// permissions required by each component grant codeBase "file:${java.home}/lib/ext/zipfs.jar" { permission java.io.FilePermission "<>", "read,write,delete"; permission java.lang.RuntimePermission "fileSystemProvider"; permission java.util.PropertyPermission "*", "read"; }; grant codeBase "file:${java.home}/lib/ext/cldrdata.jar" { permission java.lang.RuntimePermission "accessClassInPackage.sun.text.*"; permission java.lang.RuntimePermission "accessClassInPackage.sun.util.*"; permission java.util.PropertyPermission "*", "read"; }; grant codeBase "file:${java.home}/lib/ext/localedata.jar" { permission java.lang.RuntimePermission "accessClassInPackage.sun.text.*"; permission java.lang.RuntimePermission "accessClassInPackage.sun.util.*"; permission java.util.PropertyPermission "*", "read"; }; grant codeBase "file:${java.home}/lib/ext/dnsns.jar" { permission java.security.AllPermission; }; grant codeBase "file:${java.home}/lib/ext/nashorn.jar" { permission java.security.AllPermission; }; grant codeBase "file:${java.home}/lib/ext/ucrypto.jar" { permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch"; permission java.lang.RuntimePermission "loadLibrary.j2ucrypto"; // need "com.oracle.security.ucrypto.debug" for debugging permission java.util.PropertyPermission "*", "read"; permission java.security.SecurityPermission "putProviderProperty.OracleUcrypto"; permission java.security.SecurityPermission "clearProviderProperties.OracleUcrypto"; permission java.security.SecurityPermission "removeProviderProperty.OracleUcrypto"; permission java.io.FilePermission "${java.home}/lib/security/ucrypto-solaris.cfg", "read"; }; grant codeBase "file:${java.home}/lib/ext/sunec.jar" { permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; permission java.lang.RuntimePermission "loadLibrary.sunec"; permission java.util.PropertyPermission "*", "read"; permission java.security.SecurityPermission "putProviderProperty.SunEC"; permission java.security.SecurityPermission "clearProviderProperties.SunEC"; permission java.security.SecurityPermission "removeProviderProperty.SunEC"; }; grant codeBase "file:${java.home}/lib/ext/sunjce_provider.jar" { permission java.lang.RuntimePermission "accessClassInPackage.sun.misc"; permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; permission java.util.PropertyPermission "*", "read"; permission java.security.SecurityPermission "putProviderProperty.SunJCE"; permission java.security.SecurityPermission "clearProviderProperties.SunJCE"; permission java.security.SecurityPermission "removeProviderProperty.SunJCE"; }; grant codeBase "file:${java.home}/lib/ext/sunpkcs11.jar" { permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch"; permission java.lang.RuntimePermission "loadLibrary.j2pkcs11"; // needs "security.pkcs11.allowSingleThreadedModules" permission java.util.PropertyPermission "*", "read"; permission java.security.SecurityPermission "putProviderProperty.*"; permission java.security.SecurityPermission "clearProviderProperties.*"; permission java.security.SecurityPermission "removeProviderProperty.*"; permission java.security.SecurityPermission "getProperty.auth.login.defaultCallbackHandler"; permission java.security.SecurityPermission "authProvider.*"; // Needed for reading PKCS11 config file and NSS library check permission java.io.FilePermission "<>", "read"; }; // default permissions granted to all domains grant { // Allows any thread to stop itself using the java.lang.Thread.stop() // method that takes no argument. // Note that this permission is granted by default only to remain // backwards compatible. // It is strongly recommended that you either remove this permission // from this policy file or further restrict it to code sources // that you specify, because Thread.stop() is potentially unsafe. // See the API specification of java.lang.Thread.stop() for more // information. permission java.lang.RuntimePermission "stopThread"; // allows anyone to listen on dynamic ports permission java.net.SocketPermission "localhost:0", "listen"; // "standard" properies that can be read by anyone permission java.util.PropertyPermission "java.version", "read"; permission java.util.PropertyPermission "java.vendor", "read"; permission java.util.PropertyPermission "java.vendor.url", "read"; permission java.util.PropertyPermission "java.class.version", "read"; permission java.util.PropertyPermission "os.name", "read"; permission java.util.PropertyPermission "os.version", "read"; permission java.util.PropertyPermission "os.arch", "read"; permission java.util.PropertyPermission "file.separator", "read"; permission java.util.PropertyPermission "path.separator", "read"; permission java.util.PropertyPermission "line.separator", "read"; permission java.util.PropertyPermission "java.specification.version", "read"; permission java.util.PropertyPermission "java.specification.vendor", "read"; permission java.util.PropertyPermission "java.specification.name", "read"; permission java.util.PropertyPermission "java.vm.specification.version", "read"; permission java.util.PropertyPermission "java.vm.specification.vendor", "read"; permission java.util.PropertyPermission "java.vm.specification.name", "read"; permission java.util.PropertyPermission "java.vm.version", "read"; permission java.util.PropertyPermission "java.vm.vendor", "read"; permission java.util.PropertyPermission "java.vm.name", "read"; };