1 // permissions required by each component 2 grant codeBase "jrt:/java.corba" { 3 permission java.security.AllPermission; 4 }; 5 6 grant codeBase "jrt:/jdk.zipfs" { 7 permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete"; 8 permission java.lang.RuntimePermission "fileSystemProvider"; 9 permission java.util.PropertyPermission "*", "read"; 10 }; 11 12 grant codeBase "jrt:/jdk.localedata" { 13 permission java.lang.RuntimePermission "accessClassInPackage.sun.text.*"; 14 permission java.lang.RuntimePermission "accessClassInPackage.sun.util.*"; 15 permission java.util.PropertyPermission "*", "read"; 16 }; 17 18 grant codeBase "jrt:/jdk.naming.dns" { 19 permission java.security.AllPermission; 20 }; 21 22 grant codeBase "jrt:/jdk.scripting.nashorn" { 23 permission java.security.AllPermission; 24 }; 25 26 grant codeBase "jrt:/jdk.crypto.ucrypto" { 27 permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; 28 permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch"; 29 permission java.lang.RuntimePermission "loadLibrary.j2ucrypto"; 30 // need "com.oracle.security.ucrypto.debug" for debugging 31 permission java.util.PropertyPermission "*", "read"; 32 permission java.security.SecurityPermission "putProviderProperty.OracleUcrypto"; 33 permission java.security.SecurityPermission "clearProviderProperties.OracleUcrypto"; 34 permission java.security.SecurityPermission "removeProviderProperty.OracleUcrypto"; 35 permission java.io.FilePermission "${java.home}/conf/security/ucrypto-solaris.cfg", "read"; 36 }; 37 38 grant codeBase "jrt:/jdk.crypto.ec" { 39 permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; 40 permission java.lang.RuntimePermission "loadLibrary.sunec"; 41 permission java.util.PropertyPermission "*", "read"; 42 permission java.security.SecurityPermission "putProviderProperty.SunEC"; 43 permission java.security.SecurityPermission "clearProviderProperties.SunEC"; 44 permission java.security.SecurityPermission "removeProviderProperty.SunEC"; 45 }; 46 47 grant codeBase "jrt:/jdk.crypto.pkcs11" { 48 permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; 49 permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch"; 50 permission java.lang.RuntimePermission "loadLibrary.j2pkcs11"; 51 // needs "security.pkcs11.allowSingleThreadedModules" 52 permission java.util.PropertyPermission "*", "read"; 53 permission java.security.SecurityPermission "putProviderProperty.*"; 54 permission java.security.SecurityPermission "clearProviderProperties.*"; 55 permission java.security.SecurityPermission "removeProviderProperty.*"; 56 permission java.security.SecurityPermission "getProperty.auth.login.defaultCallbackHandler"; 57 permission java.security.SecurityPermission "authProvider.*"; 58 // Needed for reading PKCS11 config file and NSS library check 59 permission java.io.FilePermission "<<ALL FILES>>", "read"; 60 }; 61 62 grant codeBase "jrt:/java.xml.ws" { 63 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.xml.internal.*"; 64 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal"; 65 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal.*"; 66 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.org.apache.xerces.internal.*"; 67 permission java.lang.RuntimePermission "accessDeclaredMembers"; 68 permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; 69 permission java.util.PropertyPermission "*", "read"; 70 }; 71 72 grant codeBase "jrt:/java.xml.bind" { 73 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.xml.internal.*"; 74 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal"; 75 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal.*"; 76 permission java.lang.RuntimePermission "accessDeclaredMembers"; 77 permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; 78 permission java.util.PropertyPermission "*", "read"; 79 }; 80 81 grant codeBase "jrt:/java.activation" { 82 permission java.security.AllPermission; 83 }; 84 85 // default permissions granted to all domains 86 87 grant { 88 // Allows any thread to stop itself using the java.lang.Thread.stop() 89 // method that takes no argument. 90 // Note that this permission is granted by default only to remain 91 // backwards compatible. 92 // It is strongly recommended that you either remove this permission 93 // from this policy file or further restrict it to code sources 94 // that you specify, because Thread.stop() is potentially unsafe. 95 // See the API specification of java.lang.Thread.stop() for more 96 // information. 97 permission java.lang.RuntimePermission "stopThread"; 98 99 // allows anyone to listen on dynamic ports 100 permission java.net.SocketPermission "localhost:0", "listen"; 101 102 // "standard" properies that can be read by anyone 103 104 permission java.util.PropertyPermission "java.version", "read"; 105 permission java.util.PropertyPermission "java.vendor", "read"; 106 permission java.util.PropertyPermission "java.vendor.url", "read"; 107 permission java.util.PropertyPermission "java.class.version", "read"; 108 permission java.util.PropertyPermission "os.name", "read"; 109 permission java.util.PropertyPermission "os.version", "read"; 110 permission java.util.PropertyPermission "os.arch", "read"; 111 permission java.util.PropertyPermission "file.separator", "read"; 112 permission java.util.PropertyPermission "path.separator", "read"; 113 permission java.util.PropertyPermission "line.separator", "read"; 114 115 permission java.util.PropertyPermission "java.specification.version", "read"; 116 permission java.util.PropertyPermission "java.specification.vendor", "read"; 117 permission java.util.PropertyPermission "java.specification.name", "read"; 118 119 permission java.util.PropertyPermission "java.vm.specification.version", "read"; 120 permission java.util.PropertyPermission "java.vm.specification.vendor", "read"; 121 permission java.util.PropertyPermission "java.vm.specification.name", "read"; 122 permission java.util.PropertyPermission "java.vm.version", "read"; 123 permission java.util.PropertyPermission "java.vm.vendor", "read"; 124 permission java.util.PropertyPermission "java.vm.name", "read"; 125 }; 126