test/jdk/java/net/httpclient/security/8.policy
author chegar
Wed, 06 Dec 2017 11:11:59 -0800
changeset 48083 b1c1b4ef4be2
parent 47216 71c04702a3d5
child 49765 ee6f7a61f3a5
child 55973 4d9b002587db
permissions -rw-r--r--
8191494: Refresh incubating HTTP Client Reviewed-by: chegar, dfuchs, michaelm Contributed-by: Chris Hegarty <chris.hegarty@oracle.com>, Daniel Fuchs <daniel.fuchs@oracle.com>, Michael McMahon <michael.x.mcmahon@oracle.com>, Pavel Rappo <pavel.rappo@oracle.com>

//
// Copyright (c) 2016, 2017, Oracle and/or its affiliates. All rights reserved.
// DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
//
// This code is free software; you can redistribute it and/or modify it
// under the terms of the GNU General Public License version 2 only, as
// published by the Free Software Foundation.
//
// This code is distributed in the hope that it will be useful, but WITHOUT
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
// FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
// version 2 for more details (a copy is included in the LICENSE file that
// accompanied this code).
//
// You should have received a copy of the GNU General Public License version
// 2 along with this work; if not, write to the Free Software Foundation,
// Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
//
// Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
// or visit www.oracle.com if you need additional information or have any
// questions.
//

// Policy 8
grant {
    // permissions common to all tests
    permission java.util.PropertyPermission "*", "read";
    permission java.io.FilePermission "${test.classes}${/}-", "read,write,delete";
    permission java.lang.RuntimePermission "modifyThread";
    permission java.util.logging.LoggingPermission "control", "";
    permission java.net.SocketPermission "localhost:1024-", "accept,listen";
    permission java.io.FilePermission "${test.src}${/}docs${/}-", "read";
    permission java.lang.RuntimePermission "createClassLoader";


    // permissions specific to this test
    permission java.net.URLPermission "http://127.0.0.1:*/files/foo.txt", "GET:X-Foo1,X-Foo,X-Bar";
};

// For proxy only. Not being tested
grant codebase "file:${test.classes}/proxydir/-" {
    permission java.net.SocketPermission "localhost:1024-", "accept,listen,connect";
    permission java.net.SocketPermission "127.0.0.1:1024-", "connect,resolve";
};

grant codeBase "jrt:/jdk.incubator.httpclient" {
    permission java.lang.RuntimePermission "accessClassInPackage.sun.net";
    permission java.lang.RuntimePermission "accessClassInPackage.sun.net.util";
    permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www";
    permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.misc";

    // ## why is SP not good enough. Check API @throws signatures and impl
    permission java.net.SocketPermission "*","connect,resolve";
    permission java.net.URLPermission "http:*","*:*";
    permission java.net.URLPermission "https:*","*:*";
    permission java.net.URLPermission "ws:*","*:*";
    permission java.net.URLPermission "wss:*","*:*";
    permission java.net.URLPermission "socket:*","CONNECT";  // proxy

    // For request/response body processors, fromFile, asFile
    permission java.io.FilePermission "<<ALL FILES>>","read,write";  // delete???

    permission java.util.PropertyPermission "jdk.httpclient.*","read";

    permission java.net.NetPermission "getProxySelector";
};