--- /dev/null 2017-10-28 22:49:55.551349757 -0700 +++ new/test/jdk/java/net/httpclient/security/filePerms/httpclient.policy 2017-11-30 04:06:11.610645313 -0800 @@ -0,0 +1,68 @@ +// +// Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. +// DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +// +// This code is free software; you can redistribute it and/or modify it +// under the terms of the GNU General Public License version 2 only, as +// published by the Free Software Foundation. +// +// This code is distributed in the hope that it will be useful, but WITHOUT +// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +// FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +// version 2 for more details (a copy is included in the LICENSE file that +// accompanied this code). +// +// You should have received a copy of the GNU General Public License version +// 2 along with this work; if not, write to the Free Software Foundation, +// Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +// +// Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA +// or visit www.oracle.com if you need additional information or have any +// questions. +// + +grant codeBase "jrt:/jdk.incubator.httpclient" { + permission java.lang.RuntimePermission "accessClassInPackage.sun.net"; + permission java.lang.RuntimePermission "accessClassInPackage.sun.net.util"; + permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www"; + permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.misc"; + + // ## why is SP not good enough. Check API @throws signatures and impl + permission java.net.SocketPermission "*","connect,resolve"; + permission java.net.URLPermission "http:*","*:*"; + permission java.net.URLPermission "https:*","*:*"; + permission java.net.URLPermission "ws:*","*:*"; + permission java.net.URLPermission "wss:*","*:*"; + permission java.net.URLPermission "socket:*","CONNECT"; // proxy + + // For request/response body processors, fromFile, asFile + permission java.io.FilePermission "<>","read,write,delete"; + + // ## look at the different property names! + permission java.util.PropertyPermission "jdk.httpclient.HttpClient.log","read"; // name! + permission java.util.PropertyPermission "jdk.httpclient.auth.retrylimit","read"; + permission java.util.PropertyPermission "jdk.httpclient.connectionWindowSize","read"; + permission java.util.PropertyPermission "jdk.httpclient.enablepush","read"; + permission java.util.PropertyPermission "jdk.httpclient.hpack.maxheadertablesize","read"; + permission java.util.PropertyPermission "jdk.httpclient.keepalive.timeout","read"; + permission java.util.PropertyPermission "jdk.httpclient.maxframesize","read"; + permission java.util.PropertyPermission "jdk.httpclient.maxstreams","read"; + permission java.util.PropertyPermission "jdk.httpclient.redirects.retrylimit","read"; + permission java.util.PropertyPermission "jdk.httpclient.windowsize","read"; + permission java.util.PropertyPermission "jdk.httpclient.bufsize","read"; + permission java.util.PropertyPermission "jdk.httpclient.internal.selector.timeout","read"; + permission java.util.PropertyPermission "jdk.internal.httpclient.debug","read"; + permission java.util.PropertyPermission "jdk.internal.httpclient.hpack.debug","read"; + permission java.util.PropertyPermission "jdk.internal.httpclient.hpack.log.level","read"; + permission java.util.PropertyPermission "test.src","read"; + + permission java.net.NetPermission "getProxySelector"; + + permission java.security.SecurityPermission "createAccessControlContext"; +}; + +// bootstrap to get the test going, it will do its own restrictions +grant codeBase "file:${test.classes}/*" { + permission java.security.AllPermission; +}; +