/etc/java-7-openjdk/security/java.policy is in openjdk-7-jre-headless 7~u3-2.1.1~pre1-1ubuntu2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 | // Standard extensions get all permissions by default
grant codeBase "file:${{java.ext.dirs}}/*" {
permission java.security.AllPermission;
};
grant codeBase "file:/usr/lib/jvm/java-7-openjdk-common/jre/lib/ext/*" {
permission java.security.AllPermission;
};
grant codeBase "file:/usr/lib/jvm/java-7-openjdk-alpha/jre/lib/ext/*" {
permission java.security.AllPermission;
};
grant codeBase "file:/usr/lib/jvm/java-7-openjdk-amd64/jre/lib/ext/*" {
permission java.security.AllPermission;
};
grant codeBase "file:/usr/lib/jvm/java-7-openjdk-armel/jre/lib/ext/*" {
permission java.security.AllPermission;
};
grant codeBase "file:/usr/lib/jvm/java-7-openjdk-armhf/jre/lib/ext/*" {
permission java.security.AllPermission;
};
grant codeBase "file:/usr/lib/jvm/java-7-openjdk-i386/jre/lib/ext/*" {
permission java.security.AllPermission;
};
grant codeBase "file:/usr/lib/jvm/java-7-openjdk-ia64/jre/lib/ext/*" {
permission java.security.AllPermission;
};
grant codeBase "file:/usr/lib/jvm/java-7-openjdk-lpia/jre/lib/ext/*" {
permission java.security.AllPermission;
};
grant codeBase "file:/usr/lib/jvm/java-7-openjdk-powerpc/jre/lib/ext/*" {
permission java.security.AllPermission;
};
grant codeBase "file:/usr/lib/jvm/java-7-openjdk-ppc64/jre/lib/ext/*" {
permission java.security.AllPermission;
};
grant codeBase "file:/usr/lib/jvm/java-7-openjdk-sparc/jre/lib/ext/*" {
permission java.security.AllPermission;
};
grant codeBase "file:/usr/lib/jvm/java-7-openjdk-sparc64/jre/lib/ext/*" {
permission java.security.AllPermission;
};
// Comment this out if you want to give all permissions to the
// Debian Java repository too:
//grant codeBase "file:/usr/share/java/repository/-" {
// permission java.security.AllPermission;
//};
// default permissions granted to all domains
grant {
// Allows any thread to stop itself using the java.lang.Thread.stop()
// method that takes no argument.
// Note that this permission is granted by default only to remain
// backwards compatible.
// It is strongly recommended that you either remove this permission
// from this policy file or further restrict it to code sources
// that you specify, because Thread.stop() is potentially unsafe.
// See the API specification of java.lang.Thread.stop() for more
// information.
permission java.lang.RuntimePermission "stopThread";
// allows anyone to listen on un-privileged ports
permission java.net.SocketPermission "localhost:1024-", "listen";
// "standard" properies that can be read by anyone
permission java.util.PropertyPermission "java.version", "read";
permission java.util.PropertyPermission "java.vendor", "read";
permission java.util.PropertyPermission "java.vendor.url", "read";
permission java.util.PropertyPermission "java.class.version", "read";
permission java.util.PropertyPermission "os.name", "read";
permission java.util.PropertyPermission "os.version", "read";
permission java.util.PropertyPermission "os.arch", "read";
permission java.util.PropertyPermission "file.separator", "read";
permission java.util.PropertyPermission "path.separator", "read";
permission java.util.PropertyPermission "line.separator", "read";
permission java.util.PropertyPermission "java.specification.version", "read";
permission java.util.PropertyPermission "java.specification.vendor", "read";
permission java.util.PropertyPermission "java.specification.name", "read";
permission java.util.PropertyPermission "java.vm.specification.version", "read";
permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
permission java.util.PropertyPermission "java.vm.specification.name", "read";
permission java.util.PropertyPermission "java.vm.version", "read";
permission java.util.PropertyPermission "java.vm.vendor", "read";
permission java.util.PropertyPermission "java.vm.name", "read";
};
|