Author: ron.sigal(a)jboss.com Date: 2008-03-26 04:42:04 -0400 (Wed, 26 Mar 2008) New Revision: 3784 Modified: remoting2/branches/2.x/test.policy Log: JBREM-920: Added some permissions, generalized others. Modified: remoting2/branches/2.x/test.policy =================================================================== --- remoting2/branches/2.x/test.policy 2008-03-26 08:24:42 UTC (rev 3783) +++ remoting2/branches/2.x/test.policy 2008-03-26 08:42:04 UTC (rev 3784) @@ -17,14 +17,15 @@ permission javax.management.MBeanTrustPermission "register"; permission javax.management.MBeanPermission "javax.management.MBeanServerDelegate#MBeanServerId[JMImplementation:type=MBeanServerDelegate]", "getAttribute"; permission javax.management.MBeanPermission "-#-[-]", "queryMBeans"; - permission javax.management.MBeanPermission "org.jboss.remoting.transport.Connector#-[jboss.remoting:transport=socket,type=Connector]", "queryMBeans, isInstanceOf"; - permission javax.management.MBeanPermission "org.jboss.remoting.transport.Connector#-[jboss.remoting:transport=sslsocket,type=Connector]", "queryMBeans, isInstanceOf"; + permission javax.management.MBeanPermission "org.jboss.remoting.transport.Connector#-[jboss.remoting:type=Connector,*]", "queryMBeans, isInstanceOf"; + permission javax.management.MBeanPermission "org.jboss.remoting.ServerInvoker#-[jboss.remoting:service=invoker,*]", "unregisterMBean, registerMBean, queryMBeans, isInstanceOf"; permission javax.management.MBeanPermission "javax.management.MBeanServerDelegate#-[JMImplementation:type=MBeanServerDelegate]", "queryMBeans, isInstanceOf, getAttribute"; permission javax.management.MBeanPermission "org.jboss.remoting.detection.multicast.MulticastDetector#-[remoting:type=JNDIDetector]", "queryMBeans, isInstanceOf"; permission javax.management.MBeanPermission "org.jboss.remoting.detection.multicast.MulticastDetector#-[remoting:type=MulticastDetector]", "queryMBeans, isInstanceOf, unregisterMBean"; permission javax.management.MBeanPermission "org.jboss.remoting.network.NetworkRegistry#-[remoting:type=NetworkRegistry]", "queryMBeans, isInstanceOf"; permission javax.management.MBeanPermission "org.jboss.remoting.network.NetworkRegistry#Servers[remoting:type=NetworkRegistry]", "getAttribute"; - + permission javax.management.MBeanPermission "-#ServerDataDir[jboss.system:type=ServerConfig]", "getAttribute"; + // TODO: Figure out why these aren't covered by the AllPermission entries below permission javax.management.MBeanPermission "org.jboss.test.remoting.detection.metadata.MetadataTestCase$TestNetworkRegistry#-[remoting:type=NetworkRegistry]", "unregisterMBean, registerMBean, queryMBeans, isInstanceOf"; @@ -50,7 +51,15 @@ permission java.util.PropertyPermission "http.basic.username", "read"; permission java.util.PropertyPermission "http.basic.password", "read"; permission java.util.PropertyPermission "org.jboss.remoting.defaultSocketFactory", "read"; - + permission java.util.PropertyPermission "jboss.server.data.dir", "read"; + permission java.util.PropertyPermission "file.separator", "read"; + permission java.util.PropertyPermission "jboss.remoting.compression.debug", "read"; + permission java.util.PropertyPermission "jboss.remoting.compression.min", "read"; + permission java.util.PropertyPermission "remoting.stream.transport", "read"; + permission java.util.PropertyPermission "remoting.stream.host", "read"; + permission java.util.PropertyPermission "remoting.stream.port", "read"; + permission java.util.PropertyPermission "org.jboss.security.ignoreHttpsHost" , "read"; + // Tomcat native - TODO - this should be in a privileged block in jbossnative permission java.lang.RuntimePermission "loadLibrary.tcnative-1"; permission java.lang.RuntimePermission "loadLibrary.libtcnative-1"; @@ -60,6 +69,9 @@ permission java.io.FilePermission "${build.home}/output/tests/classes/-", "read"; permission java.io.FilePermission "${build.home}", "read"; permission java.io.FilePermission "${build.home}/jboss.identity", "read"; + + // Permission for org.jboss.remoting.ident.Identity to create "jboss.identity" file. Could be extended. + permission java.io.FilePermission "${build.home}", "write"; // Used by org.jboss.util.propertyeditor.PropertyEditors.mapJavaBeanProperties(), though still a Remoting permission I think permission java.lang.RuntimePermission "accessClassInPackage.sun.beans.editors"; @@ -109,11 +121,7 @@ permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; permission javax.management.MBeanServerPermission "createMBeanServer, findMBeanServer"; permission javax.management.MBeanTrustPermission "register"; - permission javax.management.MBeanPermission "org.jboss.remoting.transport.socket.SocketServerInvoker#-[jboss.remoting:host=127.0.0.1,*,service=invoker,transport=socket]", "unregisterMBean, registerMBean, queryMBeans, isInstanceOf"; - permission javax.management.MBeanPermission "org.jboss.remoting.transport.socket.SocketServerInvoker#-[jboss.remoting:host=localhost,*,service=invoker,transport=socket]", "unregisterMBean, registerMBean, queryMBeans, isInstanceOf"; - permission javax.management.MBeanPermission "org.jboss.remoting.transport.socket.SocketServerInvoker#-[jboss.remoting:host=\"[::1]\",*,service=invoker,transport=socket]", "unregisterMBean, registerMBean, queryMBeans, isInstanceOf"; - permission javax.management.MBeanPermission "org.jboss.remoting.transport.socket.SocketServerInvoker#-[jboss.remoting:host=\"[::ffff:127.0.0.1]\",*,service=invoker,transport=socket]", "unregisterMBean, registerMBean, queryMBeans, isInstanceOf"; - permission javax.management.MBeanPermission "org.jboss.remoting.transport.socket.SocketServerInvoker#-[jboss.remoting:host=\"[::]\",*,service=invoker,transport=socket]", "unregisterMBean, registerMBean, queryMBeans, isInstanceOf"; + permission javax.management.MBeanPermission "org.jboss.remoting.ServerInvoker#-[jboss.remoting:service=invoker,*]", "unregisterMBean, registerMBean, queryMBeans, isInstanceOf"; permission javax.management.MBeanPermission "org.jboss.remoting.transport.Connector#-[jboss.remoting:*,transport=socket,type=Connector]", "registerMBean, unregisterMBean, queryMBeans, isInstanceOf"; permission javax.management.MBeanPermission "org.jboss.remoting.transport.Connector#-[jboss.remoting:transport=socket,type=Connector]", "registerMBean, unregisterMBean, queryMBeans, isInstanceOf"; permission javax.management.MBeanPermission "org.jboss.remoting.transport.Connector#-[test:type=connector]", "registerMBean";