/*
 * security policy used by the test process
 */

grant codeBase "file:${java.home}${/}lib${/}ext${/}*" {
	permission java.security.AllPermission;
};
grant codeBase "file:${jtlib.tmp}/*" {
        permission java.security.AllPermission;
};

grant {
  // standard test activation permissions
    permission java.io.FilePermission "..${/}..${/}test.props", "read";

  // workaround RMIClassLoaderSpi not doing a doPrivileged to find spi resource
  permission java.io.FilePermission "${java.home}${/}lib${/}ext${/}-", "read";

  // need to move some classes out of the tests classpath; specific to this test
  permission java.io.FilePermission "${test.classes}", "read,write,delete";
  permission java.io.FilePermission "${test.classes}${/}-", "read,write,delete";

  // need to load custom security manager and activation group from a new codebase
  permission java.io.FilePermission ".${/}situation4cb", "read,write,delete";
  permission java.io.FilePermission ".${/}situation4cb${/}-", "read,write,delete";

  // impl class needs to compare context class loader to its own class loader
  permission java.lang.RuntimePermission "getClassLoader";
  permission java.lang.RuntimePermission "createClassLoader";

  // child process needs to load from parameter.jar
  permission java.io.FilePermission "${test.src}", "read,write,delete";
  permission java.io.FilePermission "${test.src}${/}-", "read,write,delete";

  // test needs to use java to exec an rmid
  permission java.io.FilePermission "${java.home}${/}bin${/}java", "execute";

  // test uses these permissions to propagate security values to rmid
  permission java.util.PropertyPermission "java.security.policy", "read";
  permission java.util.PropertyPermission "java.security.manager", "read";

  // used by TestLibrary to determine test environment 
  permission java.util.PropertyPermission "java.rmi.server.codebase", "write";
  permission java.util.PropertyPermission "test.classes", "read";
  permission java.util.PropertyPermission "test.src", "read";
  permission java.util.PropertyPermission "user.dir", "read";
  permission java.util.PropertyPermission "java.home", "read";
  permission java.util.PropertyPermission "java.util.logging.config.file", "write";

  // test needs to export rmid and communicate with objects on arbitrary ports
  permission java.net.SocketPermission "*:1024-", "connect,accept,listen";
};