1 //
2 // Permissions required by modules stored in a run-time image and loaded
3 // by the platform class loader.
4 //
5 // NOTE that this file is not intended to be modified. If additional
6 // permissions need to be granted to the modules in this file, it is
7 // recommended that they be configured in a separate policy file or
8 // ${java.home}/conf/security/java.policy.
9 //
10
11
12 grant codeBase "jrt:/java.compiler" {
13 permission java.security.AllPermission;
14 };
15
16
17 grant codeBase "jrt:/java.scripting" {
18 permission java.security.AllPermission;
19 };
20
21 grant codeBase "jrt:/java.security.jgss" {
22 permission java.security.AllPermission;
23 };
24
25 grant codeBase "jrt:/java.smartcardio" {
26 permission javax.smartcardio.CardPermission "*", "*";
27 permission java.lang.RuntimePermission "loadLibrary.j2pcsc";
28 permission java.lang.RuntimePermission
29 "accessClassInPackage.sun.security.jca";
30 permission java.lang.RuntimePermission
31 "accessClassInPackage.sun.security.util";
32 permission java.util.PropertyPermission
33 "javax.smartcardio.TerminalFactory.DefaultType", "read";
34 permission java.util.PropertyPermission "os.name", "read";
35 permission java.util.PropertyPermission "os.arch", "read";
36 permission java.util.PropertyPermission "sun.arch.data.model", "read";
37 permission java.util.PropertyPermission
38 "sun.security.smartcardio.library", "read";
39 permission java.util.PropertyPermission
40 "sun.security.smartcardio.t0GetResponse", "read";
41 permission java.util.PropertyPermission
42 "sun.security.smartcardio.t1GetResponse", "read";
43 permission java.util.PropertyPermission
44 "sun.security.smartcardio.t1StripLe", "read";
45 // needed for looking up native PC/SC library
46 permission java.io.FilePermission "<<ALL FILES>>","read";
47 permission java.security.SecurityPermission "putProviderProperty.SunPCSC";
48 permission java.security.SecurityPermission
49 "clearProviderProperties.SunPCSC";
50 permission java.security.SecurityPermission
51 "removeProviderProperty.SunPCSC";
52 };
53
54 grant codeBase "jrt:/java.sql" {
55 permission java.security.AllPermission;
56 };
57
58 grant codeBase "jrt:/java.sql.rowset" {
59 permission java.security.AllPermission;
60 };
61
62
63 grant codeBase "jrt:/java.xml.crypto" {
64 permission java.lang.RuntimePermission
65 "accessClassInPackage.sun.security.util";
66 permission java.util.PropertyPermission "*", "read";
67 permission java.security.SecurityPermission "putProviderProperty.XMLDSig";
68 permission java.security.SecurityPermission
69 "clearProviderProperties.XMLDSig";
70 permission java.security.SecurityPermission
71 "removeProviderProperty.XMLDSig";
72 permission java.security.SecurityPermission
73 "com.sun.org.apache.xml.internal.security.register";
74 permission java.security.SecurityPermission
75 "getProperty.jdk.xml.dsig.secureValidationPolicy";
76 permission java.lang.RuntimePermission
77 "accessClassInPackage.com.sun.org.apache.xml.internal.*";
78 permission java.lang.RuntimePermission
79 "accessClassInPackage.com.sun.org.apache.xpath.internal";
80 permission java.lang.RuntimePermission
81 "accessClassInPackage.com.sun.org.apache.xpath.internal.*";
82 };
83
84
85 grant codeBase "jrt:/jdk.accessibility" {
86 permission java.lang.RuntimePermission "accessClassInPackage.sun.awt";
87 };
88
89 grant codeBase "jrt:/jdk.charsets" {
90 permission java.util.PropertyPermission "os.name", "read";
91 permission java.util.PropertyPermission "sun.nio.cs.map", "read";
92 permission java.lang.RuntimePermission "charsetProvider";
93 permission java.lang.RuntimePermission
94 "accessClassInPackage.jdk.internal.misc";
95 permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.cs";
96 };
97
98 grant codeBase "jrt:/jdk.crypto.ec" {
99 permission java.lang.RuntimePermission
100 "accessClassInPackage.sun.security.*";
101 permission java.lang.RuntimePermission "loadLibrary.sunec";
102 permission java.security.SecurityPermission "putProviderProperty.SunEC";
103 permission java.security.SecurityPermission "clearProviderProperties.SunEC";
104 permission java.security.SecurityPermission "removeProviderProperty.SunEC";
105 };
106
107 grant codeBase "jrt:/jdk.crypto.cryptoki" {
108 permission java.lang.RuntimePermission
109 "accessClassInPackage.sun.security.*";
110 permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
111 permission java.lang.RuntimePermission "loadLibrary.j2pkcs11";
112 permission java.util.PropertyPermission "sun.security.pkcs11.allowSingleThreadedModules", "read";
113 permission java.util.PropertyPermission "os.name", "read";
114 permission java.util.PropertyPermission "os.arch", "read";
115 permission java.util.PropertyPermission "jdk.crypto.KeyAgreement.legacyKDF", "read";
116 permission java.security.SecurityPermission "putProviderProperty.*";
117 permission java.security.SecurityPermission "clearProviderProperties.*";
118 permission java.security.SecurityPermission "removeProviderProperty.*";
119 permission java.security.SecurityPermission
120 "getProperty.auth.login.defaultCallbackHandler";
121 permission java.security.SecurityPermission "authProvider.*";
122 // Needed for reading PKCS11 config file and NSS library check
123 permission java.io.FilePermission "<<ALL FILES>>", "read";
124 };
125
126 grant codeBase "jrt:/jdk.desktop" {
127 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.awt";
128 };
129
130 grant codeBase "jrt:/jdk.dynalink" {
131 permission java.security.AllPermission;
132 };
133
134 grant codeBase "jrt:/jdk.httpserver" {
135 permission java.security.AllPermission;
136 };
137
138 grant codeBase "jrt:/jdk.internal.le" {
139 permission java.security.AllPermission;
140 };
141
142 grant codeBase "jrt:/jdk.internal.vm.compiler" {
143 permission java.security.AllPermission;
144 };
145
146 grant codeBase "jrt:/jdk.internal.vm.compiler.management" {
147 permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.hotspot";
148 permission java.lang.RuntimePermission "accessClassInPackage.jdk.vm.ci.runtime";
149 permission java.lang.RuntimePermission "accessClassInPackage.sun.management.spi";
150 permission java.lang.RuntimePermission "sun.management.spi.PlatformMBeanProvider.subclass";
151 };
152
153 grant codeBase "jrt:/jdk.jsobject" {
154 permission java.security.AllPermission;
155 };
156
157 grant codeBase "jrt:/jdk.localedata" {
158 permission java.lang.RuntimePermission "accessClassInPackage.sun.text.*";
159 permission java.lang.RuntimePermission "accessClassInPackage.sun.util.*";
160 };
161
162 grant codeBase "jrt:/jdk.naming.dns" {
163 permission java.security.AllPermission;
164 };
165
166 grant codeBase "jrt:/jdk.scripting.nashorn" {
167 permission java.security.AllPermission;
168 };
169
170 grant codeBase "jrt:/jdk.scripting.nashorn.shell" {
171 permission java.security.AllPermission;
172 };
173
174 grant codeBase "jrt:/jdk.security.auth" {
175 permission java.security.AllPermission;
176 };
177
178 grant codeBase "jrt:/jdk.security.jgss" {
179 permission java.security.AllPermission;
180 };
181
182 grant codeBase "jrt:/jdk.zipfs" {
183 permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
184 permission java.lang.RuntimePermission "fileSystemProvider";
185 permission java.util.PropertyPermission "os.name", "read";
186 };
187
188 // permissions needed by applications using java.desktop module
189 grant {
190 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.beans";
191 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.beans.*";
192 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.java.swing.plaf.*";
193 permission java.lang.RuntimePermission "accessClassInPackage.com.apple.*";
194 };