[jboss-cvs] JBossAS SVN: r76065 - branches/JBPAPP_4_3_0_GA_CC/system/src/bin.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Mon Jul 21 13:30:59 EDT 2008
Author: anil.saldhana at jboss.com
Date: 2008-07-21 13:30:59 -0400 (Mon, 21 Jul 2008)
New Revision: 76065
Added:
branches/JBPAPP_4_3_0_GA_CC/system/src/bin/run_cc_no_sm.sh
branches/JBPAPP_4_3_0_GA_CC/system/src/bin/run_cc_sm.sh
branches/JBPAPP_4_3_0_GA_CC/system/src/bin/security_cc.policy
Log:
CC scripts
Added: branches/JBPAPP_4_3_0_GA_CC/system/src/bin/run_cc_no_sm.sh
===================================================================
--- branches/JBPAPP_4_3_0_GA_CC/system/src/bin/run_cc_no_sm.sh (rev 0)
+++ branches/JBPAPP_4_3_0_GA_CC/system/src/bin/run_cc_no_sm.sh 2008-07-21 17:30:59 UTC (rev 76065)
@@ -0,0 +1,24 @@
+#!/bin/sh
+### ====================================================================== ###
+## ##
+## JBoss Script for Common Criteria Configuration (Security Manager Enabled)##
+## ##
+### ====================================================================== ###
+
+### $Id: run.sh 67571 2007-11-28 21:06:29Z dbhole $ ###
+
+# Set conf if specified, else set to default
+JBOSSCONF="cc"
+
+#Specify the Security Manager Policy
+POLICY="security_cc.policy"
+
+#Specify the Security Manager options
+SM=""
+echo "======================================================================"
+echo " "
+echo " Common Criteria Configuration (No Security Manager)"
+echo "/bin/sh run.sh -c $JBOSSCONF $SM"
+echo " "
+echo " ======================================================================#"
+/bin/sh run.sh -c $JBOSSCONF $SM
Added: branches/JBPAPP_4_3_0_GA_CC/system/src/bin/run_cc_sm.sh
===================================================================
--- branches/JBPAPP_4_3_0_GA_CC/system/src/bin/run_cc_sm.sh (rev 0)
+++ branches/JBPAPP_4_3_0_GA_CC/system/src/bin/run_cc_sm.sh 2008-07-21 17:30:59 UTC (rev 76065)
@@ -0,0 +1,24 @@
+#!/bin/sh
+### ====================================================================== ###
+## ##
+## JBoss Script for Common Criteria Configuration (Security Manager Enabled)##
+## ##
+### ====================================================================== ###
+
+### $Id: run.sh 67571 2007-11-28 21:06:29Z dbhole $ ###
+
+# Set conf if specified, else set to default
+JBOSSCONF="cc"
+
+#Specify the Security Manager Policy
+POLICY="security_cc.policy"
+
+#Specify the Security Manager options
+SM="-Djava.security.manager -Djava.security.policy==$POLICY"
+echo "======================================================================"
+echo " "
+echo " Common Criteria Configuration (Security Manager Enabled)"
+echo "/bin/sh run.sh -c $JBOSSCONF $SM"
+echo " "
+echo " ======================================================================#"
+/bin/sh run.sh -c $JBOSSCONF $SM
Added: branches/JBPAPP_4_3_0_GA_CC/system/src/bin/security_cc.policy
===================================================================
--- branches/JBPAPP_4_3_0_GA_CC/system/src/bin/security_cc.policy (rev 0)
+++ branches/JBPAPP_4_3_0_GA_CC/system/src/bin/security_cc.policy 2008-07-21 17:30:59 UTC (rev 76065)
@@ -0,0 +1,55 @@
+// Author: Anil Saldhana
+//The Java2 security policy for the Common Criteria Evaluation
+
+// Trusted core Java code
+grant codeBase "file:${java.home}/lib/ext/-" {
+ permission java.security.AllPermission;
+};
+grant codeBase "file:${java.home}/lib/*" {
+ permission java.security.AllPermission;
+};
+// For java.home pointing to the JDK jre directory
+grant codeBase "file:${java.home}/../lib/*" {
+ permission java.security.AllPermission;
+};
+
+// Trusted core Jboss code
+grant codeBase "file:${jboss.home.dir}/bin/-" {
+ permission java.security.AllPermission;
+};
+grant codeBase "file:${jboss.home.dir}/lib/-" {
+ permission java.security.AllPermission;
+};
+grant codeBase "file:${jboss.server.home.dir}/deployers/-" {
+ permission java.security.AllPermission;
+};
+grant codeBase "file:${jboss.server.home.dir}/work/-" {
+ permission java.security.AllPermission;
+};
+
+// Permissions for the WarPermissionsUnitTestCase
+grant codeBase "file:${jboss.test.deploy.dir}/securitymgr/-" {
+ permission java.util.PropertyPermission "*", "read";
+ permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
+};
+
+// Minimal permissions are allowed to everyone else
+grant {
+ permission java.util.PropertyPermission "*", "read";
+ permission java.lang.RuntimePermission "queuePrintJob";
+ permission java.net.SocketPermission "*", "connect";
+ permission java.security.SecurityPermission "getPolicy";
+ permission java.lang.RuntimePermission "accessClassInPackage.*";
+ permission java.lang.RuntimePermission "getClassLoader";
+ permission java.lang.RuntimePermission "getProtectionDomain";
+ permission java.lang.RuntimePermission "org.jboss.security.SecurityAssociation.getSubject";
+ permission javax.management.MBeanServerPermission "findMBeanServer";
+ permission javax.management.MBeanPermission "org.jboss.mx.modelmbean.XMBean#*[JMImplementation:type=MBeanRegistry]", "*";
+ permission javax.management.MBeanPermission "org.jboss.security.plugins.AuthorizationManagerService#*[jboss.security:service=AuthorizationManager]", "invoke";
+ permission javax.management.MBeanPermission "org.jboss.security.auth.login.XMLLoginConfig#*[jboss.security:service=XMLLoginConfig]", "invoke";
+ permission javax.management.MBeanPermission "org.jboss.security.plugins.JaasSecurityManagerService#*[jboss.security:service=JaasSecurityManager]", "invoke";
+
+ permission javax.security.auth.AuthPermission "createLoginContext.*";
+ permission javax.security.auth.AuthPermission "getLoginConfiguration";
+};
+
More information about the jboss-cvs-commits
mailing list