1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
|
//
// Licensed to the Apache Software Foundation (ASF) under one or more
// contributor license agreements. See the NOTICE file distributed with
// this work for additional information regarding copyright ownership.
// The ASF licenses this file to You under the Apache License, Version 2.0
// (the "License"); you may not use this file except in compliance with
// the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
// A minimal policy file for running the withoutPermsTest test case of
// CacheManagerMBeanTest. The only difference between this policy file
// and CacheManagerMBeanTest.withPerm.policy, is that this file does not
// grant SystemPermission("engine", "monitor") to derbyTesting.jar.
grant codeBase "${derbyTesting.codejar}derby.jar"
{
// These permissions are needed for everyday, embedded Derby usage.
//
permission java.lang.RuntimePermission "createClassLoader";
permission java.lang.RuntimePermission "setSecurityManager";
permission org.apache.derby.security.SystemPermission "engine", "usederbyinternals";
permission java.util.PropertyPermission "derby.*", "read";
permission java.util.PropertyPermission "user.dir", "read";
permission java.io.FilePermission "${derby.system.home}","read";
permission java.io.FilePermission "${derby.system.home}${/}-",
"read,write,delete";
// Trusts Derby code to be a source of MBeans and to register these in the
// MBean server.
//
permission javax.management.MBeanTrustPermission "register";
permission org.apache.derby.security.SystemPermission "engine", "monitor";
};
//
// Permissions for the tests (derbyTesting.jar)
//
grant codeBase "${derbyTesting.testjar}derbyTesting.jar" {
// Allow tests to install and uninstall the security manager and
// to refresh the policy
permission java.util.PropertyPermission "java.security.policy", "read,write";
permission java.lang.RuntimePermission "setSecurityManager";
permission java.security.SecurityPermission "getPolicy";
// derbyTesting.junit.TestConfiguration... modifies System properties
permission java.util.PropertyPermission "*", "read,write";
// Access all files under ${user.dir} to write the test directory structure
permission java.io.FilePermission "${user.dir}${/}-", "read,write,delete";
// Allow the test to start the platform MBean server
permission javax.management.MBeanServerPermission "createMBeanServer";
// And to find and use Derby's MBeans
permission javax.management.MBeanPermission "org.apache.derby.mbeans.*#[org.apache.derby:*]", "getAttribute,setAttribute,invoke";
permission javax.management.MBeanPermission "org.apache.derby.mbeans.*#-[org.apache.derby:*]", "getMBeanInfo";
permission javax.management.MBeanPermission "-#-[-]", "queryNames";
permission javax.management.MBeanPermission "org.apache.derby.mbeans.*#-[org.apache.derby:*]", "queryNames";
};
// JUnit jar file tries to read junit.properties in the user's
// home directory and seems to require permission to read the
// property user.home as well.
// junit.swingui.TestRunner writes to .junitsession on exit.
grant codeBase "${derbyTesting.junit}" {
permission java.util.PropertyPermission "user.home", "read";
permission java.io.FilePermission "${user.home}${/}junit.properties", "read";
permission java.io.FilePermission "${user.home}${/}.junitsession", "write";
// This permission is needed when running the tests using ant 1.7
permission java.io.FilePermission "${user.dir}${/}*", "write";
};
// Ant's junit runner requires setOut to redirect the System output streams
// to the forked JVM used when running junit tests inside Ant. Ant requires
// forking the JVM if you want to run tests in a different directory than the
// current one.
grant codeBase "${derbyTesting.antjunit}" {
permission java.lang.RuntimePermission "setIO";
// This permission is needed when running the tests using ant 1.7
permission java.io.FilePermission "${user.dir}${/}*", "write";
};
|
