1 // permissions required by each component
2 grant codeBase "jrt:/java.corba" {
3 permission java.security.AllPermission;
4 };
5
6 grant codeBase "jrt:/jdk.zipfs" {
7 permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
8 permission java.lang.RuntimePermission "fileSystemProvider";
9 permission java.util.PropertyPermission "*", "read";
10 };
11
12 grant codeBase "jrt:/jdk.localedata" {
13 permission java.lang.RuntimePermission "accessClassInPackage.sun.text.*";
14 permission java.lang.RuntimePermission "accessClassInPackage.sun.util.*";
15 permission java.util.PropertyPermission "*", "read";
16 };
17
18 grant codeBase "jrt:/jdk.naming.dns" {
19 permission java.security.AllPermission;
20 };
21
22 grant codeBase "jrt:/jdk.dynalink" {
23 permission java.security.AllPermission;
24 };
25
26 grant codeBase "jrt:/jdk.scripting.nashorn" {
27 permission java.security.AllPermission;
28 };
29
30 grant codeBase "jrt:/jdk.scripting.nashorn.shell" {
31 permission java.security.AllPermission;
32 };
33
34 grant codeBase "jrt:/jdk.internal.le" {
35 permission java.security.AllPermission;
36 };
37
38 grant codeBase "jrt:/jdk.crypto.ucrypto" {
39 permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
40 permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
41 permission java.lang.RuntimePermission "loadLibrary.j2ucrypto";
42 // need "com.oracle.security.ucrypto.debug" for debugging
43 permission java.util.PropertyPermission "*", "read";
44 permission java.security.SecurityPermission "putProviderProperty.OracleUcrypto";
45 permission java.security.SecurityPermission "clearProviderProperties.OracleUcrypto";
46 permission java.security.SecurityPermission "removeProviderProperty.OracleUcrypto";
47 permission java.io.FilePermission "${java.home}/conf/security/ucrypto-solaris.cfg", "read";
48 };
49
50 grant codeBase "jrt:/jdk.crypto.ec" {
51 permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
52 permission java.lang.RuntimePermission "loadLibrary.sunec";
53 permission java.util.PropertyPermission "*", "read";
54 permission java.security.SecurityPermission "putProviderProperty.SunEC";
55 permission java.security.SecurityPermission "clearProviderProperties.SunEC";
56 permission java.security.SecurityPermission "removeProviderProperty.SunEC";
57 };
58
59 grant codeBase "jrt:/jdk.crypto.pkcs11" {
60 permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
61 permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
62 permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
63 permission java.lang.RuntimePermission "loadLibrary.j2pkcs11";
64 // needs "security.pkcs11.allowSingleThreadedModules"
65 permission java.util.PropertyPermission "*", "read";
66 permission java.security.SecurityPermission "putProviderProperty.*";
67 permission java.security.SecurityPermission "clearProviderProperties.*";
68 permission java.security.SecurityPermission "removeProviderProperty.*";
69 permission java.security.SecurityPermission "getProperty.auth.login.defaultCallbackHandler";
70 permission java.security.SecurityPermission "authProvider.*";
71 // Needed for reading PKCS11 config file and NSS library check
72 permission java.io.FilePermission "<<ALL FILES>>", "read";
73 };
74
75 grant codeBase "jrt:/java.xml.ws" {
76 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.xml.internal.*";
77 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal";
78 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal.*";
79 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.org.apache.xerces.internal.*";
80 permission java.lang.RuntimePermission "accessDeclaredMembers";
81 permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
82 permission java.util.PropertyPermission "*", "read";
83 };
84
85 grant codeBase "jrt:/java.xml.bind" {
86 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.xml.internal.*";
87 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal";
88 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal.*";
89 permission java.lang.RuntimePermission "accessDeclaredMembers";
90 permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
91 permission java.util.PropertyPermission "*", "read";
92 };
93
94 grant codeBase "jrt:/java.activation" {
95 permission java.security.AllPermission;
96 };
97
98 // default permissions granted to all domains
99
100 grant {
101 // Allows any thread to stop itself using the java.lang.Thread.stop()
102 // method that takes no argument.
103 // Note that this permission is granted by default only to remain
104 // backwards compatible.
105 // It is strongly recommended that you either remove this permission
106 // from this policy file or further restrict it to code sources
107 // that you specify, because Thread.stop() is potentially unsafe.
108 // See the API specification of java.lang.Thread.stop() for more
109 // information.
110 permission java.lang.RuntimePermission "stopThread";
111
112 // allows anyone to listen on dynamic ports
113 permission java.net.SocketPermission "localhost:0", "listen";
114
115 // "standard" properies that can be read by anyone
116
117 permission java.util.PropertyPermission "java.version", "read";
118 permission java.util.PropertyPermission "java.vendor", "read";
119 permission java.util.PropertyPermission "java.vendor.url", "read";
120 permission java.util.PropertyPermission "java.class.version", "read";
121 permission java.util.PropertyPermission "os.name", "read";
122 permission java.util.PropertyPermission "os.version", "read";
123 permission java.util.PropertyPermission "os.arch", "read";
124 permission java.util.PropertyPermission "file.separator", "read";
125 permission java.util.PropertyPermission "path.separator", "read";
126 permission java.util.PropertyPermission "line.separator", "read";
127
128 permission java.util.PropertyPermission "java.specification.version", "read";
129 permission java.util.PropertyPermission "java.specification.vendor", "read";
130 permission java.util.PropertyPermission "java.specification.name", "read";
131
132 permission java.util.PropertyPermission "java.vm.specification.version", "read";
133 permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
134 permission java.util.PropertyPermission "java.vm.specification.name", "read";
135 permission java.util.PropertyPermission "java.vm.version", "read";
136 permission java.util.PropertyPermission "java.vm.vendor", "read";
137 permission java.util.PropertyPermission "java.vm.name", "read";
138 };
139