| // permissions required by each component |
| |
| grant codeBase "jrt:/java.activation" { |
| permission java.security.AllPermission; |
| }; |
| |
| grant codeBase "jrt:/java.corba" { |
| permission java.security.AllPermission; |
| }; |
| |
| grant codeBase "jrt:/java.compiler" { |
| permission java.security.AllPermission; |
| }; |
| |
| grant codeBase "jrt:/jdk.charsets" { |
| permission java.io.FilePermission "${java.home}/-", "read"; |
| permission java.util.PropertyPermission "os.name", "read"; |
| permission java.util.PropertyPermission "sun.nio.cs.map", "read"; |
| permission java.lang.RuntimePermission "charsetProvider"; |
| permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.misc"; |
| permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.cs"; |
| }; |
| |
| grant codeBase "jrt:/jdk.crypto.ucrypto" { |
| permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; |
| permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch"; |
| permission java.lang.RuntimePermission "loadLibrary.j2ucrypto"; |
| // need "com.oracle.security.ucrypto.debug" for debugging |
| permission java.util.PropertyPermission "*", "read"; |
| permission java.security.SecurityPermission "putProviderProperty.OracleUcrypto"; |
| permission java.security.SecurityPermission "clearProviderProperties.OracleUcrypto"; |
| permission java.security.SecurityPermission "removeProviderProperty.OracleUcrypto"; |
| // Needed for reading Ucrypto config file |
| permission java.io.FilePermission "<<ALL FILES>>", "read"; |
| }; |
| |
| grant codeBase "jrt:/java.sql" { |
| permission java.security.AllPermission; |
| }; |
| |
| grant codeBase "jrt:/java.sql.rowset" { |
| permission java.security.AllPermission; |
| }; |
| |
| grant codeBase "jrt:/jdk.crypto.ec" { |
| permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; |
| permission java.lang.RuntimePermission "loadLibrary.sunec"; |
| permission java.util.PropertyPermission "*", "read"; |
| permission java.security.SecurityPermission "putProviderProperty.SunEC"; |
| permission java.security.SecurityPermission "clearProviderProperties.SunEC"; |
| permission java.security.SecurityPermission "removeProviderProperty.SunEC"; |
| }; |
| |
| grant codeBase "jrt:/jdk.crypto.pkcs11" { |
| permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; |
| permission java.lang.RuntimePermission "accessClassInPackage.sun.misc"; |
| permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch"; |
| permission java.lang.RuntimePermission "loadLibrary.j2pkcs11"; |
| // needs "security.pkcs11.allowSingleThreadedModules" |
| permission java.util.PropertyPermission "*", "read"; |
| permission java.security.SecurityPermission "putProviderProperty.*"; |
| permission java.security.SecurityPermission "clearProviderProperties.*"; |
| permission java.security.SecurityPermission "removeProviderProperty.*"; |
| permission java.security.SecurityPermission "getProperty.auth.login.defaultCallbackHandler"; |
| permission java.security.SecurityPermission "authProvider.*"; |
| // Needed for reading PKCS11 config file and NSS library check |
| permission java.io.FilePermission "<<ALL FILES>>", "read"; |
| }; |
| |
| grant codeBase "jrt:/jdk.dynalink" { |
| permission java.security.AllPermission; |
| }; |
| |
| grant codeBase "jrt:/jdk.internal.le" { |
| permission java.security.AllPermission; |
| }; |
| |
| grant codeBase "jrt:/jdk.jsobject" { |
| permission java.security.AllPermission; |
| }; |
| |
| grant codeBase "jrt:/jdk.localedata" { |
| permission java.lang.RuntimePermission "accessClassInPackage.sun.text.*"; |
| permission java.lang.RuntimePermission "accessClassInPackage.sun.util.*"; |
| permission java.util.PropertyPermission "*", "read"; |
| }; |
| |
| grant codeBase "jrt:/jdk.naming.dns" { |
| permission java.security.AllPermission; |
| }; |
| |
| grant codeBase "jrt:/java.scripting" { |
| permission java.security.AllPermission; |
| }; |
| |
| grant codeBase "jrt:/jdk.scripting.nashorn" { |
| permission java.security.AllPermission; |
| }; |
| |
| grant codeBase "jrt:/jdk.scripting.nashorn.shell" { |
| permission java.security.AllPermission; |
| }; |
| |
| grant codeBase "jrt:/java.smartcardio" { |
| permission javax.smartcardio.CardPermission "*", "*"; |
| permission java.lang.RuntimePermission "loadLibrary.j2pcsc"; |
| permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; |
| permission java.util.PropertyPermission "*", "read"; |
| // needed for looking up native PC/SC library |
| permission java.io.FilePermission "<<ALL FILES>>","read"; |
| permission java.security.SecurityPermission "putProviderProperty.SunPCSC"; |
| permission java.security.SecurityPermission "clearProviderProperties.SunPCSC"; |
| permission java.security.SecurityPermission "removeProviderProperty.SunPCSC"; |
| }; |
| |
| grant codeBase "jrt:/java.xml.bind" { |
| permission java.lang.RuntimePermission "accessClassInPackage.com.sun.xml.internal.*"; |
| permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal"; |
| permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal.*"; |
| permission java.lang.RuntimePermission "accessDeclaredMembers"; |
| permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; |
| permission java.util.PropertyPermission "*", "read"; |
| }; |
| |
| grant codeBase "jrt:/java.xml.ws" { |
| permission java.lang.RuntimePermission "accessClassInPackage.com.sun.xml.internal.*"; |
| permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal"; |
| permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal.*"; |
| permission java.lang.RuntimePermission "accessClassInPackage.com.sun.org.apache.xerces.internal.*"; |
| permission java.lang.RuntimePermission "accessDeclaredMembers"; |
| permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; |
| permission java.util.PropertyPermission "*", "read"; |
| }; |
| |
| grant codeBase "jrt:/jdk.zipfs" { |
| permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete"; |
| permission java.lang.RuntimePermission "fileSystemProvider"; |
| permission java.util.PropertyPermission "*", "read"; |
| }; |
| |
| // default permissions granted to all domains |
| |
| grant { |
| // allows anyone to listen on dynamic ports |
| permission java.net.SocketPermission "localhost:0", "listen"; |
| |
| // "standard" properies that can be read by anyone |
| |
| permission java.util.PropertyPermission "java.version", "read"; |
| permission java.util.PropertyPermission "java.vendor", "read"; |
| permission java.util.PropertyPermission "java.vendor.url", "read"; |
| permission java.util.PropertyPermission "java.class.version", "read"; |
| permission java.util.PropertyPermission "os.name", "read"; |
| permission java.util.PropertyPermission "os.version", "read"; |
| permission java.util.PropertyPermission "os.arch", "read"; |
| permission java.util.PropertyPermission "file.separator", "read"; |
| permission java.util.PropertyPermission "path.separator", "read"; |
| permission java.util.PropertyPermission "line.separator", "read"; |
| |
| permission java.util.PropertyPermission "java.specification.version", "read"; |
| permission java.util.PropertyPermission "java.specification.vendor", "read"; |
| permission java.util.PropertyPermission "java.specification.name", "read"; |
| |
| permission java.util.PropertyPermission "java.vm.specification.version", "read"; |
| permission java.util.PropertyPermission "java.vm.specification.vendor", "read"; |
| permission java.util.PropertyPermission "java.vm.specification.name", "read"; |
| permission java.util.PropertyPermission "java.vm.version", "read"; |
| permission java.util.PropertyPermission "java.vm.vendor", "read"; |
| permission java.util.PropertyPermission "java.vm.name", "read"; |
| }; |
| |