Java.policy file

Java security policy File the English meaning of policy policy

This file is primarily about setting permissions for Java programs (mainly Apple applets: such as printing, etc.)

The security policy for the Java application environment, which details the license for different resources owned by different code, is expressed by a policy object. In order for an applet (or an application running under SecurityManager) to perform protected behavior, such as reading and writing files, applets (or Java applications) must be licensed for that operation, and security policy files are used to implement these licenses.

Standard extensions get all permissions by default

Grant CodeBase "file:${{java.ext.dirs}}/*" {
Permission java.security.AllPermission;
};

Default permissions granted to all domains

Grant {
Allows any thread to stop itself using the Java.lang.Thread.stop ()
Method that takes no argument.
Note that this permission are granted by default only to remain
Backwards compatible.
It is strongly recommended so either remove this permission
From the policy file or further restrict it to code sources
That's specify, because Thread.stop () is potentially unsafe.
See "Http://java.sun.com/notes" for more information.
Permission Java.lang.RuntimePermission "Stopthread";

Allows anyone to listen on un-privileged ports
Permission Java.net.SocketPermission "localhost:1024-", "Listen";

"Standard" properies the can is read by anyone

Permission Java.util.PropertyPermission "Java.version", "read";
Permission Java.util.PropertyPermission "Java.vendor", "read";
Permission Java.util.PropertyPermission "Java.vendor.url", "read";
Permission Java.util.PropertyPermission "Java.class.version", "read";
Permission Java.util.PropertyPermission "Os.name", "read";
Permission Java.util.PropertyPermission "Os.version", "read";
Permission Java.util.PropertyPermission "Os.arch", "read";
Permission Java.util.PropertyPermission "File.separator", "read";
Permission Java.util.PropertyPermission "Path.separator", "read";
Permission Java.util.PropertyPermission "Line.separator", "read";

Permission Java.util.PropertyPermission "Java.specification.version", "read";
Permission Java.util.PropertyPermission "Java.specification.vendor", "read";
Permission Java.util.PropertyPermission "Java.specification.name", "read";

Permission Java.util.PropertyPermission "Java.vm.specification.version", "read";
Permission Java.util.PropertyPermission "Java.vm.specification.vendor", "read";
Permission Java.util.PropertyPermission "Java.vm.specification.name", "read";
Permission Java.util.PropertyPermission "Java.vm.version", "read";
Permission Java.util.PropertyPermission "Java.vm.vendor", "read";
Permission Java.util.PropertyPermission "Java.vm.name", "read";
Permission java.security.AllPermission;

};

The file defines the default permissions for the Java program, and the first grant defines all classes and jars under the System Properties ${{java.ext.dirs}} path (/* indicates all classes and jars, if only/represents all classes but does not include jars) Have all operation Rights (java.security.AllPermission), java.ext.dirs corresponding path is%java_home%/jre/lib/ext directory, The second grant later defines the permissions that all Java programs have, including stopping the thread, starting the socket server, and reading some system properties

Java.policy file