1// 2// Permissions required by modules stored in a run-time image and loaded 3// by the platform class loader. 4// 5// NOTE that this file is not intended to be modified. If additional 6// permissions need to be granted to the modules in this file, it is 7// recommended that they be configured in a separate policy file or 8// ${java.home}/conf/security/java.policy. 9// 10 11 12grant codeBase "jrt:/java.compiler" { 13 permission java.security.AllPermission; 14}; 15 16 17grant codeBase "jrt:/java.net.http" { 18 permission java.lang.RuntimePermission "accessClassInPackage.sun.net"; 19 permission java.lang.RuntimePermission "accessClassInPackage.sun.net.util"; 20 permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www"; 21 permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.misc"; 22 permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.ref"; 23 permission java.lang.RuntimePermission "modifyThread"; 24 permission java.net.SocketPermission "*","connect,resolve"; 25 // required if the HTTPClient is configured to use a local bind address 26 permission java.net.SocketPermission "localhost:*","listen,resolve"; 27 permission java.net.URLPermission "http:*","*:*"; 28 permission java.net.URLPermission "https:*","*:*"; 29 permission java.net.URLPermission "ws:*","*:*"; 30 permission java.net.URLPermission "wss:*","*:*"; 31 permission java.net.URLPermission "socket:*","CONNECT"; // proxy 32 // For request/response body processors, fromFile, asFile 33 permission java.io.FilePermission "<<ALL FILES>>","read,write,delete"; 34 permission java.util.PropertyPermission "*","read"; 35 permission java.net.NetPermission "getProxySelector"; 36}; 37 38grant codeBase "jrt:/java.scripting" { 39 permission java.security.AllPermission; 40}; 41 42grant codeBase "jrt:/java.security.jgss" { 43 permission java.security.AllPermission; 44}; 45 46grant codeBase "jrt:/java.smartcardio" { 47 permission javax.smartcardio.CardPermission "*", "*"; 48 permission java.lang.RuntimePermission "loadLibrary.j2pcsc"; 49 permission java.lang.RuntimePermission 50 "accessClassInPackage.sun.security.jca"; 51 permission java.lang.RuntimePermission 52 "accessClassInPackage.sun.security.util"; 53 permission java.lang.RuntimePermission 54 "accessClassInPackage.jdk.internal.util"; 55 permission java.util.PropertyPermission 56 "javax.smartcardio.TerminalFactory.DefaultType", "read"; 57 permission java.util.PropertyPermission "os.name", "read"; 58 permission java.util.PropertyPermission "os.arch", "read"; 59 permission java.util.PropertyPermission "sun.arch.data.model", "read"; 60 permission java.util.PropertyPermission 61 "sun.security.smartcardio.library", "read"; 62 permission java.util.PropertyPermission 63 "sun.security.smartcardio.t0GetResponse", "read"; 64 permission java.util.PropertyPermission 65 "sun.security.smartcardio.t1GetResponse", "read"; 66 permission java.util.PropertyPermission 67 "sun.security.smartcardio.t1StripLe", "read"; 68 // needed for looking up native PC/SC library 69 permission java.io.FilePermission "<<ALL FILES>>","read"; 70 permission java.security.SecurityPermission "putProviderProperty.SunPCSC"; 71 permission java.security.SecurityPermission 72 "clearProviderProperties.SunPCSC"; 73 permission java.security.SecurityPermission 74 "removeProviderProperty.SunPCSC"; 75}; 76 77grant codeBase "jrt:/java.sql" { 78 permission java.security.AllPermission; 79}; 80 81grant codeBase "jrt:/java.sql.rowset" { 82 permission java.security.AllPermission; 83}; 84 85 86grant codeBase "jrt:/java.xml.crypto" { 87 permission java.lang.RuntimePermission 88 "getStackWalkerWithClassReference"; 89 permission java.lang.RuntimePermission 90 "accessClassInPackage.sun.security.util"; 91 permission java.util.PropertyPermission "*", "read"; 92 permission java.security.SecurityPermission "putProviderProperty.XMLDSig"; 93 permission java.security.SecurityPermission 94 "clearProviderProperties.XMLDSig"; 95 permission java.security.SecurityPermission 96 "removeProviderProperty.XMLDSig"; 97 permission java.security.SecurityPermission 98 "com.sun.org.apache.xml.internal.security.register"; 99 permission java.security.SecurityPermission 100 "getProperty.jdk.xml.dsig.hereFunctionSupported"; 101 permission java.security.SecurityPermission 102 "getProperty.jdk.xml.dsig.secureValidationPolicy"; 103 permission java.lang.RuntimePermission 104 "accessClassInPackage.com.sun.org.apache.xml.internal.*"; 105 permission java.lang.RuntimePermission 106 "accessClassInPackage.com.sun.org.apache.xpath.internal"; 107 permission java.lang.RuntimePermission 108 "accessClassInPackage.com.sun.org.apache.xpath.internal.*"; 109 permission java.io.FilePermission "<<ALL FILES>>","read"; 110 permission java.net.SocketPermission "*", "connect,resolve"; 111}; 112 113 114grant codeBase "jrt:/jdk.accessibility" { 115 permission java.lang.RuntimePermission "accessClassInPackage.sun.awt"; 116}; 117 118grant codeBase "jrt:/jdk.charsets" { 119 permission java.util.PropertyPermission "os.name", "read"; 120 permission java.lang.RuntimePermission "charsetProvider"; 121 permission java.lang.RuntimePermission 122 "accessClassInPackage.jdk.internal.access"; 123 permission java.lang.RuntimePermission 124 "accessClassInPackage.jdk.internal.misc"; 125 permission java.lang.RuntimePermission 126 "accessClassInPackage.jdk.internal.util"; 127 permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.cs"; 128}; 129 130grant codeBase "jrt:/jdk.crypto.ec" { 131 permission java.lang.RuntimePermission 132 "accessClassInPackage.sun.security.*"; 133 permission java.lang.RuntimePermission "loadLibrary.sunec"; 134 permission java.security.SecurityPermission "putProviderProperty.SunEC"; 135 permission java.security.SecurityPermission "clearProviderProperties.SunEC"; 136 permission java.security.SecurityPermission "removeProviderProperty.SunEC"; 137}; 138 139grant codeBase "jrt:/jdk.crypto.cryptoki" { 140 permission java.lang.RuntimePermission 141 "accessClassInPackage.com.sun.crypto.provider"; 142 permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.misc"; 143 permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.access"; 144 permission java.lang.RuntimePermission 145 "accessClassInPackage.sun.security.*"; 146 permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch"; 147 permission java.lang.RuntimePermission "loadLibrary.j2pkcs11"; 148 permission java.util.PropertyPermission "sun.security.pkcs11.allowSingleThreadedModules", "read"; 149 permission java.util.PropertyPermission "sun.security.pkcs11.disableKeyExtraction", "read"; 150 permission java.util.PropertyPermission "os.name", "read"; 151 permission java.util.PropertyPermission "os.arch", "read"; 152 permission java.util.PropertyPermission "jdk.crypto.KeyAgreement.legacyKDF", "read"; 153 permission java.security.SecurityPermission "putProviderProperty.*"; 154 permission java.security.SecurityPermission "clearProviderProperties.*"; 155 permission java.security.SecurityPermission "removeProviderProperty.*"; 156 permission java.security.SecurityPermission 157 "getProperty.auth.login.defaultCallbackHandler"; 158 permission java.security.SecurityPermission "authProvider.*"; 159 // Needed for reading PKCS11 config file and NSS library check 160 permission java.io.FilePermission "<<ALL FILES>>", "read"; 161}; 162 163grant codeBase "jrt:/jdk.dynalink" { 164 permission java.security.AllPermission; 165}; 166 167grant codeBase "jrt:/jdk.httpserver" { 168 permission java.security.AllPermission; 169}; 170 171grant codeBase "jrt:/jdk.internal.le" { 172 permission java.security.AllPermission; 173}; 174 175grant codeBase "jrt:/jdk.internal.vm.compiler" { 176 permission java.security.AllPermission; 177}; 178 179grant codeBase "jrt:/jdk.internal.vm.compiler.management" { 180 permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.vm.compiler.collections"; 181 permission java.lang.RuntimePermission "accessClassInPackage.jdk.vm.ci.runtime"; 182 permission java.lang.RuntimePermission "accessClassInPackage.jdk.vm.ci.services"; 183 permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.core.common"; 184 permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.debug"; 185 permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.hotspot"; 186 permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.options"; 187 permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.phases.common.jmx"; 188 permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.serviceprovider"; 189}; 190 191grant codeBase "jrt:/jdk.jsobject" { 192 permission java.security.AllPermission; 193}; 194 195grant codeBase "jrt:/jdk.localedata" { 196 permission java.lang.RuntimePermission "accessClassInPackage.sun.text.*"; 197 permission java.lang.RuntimePermission "accessClassInPackage.sun.util.*"; 198}; 199 200grant codeBase "jrt:/jdk.naming.dns" { 201 permission java.security.AllPermission; 202}; 203 204grant codeBase "jrt:/jdk.scripting.nashorn" { 205 permission java.security.AllPermission; 206}; 207 208grant codeBase "jrt:/jdk.scripting.nashorn.shell" { 209 permission java.security.AllPermission; 210}; 211 212grant codeBase "jrt:/jdk.security.auth" { 213 permission java.security.AllPermission; 214}; 215 216grant codeBase "jrt:/jdk.security.jgss" { 217 permission java.security.AllPermission; 218}; 219 220grant codeBase "jrt:/jdk.zipfs" { 221 permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete"; 222 permission java.lang.RuntimePermission "fileSystemProvider"; 223 permission java.lang.RuntimePermission "accessUserInformation"; 224 permission java.util.PropertyPermission "os.name", "read"; 225 permission java.util.PropertyPermission "user.dir", "read"; 226 permission java.util.PropertyPermission "user.name", "read"; 227}; 228 229// permissions needed by applications using java.desktop module 230grant { 231 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.beans"; 232 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.beans.*"; 233 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.java.swing.plaf.*"; 234 permission java.lang.RuntimePermission "accessClassInPackage.com.apple.*"; 235}; 236