--- a/jdk/src/java.base/share/conf/security/java.policy Fri Jul 29 09:34:20 2016 -0700
+++ b/jdk/src/java.base/share/conf/security/java.policy Fri Jul 29 19:00:54 2016 -0400
@@ -1,179 +1,31 @@
-// permissions required by each component
-
-grant codeBase "jrt:/java.activation" {
- permission java.security.AllPermission;
-};
-
-grant codeBase "jrt:/java.corba" {
- permission java.security.AllPermission;
-};
-
-grant codeBase "jrt:/java.compiler" {
- permission java.security.AllPermission;
-};
-
-grant codeBase "jrt:/jdk.charsets" {
- permission java.io.FilePermission "${java.home}/-", "read";
- permission java.util.PropertyPermission "os.name", "read";
- permission java.util.PropertyPermission "sun.nio.cs.map", "read";
- permission java.lang.RuntimePermission "charsetProvider";
- permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.misc";
- permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.cs";
-};
-
-grant codeBase "jrt:/jdk.crypto.ucrypto" {
- permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
- permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
- permission java.lang.RuntimePermission "loadLibrary.j2ucrypto";
- // need "com.oracle.security.ucrypto.debug" for debugging
- permission java.util.PropertyPermission "*", "read";
- permission java.security.SecurityPermission "putProviderProperty.OracleUcrypto";
- permission java.security.SecurityPermission "clearProviderProperties.OracleUcrypto";
- permission java.security.SecurityPermission "removeProviderProperty.OracleUcrypto";
- // Needed for reading Ucrypto config file
- permission java.io.FilePermission "<<ALL FILES>>", "read";
-};
-
-grant codeBase "jrt:/java.sql" {
- permission java.security.AllPermission;
-};
-
-grant codeBase "jrt:/java.sql.rowset" {
- permission java.security.AllPermission;
-};
-
-grant codeBase "jrt:/jdk.crypto.ec" {
- permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
- permission java.lang.RuntimePermission "loadLibrary.sunec";
- permission java.util.PropertyPermission "*", "read";
- permission java.security.SecurityPermission "putProviderProperty.SunEC";
- permission java.security.SecurityPermission "clearProviderProperties.SunEC";
- permission java.security.SecurityPermission "removeProviderProperty.SunEC";
-};
-
-grant codeBase "jrt:/jdk.crypto.pkcs11" {
- permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
- permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
- permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
- permission java.lang.RuntimePermission "loadLibrary.j2pkcs11";
- // needs "security.pkcs11.allowSingleThreadedModules"
- permission java.util.PropertyPermission "*", "read";
- permission java.security.SecurityPermission "putProviderProperty.*";
- permission java.security.SecurityPermission "clearProviderProperties.*";
- permission java.security.SecurityPermission "removeProviderProperty.*";
- permission java.security.SecurityPermission "getProperty.auth.login.defaultCallbackHandler";
- permission java.security.SecurityPermission "authProvider.*";
- // Needed for reading PKCS11 config file and NSS library check
- permission java.io.FilePermission "<<ALL FILES>>", "read";
-};
-
-grant codeBase "jrt:/jdk.dynalink" {
- permission java.security.AllPermission;
-};
-
-grant codeBase "jrt:/jdk.internal.le" {
- permission java.security.AllPermission;
-};
-
-grant codeBase "jrt:/jdk.jsobject" {
- permission java.security.AllPermission;
-};
-
-grant codeBase "jrt:/jdk.localedata" {
- permission java.lang.RuntimePermission "accessClassInPackage.sun.text.*";
- permission java.lang.RuntimePermission "accessClassInPackage.sun.util.*";
- permission java.util.PropertyPermission "*", "read";
-};
-
-grant codeBase "jrt:/jdk.naming.dns" {
- permission java.security.AllPermission;
-};
-
-grant codeBase "jrt:/java.scripting" {
- permission java.security.AllPermission;
-};
-
-grant codeBase "jrt:/jdk.scripting.nashorn" {
- permission java.security.AllPermission;
-};
-
-grant codeBase "jrt:/jdk.scripting.nashorn.shell" {
- permission java.security.AllPermission;
-};
-
-grant codeBase "jrt:/java.smartcardio" {
- permission javax.smartcardio.CardPermission "*", "*";
- permission java.lang.RuntimePermission "loadLibrary.j2pcsc";
- permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
- permission java.util.PropertyPermission "*", "read";
- // needed for looking up native PC/SC library
- permission java.io.FilePermission "<<ALL FILES>>","read";
- permission java.security.SecurityPermission "putProviderProperty.SunPCSC";
- permission java.security.SecurityPermission "clearProviderProperties.SunPCSC";
- permission java.security.SecurityPermission "removeProviderProperty.SunPCSC";
-};
-
-grant codeBase "jrt:/java.xml.bind" {
- permission java.lang.RuntimePermission "accessClassInPackage.com.sun.xml.internal.*";
- permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal";
- permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal.*";
- permission java.lang.RuntimePermission "accessDeclaredMembers";
- permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
- permission java.util.PropertyPermission "*", "read";
-};
-
-grant codeBase "jrt:/java.xml.crypto" {
- permission java.util.PropertyPermission "*", "read";
- permission java.security.SecurityPermission "putProviderProperty.XMLDSig";
- permission java.security.SecurityPermission "clearProviderProperties.XMLDSig";
- permission java.security.SecurityPermission "removeProviderProperty.XMLDSig";
- permission java.security.SecurityPermission "com.sun.org.apache.xml.internal.security.register";
-};
-
-grant codeBase "jrt:/java.xml.ws" {
- permission java.lang.RuntimePermission "accessClassInPackage.com.sun.xml.internal.*";
- permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal";
- permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal.*";
- permission java.lang.RuntimePermission "accessClassInPackage.com.sun.org.apache.xerces.internal.*";
- permission java.lang.RuntimePermission "accessDeclaredMembers";
- permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
- permission java.util.PropertyPermission "*", "read";
-};
-
-grant codeBase "jrt:/jdk.zipfs" {
- permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
- permission java.lang.RuntimePermission "fileSystemProvider";
- permission java.util.PropertyPermission "*", "read";
-};
-
// default permissions granted to all domains
grant {
- // allows anyone to listen on dynamic ports
- permission java.net.SocketPermission "localhost:0", "listen";
-
- // "standard" properies that can be read by anyone
+ // allows anyone to listen on dynamic ports
+ permission java.net.SocketPermission "localhost:0", "listen";
- permission java.util.PropertyPermission "java.version", "read";
- permission java.util.PropertyPermission "java.vendor", "read";
- permission java.util.PropertyPermission "java.vendor.url", "read";
- permission java.util.PropertyPermission "java.class.version", "read";
- permission java.util.PropertyPermission "os.name", "read";
- permission java.util.PropertyPermission "os.version", "read";
- permission java.util.PropertyPermission "os.arch", "read";
- permission java.util.PropertyPermission "file.separator", "read";
- permission java.util.PropertyPermission "path.separator", "read";
- permission java.util.PropertyPermission "line.separator", "read";
-
- permission java.util.PropertyPermission "java.specification.version", "read";
- permission java.util.PropertyPermission "java.specification.vendor", "read";
- permission java.util.PropertyPermission "java.specification.name", "read";
-
- permission java.util.PropertyPermission "java.vm.specification.version", "read";
- permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
- permission java.util.PropertyPermission "java.vm.specification.name", "read";
- permission java.util.PropertyPermission "java.vm.version", "read";
- permission java.util.PropertyPermission "java.vm.vendor", "read";
- permission java.util.PropertyPermission "java.vm.name", "read";
+ // "standard" properies that can be read by anyone
+ permission java.util.PropertyPermission "java.version", "read";
+ permission java.util.PropertyPermission "java.vendor", "read";
+ permission java.util.PropertyPermission "java.vendor.url", "read";
+ permission java.util.PropertyPermission "java.class.version", "read";
+ permission java.util.PropertyPermission "os.name", "read";
+ permission java.util.PropertyPermission "os.version", "read";
+ permission java.util.PropertyPermission "os.arch", "read";
+ permission java.util.PropertyPermission "file.separator", "read";
+ permission java.util.PropertyPermission "path.separator", "read";
+ permission java.util.PropertyPermission "line.separator", "read";
+ permission java.util.PropertyPermission
+ "java.specification.version", "read";
+ permission java.util.PropertyPermission "java.specification.vendor", "read";
+ permission java.util.PropertyPermission "java.specification.name", "read";
+ permission java.util.PropertyPermission
+ "java.vm.specification.version", "read";
+ permission java.util.PropertyPermission
+ "java.vm.specification.vendor", "read";
+ permission java.util.PropertyPermission
+ "java.vm.specification.name", "read";
+ permission java.util.PropertyPermission "java.vm.version", "read";
+ permission java.util.PropertyPermission "java.vm.vendor", "read";
+ permission java.util.PropertyPermission "java.vm.name", "read";
};
-