--- old/src/share/lib/security/java.policy	Tue Jun 17 14:55:08 2014
+++ new/src/share/lib/security/java.policy	Tue Jun 17 14:55:07 2014
@@ -26,15 +26,39 @@
 };
 
 grant codeBase "file:${java.home}/lib/ext/sunec.jar" {
-        permission java.security.AllPermission;
+        permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
+        permission java.lang.RuntimePermission "getProtectionDomain";
+        permission java.lang.RuntimePermission "loadLibrary.sunec";
+        permission java.util.PropertyPermission "*", "read";
+        permission java.security.SecurityPermission "putProviderProperty.SunEC";
+        permission java.security.SecurityPermission "clearProviderProperties.SunEC";
+        permission java.security.SecurityPermission "removeProviderProperty.SunEC";
+        // Needed by Runtime.loadLibrary(String) call
+        permission java.io.FilePermission "<<ALL FILES>>", "read";
 };
 
 grant codeBase "file:${java.home}/lib/ext/sunjce_provider.jar" {
-        permission java.security.AllPermission;
+        permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
+        permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
+        permission java.util.PropertyPermission "*", "read";
+        permission java.security.SecurityPermission "putProviderProperty.SunJCE";
+        permission java.security.SecurityPermission "clearProviderProperties.SunJCE";
+        permission java.security.SecurityPermission "removeProviderProperty.SunJCE";
 };
 
 grant codeBase "file:${java.home}/lib/ext/sunpkcs11.jar" {
-        permission java.security.AllPermission;
+        permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
+        permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
+        permission java.lang.RuntimePermission "getProtectionDomain";
+        permission java.lang.RuntimePermission "loadLibrary.j2pkcs11";
+        permission java.util.PropertyPermission "*", "read";
+        permission java.security.SecurityPermission "putProviderProperty.SunPKCS11-Solaris";
+        permission java.security.SecurityPermission "clearProviderProperties.SunPKCS11-Solaris";
+        permission java.security.SecurityPermission "removeProviderProperty.SunPKCS11-Solaris";
+        permission java.security.SecurityPermission "authProvider.SunPKCS11-Solaris";
+        // Needed by Runtime.loadLibrary(String) call, as well as for reading config file
+        // and NSS library existence check
+        permission java.io.FilePermission "<<ALL FILES>>", "read";
 };
 
 // default permissions granted to all domains