8043406: Change default policy for JCE providers to run with as few privileges as possible
Summary: Provide default permissions for crypto providers
Reviewed-by: mullan, vinnie
grant codeBase "file:${java.home}/lib/ext/sunpkcs11.jar" {
permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
permission java.lang.RuntimePermission "loadLibrary.j2pkcs11";
permission java.util.PropertyPermission "*", "read";
permission java.security.SecurityPermission "putProviderProperty.*";
permission java.security.SecurityPermission "clearProviderProperties.*";
permission java.security.SecurityPermission "removeProviderProperty.*";
permission java.security.SecurityPermission "getProperty.auth.login.defaultCallbackHandler";
permission java.security.SecurityPermission "authProvider.*";
// Needed for reading PKCS11 config file and NSS library check
permission java.io.FilePermission "<<ALL FILES>>", "read";
};
grant {
permission java.util.PropertyPermission "*", "read, write";
permission java.lang.RuntimePermission "loadLibrary.*";
permission java.lang.RuntimePermission "accessClassInPackage.sun.*";
permission java.lang.RuntimePermission "getProtectionDomain";
permission java.security.SecurityPermission "putProviderProperty.*";
permission java.io.FilePermission "<<ALL FILES>>", "read";
permission java.security.SecurityPermission "setProperty.auth.login.defaultCallbackHandler";
permission java.security.SecurityPermission "authProvider.SunPKCS11-NSS"
;
};