| author | msheppar |
| Mon, 16 Feb 2015 00:10:42 +0000 | |
| changeset 28967 | 7a1ceff4aea2 |
| parent 28849 | ccf9d86e52ec |
| child 31268 | 63fcde3b5c3b |
| permissions | -rw-r--r-- |
|
24364
da8afb112f5d
8040059: Change default policy for extensions to no permission
mchung
parents:
22339
diff
changeset
|
1 |
// permissions required by each component |
|
28967
7a1ceff4aea2
8068682: Deprivilege/move java.corba to the ext class loader
msheppar
parents:
28849
diff
changeset
|
2 |
grant codeBase "jrt:/java.corba" {
|
|
7a1ceff4aea2
8068682: Deprivilege/move java.corba to the ext class loader
msheppar
parents:
28849
diff
changeset
|
3 |
permission java.security.AllPermission; |
|
7a1ceff4aea2
8068682: Deprivilege/move java.corba to the ext class loader
msheppar
parents:
28849
diff
changeset
|
4 |
}; |
|
7a1ceff4aea2
8068682: Deprivilege/move java.corba to the ext class loader
msheppar
parents:
28849
diff
changeset
|
5 |
|
| 27565 | 6 |
grant codeBase "jrt:/jdk.zipfs" {
|
|
24364
da8afb112f5d
8040059: Change default policy for extensions to no permission
mchung
parents:
22339
diff
changeset
|
7 |
permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete"; |
|
da8afb112f5d
8040059: Change default policy for extensions to no permission
mchung
parents:
22339
diff
changeset
|
8 |
permission java.lang.RuntimePermission "fileSystemProvider"; |
|
da8afb112f5d
8040059: Change default policy for extensions to no permission
mchung
parents:
22339
diff
changeset
|
9 |
permission java.util.PropertyPermission "*", "read"; |
|
da8afb112f5d
8040059: Change default policy for extensions to no permission
mchung
parents:
22339
diff
changeset
|
10 |
}; |
| 2 | 11 |
|
| 27565 | 12 |
grant codeBase "jrt:/jdk.localedata" {
|
|
24364
da8afb112f5d
8040059: Change default policy for extensions to no permission
mchung
parents:
22339
diff
changeset
|
13 |
permission java.lang.RuntimePermission "accessClassInPackage.sun.text.*"; |
|
da8afb112f5d
8040059: Change default policy for extensions to no permission
mchung
parents:
22339
diff
changeset
|
14 |
permission java.lang.RuntimePermission "accessClassInPackage.sun.util.*"; |
|
da8afb112f5d
8040059: Change default policy for extensions to no permission
mchung
parents:
22339
diff
changeset
|
15 |
permission java.util.PropertyPermission "*", "read"; |
|
da8afb112f5d
8040059: Change default policy for extensions to no permission
mchung
parents:
22339
diff
changeset
|
16 |
}; |
|
da8afb112f5d
8040059: Change default policy for extensions to no permission
mchung
parents:
22339
diff
changeset
|
17 |
|
| 27565 | 18 |
grant codeBase "jrt:/jdk.naming.dns" {
|
|
24364
da8afb112f5d
8040059: Change default policy for extensions to no permission
mchung
parents:
22339
diff
changeset
|
19 |
permission java.security.AllPermission; |
|
da8afb112f5d
8040059: Change default policy for extensions to no permission
mchung
parents:
22339
diff
changeset
|
20 |
}; |
|
da8afb112f5d
8040059: Change default policy for extensions to no permission
mchung
parents:
22339
diff
changeset
|
21 |
|
| 27565 | 22 |
grant codeBase "jrt:/jdk.scripting.nashorn" {
|
|
24364
da8afb112f5d
8040059: Change default policy for extensions to no permission
mchung
parents:
22339
diff
changeset
|
23 |
permission java.security.AllPermission; |
|
da8afb112f5d
8040059: Change default policy for extensions to no permission
mchung
parents:
22339
diff
changeset
|
24 |
}; |
|
da8afb112f5d
8040059: Change default policy for extensions to no permission
mchung
parents:
22339
diff
changeset
|
25 |
|
| 27565 | 26 |
grant codeBase "jrt:/jdk.crypto.ucrypto" {
|
| 27182 | 27 |
permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; |
28 |
permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch"; |
|
29 |
permission java.lang.RuntimePermission "loadLibrary.j2ucrypto"; |
|
30 |
// need "com.oracle.security.ucrypto.debug" for debugging |
|
31 |
permission java.util.PropertyPermission "*", "read"; |
|
32 |
permission java.security.SecurityPermission "putProviderProperty.OracleUcrypto"; |
|
33 |
permission java.security.SecurityPermission "clearProviderProperties.OracleUcrypto"; |
|
34 |
permission java.security.SecurityPermission "removeProviderProperty.OracleUcrypto"; |
|
| 27565 | 35 |
permission java.io.FilePermission "${java.home}/conf/security/ucrypto-solaris.cfg", "read";
|
| 27182 | 36 |
}; |
37 |
||
| 27565 | 38 |
grant codeBase "jrt:/jdk.crypto.ec" {
|
|
25408
27563093d2d2
8043406: Change default policy for JCE providers to run with as few privileges as possible
valeriep
parents:
24364
diff
changeset
|
39 |
permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; |
|
27563093d2d2
8043406: Change default policy for JCE providers to run with as few privileges as possible
valeriep
parents:
24364
diff
changeset
|
40 |
permission java.lang.RuntimePermission "loadLibrary.sunec"; |
|
27563093d2d2
8043406: Change default policy for JCE providers to run with as few privileges as possible
valeriep
parents:
24364
diff
changeset
|
41 |
permission java.util.PropertyPermission "*", "read"; |
|
27563093d2d2
8043406: Change default policy for JCE providers to run with as few privileges as possible
valeriep
parents:
24364
diff
changeset
|
42 |
permission java.security.SecurityPermission "putProviderProperty.SunEC"; |
|
27563093d2d2
8043406: Change default policy for JCE providers to run with as few privileges as possible
valeriep
parents:
24364
diff
changeset
|
43 |
permission java.security.SecurityPermission "clearProviderProperties.SunEC"; |
|
27563093d2d2
8043406: Change default policy for JCE providers to run with as few privileges as possible
valeriep
parents:
24364
diff
changeset
|
44 |
permission java.security.SecurityPermission "removeProviderProperty.SunEC"; |
|
24364
da8afb112f5d
8040059: Change default policy for extensions to no permission
mchung
parents:
22339
diff
changeset
|
45 |
}; |
|
da8afb112f5d
8040059: Change default policy for extensions to no permission
mchung
parents:
22339
diff
changeset
|
46 |
|
| 27565 | 47 |
grant codeBase "jrt:/jdk.crypto.pkcs11" {
|
|
25408
27563093d2d2
8043406: Change default policy for JCE providers to run with as few privileges as possible
valeriep
parents:
24364
diff
changeset
|
48 |
permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; |
|
27563093d2d2
8043406: Change default policy for JCE providers to run with as few privileges as possible
valeriep
parents:
24364
diff
changeset
|
49 |
permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch"; |
|
27563093d2d2
8043406: Change default policy for JCE providers to run with as few privileges as possible
valeriep
parents:
24364
diff
changeset
|
50 |
permission java.lang.RuntimePermission "loadLibrary.j2pkcs11"; |
|
27563093d2d2
8043406: Change default policy for JCE providers to run with as few privileges as possible
valeriep
parents:
24364
diff
changeset
|
51 |
// needs "security.pkcs11.allowSingleThreadedModules" |
|
27563093d2d2
8043406: Change default policy for JCE providers to run with as few privileges as possible
valeriep
parents:
24364
diff
changeset
|
52 |
permission java.util.PropertyPermission "*", "read"; |
|
27563093d2d2
8043406: Change default policy for JCE providers to run with as few privileges as possible
valeriep
parents:
24364
diff
changeset
|
53 |
permission java.security.SecurityPermission "putProviderProperty.*"; |
|
27563093d2d2
8043406: Change default policy for JCE providers to run with as few privileges as possible
valeriep
parents:
24364
diff
changeset
|
54 |
permission java.security.SecurityPermission "clearProviderProperties.*"; |
|
27563093d2d2
8043406: Change default policy for JCE providers to run with as few privileges as possible
valeriep
parents:
24364
diff
changeset
|
55 |
permission java.security.SecurityPermission "removeProviderProperty.*"; |
|
27563093d2d2
8043406: Change default policy for JCE providers to run with as few privileges as possible
valeriep
parents:
24364
diff
changeset
|
56 |
permission java.security.SecurityPermission "getProperty.auth.login.defaultCallbackHandler"; |
|
27563093d2d2
8043406: Change default policy for JCE providers to run with as few privileges as possible
valeriep
parents:
24364
diff
changeset
|
57 |
permission java.security.SecurityPermission "authProvider.*"; |
|
27563093d2d2
8043406: Change default policy for JCE providers to run with as few privileges as possible
valeriep
parents:
24364
diff
changeset
|
58 |
// Needed for reading PKCS11 config file and NSS library check |
|
27563093d2d2
8043406: Change default policy for JCE providers to run with as few privileges as possible
valeriep
parents:
24364
diff
changeset
|
59 |
permission java.io.FilePermission "<<ALL FILES>>", "read"; |
| 2 | 60 |
}; |
61 |
||
|
28849
ccf9d86e52ec
8057645: Deprivilege JAX-WS, JAXB, JAF to extension class loader
mchung
parents:
27565
diff
changeset
|
62 |
grant codeBase "jrt:/java.xml.ws" {
|
|
ccf9d86e52ec
8057645: Deprivilege JAX-WS, JAXB, JAF to extension class loader
mchung
parents:
27565
diff
changeset
|
63 |
permission java.lang.RuntimePermission "accessClassInPackage.com.sun.xml.internal.*"; |
|
ccf9d86e52ec
8057645: Deprivilege JAX-WS, JAXB, JAF to extension class loader
mchung
parents:
27565
diff
changeset
|
64 |
permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal"; |
|
ccf9d86e52ec
8057645: Deprivilege JAX-WS, JAXB, JAF to extension class loader
mchung
parents:
27565
diff
changeset
|
65 |
permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal.*"; |
|
ccf9d86e52ec
8057645: Deprivilege JAX-WS, JAXB, JAF to extension class loader
mchung
parents:
27565
diff
changeset
|
66 |
permission java.lang.RuntimePermission "accessClassInPackage.com.sun.org.apache.xerces.internal.*"; |
|
ccf9d86e52ec
8057645: Deprivilege JAX-WS, JAXB, JAF to extension class loader
mchung
parents:
27565
diff
changeset
|
67 |
permission java.lang.RuntimePermission "accessDeclaredMembers"; |
|
ccf9d86e52ec
8057645: Deprivilege JAX-WS, JAXB, JAF to extension class loader
mchung
parents:
27565
diff
changeset
|
68 |
permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; |
|
ccf9d86e52ec
8057645: Deprivilege JAX-WS, JAXB, JAF to extension class loader
mchung
parents:
27565
diff
changeset
|
69 |
permission java.util.PropertyPermission "*", "read"; |
|
ccf9d86e52ec
8057645: Deprivilege JAX-WS, JAXB, JAF to extension class loader
mchung
parents:
27565
diff
changeset
|
70 |
}; |
|
ccf9d86e52ec
8057645: Deprivilege JAX-WS, JAXB, JAF to extension class loader
mchung
parents:
27565
diff
changeset
|
71 |
|
|
ccf9d86e52ec
8057645: Deprivilege JAX-WS, JAXB, JAF to extension class loader
mchung
parents:
27565
diff
changeset
|
72 |
grant codeBase "jrt:/java.xml.bind" {
|
|
ccf9d86e52ec
8057645: Deprivilege JAX-WS, JAXB, JAF to extension class loader
mchung
parents:
27565
diff
changeset
|
73 |
permission java.lang.RuntimePermission "accessClassInPackage.com.sun.xml.internal.*"; |
|
ccf9d86e52ec
8057645: Deprivilege JAX-WS, JAXB, JAF to extension class loader
mchung
parents:
27565
diff
changeset
|
74 |
permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal"; |
|
ccf9d86e52ec
8057645: Deprivilege JAX-WS, JAXB, JAF to extension class loader
mchung
parents:
27565
diff
changeset
|
75 |
permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal.*"; |
|
ccf9d86e52ec
8057645: Deprivilege JAX-WS, JAXB, JAF to extension class loader
mchung
parents:
27565
diff
changeset
|
76 |
permission java.lang.RuntimePermission "accessDeclaredMembers"; |
|
ccf9d86e52ec
8057645: Deprivilege JAX-WS, JAXB, JAF to extension class loader
mchung
parents:
27565
diff
changeset
|
77 |
permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; |
|
ccf9d86e52ec
8057645: Deprivilege JAX-WS, JAXB, JAF to extension class loader
mchung
parents:
27565
diff
changeset
|
78 |
permission java.util.PropertyPermission "*", "read"; |
|
ccf9d86e52ec
8057645: Deprivilege JAX-WS, JAXB, JAF to extension class loader
mchung
parents:
27565
diff
changeset
|
79 |
}; |
|
ccf9d86e52ec
8057645: Deprivilege JAX-WS, JAXB, JAF to extension class loader
mchung
parents:
27565
diff
changeset
|
80 |
|
|
ccf9d86e52ec
8057645: Deprivilege JAX-WS, JAXB, JAF to extension class loader
mchung
parents:
27565
diff
changeset
|
81 |
grant codeBase "jrt:/java.activation" {
|
|
ccf9d86e52ec
8057645: Deprivilege JAX-WS, JAXB, JAF to extension class loader
mchung
parents:
27565
diff
changeset
|
82 |
permission java.security.AllPermission; |
|
ccf9d86e52ec
8057645: Deprivilege JAX-WS, JAXB, JAF to extension class loader
mchung
parents:
27565
diff
changeset
|
83 |
}; |
|
ccf9d86e52ec
8057645: Deprivilege JAX-WS, JAXB, JAF to extension class loader
mchung
parents:
27565
diff
changeset
|
84 |
|
| 2 | 85 |
// default permissions granted to all domains |
86 |
||
| 22339 | 87 |
grant {
|
88 |
// Allows any thread to stop itself using the java.lang.Thread.stop() |
|
89 |
// method that takes no argument. |
|
90 |
// Note that this permission is granted by default only to remain |
|
91 |
// backwards compatible. |
|
92 |
// It is strongly recommended that you either remove this permission |
|
93 |
// from this policy file or further restrict it to code sources |
|
94 |
// that you specify, because Thread.stop() is potentially unsafe. |
|
95 |
// See the API specification of java.lang.Thread.stop() for more |
|
|
2183
8eb97a6368b8
6787130: java.policy file contains stale link to http://java.sun.com/notes
mullan
parents:
2
diff
changeset
|
96 |
// information. |
| 22339 | 97 |
permission java.lang.RuntimePermission "stopThread"; |
| 2 | 98 |
|
| 22339 | 99 |
// allows anyone to listen on dynamic ports |
100 |
permission java.net.SocketPermission "localhost:0", "listen"; |
|
| 2 | 101 |
|
| 22339 | 102 |
// "standard" properies that can be read by anyone |
| 2 | 103 |
|
| 22339 | 104 |
permission java.util.PropertyPermission "java.version", "read"; |
105 |
permission java.util.PropertyPermission "java.vendor", "read"; |
|
106 |
permission java.util.PropertyPermission "java.vendor.url", "read"; |
|
107 |
permission java.util.PropertyPermission "java.class.version", "read"; |
|
108 |
permission java.util.PropertyPermission "os.name", "read"; |
|
109 |
permission java.util.PropertyPermission "os.version", "read"; |
|
110 |
permission java.util.PropertyPermission "os.arch", "read"; |
|
111 |
permission java.util.PropertyPermission "file.separator", "read"; |
|
112 |
permission java.util.PropertyPermission "path.separator", "read"; |
|
113 |
permission java.util.PropertyPermission "line.separator", "read"; |
|
| 2 | 114 |
|
| 22339 | 115 |
permission java.util.PropertyPermission "java.specification.version", "read"; |
116 |
permission java.util.PropertyPermission "java.specification.vendor", "read"; |
|
117 |
permission java.util.PropertyPermission "java.specification.name", "read"; |
|
| 2 | 118 |
|
| 22339 | 119 |
permission java.util.PropertyPermission "java.vm.specification.version", "read"; |
120 |
permission java.util.PropertyPermission "java.vm.specification.vendor", "read"; |
|
121 |
permission java.util.PropertyPermission "java.vm.specification.name", "read"; |
|
122 |
permission java.util.PropertyPermission "java.vm.version", "read"; |
|
123 |
permission java.util.PropertyPermission "java.vm.vendor", "read"; |
|
124 |
permission java.util.PropertyPermission "java.vm.name", "read"; |
|
| 2 | 125 |
}; |
126 |