efa54ce543
Provide default permissions for crypto providers Reviewed-by: mullan, vinnie
96 lines
5.1 KiB
Groff
96 lines
5.1 KiB
Groff
//
|
|
// Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
|
|
// DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
//
|
|
// This code is free software; you can redistribute it and/or modify it
|
|
// under the terms of the GNU General Public License version 2 only, as
|
|
// published by the Free Software Foundation.
|
|
//
|
|
// This code is distributed in the hope that it will be useful, but WITHOUT
|
|
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
// FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
// version 2 for more details (a copy is included in the LICENSE file that
|
|
// accompanied this code).
|
|
//
|
|
// You should have received a copy of the GNU General Public License version
|
|
// 2 along with this work; if not, write to the Free Software Foundation,
|
|
// Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
//
|
|
// Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
|
// or visit www.oracle.com if you need additional information or have any
|
|
// questions.
|
|
//
|
|
|
|
grant {
|
|
permission java.net.URLPermission "http://127.0.0.1:12567/foo.html", "GET:X-Foo,Z-Bar";
|
|
permission java.net.URLPermission "https://127.0.0.1:12568/foo.html", "POST:X-Fob,T-Bar";
|
|
|
|
// needed for HttpServer
|
|
permission "java.net.SocketPermission" "localhost:1024-", "listen,resolve,accept";
|
|
permission "java.util.PropertyPermission" "test.src", "read";
|
|
permission java.io.FilePermission "${test.src}/../../../com/sun/net/httpserver/testkeys", "read";
|
|
|
|
//permission "java.util.logging.LoggingPermission" "control";
|
|
//permission "java.io.FilePermission" "/tmp/-", "read,write";
|
|
permission "java.lang.RuntimePermission" "modifyThread";
|
|
permission "java.lang.RuntimePermission" "setFactory";
|
|
};
|
|
|
|
// Normal permissions that aren't granted when run under jtreg
|
|
grant codeBase "file:${java.home}/lib/ext/ucrypto.jar" {
|
|
permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
|
|
permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
|
|
permission java.lang.RuntimePermission "loadLibrary.j2ucrypto";
|
|
permission java.util.PropertyPermission "*", "read";
|
|
permission java.security.SecurityPermission "putProviderProperty.OracleUcrypto";
|
|
permission java.security.SecurityPermission "clearProviderProperties.OracleUcrypto";
|
|
permission java.security.SecurityPermission "removeProviderProperty.OracleUcrypto";
|
|
permission java.io.FilePermission "${java.home}/lib/security/ucrypto-solaris.cfg", "read";
|
|
};
|
|
|
|
grant codeBase "file:${java.home}/lib/ext/sunec.jar" {
|
|
permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
|
|
permission java.lang.RuntimePermission "loadLibrary.sunec";
|
|
permission java.util.PropertyPermission "*", "read";
|
|
permission java.security.SecurityPermission "putProviderProperty.SunEC";
|
|
permission java.security.SecurityPermission "clearProviderProperties.SunEC";
|
|
permission java.security.SecurityPermission "removeProviderProperty.SunEC";
|
|
};
|
|
|
|
grant codeBase "file:${java.home}/lib/ext/sunjce_provider.jar" {
|
|
permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
|
|
permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
|
|
permission java.util.PropertyPermission "*", "read";
|
|
permission java.security.SecurityPermission "putProviderProperty.SunJCE";
|
|
permission java.security.SecurityPermission "clearProviderProperties.SunJCE";
|
|
permission java.security.SecurityPermission "removeProviderProperty.SunJCE";
|
|
};
|
|
|
|
grant codeBase "file:${java.home}/lib/ext/sunpkcs11.jar" {
|
|
permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
|
|
permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
|
|
permission java.lang.RuntimePermission "loadLibrary.j2pkcs11";
|
|
permission java.util.PropertyPermission "*", "read";
|
|
permission java.security.SecurityPermission "putProviderProperty.*";
|
|
permission java.security.SecurityPermission "clearProviderProperties.*";
|
|
permission java.security.SecurityPermission "removeProviderProperty.*";
|
|
permission java.security.SecurityPermission "getProperty.auth.login.defaultCallbackHandler";
|
|
permission java.security.SecurityPermission "authProvider.*";
|
|
// Needed for reading PKCS11 config file and NSS library check
|
|
permission java.io.FilePermission "<<ALL FILES>>", "read";
|
|
};
|
|
|
|
grant codeBase "file:${java.home}/lib/ext/sunmscapi.jar" {
|
|
Permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
|
|
permission java.lang.RuntimePermission "loadLibrary.sunmscapi";
|
|
permission java.util.PropertyPermission "*", "read";
|
|
permission java.security.SecurityPermission "putProviderProperty.SunMSCAPI";
|
|
permission java.security.SecurityPermission "clearProviderProperties.SunMSCAPI";
|
|
permission java.security.SecurityPermission "removeProviderProperty.SunMSCAPI";
|
|
};
|
|
|
|
grant codeBase "file:${{java.home}}/jre/lib/rt.jar" {
|
|
permission java.security.AllPermission;
|
|
};
|
|
|