8010464: Evolve java networking same origin policy
Reviewed-by: alanb, chegar, dsamersoff, weijun
diff --git a/test/java/net/HttpURLPermission/HttpURLPermissionTest.java b/test/java/net/HttpURLPermission/HttpURLPermissionTest.java
new file mode 100644
index 0000000..c2debe7
--- /dev/null
+++ b/test/java/net/HttpURLPermission/HttpURLPermissionTest.java
@@ -0,0 +1,203 @@
+/*
+ * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.net.HttpURLPermission;
+import java.io.*;
+
+/**
+ * @test
+ * @bug 8010464
+ */
+
+public class HttpURLPermissionTest {
+
+ // super class for all test types
+ abstract static class Test {
+ boolean expected;
+ abstract boolean execute();
+ };
+
+ // Tests URL part of implies() method. This is the main test.
+ static class URLImpliesTest extends Test {
+ String arg1, arg2;
+
+ URLImpliesTest(String arg1, String arg2, boolean expected) {
+ this.arg1 = arg1;
+ this.arg2 = arg2;
+ this.expected = expected;
+ }
+
+ boolean execute() {
+ HttpURLPermission p1 = new HttpURLPermission (arg1, "GET:*");
+ HttpURLPermission p2 = new HttpURLPermission (arg2, "GET:*");
+ boolean result = p1.implies(p2);
+ return result == expected;
+ }
+ };
+
+ static URLImpliesTest imtest(String arg1, String arg2, boolean expected) {
+ return new URLImpliesTest(arg1, arg2, expected);
+ }
+
+ static class ActionImpliesTest extends Test {
+ String arg1, arg2;
+
+ ActionImpliesTest(String arg1, String arg2, boolean expected) {
+ this.arg1 = arg1;
+ this.arg2 = arg2;
+ this.expected = expected;
+ }
+
+ boolean execute() {
+ String url1 = "http://www.foo.com/-";
+ String url2 = "http://www.foo.com/a/b";
+ HttpURLPermission p1 = new HttpURLPermission(url1, arg1);
+ HttpURLPermission p2 = new HttpURLPermission(url2, arg2);
+ boolean result = p1.implies(p2);
+ return result == expected;
+ }
+ }
+
+ static ActionImpliesTest actest(String arg1, String arg2, boolean expected) {
+ return new ActionImpliesTest(arg1, arg2, expected);
+ }
+
+ static Test[] pathImplies = {
+ // single
+ imtest("http://www.foo.com/", "http://www.foo.com/", true),
+ imtest("http://www.bar.com/", "http://www.foo.com/", false),
+ imtest("http://www.foo.com/a/b", "http://www.foo.com/", false),
+ imtest("http://www.foo.com/a/b", "http://www.foo.com/a/b/c", false),
+ // wildcard
+ imtest("http://www.foo.com/a/b/*", "http://www.foo.com/a/b/c", true),
+ imtest("http://www.foo.com/a/b/*", "http://www.foo.com/a/b/*", true),
+ imtest("http://www.foo.com/a/b/*", "http://www.foo.com/a/b/c#frag", true),
+ imtest("http://www.foo.com/a/b/*", "http://www.foo.com/a/b/c#frag?foo=foo", true),
+ imtest("http://www.foo.com/a/b/*", "http://www.foo.com/b/b/c", false),
+ imtest("http://www.foo.com/a/b/*", "http://www.foo.com/a/b/c.html", true),
+ imtest("http://www.foo.com/a/b/*", "http://www.foo.com/a/b/c.html", true),
+ imtest("http://www.foo.com/a/b/*", "https://www.foo.com/a/b/c", false),
+ // recursive
+ imtest("http://www.foo.com/a/b/-", "http://www.foo.com/a/b/-", true),
+ imtest("http://www.foo.com/a/b/-", "http://www.foo.com/a/b/c", true),
+ imtest("http://www.foo.com/a/b/-", "http://www.foo.com/a/b/c#frag", true),
+ imtest("http://www.foo.com/a/b/-", "http://www.foo.com/a/b/c#frag?foo=foo", true),
+ imtest("http://www.foo.com/a/b/-", "http://www.foo.com/b/b/c", false),
+ imtest("http://www.foo.com/a/b/-", "http://www.foo.com/a/b/c.html", true),
+ imtest("http://www.foo.com/a/b/-", "http://www.foo.com/a/b/c.html", true),
+ imtest("http://www.foo.com/a/b/-", "http://www.foo.com/a/b/c/d/e.html", true),
+ imtest("https://www.foo.com/a/b/-", "http://www.foo.com/a/b/c/d/e.html", false),
+ imtest("http://www.foo.com/a/b/-", "http://www.foo.com/a/b/c/d/e#frag", true),
+ imtest("http://www.foo.com/a/b/-", "https://www.foo.com/a/b/c", false),
+ // special cases
+ imtest("http:*", "https://www.foo.com/a/b/c", false),
+ imtest("http:*", "http://www.foo.com/a/b/c", true),
+ imtest("http:*", "http://foo/bar", true),
+ imtest("http://foo/bar", "https://foo/bar", false)
+ };
+
+ static Test[] actionImplies = {
+ actest("GET", "GET", true),
+ actest("GET", "POST", false),
+ actest("GET:", "PUT", false),
+ actest("GET:", "GET", true),
+ actest("GET,POST", "GET", true),
+ actest("GET,POST:", "GET", true),
+ actest("GET:X-Foo", "GET:x-foo", true),
+ actest("GET:X-Foo,X-bar", "GET:x-foo", true),
+ actest("GET:X-Foo", "GET:x-boo", false),
+ actest("GET:X-Foo,X-Bar", "GET:x-bar,x-foo", true),
+ actest("GET:X-Bar,X-Foo,X-Bar,Y-Foo", "GET:x-bar,x-foo", true),
+ actest("GET:*", "GET:x-bar,x-foo", true),
+ actest("*:*", "GET:x-bar,x-foo", true)
+ };
+
+ static boolean failed = false;
+
+ public static void main(String args[]) throws Exception {
+ for (int i=0; i<pathImplies.length ; i++) {
+ URLImpliesTest test = (URLImpliesTest)pathImplies[i];
+ Exception caught = null;
+ boolean result = false;
+ try {
+ result = test.execute();
+ } catch (Exception e) {
+ caught = e;
+ e.printStackTrace();
+ }
+ if (!result) {
+ failed = true;
+ System.out.println ("test failed: " + test.arg1 + ": " +
+ test.arg2 + " Exception: " + caught);
+ }
+ System.out.println ("path test " + i + " OK");
+
+ }
+ for (int i=0; i<actionImplies.length ; i++) {
+ ActionImpliesTest test = (ActionImpliesTest)actionImplies[i];
+ Exception caught = null;
+ boolean result = false;
+ try {
+ result = test.execute();
+ } catch (Exception e) {
+ caught = e;
+ e.printStackTrace();
+ }
+ if (!result) {
+ failed = true;
+ System.out.println ("test failed: " + test.arg1 + ": " +
+ test.arg2 + " Exception: " + caught);
+ }
+ System.out.println ("action test " + i + " OK");
+ }
+
+ serializationTest("http://www.foo.com/-", "GET,DELETE:*");
+ serializationTest("https://www.foo.com/-", "POST:X-Foo");
+ serializationTest("https:*", "*:*");
+ serializationTest("http://www.foo.com/a/b/s/", "POST:X-Foo");
+ serializationTest("http://www.foo.com/a/b/s/*", "POST:X-Foo");
+
+ if (failed) {
+ throw new RuntimeException("some tests failed");
+ }
+
+ }
+
+ static void serializationTest(String name, String actions)
+ throws Exception {
+
+ HttpURLPermission out = new HttpURLPermission(name, actions);
+ FileOutputStream fos = new FileOutputStream("out.ser");
+ ObjectOutputStream o = new ObjectOutputStream(fos);
+ o.writeObject(out);
+ FileInputStream fis = new FileInputStream("out.ser");
+ ObjectInputStream i = new ObjectInputStream(fis);
+ HttpURLPermission in = (HttpURLPermission)i.readObject();
+ if (!in.equals(out)) {
+ System.out.println ("FAIL");
+ System.out.println ("in = " + in);
+ System.out.println ("out = " + out);
+ failed = true;
+ }
+ }
+}
diff --git a/test/java/net/HttpURLPermission/URLTest.java b/test/java/net/HttpURLPermission/URLTest.java
new file mode 100644
index 0000000..8aef8a1
--- /dev/null
+++ b/test/java/net/HttpURLPermission/URLTest.java
@@ -0,0 +1,240 @@
+/*
+ * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.net.HttpURLPermission;
+/*
+ * Run the tests once without security manager and once with
+ *
+ * @test
+ * @bug 8010464
+ * @compile ../../../com/sun/net/httpserver/SimpleSSLContext.java
+ * @run main/othervm/policy=policy.1 URLTest one
+ * @run main/othervm URLTest one
+ * @run main/othervm/policy=policy.2 URLTest two
+ * @run main/othervm URLTest two
+ * @run main/othervm/policy=policy.3 URLTest three
+ * @run main/othervm URLTest three
+ */
+
+import java.net.*;
+import java.io.*;
+import java.util.*;
+import java.util.concurrent.*;
+import java.util.logging.*;
+import com.sun.net.httpserver.*;
+import javax.net.ssl.*;
+
+public class URLTest {
+ static boolean failed = false;
+
+ public static void main (String[] args) throws Exception {
+ boolean no = false, yes = true;
+
+ if (System.getSecurityManager() == null) {
+ yes = false;
+ }
+ createServers();
+ InetSocketAddress addr1 = httpServer.getAddress();
+ int port1 = addr1.getPort();
+ InetSocketAddress addr2 = httpsServer.getAddress();
+ int port2 = addr2.getPort();
+
+ // each of the following cases is run with a different policy file
+
+ switch (args[0]) {
+ case "one":
+ String url1 = "http://127.0.0.1:"+ port1 + "/foo.html";
+ String url2 = "https://127.0.0.1:"+ port2 + "/foo.html";
+ String url3 = "http://127.0.0.1:"+ port1 + "/bar.html";
+ String url4 = "https://127.0.0.1:"+ port2 + "/bar.html";
+
+ // simple positive test. Should succceed
+ test(url1, "GET", "X-Foo", no);
+ test(url1, "GET", "Z-Bar", "X-Foo", no);
+ test(url1, "GET", "X-Foo", "Z-Bar", no);
+ test(url1, "GET", "Z-Bar", no);
+ test(url2, "POST", "X-Fob", no);
+
+ // reverse the methods, should fail
+ test(url1, "POST", "X-Foo", yes);
+ test(url2, "GET", "X-Fob", yes);
+
+ // different URLs, should fail
+ test(url3, "GET", "X-Foo", yes);
+ test(url4, "POST", "X-Fob", yes);
+ break;
+
+ case "two":
+ url1 = "http://127.0.0.1:"+ port1 + "/foo.html";
+ url2 = "https://127.0.0.1:"+ port2 + "/foo.html";
+ url3 = "http://127.0.0.1:"+ port1 + "/bar.html";
+ url4 = "https://127.0.0.1:"+ port2 + "/bar.html";
+
+ // simple positive test. Should succceed
+ test(url1, "GET", "X-Foo", no);
+ test(url2, "POST", "X-Fob", no);
+ test(url3, "GET", "X-Foo", no);
+ test(url4, "POST", "X-Fob", no);
+ break;
+
+ case "three":
+ url1 = "http://127.0.0.1:"+ port1 + "/foo.html";
+ url2 = "https://127.0.0.1:"+ port2 + "/a/c/d/e/foo.html";
+ url3 = "http://127.0.0.1:"+ port1 + "/a/b/c";
+ url4 = "https://127.0.0.1:"+ port2 + "/a/b/c";
+
+ test(url1, "GET", "X-Foo", yes);
+ test(url2, "POST", "X-Zxc", no);
+ test(url3, "DELETE", "Y-Foo", no);
+ test(url4, "POST", "Y-Foo", yes);
+ break;
+ }
+ shutdown();
+ if (failed) {
+ throw new RuntimeException("Test failed");
+ }
+ }
+
+ public static void test (
+ String u, String method,
+ String header, boolean exceptionExpected
+ )
+ throws Exception
+ {
+ test(u, method, header, null, exceptionExpected);
+ }
+
+ public static void test (
+ String u, String method,
+ String header1, String header2, boolean exceptionExpected
+ )
+ throws Exception
+ {
+ URL url = new URL(u);
+ System.out.println ("url=" + u + " method="+method + " header1="+header1
+ +" header2 = " + header2
+ +" exceptionExpected="+exceptionExpected);
+ HttpURLConnection urlc = (HttpURLConnection)url.openConnection();
+ if (urlc instanceof HttpsURLConnection) {
+ HttpsURLConnection ssl = (HttpsURLConnection)urlc;
+ ssl.setHostnameVerifier(new HostnameVerifier() {
+ public boolean verify(String host, SSLSession sess) {
+ return true;
+ }
+ });
+ ssl.setSSLSocketFactory (ctx.getSocketFactory());
+ }
+ urlc.setRequestMethod(method);
+ if (header1 != null) {
+ urlc.addRequestProperty(header1, "foo");
+ }
+ if (header2 != null) {
+ urlc.addRequestProperty(header2, "bar");
+ }
+ try {
+ int g = urlc.getResponseCode();
+ if (exceptionExpected) {
+ failed = true;
+ System.out.println ("FAIL");
+ return;
+ }
+ if (g != 200) {
+ String s = Integer.toString(g);
+ throw new RuntimeException("unexpected response "+ s);
+ }
+ InputStream is = urlc.getInputStream();
+ int c,count=0;
+ byte[] buf = new byte[1024];
+ while ((c=is.read(buf)) != -1) {
+ count += c;
+ }
+ is.close();
+ } catch (RuntimeException e) {
+ if (! (e instanceof SecurityException) &&
+ !(e.getCause() instanceof SecurityException) ||
+ !exceptionExpected)
+ {
+ System.out.println ("FAIL");
+ //e.printStackTrace();
+ failed = true;
+ }
+ }
+ System.out.println ("OK");
+ }
+
+ static HttpServer httpServer;
+ static HttpsServer httpsServer;
+ static HttpContext c, cs;
+ static ExecutorService e, es;
+ static SSLContext ctx;
+
+ // These ports need to be hard-coded until we support port number
+ // ranges in the permission class
+
+ static final int PORT1 = 12567;
+ static final int PORT2 = 12568;
+
+ static void createServers() throws Exception {
+ InetSocketAddress addr1 = new InetSocketAddress (PORT1);
+ InetSocketAddress addr2 = new InetSocketAddress (PORT2);
+ httpServer = HttpServer.create (addr1, 0);
+ httpsServer = HttpsServer.create (addr2, 0);
+
+ MyHandler h = new MyHandler();
+
+ c = httpServer.createContext ("/", h);
+ cs = httpsServer.createContext ("/", h);
+ e = Executors.newCachedThreadPool();
+ es = Executors.newCachedThreadPool();
+ httpServer.setExecutor (e);
+ httpsServer.setExecutor (es);
+
+ // take the keystore from elsewhere in test hierarchy
+ String keysdir = System.getProperty("test.src")
+ + "/../../../com/sun/net/httpserver/";
+ ctx = new SimpleSSLContext(keysdir).get();
+ httpsServer.setHttpsConfigurator(new HttpsConfigurator (ctx));
+
+ httpServer.start();
+ httpsServer.start();
+ }
+
+ static void shutdown() {
+ httpServer.stop(1);
+ httpsServer.stop(1);
+ e.shutdown();
+ es.shutdown();
+ }
+
+ static class MyHandler implements HttpHandler {
+
+ MyHandler() {
+ }
+
+ public void handle(HttpExchange x) throws IOException {
+ x.sendResponseHeaders(200, -1);
+ x.close();
+ }
+ }
+
+}
diff --git a/test/java/net/HttpURLPermission/policy.1 b/test/java/net/HttpURLPermission/policy.1
new file mode 100644
index 0000000..73fdb00
--- /dev/null
+++ b/test/java/net/HttpURLPermission/policy.1
@@ -0,0 +1,48 @@
+//
+// Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+// DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+//
+// This code is free software; you can redistribute it and/or modify it
+// under the terms of the GNU General Public License version 2 only, as
+// published by the Free Software Foundation.
+//
+// This code is distributed in the hope that it will be useful, but WITHOUT
+// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+// FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+// version 2 for more details (a copy is included in the LICENSE file that
+// accompanied this code).
+//
+// You should have received a copy of the GNU General Public License version
+// 2 along with this work; if not, write to the Free Software Foundation,
+// Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+// or visit www.oracle.com if you need additional information or have any
+// questions.
+//
+
+grant {
+ permission java.net.HttpURLPermission "http://127.0.0.1:12567/foo.html", "GET:X-Foo,Z-Bar";
+ permission java.net.HttpURLPermission "https://127.0.0.1:12568/foo.html", "POST:X-Fob,T-Bar";
+
+ // needed for HttpServer
+ permission "java.net.SocketPermission" "localhost:1024-", "listen,resolve,accept";
+ permission "java.util.PropertyPermission" "test.src", "read";
+ permission java.io.FilePermission "${test.src}/../../../com/sun/net/httpserver/testkeys", "read";
+
+ //permission "java.util.logging.LoggingPermission" "control";
+ //permission "java.io.FilePermission" "/tmp/-", "read,write";
+ permission "java.lang.RuntimePermission" "modifyThread";
+ permission "java.lang.RuntimePermission" "setFactory";
+};
+
+// Normal permissions that aren't granted when run under jtreg
+
+grant codeBase "file:${{java.ext.dirs}}/*" {
+ permission java.security.AllPermission;
+};
+
+grant codeBase "file:${{java.home}}/jre/lib/rt.jar" {
+ permission java.security.AllPermission;
+};
+
diff --git a/test/java/net/HttpURLPermission/policy.2 b/test/java/net/HttpURLPermission/policy.2
new file mode 100644
index 0000000..ad86840
--- /dev/null
+++ b/test/java/net/HttpURLPermission/policy.2
@@ -0,0 +1,46 @@
+//
+// Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+// DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+//
+// This code is free software; you can redistribute it and/or modify it
+// under the terms of the GNU General Public License version 2 only, as
+// published by the Free Software Foundation.
+//
+// This code is distributed in the hope that it will be useful, but WITHOUT
+// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+// FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+// version 2 for more details (a copy is included in the LICENSE file that
+// accompanied this code).
+//
+// You should have received a copy of the GNU General Public License version
+// 2 along with this work; if not, write to the Free Software Foundation,
+// Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+// or visit www.oracle.com if you need additional information or have any
+// questions.
+//
+
+grant {
+ permission java.net.HttpURLPermission "http://127.0.0.1:12567/*", "GET:X-Foo";
+ permission java.net.HttpURLPermission "https://127.0.0.1:12568/*", "POST:X-Fob";
+
+ // needed for HttpServer
+ permission "java.net.SocketPermission" "localhost:1024-", "listen,resolve,accept";
+ permission "java.util.PropertyPermission" "test.src", "read";
+ permission java.io.FilePermission "${test.src}/../../../com/sun/net/httpserver/testkeys", "read";
+
+ //permission "java.util.logging.LoggingPermission" "control";
+ //permission "java.io.FilePermission" "/tmp/-", "read,write";
+ permission "java.lang.RuntimePermission" "modifyThread";
+ permission "java.lang.RuntimePermission" "setFactory";
+};
+
+grant codeBase "file:${{java.ext.dirs}}/*" {
+ permission java.security.AllPermission;
+};
+
+grant codeBase "file:///export/repos/jdk8/build/linux-x86_64-normal-server-fastdebug/images/j2sdk-image/jre/lib/rt.jar" {
+ permission java.security.AllPermission;
+};
+
diff --git a/test/java/net/HttpURLPermission/policy.3 b/test/java/net/HttpURLPermission/policy.3
new file mode 100644
index 0000000..5f036c0
--- /dev/null
+++ b/test/java/net/HttpURLPermission/policy.3
@@ -0,0 +1,48 @@
+//
+// Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+// DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+//
+// This code is free software; you can redistribute it and/or modify it
+// under the terms of the GNU General Public License version 2 only, as
+// published by the Free Software Foundation.
+//
+// This code is distributed in the hope that it will be useful, but WITHOUT
+// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+// FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+// version 2 for more details (a copy is included in the LICENSE file that
+// accompanied this code).
+//
+// You should have received a copy of the GNU General Public License version
+// 2 along with this work; if not, write to the Free Software Foundation,
+// Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+// or visit www.oracle.com if you need additional information or have any
+// questions.
+//
+
+grant {
+ permission java.net.HttpURLPermission "http://127.0.0.1:12567/a/b/-", "DELETE,GET:X-Foo,Y-Foo";
+ permission java.net.HttpURLPermission "https://127.0.0.1:12568/a/c/-", "POST:*";
+
+ // needed for HttpServer
+ permission "java.net.SocketPermission" "localhost:1024-", "listen,resolve,accept";
+ permission "java.util.PropertyPermission" "test.src", "read";
+ permission java.io.FilePermission "${test.src}/../../../com/sun/net/httpserver/testkeys", "read";
+
+ //permission "java.util.logging.LoggingPermission" "control";
+ //permission "java.io.FilePermission" "/tmp/-", "read,write";
+ permission "java.lang.RuntimePermission" "modifyThread";
+ permission "java.lang.RuntimePermission" "setFactory";
+};
+
+// Normal permissions that aren't granted when run under jtreg
+
+grant codeBase "file:${{java.ext.dirs}}/*" {
+ permission java.security.AllPermission;
+};
+
+grant codeBase "file:${{java.home}}/jre/lib/rt.jar" {
+ permission java.security.AllPermission;
+};
+