| // |
| // * Derby - Class org.apache.derbyTesting.functionTests.tests.lang.SimpleTest |
| // * |
| // * Licensed to the Apache Software Foundation (ASF) under one |
| // * or more contributor license agreements. See the NOTICE file |
| // * distributed with this work for additional information |
| // * regarding copyright ownership. The ASF licenses this file |
| // * to you under the Apache License, Version 2.0 (the |
| // * "License"); you may not use this file except in compliance |
| // * with the License. You may obtain a copy of the License at |
| // * |
| // * http://www.apache.org/licenses/LICENSE-2.0 |
| // * |
| // * Unless required by applicable law or agreed to in writing, |
| // * software distributed under the License is distributed on an |
| // * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| // * KIND, either express or implied. See the License for the |
| // * specific language governing permissions and limitations |
| // * under the License. |
| // * |
| grant codeBase "${derbyTesting.codejar}derby.jar" |
| { |
| // |
| // These permissions are needed for everyday, embedded Derby usage. |
| // |
| permission java.lang.RuntimePermission "createClassLoader"; |
| permission java.util.PropertyPermission "derby.*", "read"; |
| permission java.util.PropertyPermission "derby.storage.jvmInstanceId", |
| "write"; |
| permission java.io.FilePermission "${derby.system.home}","read"; |
| permission java.io.FilePermission "${derby.system.home}${/}-", "read,write,delete"; |
| permission org.apache.derby.security.SystemPermission "engine", "usederbyinternals"; |
| |
| // getProtectionDomain is an optional permission needed for printing classpath |
| // information to derby.log |
| permission java.lang.RuntimePermission "getProtectionDomain"; |
| // |
| // This permission lets a DBA reload this policy file while the server |
| // is still running. |
| // |
| permission java.security.SecurityPermission "getPolicy"; |
| |
| // |
| // This permission lets you backup and restore databases |
| // to and from arbitrary locations in your file system. |
| // |
| // This permission also lets you import/export data to and from |
| // arbitrary locations in your file system. |
| // |
| // You may want to restrict this access to specific directories. |
| // |
| permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete"; |
| // Needed by FileUtil#limitAccessToOwner |
| permission java.lang.RuntimePermission "accessUserInformation"; |
| permission java.lang.RuntimePermission "getFileStoreAttributes"; |
| }; |
| |
| grant codeBase "${derbyTesting.codejar}derbynet.jar" |
| { |
| // |
| // This permission lets the Network Server manage connections from clients. |
| // |
| permission java.net.SocketPermission "${derbyTesting.serverhost}:*", "accept, connect, resolve"; |
| permission java.net.SocketPermission "localhost:*", "accept, connect, resolve"; |
| permission org.apache.derby.security.SystemPermission "engine", "usederbyinternals"; |
| }; |
| |
| grant codeBase "${derbyTesting.testjar}derbyTesting.jar" |
| { |
| // Don't allow all properties to be read |
| permission java.util.PropertyPermission "derby.*", "read,write"; |
| |
| // Access all files |
| permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete"; |
| |
| // When running with useprocess=false need to install and uninstall |
| // the security manager and allow setIO to change the system err and out |
| // streams. Currently the nist suite runs with useprocess=false. |
| permission java.lang.RuntimePermission "setSecurityManager"; |
| permission java.security.SecurityPermission "getPolicy"; |
| permission java.lang.RuntimePermission "setIO"; |
| }; |