1 // permissions required by each component 2 3 grant codeBase "jrt:/java.activation" { 4 permission java.security.AllPermission; 5 }; 6 7 grant codeBase "jrt:/java.corba" { 8 permission java.security.AllPermission; 9 }; 10 11 grant codeBase "jrt:/jdk.crypto.ucrypto" { 12 permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; 13 permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch"; 14 permission java.lang.RuntimePermission "loadLibrary.j2ucrypto"; 15 // need "com.oracle.security.ucrypto.debug" for debugging 16 permission java.util.PropertyPermission "*", "read"; 17 permission java.security.SecurityPermission "putProviderProperty.OracleUcrypto"; 18 permission java.security.SecurityPermission "clearProviderProperties.OracleUcrypto"; 19 permission java.security.SecurityPermission "removeProviderProperty.OracleUcrypto"; 20 permission java.io.FilePermission "${java.home}/conf/security/ucrypto-solaris.cfg", "read"; 21 }; 22 23 grant codeBase "jrt:/jdk.crypto.ec" { 24 permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; 25 permission java.lang.RuntimePermission "loadLibrary.sunec"; 26 permission java.util.PropertyPermission "*", "read"; 27 permission java.security.SecurityPermission "putProviderProperty.SunEC"; 28 permission java.security.SecurityPermission "clearProviderProperties.SunEC"; 29 permission java.security.SecurityPermission "removeProviderProperty.SunEC"; 30 }; 31 32 grant codeBase "jrt:/jdk.crypto.pkcs11" { 33 permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; 34 permission java.lang.RuntimePermission "accessClassInPackage.sun.misc"; 35 permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch"; 36 permission java.lang.RuntimePermission "loadLibrary.j2pkcs11"; 37 // needs "security.pkcs11.allowSingleThreadedModules" 38 permission java.util.PropertyPermission "*", "read"; 39 permission java.security.SecurityPermission "putProviderProperty.*"; 40 permission java.security.SecurityPermission "clearProviderProperties.*"; 41 permission java.security.SecurityPermission "removeProviderProperty.*"; 42 permission java.security.SecurityPermission "getProperty.auth.login.defaultCallbackHandler"; 43 permission java.security.SecurityPermission "authProvider.*"; 44 // Needed for reading PKCS11 config file and NSS library check 45 permission java.io.FilePermission "<<ALL FILES>>", "read"; 46 }; 47 48 grant codeBase "jrt:/jdk.dynalink" { 49 permission java.security.AllPermission; 50 }; 51 52 grant codeBase "jrt:/jdk.internal.le" { 53 permission java.security.AllPermission; 54 }; 55 56 grant codeBase "jrt:/jdk.jsobject" { 57 permission java.security.AllPermission; 58 }; 59 60 grant codeBase "jrt:/jdk.localedata" { 61 permission java.lang.RuntimePermission "accessClassInPackage.sun.text.*"; 62 permission java.lang.RuntimePermission "accessClassInPackage.sun.util.*"; 63 permission java.util.PropertyPermission "*", "read"; 64 }; 65 66 grant codeBase "jrt:/jdk.naming.dns" { 67 permission java.security.AllPermission; 68 }; 69 70 grant codeBase "jrt:/jdk.scripting.nashorn" { 71 permission java.security.AllPermission; 72 }; 73 74 grant codeBase "jrt:/jdk.scripting.nashorn.shell" { 75 permission java.security.AllPermission; 76 }; 77 78 grant codeBase "jrt:/java.xml.bind" { 79 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.xml.internal.*"; 80 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal"; 81 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal.*"; 82 permission java.lang.RuntimePermission "accessDeclaredMembers"; 83 permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; 84 permission java.util.PropertyPermission "*", "read"; 85 }; 86 87 grant codeBase "jrt:/java.xml.ws" { 88 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.xml.internal.*"; 89 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal"; 90 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal.*"; 91 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.org.apache.xerces.internal.*"; 92 permission java.lang.RuntimePermission "accessDeclaredMembers"; 93 permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; 94 permission java.util.PropertyPermission "*", "read"; 95 }; 96 97 grant codeBase "jrt:/jdk.zipfs" { 98 permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete"; 99 permission java.lang.RuntimePermission "fileSystemProvider"; 100 permission java.util.PropertyPermission "*", "read"; 101 }; 102 103 // default permissions granted to all domains 104 105 grant { 106 // allows anyone to listen on dynamic ports 107 permission java.net.SocketPermission "localhost:0", "listen"; 108 109 // "standard" properies that can be read by anyone 110 111 permission java.util.PropertyPermission "java.version", "read"; 112 permission java.util.PropertyPermission "java.vendor", "read"; 113 permission java.util.PropertyPermission "java.vendor.url", "read"; 114 permission java.util.PropertyPermission "java.class.version", "read"; 115 permission java.util.PropertyPermission "os.name", "read"; 116 permission java.util.PropertyPermission "os.version", "read"; 117 permission java.util.PropertyPermission "os.arch", "read"; 118 permission java.util.PropertyPermission "file.separator", "read"; 119 permission java.util.PropertyPermission "path.separator", "read"; 120 permission java.util.PropertyPermission "line.separator", "read"; 121 122 permission java.util.PropertyPermission "java.specification.version", "read"; 123 permission java.util.PropertyPermission "java.specification.vendor", "read"; 124 permission java.util.PropertyPermission "java.specification.name", "read"; 125 126 permission java.util.PropertyPermission "java.vm.specification.version", "read"; 127 permission java.util.PropertyPermission "java.vm.specification.vendor", "read"; 128 permission java.util.PropertyPermission "java.vm.specification.name", "read"; 129 permission java.util.PropertyPermission "java.vm.version", "read"; 130 permission java.util.PropertyPermission "java.vm.vendor", "read"; 131 permission java.util.PropertyPermission "java.vm.name", "read"; 132 }; 133