1 // permissions required by each component 2 grant codeBase "jrt:/java.corba" { 3 permission java.security.AllPermission; 4 }; 5 6 grant codeBase "jrt:/jdk.zipfs" { 7 permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete"; 8 permission java.lang.RuntimePermission "fileSystemProvider"; 9 permission java.util.PropertyPermission "*", "read"; 10 }; 11 12 grant codeBase "jrt:/jdk.localedata" { 13 permission java.lang.RuntimePermission "accessClassInPackage.sun.text.*"; 14 permission java.lang.RuntimePermission "accessClassInPackage.sun.util.*"; 15 permission java.util.PropertyPermission "*", "read"; 16 }; 17 18 grant codeBase "jrt:/jdk.naming.dns" { 19 permission java.security.AllPermission; 20 }; 21 22 grant codeBase "jrt:/jdk.scripting.nashorn" { 23 permission java.security.AllPermission; 24 }; 25 26 grant codeBase "jrt:/jdk.crypto.ucrypto" { 27 permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; 28 permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch"; 29 permission java.lang.RuntimePermission "loadLibrary.j2ucrypto"; 30 // need "com.oracle.security.ucrypto.debug" for debugging 31 permission java.util.PropertyPermission "*", "read"; 32 permission java.security.SecurityPermission "putProviderProperty.OracleUcrypto"; 33 permission java.security.SecurityPermission "clearProviderProperties.OracleUcrypto"; 34 permission java.security.SecurityPermission "removeProviderProperty.OracleUcrypto"; 35 permission java.io.FilePermission "${java.home}/conf/security/ucrypto-solaris.cfg", "read"; 36 }; 37 38 grant codeBase "jrt:/jdk.crypto.ec" { 39 permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; 40 permission java.lang.RuntimePermission "loadLibrary.sunec"; 41 permission java.util.PropertyPermission "*", "read"; 42 permission java.security.SecurityPermission "putProviderProperty.SunEC"; 43 permission java.security.SecurityPermission "clearProviderProperties.SunEC"; 44 permission java.security.SecurityPermission "removeProviderProperty.SunEC"; 45 }; 46 47 grant codeBase "jrt:/jdk.crypto.pkcs11" { 48 permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; 49 permission java.lang.RuntimePermission "accessClassInPackage.sun.misc.*"; 50 permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch"; 51 permission java.lang.RuntimePermission "loadLibrary.j2pkcs11"; 52 // needs "security.pkcs11.allowSingleThreadedModules" 53 permission java.util.PropertyPermission "*", "read"; 54 permission java.security.SecurityPermission "putProviderProperty.*"; 55 permission java.security.SecurityPermission "clearProviderProperties.*"; 56 permission java.security.SecurityPermission "removeProviderProperty.*"; 57 permission java.security.SecurityPermission "getProperty.auth.login.defaultCallbackHandler"; 58 permission java.security.SecurityPermission "authProvider.*"; 59 // Needed for reading PKCS11 config file and NSS library check 60 permission java.io.FilePermission "<<ALL FILES>>", "read"; 61 }; 62 63 grant codeBase "jrt:/java.xml.ws" { 64 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.xml.internal.*"; 65 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal"; 66 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal.*"; 67 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.org.apache.xerces.internal.*"; 68 permission java.lang.RuntimePermission "accessDeclaredMembers"; 69 permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; 70 permission java.util.PropertyPermission "*", "read"; 71 }; 72 73 grant codeBase "jrt:/java.xml.bind" { 74 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.xml.internal.*"; 75 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal"; 76 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal.*"; 77 permission java.lang.RuntimePermission "accessDeclaredMembers"; 78 permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; 79 permission java.util.PropertyPermission "*", "read"; 80 }; 81 82 grant codeBase "jrt:/java.activation" { 83 permission java.security.AllPermission; 84 }; 85 86 // default permissions granted to all domains 87 88 grant { 89 // Allows any thread to stop itself using the java.lang.Thread.stop() 90 // method that takes no argument. 91 // Note that this permission is granted by default only to remain 92 // backwards compatible. 93 // It is strongly recommended that you either remove this permission 94 // from this policy file or further restrict it to code sources 95 // that you specify, because Thread.stop() is potentially unsafe. 96 // See the API specification of java.lang.Thread.stop() for more 97 // information. 98 permission java.lang.RuntimePermission "stopThread"; 99 100 // allows anyone to listen on dynamic ports 101 permission java.net.SocketPermission "localhost:0", "listen"; 102 103 // "standard" properies that can be read by anyone 104 105 permission java.util.PropertyPermission "java.version", "read"; 106 permission java.util.PropertyPermission "java.vendor", "read"; 107 permission java.util.PropertyPermission "java.vendor.url", "read"; 108 permission java.util.PropertyPermission "java.class.version", "read"; 109 permission java.util.PropertyPermission "os.name", "read"; 110 permission java.util.PropertyPermission "os.version", "read"; 111 permission java.util.PropertyPermission "os.arch", "read"; 112 permission java.util.PropertyPermission "file.separator", "read"; 113 permission java.util.PropertyPermission "path.separator", "read"; 114 permission java.util.PropertyPermission "line.separator", "read"; 115 116 permission java.util.PropertyPermission "java.specification.version", "read"; 117 permission java.util.PropertyPermission "java.specification.vendor", "read"; 118 permission java.util.PropertyPermission "java.specification.name", "read"; 119 120 permission java.util.PropertyPermission "java.vm.specification.version", "read"; 121 permission java.util.PropertyPermission "java.vm.specification.vendor", "read"; 122 permission java.util.PropertyPermission "java.vm.specification.name", "read"; 123 permission java.util.PropertyPermission "java.vm.version", "read"; 124 permission java.util.PropertyPermission "java.vm.vendor", "read"; 125 permission java.util.PropertyPermission "java.vm.name", "read"; 126 }; 127