// // Copyright by Intland Software // All rights reserved. // // This software is the confidential and proprietary information of Intland Software. ("Confidential Information"). // You shall not disclose such Confidential Information and shall use it only in accordance with the terms of the // license agreement you entered into with Intland. // // Special java.policy file to be used for Ant invocations from a CodeBeamer build run // The intended use is via the ANT_OPTS environment variable, that should be set prior to invoking ant: // // ANT_OPTS = -Djava.security.manager -Djava.security.policy=ant-build.policy // -DCB_INSTALLDIR=... -DCB_WEBAPP_DIR=... -DCB_PROJECT_DIR=... // // Where CB_INSTALLDIR is the CodeBeamer installation directory, CB_WEBAPP_DIR is the CodeBeamer application directory // and CB_PROJECT_DIR is the root directory of the CodeBeamer project that is to be build. // // author Klaus Mehling // version $Id$ // grant codeBase "file:${{java.ext.dirs}}/*" { permission java.security.AllPermission; }; grant codeBase "file:${ant.home}/lib/ant-launcher.jar" { permission java.security.AllPermission; }; grant codeBase "file:${ant.home}/lib/ant.jar" { permission java.lang.RuntimePermission "setIO"; permission java.lang.RuntimePermission "setSecurityManager"; }; grant { permission java.lang.RuntimePermission "createClassLoader"; permission java.lang.RuntimePermission "getClassLoader"; permission java.lang.RuntimePermission "setContextClassLoader"; permission java.lang.RuntimePermission "accessDeclaredMembers"; permission java.lang.RuntimePermission "exitVM"; permission java.lang.RuntimePermission "getProtectionDomain"; permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; // Allow to read Java standard libs permission java.io.FilePermission "${java.home}${/}-", "read"; permission java.io.FilePermission "${java.home}/../lib${/}-", "read"; // Temporary dir should be read/write permission java.io.FilePermission "${java.io.tmpdir}", "read, write, delete"; permission java.io.FilePermission "${java.io.tmpdir}${/}-", "read, write, delete"; // ANT_HOME must be readable permission java.io.FilePermission "${ant.home}", "read"; permission java.io.FilePermission "${ant.home}${/}-", "read"; // Common Tomcat classes should be readable permission java.io.FilePermission "${CB_INSTALLDIR}${/}tomcat${/}common${/}-", "read"; // Codebeamer classes and Ant files should be readable permission java.io.FilePermission "${CB_WEBAPP_DIR}${/}WEB-INF${/}-", "read"; permission java.io.FilePermission "${CB_WEBAPP_DIR}${/}config${/}ant", "read"; permission java.io.FilePermission "${CB_WEBAPP_DIR}${/}config${/}ant${/}-", "read"; // Case 1 - SVN/CVS: files in the source_root directory and subdirectories are accessible permission java.io.FilePermission "${CB_PROJECT_DIR}", "read"; permission java.io.FilePermission "${CB_PROJECT_DIR}${/}-", "read, write, delete"; // Case 2 - DVCS: files in the repository/dvcs_type directory and subdirectories are accessible permission java.io.FilePermission "${CB_INSTALLDIR}${/}repository${/}git", "read"; permission java.io.FilePermission "${CB_INSTALLDIR}${/}repository${/}git${/}-", "read, write, delete"; permission java.io.FilePermission "${CB_INSTALLDIR}${/}repository${/}hg", "read"; permission java.io.FilePermission "${CB_INSTALLDIR}${/}repository${/}hg${/}-", "read, write, delete"; // Network connections to remote servers are not allowed permission java.net.SocketPermission "localhost", "connect"; permission java.net.SocketPermission "${CB_HOST}", "connect"; permission java.net.SocketPermission "${ANT_HOST}", "connect"; permission java.net.NetPermission "getProxySelector"; permission java.lang.RuntimePermission "getenv.*"; permission java.util.PropertyPermission "*", "read, write"; permission java.util.logging.LoggingPermission "control"; };