author | phh |
Sat, 30 Nov 2019 14:33:05 -0800 | |
changeset 59330 | 5b96c12f909d |
parent 47216 | 71c04702a3d5 |
permissions | -rw-r--r-- |
41356
4bd1181b2fea
8166632: Document how to grant permissions for a module jrt:/<module> in the image
mullan
parents:
39884
diff
changeset
|
1 |
// |
4bd1181b2fea
8166632: Document how to grant permissions for a module jrt:/<module> in the image
mullan
parents:
39884
diff
changeset
|
2 |
// This system policy file grants a set of default permissions to all domains |
4bd1181b2fea
8166632: Document how to grant permissions for a module jrt:/<module> in the image
mullan
parents:
39884
diff
changeset
|
3 |
// and can be configured to grant additional permissions to modules and other |
4bd1181b2fea
8166632: Document how to grant permissions for a module jrt:/<module> in the image
mullan
parents:
39884
diff
changeset
|
4 |
// code sources. The code source URL scheme for modules linked into a |
4bd1181b2fea
8166632: Document how to grant permissions for a module jrt:/<module> in the image
mullan
parents:
39884
diff
changeset
|
5 |
// run-time image is "jrt". |
4bd1181b2fea
8166632: Document how to grant permissions for a module jrt:/<module> in the image
mullan
parents:
39884
diff
changeset
|
6 |
// |
4bd1181b2fea
8166632: Document how to grant permissions for a module jrt:/<module> in the image
mullan
parents:
39884
diff
changeset
|
7 |
// For example, to grant permission to read the "foo" property to the module |
4bd1181b2fea
8166632: Document how to grant permissions for a module jrt:/<module> in the image
mullan
parents:
39884
diff
changeset
|
8 |
// "com.greetings", the grant entry is: |
4bd1181b2fea
8166632: Document how to grant permissions for a module jrt:/<module> in the image
mullan
parents:
39884
diff
changeset
|
9 |
// |
4bd1181b2fea
8166632: Document how to grant permissions for a module jrt:/<module> in the image
mullan
parents:
39884
diff
changeset
|
10 |
// grant codeBase "jrt:/com.greetings" { |
4bd1181b2fea
8166632: Document how to grant permissions for a module jrt:/<module> in the image
mullan
parents:
39884
diff
changeset
|
11 |
// permission java.util.PropertyPermission "foo", "read"; |
4bd1181b2fea
8166632: Document how to grant permissions for a module jrt:/<module> in the image
mullan
parents:
39884
diff
changeset
|
12 |
// }; |
4bd1181b2fea
8166632: Document how to grant permissions for a module jrt:/<module> in the image
mullan
parents:
39884
diff
changeset
|
13 |
// |
4bd1181b2fea
8166632: Document how to grant permissions for a module jrt:/<module> in the image
mullan
parents:
39884
diff
changeset
|
14 |
|
2 | 15 |
// default permissions granted to all domains |
22339 | 16 |
grant { |
39884
9a543219d0bb
8159752: Grant de-privileged module permissions by default with java.security.policy override option
mullan
parents:
39827
diff
changeset
|
17 |
// allows anyone to listen on dynamic ports |
9a543219d0bb
8159752: Grant de-privileged module permissions by default with java.security.policy override option
mullan
parents:
39827
diff
changeset
|
18 |
permission java.net.SocketPermission "localhost:0", "listen"; |
2 | 19 |
|
39884
9a543219d0bb
8159752: Grant de-privileged module permissions by default with java.security.policy override option
mullan
parents:
39827
diff
changeset
|
20 |
// "standard" properies that can be read by anyone |
9a543219d0bb
8159752: Grant de-privileged module permissions by default with java.security.policy override option
mullan
parents:
39827
diff
changeset
|
21 |
permission java.util.PropertyPermission "java.version", "read"; |
9a543219d0bb
8159752: Grant de-privileged module permissions by default with java.security.policy override option
mullan
parents:
39827
diff
changeset
|
22 |
permission java.util.PropertyPermission "java.vendor", "read"; |
9a543219d0bb
8159752: Grant de-privileged module permissions by default with java.security.policy override option
mullan
parents:
39827
diff
changeset
|
23 |
permission java.util.PropertyPermission "java.vendor.url", "read"; |
9a543219d0bb
8159752: Grant de-privileged module permissions by default with java.security.policy override option
mullan
parents:
39827
diff
changeset
|
24 |
permission java.util.PropertyPermission "java.class.version", "read"; |
9a543219d0bb
8159752: Grant de-privileged module permissions by default with java.security.policy override option
mullan
parents:
39827
diff
changeset
|
25 |
permission java.util.PropertyPermission "os.name", "read"; |
9a543219d0bb
8159752: Grant de-privileged module permissions by default with java.security.policy override option
mullan
parents:
39827
diff
changeset
|
26 |
permission java.util.PropertyPermission "os.version", "read"; |
9a543219d0bb
8159752: Grant de-privileged module permissions by default with java.security.policy override option
mullan
parents:
39827
diff
changeset
|
27 |
permission java.util.PropertyPermission "os.arch", "read"; |
9a543219d0bb
8159752: Grant de-privileged module permissions by default with java.security.policy override option
mullan
parents:
39827
diff
changeset
|
28 |
permission java.util.PropertyPermission "file.separator", "read"; |
9a543219d0bb
8159752: Grant de-privileged module permissions by default with java.security.policy override option
mullan
parents:
39827
diff
changeset
|
29 |
permission java.util.PropertyPermission "path.separator", "read"; |
9a543219d0bb
8159752: Grant de-privileged module permissions by default with java.security.policy override option
mullan
parents:
39827
diff
changeset
|
30 |
permission java.util.PropertyPermission "line.separator", "read"; |
9a543219d0bb
8159752: Grant de-privileged module permissions by default with java.security.policy override option
mullan
parents:
39827
diff
changeset
|
31 |
permission java.util.PropertyPermission |
9a543219d0bb
8159752: Grant de-privileged module permissions by default with java.security.policy override option
mullan
parents:
39827
diff
changeset
|
32 |
"java.specification.version", "read"; |
9a543219d0bb
8159752: Grant de-privileged module permissions by default with java.security.policy override option
mullan
parents:
39827
diff
changeset
|
33 |
permission java.util.PropertyPermission "java.specification.vendor", "read"; |
9a543219d0bb
8159752: Grant de-privileged module permissions by default with java.security.policy override option
mullan
parents:
39827
diff
changeset
|
34 |
permission java.util.PropertyPermission "java.specification.name", "read"; |
9a543219d0bb
8159752: Grant de-privileged module permissions by default with java.security.policy override option
mullan
parents:
39827
diff
changeset
|
35 |
permission java.util.PropertyPermission |
9a543219d0bb
8159752: Grant de-privileged module permissions by default with java.security.policy override option
mullan
parents:
39827
diff
changeset
|
36 |
"java.vm.specification.version", "read"; |
9a543219d0bb
8159752: Grant de-privileged module permissions by default with java.security.policy override option
mullan
parents:
39827
diff
changeset
|
37 |
permission java.util.PropertyPermission |
9a543219d0bb
8159752: Grant de-privileged module permissions by default with java.security.policy override option
mullan
parents:
39827
diff
changeset
|
38 |
"java.vm.specification.vendor", "read"; |
9a543219d0bb
8159752: Grant de-privileged module permissions by default with java.security.policy override option
mullan
parents:
39827
diff
changeset
|
39 |
permission java.util.PropertyPermission |
9a543219d0bb
8159752: Grant de-privileged module permissions by default with java.security.policy override option
mullan
parents:
39827
diff
changeset
|
40 |
"java.vm.specification.name", "read"; |
9a543219d0bb
8159752: Grant de-privileged module permissions by default with java.security.policy override option
mullan
parents:
39827
diff
changeset
|
41 |
permission java.util.PropertyPermission "java.vm.version", "read"; |
9a543219d0bb
8159752: Grant de-privileged module permissions by default with java.security.policy override option
mullan
parents:
39827
diff
changeset
|
42 |
permission java.util.PropertyPermission "java.vm.vendor", "read"; |
9a543219d0bb
8159752: Grant de-privileged module permissions by default with java.security.policy override option
mullan
parents:
39827
diff
changeset
|
43 |
permission java.util.PropertyPermission "java.vm.name", "read"; |
2 | 44 |
}; |