1 //
   2 // Permissions required by modules stored in a run-time image and loaded
   3 // by the platform class loader.
   4 //
   5 // NOTE that this file is not intended to be modified. If additional
   6 // permissions need to be granted to the modules in this file, it is
   7 // recommended that they be configured in a separate policy file or
   8 // ${java.home}/conf/security/java.policy.
   9 //
  10 
  11 
  12 grant codeBase "jrt:/java.compiler" {
  13     permission java.security.AllPermission;
  14 };
  15 
  16 
  17 grant codeBase "jrt:/java.net.http" {
  18     permission java.lang.RuntimePermission "accessClassInPackage.sun.net";
  19     permission java.lang.RuntimePermission "accessClassInPackage.sun.net.util";
  20     permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www";
  21     permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.misc";
  22     permission java.net.SocketPermission "*","connect,resolve";
  23     permission java.net.URLPermission "http:*","*:*";
  24     permission java.net.URLPermission "https:*","*:*";
  25     permission java.net.URLPermission "ws:*","*:*";
  26     permission java.net.URLPermission "wss:*","*:*";
  27     permission java.net.URLPermission "socket:*","CONNECT";  // proxy
  28     // For request/response body processors, fromFile, asFile
  29     permission java.io.FilePermission "<<ALL FILES>>","read,write,delete";
  30     permission java.util.PropertyPermission "*","read";
  31     permission java.net.NetPermission "getProxySelector";
  32 };
  33 
  34 grant codeBase "jrt:/java.scripting" {
  35     permission java.security.AllPermission;
  36 };
  37 
  38 grant codeBase "jrt:/java.security.jgss" {
  39     permission java.security.AllPermission;
  40 };
  41 
  42 grant codeBase "jrt:/java.smartcardio" {
  43     permission javax.smartcardio.CardPermission "*", "*";
  44     permission java.lang.RuntimePermission "loadLibrary.j2pcsc";
  45     permission java.lang.RuntimePermission
  46                    "accessClassInPackage.sun.security.jca";
  47     permission java.lang.RuntimePermission
  48                    "accessClassInPackage.sun.security.util";
  49     permission java.util.PropertyPermission
  50                    "javax.smartcardio.TerminalFactory.DefaultType", "read";
  51     permission java.util.PropertyPermission "os.name", "read";
  52     permission java.util.PropertyPermission "os.arch", "read";
  53     permission java.util.PropertyPermission "sun.arch.data.model", "read";
  54     permission java.util.PropertyPermission
  55                    "sun.security.smartcardio.library", "read";
  56     permission java.util.PropertyPermission
  57                    "sun.security.smartcardio.t0GetResponse", "read";
  58     permission java.util.PropertyPermission
  59                    "sun.security.smartcardio.t1GetResponse", "read";
  60     permission java.util.PropertyPermission
  61                    "sun.security.smartcardio.t1StripLe", "read";
  62     // needed for looking up native PC/SC library
  63     permission java.io.FilePermission "<<ALL FILES>>","read";
  64     permission java.security.SecurityPermission "putProviderProperty.SunPCSC";
  65     permission java.security.SecurityPermission
  66                    "clearProviderProperties.SunPCSC";
  67     permission java.security.SecurityPermission
  68                    "removeProviderProperty.SunPCSC";
  69 };
  70 
  71 grant codeBase "jrt:/java.sql" {
  72     permission java.security.AllPermission;
  73 };
  74 
  75 grant codeBase "jrt:/java.sql.rowset" {
  76     permission java.security.AllPermission;
  77 };
  78 
  79 
  80 grant codeBase "jrt:/java.xml.crypto" {
  81     permission java.lang.RuntimePermission
  82                    "accessClassInPackage.sun.security.util";
  83     permission java.util.PropertyPermission "*", "read";
  84     permission java.security.SecurityPermission "putProviderProperty.XMLDSig";
  85     permission java.security.SecurityPermission
  86                    "clearProviderProperties.XMLDSig";
  87     permission java.security.SecurityPermission
  88                    "removeProviderProperty.XMLDSig";
  89     permission java.security.SecurityPermission
  90                    "com.sun.org.apache.xml.internal.security.register";
  91     permission java.security.SecurityPermission
  92                    "getProperty.jdk.xml.dsig.secureValidationPolicy";
  93     permission java.lang.RuntimePermission
  94                    "accessClassInPackage.com.sun.org.apache.xml.internal.*";
  95     permission java.lang.RuntimePermission
  96                    "accessClassInPackage.com.sun.org.apache.xpath.internal";
  97     permission java.lang.RuntimePermission
  98                    "accessClassInPackage.com.sun.org.apache.xpath.internal.*";
  99 };
 100 
 101 
 102 grant codeBase "jrt:/jdk.accessibility" {
 103     permission java.lang.RuntimePermission "accessClassInPackage.sun.awt";
 104 };
 105 
 106 grant codeBase "jrt:/jdk.charsets" {
 107     permission java.util.PropertyPermission "os.name", "read";
 108     permission java.util.PropertyPermission "sun.nio.cs.map", "read";
 109     permission java.lang.RuntimePermission "charsetProvider";
 110     permission java.lang.RuntimePermission
 111                    "accessClassInPackage.jdk.internal.misc";
 112     permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.cs";
 113 };
 114 
 115 grant codeBase "jrt:/jdk.crypto.ec" {
 116     permission java.lang.RuntimePermission
 117                    "accessClassInPackage.sun.security.*";
 118     permission java.lang.RuntimePermission "loadLibrary.sunec";
 119     permission java.security.SecurityPermission "putProviderProperty.SunEC";
 120     permission java.security.SecurityPermission "clearProviderProperties.SunEC";
 121     permission java.security.SecurityPermission "removeProviderProperty.SunEC";
 122 };
 123 
 124 grant codeBase "jrt:/jdk.crypto.cryptoki" {
 125     permission java.lang.RuntimePermission
 126                    "accessClassInPackage.sun.security.*";
 127     permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
 128     permission java.lang.RuntimePermission "loadLibrary.j2pkcs11";
 129     permission java.util.PropertyPermission "sun.security.pkcs11.allowSingleThreadedModules", "read";
 130     permission java.util.PropertyPermission "os.name", "read";
 131     permission java.util.PropertyPermission "os.arch", "read";
 132     permission java.util.PropertyPermission "jdk.crypto.KeyAgreement.legacyKDF", "read";
 133     permission java.security.SecurityPermission "putProviderProperty.*";
 134     permission java.security.SecurityPermission "clearProviderProperties.*";
 135     permission java.security.SecurityPermission "removeProviderProperty.*";
 136     permission java.security.SecurityPermission
 137                    "getProperty.auth.login.defaultCallbackHandler";
 138     permission java.security.SecurityPermission "authProvider.*";
 139     // Needed for reading PKCS11 config file and NSS library check
 140     permission java.io.FilePermission "<<ALL FILES>>", "read";
 141 };
 142 
 143 grant codeBase "jrt:/jdk.desktop" {
 144     permission java.lang.RuntimePermission "accessClassInPackage.com.sun.awt";
 145 };
 146 
 147 grant codeBase "jrt:/jdk.dynalink" {
 148     permission java.security.AllPermission;
 149 };
 150 
 151 grant codeBase "jrt:/jdk.httpserver" {
 152     permission java.security.AllPermission;
 153 };
 154 
 155 grant codeBase "jrt:/jdk.internal.le" {
 156     permission java.security.AllPermission;
 157 };
 158 
 159 grant codeBase "jrt:/jdk.internal.vm.compiler" {
 160     permission java.security.AllPermission;
 161 };
 162 
 163 grant codeBase "jrt:/jdk.internal.vm.compiler.management" {
 164     permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.hotspot";
 165     permission java.lang.RuntimePermission "accessClassInPackage.jdk.vm.ci.runtime";
 166     permission java.lang.RuntimePermission "accessClassInPackage.sun.management.spi";
 167     permission java.lang.RuntimePermission "sun.management.spi.PlatformMBeanProvider.subclass";
 168 };
 169 
 170 grant codeBase "jrt:/jdk.jsobject" {
 171     permission java.security.AllPermission;
 172 };
 173 
 174 grant codeBase "jrt:/jdk.localedata" {
 175     permission java.lang.RuntimePermission "accessClassInPackage.sun.text.*";
 176     permission java.lang.RuntimePermission "accessClassInPackage.sun.util.*";
 177 };
 178 
 179 grant codeBase "jrt:/jdk.naming.dns" {
 180     permission java.security.AllPermission;
 181 };
 182 
 183 grant codeBase "jrt:/jdk.scripting.nashorn" {
 184     permission java.security.AllPermission;
 185 };
 186 
 187 grant codeBase "jrt:/jdk.scripting.nashorn.shell" {
 188     permission java.security.AllPermission;
 189 };
 190 
 191 grant codeBase "jrt:/jdk.security.auth" {
 192     permission java.security.AllPermission;
 193 };
 194 
 195 grant codeBase "jrt:/jdk.security.jgss" {
 196     permission java.security.AllPermission;
 197 };
 198 
 199 grant codeBase "jrt:/jdk.zipfs" {
 200     permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
 201     permission java.lang.RuntimePermission "fileSystemProvider";
 202     permission java.util.PropertyPermission "os.name", "read";
 203 };
 204 
 205 // permissions needed by applications using java.desktop module
 206 grant {
 207     permission java.lang.RuntimePermission "accessClassInPackage.com.sun.beans";
 208     permission java.lang.RuntimePermission "accessClassInPackage.com.sun.beans.*";
 209     permission java.lang.RuntimePermission "accessClassInPackage.com.sun.java.swing.plaf.*";
 210     permission java.lang.RuntimePermission "accessClassInPackage.com.apple.*";
 211 };