//
// Policy file with minimal set of permissions to run derby's
// functional tests.
//
// The test harness sets up three variables used by this policy file
//
// derbyTesting.codejar - URL to the jar files when they are in the classpath
// derbyTesting.codeclasses - URL to the classes directory when it is in the classpath
//
// Only one of derbyTesting.codejar and derbyTesting.codeclasses will be valid, the
// other will be set to a bogus URL like file://unused
//
// derbyTesting.codedir - File location of either derbyTesting.codejar or derbyTesting.codeclasses.
// Only required due to a BUG (see below for more info).
//
// 
// derbyTesting.serverhost - Host name or ip where network server is started 
// derbyTesting.clienthost - specifies the clients ip address/hostName. 
//     when testing with networkserver on a remote host, this needs to be passed in 
//     with the NetworkServerControl start command

//
// Permissions for the embedded engine (derby.jar)
//
grant codeBase "${derbyTesting.codejar}derby.jar" {
  permission java.util.PropertyPermission "derby.*", "read";
  permission java.util.PropertyPermission "java.class.path", "read";//sysinfo
  
  // unit tests (e.g. store/T_RecoverFullLog) set this property 
  // (called from derbyTesting.jar through code in derby.jar)
  permission java.util.PropertyPermission "derbyTesting.unittest.*", "write";

  permission java.lang.RuntimePermission "createClassLoader";
  
  permission java.io.FilePermission "${derby.system.home}${/}derby.properties", "read";
  permission java.io.FilePermission "${derby.system.home}${/}derby.log", "read, write, delete";
  permission java.io.FilePermission "${derby.system.home}", "read";
  
  // all databases under derby.system.home 
  permission java.io.FilePermission "${derby.system.home}${/}-", "read, write, delete";

  // Import/export and other support files from these locations in tests
  permission java.io.FilePermission "${user.dir}${/}extin${/}-", "read";
  permission java.io.FilePermission "${user.dir}${/}extinout${/}-", "read,  write, delete";
  permission java.io.FilePermission "${user.dir}${/}extout${/}-", "write";
  permission java.io.FilePermission "${user.dir}${/}extinout", "read,write";
  
  // These permissions are needed to load the JCE for encryption with Sun and IBM JDK131.
  // JDK14 has the JCE  preloaded
  permission java.security.SecurityPermission "insertProvider.SunJCE";
  permission java.security.SecurityPermission "insertProvider.IBMJCE";
 
};

//
// Permissions for the network server (derbynet.jar)
//
grant codeBase "${derbyTesting.codejar}derbynet.jar" {
  permission java.util.PropertyPermission "java.class.path", "read";//sysinfo
  
  // accept is needed for the server accepting connections
  // connect is needed for ping command (which is in the server jar)
  permission java.net.SocketPermission "127.0.0.1", "accept,connect";
  permission java.net.SocketPermission "localhost", "accept,connect";
  permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
  permission java.net.SocketPermission "${derbyTesting.serverhost}", "accept,connect";
  
};

//
// Permissions for the network client (derbyclient.jar)
//
grant codeBase "${derbyTesting.clientjar}derbyclient.jar" {
  permission java.net.SocketPermission "127.0.0.1", "connect,resolve";
  permission java.net.SocketPermission "localhost", "connect,resolve";
  permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve";

  // DERBY-1883: Since some classes that are included in both derby.jar and
  // derbyclient.jar read properties, derbyclient.jar needs permission to read
  // derby.* properties to avoid failures when it is listed before derby.jar in
  // the classpath.
  permission java.util.PropertyPermission "derby.*", "read";

};

//
// Permissions for the tools (derbytools.jar)
// Ideally this would be more secure, for now the
// focus is on getting the engine & network server secure.
//
grant codeBase "${derbyTesting.codejar}derbytools.jar" {
  // Access all properties using System.getProperties
  permission java.util.PropertyPermission "*", "read, write";
  
  // Read all files under ${user.dir}
  permission java.io.FilePermission "${user.dir}${/}-", "read";
  
  // ij needs permission to read the sql files in this jar
  permission java.io.FilePermission "${derbyTesting.codedir}${/}derbyTesting.jar", "read";
  
};

//
// Permissions for the tests (derbyTesting.jar)
// We are liberal here, it's not a goal to make the test harness
// or tests secure.
//
grant codeBase "${derbyTesting.testjar}derbyTesting.jar" {
  // Access all properties using System.getProperties
  permission java.util.PropertyPermission "*", "read, write";
  
  // Access all files under ${user.dir}to write the test directory structure
  permission java.io.FilePermission "${user.dir}${/}-", "read,write,delete"; 

  // When running with useprocess=false need to install and uninstall
  // the security manager and allow setIO to change the system err and out
  // streams. Currently the nist suite runs with useprocess=false.
  permission java.lang.RuntimePermission "setSecurityManager";
  permission java.lang.RuntimePermission "setIO"; 
};

//
// super-set of the jar permissions for running out of the classes directory
//
grant codeBase "${derbyTesting.codeclasses}" {
  // Access all properties using System.getProperties
  permission java.util.PropertyPermission "*", "read, write";
  
  permission java.util.PropertyPermission "derby.*", "read";
  permission java.lang.RuntimePermission "createClassLoader";
   
  permission java.io.FilePermission "${derby.system.home}${/}derby.properties", "read";
  permission java.io.FilePermission "${derby.system.home}${/}derby.log", "read, write, delete";
  permission java.io.FilePermission "${derby.system.home}", "read";
  permission java.io.FilePermission "${derby.system.home}${/}-", "read, write, delete";

  // combination of client and server side.
  permission java.net.SocketPermission "127.0.0.1", "accept,connect,resolve";
  permission java.net.SocketPermission "localhost", "accept,connect,resolve";
  permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
  permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve";
  
  // Access all files under ${user.dir}to write the test directory structure
  // Also covers extin, extout and extinout locations
  permission java.io.FilePermission "${user.dir}${/}-", "read,write,delete"; 
    
  // These permissions are needed to load the JCE for encryption with Sun and IBM JDK131.
  // JDK14 has the JCE  preloaded
  permission java.security.SecurityPermission "insertProvider.SunJCE";
  permission java.security.SecurityPermission "insertProvider.IBMJCE";

  // When running with useprocess=false need to install and uninstall
  // the security manager and allow setIO to change the system err and out
  // streams. Currently the nist suite runs with useprocess=false.
  permission java.lang.RuntimePermission "setSecurityManager";
  permission java.lang.RuntimePermission "setIO"; 
};

// JUnit jar file tries to read junit.properties in the user's
// home directory and seems to require permission to read the
// property user.home as well.
// Ideally these would be granted to junit.jar only but currently
// the jar may be anyway on a file system. Could expand the test harness
// to look for junit.jar on the classpath as it done for the Derby jars.
// The exposure in making these properties grantable to all is somewhat low,
// though reading the property user.home is a little troubling.
grant {
    permission java.util.PropertyPermission "user.home", "read";
    permission java.io.FilePermission "${user.home}${/}junit.properties", "read";
};