1 // permissions required by each component 2 grant codeBase "jrt:/java.corba" { 3 permission java.security.AllPermission; 4 }; 5 6 grant codeBase "jrt:/jdk.zipfs" { 7 permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete"; 8 permission java.lang.RuntimePermission "fileSystemProvider"; 9 permission java.util.PropertyPermission "*", "read"; 10 }; 11 12 grant codeBase "jrt:/jdk.localedata" { 13 permission java.lang.RuntimePermission "accessClassInPackage.sun.text.*"; 14 permission java.lang.RuntimePermission "accessClassInPackage.sun.util.*"; 15 permission java.util.PropertyPermission "*", "read"; 16 }; 17 18 grant codeBase "jrt:/jdk.naming.dns" { 19 permission java.security.AllPermission; 20 }; 21 22 grant codeBase "jrt:/jdk.scripting.nashorn" { 23 permission java.security.AllPermission; 24 }; 25 26 grant codeBase "jrt:/jdk.scripting.nashorn.shell" { 27 permission java.security.AllPermission; 28 }; 29 30 grant codeBase "jrt:/jdk.internal.le" { 31 permission java.security.AllPermission; 32 }; 33 34 grant codeBase "jrt:/jdk.crypto.ucrypto" { 35 permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; 36 permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch"; 37 permission java.lang.RuntimePermission "loadLibrary.j2ucrypto"; 38 // need "com.oracle.security.ucrypto.debug" for debugging 39 permission java.util.PropertyPermission "*", "read"; 40 permission java.security.SecurityPermission "putProviderProperty.OracleUcrypto"; 41 permission java.security.SecurityPermission "clearProviderProperties.OracleUcrypto"; 42 permission java.security.SecurityPermission "removeProviderProperty.OracleUcrypto"; 43 permission java.io.FilePermission "${java.home}/conf/security/ucrypto-solaris.cfg", "read"; 44 }; 45 46 grant codeBase "jrt:/jdk.crypto.ec" { 47 permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; 48 permission java.lang.RuntimePermission "loadLibrary.sunec"; 49 permission java.util.PropertyPermission "*", "read"; 50 permission java.security.SecurityPermission "putProviderProperty.SunEC"; 51 permission java.security.SecurityPermission "clearProviderProperties.SunEC"; 52 permission java.security.SecurityPermission "removeProviderProperty.SunEC"; 53 }; 54 55 grant codeBase "jrt:/jdk.crypto.pkcs11" { 56 permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; 57 permission java.lang.RuntimePermission "accessClassInPackage.sun.misc"; 58 permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch"; 59 permission java.lang.RuntimePermission "loadLibrary.j2pkcs11"; 60 // needs "security.pkcs11.allowSingleThreadedModules" 61 permission java.util.PropertyPermission "*", "read"; 62 permission java.security.SecurityPermission "putProviderProperty.*"; 63 permission java.security.SecurityPermission "clearProviderProperties.*"; 64 permission java.security.SecurityPermission "removeProviderProperty.*"; 65 permission java.security.SecurityPermission "getProperty.auth.login.defaultCallbackHandler"; 66 permission java.security.SecurityPermission "authProvider.*"; 67 // Needed for reading PKCS11 config file and NSS library check 68 permission java.io.FilePermission "<<ALL FILES>>", "read"; 69 }; 70 71 grant codeBase "jrt:/java.xml.ws" { 72 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.xml.internal.*"; 73 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal"; 74 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal.*"; 75 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.org.apache.xerces.internal.*"; 76 permission java.lang.RuntimePermission "accessDeclaredMembers"; 77 permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; 78 permission java.util.PropertyPermission "*", "read"; 79 }; 80 81 grant codeBase "jrt:/java.xml.bind" { 82 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.xml.internal.*"; 83 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal"; 84 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal.*"; 85 permission java.lang.RuntimePermission "accessDeclaredMembers"; 86 permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; 87 permission java.util.PropertyPermission "*", "read"; 88 }; 89 90 grant codeBase "jrt:/java.activation" { 91 permission java.security.AllPermission; 92 }; 93 94 // default permissions granted to all domains 95 96 grant { 97 // Allows any thread to stop itself using the java.lang.Thread.stop() 98 // method that takes no argument. 99 // Note that this permission is granted by default only to remain 100 // backwards compatible. 101 // It is strongly recommended that you either remove this permission 102 // from this policy file or further restrict it to code sources 103 // that you specify, because Thread.stop() is potentially unsafe. 104 // See the API specification of java.lang.Thread.stop() for more 105 // information. 106 permission java.lang.RuntimePermission "stopThread"; 107 108 // allows anyone to listen on dynamic ports 109 permission java.net.SocketPermission "localhost:0", "listen"; 110 111 // "standard" properies that can be read by anyone 112 113 permission java.util.PropertyPermission "java.version", "read"; 114 permission java.util.PropertyPermission "java.vendor", "read"; 115 permission java.util.PropertyPermission "java.vendor.url", "read"; 116 permission java.util.PropertyPermission "java.class.version", "read"; 117 permission java.util.PropertyPermission "os.name", "read"; 118 permission java.util.PropertyPermission "os.version", "read"; 119 permission java.util.PropertyPermission "os.arch", "read"; 120 permission java.util.PropertyPermission "file.separator", "read"; 121 permission java.util.PropertyPermission "path.separator", "read"; 122 permission java.util.PropertyPermission "line.separator", "read"; 123 124 permission java.util.PropertyPermission "java.specification.version", "read"; 125 permission java.util.PropertyPermission "java.specification.vendor", "read"; 126 permission java.util.PropertyPermission "java.specification.name", "read"; 127 128 permission java.util.PropertyPermission "java.vm.specification.version", "read"; 129 permission java.util.PropertyPermission "java.vm.specification.vendor", "read"; 130 permission java.util.PropertyPermission "java.vm.specification.name", "read"; 131 permission java.util.PropertyPermission "java.vm.version", "read"; 132 permission java.util.PropertyPermission "java.vm.vendor", "read"; 133 permission java.util.PropertyPermission "java.vm.name", "read"; 134 }; 135