annotate src/java.base/share/lib/security/default.policy @ 17433:0d194261f214

8185292: Stricter key generation Reviewed-by: mullan
author igerasim
date Fri, 13 Oct 2017 21:56:11 -0700
parents 6391a43c89ee
children
rev   line source
mullan@15206 1 //
mullan@15206 2 // Permissions required by modules stored in a run-time image and loaded
mullan@15206 3 // by the platform class loader.
mullan@15206 4 //
mullan@15206 5 // NOTE that this file is not intended to be modified. If additional
mullan@15206 6 // permissions need to be granted to the modules in this file, it is
mullan@15206 7 // recommended that they be configured in a separate policy file or
mullan@15206 8 // ${java.home}/conf/security/java.policy.
mullan@15206 9 //
mullan@15206 10
mullan@15206 11 grant codeBase "jrt:/java.activation" {
mullan@15206 12 permission java.security.AllPermission;
mullan@15206 13 };
mullan@15206 14
mullan@15206 15 grant codeBase "jrt:/java.compiler" {
mullan@15206 16 permission java.security.AllPermission;
mullan@15206 17 };
mullan@15206 18
mullan@15206 19 grant codeBase "jrt:/java.corba" {
mullan@15206 20 permission java.security.AllPermission;
mullan@15206 21 };
mullan@15206 22
mullan@15206 23 grant codeBase "jrt:/java.scripting" {
mullan@15206 24 permission java.security.AllPermission;
mullan@15206 25 };
mullan@15206 26
weijun@15207 27 grant codeBase "jrt:/java.security.jgss" {
weijun@15207 28 permission java.security.AllPermission;
weijun@15207 29 };
weijun@15207 30
mullan@15206 31 grant codeBase "jrt:/java.smartcardio" {
mullan@15206 32 permission javax.smartcardio.CardPermission "*", "*";
mullan@15206 33 permission java.lang.RuntimePermission "loadLibrary.j2pcsc";
mullan@15206 34 permission java.lang.RuntimePermission
mullan@15959 35 "accessClassInPackage.sun.security.jca";
mullan@15959 36 permission java.lang.RuntimePermission
mullan@15959 37 "accessClassInPackage.sun.security.util";
mullan@15959 38 permission java.util.PropertyPermission
mullan@15959 39 "javax.smartcardio.TerminalFactory.DefaultType", "read";
mullan@15959 40 permission java.util.PropertyPermission "os.name", "read";
mullan@15959 41 permission java.util.PropertyPermission "os.arch", "read";
mullan@15959 42 permission java.util.PropertyPermission "sun.arch.data.model", "read";
mullan@15959 43 permission java.util.PropertyPermission
mullan@15959 44 "sun.security.smartcardio.library", "read";
mullan@15959 45 permission java.util.PropertyPermission
mullan@15959 46 "sun.security.smartcardio.t0GetResponse", "read";
mullan@15959 47 permission java.util.PropertyPermission
mullan@15959 48 "sun.security.smartcardio.t1GetResponse", "read";
mullan@15959 49 permission java.util.PropertyPermission
mullan@15959 50 "sun.security.smartcardio.t1StripLe", "read";
mullan@15206 51 // needed for looking up native PC/SC library
mullan@15206 52 permission java.io.FilePermission "<<ALL FILES>>","read";
mullan@15206 53 permission java.security.SecurityPermission "putProviderProperty.SunPCSC";
mullan@15206 54 permission java.security.SecurityPermission
mullan@15206 55 "clearProviderProperties.SunPCSC";
mullan@15206 56 permission java.security.SecurityPermission
mullan@15206 57 "removeProviderProperty.SunPCSC";
mullan@15206 58 };
mullan@15206 59
mullan@15206 60 grant codeBase "jrt:/java.sql" {
mullan@15206 61 permission java.security.AllPermission;
mullan@15206 62 };
mullan@15206 63
mullan@15206 64 grant codeBase "jrt:/java.sql.rowset" {
mullan@15206 65 permission java.security.AllPermission;
mullan@15206 66 };
mullan@15206 67
mullan@15206 68 grant codeBase "jrt:/java.xml.bind" {
mchung@17222 69 permission java.security.AllPermission;
mullan@15206 70 };
mullan@15206 71
mullan@15206 72 grant codeBase "jrt:/java.xml.crypto" {
mullan@16502 73 permission java.lang.RuntimePermission
mullan@16502 74 "accessClassInPackage.sun.security.util";
mullan@15206 75 permission java.util.PropertyPermission "*", "read";
mullan@15206 76 permission java.security.SecurityPermission "putProviderProperty.XMLDSig";
mullan@15206 77 permission java.security.SecurityPermission
mullan@15206 78 "clearProviderProperties.XMLDSig";
mullan@15206 79 permission java.security.SecurityPermission
mullan@15206 80 "removeProviderProperty.XMLDSig";
mullan@15206 81 permission java.security.SecurityPermission
mullan@15206 82 "com.sun.org.apache.xml.internal.security.register";
mullan@15461 83 permission java.security.SecurityPermission
mullan@15461 84 "getProperty.jdk.xml.dsig.secureValidationPolicy";
mullan@16517 85 permission java.lang.RuntimePermission
mullan@16517 86 "accessClassInPackage.com.sun.org.apache.xml.internal.*";
mullan@16517 87 permission java.lang.RuntimePermission
mullan@16517 88 "accessClassInPackage.com.sun.org.apache.xpath.internal";
mullan@16517 89 permission java.lang.RuntimePermission
mullan@16517 90 "accessClassInPackage.com.sun.org.apache.xpath.internal.*";
mullan@15206 91 };
mullan@15206 92
mullan@15206 93 grant codeBase "jrt:/java.xml.ws" {
mchung@17222 94 permission java.security.AllPermission;
mchung@17222 95 };
mchung@17222 96
mchung@17222 97 grant codeBase "jrt:/jdk.accessibility" {
mchung@17222 98 permission java.lang.RuntimePermission "accessClassInPackage.sun.awt";
mullan@15206 99 };
mullan@15206 100
mullan@15206 101 grant codeBase "jrt:/jdk.charsets" {
mullan@15206 102 permission java.util.PropertyPermission "os.name", "read";
mullan@15206 103 permission java.util.PropertyPermission "sun.nio.cs.map", "read";
mullan@15206 104 permission java.lang.RuntimePermission "charsetProvider";
mullan@15206 105 permission java.lang.RuntimePermission
mullan@15206 106 "accessClassInPackage.jdk.internal.misc";
mullan@15206 107 permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.cs";
mullan@15206 108 };
mullan@15206 109
mullan@15206 110 grant codeBase "jrt:/jdk.crypto.ec" {
mullan@15206 111 permission java.lang.RuntimePermission
mullan@15206 112 "accessClassInPackage.sun.security.*";
mullan@15206 113 permission java.lang.RuntimePermission "loadLibrary.sunec";
mullan@15206 114 permission java.security.SecurityPermission "putProviderProperty.SunEC";
mullan@15206 115 permission java.security.SecurityPermission "clearProviderProperties.SunEC";
mullan@15206 116 permission java.security.SecurityPermission "removeProviderProperty.SunEC";
mullan@15206 117 };
mullan@15206 118
ascarpino@16544 119 grant codeBase "jrt:/jdk.crypto.cryptoki" {
mullan@15206 120 permission java.lang.RuntimePermission
mullan@15206 121 "accessClassInPackage.sun.security.*";
mullan@15206 122 permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
mullan@15206 123 permission java.lang.RuntimePermission "loadLibrary.j2pkcs11";
mullan@15888 124 permission java.util.PropertyPermission "sun.security.pkcs11.allowSingleThreadedModules", "read";
mullan@15888 125 permission java.util.PropertyPermission "os.name", "read";
mullan@15888 126 permission java.util.PropertyPermission "os.arch", "read";
igerasim@17433 127 permission java.util.PropertyPermission "jdk.crypto.KeyAgreement.legacyKDF", "read";
mullan@15206 128 permission java.security.SecurityPermission "putProviderProperty.*";
mullan@15206 129 permission java.security.SecurityPermission "clearProviderProperties.*";
mullan@15206 130 permission java.security.SecurityPermission "removeProviderProperty.*";
mullan@15206 131 permission java.security.SecurityPermission
mullan@15206 132 "getProperty.auth.login.defaultCallbackHandler";
mullan@15206 133 permission java.security.SecurityPermission "authProvider.*";
mullan@15206 134 // Needed for reading PKCS11 config file and NSS library check
mullan@15206 135 permission java.io.FilePermission "<<ALL FILES>>", "read";
mullan@15206 136 };
mullan@15206 137
mchung@17222 138 grant codeBase "jrt:/jdk.desktop" {
mchung@17222 139 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.awt";
mchung@17222 140 };
mchung@17222 141
mullan@15206 142 grant codeBase "jrt:/jdk.dynalink" {
mullan@15206 143 permission java.security.AllPermission;
mullan@15206 144 };
mullan@15206 145
mullan@15206 146 grant codeBase "jrt:/jdk.internal.le" {
mullan@15206 147 permission java.security.AllPermission;
mullan@15206 148 };
mullan@15206 149
mchung@17222 150 grant codeBase "jrt:/jdk.internal.vm.compiler" {
mchung@17222 151 permission java.security.AllPermission;
mchung@17222 152 };
mchung@17222 153
mullan@15206 154 grant codeBase "jrt:/jdk.jsobject" {
mullan@15206 155 permission java.security.AllPermission;
mullan@15206 156 };
mullan@15206 157
mullan@15206 158 grant codeBase "jrt:/jdk.localedata" {
mullan@15206 159 permission java.lang.RuntimePermission "accessClassInPackage.sun.text.*";
mullan@15206 160 permission java.lang.RuntimePermission "accessClassInPackage.sun.util.*";
mullan@15206 161 };
mullan@15206 162
mullan@15206 163 grant codeBase "jrt:/jdk.naming.dns" {
mullan@15206 164 permission java.security.AllPermission;
mullan@15206 165 };
mullan@15206 166
mullan@15206 167 grant codeBase "jrt:/jdk.scripting.nashorn" {
mullan@15206 168 permission java.security.AllPermission;
mullan@15206 169 };
mullan@15206 170
mullan@15206 171 grant codeBase "jrt:/jdk.scripting.nashorn.shell" {
mullan@15206 172 permission java.security.AllPermission;
mullan@15206 173 };
mullan@15206 174
weijun@15207 175 grant codeBase "jrt:/jdk.security.auth" {
weijun@15207 176 permission java.security.AllPermission;
weijun@15207 177 };
weijun@15207 178
weijun@15207 179 grant codeBase "jrt:/jdk.security.jgss" {
weijun@15207 180 permission java.security.AllPermission;
weijun@15207 181 };
weijun@15207 182
mullan@15206 183 grant codeBase "jrt:/jdk.zipfs" {
mullan@15206 184 permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
mullan@15206 185 permission java.lang.RuntimePermission "fileSystemProvider";
sherman@16031 186 permission java.util.PropertyPermission "os.name", "read";
mullan@15206 187 };
mullan@15206 188
mullan@16541 189 // permissions needed by applications using java.desktop module
mullan@16541 190 grant {
mullan@16541 191 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.beans";
mullan@16541 192 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.beans.*";
mullan@16541 193 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.java.swing.plaf.*";
mullan@16541 194 permission java.lang.RuntimePermission "accessClassInPackage.com.apple.*";
mullan@16541 195 };