New src/java.base/share/lib/security/default.policy

   1 //
   2 // Permissions required by modules stored in a run-time image and loaded
   3 // by the platform class loader.
   4 //
   5 // NOTE that this file is not intended to be modified. If additional
   6 // permissions need to be granted to the modules in this file, it is
   7 // recommended that they be configured in a separate policy file or
   8 // ${java.home}/conf/security/java.policy.
   9 //
  10 
  11 grant codeBase "jrt:/java.activation" {
  12     permission java.security.AllPermission;
  13 };
  14 
  15 grant codeBase "jrt:/java.compiler" {
  16     permission java.security.AllPermission;
  17 };
  18 
  19 grant codeBase "jrt:/java.corba" {
  20     permission java.security.AllPermission;
  21 };
  22 
  23 grant codeBase "jrt:/java.scripting" {
  24     permission java.security.AllPermission;
  25 };
  26 
  27 grant codeBase "jrt:/java.security.jgss" {
  28     permission java.security.AllPermission;
  29 };
  30 
  31 grant codeBase "jrt:/java.smartcardio" {
  32     permission javax.smartcardio.CardPermission "*", "*";
  33     permission java.lang.RuntimePermission "loadLibrary.j2pcsc";
  34     permission java.lang.RuntimePermission
  35                    "accessClassInPackage.sun.security.*";
  36     permission java.util.PropertyPermission "*", "read";
  37     // needed for looking up native PC/SC library
  38     permission java.io.FilePermission "<<ALL FILES>>","read";
  39     permission java.security.SecurityPermission "putProviderProperty.SunPCSC";
  40     permission java.security.SecurityPermission
  41                    "clearProviderProperties.SunPCSC";
  42     permission java.security.SecurityPermission
  43                    "removeProviderProperty.SunPCSC";
  44 };
  45 
  46 grant codeBase "jrt:/java.sql" {
  47     permission java.security.AllPermission;
  48 };
  49 
  50 grant codeBase "jrt:/java.sql.rowset" {
  51     permission java.security.AllPermission;
  52 };
  53 
  54 grant codeBase "jrt:/java.xml.bind" {
  55     permission java.lang.RuntimePermission
  56                    "accessClassInPackage.com.sun.xml.internal.*";
  57     permission java.lang.RuntimePermission
  58                    "accessClassInPackage.com.sun.istack.internal";
  59     permission java.lang.RuntimePermission
  60                    "accessClassInPackage.com.sun.istack.internal.*";
  61     permission java.lang.RuntimePermission "accessDeclaredMembers";
  62     permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
  63     permission java.util.PropertyPermission "*", "read";
  64 };
  65 
  66 grant codeBase "jrt:/java.xml.crypto" {
  67     permission java.util.PropertyPermission "*", "read";
  68     permission java.security.SecurityPermission "putProviderProperty.XMLDSig";
  69     permission java.security.SecurityPermission
  70                    "clearProviderProperties.XMLDSig";
  71     permission java.security.SecurityPermission
  72                    "removeProviderProperty.XMLDSig";
  73     permission java.security.SecurityPermission
  74                    "com.sun.org.apache.xml.internal.security.register";
  75     permission java.security.SecurityPermission
  76                    "getProperty.jdk.xml.dsig.secureValidationPolicy";
  77 };
  78 
  79 grant codeBase "jrt:/java.xml.ws" {
  80     permission java.lang.RuntimePermission
  81                    "accessClassInPackage.com.sun.xml.internal.*";
  82     permission java.lang.RuntimePermission
  83                    "accessClassInPackage.com.sun.istack.internal";
  84     permission java.lang.RuntimePermission
  85                    "accessClassInPackage.com.sun.istack.internal.*";
  86     permission java.lang.RuntimePermission
  87                    "accessClassInPackage.com.sun.org.apache.xerces.internal.*";
  88     permission java.lang.RuntimePermission "accessDeclaredMembers";
  89     permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
  90     permission java.util.PropertyPermission "*", "read";
  91 };
  92 
  93 grant codeBase "jrt:/jdk.charsets" {
  94     permission java.io.FilePermission "${java.home}/-", "read";
  95     permission java.util.PropertyPermission "os.name", "read";
  96     permission java.util.PropertyPermission "sun.nio.cs.map", "read";
  97     permission java.lang.RuntimePermission "charsetProvider";
  98     permission java.lang.RuntimePermission
  99                    "accessClassInPackage.jdk.internal.misc";
 100     permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.cs";
 101 };
 102 
 103 grant codeBase "jrt:/jdk.crypto.ec" {
 104     permission java.lang.RuntimePermission
 105                    "accessClassInPackage.sun.security.*";
 106     permission java.lang.RuntimePermission "loadLibrary.sunec";
 107     permission java.security.SecurityPermission "putProviderProperty.SunEC";
 108     permission java.security.SecurityPermission "clearProviderProperties.SunEC";
 109     permission java.security.SecurityPermission "removeProviderProperty.SunEC";
 110 };
 111 
 112 grant codeBase "jrt:/jdk.crypto.pkcs11" {
 113     permission java.lang.RuntimePermission
 114                    "accessClassInPackage.sun.security.*";
 115     permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
 116     permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
 117     permission java.lang.RuntimePermission "loadLibrary.j2pkcs11";
 118     // needs "security.pkcs11.allowSingleThreadedModules"
 119     permission java.util.PropertyPermission "*", "read";
 120     permission java.security.SecurityPermission "putProviderProperty.*";
 121     permission java.security.SecurityPermission "clearProviderProperties.*";
 122     permission java.security.SecurityPermission "removeProviderProperty.*";
 123     permission java.security.SecurityPermission
 124                    "getProperty.auth.login.defaultCallbackHandler";
 125     permission java.security.SecurityPermission "authProvider.*";
 126     // Needed for reading PKCS11 config file and NSS library check
 127     permission java.io.FilePermission "<<ALL FILES>>", "read";
 128 };
 129 
 130 grant codeBase "jrt:/jdk.dynalink" {
 131     permission java.security.AllPermission;
 132 };
 133 
 134 grant codeBase "jrt:/jdk.internal.le" {
 135     permission java.security.AllPermission;
 136 };
 137 
 138 grant codeBase "jrt:/jdk.jsobject" {
 139     permission java.security.AllPermission;
 140 };
 141 
 142 grant codeBase "jrt:/jdk.localedata" {
 143     permission java.lang.RuntimePermission "accessClassInPackage.sun.text.*";
 144     permission java.lang.RuntimePermission "accessClassInPackage.sun.util.*";
 145     permission java.util.PropertyPermission "*", "read";
 146 };
 147 
 148 grant codeBase "jrt:/jdk.naming.dns" {
 149     permission java.security.AllPermission;
 150 };
 151 
 152 grant codeBase "jrt:/jdk.scripting.nashorn" {
 153     permission java.security.AllPermission;
 154 };
 155 
 156 grant codeBase "jrt:/jdk.scripting.nashorn.shell" {
 157     permission java.security.AllPermission;
 158 };
 159 
 160 grant codeBase "jrt:/jdk.security.auth" {
 161     permission java.security.AllPermission;
 162 };
 163 
 164 grant codeBase "jrt:/jdk.security.jgss" {
 165     permission java.security.AllPermission;
 166 };
 167 
 168 grant codeBase "jrt:/jdk.zipfs" {
 169     permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
 170     permission java.lang.RuntimePermission "fileSystemProvider";
 171     permission java.util.PropertyPermission "*", "read";
 172 };
 173