-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathzimbra.policy.example
56 lines (50 loc) · 3.11 KB
/
zimbra.policy.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
grant {
//grant all code-level permissions
permission java.lang.RuntimePermission "*";
permission java.security.SecurityPermission "*";
permission java.net.NetPermission "*";
permission javax.management.MBeanServerPermission "*";
permission javax.management.MBeanPermission "*", "*";
permission javax.management.MBeanTrustPermission "*";
permission java.lang.management.ManagementPermission "control";
permission java.lang.management.ManagementPermission "monitor";
permission java.util.logging.LoggingPermission "control";
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
permission java.net.SocketPermission "*", "accept,resolve,listen,connect";
permission java.util.PropertyPermission "*", "read,write";
permission javax.net.ssl.SSLPermission "*";
//Jetty internals
permission java.io.FilePermission "${jetty.base}/-", "read";
permission java.io.FilePermission "${jetty.base}/work/-", "read,write,delete";
permission java.io.FilePermission "etc/-", "read";
permission java.io.FilePermission "null", "read";
//suppress spurious ACE from jetty startup file exists checks
permission java.io.FilePermission "/usr/share/java/ant.jar", "read";
permission java.io.FilePermission "", "read";
//Java internals
permission java.io.FilePermission "${java.home}/-", "read";
permission java.io.FilePermission "${java.io.tmpdir}/-", "read,write,delete";
//Mac Java install needs a bunch of possible paths; these are checked by JSP compiler and may or may not really exist but ACE will be fatal
permission java.io.FilePermission "/Library/Java/-", "read";
permission java.io.FilePermission "/System/Library/Java/-", "read";
permission java.io.FilePermission "/System/Library/Frameworks/JavaVM.framework/-", "read";
permission java.io.FilePermission "/Users/-", "read";
//Zimbra internals
permission java.io.FilePermission "${zimbra.home}/conf/-", "read";
permission java.io.FilePermission "${zimbra.home}/-", "read";
permission java.io.FilePermission "im/-", "read"; //IM module in HELIX
//Zimbra data
permission java.io.FilePermission "${zimbra.home}/log", "read,write,delete";
permission java.io.FilePermission "${zimbra.home}/log/-", "read,write,delete";
permission java.io.FilePermission "${zimbra.home}/zmstat", "read, write, delete";
permission java.io.FilePermission "${zimbra.home}/zmstat/-", "read, write, delete";
permission java.io.FilePermission "${zimbra.home}/store", "read, write, delete";
permission java.io.FilePermission "${zimbra.home}/store/-", "read, write, delete";
permission java.io.FilePermission "${zimbra.home}/index", "read, write, delete";
permission java.io.FilePermission "${zimbra.home}/index/-", "read, write, delete";
permission java.io.FilePermission "${zimbra.home}/data", "read, write, delete";
permission java.io.FilePermission "${zimbra.home}/data/-", "read, write, delete";
permission java.io.FilePermission "${zimbra.home}/redolog", "read, write, delete";
permission java.io.FilePermission "${zimbra.home}/redolog/-", "read, write, delete";
permission java.io.FilePermission "${zimbra.home}/zimlets-deployed/-", "read, write, delete";
};