[jboss-cvs] JBossAS SVN: r77525 - branches/JBPAPP_4_3_0_GA_CC/system/src/bin.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed Aug 27 07:37:27 EDT 2008
Author: pskopek at redhat.com
Date: 2008-08-27 07:37:27 -0400 (Wed, 27 Aug 2008)
New Revision: 77525
Modified:
branches/JBPAPP_4_3_0_GA_CC/system/src/bin/security_cc.policy
Log:
Improved policy file.
- All non SM realted tests run fine with it.
Modified: branches/JBPAPP_4_3_0_GA_CC/system/src/bin/security_cc.policy
===================================================================
--- branches/JBPAPP_4_3_0_GA_CC/system/src/bin/security_cc.policy 2008-08-27 10:07:41 UTC (rev 77524)
+++ branches/JBPAPP_4_3_0_GA_CC/system/src/bin/security_cc.policy 2008-08-27 11:37:27 UTC (rev 77525)
@@ -50,7 +50,8 @@
permission java.io.FilePermission "${jboss.server.home.dir}/-", "read,write,delete";
permission java.io.FilePermission "${java.io.tmpdir}", "read,write,delete";
- permission java.io.FilePermission "<<ALL FILES>>", "read";
+// permission java.io.FilePermission "<<ALL FILES>>", "read";
+ permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
permission javax.management.MBeanPermission "*", "*";
permission java.lang.RuntimePermission "setContextClassLoader";
@@ -58,7 +59,13 @@
permission java.lang.RuntimePermission "createClassLoader";
permission java.lang.RuntimePermission "org.jboss.security.SecurityAssociation.setPrincipalInfo";
permission java.lang.RuntimePermission "org.jboss.security.SecurityAssociation.getPrincipalInfo";
+ permission java.lang.RuntimePermission "org.jboss.security.SecurityAssociation.setServer";
permission java.lang.RuntimePermission "org.jboss.security.SecurityAssociation.setRunAsRole";
+ permission java.lang.RuntimePermission "setIO";
+ permission java.lang.RuntimePermission "loadLibrary.tcnative-1";
+ permission java.lang.RuntimePermission "loadLibrary.libtcnative-1";
+
+ permission java.net.NetPermission "specifyStreamHandler";
permission java.util.PropertyPermission "*", "read,write";
permission java.security.SecurityPermission "getProperty.package.definition";
@@ -66,13 +73,24 @@
permission java.security.SecurityPermission "getProperty.package.access";
permission java.security.SecurityPermission "setProperty.package.access";
permission java.security.SecurityPermission "setPolicy";
+ permission java.security.SecurityPermission "putProviderProperty.JBossSX";
+ permission java.security.SecurityPermission "insertProvider.JBossSX";
+
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
+
// TODO: specify exact ports
permission java.net.SocketPermission "*:1024-", "accept,listen";
permission java.util.logging.LoggingPermission "control";
permission javax.security.auth.AuthPermission "doAsPrivileged";
+ permission javax.security.auth.AuthPermission "modifyPrincipals";
+ permission javax.security.auth.PrivateCredentialPermission "javax.resource.spi.security.PasswordCredential * \"*\"", "read";
+
+ // experimental
+ permission java.lang.RuntimePermission "createSecurityManager";
+ permission java.lang.RuntimePermission "setSecurityManager";
+
};
//grant codeBase "file:${jboss.server.home.dir}/tmp/-" {
@@ -170,12 +188,21 @@
// Section 3: JBoss EAP Testsuite Permissions
//
//**************************************************************
+
+grant codeBase "file:${jboss.test.deploy.dir}/securitymgr-ejb.jar" {
+ permission java.util.PropertyPermission "*", "read";
+ permission java.lang.RuntimePermission "queuePrintJob";
+ permission java.net.SocketPermission "*", "connect";
+};
+
// Permissions for the WarPermissionsUnitTestCase
//Permissions for crypto tests (putProvider)
-grant codeBase "file:${jboss.test.deploy.dir}/cc/-" {
+grant codeBase "file:${jboss.test.deploy.dir}/-" {
permission java.util.PropertyPermission "*", "read";
permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
permission java.security.SecurityPermission "putProviderProperty.JBossSX";
+ // !!!! Experimenal, should be changed to more specific
+ //permission org.apache.naming.JndiPermission "*";
};
//*******************End JBoss EAP Testsuite Permissions*********
More information about the jboss-cvs-commits
mailing list