1 // 2 // Permissions required by modules stored in a run-time image and loaded 3 // by the platform class loader. 4 // 5 // NOTE that this file is not intended to be modified. If additional 6 // permissions need to be granted to the modules in this file, it is 7 // recommended that they be configured in a separate policy file or 8 // ${java.home}/conf/security/java.policy. 9 // 10 11 12 grant codeBase "jrt:/java.compiler" { 13 permission java.security.AllPermission; 14 }; 15 16 17 grant codeBase "jrt:/java.scripting" { 18 permission java.security.AllPermission; 19 }; 20 21 grant codeBase "jrt:/java.security.jgss" { 22 permission java.security.AllPermission; 23 }; 24 25 grant codeBase "jrt:/java.smartcardio" { 26 permission javax.smartcardio.CardPermission "*", "*"; 27 permission java.lang.RuntimePermission "loadLibrary.j2pcsc"; 28 permission java.lang.RuntimePermission 29 "accessClassInPackage.sun.security.jca"; 30 permission java.lang.RuntimePermission 31 "accessClassInPackage.sun.security.util"; 32 permission java.util.PropertyPermission 33 "javax.smartcardio.TerminalFactory.DefaultType", "read"; 34 permission java.util.PropertyPermission "os.name", "read"; 35 permission java.util.PropertyPermission "os.arch", "read"; 36 permission java.util.PropertyPermission "sun.arch.data.model", "read"; 37 permission java.util.PropertyPermission 38 "sun.security.smartcardio.library", "read"; 39 permission java.util.PropertyPermission 40 "sun.security.smartcardio.t0GetResponse", "read"; 41 permission java.util.PropertyPermission 42 "sun.security.smartcardio.t1GetResponse", "read"; 43 permission java.util.PropertyPermission 44 "sun.security.smartcardio.t1StripLe", "read"; 45 // needed for looking up native PC/SC library 46 permission java.io.FilePermission "<<ALL FILES>>","read"; 47 permission java.security.SecurityPermission "putProviderProperty.SunPCSC"; 48 permission java.security.SecurityPermission 49 "clearProviderProperties.SunPCSC"; 50 permission java.security.SecurityPermission 51 "removeProviderProperty.SunPCSC"; 52 }; 53 54 grant codeBase "jrt:/java.sql" { 55 permission java.security.AllPermission; 56 }; 57 58 grant codeBase "jrt:/java.sql.rowset" { 59 permission java.security.AllPermission; 60 }; 61 62 63 grant codeBase "jrt:/java.xml.crypto" { 64 permission java.lang.RuntimePermission 65 "accessClassInPackage.sun.security.util"; 66 permission java.util.PropertyPermission "*", "read"; 67 permission java.security.SecurityPermission "putProviderProperty.XMLDSig"; 68 permission java.security.SecurityPermission 69 "clearProviderProperties.XMLDSig"; 70 permission java.security.SecurityPermission 71 "removeProviderProperty.XMLDSig"; 72 permission java.security.SecurityPermission 73 "com.sun.org.apache.xml.internal.security.register"; 74 permission java.security.SecurityPermission 75 "getProperty.jdk.xml.dsig.secureValidationPolicy"; 76 permission java.lang.RuntimePermission 77 "accessClassInPackage.com.sun.org.apache.xml.internal.*"; 78 permission java.lang.RuntimePermission 79 "accessClassInPackage.com.sun.org.apache.xpath.internal"; 80 permission java.lang.RuntimePermission 81 "accessClassInPackage.com.sun.org.apache.xpath.internal.*"; 82 }; 83 84 85 grant codeBase "jrt:/jdk.accessibility" { 86 permission java.lang.RuntimePermission "accessClassInPackage.sun.awt"; 87 }; 88 89 grant codeBase "jrt:/jdk.charsets" { 90 permission java.util.PropertyPermission "os.name", "read"; 91 permission java.util.PropertyPermission "sun.nio.cs.map", "read"; 92 permission java.lang.RuntimePermission "charsetProvider"; 93 permission java.lang.RuntimePermission 94 "accessClassInPackage.jdk.internal.misc"; 95 permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.cs"; 96 }; 97 98 grant codeBase "jrt:/jdk.crypto.ec" { 99 permission java.lang.RuntimePermission 100 "accessClassInPackage.sun.security.*"; 101 permission java.lang.RuntimePermission "loadLibrary.sunec"; 102 permission java.security.SecurityPermission "putProviderProperty.SunEC"; 103 permission java.security.SecurityPermission "clearProviderProperties.SunEC"; 104 permission java.security.SecurityPermission "removeProviderProperty.SunEC"; 105 }; 106 107 grant codeBase "jrt:/jdk.crypto.cryptoki" { 108 permission java.lang.RuntimePermission 109 "accessClassInPackage.sun.security.*"; 110 permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch"; 111 permission java.lang.RuntimePermission "loadLibrary.j2pkcs11"; 112 permission java.util.PropertyPermission "sun.security.pkcs11.allowSingleThreadedModules", "read"; 113 permission java.util.PropertyPermission "os.name", "read"; 114 permission java.util.PropertyPermission "os.arch", "read"; 115 permission java.util.PropertyPermission "jdk.crypto.KeyAgreement.legacyKDF", "read"; 116 permission java.security.SecurityPermission "putProviderProperty.*"; 117 permission java.security.SecurityPermission "clearProviderProperties.*"; 118 permission java.security.SecurityPermission "removeProviderProperty.*"; 119 permission java.security.SecurityPermission 120 "getProperty.auth.login.defaultCallbackHandler"; 121 permission java.security.SecurityPermission "authProvider.*"; 122 // Needed for reading PKCS11 config file and NSS library check 123 permission java.io.FilePermission "<<ALL FILES>>", "read"; 124 }; 125 126 grant codeBase "jrt:/jdk.desktop" { 127 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.awt"; 128 }; 129 130 grant codeBase "jrt:/jdk.dynalink" { 131 permission java.security.AllPermission; 132 }; 133 134 grant codeBase "jrt:/jdk.httpserver" { 135 permission java.security.AllPermission; 136 }; 137 138 grant codeBase "jrt:/jdk.internal.le" { 139 permission java.security.AllPermission; 140 }; 141 142 grant codeBase "jrt:/jdk.internal.vm.compiler" { 143 permission java.security.AllPermission; 144 }; 145 146 grant codeBase "jrt:/jdk.internal.vm.compiler.management" { 147 permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.hotspot"; 148 permission java.lang.RuntimePermission "accessClassInPackage.jdk.vm.ci.runtime"; 149 permission java.lang.RuntimePermission "accessClassInPackage.sun.management.spi"; 150 permission java.lang.RuntimePermission "sun.management.spi.PlatformMBeanProvider.subclass"; 151 }; 152 153 grant codeBase "jrt:/jdk.jsobject" { 154 permission java.security.AllPermission; 155 }; 156 157 grant codeBase "jrt:/jdk.localedata" { 158 permission java.lang.RuntimePermission "accessClassInPackage.sun.text.*"; 159 permission java.lang.RuntimePermission "accessClassInPackage.sun.util.*"; 160 }; 161 162 grant codeBase "jrt:/jdk.naming.dns" { 163 permission java.security.AllPermission; 164 }; 165 166 grant codeBase "jrt:/jdk.scripting.nashorn" { 167 permission java.security.AllPermission; 168 }; 169 170 grant codeBase "jrt:/jdk.scripting.nashorn.shell" { 171 permission java.security.AllPermission; 172 }; 173 174 grant codeBase "jrt:/jdk.security.auth" { 175 permission java.security.AllPermission; 176 }; 177 178 grant codeBase "jrt:/jdk.security.jgss" { 179 permission java.security.AllPermission; 180 }; 181 182 grant codeBase "jrt:/jdk.zipfs" { 183 permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete"; 184 permission java.lang.RuntimePermission "fileSystemProvider"; 185 permission java.util.PropertyPermission "os.name", "read"; 186 }; 187 188 // permissions needed by applications using java.desktop module 189 grant { 190 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.beans"; 191 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.beans.*"; 192 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.java.swing.plaf.*"; 193 permission java.lang.RuntimePermission "accessClassInPackage.com.apple.*"; 194 };