1 // permissions required by each component
2
3 grant codeBase "jrt:/java.activation" {
4 permission java.security.AllPermission;
5 };
6
7 grant codeBase "jrt:/java.corba" {
8 permission java.security.AllPermission;
9 };
10
11 grant codeBase "jrt:/jdk.crypto.ucrypto" {
12 permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
13 permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
14 permission java.lang.RuntimePermission "loadLibrary.j2ucrypto";
15 // need "com.oracle.security.ucrypto.debug" for debugging
16 permission java.util.PropertyPermission "*", "read";
17 permission java.security.SecurityPermission "putProviderProperty.OracleUcrypto";
18 permission java.security.SecurityPermission "clearProviderProperties.OracleUcrypto";
19 permission java.security.SecurityPermission "removeProviderProperty.OracleUcrypto";
20 permission java.io.FilePermission "${java.home}/conf/security/ucrypto-solaris.cfg", "read";
21 };
22
23 grant codeBase "jrt:/jdk.crypto.ec" {
24 permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
25 permission java.lang.RuntimePermission "loadLibrary.sunec";
26 permission java.util.PropertyPermission "*", "read";
27 permission java.security.SecurityPermission "putProviderProperty.SunEC";
28 permission java.security.SecurityPermission "clearProviderProperties.SunEC";
29 permission java.security.SecurityPermission "removeProviderProperty.SunEC";
30 };
31
32 grant codeBase "jrt:/jdk.crypto.pkcs11" {
33 permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
34 permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
35 permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
36 permission java.lang.RuntimePermission "loadLibrary.j2pkcs11";
37 // needs "security.pkcs11.allowSingleThreadedModules"
38 permission java.util.PropertyPermission "*", "read";
39 permission java.security.SecurityPermission "putProviderProperty.*";
40 permission java.security.SecurityPermission "clearProviderProperties.*";
41 permission java.security.SecurityPermission "removeProviderProperty.*";
42 permission java.security.SecurityPermission "getProperty.auth.login.defaultCallbackHandler";
43 permission java.security.SecurityPermission "authProvider.*";
44 // Needed for reading PKCS11 config file and NSS library check
45 permission java.io.FilePermission "<<ALL FILES>>", "read";
46 };
47
48 grant codeBase "jrt:/jdk.dynalink" {
49 permission java.security.AllPermission;
50 };
51
52 grant codeBase "jrt:/jdk.internal.le" {
53 permission java.security.AllPermission;
54 };
55
56 grant codeBase "jrt:/jdk.jsobject" {
57 permission java.security.AllPermission;
58 };
59
60 grant codeBase "jrt:/jdk.localedata" {
61 permission java.lang.RuntimePermission "accessClassInPackage.sun.text.*";
62 permission java.lang.RuntimePermission "accessClassInPackage.sun.util.*";
63 permission java.util.PropertyPermission "*", "read";
64 };
65
66 grant codeBase "jrt:/jdk.naming.dns" {
67 permission java.security.AllPermission;
68 };
69
70 grant codeBase "jrt:/jdk.scripting.nashorn" {
71 permission java.security.AllPermission;
72 };
73
74 grant codeBase "jrt:/jdk.scripting.nashorn.shell" {
75 permission java.security.AllPermission;
76 };
77
78 grant codeBase "jrt:/java.xml.bind" {
79 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.xml.internal.*";
80 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal";
81 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal.*";
82 permission java.lang.RuntimePermission "accessDeclaredMembers";
83 permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
84 permission java.util.PropertyPermission "*", "read";
85 };
86
87 grant codeBase "jrt:/java.xml.ws" {
88 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.xml.internal.*";
89 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal";
90 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal.*";
91 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.org.apache.xerces.internal.*";
92 permission java.lang.RuntimePermission "accessDeclaredMembers";
93 permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
94 permission java.util.PropertyPermission "*", "read";
95 };
96
97 grant codeBase "jrt:/jdk.zipfs" {
98 permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
99 permission java.lang.RuntimePermission "fileSystemProvider";
100 permission java.util.PropertyPermission "*", "read";
101 };
102
103 // default permissions granted to all domains
104
105 grant {
106 // allows anyone to listen on dynamic ports
107 permission java.net.SocketPermission "localhost:0", "listen";
108
109 // "standard" properies that can be read by anyone
110
111 permission java.util.PropertyPermission "java.version", "read";
112 permission java.util.PropertyPermission "java.vendor", "read";
113 permission java.util.PropertyPermission "java.vendor.url", "read";
114 permission java.util.PropertyPermission "java.class.version", "read";
115 permission java.util.PropertyPermission "os.name", "read";
116 permission java.util.PropertyPermission "os.version", "read";
117 permission java.util.PropertyPermission "os.arch", "read";
118 permission java.util.PropertyPermission "file.separator", "read";
119 permission java.util.PropertyPermission "path.separator", "read";
120 permission java.util.PropertyPermission "line.separator", "read";
121
122 permission java.util.PropertyPermission "java.specification.version", "read";
123 permission java.util.PropertyPermission "java.specification.vendor", "read";
124 permission java.util.PropertyPermission "java.specification.name", "read";
125
126 permission java.util.PropertyPermission "java.vm.specification.version", "read";
127 permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
128 permission java.util.PropertyPermission "java.vm.specification.name", "read";
129 permission java.util.PropertyPermission "java.vm.version", "read";
130 permission java.util.PropertyPermission "java.vm.vendor", "read";
131 permission java.util.PropertyPermission "java.vm.name", "read";
132 };
133