1 // permissions required by each component
   2 
   3 grant codeBase "jrt:/java.activation" {
   4         permission java.security.AllPermission;
   5 };
   6 
   7 grant codeBase "jrt:/java.corba" {
   8         permission java.security.AllPermission;
   9 };
  10 
  11 grant codeBase "jrt:/java.compiler" {
  12         permission java.security.AllPermission;
  13 };
  14 
  15 grant codeBase "jrt:/jdk.charsets" {
  16         permission java.io.FilePermission "${java.home}/-", "read";
  17         permission java.util.PropertyPermission "os.name", "read";
  18         permission java.util.PropertyPermission "sun.nio.cs.map", "read";
  19         permission java.lang.RuntimePermission "charsetProvider";
  20         permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.misc";
  21         permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.cs";
  22 };
  23 
  24 grant codeBase "jrt:/jdk.crypto.ucrypto" {
  25         permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
  26         permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
  27         permission java.lang.RuntimePermission "loadLibrary.j2ucrypto";
  28         // need "com.oracle.security.ucrypto.debug" for debugging
  29         permission java.util.PropertyPermission "*", "read";
  30         permission java.security.SecurityPermission "putProviderProperty.OracleUcrypto";
  31         permission java.security.SecurityPermission "clearProviderProperties.OracleUcrypto";
  32         permission java.security.SecurityPermission "removeProviderProperty.OracleUcrypto";
  33         permission java.io.FilePermission "${java.home}/conf/security/ucrypto-solaris.cfg", "read";
  34 };
  35 
  36 grant codeBase "jrt:/jdk.crypto.ec" {
  37         permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
  38         permission java.lang.RuntimePermission "loadLibrary.sunec";
  39         permission java.util.PropertyPermission "*", "read";
  40         permission java.security.SecurityPermission "putProviderProperty.SunEC";
  41         permission java.security.SecurityPermission "clearProviderProperties.SunEC";
  42         permission java.security.SecurityPermission "removeProviderProperty.SunEC";
  43 };
  44 
  45 grant codeBase "jrt:/jdk.crypto.pkcs11" {
  46         permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
  47         permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
  48         permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
  49         permission java.lang.RuntimePermission "loadLibrary.j2pkcs11";
  50         // needs "security.pkcs11.allowSingleThreadedModules"
  51         permission java.util.PropertyPermission "*", "read";
  52         permission java.security.SecurityPermission "putProviderProperty.*";
  53         permission java.security.SecurityPermission "clearProviderProperties.*";
  54         permission java.security.SecurityPermission "removeProviderProperty.*";
  55         permission java.security.SecurityPermission "getProperty.auth.login.defaultCallbackHandler";
  56         permission java.security.SecurityPermission "authProvider.*";
  57         // Needed for reading PKCS11 config file and NSS library check
  58         permission java.io.FilePermission "<<ALL FILES>>", "read";
  59 };
  60 
  61 grant codeBase "jrt:/jdk.dynalink" {
  62         permission java.security.AllPermission;
  63 };
  64 
  65 grant codeBase "jrt:/jdk.internal.le" {
  66         permission java.security.AllPermission;
  67 };
  68 
  69 grant codeBase "jrt:/jdk.jsobject" {
  70         permission java.security.AllPermission;
  71 };
  72 
  73 grant codeBase "jrt:/jdk.localedata" {
  74         permission java.lang.RuntimePermission "accessClassInPackage.sun.text.*";
  75         permission java.lang.RuntimePermission "accessClassInPackage.sun.util.*";
  76         permission java.util.PropertyPermission "*", "read";
  77 };
  78 
  79 grant codeBase "jrt:/jdk.naming.dns" {
  80         permission java.security.AllPermission;
  81 };
  82 
  83 grant codeBase "jrt:/java.scripting" {
  84         permission java.security.AllPermission;
  85 };
  86 
  87 grant codeBase "jrt:/jdk.scripting.nashorn" {
  88         permission java.security.AllPermission;
  89 };
  90 
  91 grant codeBase "jrt:/jdk.scripting.nashorn.shell" {
  92         permission java.security.AllPermission;
  93 };
  94 
  95 grant codeBase "jrt:/java.xml.bind" {
  96         permission java.lang.RuntimePermission "accessClassInPackage.com.sun.xml.internal.*";
  97         permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal";
  98         permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal.*";
  99         permission java.lang.RuntimePermission "accessDeclaredMembers";
 100         permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
 101         permission java.util.PropertyPermission "*", "read";
 102 };
 103 
 104 grant codeBase "jrt:/java.xml.ws" {
 105         permission java.lang.RuntimePermission "accessClassInPackage.com.sun.xml.internal.*";
 106         permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal";
 107         permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal.*";
 108         permission java.lang.RuntimePermission "accessClassInPackage.com.sun.org.apache.xerces.internal.*";
 109         permission java.lang.RuntimePermission "accessDeclaredMembers";
 110         permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
 111         permission java.util.PropertyPermission "*", "read";
 112 };
 113 
 114 grant codeBase "jrt:/jdk.zipfs" {
 115         permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
 116         permission java.lang.RuntimePermission "fileSystemProvider";
 117         permission java.util.PropertyPermission "*", "read";
 118 };
 119 
 120 // default permissions granted to all domains
 121 
 122 grant {
 123         // allows anyone to listen on dynamic ports
 124         permission java.net.SocketPermission "localhost:0", "listen";
 125 
 126         // "standard" properies that can be read by anyone
 127 
 128         permission java.util.PropertyPermission "java.version", "read";
 129         permission java.util.PropertyPermission "java.vendor", "read";
 130         permission java.util.PropertyPermission "java.vendor.url", "read";
 131         permission java.util.PropertyPermission "java.class.version", "read";
 132         permission java.util.PropertyPermission "os.name", "read";
 133         permission java.util.PropertyPermission "os.version", "read";
 134         permission java.util.PropertyPermission "os.arch", "read";
 135         permission java.util.PropertyPermission "file.separator", "read";
 136         permission java.util.PropertyPermission "path.separator", "read";
 137         permission java.util.PropertyPermission "line.separator", "read";
 138 
 139         permission java.util.PropertyPermission "java.specification.version", "read";
 140         permission java.util.PropertyPermission "java.specification.vendor", "read";
 141         permission java.util.PropertyPermission "java.specification.name", "read";
 142 
 143         permission java.util.PropertyPermission "java.vm.specification.version", "read";
 144         permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
 145         permission java.util.PropertyPermission "java.vm.specification.name", "read";
 146         permission java.util.PropertyPermission "java.vm.version", "read";
 147         permission java.util.PropertyPermission "java.vm.vendor", "read";
 148         permission java.util.PropertyPermission "java.vm.name", "read";
 149 };
 150