test/jdk/java/net/httpclient/security/11.policy
author chegar
Thu, 07 Dec 2017 11:54:55 +0000
branchhttp-client-branch
changeset 55973 4d9b002587db
parent 55905 0812b07be2da
parent 48083 b1c1b4ef4be2
child 56054 352e845ae744
permissions -rw-r--r--
http-client-branch: merge with default

//
// Copyright (c) 2016, 2017, Oracle and/or its affiliates. All rights reserved.
// DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
//
// This code is free software; you can redistribute it and/or modify it
// under the terms of the GNU General Public License version 2 only, as
// published by the Free Software Foundation.
//
// This code is distributed in the hope that it will be useful, but WITHOUT
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
// FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
// version 2 for more details (a copy is included in the LICENSE file that
// accompanied this code).
//
// You should have received a copy of the GNU General Public License version
// 2 along with this work; if not, write to the Free Software Foundation,
// Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
//
// Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
// or visit www.oracle.com if you need additional information or have any
// questions.
//

// Policy 11
grant {
    // permissions common to all tests
    permission java.util.PropertyPermission "*", "read";
    permission java.io.FilePermission "${test.classes}${/}-", "read,write,delete";
    permission java.lang.RuntimePermission "modifyThread";
    permission java.util.logging.LoggingPermission "control", "";
    permission java.net.SocketPermission "localhost:1024-", "accept,listen";
    permission java.io.FilePermission "${test.src}${/}docs${/}-", "read";
    permission java.lang.RuntimePermission "createClassLoader";

    // permissions specific to this test
    permission java.net.URLPermission "http://127.0.0.1:${port.number}/files/foo.txt", "GET:*";
    permission java.net.URLPermission "socket://127.0.0.1:${port.number1}", "CONNECT";
};


// For proxy only. Not being tested
grant codebase "file:${test.classes}/proxydir/-" {
    permission java.net.SocketPermission "localhost:1024-", "accept,listen,connect";
    permission java.net.SocketPermission "127.0.0.1:1024-", "connect,resolve";
};

grant codeBase "jrt:/jdk.incubator.httpclient" {
    permission java.lang.RuntimePermission "accessClassInPackage.sun.net";
    permission java.lang.RuntimePermission "accessClassInPackage.sun.net.util";
    permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www";
    permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.misc";

    // ## why is SP not good enough. Check API @throws signatures and impl
    permission java.net.SocketPermission "*","connect,resolve";
    permission java.net.URLPermission "http:*","*:*";
    permission java.net.URLPermission "https:*","*:*";
    permission java.net.URLPermission "ws:*","*:*";
    permission java.net.URLPermission "wss:*","*:*";
    permission java.net.URLPermission "socket:*","CONNECT";  // proxy

    // For request/response body processors, fromFile, asFile
    permission java.io.FilePermission "<<ALL FILES>>","read,write";  // delete???

    permission java.util.PropertyPermission "jdk.httpclient.*","read";

    permission java.net.NetPermission "getProxySelector";
};