author | valeriep |
Thu, 10 Jul 2014 22:44:58 +0000 | |
changeset 25408 | 27563093d2d2 |
parent 2 | 90ce3da70b43 |
child 27260 | 8d82d0e9556b |
permissions | -rw-r--r-- |
25408
27563093d2d2
8043406: Change default policy for JCE providers to run with as few privileges as possible
valeriep
parents:
2
diff
changeset
|
1 |
grant codeBase "file:${java.home}/lib/ext/sunpkcs11.jar" { |
27563093d2d2
8043406: Change default policy for JCE providers to run with as few privileges as possible
valeriep
parents:
2
diff
changeset
|
2 |
permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; |
27563093d2d2
8043406: Change default policy for JCE providers to run with as few privileges as possible
valeriep
parents:
2
diff
changeset
|
3 |
permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch"; |
27563093d2d2
8043406: Change default policy for JCE providers to run with as few privileges as possible
valeriep
parents:
2
diff
changeset
|
4 |
permission java.lang.RuntimePermission "loadLibrary.j2pkcs11"; |
27563093d2d2
8043406: Change default policy for JCE providers to run with as few privileges as possible
valeriep
parents:
2
diff
changeset
|
5 |
permission java.util.PropertyPermission "*", "read"; |
27563093d2d2
8043406: Change default policy for JCE providers to run with as few privileges as possible
valeriep
parents:
2
diff
changeset
|
6 |
permission java.security.SecurityPermission "putProviderProperty.*"; |
27563093d2d2
8043406: Change default policy for JCE providers to run with as few privileges as possible
valeriep
parents:
2
diff
changeset
|
7 |
permission java.security.SecurityPermission "clearProviderProperties.*"; |
27563093d2d2
8043406: Change default policy for JCE providers to run with as few privileges as possible
valeriep
parents:
2
diff
changeset
|
8 |
permission java.security.SecurityPermission "removeProviderProperty.*"; |
27563093d2d2
8043406: Change default policy for JCE providers to run with as few privileges as possible
valeriep
parents:
2
diff
changeset
|
9 |
permission java.security.SecurityPermission "getProperty.auth.login.defaultCallbackHandler"; |
27563093d2d2
8043406: Change default policy for JCE providers to run with as few privileges as possible
valeriep
parents:
2
diff
changeset
|
10 |
permission java.security.SecurityPermission "authProvider.*"; |
27563093d2d2
8043406: Change default policy for JCE providers to run with as few privileges as possible
valeriep
parents:
2
diff
changeset
|
11 |
// Needed for reading PKCS11 config file and NSS library check |
27563093d2d2
8043406: Change default policy for JCE providers to run with as few privileges as possible
valeriep
parents:
2
diff
changeset
|
12 |
permission java.io.FilePermission "<<ALL FILES>>", "read"; |
2 | 13 |
}; |
14 |
||
15 |
grant codebase "file:${user.dir}${/}loader.jar" { |
|
16 |
permission java.security.AllPermission; |
|
17 |
}; |
|
18 |
||
19 |
grant { |
|
20 |
permission java.util.PropertyPermission "*", "read,write"; |
|
21 |
permission java.lang.RuntimePermission "loadLibrary.*"; |
|
22 |
permission java.lang.RuntimePermission "accessClassInPackage.sun.*"; |
|
23 |
permission java.lang.RuntimePermission "getProtectionDomain"; |
|
24 |
permission java.security.SecurityPermission "putProviderProperty.*"; |
|
25 |
||
26 |
permission java.io.FilePermission "<<ALL FILES>>", "read"; |
|
27 |
permission java.security.SecurityPermission "setProperty.auth.login.defaultCallbackHandler"; |
|
28 |
permission java.security.SecurityPermission "authProvider.SunPKCS11-ibutton"; |
|
29 |
permission java.security.SecurityPermission "authProvider.SunPKCS11-activcard"; |
|
30 |
permission java.security.SecurityPermission "authProvider.SunPKCS11-nss"; |
|
31 |
permission java.security.SecurityPermission "authProvider.SunPKCS11-Solaris"; |
|
32 |
permission java.security.SecurityPermission "authProvider.SunPKCS11-sca1000"; |
|
33 |
||
34 |
// for 'module' test |
|
35 |
permission java.lang.RuntimePermission "accessClassInPackage.sun.*"; |
|
36 |
permission javax.security.auth.AuthPermission "modifyPrincipals"; |
|
37 |
permission javax.security.auth.AuthPermission "modifyPublicCredentials"; |
|
38 |
permission javax.security.auth.AuthPermission "modifyPrivateCredentials"; |
|
39 |
permission javax.security.auth.PrivateCredentialPermission "javax.security.auth.x500.X500PrivateCredential * \"*\"", "read"; |
|
40 |
}; |