| grant { |
| // java.base module |
| permission java.io.SerializablePermission "enableSubstitution"; |
| permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; |
| permission java.nio.file.LinkPermission "hard"; |
| permission javax.net.ssl.SSLPermission "getSSLSessionContext"; |
| permission javax.security.auth.AuthPermission "doAsPrivileged"; |
| permission javax.security.auth.PrivateCredentialPermission "* * \"*\"", |
| "read"; |
| // java.base module (@jdk.Exported Permissions) |
| permission jdk.net.NetworkPermission "setOption.SO_FLOW_SLA"; |
| // java.desktop module |
| permission java.awt.AWTPermission "createRobot"; |
| permission javax.sound.sampled.AudioPermission "play"; |
| // java.logging module |
| permission java.util.logging.LoggingPermission "control", ""; |
| // java.management module |
| permission java.lang.management.ManagementPermission "control"; |
| permission javax.management.MBeanPermission "*", "getAttribute"; |
| permission javax.management.MBeanServerPermission "createMBeanServer"; |
| permission javax.management.MBeanTrustPermission "register"; |
| permission javax.management.remote.SubjectDelegationPermission "*"; |
| // java.security.jgss module |
| permission javax.security.auth.kerberos.DelegationPermission "\"*\" \"*\""; |
| permission javax.security.auth.kerberos.ServicePermission "*", "accept"; |
| // java.sql module |
| permission java.sql.SQLPermission "setLog"; |
| // javax.xml.bind module |
| permission javax.xml.bind.JAXBPermission "setDatatypeConverter"; |
| // javax.xml.ws module |
| permission javax.xml.ws.WebServicePermission "publishEndpoint"; |
| // java.smartcardio module |
| permission javax.smartcardio.CardPermission "*", "*"; |
| // jdk.attach module (@jdk.Exported Permissions) |
| permission com.sun.tools.attach.AttachPermission "attachVirtualMachine"; |
| // jdk.jdi module (@jdk.Exported Permissions) |
| permission com.sun.jdi.JDIPermission "virtualMachineManager"; |
| // jdk.security.jgss module (@jdk.Exported Permissions) |
| permission com.sun.security.jgss.InquireSecContextPermission "*"; |
| }; |
| |
| grant |
| // java.base module |
| principal javax.security.auth.x500.X500Principal "CN=Duke", |
| // java.management module |
| principal javax.management.remote.JMXPrincipal "Duke", |
| // java.security.jgss module |
| principal javax.security.auth.kerberos.KerberosPrincipal "duke@openjdk.org", |
| // jdk.security.auth module (@jdk.Exported Principals) |
| principal com.sun.security.auth.UserPrincipal "Duke", |
| principal com.sun.security.auth.NTDomainPrincipal "openjdk.org", |
| principal com.sun.security.auth.NTSid |
| "S-1-5-21-3623811015-3361044348-30300820-1013", |
| principal com.sun.security.auth.NTUserPrincipal "Duke", |
| principal com.sun.security.auth.UnixNumericUserPrincipal "0", |
| principal com.sun.security.auth.UnixPrincipal "duke" { |
| permission java.util.PropertyPermission "user.home", "read"; |
| }; |
| |
| grant |
| // java.security.jgss module |
| principal javax.security.auth.kerberos.KerberosPrincipal "duke@openjdk.org" |
| { |
| // test that ${{self}} expansion works |
| permission javax.security.auth.kerberos.ServicePermission "${{self}}", |
| "accept"; |
| }; |