2 // Permissions required by modules stored in a run-time image and loaded
3 // by the platform class loader.
5 // NOTE that this file is not intended to be modified. If additional
6 // permissions need to be granted to the modules in this file, it is
7 // recommended that they be configured in a separate policy file or
8 // ${java.home}/conf/security/java.policy.
12 grant codeBase "jrt:/java.compiler" {
13 permission java.security.AllPermission;
17 grant codeBase "jrt:/java.net.http" {
18 permission java.lang.RuntimePermission "accessClassInPackage.sun.net";
19 permission java.lang.RuntimePermission "accessClassInPackage.sun.net.util";
20 permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www";
21 permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.misc";
22 permission java.net.SocketPermission "*","connect,resolve";
23 permission java.net.URLPermission "http:*","*:*";
24 permission java.net.URLPermission "https:*","*:*";
25 permission java.net.URLPermission "ws:*","*:*";
26 permission java.net.URLPermission "wss:*","*:*";
27 permission java.net.URLPermission "socket:*","CONNECT"; // proxy
28 // For request/response body processors, fromFile, asFile
29 permission java.io.FilePermission "<<ALL FILES>>","read,write,delete";
30 permission java.util.PropertyPermission "*","read";
31 permission java.net.NetPermission "getProxySelector";
34 grant codeBase "jrt:/java.scripting" {
35 permission java.security.AllPermission;
38 grant codeBase "jrt:/java.security.jgss" {
39 permission java.security.AllPermission;
42 grant codeBase "jrt:/java.smartcardio" {
43 permission javax.smartcardio.CardPermission "*", "*";
44 permission java.lang.RuntimePermission "loadLibrary.j2pcsc";
45 permission java.lang.RuntimePermission
46 "accessClassInPackage.sun.security.jca";
47 permission java.lang.RuntimePermission
48 "accessClassInPackage.sun.security.util";
49 permission java.util.PropertyPermission
50 "javax.smartcardio.TerminalFactory.DefaultType", "read";
51 permission java.util.PropertyPermission "os.name", "read";
52 permission java.util.PropertyPermission "os.arch", "read";
53 permission java.util.PropertyPermission "sun.arch.data.model", "read";
54 permission java.util.PropertyPermission
55 "sun.security.smartcardio.library", "read";
56 permission java.util.PropertyPermission
57 "sun.security.smartcardio.t0GetResponse", "read";
58 permission java.util.PropertyPermission
59 "sun.security.smartcardio.t1GetResponse", "read";
60 permission java.util.PropertyPermission
61 "sun.security.smartcardio.t1StripLe", "read";
62 // needed for looking up native PC/SC library
63 permission java.io.FilePermission "<<ALL FILES>>","read";
64 permission java.security.SecurityPermission "putProviderProperty.SunPCSC";
65 permission java.security.SecurityPermission
66 "clearProviderProperties.SunPCSC";
67 permission java.security.SecurityPermission
68 "removeProviderProperty.SunPCSC";
71 grant codeBase "jrt:/java.sql" {
72 permission java.security.AllPermission;
75 grant codeBase "jrt:/java.sql.rowset" {
76 permission java.security.AllPermission;
80 grant codeBase "jrt:/java.xml.crypto" {
81 permission java.lang.RuntimePermission
82 "accessClassInPackage.sun.security.util";
83 permission java.util.PropertyPermission "*", "read";
84 permission java.security.SecurityPermission "putProviderProperty.XMLDSig";
85 permission java.security.SecurityPermission
86 "clearProviderProperties.XMLDSig";
87 permission java.security.SecurityPermission
88 "removeProviderProperty.XMLDSig";
89 permission java.security.SecurityPermission
90 "com.sun.org.apache.xml.internal.security.register";
91 permission java.security.SecurityPermission
92 "getProperty.jdk.xml.dsig.secureValidationPolicy";
93 permission java.lang.RuntimePermission
94 "accessClassInPackage.com.sun.org.apache.xml.internal.*";
95 permission java.lang.RuntimePermission
96 "accessClassInPackage.com.sun.org.apache.xpath.internal";
97 permission java.lang.RuntimePermission
98 "accessClassInPackage.com.sun.org.apache.xpath.internal.*";
102 grant codeBase "jrt:/jdk.accessibility" {
103 permission java.lang.RuntimePermission "accessClassInPackage.sun.awt";
106 grant codeBase "jrt:/jdk.charsets" {
107 permission java.util.PropertyPermission "os.name", "read";
108 permission java.util.PropertyPermission "sun.nio.cs.map", "read";
109 permission java.lang.RuntimePermission "charsetProvider";
110 permission java.lang.RuntimePermission
111 "accessClassInPackage.jdk.internal.misc";
112 permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.cs";
115 grant codeBase "jrt:/jdk.crypto.ec" {
116 permission java.lang.RuntimePermission
117 "accessClassInPackage.sun.security.*";
118 permission java.lang.RuntimePermission "loadLibrary.sunec";
119 permission java.security.SecurityPermission "putProviderProperty.SunEC";
120 permission java.security.SecurityPermission "clearProviderProperties.SunEC";
121 permission java.security.SecurityPermission "removeProviderProperty.SunEC";
124 grant codeBase "jrt:/jdk.crypto.cryptoki" {
125 permission java.lang.RuntimePermission
126 "accessClassInPackage.sun.security.*";
127 permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
128 permission java.lang.RuntimePermission "loadLibrary.j2pkcs11";
129 permission java.util.PropertyPermission "sun.security.pkcs11.allowSingleThreadedModules", "read";
130 permission java.util.PropertyPermission "os.name", "read";
131 permission java.util.PropertyPermission "os.arch", "read";
132 permission java.util.PropertyPermission "jdk.crypto.KeyAgreement.legacyKDF", "read";
133 permission java.security.SecurityPermission "putProviderProperty.*";
134 permission java.security.SecurityPermission "clearProviderProperties.*";
135 permission java.security.SecurityPermission "removeProviderProperty.*";
136 permission java.security.SecurityPermission
137 "getProperty.auth.login.defaultCallbackHandler";
138 permission java.security.SecurityPermission "authProvider.*";
139 // Needed for reading PKCS11 config file and NSS library check
140 permission java.io.FilePermission "<<ALL FILES>>", "read";
143 grant codeBase "jrt:/jdk.desktop" {
144 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.awt";
147 grant codeBase "jrt:/jdk.dynalink" {
148 permission java.security.AllPermission;
151 grant codeBase "jrt:/jdk.httpserver" {
152 permission java.security.AllPermission;
155 grant codeBase "jrt:/jdk.internal.le" {
156 permission java.security.AllPermission;
159 grant codeBase "jrt:/jdk.internal.vm.compiler" {
160 permission java.security.AllPermission;
163 grant codeBase "jrt:/jdk.internal.vm.compiler.management" {
164 permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.hotspot";
165 permission java.lang.RuntimePermission "accessClassInPackage.jdk.vm.ci.runtime";
166 permission java.lang.RuntimePermission "accessClassInPackage.sun.management.spi";
167 permission java.lang.RuntimePermission "sun.management.spi.PlatformMBeanProvider.subclass";
170 grant codeBase "jrt:/jdk.jsobject" {
171 permission java.security.AllPermission;
174 grant codeBase "jrt:/jdk.localedata" {
175 permission java.lang.RuntimePermission "accessClassInPackage.sun.text.*";
176 permission java.lang.RuntimePermission "accessClassInPackage.sun.util.*";
179 grant codeBase "jrt:/jdk.naming.dns" {
180 permission java.security.AllPermission;
183 grant codeBase "jrt:/jdk.scripting.nashorn" {
184 permission java.security.AllPermission;
187 grant codeBase "jrt:/jdk.scripting.nashorn.shell" {
188 permission java.security.AllPermission;
191 grant codeBase "jrt:/jdk.security.auth" {
192 permission java.security.AllPermission;
195 grant codeBase "jrt:/jdk.security.jgss" {
196 permission java.security.AllPermission;
199 grant codeBase "jrt:/jdk.zipfs" {
200 permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
201 permission java.lang.RuntimePermission "fileSystemProvider";
202 permission java.util.PropertyPermission "os.name", "read";
205 // permissions needed by applications using java.desktop module
207 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.beans";
208 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.beans.*";
209 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.java.swing.plaf.*";
210 permission java.lang.RuntimePermission "accessClassInPackage.com.apple.*";