view test/sun/security/provider/PolicyFile/modules.policy @ 13901:b2a69d66dc65

8142968: Module System implementation Summary: Initial integration of JEP 200, JEP 260, JEP 261, and JEP 282 Reviewed-by: alanb, mchung, naoto, rriggs, psandoz, plevart, mullan, ascarpino, vinnie, prr, sherman, dfuchs, mhaupt Contributed-by: alan.bateman@oracle.com, alex.buckley@oracle.com, jonathan.gibbons@oracle.com, karen.kinnear@oracle.com, mandy.chung@oracle.com, mark.reinhold@oracle.com, chris.hegarty@oracle.com, alexandr.scherbatiy@oracle.com, amy.lu@oracle.com, calvin.cheung@oracle.com, daniel.fuchs@oracle.com, erik.joelsson@oracle.com, harold.seigel@oracle.com, jaroslav.bachorik@oracle.com, jean-francois.denise@oracle.com, jan.lahoda@oracle.com, james.laskey@oracle.com, lois.foltan@oracle.com, miroslav.kos@oracle.com, huaming.li@oracle.com, sean.mullan@oracle.com, naoto.sato@oracle.com, masayoshi.okutsu@oracle.com, peter.levart@gmail.com, philip.race@oracle.com, claes.redestad@oracle.com, sergey.bylokhov@oracle.com, alexandre.iline@oracle.com, volker.simonis@gmail.com, staffan.larsen@oracle.com, stuart.marks@oracle.com, semyon.sadetsky@oracle.com, serguei.spitsyn@oracle.com, sundararajan.athijegannathan@oracle.com, valerie.peng@oracle.com, vincent.x.ryan@oracle.com, weijun.wang@oracle.com, yuri.nesterenko@oracle.com, yekaterina.kantserova@oracle.com, alexander.kulyakhtin@oracle.com, felix.yang@oracle.com, andrei.eremeev@oracle.com, frank.yuan@oracle.com, sergei.pikalev@oracle.com, sibabrata.sahoo@oracle.com, tiantian.du@oracle.com, sha.jiang@oracle.com
author alanb
date Thu, 17 Mar 2016 19:04:16 +0000
parents
children
line wrap: on
line source
grant {
    // java.base module
    permission java.io.SerializablePermission "enableSubstitution";
    permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
    permission java.nio.file.LinkPermission "hard";
    permission javax.net.ssl.SSLPermission "getSSLSessionContext";
    permission javax.security.auth.AuthPermission "doAsPrivileged";
    permission javax.security.auth.PrivateCredentialPermission "* * \"*\"",
                                                               "read";
    // java.base module (@jdk.Exported Permissions)
    permission jdk.net.NetworkPermission "setOption.SO_FLOW_SLA";
    // java.desktop module
    permission java.awt.AWTPermission "createRobot";
    permission javax.sound.sampled.AudioPermission "play";
    // java.logging module
    permission java.util.logging.LoggingPermission "control", "";
    // java.management module
    permission java.lang.management.ManagementPermission "control";
    permission javax.management.MBeanPermission "*", "getAttribute";
    permission javax.management.MBeanServerPermission "createMBeanServer";
    permission javax.management.MBeanTrustPermission "register";
    permission javax.management.remote.SubjectDelegationPermission "*";
    // java.security.jgss module
    permission javax.security.auth.kerberos.DelegationPermission "\"*\" \"*\"";
    permission javax.security.auth.kerberos.ServicePermission "*", "accept";
    // java.sql module
    permission java.sql.SQLPermission "setLog";
    // javax.xml.bind module
    permission javax.xml.bind.JAXBPermission "setDatatypeConverter";
    // javax.xml.ws module
    permission javax.xml.ws.WebServicePermission "publishEndpoint";
    // java.smartcardio module
    permission javax.smartcardio.CardPermission "*", "*";
    // jdk.attach module (@jdk.Exported Permissions)
    permission com.sun.tools.attach.AttachPermission "attachVirtualMachine";
    // jdk.jdi module (@jdk.Exported Permissions)
    permission com.sun.jdi.JDIPermission "virtualMachineManager";
    // jdk.security.jgss module (@jdk.Exported Permissions)
    permission com.sun.security.jgss.InquireSecContextPermission "*"; 
};

grant
    // java.base module
    principal javax.security.auth.x500.X500Principal "CN=Duke",
    // java.management module
    principal javax.management.remote.JMXPrincipal "Duke",
    // java.security.jgss module
    principal javax.security.auth.kerberos.KerberosPrincipal "duke@openjdk.org",
    // jdk.security.auth module (@jdk.Exported Principals)
    principal com.sun.security.auth.UserPrincipal "Duke",
    principal com.sun.security.auth.NTDomainPrincipal "openjdk.org",
    principal com.sun.security.auth.NTSid
        "S-1-5-21-3623811015-3361044348-30300820-1013",
    principal com.sun.security.auth.NTUserPrincipal "Duke",
    principal com.sun.security.auth.UnixNumericUserPrincipal "0",
    principal com.sun.security.auth.UnixPrincipal "duke" {
    permission java.util.PropertyPermission "user.home", "read";
};

grant
    // java.security.jgss module
    principal javax.security.auth.kerberos.KerberosPrincipal "duke@openjdk.org"
{
    // test that ${{self}} expansion works 
    permission javax.security.auth.kerberos.ServicePermission "${{self}}",
                                                              "accept";
};