};
grant codeBase "jrt:/jdk.internal.vm.compiler.management" {
- permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.hotspot";
+ permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.vm.compiler.collections";
permission java.lang.RuntimePermission "accessClassInPackage.jdk.vm.ci.runtime";
- permission java.lang.RuntimePermission "accessClassInPackage.sun.management.spi";
- permission java.lang.RuntimePermission "sun.management.spi.PlatformMBeanProvider.subclass";
+ permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.core.common";
+ permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.debug";
+ permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.hotspot";
+ permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.options";
+ permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.phases.common.jmx";
+ permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.serviceprovider";
};
grant codeBase "jrt:/jdk.jsobject" {
#
#jdk.security.krb5.default.initiate.credential=always-impersonate
+#
+# Trust Anchor Certificates - CA Basic Constraint check
+#
+# X.509 v3 certificates used as Trust Anchors (to validate signed code or TLS
+# connections) must have the cA Basic Constraint field set to 'true'. Also, if
+# they include a Key Usage extension, the keyCertSign bit must be set. These
+# checks, enabled by default, can be disabled for backward-compatibility
+# purposes with the jdk.security.allowNonCaAnchor System and Security
+# properties. In the case that both properties are simultaneously set, the
+# System value prevails. The default value of the property is "false".
+#
+#jdk.security.allowNonCaAnchor=true
projects / homeserver / commitdiff