1 // permissions required by each component 2 3 grant codeBase "jrt:/java.activation" { 4 permission java.security.AllPermission; 5 }; 6 7 grant codeBase "jrt:/java.corba" { 8 permission java.security.AllPermission; 9 }; 10 11 grant codeBase "jrt:/java.compiler" { 12 permission java.security.AllPermission; 13 }; 14 15 grant codeBase "jrt:/jdk.charsets" { 16 permission java.io.FilePermission "${java.home}/-", "read"; 17 permission java.util.PropertyPermission "os.name", "read"; 18 permission java.util.PropertyPermission "sun.nio.cs.map", "read"; 19 permission java.lang.RuntimePermission "charsetProvider"; 20 permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.misc"; 21 permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.cs"; 22 }; 23 24 grant codeBase "jrt:/jdk.crypto.ucrypto" { 25 permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; 26 permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch"; 27 permission java.lang.RuntimePermission "loadLibrary.j2ucrypto"; 28 // need "com.oracle.security.ucrypto.debug" for debugging 29 permission java.util.PropertyPermission "*", "read"; 30 permission java.security.SecurityPermission "putProviderProperty.OracleUcrypto"; 31 permission java.security.SecurityPermission "clearProviderProperties.OracleUcrypto"; 32 permission java.security.SecurityPermission "removeProviderProperty.OracleUcrypto"; 33 permission java.io.FilePermission "${java.home}/conf/security/ucrypto-solaris.cfg", "read"; 34 }; 35 36 grant codeBase "jrt:/jdk.crypto.ec" { 37 permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; 38 permission java.lang.RuntimePermission "loadLibrary.sunec"; 39 permission java.util.PropertyPermission "*", "read"; 40 permission java.security.SecurityPermission "putProviderProperty.SunEC"; 41 permission java.security.SecurityPermission "clearProviderProperties.SunEC"; 42 permission java.security.SecurityPermission "removeProviderProperty.SunEC"; 43 }; 44 45 grant codeBase "jrt:/jdk.crypto.pkcs11" { 46 permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; 47 permission java.lang.RuntimePermission "accessClassInPackage.sun.misc"; 48 permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch"; 49 permission java.lang.RuntimePermission "loadLibrary.j2pkcs11"; 50 // needs "security.pkcs11.allowSingleThreadedModules" 51 permission java.util.PropertyPermission "*", "read"; 52 permission java.security.SecurityPermission "putProviderProperty.*"; 53 permission java.security.SecurityPermission "clearProviderProperties.*"; 54 permission java.security.SecurityPermission "removeProviderProperty.*"; 55 permission java.security.SecurityPermission "getProperty.auth.login.defaultCallbackHandler"; 56 permission java.security.SecurityPermission "authProvider.*"; 57 // Needed for reading PKCS11 config file and NSS library check 58 permission java.io.FilePermission "<<ALL FILES>>", "read"; 59 }; 60 61 grant codeBase "jrt:/jdk.dynalink" { 62 permission java.security.AllPermission; 63 }; 64 65 grant codeBase "jrt:/jdk.internal.le" { 66 permission java.security.AllPermission; 67 }; 68 69 grant codeBase "jrt:/jdk.jsobject" { 70 permission java.security.AllPermission; 71 }; 72 73 grant codeBase "jrt:/jdk.localedata" { 74 permission java.lang.RuntimePermission "accessClassInPackage.sun.text.*"; 75 permission java.lang.RuntimePermission "accessClassInPackage.sun.util.*"; 76 permission java.util.PropertyPermission "*", "read"; 77 }; 78 79 grant codeBase "jrt:/jdk.naming.dns" { 80 permission java.security.AllPermission; 81 }; 82 83 grant codeBase "jrt:/jdk.scripting.nashorn" { 84 permission java.security.AllPermission; 85 }; 86 87 grant codeBase "jrt:/jdk.scripting.nashorn.shell" { 88 permission java.security.AllPermission; 89 }; 90 91 grant codeBase "jrt:/java.xml.bind" { 92 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.xml.internal.*"; 93 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal"; 94 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal.*"; 95 permission java.lang.RuntimePermission "accessDeclaredMembers"; 96 permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; 97 permission java.util.PropertyPermission "*", "read"; 98 }; 99 100 grant codeBase "jrt:/java.xml.ws" { 101 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.xml.internal.*"; 102 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal"; 103 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal.*"; 104 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.org.apache.xerces.internal.*"; 105 permission java.lang.RuntimePermission "accessDeclaredMembers"; 106 permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; 107 permission java.util.PropertyPermission "*", "read"; 108 }; 109 110 grant codeBase "jrt:/jdk.zipfs" { 111 permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete"; 112 permission java.lang.RuntimePermission "fileSystemProvider"; 113 permission java.util.PropertyPermission "*", "read"; 114 }; 115 116 // default permissions granted to all domains 117 118 grant { 119 // allows anyone to listen on dynamic ports 120 permission java.net.SocketPermission "localhost:0", "listen"; 121 122 // "standard" properies that can be read by anyone 123 124 permission java.util.PropertyPermission "java.version", "read"; 125 permission java.util.PropertyPermission "java.vendor", "read"; 126 permission java.util.PropertyPermission "java.vendor.url", "read"; 127 permission java.util.PropertyPermission "java.class.version", "read"; 128 permission java.util.PropertyPermission "os.name", "read"; 129 permission java.util.PropertyPermission "os.version", "read"; 130 permission java.util.PropertyPermission "os.arch", "read"; 131 permission java.util.PropertyPermission "file.separator", "read"; 132 permission java.util.PropertyPermission "path.separator", "read"; 133 permission java.util.PropertyPermission "line.separator", "read"; 134 135 permission java.util.PropertyPermission "java.specification.version", "read"; 136 permission java.util.PropertyPermission "java.specification.vendor", "read"; 137 permission java.util.PropertyPermission "java.specification.name", "read"; 138 139 permission java.util.PropertyPermission "java.vm.specification.version", "read"; 140 permission java.util.PropertyPermission "java.vm.specification.vendor", "read"; 141 permission java.util.PropertyPermission "java.vm.specification.name", "read"; 142 permission java.util.PropertyPermission "java.vm.version", "read"; 143 permission java.util.PropertyPermission "java.vm.vendor", "read"; 144 permission java.util.PropertyPermission "java.vm.name", "read"; 145 }; 146