// // Licensed to the Apache Software Foundation (ASF) under one or more // contributor license agreements. See the NOTICE file distributed with // this work for additional information regarding copyright ownership. // The ASF licenses this file to You under the Apache License, Version 2.0 // (the "License"); you may not use this file except in compliance with // the License. You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. // grant codeBase "${derbyTesting.codejar}derby.jar" { // These permissions are needed for everyday, embedded Derby usage. // permission java.lang.RuntimePermission "createClassLoader"; permission java.lang.RuntimePermission "setSecurityManager"; permission java.util.PropertyPermission "derby.*", "read"; permission java.util.PropertyPermission "user.dir", "read"; permission org.apache.derby.security.SystemPermission "engine", "usederbyinternals"; // The next two properties are used to determine if the VM is 32 or 64 bit. // permission java.util.PropertyPermission "sun.arch.data.model", "read"; permission java.util.PropertyPermission "os.arch", "read"; permission java.util.PropertyPermission "java.runtime.version", "read"; permission java.util.PropertyPermission "java.fullversion", "read"; permission java.io.FilePermission "${derby.system.home}","read"; // permission java.io.FilePermission "${derby.system.home}${/}-", // "read,write,delete"; permission java.io.FilePermission "./derby.log", "read,write,delete"; permission java.io.FilePermission "singleUse${/}-", "read,write,delete"; permission java.io.FilePermission "system", "read,write,delete"; permission java.io.FilePermission "system${/}singleUse{/}-", "read,write,delete"; // permission java.io.FilePermission "system${/}nested", "read,write,delete"; permission java.io.FilePermission "system${/}nested${/}-", "read,write,delete"; permission java.io.FilePermission ".", "read,write,delete"; permission java.sql.SQLPermission "deregisterDriver"; // Needed by sysinfo. The file permission is needed to check the existence of // jars on the classpath. You can limit this permission to just the locations // which hold your jar files. This block is reproduced for all codebases // which include the sysinfo classes--the policy file syntax does not let you // grant permissions to several codebases all at once. // permission java.lang.RuntimePermission "getProtectionDomain"; permission java.lang.RuntimePermission "setContextClassLoader"; // Permissions needed for JMX based management and monitoring. // // Allows this code to create an MBeanServer: // permission javax.management.MBeanServerPermission "createMBeanServer"; // Allows access to Derby's built-in MBeans, within the domain // org.apache.derby. Derby must be allowed to register and unregister these // MBeans. To fine tune this permission, see the javadoc of // javax.management.MBeanPermission or the JMX Instrumentation and Agent // Specification. // permission javax.management.MBeanPermission "org.apache.derby.*#[org.apache.derby:*]", "registerMBean,unregisterMBean"; // Trusts Derby code to be a source of MBeans and to register these in the // MBean server. // permission javax.management.MBeanTrustPermission "register"; // Gives permission for jmx to be used against Derby but only if JMX // authentication is not being used. In that case the application would need // to create a whole set of fine-grained permissions to allow specific users // access to MBeans and actions they perform. // permission org.apache.derby.security.SystemPermission "jmx", "control"; permission org.apache.derby.security.SystemPermission "engine", "monitor"; permission org.apache.derby.security.SystemPermission "server", "monitor"; // getProtectionDomain is an optional permission needed for printing // classpath information to derby.log // permission java.lang.RuntimePermission "getProtectionDomain"; // Needed by FileUtil#limitAccessToOwner // permission java.lang.RuntimePermission "accessUserInformation"; permission java.lang.RuntimePermission "getFileStoreAttributes"; }; // // Permissions for the tests (derbyTesting.jar) // grant codeBase "${derbyTesting.testjar}derbyTesting.jar" { // Allow tests to install and uninstall the security manager and // to refresh the policy permission java.util.PropertyPermission "java.security.policy", "read,write"; permission java.lang.RuntimePermission "setSecurityManager"; permission java.security.SecurityPermission "getPolicy"; // derbyTesting.junit.TestConfiguration... modifies System properties permission java.util.PropertyPermission "*", "read,write"; //needs to run "doAsPrivileged" permission javax.security.auth.AuthPermission "doAsPrivileged"; // **** Needed by this test permission java.io.FilePermission "<>", "read,write,delete,execute"; }; grant codeBase "${derbyTesting.codejar}derbytools.jar" { // Needed by sysinfo. The file permission is needed to check the existence of // jars on the classpath. You can limit this permission to just the locations // which hold your jar files. This block is for all codebases which include // the sysinfo classes--the policy file syntax does not let you grant // permissions to several codebases all at once. // permission java.util.PropertyPermission "*", "read,write"; permission java.util.PropertyPermission "java.home", "read"; permission java.util.PropertyPermission "java.class.path", "read"; permission java.util.PropertyPermission "java.runtime.version", "read"; permission java.util.PropertyPermission "java.fullversion", "read"; permission java.lang.RuntimePermission "getProtectionDomain"; permission java.io.FilePermission "<>", "read"; permission java.io.FilePermission "java.runtime.version", "read"; permission java.io.FilePermission "java.fullversion", "read"; }; // JUnit jar file tries to read junit.properties in the user's // home directory and seems to require permission to read the // property user.home as well. // junit.swingui.TestRunner writes to .junitsession on exit. grant codeBase "${derbyTesting.junit}" { permission java.util.PropertyPermission "user.home", "read"; permission java.io.FilePermission "${user.home}${/}junit.properties", "read"; permission java.io.FilePermission "${user.home}${/}.junitsession", "write"; // This permission is needed when running the tests using ant 1.7 permission java.io.FilePermission "${user.dir}${/}*", "write"; }; // Ant's junit runner requires setOut to redirect the System output streams // to the forked JVM used when running junit tests inside Ant. Ant requires // forking the JVM if you want to run tests in a different directory than the // current one. grant codeBase "${derbyTesting.antjunit}" { permission java.lang.RuntimePermission "setIO"; // This permission is needed when running the tests using ant 1.7 permission java.io.FilePermission "${user.dir}${/}*", "write"; }; // Grant the required permissions for JaCoCo (code coverage tool). grant { permission java.io.FilePermission "${jacoco.active}${user.dir}${/}*", "read, write"; permission java.lang.RuntimePermission "${jacoco.active}shutdownHooks"; };