[jboss-cvs] JBossAS SVN: r79166 - branches/JBPAPP_4_3_0_GA_CC/system/src/bin.

[jboss-cvs-commits at lists.jboss.org]

Author: pskopek at redhat.com
Date: 2008-10-06 15:44:15 -0400 (Mon, 06 Oct 2008)
New Revision: 79166

Modified:
   branches/JBPAPP_4_3_0_GA_CC/system/src/bin/security_cc.policy
Log:
Policy splitted to multiple directories.

Modified: branches/JBPAPP_4_3_0_GA_CC/system/src/bin/security_cc.policy
===================================================================
--- branches/JBPAPP_4_3_0_GA_CC/system/src/bin/security_cc.policy	2008-10-06 19:40:40 UTC (rev 79165)
+++ branches/JBPAPP_4_3_0_GA_CC/system/src/bin/security_cc.policy	2008-10-06 19:44:15 UTC (rev 79166)
@@ -60,7 +60,7 @@
    permission java.security.AllPermission;
 };
 
-grant codeBase "file:${jboss.server.home.dir}/-" {
+grant codeBase "file:${jboss.server.home.dir}/deploy/-" {
    permission java.io.FilePermission "${jboss.server.home.dir}/-", "read,write,delete";
    permission java.io.FilePermission "${java.io.tmpdir}", "read,write,delete";
    
@@ -118,8 +118,65 @@
 
 };
 
+grant codeBase "file:${jboss.server.home.dir}/tmp/-" {
+   permission java.io.FilePermission "${jboss.server.home.dir}/-", "read,write,delete";
+   permission java.io.FilePermission "${java.io.tmpdir}", "read,write,delete";
+   
+   permission java.io.FilePermission "<<ALL FILES>>", "read";
+  
+   // MBean permissions
+   permission javax.management.MBeanTrustPermission "*";
+   permission javax.management.MBeanServerPermission "findMBeanServer";
+   permission javax.management.MBeanPermission "*", "*";
 
+   permission java.lang.RuntimePermission "setContextClassLoader";
+   permission java.lang.RuntimePermission "accessDeclaredMembers";
+   permission java.lang.RuntimePermission "createClassLoader";
+   permission java.lang.RuntimePermission "org.jboss.security.SecurityAssociation.setPrincipalInfo";
+   permission java.lang.RuntimePermission "org.jboss.security.SecurityAssociation.getPrincipalInfo";
+   permission java.lang.RuntimePermission "org.jboss.security.SecurityAssociation.setServer";
+   permission java.lang.RuntimePermission "org.jboss.security.SecurityAssociation.setRunAsRole";
+   permission java.lang.RuntimePermission "loadLibrary.tcnative-1";
+   permission java.lang.RuntimePermission "loadLibrary.libtcnative-1";
+ 
+   permission java.net.NetPermission "specifyStreamHandler";
+   
+   permission java.util.PropertyPermission "*", "read,write";
+   permission java.security.SecurityPermission "getProperty.package.definition";
+   permission java.security.SecurityPermission "setProperty.package.definition";
+   permission java.security.SecurityPermission "getProperty.package.access";
+   permission java.security.SecurityPermission "setProperty.package.access";
+   permission java.security.SecurityPermission "setPolicy";
+   permission java.security.SecurityPermission "putProviderProperty.JBossSX";
+   permission java.security.SecurityPermission "insertProvider.JBossSX";
+   
+   permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
+   
+   // TODO: specify exact ports 
+   permission java.net.SocketPermission "*:1024-", "accept,listen";
+   permission java.util.logging.LoggingPermission "control";
+   
+   permission javax.security.auth.AuthPermission "doAsPrivileged";
+   permission javax.security.auth.AuthPermission "modifyPrincipals";
+   
+   permission javax.security.auth.PrivateCredentialPermission "javax.resource.spi.security.PasswordCredential * \"*\"", "read";
 
+   // experimental
+   //permission java.lang.RuntimePermission "createSecurityManager";
+   //permission java.lang.RuntimePermission "setSecurityManager";
+
+   permission java.security.SecurityPermission "getPolicy";
+   permission java.lang.RuntimePermission "accessClassInPackage.*";
+   permission java.lang.RuntimePermission "getClassLoader";
+   permission java.lang.RuntimePermission "getProtectionDomain";
+   permission java.lang.RuntimePermission "org.jboss.security.SecurityAssociation.getSubject";
+
+   permission javax.security.auth.AuthPermission "createLoginContext.*";
+   permission javax.security.auth.AuthPermission "getLoginConfiguration";
+
+};
+
+
 //**************************************************************
 //
 //  Section 3: JBoss EAP Testsuite Permissions