jpayne@69: // jpayne@69: // Permissions required by modules stored in a run-time image and loaded jpayne@69: // by the platform class loader. jpayne@69: // jpayne@69: // NOTE that this file is not intended to be modified. If additional jpayne@69: // permissions need to be granted to the modules in this file, it is jpayne@69: // recommended that they be configured in a separate policy file or jpayne@69: // ${java.home}/conf/security/java.policy. jpayne@69: // jpayne@69: jpayne@69: jpayne@69: grant codeBase "jrt:/java.compiler" { jpayne@69: permission java.security.AllPermission; jpayne@69: }; jpayne@69: jpayne@69: jpayne@69: grant codeBase "jrt:/java.net.http" { jpayne@69: permission java.lang.RuntimePermission "accessClassInPackage.sun.net"; jpayne@69: permission java.lang.RuntimePermission "accessClassInPackage.sun.net.util"; jpayne@69: permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www"; jpayne@69: permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.misc"; jpayne@69: permission java.net.SocketPermission "*","connect,resolve"; jpayne@69: permission java.net.URLPermission "http:*","*:*"; jpayne@69: permission java.net.URLPermission "https:*","*:*"; jpayne@69: permission java.net.URLPermission "ws:*","*:*"; jpayne@69: permission java.net.URLPermission "wss:*","*:*"; jpayne@69: permission java.net.URLPermission "socket:*","CONNECT"; // proxy jpayne@69: // For request/response body processors, fromFile, asFile jpayne@69: permission java.io.FilePermission "<>","read,write,delete"; jpayne@69: permission java.util.PropertyPermission "*","read"; jpayne@69: permission java.net.NetPermission "getProxySelector"; jpayne@69: }; jpayne@69: jpayne@69: grant codeBase "jrt:/java.scripting" { jpayne@69: permission java.security.AllPermission; jpayne@69: }; jpayne@69: jpayne@69: grant codeBase "jrt:/java.security.jgss" { jpayne@69: permission java.security.AllPermission; jpayne@69: }; jpayne@69: jpayne@69: grant codeBase "jrt:/java.smartcardio" { jpayne@69: permission javax.smartcardio.CardPermission "*", "*"; jpayne@69: permission java.lang.RuntimePermission "loadLibrary.j2pcsc"; jpayne@69: permission java.lang.RuntimePermission jpayne@69: "accessClassInPackage.sun.security.jca"; jpayne@69: permission java.lang.RuntimePermission jpayne@69: "accessClassInPackage.sun.security.util"; jpayne@69: permission java.util.PropertyPermission jpayne@69: "javax.smartcardio.TerminalFactory.DefaultType", "read"; jpayne@69: permission java.util.PropertyPermission "os.name", "read"; jpayne@69: permission java.util.PropertyPermission "os.arch", "read"; jpayne@69: permission java.util.PropertyPermission "sun.arch.data.model", "read"; jpayne@69: permission java.util.PropertyPermission jpayne@69: "sun.security.smartcardio.library", "read"; jpayne@69: permission java.util.PropertyPermission jpayne@69: "sun.security.smartcardio.t0GetResponse", "read"; jpayne@69: permission java.util.PropertyPermission jpayne@69: "sun.security.smartcardio.t1GetResponse", "read"; jpayne@69: permission java.util.PropertyPermission jpayne@69: "sun.security.smartcardio.t1StripLe", "read"; jpayne@69: // needed for looking up native PC/SC library jpayne@69: permission java.io.FilePermission "<>","read"; jpayne@69: permission java.security.SecurityPermission "putProviderProperty.SunPCSC"; jpayne@69: permission java.security.SecurityPermission jpayne@69: "clearProviderProperties.SunPCSC"; jpayne@69: permission java.security.SecurityPermission jpayne@69: "removeProviderProperty.SunPCSC"; jpayne@69: }; jpayne@69: jpayne@69: grant codeBase "jrt:/java.sql" { jpayne@69: permission java.security.AllPermission; jpayne@69: }; jpayne@69: jpayne@69: grant codeBase "jrt:/java.sql.rowset" { jpayne@69: permission java.security.AllPermission; jpayne@69: }; jpayne@69: jpayne@69: jpayne@69: grant codeBase "jrt:/java.xml.crypto" { jpayne@69: permission java.lang.RuntimePermission jpayne@69: "accessClassInPackage.sun.security.util"; jpayne@69: permission java.util.PropertyPermission "*", "read"; jpayne@69: permission java.security.SecurityPermission "putProviderProperty.XMLDSig"; jpayne@69: permission java.security.SecurityPermission jpayne@69: "clearProviderProperties.XMLDSig"; jpayne@69: permission java.security.SecurityPermission jpayne@69: "removeProviderProperty.XMLDSig"; jpayne@69: permission java.security.SecurityPermission jpayne@69: "com.sun.org.apache.xml.internal.security.register"; jpayne@69: permission java.security.SecurityPermission jpayne@69: "getProperty.jdk.xml.dsig.secureValidationPolicy"; jpayne@69: permission java.lang.RuntimePermission jpayne@69: "accessClassInPackage.com.sun.org.apache.xml.internal.*"; jpayne@69: permission java.lang.RuntimePermission jpayne@69: "accessClassInPackage.com.sun.org.apache.xpath.internal"; jpayne@69: permission java.lang.RuntimePermission jpayne@69: "accessClassInPackage.com.sun.org.apache.xpath.internal.*"; jpayne@69: }; jpayne@69: jpayne@69: jpayne@69: grant codeBase "jrt:/jdk.accessibility" { jpayne@69: permission java.lang.RuntimePermission "accessClassInPackage.sun.awt"; jpayne@69: }; jpayne@69: jpayne@69: grant codeBase "jrt:/jdk.charsets" { jpayne@69: permission java.util.PropertyPermission "os.name", "read"; jpayne@69: permission java.util.PropertyPermission "sun.nio.cs.map", "read"; jpayne@69: permission java.lang.RuntimePermission "charsetProvider"; jpayne@69: permission java.lang.RuntimePermission jpayne@69: "accessClassInPackage.jdk.internal.misc"; jpayne@69: permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.cs"; jpayne@69: }; jpayne@69: jpayne@69: grant codeBase "jrt:/jdk.crypto.ec" { jpayne@69: permission java.lang.RuntimePermission jpayne@69: "accessClassInPackage.sun.security.*"; jpayne@69: permission java.lang.RuntimePermission "loadLibrary.sunec"; jpayne@69: permission java.security.SecurityPermission "putProviderProperty.SunEC"; jpayne@69: permission java.security.SecurityPermission "clearProviderProperties.SunEC"; jpayne@69: permission java.security.SecurityPermission "removeProviderProperty.SunEC"; jpayne@69: }; jpayne@69: jpayne@69: grant codeBase "jrt:/jdk.crypto.cryptoki" { jpayne@69: permission java.lang.RuntimePermission jpayne@69: "accessClassInPackage.sun.security.*"; jpayne@69: permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch"; jpayne@69: permission java.lang.RuntimePermission "loadLibrary.j2pkcs11"; jpayne@69: permission java.util.PropertyPermission "sun.security.pkcs11.allowSingleThreadedModules", "read"; jpayne@69: permission java.util.PropertyPermission "sun.security.pkcs11.disableKeyExtraction", "read"; jpayne@69: permission java.util.PropertyPermission "os.name", "read"; jpayne@69: permission java.util.PropertyPermission "os.arch", "read"; jpayne@69: permission java.util.PropertyPermission "jdk.crypto.KeyAgreement.legacyKDF", "read"; jpayne@69: permission java.security.SecurityPermission "putProviderProperty.*"; jpayne@69: permission java.security.SecurityPermission "clearProviderProperties.*"; jpayne@69: permission java.security.SecurityPermission "removeProviderProperty.*"; jpayne@69: permission java.security.SecurityPermission jpayne@69: "getProperty.auth.login.defaultCallbackHandler"; jpayne@69: permission java.security.SecurityPermission "authProvider.*"; jpayne@69: // Needed for reading PKCS11 config file and NSS library check jpayne@69: permission java.io.FilePermission "<>", "read"; jpayne@69: }; jpayne@69: jpayne@69: grant codeBase "jrt:/jdk.desktop" { jpayne@69: permission java.lang.RuntimePermission "accessClassInPackage.com.sun.awt"; jpayne@69: }; jpayne@69: jpayne@69: grant codeBase "jrt:/jdk.dynalink" { jpayne@69: permission java.security.AllPermission; jpayne@69: }; jpayne@69: jpayne@69: grant codeBase "jrt:/jdk.httpserver" { jpayne@69: permission java.security.AllPermission; jpayne@69: }; jpayne@69: jpayne@69: grant codeBase "jrt:/jdk.internal.le" { jpayne@69: permission java.security.AllPermission; jpayne@69: }; jpayne@69: jpayne@69: grant codeBase "jrt:/jdk.internal.vm.compiler" { jpayne@69: permission java.security.AllPermission; jpayne@69: }; jpayne@69: jpayne@69: grant codeBase "jrt:/jdk.internal.vm.compiler.management" { jpayne@69: permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.vm.compiler.collections"; jpayne@69: permission java.lang.RuntimePermission "accessClassInPackage.jdk.vm.ci.runtime"; jpayne@69: permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.core.common"; jpayne@69: permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.debug"; jpayne@69: permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.hotspot"; jpayne@69: permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.options"; jpayne@69: permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.phases.common.jmx"; jpayne@69: permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.serviceprovider"; jpayne@69: }; jpayne@69: jpayne@69: grant codeBase "jrt:/jdk.jsobject" { jpayne@69: permission java.security.AllPermission; jpayne@69: }; jpayne@69: jpayne@69: grant codeBase "jrt:/jdk.localedata" { jpayne@69: permission java.lang.RuntimePermission "accessClassInPackage.sun.text.*"; jpayne@69: permission java.lang.RuntimePermission "accessClassInPackage.sun.util.*"; jpayne@69: }; jpayne@69: jpayne@69: grant codeBase "jrt:/jdk.naming.dns" { jpayne@69: permission java.security.AllPermission; jpayne@69: }; jpayne@69: jpayne@69: grant codeBase "jrt:/jdk.scripting.nashorn" { jpayne@69: permission java.security.AllPermission; jpayne@69: }; jpayne@69: jpayne@69: grant codeBase "jrt:/jdk.scripting.nashorn.shell" { jpayne@69: permission java.security.AllPermission; jpayne@69: }; jpayne@69: jpayne@69: grant codeBase "jrt:/jdk.security.auth" { jpayne@69: permission java.security.AllPermission; jpayne@69: }; jpayne@69: jpayne@69: grant codeBase "jrt:/jdk.security.jgss" { jpayne@69: permission java.security.AllPermission; jpayne@69: }; jpayne@69: jpayne@69: grant codeBase "jrt:/jdk.zipfs" { jpayne@69: permission java.io.FilePermission "<>", "read,write,delete"; jpayne@69: permission java.lang.RuntimePermission "fileSystemProvider"; jpayne@69: permission java.lang.RuntimePermission "accessUserInformation"; jpayne@69: permission java.util.PropertyPermission "os.name", "read"; jpayne@69: }; jpayne@69: jpayne@69: // permissions needed by applications using java.desktop module jpayne@69: grant { jpayne@69: permission java.lang.RuntimePermission "accessClassInPackage.com.sun.beans"; jpayne@69: permission java.lang.RuntimePermission "accessClassInPackage.com.sun.beans.*"; jpayne@69: permission java.lang.RuntimePermission "accessClassInPackage.com.sun.java.swing.plaf.*"; jpayne@69: permission java.lang.RuntimePermission "accessClassInPackage.com.apple.*"; jpayne@69: };