1 //
2 // Permissions required by modules stored in a run-time image and loaded
3 // by the platform class loader.
4 //
5 // NOTE that this file is not intended to be modified. If additional
6 // permissions need to be granted to the modules in this file, it is
7 // recommended that they be configured in a separate policy file or
8 // ${java.home}/conf/security/java.policy.
9 //
10
11 grant codeBase "jrt:/java.activation" {
12 permission java.security.AllPermission;
13 };
14
15 grant codeBase "jrt:/java.compiler" {
16 permission java.security.AllPermission;
17 };
18
19 grant codeBase "jrt:/java.corba" {
20 permission java.security.AllPermission;
21 };
22
23 grant codeBase "jrt:/java.scripting" {
24 permission java.security.AllPermission;
25 };
26
27 grant codeBase "jrt:/java.security.jgss" {
28 permission java.security.AllPermission;
29 };
30
31 grant codeBase "jrt:/java.smartcardio" {
32 permission javax.smartcardio.CardPermission "*", "*";
33 permission java.lang.RuntimePermission "loadLibrary.j2pcsc";
34 permission java.lang.RuntimePermission
35 "accessClassInPackage.sun.security.jca";
36 permission java.lang.RuntimePermission
37 "accessClassInPackage.sun.security.util";
38 permission java.util.PropertyPermission
39 "javax.smartcardio.TerminalFactory.DefaultType", "read";
40 permission java.util.PropertyPermission "os.name", "read";
41 permission java.util.PropertyPermission "os.arch", "read";
42 permission java.util.PropertyPermission "sun.arch.data.model", "read";
43 permission java.util.PropertyPermission
44 "sun.security.smartcardio.library", "read";
45 permission java.util.PropertyPermission
46 "sun.security.smartcardio.t0GetResponse", "read";
47 permission java.util.PropertyPermission
48 "sun.security.smartcardio.t1GetResponse", "read";
49 permission java.util.PropertyPermission
50 "sun.security.smartcardio.t1StripLe", "read";
51 // needed for looking up native PC/SC library
52 permission java.io.FilePermission "<<ALL FILES>>","read";
53 permission java.security.SecurityPermission "putProviderProperty.SunPCSC";
54 permission java.security.SecurityPermission
55 "clearProviderProperties.SunPCSC";
56 permission java.security.SecurityPermission
57 "removeProviderProperty.SunPCSC";
58 };
59
60 grant codeBase "jrt:/java.sql" {
61 permission java.security.AllPermission;
62 };
63
64 grant codeBase "jrt:/java.sql.rowset" {
65 permission java.security.AllPermission;
66 };
67
68 grant codeBase "jrt:/java.xml.bind" {
69 permission java.security.AllPermission;
70 };
71
72 grant codeBase "jrt:/java.xml.crypto" {
73 permission java.lang.RuntimePermission
74 "accessClassInPackage.sun.security.util";
75 permission java.util.PropertyPermission "*", "read";
76 permission java.security.SecurityPermission "putProviderProperty.XMLDSig";
77 permission java.security.SecurityPermission
78 "clearProviderProperties.XMLDSig";
79 permission java.security.SecurityPermission
80 "removeProviderProperty.XMLDSig";
81 permission java.security.SecurityPermission
82 "com.sun.org.apache.xml.internal.security.register";
83 permission java.security.SecurityPermission
84 "getProperty.jdk.xml.dsig.secureValidationPolicy";
85 permission java.lang.RuntimePermission
86 "accessClassInPackage.com.sun.org.apache.xml.internal.*";
87 permission java.lang.RuntimePermission
88 "accessClassInPackage.com.sun.org.apache.xpath.internal";
89 permission java.lang.RuntimePermission
90 "accessClassInPackage.com.sun.org.apache.xpath.internal.*";
91 };
92
93 grant codeBase "jrt:/java.xml.ws" {
94 permission java.security.AllPermission;
95 };
96
97 grant codeBase "jrt:/jdk.accessibility" {
98 permission java.lang.RuntimePermission "accessClassInPackage.sun.awt";
99 };
100
101 grant codeBase "jrt:/jdk.charsets" {
102 permission java.util.PropertyPermission "os.name", "read";
103 permission java.util.PropertyPermission "sun.nio.cs.map", "read";
104 permission java.lang.RuntimePermission "charsetProvider";
105 permission java.lang.RuntimePermission
106 "accessClassInPackage.jdk.internal.misc";
107 permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.cs";
108 };
109
110 grant codeBase "jrt:/jdk.crypto.ec" {
111 permission java.lang.RuntimePermission
112 "accessClassInPackage.sun.security.*";
113 permission java.lang.RuntimePermission "loadLibrary.sunec";
114 permission java.security.SecurityPermission "putProviderProperty.SunEC";
115 permission java.security.SecurityPermission "clearProviderProperties.SunEC";
116 permission java.security.SecurityPermission "removeProviderProperty.SunEC";
117 };
118
119 grant codeBase "jrt:/jdk.crypto.cryptoki" {
120 permission java.lang.RuntimePermission
121 "accessClassInPackage.sun.security.*";
122 permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
123 permission java.lang.RuntimePermission "loadLibrary.j2pkcs11";
124 permission java.util.PropertyPermission "sun.security.pkcs11.allowSingleThreadedModules", "read";
125 permission java.util.PropertyPermission "os.name", "read";
126 permission java.util.PropertyPermission "os.arch", "read";
127 permission java.security.SecurityPermission "putProviderProperty.*";
128 permission java.security.SecurityPermission "clearProviderProperties.*";
129 permission java.security.SecurityPermission "removeProviderProperty.*";
130 permission java.security.SecurityPermission
131 "getProperty.auth.login.defaultCallbackHandler";
132 permission java.security.SecurityPermission "authProvider.*";
133 // Needed for reading PKCS11 config file and NSS library check
134 permission java.io.FilePermission "<<ALL FILES>>", "read";
135 };
136
137 grant codeBase "jrt:/jdk.desktop" {
138 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.awt";
139 };
140
141 grant codeBase "jrt:/jdk.dynalink" {
142 permission java.security.AllPermission;
143 };
144
145 grant codeBase "jrt:/jdk.httpserver" {
146 permission java.security.AllPermission;
147 };
148
149 grant codeBase "jrt:/jdk.internal.le" {
150 permission java.security.AllPermission;
151 };
152
153 grant codeBase "jrt:/jdk.internal.vm.compiler" {
154 permission java.security.AllPermission;
155 };
156
157 grant codeBase "jrt:/jdk.internal.vm.compiler.management" {
158 permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.hotspot";
159 permission java.lang.RuntimePermission "accessClassInPackage.jdk.vm.ci.runtime";
160 permission java.lang.RuntimePermission "accessClassInPackage.sun.management.spi";
161 permission java.lang.RuntimePermission "sun.management.spi.PlatformMBeanProvider.subclass";
162 };
163
164 grant codeBase "jrt:/jdk.jsobject" {
165 permission java.security.AllPermission;
166 };
167
168 grant codeBase "jrt:/jdk.localedata" {
169 permission java.lang.RuntimePermission "accessClassInPackage.sun.text.*";
170 permission java.lang.RuntimePermission "accessClassInPackage.sun.util.*";
171 };
172
173 grant codeBase "jrt:/jdk.naming.dns" {
174 permission java.security.AllPermission;
175 };
176
177 grant codeBase "jrt:/jdk.scripting.nashorn" {
178 permission java.security.AllPermission;
179 };
180
181 grant codeBase "jrt:/jdk.scripting.nashorn.shell" {
182 permission java.security.AllPermission;
183 };
184
185 grant codeBase "jrt:/jdk.security.auth" {
186 permission java.security.AllPermission;
187 };
188
189 grant codeBase "jrt:/jdk.security.jgss" {
190 permission java.security.AllPermission;
191 };
192
193 grant codeBase "jrt:/jdk.zipfs" {
194 permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
195 permission java.lang.RuntimePermission "fileSystemProvider";
196 permission java.util.PropertyPermission "os.name", "read";
197 };
198
199 // permissions needed by applications using java.desktop module
200 grant {
201 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.beans";
202 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.beans.*";
203 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.java.swing.plaf.*";
204 permission java.lang.RuntimePermission "accessClassInPackage.com.apple.*";
205 };