You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-commits@db.apache.org by rh...@apache.org on 2018/03/10 16:24:01 UTC
svn commit: r1826417 [2/3] - in /db/derby/code/trunk: ./
java/build/org/apache/derbyBuild/
java/build/org/apache/derbyBuild/lastgoodjarcontents/
java/build/org/apache/derbyPreBuild/ java/client/ java/demo/
java/demo/toursdb/ java/drda/ java/engine/ jav...
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/NetworkServerControlApiTest.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/NetworkServerControlApiTest.policy?rev=1826417&r1=1826416&r2=1826417&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/NetworkServerControlApiTest.policy (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/NetworkServerControlApiTest.policy Sat Mar 10 16:24:00 2018
@@ -45,7 +45,7 @@
//
// Permissions for the embedded engine (derby.jar)
//
-grant codeBase "${derbyTesting.codejar}derby.jar" {
+grant codeBase "${derbyTesting.engine}" {
permission java.util.PropertyPermission "derby.*", "read";
permission java.util.PropertyPermission "derby.storage.jvmInstanceId", "write";
permission java.util.PropertyPermission "java.class.path", "read";//sysinfo
@@ -93,7 +93,7 @@ grant codeBase "${derbyTesting.codejar}d
//
// Permissions for the network server (derbynet.jar)
//
-grant codeBase "${derbyTesting.codejar}derbynet.jar" {
+grant codeBase "${derbyTesting.netserver}" {
permission java.util.PropertyPermission "java.class.path", "read";//sysinfo
permission java.util.PropertyPermission "java.runtime.version", "read";//sysinfo
permission java.util.PropertyPermission "java.fullversion", "read";//sysinfo
@@ -118,7 +118,7 @@ grant codeBase "${derbyTesting.codejar}d
//
// Permissions for the network client (derbyclient.jar)
//
-grant codeBase "${derbyTesting.clientjar}derbyclient.jar" {
+grant codeBase "${derbyTesting.client}" {
permission java.net.SocketPermission "127.0.0.1", "connect,resolve";
permission java.net.SocketPermission "localhost", "connect,resolve";
permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve";
@@ -142,7 +142,7 @@ grant codeBase "${derbyTesting.clientjar
// Ideally this would be more secure, for now the
// focus is on getting the engine & network server secure.
//
-grant codeBase "${derbyTesting.codejar}derbytools.jar" {
+grant codeBase "${derbyTesting.tools}" {
// Access all properties using System.getProperties -
// ij enumerates the properties in order to open connections
// for any property set in ij.connection.* and set protocols
@@ -166,7 +166,7 @@ grant codeBase "${derbyTesting.codejar}d
// We are liberal here, it's not a goal to make the test harness
// or tests secure.
//
-grant codeBase "${derbyTesting.testjar}derbyTesting.jar" {
+grant codeBase "${derbyTesting.testing}" {
// Access all properties using System.getProperties
permission java.util.PropertyPermission "*", "read, write";
@@ -189,55 +189,6 @@ grant codeBase "${derbyTesting.testjar}d
permission java.net.SocketPermission "localhost", "listen";
};
-//
-// super-set of the jar permissions for running out of the classes directory
-//
-grant codeBase "${derbyTesting.codeclasses}" {
- // Access all properties using System.getProperties
- permission java.util.PropertyPermission "*", "read, write";
-
- permission java.util.PropertyPermission "derby.*", "read";
- permission java.lang.RuntimePermission "createClassLoader";
- permission java.security.SecurityPermission "getPolicy";
-
- permission java.io.FilePermission "${derby.system.home}${/}derby.properties", "read";
- permission java.io.FilePermission "${derby.system.home}${/}derby.log", "read, write, delete";
- permission java.io.FilePermission "${derby.system.home}", "read";
- permission java.io.FilePermission "${derby.system.home}${/}-", "read, write, delete";
- // just add the complete gross policy change for NetworkServerControlApiTest
-
- // Tests need to be able to exec a java program. DERBY-6295: Also give them
- // read permission so that detailed error message is shown.
- permission java.io.FilePermission "${java.home}${/}-", "execute, read";
-
- // combination of client and server side.
- permission java.net.SocketPermission "127.0.0.1", "accept,connect,resolve";
- permission java.net.SocketPermission "localhost", "accept,connect,resolve,listen";
- permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
- permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve";
-
- // Access all files under ${user.dir}to write the test directory structure
- // Also covers extin, extout and extinout locations
- permission java.io.FilePermission "${user.dir}${/}-", "read,write,delete";
-
- // These permissions are needed to load the JCE for encryption with Sun and IBM JDK131.
- // JDK14 has the JCE preloaded
- permission java.security.SecurityPermission "insertProvider.SunJCE";
- permission java.security.SecurityPermission "insertProvider.IBMJCE";
-
- // When running with useprocess=false need to install and uninstall
- // the security manager and allow setIO to change the system err and out
- // streams. Currently the nist suite runs with useprocess=false.
- permission java.lang.RuntimePermission "setSecurityManager";
- permission java.lang.RuntimePermission "setIO";
-
- // Needed by FileUtil#limitAccessToOwner
- permission java.lang.RuntimePermission "accessUserInformation";
- permission java.lang.RuntimePermission "getFileStoreAttributes";
-
- permission org.apache.derby.shared.common.security.SystemPermission "engine", "usederbyinternals";
-};
-
// JUnit jar file tries to read junit.properties in the user's
// home directory and seems to require permission to read the
// property user.home as well.
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/ProtocolTest.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/ProtocolTest.policy?rev=1826417&r1=1826416&r2=1826417&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/ProtocolTest.policy (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/ProtocolTest.policy Sat Mar 10 16:24:00 2018
@@ -24,7 +24,7 @@
// The permissions below are expected to be added to the set of default
// permissions granted to the test framework.
//
-grant codeBase "${derbyTesting.testjar}derbyTesting.jar" {
+grant codeBase "${derbyTesting.testing}" {
permission java.net.SocketPermission "127.0.0.1", "connect,resolve";
permission java.net.SocketPermission "localhost", "connect,resolve";
permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve";
@@ -32,6 +32,6 @@ grant codeBase "${derbyTesting.testjar}d
// Give write permission for trace files if debugging with
// derby.drda.traceAll=true
-grant codeBase "${derbyTesting.codejar}derbynet.jar" {
+grant codeBase "${derbyTesting.netserver}" {
permission java.io.FilePermission "${user.dir}${/}system${/}-", "read,write";
};
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/RuntimeInfoTest.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/RuntimeInfoTest.policy?rev=1826417&r1=1826416&r2=1826417&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/RuntimeInfoTest.policy (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/RuntimeInfoTest.policy Sat Mar 10 16:24:00 2018
@@ -45,7 +45,7 @@
//
// Permissions for the embedded engine (derby.jar)
//
-grant codeBase "${derbyTesting.codejar}derby.jar" {
+grant codeBase "${derbyTesting.engine}" {
permission java.util.PropertyPermission "derby.*", "read";
permission java.util.PropertyPermission "derby.storage.jvmInstanceId",
"write";
@@ -136,7 +136,7 @@ permission java.util.PropertyPermission
//
// Permissions for the network server (derbynet.jar)
//
-grant codeBase "${derbyTesting.codejar}derbynet.jar" {
+grant codeBase "${derbyTesting.netserver}" {
permission java.util.PropertyPermission "java.class.path", "read";//sysinfo
permission java.util.PropertyPermission "java.runtime.version", "read";//sysinfo
permission java.util.PropertyPermission "java.fullversion", "read";//sysinfo
@@ -160,7 +160,7 @@ grant codeBase "${derbyTesting.codejar}d
//
// Permissions for the network client (derbyclient.jar)
//
-grant codeBase "${derbyTesting.clientjar}derbyclient.jar" {
+grant codeBase "${derbyTesting.client}" {
permission java.net.SocketPermission "127.0.0.1", "connect,resolve";
permission java.net.SocketPermission "localhost", "connect,resolve";
permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve";
@@ -189,7 +189,7 @@ grant codeBase "${derbyTesting.clientjar
// Ideally this would be more secure, for now the
// focus is on getting the engine & network server secure.
//
-grant codeBase "${derbyTesting.codejar}derbytools.jar" {
+grant codeBase "${derbyTesting.tools}" {
// Access all properties using System.getProperties -
// ij enumerates the properties in order to open connections
// for any property set in ij.connection.* and set protocols
@@ -213,7 +213,7 @@ grant codeBase "${derbyTesting.codejar}d
// We are liberal here, it's not a goal to make the test harness
// or tests secure.
//
-grant codeBase "${derbyTesting.testjar}derbyTesting.jar" {
+grant codeBase "${derbyTesting.testing}" {
// Access all properties using System.getProperties
permission java.util.PropertyPermission "*", "read, write";
@@ -254,84 +254,6 @@ grant codeBase "${derbyTesting.testjar}d
permission java.net.SocketPermission "localhost", "listen";
};
-//
-// super-set of the jar permissions for running out of the classes directory
-//
-grant codeBase "${derbyTesting.codeclasses}" {
- // Access all properties using System.getProperties
- permission java.util.PropertyPermission "*", "read, write";
-
- permission java.util.PropertyPermission "derby.*", "read";
- permission java.lang.RuntimePermission "createClassLoader";
-
- // permissions so that we can set the context class loader to
- // null for daemon threads to avoid class loader leak.
- // DERBY-3745
- permission java.lang.RuntimePermission "getClassLoader";
- permission java.lang.RuntimePermission "setContextClassLoader";
-
- permission java.security.SecurityPermission "getPolicy";
-
- permission java.io.FilePermission "${derby.system.home}${/}derby.properties", "read";
- permission java.io.FilePermission "${derby.system.home}${/}derby.log", "read, write, delete";
- permission java.io.FilePermission "${derby.system.home}", "read";
- permission java.io.FilePermission "${derby.system.home}${/}-", "read, write, delete";
-
- // combination of client and server side.
- permission java.net.SocketPermission "127.0.0.1", "accept,connect,resolve";
- permission java.net.SocketPermission "localhost", "accept,connect,resolve,listen";
- permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
- permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve";
-
- // Access all files under ${user.dir}to write the test directory structure
- // Also covers extin, extout and extinout locations
- permission java.io.FilePermission "${user.dir}${/}-", "read,write,delete";
-
- // These permissions are needed to load the JCE for encryption with Sun and IBM JDK131.
- // JDK14 has the JCE preloaded
- permission java.security.SecurityPermission "insertProvider.SunJCE";
- permission java.security.SecurityPermission "insertProvider.IBMJCE";
-
- // When running with useprocess=false need to install and uninstall
- // the security manager and allow setIO to change the system err and out
- // streams. Currently the nist suite runs with useprocess=false.
- permission java.lang.RuntimePermission "setSecurityManager";
- permission java.lang.RuntimePermission "setIO";
-
- // These permissions are needed by stress.multi to dump the thread stack
- // traces upon failure.
- permission java.lang.RuntimePermission "getStackTrace";
- permission java.lang.RuntimePermission "modifyThreadGroup";
-
- // Allow MBeanTest to register the application management MBean.
- permission javax.management.MBeanServerPermission "createMBeanServer";
- permission javax.management.MBeanPermission "org.apache.derby.mbeans.Management#[org.apache.derby:type=Management]","registerMBean,unregisterMBean";
- permission javax.management.MBeanPermission "org.apache.derby.mbeans.Management#-[-]", "instantiate";
- permission javax.management.MBeanTrustPermission "register";
-
- // Allows access to Derby's built-in MBeans, within the domain org.apache.derby.
- permission javax.management.MBeanPermission "org.apache.derby.*#[org.apache.derby:*]","registerMBean,unregisterMBean";
-
-
- // And to find and use Derby's MBeans
- permission javax.management.MBeanPermission "org.apache.derby.mbeans.*#[org.apache.derby:*]", "getAttribute,invoke";
- permission javax.management.MBeanPermission "org.apache.derby.mbeans.*#-[org.apache.derby:*]", "getMBeanInfo";
- permission javax.management.MBeanPermission "-#-[-]", "queryNames";
- permission javax.management.MBeanPermission "org.apache.derby.mbeans.*#-[org.apache.derby:*]", "queryNames";
-
- // Test code needs this as well for the platform MBeanServer
- // tests where the testing code is in the stack frame.
- permission org.apache.derby.shared.common.security.SystemPermission "jmx", "control";
- permission org.apache.derby.shared.common.security.SystemPermission "engine", "monitor";
- permission org.apache.derby.shared.common.security.SystemPermission "server", "control,monitor";
-
- // Needed by FileUtil#limitAccessToOwner
- permission java.lang.RuntimePermission "accessUserInformation";
- permission java.lang.RuntimePermission "getFileStoreAttributes";
-
- permission org.apache.derby.shared.common.security.SystemPermission "engine", "usederbyinternals";
-};
-
// JUnit jar file tries to read junit.properties in the user's
// home directory and seems to require permission to read the
// property user.home as well.
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/SecureServerTest.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/SecureServerTest.policy?rev=1826417&r1=1826416&r2=1826417&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/SecureServerTest.policy (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/SecureServerTest.policy Sat Mar 10 16:24:00 2018
@@ -45,7 +45,7 @@
//
// Permissions for the embedded engine (derby.jar)
//
-grant codeBase "${derbyTesting.codejar}derby.jar" {
+grant codeBase "${derbyTesting.engine}" {
permission java.util.PropertyPermission "derby.*", "read";
permission java.util.PropertyPermission "derby.storage.jvmInstanceId",
"write";
@@ -149,7 +149,7 @@ grant codeBase "${derbyTesting.codejar}d
//
// Permissions for the network server (derbynet.jar)
//
-grant codeBase "${derbyTesting.codejar}derbynet.jar" {
+grant codeBase "${derbyTesting.netserver}" {
permission java.util.PropertyPermission "java.class.path", "read";//sysinfo
permission java.util.PropertyPermission "java.runtime.version", "read";//sysinfo
permission java.util.PropertyPermission "java.fullversion", "read";//sysinfo
@@ -186,7 +186,7 @@ grant codeBase "${derbyTesting.codejar}d
//
// Permissions for the network client (derbyclient.jar)
//
-grant codeBase "${derbyTesting.clientjar}derbyclient.jar" {
+grant codeBase "${derbyTesting.client}" {
permission java.net.SocketPermission "127.0.0.1", "connect,resolve";
permission java.net.SocketPermission "localhost", "connect,resolve";
permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve";
@@ -218,7 +218,7 @@ grant codeBase "${derbyTesting.clientjar
// Ideally this would be more secure, for now the
// focus is on getting the engine & network server secure.
//
-grant codeBase "${derbyTesting.codejar}derbytools.jar" {
+grant codeBase "${derbyTesting.tools}" {
// Access all properties using System.getProperties -
// ij enumerates the properties in order to open connections
// for any property set in ij.connection.* and set protocols
@@ -242,7 +242,7 @@ grant codeBase "${derbyTesting.codejar}d
// We are liberal here, it's not a goal to make the test harness
// or tests secure.
//
-grant codeBase "${derbyTesting.testjar}derbyTesting.jar" {
+grant codeBase "${derbyTesting.testing}" {
// Access all properties using System.getProperties
permission java.util.PropertyPermission "*", "read, write";
@@ -310,96 +310,6 @@ grant codeBase "${derbyTesting.testjar}d
permission java.io.FilePermission "${java.home}${/}..${/}bin${/}-", "execute, read";
};
-//
-// super-set of the jar permissions for running out of the classes directory
-//
-grant codeBase "${derbyTesting.codeclasses}" {
- // Access all properties using System.getProperties
- permission java.util.PropertyPermission "*", "read, write";
-
- permission java.util.PropertyPermission "derby.*", "read";
- permission java.lang.RuntimePermission "createClassLoader";
-
- // permissions so that we can set the context class loader to
- // null for daemon threads to avoid class loader leak.
- // DERBY-3745
- permission java.lang.RuntimePermission "getClassLoader";
- permission java.lang.RuntimePermission "setContextClassLoader";
-
- permission java.security.SecurityPermission "getPolicy";
-
- permission java.io.FilePermission "${derby.system.home}${/}derby.properties", "read";
- permission java.io.FilePermission "${derby.system.home}${/}derby.log", "read, write, delete";
- permission java.io.FilePermission "${derby.system.home}", "read";
- permission java.io.FilePermission "${derby.system.home}${/}-", "read, write, delete";
-
- // combination of client and server side.
- permission java.net.SocketPermission "127.0.0.1", "accept,connect,resolve";
- permission java.net.SocketPermission "localhost", "accept,connect,resolve,listen";
- permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
- permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve";
-
- // Access all files under ${user.dir}to write the test directory structure
- // Also covers extin, extout and extinout locations
- permission java.io.FilePermission "${user.dir}${/}-", "read,write,delete";
-
- // Tests need to be able to exec a java program. DERBY-6295: Also give them
- // read permission so that detailed error message is shown.
- permission java.io.FilePermission "${java.home}${/}-", "execute, read";
-
- // needed to create a temp file in order to open a database in a jar file
- permission java.io.FilePermission "${java.io.tmpdir}${/}-", "read,write,delete";
-
- // These permissions are needed to load the JCE for encryption with Sun and IBM JDK131.
- // JDK14 has the JCE preloaded
- permission java.security.SecurityPermission "insertProvider.SunJCE";
- permission java.security.SecurityPermission "insertProvider.IBMJCE";
-
- // When running with useprocess=false need to install and uninstall
- // the security manager and allow setIO to change the system err and out
- // streams. Currently the nist suite runs with useprocess=false.
- permission java.lang.RuntimePermission "setSecurityManager";
- permission java.lang.RuntimePermission "setIO";
-
- // These permissions are needed by stress.multi to dump the thread stack
- // traces upon failure.
- permission java.lang.RuntimePermission "getStackTrace";
- permission java.lang.RuntimePermission "modifyThreadGroup";
-
- // Allow MBeanTest to register the application management MBean.
- permission javax.management.MBeanServerPermission "createMBeanServer";
- permission javax.management.MBeanPermission "org.apache.derby.mbeans.Management#[org.apache.derby:type=Management]","registerMBean,unregisterMBean";
- permission javax.management.MBeanPermission "org.apache.derby.mbeans.Management#-[-]", "instantiate";
- permission javax.management.MBeanTrustPermission "register";
-
- // Allows access to Derby's built-in MBeans, within the domain org.apache.derby.
- permission javax.management.MBeanPermission "org.apache.derby.*#[org.apache.derby:*]","registerMBean,unregisterMBean";
-
-
- // And to find and use Derby's MBeans
- permission javax.management.MBeanPermission "org.apache.derby.mbeans.*#[org.apache.derby:*]", "getAttribute,invoke";
- permission javax.management.MBeanPermission "org.apache.derby.mbeans.*#-[org.apache.derby:*]", "getMBeanInfo";
- permission javax.management.MBeanPermission "-#-[-]", "queryNames";
- permission javax.management.MBeanPermission "org.apache.derby.mbeans.*#-[org.apache.derby:*]", "queryNames";
-
- // Test code needs this as well for the platform MBeanServer
- // tests where the testing code is in the stack frame.
- permission org.apache.derby.shared.common.security.SystemPermission "jmx", "control";
- permission org.apache.derby.shared.common.security.SystemPermission "engine", "monitor";
- permission org.apache.derby.shared.common.security.SystemPermission "server", "control,monitor";
-
- // Needed by FileUtil#limitAccessToOwner
- permission java.lang.RuntimePermission "accessUserInformation";
- permission java.lang.RuntimePermission "getFileStoreAttributes";
-
- // This permission is needed to call DriverManager.deregisterDriver()
- // on Java SE 8 and later.
- permission java.sql.SQLPermission "deregisterDriver";
-
- // Needed by ClasspathSetup for freeing resources.
- permission java.lang.RuntimePermission "closeClassLoader";
-};
-
// JUnit jar file tries to read junit.properties in the user's
// home directory and seems to require permission to read the
// property user.home as well.
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/ServerPropertiesTest.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/ServerPropertiesTest.policy?rev=1826417&r1=1826416&r2=1826417&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/ServerPropertiesTest.policy (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/ServerPropertiesTest.policy Sat Mar 10 16:24:00 2018
@@ -44,7 +44,7 @@
//
// Permissions for the embedded engine (derby.jar)
//
-grant codeBase "${derbyTesting.codejar}derby.jar" {
+grant codeBase "${derbyTesting.engine}" {
permission java.util.PropertyPermission "derby.*", "read";
permission java.util.PropertyPermission "derby.storage.jvmInstanceId",
"write";
@@ -101,7 +101,7 @@ grant codeBase "${derbyTesting.codejar}d
//
// Permissions for the network server (derbynet.jar)
//
-grant codeBase "${derbyTesting.codejar}derbynet.jar" {
+grant codeBase "${derbyTesting.netserver}" {
permission java.util.PropertyPermission "java.class.path", "read";//sysinfo
permission java.util.PropertyPermission "java.runtime.version", "read, write";//sysinfo
permission java.util.PropertyPermission "java.fullversion", "read, write";//sysinfo
@@ -128,7 +128,7 @@ grant codeBase "${derbyTesting.codejar}d
//
// Permissions for the network client (derbyclient.jar)
//
-grant codeBase "${derbyTesting.clientjar}derbyclient.jar" {
+grant codeBase "${derbyTesting.client}" {
permission java.net.SocketPermission "127.0.0.1", "connect,resolve";
permission java.net.SocketPermission "localhost", "connect,resolve";
permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve";
@@ -152,7 +152,7 @@ grant codeBase "${derbyTesting.clientjar
// Ideally this would be more secure, for now the
// focus is on getting the engine & network server secure.
//
-grant codeBase "${derbyTesting.codejar}derbytools.jar" {
+grant codeBase "${derbyTesting.tools}" {
// Access all properties using System.getProperties -
// ij enumerates the properties in order to open connections
// for any property set in ij.connection.* and set protocols
@@ -176,7 +176,7 @@ grant codeBase "${derbyTesting.codejar}d
// We are liberal here, it's not a goal to make the test harness
// or tests secure.
//
-grant codeBase "${derbyTesting.testjar}derbyTesting.jar" {
+grant codeBase "${derbyTesting.testing}" {
// just add the complete gross policy change for ServerPropertiesTest
permission java.security.SecurityPermission "getPolicy";
@@ -202,67 +202,6 @@ grant codeBase "${derbyTesting.testjar}d
permission java.net.SocketPermission "localhost", "listen";
};
-//
-// super-set of the jar permissions for running out of the classes directory
-//
-grant codeBase "${derbyTesting.codeclasses}" {
-
- // just add the complete gross policy change for ServerPropertiesTest
- permission java.security.SecurityPermission "getPolicy";
-
- // Tests need to be able to exec a java program. DERBY-6295: Also give them
- // read permission so that detailed error message is shown.
- permission java.io.FilePermission "${java.home}${/}-", "execute, read";
-
- // Access all properties using System.getProperties
- permission java.util.PropertyPermission "*", "read, write";
-
- permission java.util.PropertyPermission "derby.*", "read";
- permission java.lang.RuntimePermission "createClassLoader";
- permission java.security.SecurityPermission "getPolicy";
-
- permission java.io.FilePermission "${derby.system.home}${/}derby.properties", "read";
- permission java.io.FilePermission "${derby.system.home}${/}derby.log", "read, write, delete";
- permission java.io.FilePermission "${derby.system.home}", "read";
- permission java.io.FilePermission "${derby.system.home}${/}-", "read, write, delete";
-
- // combination of client and server side.
- permission java.net.SocketPermission "127.0.0.1", "accept,connect,resolve";
- permission java.net.SocketPermission "localhost", "accept,connect,resolve,listen";
- permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
- permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve";
-
- // Access all files under ${user.dir}to write the test directory structure
- // Also covers extin, extout and extinout locations
- permission java.io.FilePermission "${user.dir}${/}-", "read,write,delete";
-
- // These permissions are needed to load the JCE for encryption with Sun and IBM JDK131.
- // JDK14 has the JCE preloaded
- permission java.security.SecurityPermission "insertProvider.SunJCE";
- permission java.security.SecurityPermission "insertProvider.IBMJCE";
-
- // When running with useprocess=false need to install and uninstall
- // the security manager and allow setIO to change the system err and out
- // streams. Currently the nist suite runs with useprocess=false.
- permission java.lang.RuntimePermission "setSecurityManager";
- permission java.lang.RuntimePermission "setIO";
-
- // This permission is needed to avoid test failures in subsequent tests that
- // may be testing JMX functionality. Without this permission, old MBeans
- // might not be unregistered from the MBean server. See DERBY-3561.
- permission javax.management.MBeanPermission "org.apache.derby.*#[org.apache.derby:*]","unregisterMBean";
-
- // Needed by FileUtil#limitAccessToOwner
- permission java.lang.RuntimePermission "accessUserInformation";
- permission java.lang.RuntimePermission "getFileStoreAttributes";
-
- // This permission is needed to call DriverManager.deregisterDriver()
- // on Java SE 8 and later.
- permission java.sql.SQLPermission "deregisterDriver";
-
- permission org.apache.derby.shared.common.security.SystemPermission "engine", "usederbyinternals";
-};
-
// JUnit jar file tries to read junit.properties in the user's
// home directory and seems to require permission to read the
// property user.home as well.
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/SysinfoTest.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/SysinfoTest.policy?rev=1826417&r1=1826416&r2=1826417&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/SysinfoTest.policy (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/derbynet/SysinfoTest.policy Sat Mar 10 16:24:00 2018
@@ -45,7 +45,7 @@
//
// Permissions for the embedded engine (derby.jar)
//
-grant codeBase "${derbyTesting.codejar}derby.jar" {
+grant codeBase "${derbyTesting.engine}" {
permission java.util.PropertyPermission "derby.*", "read";
permission java.util.PropertyPermission "derby.storage.jvmInstanceId", "write";
// The next two properties are used to determine if the VM is 32 or 64 bit.
@@ -131,7 +131,7 @@ grant codeBase "${derbyTesting.codejar}d
//
// Permissions for the network server (derbynet.jar)
//
-grant codeBase "${derbyTesting.codejar}derbynet.jar" {
+grant codeBase "${derbyTesting.netserver}" {
permission java.util.PropertyPermission "java.class.path", "read";//sysinfo
permission java.util.PropertyPermission "java.runtime.version", "read";//sysinfo
permission java.util.PropertyPermission "java.fullversion", "read";//sysinfo
@@ -155,7 +155,7 @@ grant codeBase "${derbyTesting.codejar}d
//
// Permissions for the network client (derbyclient.jar)
//
-grant codeBase "${derbyTesting.clientjar}derbyclient.jar" {
+grant codeBase "${derbyTesting.client}" {
permission java.net.SocketPermission "127.0.0.1", "connect,resolve";
permission java.net.SocketPermission "localhost", "connect,resolve";
permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve";
@@ -187,7 +187,7 @@ grant codeBase "${derbyTesting.clientjar
// Ideally this would be more secure, for now the
// focus is on getting the engine & network server secure.
//
-grant codeBase "${derbyTesting.codejar}derbytools.jar" {
+grant codeBase "${derbyTesting.tools}" {
// Access all properties using System.getProperties -
// ij enumerates the properties in order to open connections
// for any property set in ij.connection.* and set protocols
@@ -211,7 +211,7 @@ grant codeBase "${derbyTesting.codejar}d
// We are liberal here, it's not a goal to make the test harness
// or tests secure.
//
-grant codeBase "${derbyTesting.testjar}derbyTesting.jar" {
+grant codeBase "${derbyTesting.testing}" {
// Access all properties using System.getProperties
permission java.util.PropertyPermission "*", "read, write";
@@ -257,89 +257,6 @@ grant codeBase "${derbyTesting.testjar}d
permission java.net.SocketPermission "localhost", "listen";
};
-//
-// super-set of the jar permissions for running out of the classes directory
-//
-grant codeBase "${derbyTesting.codeclasses}" {
- // for sysinfo test, with classes, we need read access for this...
- // can't use derbyTesting.codeclasses as it has backslashes on windows
- permission java.io.FilePermission "${sysinfotest.classesdir}", "read";
-
- // Access all properties using System.getProperties
- permission java.util.PropertyPermission "*", "read, write";
-
- permission java.util.PropertyPermission "derby.*", "read";
- permission java.lang.RuntimePermission "createClassLoader";
-
- // permissions so that we can set the context class loader to
- // null for daemon threads to avoid class loader leak.
- // DERBY-3745
- permission java.lang.RuntimePermission "getClassLoader";
- permission java.lang.RuntimePermission "setContextClassLoader";
-
- permission java.security.SecurityPermission "getPolicy";
-
- permission java.io.FilePermission "${derby.system.home}${/}derby.properties", "read";
- permission java.io.FilePermission "${derby.system.home}${/}derby.log", "read, write, delete";
- permission java.io.FilePermission "${derby.system.home}", "read";
- permission java.io.FilePermission "${derby.system.home}${/}-", "read, write, delete";
-
- // combination of client and server side.
- permission java.net.SocketPermission "127.0.0.1", "accept,connect,resolve";
- permission java.net.SocketPermission "localhost", "accept,connect,resolve,listen";
- permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
- permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve";
-
- // Access all files under ${user.dir}to write the test directory structure
- // Also covers extin, extout and extinout locations
- permission java.io.FilePermission "${user.dir}${/}-", "read,write,delete";
-
- // These permissions are needed to load the JCE for encryption with Sun and IBM JDK131.
- // JDK14 has the JCE preloaded
- permission java.security.SecurityPermission "insertProvider.SunJCE";
- permission java.security.SecurityPermission "insertProvider.IBMJCE";
-
- // When running with useprocess=false need to install and uninstall
- // the security manager and allow setIO to change the system err and out
- // streams. Currently the nist suite runs with useprocess=false.
- permission java.lang.RuntimePermission "setSecurityManager";
- permission java.lang.RuntimePermission "setIO";
-
- // These permissions are needed by stress.multi to dump the thread stack
- // traces upon failure.
- permission java.lang.RuntimePermission "getStackTrace";
- permission java.lang.RuntimePermission "modifyThreadGroup";
-
- // Allow MBeanTest to register the application management MBean.
- permission javax.management.MBeanServerPermission "createMBeanServer";
- permission javax.management.MBeanPermission "org.apache.derby.mbeans.Management#[org.apache.derby:type=Management]","registerMBean,unregisterMBean";
- permission javax.management.MBeanPermission "org.apache.derby.mbeans.Management#-[-]", "instantiate";
- permission javax.management.MBeanTrustPermission "register";
-
- // Allows access to Derby's built-in MBeans, within the domain org.apache.derby.
- permission javax.management.MBeanPermission "org.apache.derby.*#[org.apache.derby:*]","registerMBean,unregisterMBean";
-
-
- // And to find and use Derby's MBeans
- permission javax.management.MBeanPermission "org.apache.derby.mbeans.*#[org.apache.derby:*]", "getAttribute,invoke";
- permission javax.management.MBeanPermission "org.apache.derby.mbeans.*#-[org.apache.derby:*]", "getMBeanInfo";
- permission javax.management.MBeanPermission "-#-[-]", "queryNames";
- permission javax.management.MBeanPermission "org.apache.derby.mbeans.*#-[org.apache.derby:*]", "queryNames";
-
- // Test code needs this as well for the platform MBeanServer
- // tests where the testing code is in the stack frame.
- permission org.apache.derby.shared.common.security.SystemPermission "jmx", "control";
- permission org.apache.derby.shared.common.security.SystemPermission "engine", "monitor";
- permission org.apache.derby.shared.common.security.SystemPermission "server", "control,monitor";
-
- //client side: test execs another jvm with relative path
- // DERBY-6295: Also grant read permission so that detailed error
- // message is shown.
- permission java.io.FilePermission "${java.home}${/}-", "execute, read";
-
- permission org.apache.derby.shared.common.security.SystemPermission "engine", "usederbyinternals";
-};
-
// JUnit jar file tries to read junit.properties in the user's
// home directory and seems to require permission to read the
// property user.home as well.
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/engine/noDeregisterPermission.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/engine/noDeregisterPermission.policy?rev=1826417&r1=1826416&r2=1826417&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/engine/noDeregisterPermission.policy (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/engine/noDeregisterPermission.policy Sat Mar 10 16:24:00 2018
@@ -27,7 +27,7 @@
//
// Permissions for the embedded engine (derby.jar)
//
-grant codeBase "${derbyTesting.codejar}derby.jar" {
+grant codeBase "${derbyTesting.engine}" {
permission java.util.PropertyPermission "derby.*", "read";
permission java.util.PropertyPermission "derby.storage.jvmInstanceId",
"write";
@@ -129,7 +129,7 @@ grant codeBase "${derbyTesting.codejar}d
//
// Permissions for the network server (derbynet.jar)
//
-grant codeBase "${derbyTesting.codejar}derbynet.jar" {
+grant codeBase "${derbyTesting.netserver}" {
permission java.util.PropertyPermission "java.class.path", "read";//sysinfo
permission java.util.PropertyPermission "java.runtime.version", "read";//sysinfo
permission java.util.PropertyPermission "java.fullversion", "read";//sysinfo
@@ -164,7 +164,7 @@ grant codeBase "${derbyTesting.codejar}d
//
// Permissions for the network client (derbyclient.jar)
//
-grant codeBase "${derbyTesting.clientjar}derbyclient.jar" {
+grant codeBase "${derbyTesting.client}" {
permission java.net.SocketPermission "127.0.0.1", "connect,resolve";
permission java.net.SocketPermission "localhost", "connect,resolve";
permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve";
@@ -196,7 +196,7 @@ grant codeBase "${derbyTesting.clientjar
// Ideally this would be more secure, for now the
// focus is on getting the engine & network server secure.
//
-grant codeBase "${derbyTesting.codejar}derbytools.jar" {
+grant codeBase "${derbyTesting.tools}" {
// Access all properties using System.getProperties -
// ij enumerates the properties in order to open connections
// for any property set in ij.connection.* and set protocols
@@ -220,7 +220,7 @@ grant codeBase "${derbyTesting.codejar}d
// We are liberal here, it's not a goal to make the test harness
// or tests secure.
//
-grant codeBase "${derbyTesting.testjar}derbyTesting.jar" {
+grant codeBase "${derbyTesting.testing}" {
// Access all properties using System.getProperties
permission java.util.PropertyPermission "*", "read, write";
@@ -276,93 +276,6 @@ grant codeBase "${derbyTesting.testjar}d
permission java.lang.RuntimePermission "getFileStoreAttributes";
};
-//
-// super-set of the jar permissions for running out of the classes directory
-//
-grant codeBase "${derbyTesting.codeclasses}" {
- // Access all properties using System.getProperties
- permission java.util.PropertyPermission "*", "read, write";
-
- permission java.util.PropertyPermission "derby.*", "read";
- permission java.lang.RuntimePermission "createClassLoader";
-
- // permissions so that we can set the context class loader to
- // null for daemon threads to avoid class loader leak.
- // DERBY-3745
- permission java.lang.RuntimePermission "getClassLoader";
- permission java.lang.RuntimePermission "setContextClassLoader";
-
- permission java.security.SecurityPermission "getPolicy";
-
- permission java.io.FilePermission "${derby.system.home}${/}derby.properties", "read";
- permission java.io.FilePermission "${derby.system.home}${/}derby.log", "read, write, delete";
- permission java.io.FilePermission "${derby.system.home}", "read";
- permission java.io.FilePermission "${derby.system.home}${/}-", "read, write, delete";
-
- // combination of client and server side.
- permission java.net.SocketPermission "127.0.0.1", "accept,connect,resolve";
- permission java.net.SocketPermission "localhost", "accept,connect,resolve";
- permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
- permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve";
-
- // Access all files under ${user.dir}to write the test directory structure
- // Also covers extin, extout and extinout locations
- permission java.io.FilePermission "${user.dir}${/}-", "read,write,delete";
-
- // Tests need to be able to exec a java program. DERBY-6295: Also give them
- // read permission so that detailed error message is shown.
- permission java.io.FilePermission "${java.home}${/}-", "execute, read";
-
- // These permissions are needed to load the JCE for encryption with Sun and IBM JDK131.
- // JDK14 has the JCE preloaded
- permission java.security.SecurityPermission "insertProvider.SunJCE";
- permission java.security.SecurityPermission "insertProvider.IBMJCE";
-
- // When running with useprocess=false need to install and uninstall
- // the security manager and allow setIO to change the system err and out
- // streams. Currently the nist suite runs with useprocess=false.
- permission java.lang.RuntimePermission "setSecurityManager";
- permission java.lang.RuntimePermission "setIO";
-
- // These permissions are needed by stress.multi to dump the thread stack
- // traces upon failure.
- permission java.lang.RuntimePermission "getStackTrace";
- permission java.lang.RuntimePermission "modifyThreadGroup";
-
- // Allow MBeanTest to register the application management MBean.
- permission javax.management.MBeanServerPermission "createMBeanServer";
- permission javax.management.MBeanPermission "org.apache.derby.mbeans.Management#[org.apache.derby:type=Management]","registerMBean,unregisterMBean";
- permission javax.management.MBeanPermission "org.apache.derby.mbeans.Management#-[-]", "instantiate";
- permission javax.management.MBeanTrustPermission "register";
-
- // Allows access to Derby's built-in MBeans, within the domain org.apache.derby.
- permission javax.management.MBeanPermission "org.apache.derby.*#[org.apache.derby:*]","registerMBean,unregisterMBean";
-
-
- // And to find and use Derby's MBeans
- permission javax.management.MBeanPermission "org.apache.derby.mbeans.*#[org.apache.derby:*]", "getAttribute,invoke";
- permission javax.management.MBeanPermission "org.apache.derby.mbeans.*#-[org.apache.derby:*]", "getMBeanInfo";
- permission javax.management.MBeanPermission "-#-[-]", "queryNames";
- permission javax.management.MBeanPermission "org.apache.derby.mbeans.*#-[org.apache.derby:*]", "queryNames";
-
- // Test code needs this as well for the platform MBeanServer
- // tests where the testing code is in the stack frame.
- permission org.apache.derby.shared.common.security.SystemPermission "jmx", "control";
- permission org.apache.derby.shared.common.security.SystemPermission "engine", "monitor";
- permission org.apache.derby.shared.common.security.SystemPermission "server", "control,monitor";
-
- // Needed by FileUtil#limitAccessToOwner
- permission java.lang.RuntimePermission "accessUserInformation";
- permission java.lang.RuntimePermission "getFileStoreAttributes";
-
- // This permission is needed to call DriverManager.deregisterDriver()
- // on Java SE 8 and later. Not granted by this policy, so that we can
- // test that Derby handles the lack of the permission gracefully.
- //permission java.sql.SQLPermission "deregisterDriver";
-
- permission org.apache.derby.shared.common.security.SystemPermission "engine", "usederbyinternals";
-};
-
// JUnit jar file tries to read junit.properties in the user's
// home directory and seems to require permission to read the
// property user.home as well.
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbc4/noAbortPermission.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbc4/noAbortPermission.policy?rev=1826417&r1=1826416&r2=1826417&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbc4/noAbortPermission.policy (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbc4/noAbortPermission.policy Sat Mar 10 16:24:00 2018
@@ -26,7 +26,7 @@
//
// Permissions for the embedded engine (derby.jar)
//
-grant codeBase "${derbyTesting.codejar}derby.jar" {
+grant codeBase "${derbyTesting.engine}" {
permission java.util.PropertyPermission "derby.*", "read";
permission java.util.PropertyPermission "derby.storage.jvmInstanceId",
"write";
@@ -120,7 +120,7 @@ grant codeBase "${derbyTesting.codejar}d
//
// Permissions for the network server (derbynet.jar)
//
-grant codeBase "${derbyTesting.codejar}derbynet.jar" {
+grant codeBase "${derbyTesting.netserver}" {
permission java.util.PropertyPermission "java.class.path", "read";//sysinfo
permission java.util.PropertyPermission "java.runtime.version", "read";//sysinfo
permission java.util.PropertyPermission "java.fullversion", "read";//sysinfo
@@ -143,7 +143,7 @@ grant codeBase "${derbyTesting.codejar}d
//
// Permissions for the network client (derbyclient.jar)
//
-grant codeBase "${derbyTesting.clientjar}derbyclient.jar" {
+grant codeBase "${derbyTesting.client}" {
permission java.net.SocketPermission "127.0.0.1", "connect,resolve";
permission java.net.SocketPermission "localhost", "connect,resolve";
permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve";
@@ -175,7 +175,7 @@ grant codeBase "${derbyTesting.clientjar
// Ideally this would be more secure, for now the
// focus is on getting the engine & network server secure.
//
-grant codeBase "${derbyTesting.codejar}derbytools.jar" {
+grant codeBase "${derbyTesting.tools}" {
// Access all properties using System.getProperties -
// ij enumerates the properties in order to open connections
// for any property set in ij.connection.* and set protocols
@@ -199,7 +199,7 @@ grant codeBase "${derbyTesting.codejar}d
// We are liberal here, it's not a goal to make the test harness
// or tests secure.
//
-grant codeBase "${derbyTesting.testjar}derbyTesting.jar" {
+grant codeBase "${derbyTesting.testing}" {
// Access all properties using System.getProperties
permission java.util.PropertyPermission "*", "read, write";
@@ -245,84 +245,6 @@ grant codeBase "${derbyTesting.testjar}d
//permission java.sql.SQLPermission "callAbort";
};
-//
-// super-set of the jar permissions for running out of the classes directory
-//
-grant codeBase "${derbyTesting.codeclasses}" {
- // Access all properties using System.getProperties
- permission java.util.PropertyPermission "*", "read, write";
-
- permission java.util.PropertyPermission "derby.*", "read";
- permission java.lang.RuntimePermission "createClassLoader";
-
- // permissions so that we can set the context class loader to
- // null for daemon threads to avoid class loader leak.
- // DERBY-3745
- permission java.lang.RuntimePermission "getClassLoader";
- permission java.lang.RuntimePermission "setContextClassLoader";
-
- permission java.security.SecurityPermission "getPolicy";
-
- permission java.io.FilePermission "${derby.system.home}${/}derby.properties", "read";
- permission java.io.FilePermission "${derby.system.home}${/}derby.log", "read, write, delete";
- permission java.io.FilePermission "${derby.system.home}", "read";
- permission java.io.FilePermission "${derby.system.home}${/}-", "read, write, delete";
-
- // combination of client and server side.
- permission java.net.SocketPermission "127.0.0.1", "accept,connect,resolve";
- permission java.net.SocketPermission "localhost", "accept,connect,resolve";
- permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
- permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve";
-
- // Access all files under ${user.dir}to write the test directory structure
- // Also covers extin, extout and extinout locations
- permission java.io.FilePermission "${user.dir}${/}-", "read,write,delete";
-
- // These permissions are needed to load the JCE for encryption with Sun and IBM JDK131.
- // JDK14 has the JCE preloaded
- permission java.security.SecurityPermission "insertProvider.SunJCE";
- permission java.security.SecurityPermission "insertProvider.IBMJCE";
-
- // When running with useprocess=false need to install and uninstall
- // the security manager and allow setIO to change the system err and out
- // streams. Currently the nist suite runs with useprocess=false.
- permission java.lang.RuntimePermission "setSecurityManager";
- permission java.lang.RuntimePermission "setIO";
-
- // These permissions are needed by stress.multi to dump the thread stack
- // traces upon failure.
- permission java.lang.RuntimePermission "getStackTrace";
- permission java.lang.RuntimePermission "modifyThreadGroup";
-
- // Allow MBeanTest to register the application management MBean.
- permission javax.management.MBeanServerPermission "createMBeanServer";
- permission javax.management.MBeanPermission "org.apache.derby.mbeans.Management#[org.apache.derby:type=Management]","registerMBean,unregisterMBean";
- permission javax.management.MBeanPermission "org.apache.derby.mbeans.Management#-[-]", "instantiate";
- permission javax.management.MBeanTrustPermission "register";
-
- // Allows access to Derby's built-in MBeans, within the domain org.apache.derby.
- permission javax.management.MBeanPermission "org.apache.derby.*#[org.apache.derby:*]","registerMBean,unregisterMBean";
-
-
- // And to find and use Derby's MBeans
- permission javax.management.MBeanPermission "org.apache.derby.mbeans.*#[org.apache.derby:*]", "getAttribute,invoke";
- permission javax.management.MBeanPermission "org.apache.derby.mbeans.*#-[org.apache.derby:*]", "getMBeanInfo";
- permission javax.management.MBeanPermission "-#-[-]", "queryNames";
- permission javax.management.MBeanPermission "org.apache.derby.mbeans.*#-[org.apache.derby:*]", "queryNames";
-
- // Test code needs this as well for the platform MBeanServer
- // tests where the testing code is in the stack frame.
- permission org.apache.derby.shared.common.security.SystemPermission "jmx", "control";
- permission org.apache.derby.shared.common.security.SystemPermission "engine", "monitor";
- permission org.apache.derby.shared.common.security.SystemPermission "server", "control,monitor";
-
- // Needed by FileUtil#limitAccessToOwner
- permission java.lang.RuntimePermission "accessUserInformation";
- permission java.lang.RuntimePermission "getFileStoreAttributes";
-
- permission org.apache.derby.shared.common.security.SystemPermission "engine", "usederbyinternals";
-};
-
// JUnit jar file tries to read junit.properties in the user's
// home directory and seems to require permission to read the
// property user.home as well.
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/LDAPTests.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/LDAPTests.policy?rev=1826417&r1=1826416&r2=1826417&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/LDAPTests.policy (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/LDAPTests.policy Sat Mar 10 16:24:00 2018
@@ -47,7 +47,7 @@
//
// Permissions for the embedded engine (derby.jar)
//
-grant codeBase "${derbyTesting.codejar}derby.jar" {
+grant codeBase "${derbyTesting.engine}" {
permission java.util.PropertyPermission "derby.*", "read";
permission java.util.PropertyPermission "derby.storage.jvmInstanceId",
"write";
@@ -122,7 +122,7 @@ grant codeBase "${derbyTesting.codejar}d
//
// Permissions for the network server (derbynet.jar)
//
-grant codeBase "${derbyTesting.codejar}derbynet.jar" {
+grant codeBase "${derbyTesting.netserver}" {
permission java.util.PropertyPermission "java.class.path", "read";//sysinfo
permission java.util.PropertyPermission "java.runtime.version", "read";//sysinfo
permission java.util.PropertyPermission "java.fullversion", "read";//sysinfo
@@ -144,7 +144,7 @@ grant codeBase "${derbyTesting.codejar}d
//
// Permissions for the network client (derbyclient.jar)
//
-grant codeBase "${derbyTesting.clientjar}derbyclient.jar" {
+grant codeBase "${derbyTesting.client}" {
permission java.net.SocketPermission "127.0.0.1", "connect,resolve";
permission java.net.SocketPermission "localhost", "connect,resolve";
permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve";
@@ -167,7 +167,7 @@ grant codeBase "${derbyTesting.clientjar
// Ideally this would be more secure, for now the
// focus is on getting the engine & network server secure.
//
-grant codeBase "${derbyTesting.codejar}derbytools.jar" {
+grant codeBase "${derbyTesting.tools}" {
// Access all properties using System.getProperties -
// ij enumerates the properties in order to open connections
// for any property set in ij.connection.* and set protocols
@@ -191,7 +191,7 @@ grant codeBase "${derbyTesting.codejar}d
// We are liberal here, it's not a goal to make the test harness
// or tests secure.
//
-grant codeBase "${derbyTesting.testjar}derbyTesting.jar" {
+grant codeBase "${derbyTesting.testing}" {
// Access all properties using System.getProperties
permission java.util.PropertyPermission "*", "read, write";
@@ -235,74 +235,6 @@ grant codeBase "${derbyTesting.testjar}d
permission java.net.SocketPermission "localhost", "listen";
};
-//
-// super-set of the jar permissions for running out of the classes directory
-//
-grant codeBase "${derbyTesting.codeclasses}" {
- // Access all properties using System.getProperties
- permission java.util.PropertyPermission "*", "read, write";
-
- permission java.util.PropertyPermission "derby.*", "read";
- permission java.lang.RuntimePermission "createClassLoader";
- permission java.security.SecurityPermission "getPolicy";
-
- permission java.io.FilePermission "${derby.system.home}${/}derby.properties", "read";
- permission java.io.FilePermission "${derby.system.home}${/}derby.log", "read, write, delete";
- permission java.io.FilePermission "${derby.system.home}", "read";
- permission java.io.FilePermission "${derby.system.home}${/}-", "read, write, delete";
-
- // combination of client and server side.
- permission java.net.SocketPermission "127.0.0.1", "accept,connect,resolve";
- permission java.net.SocketPermission "localhost", "accept,connect,resolve,listen";
- permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
- permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve";
-
- // resolve is needed to run ldap related tests
- permission java.net.SocketPermission "${derbyTesting.ldapServer}", "connect, resolve";
-
- // Access all files under ${user.dir}to write the test directory structure
- // Also covers extin, extout and extinout locations
- permission java.io.FilePermission "${user.dir}${/}-", "read,write,delete";
-
- // These permissions are needed to load the JCE for encryption with Sun and IBM JDK131.
- // JDK14 has the JCE preloaded
- permission java.security.SecurityPermission "insertProvider.SunJCE";
- permission java.security.SecurityPermission "insertProvider.IBMJCE";
-
- // When running with useprocess=false need to install and uninstall
- // the security manager and allow setIO to change the system err and out
- // streams. Currently the nist suite runs with useprocess=false.
- permission java.lang.RuntimePermission "setSecurityManager";
- permission java.lang.RuntimePermission "setIO";
-
- // These permissions are needed by stress.multi to dump the thread stack
- // traces upon failure.
- permission java.lang.RuntimePermission "getStackTrace";
- permission java.lang.RuntimePermission "modifyThreadGroup";
-
- // Allow MBeanTest to register the application management MBean.
- permission javax.management.MBeanServerPermission "createMBeanServer";
- permission javax.management.MBeanPermission "org.apache.derby.mbeans.Management#[org.apache.derby:type=Management]","registerMBean,unregisterMBean";
- permission javax.management.MBeanPermission "org.apache.derby.mbeans.Management#-[-]", "instantiate";
- permission javax.management.MBeanTrustPermission "register";
-
- // Allows access to Derby's built-in MBeans, within the domain org.apache.derby.
- permission javax.management.MBeanPermission "org.apache.derby.*#[org.apache.derby:*]","registerMBean,unregisterMBean";
-
-
- // And to find and use Derby's MBeans
- permission javax.management.MBeanPermission "org.apache.derby.mbeans.*#[org.apache.derby:*]", "getAttribute,invoke";
- permission javax.management.MBeanPermission "org.apache.derby.mbeans.*#-[org.apache.derby:*]", "getMBeanInfo";
- permission javax.management.MBeanPermission "-#-[-]", "queryNames";
- permission javax.management.MBeanPermission "org.apache.derby.mbeans.*#-[org.apache.derby:*]", "queryNames";
-
- // Test code needs this as well for the platform MBeanServer
- // tests where the testing code is in the stack frame.
- permission org.apache.derby.shared.common.security.SystemPermission "jmx", "control";
- permission org.apache.derby.shared.common.security.SystemPermission "engine", "monitor";
- permission org.apache.derby.shared.common.security.SystemPermission "server", "control,monitor";
-};
-
// JUnit jar file tries to read junit.properties in the user's
// home directory and seems to require permission to read the
// property user.home as well.
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/XATest.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/XATest.policy?rev=1826417&r1=1826416&r2=1826417&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/XATest.policy (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/jdbcapi/XATest.policy Sat Mar 10 16:24:00 2018
@@ -44,7 +44,7 @@
//
// Permissions for the embedded engine (derby.jar)
//
-grant codeBase "${derbyTesting.codejar}derby.jar" {
+grant codeBase "${derbyTesting.engine}" {
permission java.util.PropertyPermission "derby.*", "read";
permission java.util.PropertyPermission "derby.storage.jvmInstanceId",
"write";
@@ -101,7 +101,7 @@ grant codeBase "${derbyTesting.codejar}d
//
// Permissions for the network server (derbynet.jar)
//
-grant codeBase "${derbyTesting.codejar}derbynet.jar" {
+grant codeBase "${derbyTesting.netserver}" {
permission java.util.PropertyPermission "java.class.path", "read";//sysinfo
permission java.util.PropertyPermission "java.runtime.version", "read";//sysinfo
permission java.util.PropertyPermission "java.fullversion", "read";//sysinfo
@@ -123,7 +123,7 @@ grant codeBase "${derbyTesting.codejar}d
//
// Permissions for the network client (derbyclient.jar)
//
-grant codeBase "${derbyTesting.clientjar}derbyclient.jar" {
+grant codeBase "${derbyTesting.client}" {
permission java.net.SocketPermission "127.0.0.1", "connect,resolve";
permission java.net.SocketPermission "localhost", "connect,resolve";
permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve";
@@ -146,7 +146,7 @@ grant codeBase "${derbyTesting.clientjar
// Ideally this would be more secure, for now the
// focus is on getting the engine & network server secure.
//
-grant codeBase "${derbyTesting.codejar}derbytools.jar" {
+grant codeBase "${derbyTesting.tools}" {
// Access all properties using System.getProperties -
// ij enumerates the properties in order to open connections
// for any property set in ij.connection.* and set protocols
@@ -170,7 +170,7 @@ grant codeBase "${derbyTesting.codejar}d
// We are liberal here, it's not a goal to make the test harness
// or tests secure.
//
-grant codeBase "${derbyTesting.testjar}derbyTesting.jar" {
+grant codeBase "${derbyTesting.testing}" {
// Access all properties using System.getProperties
permission java.util.PropertyPermission "*", "read, write";
@@ -190,59 +190,6 @@ grant codeBase "${derbyTesting.testjar}d
permission java.lang.management.ManagementPermission "monitor";
};
-//
-// super-set of the jar permissions for running out of the classes directory
-//
-grant codeBase "${derbyTesting.codeclasses}" {
- // Access all properties using System.getProperties
- permission java.util.PropertyPermission "*", "read, write";
-
- permission java.util.PropertyPermission "derby.*", "read";
- permission java.lang.RuntimePermission "createClassLoader";
- permission java.security.SecurityPermission "getPolicy";
-
- permission java.io.FilePermission "${derby.system.home}${/}derby.properties", "read";
- permission java.io.FilePermission "${derby.system.home}${/}derby.log", "read, write, delete";
- permission java.io.FilePermission "${derby.system.home}", "read";
- permission java.io.FilePermission "${derby.system.home}${/}-", "read, write, delete";
-
- // combination of client and server side.
- permission java.net.SocketPermission "127.0.0.1", "accept,connect,resolve";
- permission java.net.SocketPermission "localhost", "accept,connect,resolve,listen";
- permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
- permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve";
-
- // Access all files under ${user.dir}to write the test directory structure
- // Also covers extin, extout and extinout locations
- permission java.io.FilePermission "${user.dir}${/}-", "read,write,delete";
-
- // These permissions are needed to load the JCE for encryption with Sun and IBM JDK131.
- // JDK14 has the JCE preloaded
- permission java.security.SecurityPermission "insertProvider.SunJCE";
- permission java.security.SecurityPermission "insertProvider.IBMJCE";
-
- // When running with useprocess=false need to install and uninstall
- // the security manager and allow setIO to change the system err and out
- // streams. Currently the nist suite runs with useprocess=false.
- permission java.lang.RuntimePermission "setSecurityManager";
- permission java.lang.RuntimePermission "setIO";
-
- // This permission is needed to avoid test failures in subsequent tests that
- // may be testing JMX functionality. Without this permission, old MBeans
- // might not be unregistered from the MBean server. See DERBY-3561.
- permission javax.management.MBeanPermission "org.apache.derby.*#[org.apache.derby:*]","unregisterMBean";
-
- // Needed by FileUtil#limitAccessToOwner
- permission java.lang.RuntimePermission "accessUserInformation";
- permission java.lang.RuntimePermission "getFileStoreAttributes";
-
- // This permission is needed to call DriverManager.deregisterDriver()
- // on Java SE 8 and later.
- permission java.sql.SQLPermission "deregisterDriver";
-
- permission org.apache.derby.shared.common.security.SystemPermission "engine", "usederbyinternals";
-};
-
// JUnit jar file tries to read junit.properties in the user's
// home directory and seems to require permission to read the
// property user.home as well.
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.initial.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.initial.policy?rev=1826417&r1=1826416&r2=1826417&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.initial.policy (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.initial.policy Sat Mar 10 16:24:00 2018
@@ -18,7 +18,7 @@
// * specific language governing permissions and limitations
// * under the License.
// *
-grant codeBase "${derbyTesting.codejar}derby.jar"
+grant codeBase "${derbyTesting.engine}"
{
//
// These permissions are needed for everyday, embedded Derby usage.
@@ -55,7 +55,7 @@ grant codeBase "${derbyTesting.codejar}d
permission java.lang.RuntimePermission "getFileStoreAttributes";
};
-grant codeBase "${derbyTesting.codejar}derbynet.jar"
+grant codeBase "${derbyTesting.netserver}"
{
//
// This permission lets the Network Server manage connections from clients.
@@ -65,7 +65,7 @@ grant codeBase "${derbyTesting.codejar}d
permission org.apache.derby.shared.common.security.SystemPermission "engine", "usederbyinternals";
};
-grant codeBase "${derbyTesting.testjar}derbyTesting.jar"
+grant codeBase "${derbyTesting.testing}"
{
// Read all properties
permission java.util.PropertyPermission "*", "read,write";
@@ -113,7 +113,7 @@ grant {
permission java.io.FilePermission "${jacoco.active}${user.dir}${/}*", "read, write";
};
-grant codeBase "${derbyTesting.codejar}derbytools.jar" {
+grant codeBase "${derbyTesting.tools}" {
permission org.apache.derby.shared.common.security.SystemPermission "engine", "usederbyinternals";
};
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.modified.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.modified.policy?rev=1826417&r1=1826416&r2=1826417&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.modified.policy (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.modified.policy Sat Mar 10 16:24:00 2018
@@ -18,7 +18,7 @@
// * specific language governing permissions and limitations
// * under the License.
// *
-grant codeBase "${derbyTesting.codejar}derby.jar"
+grant codeBase "${derbyTesting.engine}"
{
//
// These permissions are needed for everyday, embedded Derby usage.
@@ -55,7 +55,7 @@ grant codeBase "${derbyTesting.codejar}d
permission java.lang.RuntimePermission "getFileStoreAttributes";
};
-grant codeBase "${derbyTesting.codejar}derbynet.jar"
+grant codeBase "${derbyTesting.netserver}"
{
//
// This permission lets the Network Server manage connections from clients.
@@ -65,7 +65,7 @@ grant codeBase "${derbyTesting.codejar}d
permission org.apache.derby.shared.common.security.SystemPermission "engine", "usederbyinternals";
};
-grant codeBase "${derbyTesting.testjar}derbyTesting.jar"
+grant codeBase "${derbyTesting.testing}"
{
// Don't allow all properties to be read
permission java.util.PropertyPermission "derby.*", "read,write";
@@ -81,7 +81,7 @@ grant codeBase "${derbyTesting.testjar}d
permission java.lang.RuntimePermission "setIO";
};
-grant codeBase "${derbyTesting.codejar}derbytools.jar" {
+grant codeBase "${derbyTesting.tools}" {
permission org.apache.derby.shared.common.security.SystemPermission "engine", "usederbyinternals";
};
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.unreloadable.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.unreloadable.policy?rev=1826417&r1=1826416&r2=1826417&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.unreloadable.policy (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/SecurityPolicyReloadingTest.unreloadable.policy Sat Mar 10 16:24:00 2018
@@ -44,7 +44,7 @@
//
// Permissions for the embedded engine (derby.jar)
//
-grant codeBase "${derbyTesting.codejar}derby.jar" {
+grant codeBase "${derbyTesting.engine}" {
permission java.util.PropertyPermission "derby.*", "read";
permission java.util.PropertyPermission "derby.storage.jvmInstanceId",
"write";
@@ -93,7 +93,7 @@ permission java.util.PropertyPermission
//
// Permissions for the network server (derbynet.jar)
//
-grant codeBase "${derbyTesting.codejar}derbynet.jar" {
+grant codeBase "${derbyTesting.netserver}" {
permission java.util.PropertyPermission "java.class.path", "read";//sysinfo
permission java.util.PropertyPermission "java.runtime.version", "read";//sysinfo
permission java.util.PropertyPermission "java.fullversion", "read";//sysinfo
@@ -111,7 +111,7 @@ grant codeBase "${derbyTesting.codejar}d
//
// Permissions for the network client (derbyclient.jar)
//
-grant codeBase "${derbyTesting.clientjar}derbyclient.jar" {
+grant codeBase "${derbyTesting.client}" {
permission java.net.SocketPermission "127.0.0.1", "connect,resolve";
permission java.net.SocketPermission "localhost", "connect,resolve";
permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve";
@@ -138,7 +138,7 @@ permission java.util.PropertyPermission
// Ideally this would be more secure, for now the
// focus is on getting the engine & network server secure.
//
-grant codeBase "${derbyTesting.codejar}derbytools.jar" {
+grant codeBase "${derbyTesting.tools}" {
// Access all properties using System.getProperties
permission java.util.PropertyPermission "*", "read, write";
@@ -156,7 +156,7 @@ grant codeBase "${derbyTesting.codejar}d
// We are liberal here, it's not a goal to make the test harness
// or tests secure.
//
-grant codeBase "${derbyTesting.testjar}derbyTesting.jar" {
+grant codeBase "${derbyTesting.testing}" {
// Access all properties using System.getProperties
permission java.util.PropertyPermission "*", "read, write";
@@ -165,45 +165,6 @@ grant codeBase "${derbyTesting.testjar}d
// When running with useprocess=false need to install and uninstall
// the security manager and allow setIO to change the system err and out
- // streams. Currently the nist suite runs with useprocess=false.
- permission java.lang.RuntimePermission "setSecurityManager";
- permission java.security.SecurityPermission "getPolicy";
- permission java.lang.RuntimePermission "setIO";
-};
-
-//
-// super-set of the jar permissions for running out of the classes directory
-//
-grant codeBase "${derbyTesting.codeclasses}" {
- // Access all properties using System.getProperties
- permission java.util.PropertyPermission "*", "read, write";
-
- permission java.util.PropertyPermission "derby.*", "read";
- permission java.lang.RuntimePermission "createClassLoader";
- permission java.security.SecurityPermission "getPolicy";
-
- permission java.io.FilePermission "${derby.system.home}${/}derby.properties", "read";
- permission java.io.FilePermission "${derby.system.home}${/}derby.log", "read, write, delete";
- permission java.io.FilePermission "${derby.system.home}", "read";
- permission java.io.FilePermission "${derby.system.home}${/}-", "read, write, delete";
-
- // combination of client and server side.
- permission java.net.SocketPermission "127.0.0.1", "accept,connect,resolve";
- permission java.net.SocketPermission "localhost", "accept,connect,resolve";
- permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
- permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve";
-
- // Access all files under ${user.dir}to write the test directory structure
- // Also covers extin, extout and extinout locations
- permission java.io.FilePermission "${user.dir}${/}-", "read,write,delete";
-
- // These permissions are needed to load the JCE for encryption with Sun and IBM JDK131.
- // JDK14 has the JCE preloaded
- permission java.security.SecurityPermission "insertProvider.SunJCE";
- permission java.security.SecurityPermission "insertProvider.IBMJCE";
-
- // When running with useprocess=false need to install and uninstall
- // the security manager and allow setIO to change the system err and out
// streams. Currently the nist suite runs with useprocess=false.
permission java.lang.RuntimePermission "setSecurityManager";
permission java.security.SecurityPermission "getPolicy";
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/_Suite.java
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/_Suite.java?rev=1826417&r1=1826416&r2=1826417&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/_Suite.java (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/_Suite.java Sat Mar 10 16:24:00 2018
@@ -27,6 +27,7 @@ import org.apache.derbyTesting.functionT
import org.apache.derbyTesting.junit.BaseTestCase;
import org.apache.derbyTesting.junit.BaseTestSuite;
import org.apache.derbyTesting.junit.JDBC;
+import org.apache.derbyTesting.junit.TestConfiguration;
/**
* Suite to run all JUnit tests in this package:
@@ -262,7 +263,7 @@ public class _Suite extends BaseTestCase
suite.addTest(Derby5866TriggerOrderTest.suite());
suite.addTest(NoDBInternalsPermissionTest.suite());
suite.addTest(ClassLoadingTest.suite());
- suite.addTest(VetJigsawTest.suite());
+ if (TestConfiguration.loadingFromJars()) { suite.addTest(VetJigsawTest.suite()); }
return suite;
}
}
Modified: db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/luceneSupport.policy
URL: http://svn.apache.org/viewvc/db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/luceneSupport.policy?rev=1826417&r1=1826416&r2=1826417&view=diff
==============================================================================
--- db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/luceneSupport.policy (original)
+++ db/derby/code/trunk/java/testing/org/apache/derbyTesting/functionTests/tests/lang/luceneSupport.policy Sat Mar 10 16:24:00 2018
@@ -45,7 +45,7 @@
//
// Permissions for the embedded engine (derby.jar)
//
-grant codeBase "${derbyTesting.codejar}derby.jar" {
+grant codeBase "${derbyTesting.engine}" {
permission java.util.PropertyPermission "derby.*", "read";
permission java.util.PropertyPermission "derby.storage.jvmInstanceId",
"write";
@@ -146,7 +146,7 @@ grant codeBase "${derbyTesting.codejar}d
//
// Permissions for the network server (derbynet.jar)
//
-grant codeBase "${derbyTesting.codejar}derbynet.jar" {
+grant codeBase "${derbyTesting.netserver}" {
permission java.util.PropertyPermission "java.class.path", "read";//sysinfo
permission java.util.PropertyPermission "java.runtime.version", "read";//sysinfo
permission java.util.PropertyPermission "java.fullversion", "read";//sysinfo
@@ -183,7 +183,7 @@ grant codeBase "${derbyTesting.codejar}d
//
// Permissions for the network client (derbyclient.jar)
//
-grant codeBase "${derbyTesting.clientjar}derbyclient.jar" {
+grant codeBase "${derbyTesting.client}" {
permission java.net.SocketPermission "127.0.0.1", "connect,resolve";
permission java.net.SocketPermission "localhost", "connect,resolve";
permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve";
@@ -215,7 +215,7 @@ grant codeBase "${derbyTesting.clientjar
// Ideally this would be more secure, for now the
// focus is on getting the engine & network server secure.
//
-grant codeBase "${derbyTesting.codejar}derbytools.jar" {
+grant codeBase "${derbyTesting.tools}" {
// Access all properties using System.getProperties -
// ij enumerates the properties in order to open connections
// for any property set in ij.connection.* and set protocols
@@ -239,7 +239,7 @@ grant codeBase "${derbyTesting.codejar}d
// We are liberal here, it's not a goal to make the test harness
// or tests secure.
//
-grant codeBase "${derbyTesting.testjar}derbyTesting.jar" {
+grant codeBase "${derbyTesting.testing}" {
// Access all properties using System.getProperties
permission java.util.PropertyPermission "*", "read, write";
@@ -298,93 +298,6 @@ grant codeBase "${derbyTesting.testjar}d
permission java.net.SocketPermission "localhost", "listen";
};
-//
-// super-set of the jar permissions for running out of the classes directory
-//
-grant codeBase "${derbyTesting.codeclasses}" {
- // Access all properties using System.getProperties
- permission java.util.PropertyPermission "*", "read, write";
-
- permission java.util.PropertyPermission "derby.*", "read";
- permission java.lang.RuntimePermission "createClassLoader";
-
- // permissions so that we can set the context class loader to
- // null for daemon threads to avoid class loader leak.
- // DERBY-3745
- permission java.lang.RuntimePermission "getClassLoader";
- permission java.lang.RuntimePermission "setContextClassLoader";
-
- permission java.security.SecurityPermission "getPolicy";
-
- permission java.io.FilePermission "${derby.system.home}${/}derby.properties", "read";
- permission java.io.FilePermission "${derby.system.home}${/}derby.log", "read, write, delete";
- permission java.io.FilePermission "${derby.system.home}", "read";
- permission java.io.FilePermission "${derby.system.home}${/}-", "read, write, delete";
-
- // combination of client and server side.
- permission java.net.SocketPermission "127.0.0.1", "accept,connect,resolve";
- permission java.net.SocketPermission "localhost", "accept,connect,resolve,listen";
- permission java.net.SocketPermission "${derbyTesting.clienthost}", "accept,connect";
- permission java.net.SocketPermission "${derbyTesting.serverhost}", "connect,resolve";
-
- // Access all files under ${user.dir}to write the test directory structure
- // Also covers extin, extout and extinout locations
- permission java.io.FilePermission "${user.dir}${/}-", "read,write,delete";
-
- // Tests need to be able to exec a java program. DERBY-6295: Also give them
- // read permission so that detailed error message is shown.
- permission java.io.FilePermission "${java.home}${/}-", "execute, read";
-
- // These permissions are needed to load the JCE for encryption with Sun and IBM JDK131.
- // JDK14 has the JCE preloaded
- permission java.security.SecurityPermission "insertProvider.SunJCE";
- permission java.security.SecurityPermission "insertProvider.IBMJCE";
-
- // When running with useprocess=false need to install and uninstall
- // the security manager and allow setIO to change the system err and out
- // streams. Currently the nist suite runs with useprocess=false.
- permission java.lang.RuntimePermission "setSecurityManager";
- permission java.lang.RuntimePermission "setIO";
-
- // These permissions are needed by stress.multi to dump the thread stack
- // traces upon failure.
- permission java.lang.RuntimePermission "getStackTrace";
- permission java.lang.RuntimePermission "modifyThreadGroup";
-
- // Allow MBeanTest to register the application management MBean.
- permission javax.management.MBeanServerPermission "createMBeanServer";
- permission javax.management.MBeanPermission "org.apache.derby.mbeans.Management#[org.apache.derby:type=Management]","registerMBean,unregisterMBean";
- permission javax.management.MBeanPermission "org.apache.derby.mbeans.Management#-[-]", "instantiate";
- permission javax.management.MBeanTrustPermission "register";
-
- // Allows access to Derby's built-in MBeans, within the domain org.apache.derby.
- permission javax.management.MBeanPermission "org.apache.derby.*#[org.apache.derby:*]","registerMBean,unregisterMBean";
-
-
- // And to find and use Derby's MBeans
- permission javax.management.MBeanPermission "org.apache.derby.mbeans.*#[org.apache.derby:*]", "getAttribute,invoke";
- permission javax.management.MBeanPermission "org.apache.derby.mbeans.*#-[org.apache.derby:*]", "getMBeanInfo";
- permission javax.management.MBeanPermission "-#-[-]", "queryNames";
- permission javax.management.MBeanPermission "org.apache.derby.mbeans.*#-[org.apache.derby:*]", "queryNames";
-
- // Test code needs this as well for the platform MBeanServer
- // tests where the testing code is in the stack frame.
- permission org.apache.derby.shared.common.security.SystemPermission "jmx", "control";
- permission org.apache.derby.shared.common.security.SystemPermission "engine", "monitor";
- permission org.apache.derby.shared.common.security.SystemPermission "server", "control,monitor";
-
- // Needed by FileUtil#limitAccessToOwner
- permission java.lang.RuntimePermission "accessUserInformation";
- permission java.lang.RuntimePermission "getFileStoreAttributes";
-
- // This permission is needed to call DriverManager.deregisterDriver()
- // on Java SE 8 and later.
- permission java.sql.SQLPermission "deregisterDriver";
-
- permission org.apache.derby.shared.common.security.SystemPermission "engine", "usederbyinternals";
- permission java.lang.RuntimePermission "accessDeclaredMembers";
-};
-
// JUnit jar file tries to read junit.properties in the user's
// home directory and seems to require permission to read the
// property user.home as well.
@@ -455,7 +368,7 @@ grant codeBase "${derbyTesting.ppcodecla
//
// Permissions for the optional tools (derbyoptionaltools.jar)
//
-grant codeBase "${derbyTesting.codejar}derbyoptionaltools.jar" {
+grant codeBase "${derbyTesting.optionaltools}" {
permission java.util.PropertyPermission "derby.system.home", "read";
permission org.apache.derby.shared.common.security.SystemPermission "engine", "usederbyinternals";