81 // from this policy file or further restrict it to code sources 82 // that you specify, because Thread.stop() is potentially unsafe. 83 // See the API specification of java.lang.Thread.stop() for more 84 // information. 85 permission java.lang.RuntimePermission "stopThread"; 86 87 // allows anyone to listen on dynamic ports 88 permission java.net.SocketPermission "localhost:0", "listen"; 89 90 // "standard" properies that can be read by anyone 91 92 permission java.util.PropertyPermission "java.version", "read"; 93 permission java.util.PropertyPermission "java.vendor", "read"; 94 permission java.util.PropertyPermission "java.vendor.url", "read"; 95 permission java.util.PropertyPermission "java.class.version", "read"; 96 permission java.util.PropertyPermission "os.name", "read"; 97 permission java.util.PropertyPermission "os.version", "read"; 98 permission java.util.PropertyPermission "os.arch", "read"; 99 permission java.util.PropertyPermission "file.separator", "read"; 100 permission java.util.PropertyPermission "path.separator", "read"; 101 permission java.util.PropertyPermission "line.separator", "read"; 102 103 permission java.util.PropertyPermission "java.specification.version", "read"; 104 permission java.util.PropertyPermission "java.specification.vendor", "read"; 105 permission java.util.PropertyPermission "java.specification.name", "read"; 106 107 permission java.util.PropertyPermission "java.vm.specification.version", "read"; 108 permission java.util.PropertyPermission "java.vm.specification.vendor", "read"; 109 permission java.util.PropertyPermission "java.vm.specification.name", "read"; 110 permission java.util.PropertyPermission "java.vm.version", "read"; 111 permission java.util.PropertyPermission "java.vm.vendor", "read"; 112 permission java.util.PropertyPermission "java.vm.name", "read"; 113 }; 114