1 // permissions required by each component 2 grant codeBase "jrt:/jdk.zipfs" { 3 permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete"; 4 permission java.lang.RuntimePermission "fileSystemProvider"; 5 permission java.util.PropertyPermission "*", "read"; 6 }; 7 8 grant codeBase "jrt:/jdk.localedata" { 9 permission java.lang.RuntimePermission "accessClassInPackage.sun.text.*"; 10 permission java.lang.RuntimePermission "accessClassInPackage.sun.util.*"; 11 permission java.util.PropertyPermission "*", "read"; 12 }; 13 14 grant codeBase "jrt:/jdk.naming.dns" { 15 permission java.security.AllPermission; 16 }; 17 18 grant codeBase "jrt:/jdk.scripting.nashorn" { 19 permission java.security.AllPermission; 20 }; 21 22 grant codeBase "jrt:/jdk.crypto.ucrypto" { 23 permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; 24 permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch"; 25 permission java.lang.RuntimePermission "loadLibrary.j2ucrypto"; 26 // need "com.oracle.security.ucrypto.debug" for debugging 27 permission java.util.PropertyPermission "*", "read"; 28 permission java.security.SecurityPermission "putProviderProperty.OracleUcrypto"; 29 permission java.security.SecurityPermission "clearProviderProperties.OracleUcrypto"; 30 permission java.security.SecurityPermission "removeProviderProperty.OracleUcrypto"; 31 permission java.io.FilePermission "${java.home}/conf/security/ucrypto-solaris.cfg", "read"; 32 }; 33 34 grant codeBase "jrt:/jdk.crypto.ec" { 35 permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; 36 permission java.lang.RuntimePermission "loadLibrary.sunec"; 37 permission java.util.PropertyPermission "*", "read"; 38 permission java.security.SecurityPermission "putProviderProperty.SunEC"; 39 permission java.security.SecurityPermission "clearProviderProperties.SunEC"; 40 permission java.security.SecurityPermission "removeProviderProperty.SunEC"; 41 }; 42 43 grant codeBase "jrt:/jdk.crypto.pkcs11" { 44 permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; 45 permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch"; 46 permission java.lang.RuntimePermission "loadLibrary.j2pkcs11"; 47 // needs "security.pkcs11.allowSingleThreadedModules" 48 permission java.util.PropertyPermission "*", "read"; 49 permission java.security.SecurityPermission "putProviderProperty.*"; 50 permission java.security.SecurityPermission "clearProviderProperties.*"; 51 permission java.security.SecurityPermission "removeProviderProperty.*"; 52 permission java.security.SecurityPermission "getProperty.auth.login.defaultCallbackHandler"; 53 permission java.security.SecurityPermission "authProvider.*"; 54 // Needed for reading PKCS11 config file and NSS library check 55 permission java.io.FilePermission "<<ALL FILES>>", "read"; 56 }; 57 58 // default permissions granted to all domains 59 60 grant { 61 // Allows any thread to stop itself using the java.lang.Thread.stop() 62 // method that takes no argument. 63 // Note that this permission is granted by default only to remain 64 // backwards compatible. 65 // It is strongly recommended that you either remove this permission 66 // from this policy file or further restrict it to code sources 67 // that you specify, because Thread.stop() is potentially unsafe. 68 // See the API specification of java.lang.Thread.stop() for more 69 // information. 70 permission java.lang.RuntimePermission "stopThread"; 71 72 // allows anyone to listen on dynamic ports 73 permission java.net.SocketPermission "localhost:0", "listen"; 74 75 // "standard" properies that can be read by anyone 76 77 permission java.util.PropertyPermission "java.version", "read"; 78 permission java.util.PropertyPermission "java.vendor", "read"; 79 permission java.util.PropertyPermission "java.vendor.url", "read"; 80 permission java.util.PropertyPermission "java.class.version", "read"; 81 permission java.util.PropertyPermission "os.name", "read"; 82 permission java.util.PropertyPermission "os.version", "read"; 83 permission java.util.PropertyPermission "os.arch", "read"; 84 permission java.util.PropertyPermission "file.separator", "read"; 85 permission java.util.PropertyPermission "path.separator", "read"; 86 permission java.util.PropertyPermission "line.separator", "read"; 87 88 permission java.util.PropertyPermission "java.specification.version", "read"; 89 permission java.util.PropertyPermission "java.specification.vendor", "read"; 90 permission java.util.PropertyPermission "java.specification.name", "read"; 91 92 permission java.util.PropertyPermission "java.vm.specification.version", "read"; 93 permission java.util.PropertyPermission "java.vm.specification.vendor", "read"; 94 permission java.util.PropertyPermission "java.vm.specification.name", "read"; 95 permission java.util.PropertyPermission "java.vm.version", "read"; 96 permission java.util.PropertyPermission "java.vm.vendor", "read"; 97 permission java.util.PropertyPermission "java.vm.name", "read"; 98 }; 99