1 // 2 // Permissions required by modules stored in a run-time image and loaded 3 // by the platform class loader. 4 // 5 // NOTE that this file is not intended to be modified. If additional 6 // permissions need to be granted to the modules in this file, it is 7 // recommended that they be configured in a separate policy file or 8 // ${java.home}/conf/security/java.policy. 9 // 10 11 grant codeBase "jrt:/java.activation" { 12 permission java.security.AllPermission; 13 }; 14 15 grant codeBase "jrt:/java.compiler" { 16 permission java.security.AllPermission; 17 }; 18 19 grant codeBase "jrt:/java.corba" { 20 permission java.security.AllPermission; 21 }; 22 23 grant codeBase "jrt:/java.scripting" { 24 permission java.security.AllPermission; 25 }; 26 27 grant codeBase "jrt:/java.security.jgss" { 28 permission java.security.AllPermission; 29 }; 30 31 grant codeBase "jrt:/java.smartcardio" { 32 permission javax.smartcardio.CardPermission "*", "*"; 33 permission java.lang.RuntimePermission "loadLibrary.j2pcsc"; 34 permission java.lang.RuntimePermission 35 "accessClassInPackage.sun.security.jca"; 36 permission java.lang.RuntimePermission 37 "accessClassInPackage.sun.security.util"; 38 permission java.util.PropertyPermission 39 "javax.smartcardio.TerminalFactory.DefaultType", "read"; 40 permission java.util.PropertyPermission "os.name", "read"; 41 permission java.util.PropertyPermission "os.arch", "read"; 42 permission java.util.PropertyPermission "sun.arch.data.model", "read"; 43 permission java.util.PropertyPermission 44 "sun.security.smartcardio.library", "read"; 45 permission java.util.PropertyPermission 46 "sun.security.smartcardio.t0GetResponse", "read"; 47 permission java.util.PropertyPermission 48 "sun.security.smartcardio.t1GetResponse", "read"; 49 permission java.util.PropertyPermission 50 "sun.security.smartcardio.t1StripLe", "read"; 51 // needed for looking up native PC/SC library 52 permission java.io.FilePermission "<<ALL FILES>>","read"; 53 permission java.security.SecurityPermission "putProviderProperty.SunPCSC"; 54 permission java.security.SecurityPermission 55 "clearProviderProperties.SunPCSC"; 56 permission java.security.SecurityPermission 57 "removeProviderProperty.SunPCSC"; 58 }; 59 60 grant codeBase "jrt:/java.sql" { 61 permission java.security.AllPermission; 62 }; 63 64 grant codeBase "jrt:/java.sql.rowset" { 65 permission java.security.AllPermission; 66 }; 67 68 grant codeBase "jrt:/java.xml.bind" { 69 permission java.security.AllPermission; 70 }; 71 72 grant codeBase "jrt:/java.xml.crypto" { 73 permission java.lang.RuntimePermission 74 "accessClassInPackage.sun.security.util"; 75 permission java.util.PropertyPermission "*", "read"; 76 permission java.security.SecurityPermission "putProviderProperty.XMLDSig"; 77 permission java.security.SecurityPermission 78 "clearProviderProperties.XMLDSig"; 79 permission java.security.SecurityPermission 80 "removeProviderProperty.XMLDSig"; 81 permission java.security.SecurityPermission 82 "com.sun.org.apache.xml.internal.security.register"; 83 permission java.security.SecurityPermission 84 "getProperty.jdk.xml.dsig.secureValidationPolicy"; 85 permission java.lang.RuntimePermission 86 "accessClassInPackage.com.sun.org.apache.xml.internal.*"; 87 permission java.lang.RuntimePermission 88 "accessClassInPackage.com.sun.org.apache.xpath.internal"; 89 permission java.lang.RuntimePermission 90 "accessClassInPackage.com.sun.org.apache.xpath.internal.*"; 91 }; 92 93 grant codeBase "jrt:/java.xml.ws" { 94 permission java.security.AllPermission; 95 }; 96 97 grant codeBase "jrt:/jdk.accessibility" { 98 permission java.lang.RuntimePermission "accessClassInPackage.sun.awt"; 99 }; 100 101 grant codeBase "jrt:/jdk.charsets" { 102 permission java.util.PropertyPermission "os.name", "read"; 103 permission java.util.PropertyPermission "sun.nio.cs.map", "read"; 104 permission java.lang.RuntimePermission "charsetProvider"; 105 permission java.lang.RuntimePermission 106 "accessClassInPackage.jdk.internal.misc"; 107 permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.cs"; 108 }; 109 110 grant codeBase "jrt:/jdk.crypto.ec" { 111 permission java.lang.RuntimePermission 112 "accessClassInPackage.sun.security.*"; 113 permission java.lang.RuntimePermission "loadLibrary.sunec"; 114 permission java.security.SecurityPermission "putProviderProperty.SunEC"; 115 permission java.security.SecurityPermission "clearProviderProperties.SunEC"; 116 permission java.security.SecurityPermission "removeProviderProperty.SunEC"; 117 }; 118 119 grant codeBase "jrt:/jdk.crypto.cryptoki" { 120 permission java.lang.RuntimePermission 121 "accessClassInPackage.sun.security.*"; 122 permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch"; 123 permission java.lang.RuntimePermission "loadLibrary.j2pkcs11"; 124 permission java.util.PropertyPermission "sun.security.pkcs11.allowSingleThreadedModules", "read"; 125 permission java.util.PropertyPermission "os.name", "read"; 126 permission java.util.PropertyPermission "os.arch", "read"; 127 permission java.util.PropertyPermission "jdk.crypto.KeyAgreement.legacyKDF", "read"; 128 permission java.security.SecurityPermission "putProviderProperty.*"; 129 permission java.security.SecurityPermission "clearProviderProperties.*"; 130 permission java.security.SecurityPermission "removeProviderProperty.*"; 131 permission java.security.SecurityPermission 132 "getProperty.auth.login.defaultCallbackHandler"; 133 permission java.security.SecurityPermission "authProvider.*"; 134 // Needed for reading PKCS11 config file and NSS library check 135 permission java.io.FilePermission "<<ALL FILES>>", "read"; 136 }; 137 138 grant codeBase "jrt:/jdk.desktop" { 139 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.awt"; 140 }; 141 142 grant codeBase "jrt:/jdk.dynalink" { 143 permission java.security.AllPermission; 144 }; 145 146 grant codeBase "jrt:/jdk.httpserver" { 147 permission java.security.AllPermission; 148 }; 149 150 grant codeBase "jrt:/jdk.internal.le" { 151 permission java.security.AllPermission; 152 }; 153 154 grant codeBase "jrt:/jdk.internal.vm.compiler" { 155 permission java.security.AllPermission; 156 }; 157 158 grant codeBase "jrt:/jdk.internal.vm.compiler.management" { 159 permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.hotspot"; 160 permission java.lang.RuntimePermission "accessClassInPackage.jdk.vm.ci.runtime"; 161 permission java.lang.RuntimePermission "accessClassInPackage.sun.management.spi"; 162 permission java.lang.RuntimePermission "sun.management.spi.PlatformMBeanProvider.subclass"; 163 }; 164 165 grant codeBase "jrt:/jdk.jsobject" { 166 permission java.security.AllPermission; 167 }; 168 169 grant codeBase "jrt:/jdk.localedata" { 170 permission java.lang.RuntimePermission "accessClassInPackage.sun.text.*"; 171 permission java.lang.RuntimePermission "accessClassInPackage.sun.util.*"; 172 }; 173 174 grant codeBase "jrt:/jdk.naming.dns" { 175 permission java.security.AllPermission; 176 }; 177 178 grant codeBase "jrt:/jdk.scripting.nashorn" { 179 permission java.security.AllPermission; 180 }; 181 182 grant codeBase "jrt:/jdk.scripting.nashorn.shell" { 183 permission java.security.AllPermission; 184 }; 185 186 grant codeBase "jrt:/jdk.security.auth" { 187 permission java.security.AllPermission; 188 }; 189 190 grant codeBase "jrt:/jdk.security.jgss" { 191 permission java.security.AllPermission; 192 }; 193 194 grant codeBase "jrt:/jdk.zipfs" { 195 permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete"; 196 permission java.lang.RuntimePermission "fileSystemProvider"; 197 permission java.util.PropertyPermission "os.name", "read"; 198 }; 199 200 // permissions needed by applications using java.desktop module 201 grant { 202 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.beans"; 203 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.beans.*"; 204 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.java.swing.plaf.*"; 205 permission java.lang.RuntimePermission "accessClassInPackage.com.apple.*"; 206 };