Mercurial Mercurial > jdk-sandbox / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
jdk/src/java.base/share/lib/security/default.policy
changeset 39884 9a543219d0bb
child 39885 5b01da2e0368 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/src/java.base/share/lib/security/default.policy	Fri Jul 29 19:00:54 2016 -0400
@@ -0,0 +1,160 @@
+//
+// Permissions required by modules stored in a run-time image and loaded
+// by the platform class loader.
+//
+// NOTE that this file is not intended to be modified. If additional
+// permissions need to be granted to the modules in this file, it is
+// recommended that they be configured in a separate policy file or
+// ${java.home}/conf/security/java.policy.
+//
+
+grant codeBase "jrt:/java.activation" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "jrt:/java.compiler" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "jrt:/java.corba" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "jrt:/java.scripting" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "jrt:/java.smartcardio" {
+    permission javax.smartcardio.CardPermission "*", "*";
+    permission java.lang.RuntimePermission "loadLibrary.j2pcsc";
+    permission java.lang.RuntimePermission
+                   "accessClassInPackage.sun.security.*";
+    permission java.util.PropertyPermission "*", "read";
+    // needed for looking up native PC/SC library
+    permission java.io.FilePermission "<<ALL FILES>>","read";
+    permission java.security.SecurityPermission "putProviderProperty.SunPCSC";
+    permission java.security.SecurityPermission
+                   "clearProviderProperties.SunPCSC";
+    permission java.security.SecurityPermission
+                   "removeProviderProperty.SunPCSC";
+};
+
+grant codeBase "jrt:/java.sql" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "jrt:/java.sql.rowset" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "jrt:/java.xml.bind" {
+    permission java.lang.RuntimePermission
+                   "accessClassInPackage.com.sun.xml.internal.*";
+    permission java.lang.RuntimePermission
+                   "accessClassInPackage.com.sun.istack.internal";
+    permission java.lang.RuntimePermission
+                   "accessClassInPackage.com.sun.istack.internal.*";
+    permission java.lang.RuntimePermission "accessDeclaredMembers";
+    permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
+    permission java.util.PropertyPermission "*", "read";
+};
+
+grant codeBase "jrt:/java.xml.crypto" {
+    permission java.util.PropertyPermission "*", "read";
+    permission java.security.SecurityPermission "putProviderProperty.XMLDSig";
+    permission java.security.SecurityPermission
+                   "clearProviderProperties.XMLDSig";
+    permission java.security.SecurityPermission
+                   "removeProviderProperty.XMLDSig";
+    permission java.security.SecurityPermission
+                   "com.sun.org.apache.xml.internal.security.register";
+};
+
+grant codeBase "jrt:/java.xml.ws" {
+    permission java.lang.RuntimePermission
+                   "accessClassInPackage.com.sun.xml.internal.*";
+    permission java.lang.RuntimePermission
+                   "accessClassInPackage.com.sun.istack.internal";
+    permission java.lang.RuntimePermission
+                   "accessClassInPackage.com.sun.istack.internal.*";
+    permission java.lang.RuntimePermission
+                   "accessClassInPackage.com.sun.org.apache.xerces.internal.*";
+    permission java.lang.RuntimePermission "accessDeclaredMembers";
+    permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
+    permission java.util.PropertyPermission "*", "read";
+};
+
+grant codeBase "jrt:/jdk.charsets" {
+    permission java.io.FilePermission "${java.home}/-", "read";
+    permission java.util.PropertyPermission "os.name", "read";
+    permission java.util.PropertyPermission "sun.nio.cs.map", "read";
+    permission java.lang.RuntimePermission "charsetProvider";
+    permission java.lang.RuntimePermission
+                   "accessClassInPackage.jdk.internal.misc";
+    permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.cs";
+};
+
+grant codeBase "jrt:/jdk.crypto.ec" {
+    permission java.lang.RuntimePermission
+                   "accessClassInPackage.sun.security.*";
+    permission java.lang.RuntimePermission "loadLibrary.sunec";
+    permission java.util.PropertyPermission "*", "read";
+    permission java.security.SecurityPermission "putProviderProperty.SunEC";
+    permission java.security.SecurityPermission "clearProviderProperties.SunEC";
+    permission java.security.SecurityPermission "removeProviderProperty.SunEC";
+};
+
+grant codeBase "jrt:/jdk.crypto.pkcs11" {
+    permission java.lang.RuntimePermission
+                   "accessClassInPackage.sun.security.*";
+    permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
+    permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
+    permission java.lang.RuntimePermission "loadLibrary.j2pkcs11";
+    // needs "security.pkcs11.allowSingleThreadedModules"
+    permission java.util.PropertyPermission "*", "read";
+    permission java.security.SecurityPermission "putProviderProperty.*";
+    permission java.security.SecurityPermission "clearProviderProperties.*";
+    permission java.security.SecurityPermission "removeProviderProperty.*";
+    permission java.security.SecurityPermission
+                   "getProperty.auth.login.defaultCallbackHandler";
+    permission java.security.SecurityPermission "authProvider.*";
+    // Needed for reading PKCS11 config file and NSS library check
+    permission java.io.FilePermission "<<ALL FILES>>", "read";
+};
+
+grant codeBase "jrt:/jdk.dynalink" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "jrt:/jdk.internal.le" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "jrt:/jdk.jsobject" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "jrt:/jdk.localedata" {
+    permission java.lang.RuntimePermission "accessClassInPackage.sun.text.*";
+    permission java.lang.RuntimePermission "accessClassInPackage.sun.util.*";
+    permission java.util.PropertyPermission "*", "read";
+};
+
+grant codeBase "jrt:/jdk.naming.dns" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "jrt:/jdk.scripting.nashorn" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "jrt:/jdk.scripting.nashorn.shell" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "jrt:/jdk.zipfs" {
+    permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
+    permission java.lang.RuntimePermission "fileSystemProvider";
+    permission java.util.PropertyPermission "*", "read";
+};
+
jdk-sandbox