// permissions required by each component

grant codeBase "file:${java.home}/lib/ext/zipfs.jar" {

        permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";

        permission java.lang.RuntimePermission "fileSystemProvider";

        permission java.util.PropertyPermission "*", "read";

};

grant codeBase "file:${java.home}/lib/ext/cldrdata.jar" {

        permission java.lang.RuntimePermission "accessClassInPackage.sun.text.*";

        permission java.lang.RuntimePermission "accessClassInPackage.sun.util.*";

        permission java.util.PropertyPermission "*", "read";

};

grant codeBase "file:${java.home}/lib/ext/localedata.jar" {

        permission java.lang.RuntimePermission "accessClassInPackage.sun.text.*";

        permission java.lang.RuntimePermission "accessClassInPackage.sun.util.*";

        permission java.util.PropertyPermission "*", "read";

};

grant codeBase "file:${java.home}/lib/ext/dnsns.jar" {

        permission java.security.AllPermission;

};

grant codeBase "file:${java.home}/lib/ext/nashorn.jar" {

        permission java.security.AllPermission;

};

grant codeBase "file:${java.home}/lib/ext/sunec.jar" {

        permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";

        permission java.lang.RuntimePermission "loadLibrary.sunec";

        permission java.util.PropertyPermission "*", "read";

        permission java.security.SecurityPermission "putProviderProperty.SunEC";

        permission java.security.SecurityPermission "clearProviderProperties.SunEC";

        permission java.security.SecurityPermission "removeProviderProperty.SunEC";

};

grant codeBase "file:${java.home}/lib/ext/sunjce_provider.jar" {

        permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";

        permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";

        permission java.util.PropertyPermission "*", "read";

        permission java.security.SecurityPermission "putProviderProperty.SunJCE";

        permission java.security.SecurityPermission "clearProviderProperties.SunJCE";

        permission java.security.SecurityPermission "removeProviderProperty.SunJCE";

};

grant codeBase "file:${java.home}/lib/ext/sunpkcs11.jar" {

        permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";

        permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";

        permission java.lang.RuntimePermission "loadLibrary.j2pkcs11";

        // needs "security.pkcs11.allowSingleThreadedModules"

        permission java.util.PropertyPermission "*", "read";

        permission java.security.SecurityPermission "putProviderProperty.*";

        permission java.security.SecurityPermission "clearProviderProperties.*";

        permission java.security.SecurityPermission "removeProviderProperty.*";

        permission java.security.SecurityPermission "getProperty.auth.login.defaultCallbackHandler";

        permission java.security.SecurityPermission "authProvider.*";

        // Needed for reading PKCS11 config file and NSS library check

        permission java.io.FilePermission "<<ALL FILES>>", "read";

};

// default permissions granted to all domains

grant {

        // Allows any thread to stop itself using the java.lang.Thread.stop()

        // method that takes no argument.

        // Note that this permission is granted by default only to remain

        // backwards compatible.

        // It is strongly recommended that you either remove this permission

        // from this policy file or further restrict it to code sources

        // that you specify, because Thread.stop() is potentially unsafe.

        // See the API specification of java.lang.Thread.stop() for more

        // information.

        permission java.lang.RuntimePermission "stopThread";

        // allows anyone to listen on dynamic ports

        permission java.net.SocketPermission "localhost:0", "listen";

        // "standard" properies that can be read by anyone

        permission java.util.PropertyPermission "java.version", "read";

        permission java.util.PropertyPermission "java.vendor", "read";

        permission java.util.PropertyPermission "java.vendor.url", "read";

        permission java.util.PropertyPermission "java.class.version", "read";

        permission java.util.PropertyPermission "os.name", "read";

        permission java.util.PropertyPermission "os.version", "read";

        permission java.util.PropertyPermission "os.arch", "read";

        permission java.util.PropertyPermission "file.separator", "read";

        permission java.util.PropertyPermission "path.separator", "read";

        permission java.util.PropertyPermission "line.separator", "read";

        permission java.util.PropertyPermission "java.specification.version", "read";

        permission java.util.PropertyPermission "java.specification.vendor", "read";

        permission java.util.PropertyPermission "java.specification.name", "read";

        permission java.util.PropertyPermission "java.vm.specification.version", "read";

        permission java.util.PropertyPermission "java.vm.specification.vendor", "read";

        permission java.util.PropertyPermission "java.vm.specification.name", "read";

        permission java.util.PropertyPermission "java.vm.version", "read";

        permission java.util.PropertyPermission "java.vm.vendor", "read";

        permission java.util.PropertyPermission "java.vm.name", "read";

};