jpayne@68: // jpayne@68: // Permissions required by modules stored in a run-time image and loaded jpayne@68: // by the platform class loader. jpayne@68: // jpayne@68: // NOTE that this file is not intended to be modified. If additional jpayne@68: // permissions need to be granted to the modules in this file, it is jpayne@68: // recommended that they be configured in a separate policy file or jpayne@68: // ${java.home}/conf/security/java.policy. jpayne@68: // jpayne@68: jpayne@68: jpayne@68: grant codeBase "jrt:/java.compiler" { jpayne@68: permission java.security.AllPermission; jpayne@68: }; jpayne@68: jpayne@68: jpayne@68: grant codeBase "jrt:/java.net.http" { jpayne@68: permission java.lang.RuntimePermission "accessClassInPackage.sun.net"; jpayne@68: permission java.lang.RuntimePermission "accessClassInPackage.sun.net.util"; jpayne@68: permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www"; jpayne@68: permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.misc"; jpayne@68: permission java.net.SocketPermission "*","connect,resolve"; jpayne@68: permission java.net.URLPermission "http:*","*:*"; jpayne@68: permission java.net.URLPermission "https:*","*:*"; jpayne@68: permission java.net.URLPermission "ws:*","*:*"; jpayne@68: permission java.net.URLPermission "wss:*","*:*"; jpayne@68: permission java.net.URLPermission "socket:*","CONNECT"; // proxy jpayne@68: // For request/response body processors, fromFile, asFile jpayne@68: permission java.io.FilePermission "<>","read,write,delete"; jpayne@68: permission java.util.PropertyPermission "*","read"; jpayne@68: permission java.net.NetPermission "getProxySelector"; jpayne@68: }; jpayne@68: jpayne@68: grant codeBase "jrt:/java.scripting" { jpayne@68: permission java.security.AllPermission; jpayne@68: }; jpayne@68: jpayne@68: grant codeBase "jrt:/java.security.jgss" { jpayne@68: permission java.security.AllPermission; jpayne@68: }; jpayne@68: jpayne@68: grant codeBase "jrt:/java.smartcardio" { jpayne@68: permission javax.smartcardio.CardPermission "*", "*"; jpayne@68: permission java.lang.RuntimePermission "loadLibrary.j2pcsc"; jpayne@68: permission java.lang.RuntimePermission jpayne@68: "accessClassInPackage.sun.security.jca"; jpayne@68: permission java.lang.RuntimePermission jpayne@68: "accessClassInPackage.sun.security.util"; jpayne@68: permission java.util.PropertyPermission jpayne@68: "javax.smartcardio.TerminalFactory.DefaultType", "read"; jpayne@68: permission java.util.PropertyPermission "os.name", "read"; jpayne@68: permission java.util.PropertyPermission "os.arch", "read"; jpayne@68: permission java.util.PropertyPermission "sun.arch.data.model", "read"; jpayne@68: permission java.util.PropertyPermission jpayne@68: "sun.security.smartcardio.library", "read"; jpayne@68: permission java.util.PropertyPermission jpayne@68: "sun.security.smartcardio.t0GetResponse", "read"; jpayne@68: permission java.util.PropertyPermission jpayne@68: "sun.security.smartcardio.t1GetResponse", "read"; jpayne@68: permission java.util.PropertyPermission jpayne@68: "sun.security.smartcardio.t1StripLe", "read"; jpayne@68: // needed for looking up native PC/SC library jpayne@68: permission java.io.FilePermission "<>","read"; jpayne@68: permission java.security.SecurityPermission "putProviderProperty.SunPCSC"; jpayne@68: permission java.security.SecurityPermission jpayne@68: "clearProviderProperties.SunPCSC"; jpayne@68: permission java.security.SecurityPermission jpayne@68: "removeProviderProperty.SunPCSC"; jpayne@68: }; jpayne@68: jpayne@68: grant codeBase "jrt:/java.sql" { jpayne@68: permission java.security.AllPermission; jpayne@68: }; jpayne@68: jpayne@68: grant codeBase "jrt:/java.sql.rowset" { jpayne@68: permission java.security.AllPermission; jpayne@68: }; jpayne@68: jpayne@68: jpayne@68: grant codeBase "jrt:/java.xml.crypto" { jpayne@68: permission java.lang.RuntimePermission jpayne@68: "accessClassInPackage.sun.security.util"; jpayne@68: permission java.util.PropertyPermission "*", "read"; jpayne@68: permission java.security.SecurityPermission "putProviderProperty.XMLDSig"; jpayne@68: permission java.security.SecurityPermission jpayne@68: "clearProviderProperties.XMLDSig"; jpayne@68: permission java.security.SecurityPermission jpayne@68: "removeProviderProperty.XMLDSig"; jpayne@68: permission java.security.SecurityPermission jpayne@68: "com.sun.org.apache.xml.internal.security.register"; jpayne@68: permission java.security.SecurityPermission jpayne@68: "getProperty.jdk.xml.dsig.secureValidationPolicy"; jpayne@68: permission java.lang.RuntimePermission jpayne@68: "accessClassInPackage.com.sun.org.apache.xml.internal.*"; jpayne@68: permission java.lang.RuntimePermission jpayne@68: "accessClassInPackage.com.sun.org.apache.xpath.internal"; jpayne@68: permission java.lang.RuntimePermission jpayne@68: "accessClassInPackage.com.sun.org.apache.xpath.internal.*"; jpayne@68: }; jpayne@68: jpayne@68: jpayne@68: grant codeBase "jrt:/jdk.accessibility" { jpayne@68: permission java.lang.RuntimePermission "accessClassInPackage.sun.awt"; jpayne@68: }; jpayne@68: jpayne@68: grant codeBase "jrt:/jdk.charsets" { jpayne@68: permission java.util.PropertyPermission "os.name", "read"; jpayne@68: permission java.util.PropertyPermission "sun.nio.cs.map", "read"; jpayne@68: permission java.lang.RuntimePermission "charsetProvider"; jpayne@68: permission java.lang.RuntimePermission jpayne@68: "accessClassInPackage.jdk.internal.misc"; jpayne@68: permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.cs"; jpayne@68: }; jpayne@68: jpayne@68: grant codeBase "jrt:/jdk.crypto.ec" { jpayne@68: permission java.lang.RuntimePermission jpayne@68: "accessClassInPackage.sun.security.*"; jpayne@68: permission java.lang.RuntimePermission "loadLibrary.sunec"; jpayne@68: permission java.security.SecurityPermission "putProviderProperty.SunEC"; jpayne@68: permission java.security.SecurityPermission "clearProviderProperties.SunEC"; jpayne@68: permission java.security.SecurityPermission "removeProviderProperty.SunEC"; jpayne@68: }; jpayne@68: jpayne@68: grant codeBase "jrt:/jdk.crypto.cryptoki" { jpayne@68: permission java.lang.RuntimePermission jpayne@68: "accessClassInPackage.sun.security.*"; jpayne@68: permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch"; jpayne@68: permission java.lang.RuntimePermission "loadLibrary.j2pkcs11"; jpayne@68: permission java.util.PropertyPermission "sun.security.pkcs11.allowSingleThreadedModules", "read"; jpayne@68: permission java.util.PropertyPermission "sun.security.pkcs11.disableKeyExtraction", "read"; jpayne@68: permission java.util.PropertyPermission "os.name", "read"; jpayne@68: permission java.util.PropertyPermission "os.arch", "read"; jpayne@68: permission java.util.PropertyPermission "jdk.crypto.KeyAgreement.legacyKDF", "read"; jpayne@68: permission java.security.SecurityPermission "putProviderProperty.*"; jpayne@68: permission java.security.SecurityPermission "clearProviderProperties.*"; jpayne@68: permission java.security.SecurityPermission "removeProviderProperty.*"; jpayne@68: permission java.security.SecurityPermission jpayne@68: "getProperty.auth.login.defaultCallbackHandler"; jpayne@68: permission java.security.SecurityPermission "authProvider.*"; jpayne@68: // Needed for reading PKCS11 config file and NSS library check jpayne@68: permission java.io.FilePermission "<>", "read"; jpayne@68: }; jpayne@68: jpayne@68: grant codeBase "jrt:/jdk.desktop" { jpayne@68: permission java.lang.RuntimePermission "accessClassInPackage.com.sun.awt"; jpayne@68: }; jpayne@68: jpayne@68: grant codeBase "jrt:/jdk.dynalink" { jpayne@68: permission java.security.AllPermission; jpayne@68: }; jpayne@68: jpayne@68: grant codeBase "jrt:/jdk.httpserver" { jpayne@68: permission java.security.AllPermission; jpayne@68: }; jpayne@68: jpayne@68: grant codeBase "jrt:/jdk.internal.le" { jpayne@68: permission java.security.AllPermission; jpayne@68: }; jpayne@68: jpayne@68: grant codeBase "jrt:/jdk.internal.vm.compiler" { jpayne@68: permission java.security.AllPermission; jpayne@68: }; jpayne@68: jpayne@68: grant codeBase "jrt:/jdk.internal.vm.compiler.management" { jpayne@68: permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.vm.compiler.collections"; jpayne@68: permission java.lang.RuntimePermission "accessClassInPackage.jdk.vm.ci.runtime"; jpayne@68: permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.core.common"; jpayne@68: permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.debug"; jpayne@68: permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.hotspot"; jpayne@68: permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.options"; jpayne@68: permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.phases.common.jmx"; jpayne@68: permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.serviceprovider"; jpayne@68: }; jpayne@68: jpayne@68: grant codeBase "jrt:/jdk.jsobject" { jpayne@68: permission java.security.AllPermission; jpayne@68: }; jpayne@68: jpayne@68: grant codeBase "jrt:/jdk.localedata" { jpayne@68: permission java.lang.RuntimePermission "accessClassInPackage.sun.text.*"; jpayne@68: permission java.lang.RuntimePermission "accessClassInPackage.sun.util.*"; jpayne@68: }; jpayne@68: jpayne@68: grant codeBase "jrt:/jdk.naming.dns" { jpayne@68: permission java.security.AllPermission; jpayne@68: }; jpayne@68: jpayne@68: grant codeBase "jrt:/jdk.scripting.nashorn" { jpayne@68: permission java.security.AllPermission; jpayne@68: }; jpayne@68: jpayne@68: grant codeBase "jrt:/jdk.scripting.nashorn.shell" { jpayne@68: permission java.security.AllPermission; jpayne@68: }; jpayne@68: jpayne@68: grant codeBase "jrt:/jdk.security.auth" { jpayne@68: permission java.security.AllPermission; jpayne@68: }; jpayne@68: jpayne@68: grant codeBase "jrt:/jdk.security.jgss" { jpayne@68: permission java.security.AllPermission; jpayne@68: }; jpayne@68: jpayne@68: grant codeBase "jrt:/jdk.zipfs" { jpayne@68: permission java.io.FilePermission "<>", "read,write,delete"; jpayne@68: permission java.lang.RuntimePermission "fileSystemProvider"; jpayne@68: permission java.lang.RuntimePermission "accessUserInformation"; jpayne@68: permission java.util.PropertyPermission "os.name", "read"; jpayne@68: }; jpayne@68: jpayne@68: // permissions needed by applications using java.desktop module jpayne@68: grant { jpayne@68: permission java.lang.RuntimePermission "accessClassInPackage.com.sun.beans"; jpayne@68: permission java.lang.RuntimePermission "accessClassInPackage.com.sun.beans.*"; jpayne@68: permission java.lang.RuntimePermission "accessClassInPackage.com.sun.java.swing.plaf.*"; jpayne@68: permission java.lang.RuntimePermission "accessClassInPackage.com.apple.*"; jpayne@68: };