[jboss-cvs] JBossAS SVN: r80691 - trunk/testsuite/src/resources/securitymgr.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Fri Nov 7 17:00:57 EST 2008 

Author: anil.saldhana at jboss.com
Date: 2008-11-07 17:00:57 -0500 (Fri, 07 Nov 2008)
New Revision: 80691

Modified:
   trunk/testsuite/src/resources/securitymgr/server.policy
Log:
JBAS-4154: updated fine grained security manager policy

Modified: trunk/testsuite/src/resources/securitymgr/server.policy
===================================================================
--- trunk/testsuite/src/resources/securitymgr/server.policy	2008-11-07 21:52:19 UTC (rev 80690)
+++ trunk/testsuite/src/resources/securitymgr/server.policy	2008-11-07 22:00:57 UTC (rev 80691)
@@ -2,7 +2,9 @@
 // Install with -Djava.security.policy==server.policy
 // and -Djboss.home.dir=path_to_jboss_distribution
 
+// ***************************************
 // Trusted core Java code
+//***************************************
 grant codeBase "file:${java.home}/lib/ext/-" {
    permission java.security.AllPermission;
 };
@@ -14,40 +16,99 @@
    permission java.security.AllPermission;
 };
 
-// Trusted core Jboss code
+
+
+
+//***********************************
+// Trusted core JBoss code
+//***********************************
 grant codeBase "file:${jboss.home.dir}/bin/-" {
    permission java.security.AllPermission;
 };
 grant codeBase "file:${jboss.home.dir}/lib/-" {
    permission java.security.AllPermission;
 };
-grant codeBase "vfsfile:${jboss.home.dir}/lib/-" {
+grant codeBase "file:${jboss.home.dir}/server/lib/-" {
    permission java.security.AllPermission;
 };
-grant codeBase "vfsfile:${jboss.server.home.dir}/lib/-" {
+grant codeBase "file:${jboss.server.home.dir}/lib/-" {
    permission java.security.AllPermission;
 };
-grant codeBase "vfsfile:${jboss.server.home.dir}/deploy/-" {
-   permission java.security.AllPermission;
-};
 grant codeBase "file:${jboss.server.home.dir}/deployers/-" {
    permission java.security.AllPermission;
 };
 grant codeBase "file:${jboss.server.home.dir}/work/-" {
    permission java.security.AllPermission;
 };
-grant codeBase "vfsfile:${jboss.server.home.dir}/work/-" {
+
+
+
+
+
+//***************************************
+// Trusted Specific JBoss Code
+//**************************************
+grant codeBase "file:${jboss.server.home.dir}/deploy/http-invoker.sar/invoker.war/-" {
+   permission javax.management.MBeanPermission "*", "addNotificationListener,getAttribute";
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/jmx-remoting.sar/-" {
+   permission javax.management.MBeanTrustPermission "register";
+   permission java.net.SocketPermission "*", "accept,listen,resolve";
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/jbossweb.sar/jboss-web-service.jar" {
    permission java.security.AllPermission;
 };
 
+grant codeBase "file:${jboss.server.home.dir}/deploy/jbossweb.sar/jbossweb.jar" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/jbossweb.sar/jsf-libs/-" {
+   permission java.security.AllPermission;
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/management/console-mgr.sar/-" {
+   permission javax.management.MBeanTrustPermission "register";
+   permission javax.management.MBeanPermission "*", "addNotificationListener,getAttribute";
+   permission org.jboss.naming.JndiPermission "<<ALL BINDINGS>>","*";
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/uuid-key-generator.sar/-" {
+   permission javax.management.MBeanTrustPermission "register";
+   permission org.jboss.naming.JndiPermission "HiLoKeyGeneratorFactory","rebind";
+};
+
+grant codeBase "file:${jboss.server.home.dir}/deploy/jms-ra.rar/jms-ra.jar" {
+   permission java.lang.RuntimePermission "setContextClassLoader";
+   permission org.jboss.naming.JndiPermission "<<ALL BINDINGS>>","lookup";
+};
+
+
+
+
+
+//***************************************************************
+// JBoss AS Test Suite Permissions
+//***************************************************************
+
 // Permissions for the WarPermissionsUnitTestCase
 grant codeBase "file:${jboss.test.deploy.dir}/securitymgr/-" {
    permission java.util.PropertyPermission "*", "read";
    permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
+   permission org.jboss.naming.JndiPermission "<<ALL BINDINGS>>","lookup";
 };
 
+grant codeBase "file:${jboss.test.deploy.dir}/-" {
+   permission org.jboss.naming.JndiPermission "<<ALL BINDINGS>>","lookup";
+};
+
+
 // Minimal permissions are allowed to everyone else
 grant {
+   permission java.io.FilePermission "file:${jboss.server.home.dir}/tmp/-", "read";
+   permission java.io.FilePermission "quartz.properties", "read";
    permission java.util.PropertyPermission "*", "read";
    permission java.lang.RuntimePermission "queuePrintJob";
    permission java.net.SocketPermission "*", "connect";

More information about the jboss-cvs-commits mailing list