author | alanb |
Thu, 17 Mar 2016 19:04:16 +0000 | |
changeset 36511 | 9d0388c6b336 |
parent 34961 | 13e8054a06d9 |
child 37795 | c5dc5ab60139 |
permissions | -rw-r--r-- |
24364
da8afb112f5d
8040059: Change default policy for extensions to no permission
mchung
parents:
22339
diff
changeset
|
1 |
// permissions required by each component |
36511 | 2 |
|
3 |
grant codeBase "jrt:/java.activation" { |
|
28967
7a1ceff4aea2
8068682: Deprivilege/move java.corba to the ext class loader
msheppar
parents:
28849
diff
changeset
|
4 |
permission java.security.AllPermission; |
7a1ceff4aea2
8068682: Deprivilege/move java.corba to the ext class loader
msheppar
parents:
28849
diff
changeset
|
5 |
}; |
7a1ceff4aea2
8068682: Deprivilege/move java.corba to the ext class loader
msheppar
parents:
28849
diff
changeset
|
6 |
|
36511 | 7 |
grant codeBase "jrt:/java.corba" { |
32144
fa1b56b9ad5c
8133347: Add makefiles support and basic session, persistence history navigation with jline
sundar
parents:
31268
diff
changeset
|
8 |
permission java.security.AllPermission; |
fa1b56b9ad5c
8133347: Add makefiles support and basic session, persistence history navigation with jline
sundar
parents:
31268
diff
changeset
|
9 |
}; |
fa1b56b9ad5c
8133347: Add makefiles support and basic session, persistence history navigation with jline
sundar
parents:
31268
diff
changeset
|
10 |
|
27565 | 11 |
grant codeBase "jrt:/jdk.crypto.ucrypto" { |
27182 | 12 |
permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; |
13 |
permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch"; |
|
14 |
permission java.lang.RuntimePermission "loadLibrary.j2ucrypto"; |
|
15 |
// need "com.oracle.security.ucrypto.debug" for debugging |
|
16 |
permission java.util.PropertyPermission "*", "read"; |
|
17 |
permission java.security.SecurityPermission "putProviderProperty.OracleUcrypto"; |
|
18 |
permission java.security.SecurityPermission "clearProviderProperties.OracleUcrypto"; |
|
19 |
permission java.security.SecurityPermission "removeProviderProperty.OracleUcrypto"; |
|
27565 | 20 |
permission java.io.FilePermission "${java.home}/conf/security/ucrypto-solaris.cfg", "read"; |
27182 | 21 |
}; |
22 |
||
27565 | 23 |
grant codeBase "jrt:/jdk.crypto.ec" { |
25408
27563093d2d2
8043406: Change default policy for JCE providers to run with as few privileges as possible
valeriep
parents:
24364
diff
changeset
|
24 |
permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; |
27563093d2d2
8043406: Change default policy for JCE providers to run with as few privileges as possible
valeriep
parents:
24364
diff
changeset
|
25 |
permission java.lang.RuntimePermission "loadLibrary.sunec"; |
27563093d2d2
8043406: Change default policy for JCE providers to run with as few privileges as possible
valeriep
parents:
24364
diff
changeset
|
26 |
permission java.util.PropertyPermission "*", "read"; |
27563093d2d2
8043406: Change default policy for JCE providers to run with as few privileges as possible
valeriep
parents:
24364
diff
changeset
|
27 |
permission java.security.SecurityPermission "putProviderProperty.SunEC"; |
27563093d2d2
8043406: Change default policy for JCE providers to run with as few privileges as possible
valeriep
parents:
24364
diff
changeset
|
28 |
permission java.security.SecurityPermission "clearProviderProperties.SunEC"; |
27563093d2d2
8043406: Change default policy for JCE providers to run with as few privileges as possible
valeriep
parents:
24364
diff
changeset
|
29 |
permission java.security.SecurityPermission "removeProviderProperty.SunEC"; |
24364
da8afb112f5d
8040059: Change default policy for extensions to no permission
mchung
parents:
22339
diff
changeset
|
30 |
}; |
da8afb112f5d
8040059: Change default policy for extensions to no permission
mchung
parents:
22339
diff
changeset
|
31 |
|
27565 | 32 |
grant codeBase "jrt:/jdk.crypto.pkcs11" { |
25408
27563093d2d2
8043406: Change default policy for JCE providers to run with as few privileges as possible
valeriep
parents:
24364
diff
changeset
|
33 |
permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; |
31268
63fcde3b5c3b
8087157: PKCS11 provider not instantiated with security manager
valeriep
parents:
28967
diff
changeset
|
34 |
permission java.lang.RuntimePermission "accessClassInPackage.sun.misc"; |
25408
27563093d2d2
8043406: Change default policy for JCE providers to run with as few privileges as possible
valeriep
parents:
24364
diff
changeset
|
35 |
permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch"; |
27563093d2d2
8043406: Change default policy for JCE providers to run with as few privileges as possible
valeriep
parents:
24364
diff
changeset
|
36 |
permission java.lang.RuntimePermission "loadLibrary.j2pkcs11"; |
27563093d2d2
8043406: Change default policy for JCE providers to run with as few privileges as possible
valeriep
parents:
24364
diff
changeset
|
37 |
// needs "security.pkcs11.allowSingleThreadedModules" |
27563093d2d2
8043406: Change default policy for JCE providers to run with as few privileges as possible
valeriep
parents:
24364
diff
changeset
|
38 |
permission java.util.PropertyPermission "*", "read"; |
27563093d2d2
8043406: Change default policy for JCE providers to run with as few privileges as possible
valeriep
parents:
24364
diff
changeset
|
39 |
permission java.security.SecurityPermission "putProviderProperty.*"; |
27563093d2d2
8043406: Change default policy for JCE providers to run with as few privileges as possible
valeriep
parents:
24364
diff
changeset
|
40 |
permission java.security.SecurityPermission "clearProviderProperties.*"; |
27563093d2d2
8043406: Change default policy for JCE providers to run with as few privileges as possible
valeriep
parents:
24364
diff
changeset
|
41 |
permission java.security.SecurityPermission "removeProviderProperty.*"; |
27563093d2d2
8043406: Change default policy for JCE providers to run with as few privileges as possible
valeriep
parents:
24364
diff
changeset
|
42 |
permission java.security.SecurityPermission "getProperty.auth.login.defaultCallbackHandler"; |
27563093d2d2
8043406: Change default policy for JCE providers to run with as few privileges as possible
valeriep
parents:
24364
diff
changeset
|
43 |
permission java.security.SecurityPermission "authProvider.*"; |
27563093d2d2
8043406: Change default policy for JCE providers to run with as few privileges as possible
valeriep
parents:
24364
diff
changeset
|
44 |
// Needed for reading PKCS11 config file and NSS library check |
27563093d2d2
8043406: Change default policy for JCE providers to run with as few privileges as possible
valeriep
parents:
24364
diff
changeset
|
45 |
permission java.io.FilePermission "<<ALL FILES>>", "read"; |
2 | 46 |
}; |
47 |
||
36511 | 48 |
grant codeBase "jrt:/jdk.dynalink" { |
49 |
permission java.security.AllPermission; |
|
50 |
}; |
|
51 |
||
52 |
grant codeBase "jrt:/jdk.internal.le" { |
|
53 |
permission java.security.AllPermission; |
|
54 |
}; |
|
55 |
||
56 |
grant codeBase "jrt:/jdk.jsobject" { |
|
57 |
permission java.security.AllPermission; |
|
58 |
}; |
|
59 |
||
60 |
grant codeBase "jrt:/jdk.localedata" { |
|
61 |
permission java.lang.RuntimePermission "accessClassInPackage.sun.text.*"; |
|
62 |
permission java.lang.RuntimePermission "accessClassInPackage.sun.util.*"; |
|
28849
ccf9d86e52ec
8057645: Deprivilege JAX-WS, JAXB, JAF to extension class loader
mchung
parents:
27565
diff
changeset
|
63 |
permission java.util.PropertyPermission "*", "read"; |
ccf9d86e52ec
8057645: Deprivilege JAX-WS, JAXB, JAF to extension class loader
mchung
parents:
27565
diff
changeset
|
64 |
}; |
ccf9d86e52ec
8057645: Deprivilege JAX-WS, JAXB, JAF to extension class loader
mchung
parents:
27565
diff
changeset
|
65 |
|
36511 | 66 |
grant codeBase "jrt:/jdk.naming.dns" { |
67 |
permission java.security.AllPermission; |
|
68 |
}; |
|
69 |
||
70 |
grant codeBase "jrt:/jdk.scripting.nashorn" { |
|
71 |
permission java.security.AllPermission; |
|
72 |
}; |
|
73 |
||
74 |
grant codeBase "jrt:/jdk.scripting.nashorn.shell" { |
|
75 |
permission java.security.AllPermission; |
|
76 |
}; |
|
77 |
||
28849
ccf9d86e52ec
8057645: Deprivilege JAX-WS, JAXB, JAF to extension class loader
mchung
parents:
27565
diff
changeset
|
78 |
grant codeBase "jrt:/java.xml.bind" { |
ccf9d86e52ec
8057645: Deprivilege JAX-WS, JAXB, JAF to extension class loader
mchung
parents:
27565
diff
changeset
|
79 |
permission java.lang.RuntimePermission "accessClassInPackage.com.sun.xml.internal.*"; |
ccf9d86e52ec
8057645: Deprivilege JAX-WS, JAXB, JAF to extension class loader
mchung
parents:
27565
diff
changeset
|
80 |
permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal"; |
ccf9d86e52ec
8057645: Deprivilege JAX-WS, JAXB, JAF to extension class loader
mchung
parents:
27565
diff
changeset
|
81 |
permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal.*"; |
ccf9d86e52ec
8057645: Deprivilege JAX-WS, JAXB, JAF to extension class loader
mchung
parents:
27565
diff
changeset
|
82 |
permission java.lang.RuntimePermission "accessDeclaredMembers"; |
ccf9d86e52ec
8057645: Deprivilege JAX-WS, JAXB, JAF to extension class loader
mchung
parents:
27565
diff
changeset
|
83 |
permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; |
ccf9d86e52ec
8057645: Deprivilege JAX-WS, JAXB, JAF to extension class loader
mchung
parents:
27565
diff
changeset
|
84 |
permission java.util.PropertyPermission "*", "read"; |
ccf9d86e52ec
8057645: Deprivilege JAX-WS, JAXB, JAF to extension class loader
mchung
parents:
27565
diff
changeset
|
85 |
}; |
ccf9d86e52ec
8057645: Deprivilege JAX-WS, JAXB, JAF to extension class loader
mchung
parents:
27565
diff
changeset
|
86 |
|
36511 | 87 |
grant codeBase "jrt:/java.xml.ws" { |
88 |
permission java.lang.RuntimePermission "accessClassInPackage.com.sun.xml.internal.*"; |
|
89 |
permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal"; |
|
90 |
permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal.*"; |
|
91 |
permission java.lang.RuntimePermission "accessClassInPackage.com.sun.org.apache.xerces.internal.*"; |
|
92 |
permission java.lang.RuntimePermission "accessDeclaredMembers"; |
|
93 |
permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; |
|
94 |
permission java.util.PropertyPermission "*", "read"; |
|
95 |
}; |
|
96 |
||
97 |
grant codeBase "jrt:/jdk.zipfs" { |
|
98 |
permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete"; |
|
99 |
permission java.lang.RuntimePermission "fileSystemProvider"; |
|
100 |
permission java.util.PropertyPermission "*", "read"; |
|
28849
ccf9d86e52ec
8057645: Deprivilege JAX-WS, JAXB, JAF to extension class loader
mchung
parents:
27565
diff
changeset
|
101 |
}; |
ccf9d86e52ec
8057645: Deprivilege JAX-WS, JAXB, JAF to extension class loader
mchung
parents:
27565
diff
changeset
|
102 |
|
2 | 103 |
// default permissions granted to all domains |
104 |
||
22339 | 105 |
grant { |
106 |
// allows anyone to listen on dynamic ports |
|
107 |
permission java.net.SocketPermission "localhost:0", "listen"; |
|
2 | 108 |
|
22339 | 109 |
// "standard" properies that can be read by anyone |
2 | 110 |
|
22339 | 111 |
permission java.util.PropertyPermission "java.version", "read"; |
112 |
permission java.util.PropertyPermission "java.vendor", "read"; |
|
113 |
permission java.util.PropertyPermission "java.vendor.url", "read"; |
|
114 |
permission java.util.PropertyPermission "java.class.version", "read"; |
|
115 |
permission java.util.PropertyPermission "os.name", "read"; |
|
116 |
permission java.util.PropertyPermission "os.version", "read"; |
|
117 |
permission java.util.PropertyPermission "os.arch", "read"; |
|
118 |
permission java.util.PropertyPermission "file.separator", "read"; |
|
119 |
permission java.util.PropertyPermission "path.separator", "read"; |
|
120 |
permission java.util.PropertyPermission "line.separator", "read"; |
|
2 | 121 |
|
22339 | 122 |
permission java.util.PropertyPermission "java.specification.version", "read"; |
123 |
permission java.util.PropertyPermission "java.specification.vendor", "read"; |
|
124 |
permission java.util.PropertyPermission "java.specification.name", "read"; |
|
2 | 125 |
|
22339 | 126 |
permission java.util.PropertyPermission "java.vm.specification.version", "read"; |
127 |
permission java.util.PropertyPermission "java.vm.specification.vendor", "read"; |
|
128 |
permission java.util.PropertyPermission "java.vm.specification.name", "read"; |
|
129 |
permission java.util.PropertyPermission "java.vm.version", "read"; |
|
130 |
permission java.util.PropertyPermission "java.vm.vendor", "read"; |
|
131 |
permission java.util.PropertyPermission "java.vm.name", "read"; |
|
2 | 132 |
}; |
133 |