1 // 2 // Permissions required by modules stored in a run-time image and loaded 3 // by the platform class loader. 4 // 5 // NOTE that this file is not intended to be modified. If additional 6 // permissions need to be granted to the modules in this file, it is 7 // recommended that they be configured in a separate policy file or 8 // ${java.home}/conf/security/java.policy. 9 // 10 11 12 grant codeBase "jrt:/java.compiler" { 13 permission java.security.AllPermission; 14 }; 15 16 17 grant codeBase "jrt:/java.net.http" { 18 permission java.lang.RuntimePermission "accessClassInPackage.sun.net"; 19 permission java.lang.RuntimePermission "accessClassInPackage.sun.net.util"; 20 permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www"; 21 permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.misc"; 22 permission java.net.SocketPermission "*","connect,resolve"; 23 permission java.net.URLPermission "http:*","*:*"; 24 permission java.net.URLPermission "https:*","*:*"; 25 permission java.net.URLPermission "ws:*","*:*"; 26 permission java.net.URLPermission "wss:*","*:*"; 27 permission java.net.URLPermission "socket:*","CONNECT"; // proxy 28 // For request/response body processors, fromFile, asFile 29 permission java.io.FilePermission "<<ALL FILES>>","read,write,delete"; 30 permission java.util.PropertyPermission "*","read"; 31 permission java.net.NetPermission "getProxySelector"; 32 }; 33 34 grant codeBase "jrt:/java.scripting" { 35 permission java.security.AllPermission; 36 }; 37 38 grant codeBase "jrt:/java.security.jgss" { 39 permission java.security.AllPermission; 40 }; 41 42 grant codeBase "jrt:/java.smartcardio" { 43 permission javax.smartcardio.CardPermission "*", "*"; 44 permission java.lang.RuntimePermission "loadLibrary.j2pcsc"; 45 permission java.lang.RuntimePermission 46 "accessClassInPackage.sun.security.jca"; 47 permission java.lang.RuntimePermission 48 "accessClassInPackage.sun.security.util"; 49 permission java.util.PropertyPermission 50 "javax.smartcardio.TerminalFactory.DefaultType", "read"; 51 permission java.util.PropertyPermission "os.name", "read"; 52 permission java.util.PropertyPermission "os.arch", "read"; 53 permission java.util.PropertyPermission "sun.arch.data.model", "read"; 54 permission java.util.PropertyPermission 55 "sun.security.smartcardio.library", "read"; 56 permission java.util.PropertyPermission 57 "sun.security.smartcardio.t0GetResponse", "read"; 58 permission java.util.PropertyPermission 59 "sun.security.smartcardio.t1GetResponse", "read"; 60 permission java.util.PropertyPermission 61 "sun.security.smartcardio.t1StripLe", "read"; 62 // needed for looking up native PC/SC library 63 permission java.io.FilePermission "<<ALL FILES>>","read"; 64 permission java.security.SecurityPermission "putProviderProperty.SunPCSC"; 65 permission java.security.SecurityPermission 66 "clearProviderProperties.SunPCSC"; 67 permission java.security.SecurityPermission 68 "removeProviderProperty.SunPCSC"; 69 }; 70 71 grant codeBase "jrt:/java.sql" { 72 permission java.security.AllPermission; 73 }; 74 75 grant codeBase "jrt:/java.sql.rowset" { 76 permission java.security.AllPermission; 77 }; 78 79 80 grant codeBase "jrt:/java.xml.crypto" { 81 permission java.lang.RuntimePermission 82 "accessClassInPackage.sun.security.util"; 83 permission java.util.PropertyPermission "*", "read"; 84 permission java.security.SecurityPermission "putProviderProperty.XMLDSig"; 85 permission java.security.SecurityPermission 86 "clearProviderProperties.XMLDSig"; 87 permission java.security.SecurityPermission 88 "removeProviderProperty.XMLDSig"; 89 permission java.security.SecurityPermission 90 "com.sun.org.apache.xml.internal.security.register"; 91 permission java.security.SecurityPermission 92 "getProperty.jdk.xml.dsig.secureValidationPolicy"; 93 permission java.lang.RuntimePermission 94 "accessClassInPackage.com.sun.org.apache.xml.internal.*"; 95 permission java.lang.RuntimePermission 96 "accessClassInPackage.com.sun.org.apache.xpath.internal"; 97 permission java.lang.RuntimePermission 98 "accessClassInPackage.com.sun.org.apache.xpath.internal.*"; 99 }; 100 101 102 grant codeBase "jrt:/jdk.accessibility" { 103 permission java.lang.RuntimePermission "accessClassInPackage.sun.awt"; 104 }; 105 106 grant codeBase "jrt:/jdk.charsets" { 107 permission java.util.PropertyPermission "os.name", "read"; 108 permission java.util.PropertyPermission "sun.nio.cs.map", "read"; 109 permission java.lang.RuntimePermission "charsetProvider"; 110 permission java.lang.RuntimePermission 111 "accessClassInPackage.jdk.internal.misc"; 112 permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.cs"; 113 }; 114 115 grant codeBase "jrt:/jdk.crypto.ec" { 116 permission java.lang.RuntimePermission 117 "accessClassInPackage.sun.security.*"; 118 permission java.lang.RuntimePermission "loadLibrary.sunec"; 119 permission java.security.SecurityPermission "putProviderProperty.SunEC"; 120 permission java.security.SecurityPermission "clearProviderProperties.SunEC"; 121 permission java.security.SecurityPermission "removeProviderProperty.SunEC"; 122 }; 123 124 grant codeBase "jrt:/jdk.crypto.cryptoki" { 125 permission java.lang.RuntimePermission 126 "accessClassInPackage.sun.security.*"; 127 permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch"; 128 permission java.lang.RuntimePermission "loadLibrary.j2pkcs11"; 129 permission java.util.PropertyPermission "sun.security.pkcs11.allowSingleThreadedModules", "read"; 130 permission java.util.PropertyPermission "os.name", "read"; 131 permission java.util.PropertyPermission "os.arch", "read"; 132 permission java.util.PropertyPermission "jdk.crypto.KeyAgreement.legacyKDF", "read"; 133 permission java.security.SecurityPermission "putProviderProperty.*"; 134 permission java.security.SecurityPermission "clearProviderProperties.*"; 135 permission java.security.SecurityPermission "removeProviderProperty.*"; 136 permission java.security.SecurityPermission 137 "getProperty.auth.login.defaultCallbackHandler"; 138 permission java.security.SecurityPermission "authProvider.*"; 139 // Needed for reading PKCS11 config file and NSS library check 140 permission java.io.FilePermission "<<ALL FILES>>", "read"; 141 }; 142 143 grant codeBase "jrt:/jdk.desktop" { 144 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.awt"; 145 }; 146 147 grant codeBase "jrt:/jdk.dynalink" { 148 permission java.security.AllPermission; 149 }; 150 151 grant codeBase "jrt:/jdk.httpserver" { 152 permission java.security.AllPermission; 153 }; 154 155 grant codeBase "jrt:/jdk.internal.le" { 156 permission java.security.AllPermission; 157 }; 158 159 grant codeBase "jrt:/jdk.internal.vm.compiler" { 160 permission java.security.AllPermission; 161 }; 162 163 grant codeBase "jrt:/jdk.internal.vm.compiler.management" { 164 permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.hotspot"; 165 permission java.lang.RuntimePermission "accessClassInPackage.jdk.vm.ci.runtime"; 166 permission java.lang.RuntimePermission "accessClassInPackage.sun.management.spi"; 167 permission java.lang.RuntimePermission "sun.management.spi.PlatformMBeanProvider.subclass"; 168 }; 169 170 grant codeBase "jrt:/jdk.jsobject" { 171 permission java.security.AllPermission; 172 }; 173 174 grant codeBase "jrt:/jdk.localedata" { 175 permission java.lang.RuntimePermission "accessClassInPackage.sun.text.*"; 176 permission java.lang.RuntimePermission "accessClassInPackage.sun.util.*"; 177 }; 178 179 grant codeBase "jrt:/jdk.naming.dns" { 180 permission java.security.AllPermission; 181 }; 182 183 grant codeBase "jrt:/jdk.scripting.nashorn" { 184 permission java.security.AllPermission; 185 }; 186 187 grant codeBase "jrt:/jdk.scripting.nashorn.shell" { 188 permission java.security.AllPermission; 189 }; 190 191 grant codeBase "jrt:/jdk.security.auth" { 192 permission java.security.AllPermission; 193 }; 194 195 grant codeBase "jrt:/jdk.security.jgss" { 196 permission java.security.AllPermission; 197 }; 198 199 grant codeBase "jrt:/jdk.zipfs" { 200 permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete"; 201 permission java.lang.RuntimePermission "fileSystemProvider"; 202 permission java.util.PropertyPermission "os.name", "read"; 203 }; 204 205 // permissions needed by applications using java.desktop module 206 grant { 207 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.beans"; 208 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.beans.*"; 209 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.java.swing.plaf.*"; 210 permission java.lang.RuntimePermission "accessClassInPackage.com.apple.*"; 211 };