blob: d4a7019e289aec0f08f8e5e95151688fc4ffd4c5 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE messages SYSTEM "securityPolicies.dtd">
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!--
This file contains all of the permissions used by Derby policy files.
For a description of the XML grammar used here, see securityPolicy.dtd.
-->
<policies>
<!--
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!
!! Production policies.
!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-->
<!-- org.apache.derby.commons -->
<policy>
<name>basicCommons</name>
<jar>
<name>derbyshared.jar</name>
<block>
<comment>Needed to determine whether the JVM was booted with a module path.</comment>
<a>java.util.PropertyPermission "jdk.module.path", "read"</a>
</block>
<block>
<comment>Need in order to read message localizations from other derby jars
when running with a module path.</comment>
<a>java.io.FilePermission "${derby.install.path}${/}-", "read"</a>
</block>
<block>
<comment>Gives permission for JMX to be used against Derby
but only if JMX authentication is not being used.
In that case the application would need to create
a whole set of fine-grained permissions to allow specific
users access to MBeans and actions they perform.</comment>
<a>org.apache.derby.shared.common.security.SystemPermission "engine", "monitor"</a>
<a>org.apache.derby.shared.common.security.SystemPermission "server", "monitor"</a>
</block>
</jar>
</policy>
<!-- org.apache.derby.engine -->
<policy>
<name>basicEngine</name>
<include>basicCommons</include>
<jar>
<name>derby.jar</name>
<block>
<comment>These permissions are needed for everyday, embedded Derby usage.</comment>
<a>java.lang.RuntimePermission "createClassLoader"</a>
<a>java.util.PropertyPermission "derby.*", "read"</a>
<a>java.util.PropertyPermission "user.dir", "read"</a>
<a>org.apache.derby.shared.common.security.SystemPermission "engine", "usederbyinternals"</a>
<a>java.io.FilePermission "${derby.system.home}","read,write"</a>
<a>java.io.FilePermission "${derby.system.home}${/}-", "read,write,delete"</a>
<a>java.io.FilePermission "${derby.system.home}${/}derby.properties", "read"</a>
<a>java.io.FilePermission "${derby.system.home}${/}derby.log", "read,write,delete"</a>
</block>
<block>
<comment>Properties needed to determine if the VM is 32 or 64 bit.</comment>
<a>java.util.PropertyPermission "sun.arch.data.model", "read"</a>
<a>java.util.PropertyPermission "os.arch", "read"</a>
</block>
<block>
<comment>Gives permission for JMX to be used against Derby
but only if JMX authentication is not being used.
In that case the application would need to create
a whole set of fine-grained permissions to allow specific
users access to MBeans and actions they perform.</comment>
<a>org.apache.derby.shared.common.security.SystemPermission "jmx", "control"</a>
<a>org.apache.derby.shared.common.security.SystemPermission "engine", "monitor"</a>
<a>org.apache.derby.shared.common.security.SystemPermission "server", "monitor"</a>
</block>
<block>
<comment>Permissions needed for JMX based management and monitoring.</comment>
<a>javax.management.MBeanServerPermission "createMBeanServer"</a>
</block>
<block>
<comment>Allows access to Derby's built-in MBeans, within the domain
org.apache.derby. Derby must be allowed to register and unregister these
MBeans. To fine tune this permission, see the javadoc of
javax.management.MBeanPermission or the JMX Instrumentation and Agent Specification.</comment>
<a>javax.management.MBeanPermission "org.apache.derby.*#[org.apache.derby:*]", "registerMBean,unregisterMBean"</a>
</block>
<block>
<comment>Trusts Derby code to be a source of MBeans and to register these in the MBean server.</comment>
<a>javax.management.MBeanTrustPermission "register"</a>
</block>
<block>
<comment>Optional permission needed for printing classpath information to derby.log.</comment>
<a>java.lang.RuntimePermission "getProtectionDomain"</a>
</block>
<block>
<comment>The following permission must be granted for Connection.abort(Executor) to work.
Note that this permission must also be granted to outer (application) code domains.</comment>
<a>java.sql.SQLPermission "callAbort"</a>
</block>
<block>
<comment>Needed by FileUtil#limitAccessToOwner.</comment>
<a>java.lang.RuntimePermission "accessUserInformation"</a>
<a>java.lang.RuntimePermission "getFileStoreAttributes"</a>
</block>
</jar>
</policy>
<!-- optional engine permissions -->
<policy>
<name>optionalEngine</name>
<jar>
<name>derby.jar</name>
<block>
<comment>Needed to create a temp file in order to open a database in a jar file.
permission java.io.FilePermission "${java.io.tmpdir}${/}-", "read,write,delete"</comment>
</block>
<block>
<comment>Customize the following permission in order to backup and restore
Derby databases to/from a secure branch of your file system,
preferably one owned by the database owner or the user who booted the JVM:
permission java.io.FilePermission "/Users/me/backups/-", "read,write"</comment>
</block>
<block>
<comment>Customize the following permission in order to export and import
tables to/from a secure branch of your file system,
preferably one owned by the database owner or the user who booted the JVM:
permission java.io.FilePermission "/Users/me/imports/-", "read,write"</comment>
</block>
<block>
<comment>Customize the following permission in order to load
jar files which contain user-written types, aggregates, functions, and procedures.
Those jar files should live in a secure branch of your file system,
preferably one owned by the database owner or the user who booted the JVM:
permission java.io.FilePermission "/Users/me/myJars/-", "read"</comment>
</block>
<block>
<comment>This permission lets a DBA reload the policy file while the server
is still running. The policy file is reloaded by invoking
the SYSCS_UTIL.SYSCS_RELOAD_SECURITY_POLICY() system procedure:
permission java.security.SecurityPermission "getPolicy"</comment>
</block>
<block>
<comment>This permission is needed to call DriverManager.deregisterDriver()
and unload the Derby classes:
permission java.sql.SQLPermission "deregisterDriver"</comment>
</block>
</jar>
</policy>
<!-- engine template -->
<policy>
<name>engineTemplate</name>
<include>basicEngine</include>
<include>optionalEngine</include>
<output>
<file>generated/java/org.apache.derby.engine/org/apache/derby/security/engineTemplate.policy</file>
<properties>securityProduct.properties</properties>
</output>
<jar>
<name>derby.jar</name>
</jar>
</policy>
<!-- org.apache.derby.tools -->
<policy>
<name>basicTools</name>
<include>basicEngine</include>
<output>
<file>generated/java/org.apache.derby.engine/org/apache/derby/security/toolsTemplate.policy</file>
<properties>securityProduct.properties</properties>
</output>
<jar>
<name>derbytools.jar</name>
<block>
<comment>Access all properties using System.getProperties -
ij enumerates the properties in order to open connections
for any property set in ij.connection.* and set protocols
for any property in ij.protocol.*</comment>
<a>java.util.PropertyPermission "*", "read,write"</a>
</block>
<block>
<comment>Needed by sysinfo. The file permission is needed to check the existence
of jars on the classpath. You can limit this permission to just the locations
which hold your jar files.</comment>
<a>java.util.PropertyPermission "user.*", "read"</a>
<a>java.util.PropertyPermission "java.home", "read"</a>
<a>java.util.PropertyPermission "java.class.path", "read"</a>
<a>java.util.PropertyPermission "java.runtime.version", "read"</a>
<a>java.util.PropertyPermission "java.fullversion", "read"</a>
<a>java.lang.RuntimePermission "getProtectionDomain"</a>
<a>org.apache.derby.shared.common.security.SystemPermission "engine", "usederbyinternals"</a>
<a>java.io.FilePermission "&lt;&lt;ALL FILES&gt;&gt;", "read"</a>
</block>
</jar>
</policy>
<!-- core server permissions -->
<policy>
<name>coreServer</name>
<include>basicTools</include>
<jar>
<name>derbynet.jar</name>
<block>
<comment>Needed by FileUtil#limitAccessToOwner.</comment>
<a>java.lang.RuntimePermission "accessUserInformation"</a>
<a>java.lang.RuntimePermission "getFileStoreAttributes"</a>
<a>java.util.PropertyPermission "derby.__serverStartedFromCmdLine", "read,write"</a>
</block>
<block>
<comment>Needed for NetworkServerMBean access.</comment>
<a>org.apache.derby.shared.common.security.SystemPermission "server", "control,monitor"</a>
<a>org.apache.derby.shared.common.security.SystemPermission "engine", "usederbyinternals"</a>
</block>
</jar>
</policy>
<!-- customizable server permissions -->
<policy>
<name>customizableServer</name>
<jar>
<name>derbynet.jar</name>
<block>
<comment>Accept connections from any host. Derby is listening to the host interface
specified via the -h command line option to "NetworkServerControl start",
via the address parameter to the org.apache.derby.drda.NetworkServerControl
constructor in the API, or via the property derby.drda.host.
The default is localhost. You may want to restrict allowed hosts,
e.g. to hosts in a specific subdomain like "*.example.com".</comment>
<a>java.net.SocketPermission "*", "accept"</a>
</block>
<block>
<comment>Allow the server to listen to the socket on the port specified with the
-p option to "NetworkServerControl start" on the command line, or with
the portNumber parameter to the NetworkServerControl constructor in the
API, or with the property derby.drda.portNumber. The default is 1527.</comment>
<a>java.net.SocketPermission "localhost:${derby.security.port}", "listen"</a>
</block>
<block>
<comment>Needed for server tracing.</comment>
<a>java.io.FilePermission "${derby.drda.traceDirectory}${/}-", "read,write,delete"</a>
</block>
</jar>
</policy>
<!-- org.apache.derby.server -->
<policy>
<name>basicServer</name>
<include>coreServer</include>
<include>customizableServer</include>
<output>
<file>classes/drda/org/apache/derby/drda/server.policy</file>
<properties>securityProduct.properties</properties>
</output>
</policy>
<!-- template server policy -->
<policy>
<name>serverTemplate</name>
<include>basicServer</include>
<include>optionalEngine</include>
<output>
<file>generated/java/org.apache.derby.engine/org/apache/derby/security/serverTemplate.policy</file>
<properties>securityProduct.properties</properties>
</output>
</policy>
<!-- org.apache.derby.client -->
<policy>
<name>basicClient</name>
<include>basicCommons</include>
<output>
<file>generated/java/org.apache.derby.engine/org/apache/derby/security/clientTemplate.policy</file>
<properties>securityProduct.properties</properties>
</output>
<jar>
<name>derbyclient.jar</name>
<block>
<comment>Modify this to be the server host instead of localhost.</comment>
<a>java.net.SocketPermission "localhost", "connect,resolve"</a>
</block>
<block>
<comment>DERBY-2302: derbyclient.jar needs to be able to read the user.dir property in order to
do tracing in that directory. Also, it needs read/write permissions in user.dir in order
to create the trace files in that directory.</comment>
<a>java.util.PropertyPermission "user.dir", "read"</a>
<a>java.io.FilePermission "${user.dir}${/}-", "read,write"</a>
</block>
<block>
<comment>DERBY-1883: Since some classes that are included in both derby.jar and
derbyclient.jar read properties, derbyclient.jar needs permission to read
derby.* properties to avoid failures when it is listed before derby.jar in
the classpath.</comment>
<a>java.util.PropertyPermission "derby.*", "read"</a>
</block>
<block>
<comment>The following permission must be granted for Connection.abort(Executor) to work.
Note that this permission must also be granted to outer (application) code domains.</comment>
<a>java.sql.SQLPermission "callAbort"</a>
</block>
</jar>
</policy>
<!--
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!
!! Test policies.
!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-->
<!-- Basic tests -->
<policy>
<name>basicTests</name>
<include>basicServer</include>
<include>basicClient</include>
<output>
<file>classes/testing/org/apache/derbyTesting/functionTests/util/derby_tests.policy</file>
<properties>securityTests.properties</properties>
</output>
<jar>
<name>derbyshared.jar</name>
<block>
<comment>These permissions are needed by AssertFailure to dump the thread stack
traces upon failure.</comment>
<a>java.lang.RuntimePermission "getStackTrace"</a>
<a>java.lang.RuntimePermission "modifyThreadGroup"</a>
</block>
<block>
<comment>DERBY-2302: derbyclient.jar needs to be able to read the user.dir property in order to
do tracing in that directory. Also, it needs read/write permissions in user.dir in order
to create the trace files in that directory.</comment>
<a>java.util.PropertyPermission "user.dir", "read"</a>
<a>java.io.FilePermission "${user.dir}${/}-", "read,write"</a>
</block>
</jar>
<jar>
<name>derby.jar</name>
<block>
<comment>Needed to create a temp file in order to open a database in a jar file.</comment>
<a>java.io.FilePermission "${java.io.tmpdir}${/}-", "read,write,delete"</a>
</block>
<block>
<a>java.util.PropertyPermission "derby.storage.jvmInstanceId", "write"</a>
</block>
<block>
<comment>unit tests (e.g. store/T_RecoverFullLog) set this property
(called from derbyTesting.jar through code in derby.jar)</comment>
<a>java.util.PropertyPermission "derbyTesting.unittest.*", "write"</a>
</block>
<block>
<comment>permissions so that we can set the context class loader to null
for daemon threads to avoid class loader leak. DERBY-3745</comment>
<a>java.lang.RuntimePermission "getClassLoader"</a>
<a>java.lang.RuntimePermission "setContextClassLoader"</a>
</block>
<block>
<comment>For reloading the policy file.</comment>
<a>java.security.SecurityPermission "getPolicy"</a>
</block>
<block>
<comment>[DERBY-2000] The write permission was added to allow creation of
the derby.system.home directory when running tests under a security manager.</comment>
<a>java.io.FilePermission "${derby.system.home}", "read,write"</a>
</block>
<block>
<comment>Import/export and other support files from these locations in tests</comment>
<a>java.io.FilePermission "${user.dir}${/}extin${/}-", "read"</a>
<a>java.io.FilePermission "${user.dir}${/}extinout${/}-", "read,write,delete"</a>
<a>java.io.FilePermission "${user.dir}${/}extout${/}-", "read,write"</a>
<a>java.io.FilePermission "${user.dir}${/}extinout", "read,write"</a>
</block>
<block>
<comment>needed to create a temp file in order to open a database in a jar file</comment>
<a>java.io.FilePermission "${java.io.tmpdir}${/}-", "read,write,delete"</a>
</block>
<block>
<comment>This permission is needed to call DriverManager.deregisterDriver().</comment>
<a>java.sql.SQLPermission "deregisterDriver"</a>
</block>
</jar>
<jar>
<name>derbynet.jar</name>
<block>
<comment>Tighten up the connection permissions.</comment>
<d>java.net.SocketPermission "*", "accept"</d>
<a>java.net.SocketPermission "127.0.0.1", "accept,connect"</a>
<a>java.net.SocketPermission "localhost", "accept,connect,listen"</a>
<a>java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect"</a>
<a>java.net.SocketPermission "${derbyTesting.serverhost}", "accept,connect"</a>
</block>
<block>
<comment>Need to be able to write to trace file for NetworkServerControlApiTest</comment>
<a>java.io.FilePermission "${user.dir}${/}system${/}trace", "read,write"</a>
<a>java.io.FilePermission "${user.dir}${/}system${/}trace${/}-", "read,write"</a>
</block>
<block>
<comment>Need read/write to trace file for RestrictiveFilePermissionsTest</comment>
<a>java.io.FilePermission "${user.dir}${/}system${/}RFPT_db_tracefiles_restr", "read,write"</a>
<a>java.io.FilePermission "${user.dir}${/}system${/}RFPT_db_tracefiles_lax", "read,write"</a>
<a>java.io.FilePermission "${user.dir}${/}system${/}RFPT_db_tracefiles_restr${/}-", "read,write"</a>
<a>java.io.FilePermission "${user.dir}${/}system${/}RFPT_db_tracefiles_lax${/}-", "read,write"</a>
</block>
</jar>
<jar>
<name>derbyclient.jar</name>
<block>
<comment>Tighten up the connection permissions.</comment>
<a>java.net.SocketPermission "127.0.0.1", "connect,resolve"</a>
<a>java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve"</a>
</block>
</jar>
<jar>
<name>derbytools.jar</name>
<block>
<comment>Read all files under ${user.dir}</comment>
<d>java.io.FilePermission "&lt;&lt;ALL FILES&gt;&gt;", "read"</d>
<a>java.io.FilePermission "${user.dir}${/}-", "read"</a>
</block>
<block>
<comment>IjTestCases read, write, and delete ij's output in the extinout dir</comment>
<a>java.io.FilePermission "${user.dir}${/}extinout${/}-", "read,write,delete"</a>
</block>
<block>
<comment>ij needs permission to read the sql files in this jar</comment>
<a>java.io.FilePermission "${derbyTesting.testjarpath}", "read"</a>
</block>
<block>
<comment>These permissions are needed by AssertFailure to dump the thread stack
traces upon failure.</comment>
<a>java.lang.RuntimePermission "getStackTrace"</a>
<a>java.lang.RuntimePermission "modifyThreadGroup"</a>
</block>
</jar>
<jar>
<name>derbyoptionaltools.jar</name>
<block>
<comment>Needed by SimpleJsonTest</comment>
<a>java.io.FilePermission "${user.dir}${/}extin${/}-", "read"</a>
</block>
</jar>
<!--
Permissions for the tests (derbyTesting.jar)
We are liberal here, it's not a goal to make the test harness
or tests secure.Production policies.
-->
<jar>
<name>derbyTesting.jar</name>
<block>
<comment>Access all properties using System.getProperties</comment>
<a>java.util.PropertyPermission "*", "read,write"</a>
</block>
<block>
<comment>Need by various tests which call the ContextService</comment>
<a>org.apache.derby.shared.common.security.SystemPermission "engine", "usederbyinternals"</a>
</block>
<block>
<comment>Access all files under ${user.dir}to write the test directory structure</comment>
<a>java.io.FilePermission "${user.dir}${/}-", "read,write,delete"</a>
</block>
<block>
<comment>Tests need to be able to exec a java program. DERBY-6295: Also give them
read permission so that detailed error message is shown.</comment>
<a>java.io.FilePermission "${java.home}${/}-", "execute, read"</a>
</block>
<block>
<comment>When running with useprocess=false need to install and uninstall
the security manager and allow setIO to change the system err and out
streams. Currently the nist suite runs with useprocess=false.</comment>
<a>java.lang.RuntimePermission "setSecurityManager"</a>
<a>java.security.SecurityPermission "getPolicy"</a>
<a>java.lang.RuntimePermission "setIO"</a>
</block>
<block>
<comment>Needed by ClasspathSetup to change the classloader</comment>
<a>java.lang.RuntimePermission "createClassLoader"</a>
<a>java.lang.RuntimePermission "setContextClassLoader"</a>
</block>
<block>
<comment>These permissions are needed to dump the thread stack traces upon failure.</comment>
<a>java.lang.RuntimePermission "getStackTrace"</a>
<a>java.lang.RuntimePermission "modifyThreadGroup"</a>
</block>
<block>
<comment>Allow MBeanTest to register the application management MBean.</comment>
<a>javax.management.MBeanServerPermission "createMBeanServer"</a>
<a>javax.management.MBeanPermission "org.apache.derby.mbeans.Management#[org.apache.derby:type=Management]", "registerMBean,unregisterMBean"</a>
<a>javax.management.MBeanPermission "org.apache.derby.mbeans.Management#-[-]", "instantiate"</a>
<a>javax.management.MBeanTrustPermission "register"</a>
</block>
<block>
<comment>And to find and use Derby's MBeans</comment>
<a>javax.management.MBeanPermission "org.apache.derby.mbeans.*#[org.apache.derby:*]", "getAttribute,setAttribute,invoke"</a>
<a>javax.management.MBeanPermission "org.apache.derby.mbeans.*#-[org.apache.derby:*]", "getMBeanInfo"</a>
<a>javax.management.MBeanPermission "-#-[-]", "queryNames"</a>
<a>javax.management.MBeanPermission "org.apache.derby.mbeans.*#-[org.apache.derby:*]", "queryNames"</a>
</block>
<block>
<comment>Test code needs this as well for the platform MBeanServer
tests where the testing code is in the stack frame.</comment>
<a>org.apache.derby.shared.common.security.SystemPermission "jmx", "control"</a>
<a>org.apache.derby.shared.common.security.SystemPermission "engine", "monitor"</a>
<a>org.apache.derby.shared.common.security.SystemPermission "server", "control,monitor"</a>
</block>
<block>
<comment>This permission is needed to call the Connection.abort(Executor) method added by JDBC 4.1</comment>
<a>java.sql.SQLPermission "callAbort"</a>
</block>
<block>
<comment>Needed by FileUtil#limitAccessToOwner</comment>
<a>java.lang.RuntimePermission "accessUserInformation"</a>
<a>java.lang.RuntimePermission "getFileStoreAttributes"</a>
</block>
<block>
<comment>Needed by NetworkServerTestSetup when probing ports.</comment>
<a>java.net.SocketPermission "localhost", "listen"</a>
</block>
<block>
<comment>Needed by ClasspathSetup for freeing resources.</comment>
<a>java.lang.RuntimePermission "closeClassLoader"</a>
</block>
<block>
<comment>Needed by AutoloadTest to get at spawned process pid (Unixen) and call jstack:</comment>
<a>java.lang.RuntimePermission "accessDeclaredMembers"</a>
<a>java.lang.reflect.ReflectPermission "suppressAccessChecks"</a>
</block>
<block>
<comment>Presumes we have a JDK: First "..": back up past "jre"</comment>
<a>java.io.FilePermission "${java.home}${/}..${/}bin${/}-", "execute, read"</a>
</block>
</jar>
<jar>
<name>junit.jar</name>
<block>
<comment>JUnit jar file tries to read junit.properties in the user's
home directory and seems to require permission to read the
property user.home as well.
junit.swingui.TestRunner writes to .junitsession on exit.</comment>
<a>java.util.PropertyPermission "user.home", "read"</a>
<a>java.io.FilePermission "${user.home}${/}junit.properties", "read"</a>
<a>java.io.FilePermission "${user.home}${/}.junitsession", "write"</a>
</block>
<block>
<comment>This permission is needed when running the tests using ant 1.7</comment>
<a>java.io.FilePermission "${user.dir}${/}*", "write"</a>
</block>
</jar>
<jar>
<name>ant-junit.jar</name>
<block>
<comment>Ant's junit runner requires setOut to redirect the System output streams
to the forked JVM used when running junit tests inside Ant. Ant requires
forking the JVM if you want to run tests in a different directory than the
current one.</comment>
<a>java.lang.RuntimePermission "setIO"</a>
</block>
<block>
<comment>This permission is needed when running the tests using ant 1.7</comment>
<a>java.io.FilePermission "${user.dir}${/}*", "write"</a>
</block>
</jar>
<jar>
<name>ant.jar</name>
<block>
<comment>Starting with Ant 1.9.3, write permission has to be granted to ant.jar
as well so that Ant's JUnit runner can write test results to a file.
Only needed when running the tests under Ant. See DERBY-6685.</comment>
<a>java.io.FilePermission "${user.dir}${/}*", "write"</a>
</block>
</jar>
<!--
Grants to all code bases
-->
<jar>
<name></name>
<block>
<comment>functionTests.tests.lang.RoutineSecurityTest requires this grant
to check to see if permissions are granted through generated code
through this mechanism.</comment>
<a>java.util.PropertyPermission "derbyRoutineSecurityTest.yes", "read"</a>
</block>
<block>
<comment>These permissions are needed when testing code instrumented with EMMA.
They will only be used if the emma.active system property property is
set, which should be set to "" for the permissions to be correct. Must
be granted to all code bases because EMMA doesn't use doPrivileged
blocks around the code that needs the permissions.</comment>
<a>java.util.PropertyPermission "${emma.active}user.dir", "read"</a>
<a>java.io.FilePermission "${emma.active}${user.dir}${/}coverage.ec", "read,write"</a>
<a>java.lang.RuntimePermission "${emma.active}writeFileDescriptor"</a>
</block>
<block>
<comment>Grant the required permissions for JaCoCo (code coverage tool).</comment>
<a>java.io.FilePermission "${jacoco.active}${user.dir}${/}*", "read,write"</a>
<a>java.io.FilePermission "${jacoco.active}${user.dir}${/}..${/}jacoco.exec", "read,write"</a>
</block>
</jar>
<jar>
<name>jaxp.jar</name>
<block>
<comment>When inserting XML values that use external DTD's, the JAXP parser
needs permission to read the DTD files. We assume that all DTD
files will be copied to extin/ by whichever tests need them. So
grant the JAXP parser permissions to read that directory.</comment>
<a>java.io.FilePermission "${user.dir}${/}extin${/}-", "read"</a>
</block>
</jar>
<!--
Permissions for package-private tests run from 'classes.pptesting'
-->
<jar>
<name>ppcodeclasses</name>
<block>
<comment>Needed for ProtocolTest - allows connection to a server</comment>
<a>java.net.SocketPermission "127.0.0.1", "connect,resolve"</a>
<a>java.net.SocketPermission "localhost", "connect,resolve"</a>
<a>java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve"</a>
</block>
<block>
<comment>Allows reading support files in 'extin'</comment>
<a>java.io.FilePermission "${user.dir}${/}extin${/}-", "read"</a>
</block>
</jar>
</policy>
<policy>
<name>VersionCombinationConfigurator</name>
<output>
<file>classes/testing/org/apache/derbyTesting/functionTests/tests/compatibility/VersionCombinationConfigurator.policy</file>
<properties>securityTests.properties</properties>
</output>
<jar>
<name>derbyTesting.jar</name>
<block>
<comment>Needed to find the location of classes in jars</comment>
<a>java.lang.RuntimePermission "getProtectionDomain"</a>
</block>
</jar>
</policy>
<policy>
<name>GetCurrentPropertiesTest</name>
<include>basicTests</include>
<output>
<file>classes/testing/org/apache/derbyTesting/functionTests/tests/derbynet/GetCurrentPropertiesTest.policy</file>
<properties>securityTests.properties</properties>
</output>
<jar>
<name>derbynet.jar</name>
<block>
<comment>For testPropertiesAfterConnection and testPropertiesTraceOn</comment>
<a>java.io.FilePermission "${derby.system.home}${/}-", "write"</a>
</block>
<block>
<comment>Restrict visibility on trace files</comment>
<a>java.io.FilePermission "${user.dir}${/}system${/}-", "read"</a>
</block>
</jar>
<jar>
<name>derbyTesting.jar</name>
<block>
<comment>Access all properties using System.getProperties</comment>
<a>java.util.PropertyPermission "*", "read,write"</a>
</block>
</jar>
</policy>
<policy>
<name>NetworkServerControlApiTest</name>
<include>basicTests</include>
<output>
<file>classes/testing/org/apache/derbyTesting/functionTests/tests/derbynet/NetworkServerControlApiTest.policy</file>
<properties>securityTests.properties</properties>
</output>
<jar>
<name>derbynet.jar</name>
<block>
<comment>Tracing tests</comment>
<a>java.io.FilePermission "${derby.system.home}${/}-", "read,write"</a>
<a>java.io.FilePermission "${user.dir}${/}system${/}", "read,write"</a>
</block>
</jar>
<jar>
<name>derbyTesting.jar</name>
<block>
<comment>Needed by NetworkServerTestSetup when probing ports.</comment>
<a>java.net.SocketPermission "localhost", "listen"</a>
<a>java.net.SocketPermission "127.0.0.1", "accept,connect,resolve"</a>
<a>java.net.SocketPermission "localhost", "accept,connect,listen"</a>
<a>java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect"</a>
<a>java.net.SocketPermission "${derbyTesting.serverhost}", "accept,connect"</a>
</block>
<block>
<comment>For setting properties.</comment>
<a>java.util.PropertyPermission "*", "read,write"</a>
</block>
</jar>
</policy>
<policy>
<name>ProtocolTest</name>
<include>basicTests</include>
<output>
<file>classes/testing/org/apache/derbyTesting/functionTests/tests/derbynet/ProtocolTest.policy</file>
<properties>securityTests.properties</properties>
</output>
<jar>
<name>derbynet.jar</name>
<block>
<comment>Give write permission for trace files if debugging with derby.drda.traceAll=true</comment>
<a>java.io.FilePermission "${user.dir}${/}system${/}-", "read,write"</a>
</block>
</jar>
<jar>
<name>derbyTesting.jar</name>
<block>
<comment>Extra permissions needed by the test module.</comment>
<a>java.net.SocketPermission "127.0.0.1", "connect,resolve"</a>
<a>java.net.SocketPermission "localhost", "connect,resolve"</a>
<a>java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve"</a>
</block>
</jar>
</policy>
<policy>
<name>RuntimeInfoTest</name>
<include>basicTests</include>
<output>
<file>classes/testing/org/apache/derbyTesting/functionTests/tests/derbynet/RuntimeInfoTest.policy</file>
<properties>securityTests.properties</properties>
</output>
<jar>
<name>derbyTesting.jar</name>
<block>
<comment>Access all properties using System.getProperties</comment>
<a>java.util.PropertyPermission "*", "read,write"</a>
</block>
</jar>
</policy>
<policy>
<name>SecureServerTest</name>
<include>basicTests</include>
<output>
<file>classes/testing/org/apache/derbyTesting/functionTests/tests/derbynet/SecureServerTest.policy</file>
<properties>securityTests.properties</properties>
</output>
<jar>
<name>derby.jar</name>
<block>
<comment>Remove this permission for test of DERBY-6619</comment>
<d>java.lang.RuntimePermission "setContextClassLoader"</d>
</block>
</jar>
<jar>
<name>derbynet.jar</name>
<block>
<comment>For running the server in another process</comment>
<a>java.util.PropertyPermission "derby.__serverStartedFromCmdLine", "write"</a>
</block>
</jar>
<jar>
<name>derbyTesting.jar</name>
<block>
<comment>Access all properties using System.getProperties</comment>
<a>java.util.PropertyPermission "*", "read,write"</a>
</block>
</jar>
</policy>
<policy>
<name>ServerPropertiesTest</name>
<include>basicTests</include>
<output>
<file>classes/testing/org/apache/derbyTesting/functionTests/tests/derbynet/ServerPropertiesTest.policy</file>
<properties>securityTests.properties</properties>
</output>
<jar>
<name>derbynet.jar</name>
<block>
<comment>for testToggleTrace</comment>
<a>java.io.FilePermission "${derby.system.home}${/}-", "write"</a>
</block>
<block>
<comment>For reading properties?</comment>
<a>java.io.FilePermission "${user.dir}${/}system${/}-", "read"</a>
</block>
</jar>
<jar>
<name>derbyTesting.jar</name>
<block>
<comment>Access all properties using System.getProperties</comment>
<a>java.util.PropertyPermission "*", "read,write"</a>
</block>
</jar>
</policy>
<policy>
<name>SysinfoTest</name>
<include>basicTests</include>
<output>
<file>classes/testing/org/apache/derbyTesting/functionTests/tests/derbynet/SysinfoTest.policy</file>
<properties>securityTests.properties</properties>
</output>
<jar>
<name>derbytools.jar</name>
<block>
<comment>Read all files under ${user.dir}</comment>
<a>java.io.FilePermission "${user.dir}${/}-", "read"</a>
</block>
</jar>
<jar>
<name>derbyTesting.jar</name>
<block>
<comment>Access all properties using System.getProperties</comment>
<a>java.util.PropertyPermission "*", "read,write"</a>
</block>
</jar>
</policy>
<policy>
<name>ShutdownWithoutDeregisterPermissionTest</name>
<include>basicTests</include>
<output>
<file>classes/testing/org/apache/derbyTesting/functionTests/tests/engine/noDeregisterPermission.policy</file>
<properties>securityTests.properties</properties>
</output>
<jar>
<name>derby.jar</name>
<block>
<comment>Make sure that the deregisterDriver permission is not granted</comment>
<d>java.sql.SQLPermission "deregisterDriver"</d>
</block>
</jar>
</policy>
<policy>
<name>AbortTest</name>
<include>basicTests</include>
<output>
<file>classes/testing/org/apache/derbyTesting/functionTests/tests/jdbc4/noAbortPermission.policy</file>
<properties>securityTests.properties</properties>
</output>
<jar>
<name>derbyTesting.jar</name>
<block>
<comment>Remove this permission so that we can test the case of
applications which have not been granted the privilege to
abort physical connections.</comment>
<d>java.sql.SQLPermission "callAbort"</d>
</block>
</jar>
</policy>
<policy>
<name>LDAPAuthenticationTest</name>
<include>basicTests</include>
<output>
<file>classes/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/LDAPTests.policy</file>
<properties>securityTests.properties</properties>
</output>
<jar>
<name>derby.jar</name>
<block>
<comment>resolve is needed to run ldap related tests</comment>
<a>java.net.SocketPermission "${derbyTesting.ldapServer}", "connect, resolve"</a>
</block>
</jar>
<jar>
<name>derbyTesting.jar</name>
<block>
<comment>resolve is needed to run ldap related tests</comment>
<a>java.net.SocketPermission "${derbyTesting.ldapServer}", "connect, resolve"</a>
</block>
</jar>
</policy>
<policy>
<name>XATest</name>
<include>basicTests</include>
<output>
<file>classes/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/XATest.policy</file>
<properties>securityTests.properties</properties>
</output>
<jar>
<name>derbyTesting.jar</name>
<block>
<a>java.lang.management.ManagementPermission "monitor"</a>
</block>
</jar>
</policy>
<policy>
<name>LuceneTests</name>
<include>basicTests</include>
<output>
<file>classes/testing/org/apache/derbyTesting/functionTests/tests/lang/luceneSupport.policy</file>
<properties>securityTests.properties</properties>
</output>
<jar>
<name>derbyoptionaltools.jar</name>
<block>
<comment>So that the Lucene tool can access Derby internals</comment>
<a>java.util.PropertyPermission "derby.system.home", "read"</a>
<a>org.apache.derby.shared.common.security.SystemPermission "engine", "usederbyinternals"</a>
</block>
<block>
<comment>Databases under derby.system.home</comment>
<a>java.io.FilePermission "${derby.system.home}${/}lucenesupportpermsdb${/}LUCENE", "read,write,delete"</a>
<a>java.io.FilePermission "${derby.system.home}${/}lucenesupportpermsdb${/}LUCENE${/}-", "read,write,delete"</a>
<a>java.io.FilePermission "${derby.system.home}${/}lucenebackupdb${/}LUCENE", "read,write,delete"</a>
<a>java.io.FilePermission "${derby.system.home}${/}lucenebackupdb${/}LUCENE${/}-", "read,write,delete"</a>
<a>java.io.FilePermission "${derby.system.home}${/}lucenejarloadingdb${/}LUCENE", "read,write,delete"</a>
<a>java.io.FilePermission "${derby.system.home}${/}lucenejarloadingdb${/}LUCENE${/}-", "read,write,delete"</a>
</block>
<block>
<comment>Accessing Lucene code</comment>
<a>java.io.FilePermission "${derbyTesting.lucene.core.jar.file}", "read"</a>
<a>java.util.PropertyPermission "user.dir", "read"</a>
<a>java.lang.RuntimePermission "accessDeclaredMembers"</a>
<a>java.lang.RuntimePermission "accessClassInPackage.sun.misc"</a>
<a>java.lang.reflect.ReflectPermission "suppressAccessChecks"</a>
</block>
</jar>
<jar>
<name>lucene-core.jar</name>
<block>
<comment>permissions for file access, write access only to sandbox</comment>
<a>java.io.FilePermission "${derby.system.home}${/}lucenesupportpermsdb${/}LUCENE", "read,write,delete"</a>
<a>java.io.FilePermission "${derby.system.home}${/}lucenesupportpermsdb${/}LUCENE${/}-", "read,write,delete"</a>
<a>java.io.FilePermission "${derby.system.home}${/}lucenebackupdb${/}LUCENE", "read,write,delete"</a>
<a>java.io.FilePermission "${derby.system.home}${/}lucenebackupdb${/}LUCENE${/}-", "read,write,delete"</a>
<a>java.io.FilePermission "${derby.system.home}${/}lucenejarloadingdb${/}LUCENE", "read,write,delete"</a>
<a>java.io.FilePermission "${derby.system.home}${/}lucenejarloadingdb${/}LUCENE${/}-", "read,write,delete"</a>
</block>
<block>
<comment>Basic permissions needed for Lucene to work</comment>
<a>java.util.PropertyPermission "user.dir", "read"</a>
<a>java.util.PropertyPermission "sun.arch.data.model", "read"</a>
<a>java.lang.RuntimePermission "accessDeclaredMembers"</a>
<a>java.lang.RuntimePermission "accessClassInPackage.sun.misc"</a>
<a>java.lang.reflect.ReflectPermission "suppressAccessChecks"</a>
</block>
</jar>
</policy>
<policy>
<name>NoDBInternalsPermissionTest</name>
<include>basicTests</include>
<output>
<file>classes/testing/org/apache/derbyTesting/functionTests/tests/lang/no_derby_internals.policy</file>
<properties>securityTests.properties</properties>
</output>
<jar>
<name>derbyTesting.jar</name>
<block>
<comment>Need to access internal Derby structures</comment>
<d>org.apache.derby.shared.common.security.SystemPermission "engine", "usederbyinternals"</d>
</block>
</jar>
</policy>
<policy>
<name>NewOptimizerOverridesTest</name>
<include>basicTests</include>
<output>
<file>classes/testing/org/apache/derbyTesting/functionTests/tests/lang/resultSetReader.policy</file>
<properties>securityTests.properties</properties>
</output>
<jar>
<name>derby.jar</name>
<block>
<comment>For reading fields in the ResultSet graph</comment>
<a>java.lang.RuntimePermission "accessDeclaredMembers"</a>
</block>
</jar>
<jar>
<name>derbyTesting.jar</name>
<block>
<comment>Remove this permission</comment>
<a>org.apache.derby.shared.common.security.SystemPermission "engine", "usederbyinternals"</a>
</block>
</jar>
</policy>
<policy>
<name>SecurityPolicyReloadingTest.initial</name>
<include>basicTests</include>
<output>
<file>classes/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.initial.policy</file>
<properties>securityTests.properties</properties>
</output>
<jar>
<name>derbyTesting.jar</name>
<block>
<comment>Access all files</comment>
<a>java.io.FilePermission "&lt;&lt;ALL FILES&gt;&gt;", "read,write,delete"</a>
</block>
</jar>
</policy>
<policy>
<name>SecurityPolicyReloadingTest.modified</name>
<include>basicTests</include>
<output>
<file>classes/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.modified.policy</file>
<properties>securityTests.properties</properties>
</output>
<jar>
<name>derbyTesting.jar</name>
<block>
<comment>Access all files</comment>
<a>java.io.FilePermission "&lt;&lt;ALL FILES&gt;&gt;", "read,write,delete"</a>
</block>
<block>
<comment>Restrict the properties which can be read</comment>
<d>java.util.PropertyPermission "*", "read,write"</d>
<a>java.util.PropertyPermission "derby.*", "read,write"</a>
</block>
</jar>
</policy>
<policy>
<name>SecurityPolicyReloadingTest.unreloadable</name>
<include>basicTests</include>
<output>
<file>classes/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.unreloadable.policy</file>
<properties>securityTests.properties</properties>
</output>
<jar>
<name>derby.jar</name>
<block>
<comment>This permission is deliberately omitted.</comment>
<d>java.security.SecurityPermission "getPolicy"</d>
</block>
</jar>
</policy>
<policy>
<name>CacheManagerMBeanTest.withoutPerm</name>
<include>basicTests</include>
<output>
<file>classes/testing/org/apache/derbyTesting/functionTests/tests/management/CacheManagerMBeanTest.withoutPerm.policy</file>
<properties>securityTests.properties</properties>
</output>
<jar>
<name>derbyTesting.jar</name>
<block>
<comment>This permission is deliberately omitted.</comment>
<d>org.apache.derby.shared.common.security.SystemPermission "engine", "monitor"</d>
</block>
</jar>
</policy>
<policy>
<name>CacheManagerMBeanTest.withPerm</name>
<include>basicTests</include>
<output>
<file>classes/testing/org/apache/derbyTesting/functionTests/tests/management/CacheManagerMBeanTest.withPerm.policy</file>
<properties>securityTests.properties</properties>
</output>
<jar>
<name>derbyTesting.jar</name>
<block>
<comment>Ensure that this permission is granted.</comment>
<a>org.apache.derby.shared.common.security.SystemPermission "engine", "monitor"</a>
</block>
</jar>
</policy>
<policy>
<name>Derby5937SlaveShutdownTest</name>
<include>basicTests</include>
<output>
<file>classes/testing/org/apache/derbyTesting/functionTests/tests/replicationTests/Derby5937SlaveShutdownTest.policy</file>
<properties>securityTests.properties</properties>
</output>
<jar>
<name>derby.jar</name>
<block>
<comment>Add these.</comment>
<a>java.net.SocketPermission "127.0.0.1", "connect,accept,listen"</a>
<a>java.net.SocketPermission "localhost", "connect,accept,listen"</a>
</block>
</jar>
</policy>
<policy>
<name>derbyrunjartest</name>
<include>basicTests</include>
<output>
<file>classes/testing/org/apache/derbyTesting/functionTests/tests/tools/derbyrunjartest.policy</file>
<properties>securityTests.properties</properties>
</output>
<jar>
<name>derbyTesting.jar</name>
<block>
<comment>Add this.</comment>
<a>java.lang.RuntimePermission "getProtectionDomain"</a>
</block>
</jar>
</policy>
<policy>
<name>T_RecoverFullLog</name>
<include>basicTests</include>
<output>
<file>classes/testing/org/apache/derbyTesting/functionTests/tests/unit/fillLog.policy</file>
<properties>securityTests.properties</properties>
</output>
<jar>
<name>derby.jar</name>
<block>
<comment>Add this.</comment>
<a>java.util.PropertyPermission "derbyTesting.unittest.*", "read"</a>
</block>
</jar>
</policy>
<policy>
<name>Derby3980DeadlockTest</name>
<include>basicTests</include>
<output>
<file>classes/testing/org/apache/derbyTesting/functionTests/tests/store/Derby3980DeadlockTest.policy</file>
<properties>securityTests.properties</properties>
</output>
<jar>
<name>derbyTesting.jar</name>
<block>
<comment>Need to read and delete file for user.dir (Derby3980DeadlockTest)</comment>
<a>java.io.FilePermission "${user.dir}", "read"</a>
<a>java.io.FilePermission "${user.dir}${/}*.txt", "read,write,delete"</a>
</block>
</jar>
</policy>
<policy>
<name>AssertFailureTest.initial</name>
<include>basicTests</include>
<output>
<file>classes/testing/org/apache/derbyTesting/unitTests/junit/AssertFailureTest.policy</file>
<properties>securityTests.properties</properties>
</output>
<jar>
<name>derbyTesting.jar</name>
<block>
<comment>Allow tests to install and uninstall the security manager and to refresh the policy</comment>
<a>java.util.PropertyPermission "java.security.policy", "read,write"</a>
</block>
<block>
<comment>needs to run "doAsPrivileged"</comment>
<a>javax.security.auth.AuthPermission "doAsPrivileged"</a>
</block>
</jar>
</policy>
<policy>
<name>AssertFailureTest.reloaded</name>
<include>AssertFailureTest.initial</include>
<output>
<file>classes/testing/org/apache/derbyTesting/unitTests/junit/AssertFailureTest1.policy</file>
<properties>securityTests.properties</properties>
</output>
<jar>
<name>derbyshared.jar</name>
<block>
<comment>Remove these.</comment>
<d>java.lang.RuntimePermission "getStackTrace"</d>
<d>java.lang.RuntimePermission "modifyThreadGroup"</d>
</block>
</jar>
</policy>
<policy>
<name>MissingPermissionsTest.initial</name>
<include>basicTests</include>
<output>
<file>classes/testing/org/apache/derbyTesting/unitTests/junit/MissingPermissionsTest.policy</file>
<properties>securityTests.properties</properties>
</output>
<jar>
<name>derbyshared.jar</name>
<block>
<comment>Remove these.</comment>
<d>java.lang.RuntimePermission "getStackTrace"</d>
<d>java.lang.RuntimePermission "modifyThreadGroup"</d>
<d>org.apache.derby.shared.common.security.SystemPermission "engine", "monitor"</d>
<d>org.apache.derby.shared.common.security.SystemPermission "server", "monitor"</d>
<d>java.util.PropertyPermission "user.dir", "read"</d>
<d>java.io.FilePermission "${user.dir}${/}-", "read,write"</d>
</block>
</jar>
<jar>
<name>derby.jar</name>
<block>
<d>java.io.FilePermission "${derby.system.home}","read,write"</d>
<d>java.io.FilePermission "${derby.system.home}${/}derby.properties", "read"</d>
<d>java.io.FilePermission "${derby.system.home}${/}derby.log", "read,write,delete"</d>
<d>java.io.FilePermission "${java.io.tmpdir}${/}-", "read,write,delete"</d>
<d>java.io.FilePermission "${derby.system.home}", "read,write"</d>
<d>java.io.FilePermission "${user.dir}${/}extin${/}-", "read"</d>
<d>java.io.FilePermission "${user.dir}${/}extinout${/}-", "read,write,delete"</d>
<d>java.io.FilePermission "${user.dir}${/}extout${/}-", "read,write"</d>
<d>java.io.FilePermission "${user.dir}${/}extinout", "read,write"</d>
</block>
<block>
<d>java.util.PropertyPermission "derbyTesting.unittest.*", "write"</d>
<d>java.util.PropertyPermission "derby.storage.jvmInstanceId", "write"</d>
<d>java.lang.RuntimePermission "getClassLoader"</d>
<d>java.lang.RuntimePermission "setContextClassLoader"</d>
<d>java.security.SecurityPermission "getPolicy"</d>
</block>
<block>
<a>java.lang.RuntimePermission "setSecurityManager"</a>
<a>java.io.FilePermission "&lt;&lt;ALL FILES&gt;&gt;", "read,write,delete"</a>
<a>java.io.FilePermission "${derby.system.home}","read"</a>
<a>java.util.PropertyPermission "user.*", "read"</a>
<a>java.util.PropertyPermission "java.home", "read"</a>
</block>
</jar>
<jar>
<name>derbytools.jar</name>
<block>
<d>java.util.PropertyPermission "*", "read,write"</d>
<d>java.util.PropertyPermission "user.*", "read"</d>
<d>java.util.PropertyPermission "java.home", "read"</d>
<d>java.util.PropertyPermission "java.class.path", "read"</d>
<d>java.util.PropertyPermission "java.runtime.version", "read"</d>
<d>java.util.PropertyPermission "java.fullversion", "read"</d>
<d>java.lang.RuntimePermission "getProtectionDomain"</d>
<d>java.io.FilePermission "${user.dir}${/}-", "read"</d>
<d>java.io.FilePermission "${user.dir}${/}extinout${/}-", "read,write,delete"</d>
<d>java.io.FilePermission "${derbyTesting.testjarpath}", "read"</d>
<d>java.lang.RuntimePermission "getStackTrace"</d>
<d>java.lang.RuntimePermission "modifyThreadGroup"</d>
</block>
</jar>
<jar>
<name>derbynet.jar</name>
<block>
<d>java.lang.RuntimePermission "accessUserInformation"</d>
<d>java.lang.RuntimePermission "getFileStoreAttributes"</d>
<d>java.util.PropertyPermission "derby.__serverStartedFromCmdLine", "read,write"</d>
<d>org.apache.derby.shared.common.security.SystemPermission "server", "control,monitor"</d>
<d>org.apache.derby.shared.common.security.SystemPermission "engine", "usederbyinternals"</d>
<d>java.net.SocketPermission "localhost:${derby.security.port}", "listen"</d>
<d>java.io.FilePermission "${derby.drda.traceDirectory}${/}-", "read,write,delete"</d>
<d>java.net.SocketPermission "127.0.0.1", "accept,connect"</d>
<d>java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect"</d>
<d>java.net.SocketPermission "${derbyTesting.serverhost}", "accept,connect"</d>
<d>java.net.SocketPermission "localhost", "accept,connect,listen"</d>
<d>java.io.FilePermission "${user.dir}${/}system${/}trace", "read,write"</d>
<d>java.io.FilePermission "${user.dir}${/}system${/}trace${/}-", "read,write"</d>
<d>java.io.FilePermission "${user.dir}${/}system${/}RFPT_db_tracefiles_restr", "read,write"</d>
<d>java.io.FilePermission "${user.dir}${/}system${/}RFPT_db_tracefiles_lax", "read,write"</d>
<d>java.io.FilePermission "${user.dir}${/}system${/}RFPT_db_tracefiles_restr${/}-", "read,write"</d>
<d>java.io.FilePermission "${user.dir}${/}system${/}RFPT_db_tracefiles_lax${/}-", "read,write"</d>
</block>
</jar>
<jar>
<name>derbyclient.jar</name>
<block>
<d>java.net.SocketPermission "localhost", "connect,resolve"</d>
<d>java.util.PropertyPermission "user.dir", "read"</d>
<d>java.io.FilePermission "${user.dir}${/}-", "read,write"</d>
<d>java.util.PropertyPermission "derby.*", "read"</d>
<d>java.sql.SQLPermission "callAbort"</d>
<d>java.net.SocketPermission "127.0.0.1", "connect,resolve"</d>
<d>java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve"</d>
</block>
</jar>
<jar>
<name>derbyTesting.jar</name>
<block>
<d>org.apache.derby.shared.common.security.SystemPermission "engine", "usederbyinternals"</d>
<d>java.io.FilePermission "${user.dir}${/}-", "read,write,delete"</d>
<d>java.io.FilePermission "${java.home}${/}-", "execute, read"</d>
<d>java.lang.RuntimePermission "setIO"</d>
<d>java.lang.RuntimePermission "createClassLoader"</d>
<d>java.lang.RuntimePermission "setContextClassLoader"</d>
<d>java.lang.RuntimePermission "getStackTrace"</d>
<d>org.apache.derby.shared.common.security.SystemPermission "jmx", "control"</d>
<d>org.apache.derby.shared.common.security.SystemPermission "engine", "monitor"</d>
<d>org.apache.derby.shared.common.security.SystemPermission "server", "control,monitor"</d>
<d>java.sql.SQLPermission "callAbort"</d>
<d>java.lang.RuntimePermission "accessUserInformation"</d>
<d>java.lang.RuntimePermission "getFileStoreAttributes"</d>
<d>java.net.SocketPermission "localhost", "listen"</d>
<d>java.lang.RuntimePermission "closeClassLoader"</d>
<d>java.lang.RuntimePermission "accessDeclaredMembers"</d>
<d>java.lang.reflect.ReflectPermission "suppressAccessChecks"</d>
<d>java.io.FilePermission "${java.home}${/}..${/}bin${/}-", "execute, read"</d>
</block>
<block>
<a>java.util.PropertyPermission "java.security.policy", "read,write"</a>
<a>java.lang.RuntimePermission "modifyThread"</a>
<a>javax.security.auth.AuthPermission "doAsPrivileged" </a>
<a>java.io.FilePermission "&lt;&lt;ALL FILES&gt;&gt;", "read,write,delete,execute"</a>
</block>
</jar>
<jar>
<name>junit.jar</name>
<block>
<a>java.util.PropertyPermission "inSubProcess", "read"</a>
</block>
</jar>
</policy>
<policy>
<name>MissingPermissionsTest.reloaded</name>
<include>MissingPermissionsTest.initial</include>
<output>
<file>classes/testing/org/apache/derbyTesting/unitTests/junit/MissingPermissionsTest1.policy</file>
<properties>securityTests.properties</properties>
</output>
<jar>
<name>derby.jar</name>
<block>
<d>java.util.PropertyPermission "derby.*", "read"</d>
</block>
</jar>
<jar>
<name>derbyTesting.jar</name>
<block>
<d>java.lang.RuntimePermission "modifyThreadGroup"</d>
<d>java.lang.RuntimePermission "modifyThread"</d>
<d>java.io.FilePermission "&lt;&lt;ALL FILES&gt;&gt;", "read,write,delete,execute"</d>
</block>
<block>
<a>java.io.FilePermission "&lt;&lt;ALL FILES&gt;&gt;", "read,write,delete"</a>
</block>
</jar>
</policy>
<policy>
<name>MissingPermissionsTest.reloadedAgain</name>
<include>MissingPermissionsTest.reloaded</include>
<output>
<file>classes/testing/org/apache/derbyTesting/unitTests/junit/MissingPermissionsTest2.policy</file>
<properties>securityTests.properties</properties>
</output>
<jar>
<name>derby.jar</name>
<block>
<d>java.io.FilePermission "${derby.system.home}${/}-", "read,write,delete"</d>
<d>java.io.FilePermission "&lt;&lt;ALL FILES&gt;&gt;", "read,write,delete"</d>
<d>java.util.PropertyPermission "user.*", "read"</d>
<d>java.util.PropertyPermission "java.home", "read"</d>
<d>java.util.PropertyPermission "java.class.path", "read"</d>
<d>java.io.FilePermission "&lt;&lt;ALL FILES&gt;&gt;", "read"</d>
<d>java.io.FilePermission "java.runtime.version", "read"</d>
<d>java.io.FilePermission "java.fullversion", "read"</d>
<d>java.sql.SQLPermission "callAbort"</d>
</block>
<block>
<a>java.util.PropertyPermission "derby.*", "read"</a>
<a>java.io.FilePermission "./derby.log", "read,write,delete"</a>
<a>java.io.FilePermission "singleUse${/}-", "read,write,delete"</a>
<a>java.io.FilePermission "system", "read,write,delete"</a>
<a>java.io.FilePermission "system${/}singleUse{/}-", "read,write,delete"</a>
<a>java.io.FilePermission "system${/}nested${/}-", "read,write,delete"</a>
<a>java.io.FilePermission ".", "read,write,delete"</a>
<a>java.lang.RuntimePermission "setContextClassLoader"</a>
</block>
</jar>
<jar>
<name>derbyTesting.jar</name>
<block>
<d>java.io.FilePermission "&lt;&lt;ALL FILES&gt;&gt;", "read,write,delete"</d>
</block>
<block>
<a>java.io.FilePermission "&lt;&lt;ALL FILES&gt;&gt;", "read,write,delete,execute"</a>
</block>
</jar>
<jar>
<name>derbytools.jar</name>
<block>
<a>java.util.PropertyPermission "*", "read,write"</a>
<a>java.util.PropertyPermission "java.home", "read"</a>
<a>java.util.PropertyPermission "java.class.path", "read"</a>
<a>java.util.PropertyPermission "java.runtime.version", "read"</a>
<a>java.util.PropertyPermission "java.fullversion", "read"</a>
<a>java.lang.RuntimePermission "getProtectionDomain"</a>
<a>java.io.FilePermission "&lt;&lt;ALL FILES&gt;&gt;", "read"</a>
</block>
</jar>
</policy>
<policy>
<name>SystemPrivilegesPermissionTest.reloaded</name>
<include>basicTests</include>
<output>
<file>classes/testing/org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest1.policy</file>
<properties>securityTests.properties</properties>
<jar>
<name>derby.jar</name>
<block>
<comment>Needed to canonicalize file names on Windows.</comment>
<a>java.io.FilePermission "&lt;&lt;ALL FILES&gt;&gt;", "read,write"</a>
</block>
</jar>
</output>
</policy>
<policy>
<name>SystemPrivilegesPermissionTest.initial</name>
<include>SystemPrivilegesPermissionTest.reloaded</include>
<output>
<file>classes/testing/org/apache/derbyTesting/unitTests/junit/SystemPrivilegesPermissionTest.policy</file>
<properties>securityTests.properties</properties>
</output>
<jar>
<name>principal org.apache.derby.authentication.SystemPrincipal "AUTHORIZEDSYSTEMUSER"</name>
<block>
<a>org.apache.derby.shared.common.security.SystemPermission "server", "shutdown"</a>
<a>org.apache.derby.security.DatabasePermission "directory:*", "create"</a>
<a>org.apache.derby.security.DatabasePermission "directory:level0/level1/-", "create"</a>
<a>org.apache.derby.security.DatabasePermission "directory:/*", "create"</a>
<a>org.apache.derby.security.DatabasePermission "directory:/level0/level1/-", "create"</a>
</block>
</jar>
<jar>
<name>principal org.apache.derby.authentication.SystemPrincipal "SUPERUSER"</name>
<block>
<a>org.apache.derby.shared.common.security.SystemPermission "server", "shutdown"</a>
<a>org.apache.derby.security.DatabasePermission "directory:&lt;&lt;ALL FILES&gt;&gt;", "create"</a>
</block>
</jar>
<jar>
<name>principal org.apache.derby.authentication.SystemPrincipal *</name>
<block>
<a>org.apache.derby.security.DatabasePermission "directory:dir", "create"</a>
</block>
</jar>
<jar>
<name>derbyTesting.jar</name>
<block>
<a>javax.security.auth.AuthPermission "doAsPrivileged"</a>
</block>
</jar>
</policy>
<!--
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!
!! DITA Documentation in the Derby Security Guide
!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-->
<policy>
<name>basicEngineDoc</name>
<include>engineTemplate</include>
<output>
<file>generated/java/org.apache.derby.engine/org/apache/derby/security/rsecbasicengine.dita</file>
<properties>securityProduct.properties</properties>
<doc>
<title>Basic engine security policy template</title>
<shortDesc>Customize this policy if your application embeds the Derby engine, running Derby and application code in a single JVM process.</shortDesc>
<majorIndexTerm>Embedded Engine</majorIndexTerm>
<minorIndexTerm>basic policy</minorIndexTerm>
<longDesc>The embedded engine policy grants essential permissions to the engine and shared modules.</longDesc>
</doc>
</output>
</policy>
<policy>
<name>basicServerDoc</name>
<include>serverTemplate</include>
<output>
<file>generated/java/org.apache.derby.engine/org/apache/derby/security/rsecbasicserver.dita</file>
<properties>securityProduct.properties</properties>
<doc>
<title>Basic server security policy template</title>
<shortDesc>Customize this policy if you run a Derby server, either standalone or embedded inside your application.</shortDesc>
<majorIndexTerm>Network Server</majorIndexTerm>
<minorIndexTerm>basic policy</minorIndexTerm>
<longDesc>This policy grants essential permissions to the server, tools, engine, and shared modules.</longDesc>
</doc>
</output>
</policy>
<policy>
<name>basicClientDoc</name>
<include>basicClient</include>
<output>
<file>generated/java/org.apache.derby.engine/org/apache/derby/security/rsecbasicclient.dita</file>
<properties>securityProduct.properties</properties>
<doc>
<title>Basic client security policy template</title>
<shortDesc>Customize this policy if you run a client-side application, which connects to a Derby server across a network.</shortDesc>
<majorIndexTerm>Network Server</majorIndexTerm>
<minorIndexTerm>basic policy</minorIndexTerm>
<longDesc>This policy grants essential permissions to the client and shared modules.</longDesc>
</doc>
</output>
</policy>
<policy>
<name>basicToolsDoc</name>
<include>basicTools</include>
<output>
<file>generated/java/org.apache.derby.engine/org/apache/derby/security/rsecbasictools.dita</file>
<properties>securityProduct.properties</properties>
<doc>
<title>Basic tools security policy template</title>
<shortDesc>Customize this policy if you run Derby tools against an embedded Derby engine.</shortDesc>
<majorIndexTerm>Network Server</majorIndexTerm>
<minorIndexTerm>basic policy</minorIndexTerm>
<longDesc>This policy grants essential permissions to the tools, engine, and shared modules.</longDesc>
</doc>
</output>
</policy>
<policy>
<name>customizedExampleDoc</name>
<include>coreServer</include>
<output>
<file>generated/java/org.apache.derby.engine/org/apache/derby/security/rsecpolicysample.dita</file>
<properties>securityDocExample.properties</properties>
<doc>
<title>Sample customized Java security policy file</title>
<shortDesc>Here is a sample customized Java security policy file.</shortDesc>
<majorIndexTerm>Network Server</majorIndexTerm>
<minorIndexTerm>basic policy</minorIndexTerm>
<longDesc>This example configures a server's permissions to allow network access and to allow backup/restore, import/export, and the loading of user-written code:</longDesc>
</doc>
</output>
<jar>
<name>derby.jar</name>
<block>
<comment>Support backup/restore to/from a secure branch of the file system
owned by the user who booted the JVM:</comment>
<a>java.io.FilePermission "/Users/me/derby/dummy/backups/-", "read,write,delete"</a>
</block>
<block>
<comment>Support export/import of tables to/from a secure branch of the file system
owned by the user who booted the JVM:</comment>
<a>java.io.FilePermission "/Users/me/derby/dummy/imports/-", "read,write,delete"</a>
</block>
<block>
<comment>Support loading of jar files which contain user-written types,
aggregates, functions, and procedures when those jar files live
in a secure branch of the file system owned by the the user who booted the JVM:</comment>
<a>java.io.FilePermission /Users/me/derby/dummy/jars/-", "read"</a>
</block>
</jar>
<jar>
<name>derbynet.jar</name>
<block>
<comment>Accept connections from any host. Derby is listening to the host interface
specified via the -h command line option to "NetworkServerControl start",
via the address parameter to the org.apache.derby.drda.NetworkServerControl
constructor in the API, or via the property derby.drda.host.
The default is localhost. You may want to restrict allowed hosts,
e.g. to hosts in a specific subdomain like "*.example.com".</comment>
<a>java.net.SocketPermission "localhost:0-", "accept"</a>
</block>
<block>
<comment>Allow the server to listen to the socket on the port specified with the
-p option to "NetworkServerControl start" on the command line, or with
the portNumber parameter to the NetworkServerControl constructor in the
API, or with the property derby.drda.portNumber. The default is 1527.</comment>
<a>java.net.SocketPermission "localhost:1527", "listen"</a>
</block>
<block>
<comment>Support the writing of traces into a branch of the file system
owned by the user who booted the JVM:</comment>
<a>java.io.FilePermission "Users/me/derby/dummy/traces${/}-", "read,write,delete"</a>
</block>
</jar>
<jar>
<name>derbytools.jar</name>
<block>
<d>java.io.FilePermission "&lt;&lt;ALL FILES&gt;&gt;", "read"</d>
<a>java.io.FilePermission "/Users/me/javadb/lib/-", "read"</a>
</block>
</jar>
</policy>
</policies>