mirror of
https://github.com/kaboomserver/server.git
synced 2024-12-22 23:55:18 +00:00
239 lines
10 KiB
Text
239 lines
10 KiB
Text
//
|
|
// Permissions required by modules stored in a run-time image and loaded
|
|
// by the platform class loader.
|
|
//
|
|
// NOTE that this file is not intended to be modified. If additional
|
|
// permissions need to be granted to the modules in this file, it is
|
|
// recommended that they be configured in a separate policy file or
|
|
// ${java.home}/conf/security/java.policy.
|
|
//
|
|
|
|
|
|
grant codeBase "jrt:/java.compiler" {
|
|
permission java.security.AllPermission;
|
|
};
|
|
|
|
|
|
grant codeBase "jrt:/java.net.http" {
|
|
permission java.lang.RuntimePermission "accessClassInPackage.sun.net";
|
|
permission java.lang.RuntimePermission "accessClassInPackage.sun.net.util";
|
|
permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www";
|
|
permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.misc";
|
|
permission java.net.SocketPermission "*","connect,resolve";
|
|
permission java.net.URLPermission "http:*","*:*";
|
|
permission java.net.URLPermission "https:*","*:*";
|
|
permission java.net.URLPermission "ws:*","*:*";
|
|
permission java.net.URLPermission "wss:*","*:*";
|
|
permission java.net.URLPermission "socket:*","CONNECT"; // proxy
|
|
// For request/response body processors, fromFile, asFile
|
|
permission java.io.FilePermission "<<ALL FILES>>","read,write,delete";
|
|
permission java.util.PropertyPermission "*","read";
|
|
permission java.net.NetPermission "getProxySelector";
|
|
};
|
|
|
|
grant codeBase "jrt:/java.scripting" {
|
|
permission java.security.AllPermission;
|
|
};
|
|
|
|
grant codeBase "jrt:/java.security.jgss" {
|
|
permission java.security.AllPermission;
|
|
};
|
|
|
|
grant codeBase "jrt:/java.smartcardio" {
|
|
permission javax.smartcardio.CardPermission "*", "*";
|
|
permission java.lang.RuntimePermission "loadLibrary.j2pcsc";
|
|
permission java.lang.RuntimePermission
|
|
"accessClassInPackage.sun.security.jca";
|
|
permission java.lang.RuntimePermission
|
|
"accessClassInPackage.sun.security.util";
|
|
permission java.util.PropertyPermission
|
|
"javax.smartcardio.TerminalFactory.DefaultType", "read";
|
|
permission java.util.PropertyPermission "os.name", "read";
|
|
permission java.util.PropertyPermission "os.arch", "read";
|
|
permission java.util.PropertyPermission "sun.arch.data.model", "read";
|
|
permission java.util.PropertyPermission
|
|
"sun.security.smartcardio.library", "read";
|
|
permission java.util.PropertyPermission
|
|
"sun.security.smartcardio.t0GetResponse", "read";
|
|
permission java.util.PropertyPermission
|
|
"sun.security.smartcardio.t1GetResponse", "read";
|
|
permission java.util.PropertyPermission
|
|
"sun.security.smartcardio.t1StripLe", "read";
|
|
// needed for looking up native PC/SC library
|
|
permission java.io.FilePermission "<<ALL FILES>>","read";
|
|
permission java.security.SecurityPermission "putProviderProperty.SunPCSC";
|
|
permission java.security.SecurityPermission
|
|
"clearProviderProperties.SunPCSC";
|
|
permission java.security.SecurityPermission
|
|
"removeProviderProperty.SunPCSC";
|
|
};
|
|
|
|
grant codeBase "jrt:/java.sql" {
|
|
permission java.security.AllPermission;
|
|
};
|
|
|
|
grant codeBase "jrt:/java.sql.rowset" {
|
|
permission java.security.AllPermission;
|
|
};
|
|
|
|
|
|
grant codeBase "jrt:/java.xml.crypto" {
|
|
permission java.lang.RuntimePermission
|
|
"accessClassInPackage.sun.security.util";
|
|
permission java.util.PropertyPermission "*", "read";
|
|
permission java.security.SecurityPermission "putProviderProperty.XMLDSig";
|
|
permission java.security.SecurityPermission
|
|
"clearProviderProperties.XMLDSig";
|
|
permission java.security.SecurityPermission
|
|
"removeProviderProperty.XMLDSig";
|
|
permission java.security.SecurityPermission
|
|
"com.sun.org.apache.xml.internal.security.register";
|
|
permission java.security.SecurityPermission
|
|
"getProperty.jdk.xml.dsig.secureValidationPolicy";
|
|
permission java.lang.RuntimePermission
|
|
"accessClassInPackage.com.sun.org.apache.xml.internal.*";
|
|
permission java.lang.RuntimePermission
|
|
"accessClassInPackage.com.sun.org.apache.xpath.internal";
|
|
permission java.lang.RuntimePermission
|
|
"accessClassInPackage.com.sun.org.apache.xpath.internal.*";
|
|
};
|
|
|
|
|
|
grant codeBase "jrt:/jdk.accessibility" {
|
|
permission java.lang.RuntimePermission "accessClassInPackage.sun.awt";
|
|
};
|
|
|
|
grant codeBase "jrt:/jdk.attach" {
|
|
permission java.lang.RuntimePermission "accessClassInPackage.com.ibm.oti.util";
|
|
permission java.lang.RuntimePermission "accessClassInPackage.com.ibm.tools.attach.target";
|
|
permission java.lang.RuntimePermission "accessClassInPackage.openj9.tools.attach.diagnostics.base";
|
|
permission java.util.PropertyPermission "com.ibm.tools.attach.*", "read";
|
|
// required by com.ibm.tools.attach.attacher.OpenJ9AttachProvider.listVirtualMachinesImp():commonDir.exists(),
|
|
// com.ibm.tools.attach.target.Reply.writeReply():new RandomAccessFile(replyFile, "rw"),
|
|
// and com.ibm.tools.attach.target.Reply.deleteReply():replyFile.delete()
|
|
permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
|
|
// required by com.ibm.tools.attach.attacher.OpenJ9VirtualMachine.tryAttachTarget():targetServer.accept()
|
|
permission java.net.SocketPermission "localhost:1024-", "accept,resolve";
|
|
};
|
|
|
|
grant codeBase "jrt:/jdk.charsets" {
|
|
permission java.util.PropertyPermission "os.name", "read";
|
|
permission java.util.PropertyPermission "sun.nio.cs.map", "read";
|
|
permission java.lang.RuntimePermission "charsetProvider";
|
|
permission java.lang.RuntimePermission
|
|
"accessClassInPackage.jdk.internal.misc";
|
|
permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.cs";
|
|
};
|
|
|
|
grant codeBase "jrt:/jdk.crypto.ec" {
|
|
permission java.lang.RuntimePermission
|
|
"accessClassInPackage.sun.security.*";
|
|
permission java.lang.RuntimePermission "loadLibrary.sunec";
|
|
permission java.security.SecurityPermission "putProviderProperty.SunEC";
|
|
permission java.security.SecurityPermission "clearProviderProperties.SunEC";
|
|
permission java.security.SecurityPermission "removeProviderProperty.SunEC";
|
|
};
|
|
|
|
grant codeBase "jrt:/jdk.crypto.cryptoki" {
|
|
permission java.lang.RuntimePermission
|
|
"accessClassInPackage.sun.security.*";
|
|
permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
|
|
permission java.lang.RuntimePermission "loadLibrary.j2pkcs11";
|
|
permission java.util.PropertyPermission "sun.security.pkcs11.allowSingleThreadedModules", "read";
|
|
permission java.util.PropertyPermission "sun.security.pkcs11.disableKeyExtraction", "read";
|
|
permission java.util.PropertyPermission "os.name", "read";
|
|
permission java.util.PropertyPermission "os.arch", "read";
|
|
permission java.util.PropertyPermission "jdk.crypto.KeyAgreement.legacyKDF", "read";
|
|
permission java.security.SecurityPermission "putProviderProperty.*";
|
|
permission java.security.SecurityPermission "clearProviderProperties.*";
|
|
permission java.security.SecurityPermission "removeProviderProperty.*";
|
|
permission java.security.SecurityPermission
|
|
"getProperty.auth.login.defaultCallbackHandler";
|
|
permission java.security.SecurityPermission "authProvider.*";
|
|
// Needed for reading PKCS11 config file and NSS library check
|
|
permission java.io.FilePermission "<<ALL FILES>>", "read";
|
|
};
|
|
|
|
grant codeBase "jrt:/jdk.desktop" {
|
|
permission java.lang.RuntimePermission "accessClassInPackage.com.sun.awt";
|
|
};
|
|
|
|
grant codeBase "jrt:/jdk.dynalink" {
|
|
permission java.security.AllPermission;
|
|
};
|
|
|
|
grant codeBase "jrt:/jdk.httpserver" {
|
|
permission java.security.AllPermission;
|
|
};
|
|
|
|
grant codeBase "jrt:/jdk.internal.le" {
|
|
permission java.security.AllPermission;
|
|
};
|
|
|
|
grant codeBase "jrt:/jdk.internal.vm.compiler" {
|
|
permission java.security.AllPermission;
|
|
};
|
|
|
|
grant codeBase "jrt:/jdk.internal.vm.compiler.management" {
|
|
permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.hotspot";
|
|
permission java.lang.RuntimePermission "accessClassInPackage.jdk.vm.ci.runtime";
|
|
permission java.lang.RuntimePermission "accessClassInPackage.sun.management.spi";
|
|
permission java.lang.RuntimePermission "sun.management.spi.PlatformMBeanProvider.subclass";
|
|
};
|
|
|
|
grant codeBase "jrt:/jdk.jsobject" {
|
|
permission java.security.AllPermission;
|
|
};
|
|
|
|
grant codeBase "jrt:/jdk.localedata" {
|
|
permission java.lang.RuntimePermission "accessClassInPackage.sun.text.*";
|
|
permission java.lang.RuntimePermission "accessClassInPackage.sun.util.*";
|
|
};
|
|
|
|
grant codeBase "jrt:/jdk.naming.dns" {
|
|
permission java.security.AllPermission;
|
|
};
|
|
|
|
grant codeBase "jrt:/jdk.scripting.nashorn" {
|
|
permission java.security.AllPermission;
|
|
};
|
|
|
|
grant codeBase "jrt:/jdk.scripting.nashorn.shell" {
|
|
permission java.security.AllPermission;
|
|
};
|
|
|
|
grant codeBase "jrt:/jdk.security.auth" {
|
|
permission java.security.AllPermission;
|
|
};
|
|
|
|
grant codeBase "jrt:/jdk.security.jgss" {
|
|
permission java.security.AllPermission;
|
|
};
|
|
|
|
grant codeBase "jrt:/jdk.zipfs" {
|
|
permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
|
|
permission java.lang.RuntimePermission "fileSystemProvider";
|
|
permission java.util.PropertyPermission "os.name", "read";
|
|
};
|
|
|
|
grant codeBase "jrt:/openj9.cuda" {
|
|
permission java.util.PropertyPermission "com.ibm.oti.vm.library.version", "read";
|
|
permission java.lang.RuntimePermission "loadLibrary.cuda4j29";
|
|
};
|
|
|
|
grant codeBase "jrt:/openj9.gpu" {
|
|
permission java.lang.RuntimePermission "accessClassInPackage.com.ibm.gpu.spi";
|
|
permission com.ibm.gpu.GPUPermission "access";
|
|
permission java.util.PropertyPermission "com.ibm.gpu.verbose", "read";
|
|
permission java.util.PropertyPermission "com.ibm.gpu.enforce", "read";
|
|
permission java.util.PropertyPermission "com.ibm.gpu.enable", "read";
|
|
permission java.util.PropertyPermission "com.ibm.gpu.disable", "read";
|
|
};
|
|
|
|
// permissions needed by applications using java.desktop module
|
|
grant {
|
|
permission java.lang.RuntimePermission "accessClassInPackage.com.sun.beans";
|
|
permission java.lang.RuntimePermission "accessClassInPackage.com.sun.beans.*";
|
|
permission java.lang.RuntimePermission "accessClassInPackage.com.sun.java.swing.plaf.*";
|
|
permission java.lang.RuntimePermission "accessClassInPackage.com.apple.*";
|
|
};
|