/*  Copyright Oracle 2007
  In order to use this policy file as is, define the following system properties

  -Doracle.jdbc.policy.CLIENT_HOST=client.myco.com
  -Doracle.jdbc.policy.DBMS_HOST=db.myco.com
  -Doracle.jdbc.policy.DBMS_PORT=1521
  -Doracle.jdbc.policy.DMS_CODE_BASE=$ORACLE_HOME/lib/dms.jar

  -Doracle.jdbc.policy.JDBC_CODE_BASE=$ORACLE_HOME/lib/ojdbc??.jar for the jar used

  -Doracle.jdbc.policy.ORAI18N=$ORACLE_HOME/lib/orai18n.jar
  -Doracle.jdbc.policy.USER_CODE_BASE=/home/myapp/lib/-
  -Doracle.jdbc.policy.ONS_CODE_BASE=$ORACLE_HOME/opmn/lib/ons.jar
  -Doracle.jdbc.policy.CONNECTION_POOL_CODE_BASE=myConnectionPool.jar
  -Doracle.jdbc.policy.OPMN_CONFIG=$ORACLE_HOME/opmn/conf/*
  -Doracle.jdbc.policy.REMOTE_ONS_HOST1=db.myco.com
  -Doracle.jdbc.policy.REMOTE_ONS_PORT1=4200
  -Doracle.jdbc.policy.CONFIG_FILE=$TNS_ADMIN/ojdbc.properties

  Of course you can also edit this file and replace the macros (stuff enclosed in ${foo} )
  with the actual values. You can add multiple SocketPermissions to support multiple hosts
  and clients for the Thin driver or you can use wildcards (*). If you don't use DMS you don't
  need to define the DMS system properties.
*/

grant codeBase "file:${oracle.jdbc.policy.JDBC_CODE_BASE}" {

  /* Always needed */
  permission java.sql.SQLPermission "deregisterDriver", "";
  permission java.util.PropertyPermission "user.name", "read";
  permission java.util.PropertyPermission "oracle.jdbc.*", "read";
  permission java.util.PropertyPermission "oracle.net.*", "read";
  permission java.util.PropertyPermission "javax.net.ssl.*", "read";
  permission java.lang.management.ManagementPermission "control";
  permission javax.management.MBeanServerPermission "createMBeanServer";
  permission javax.management.MBeanPermission "oracle.jdbc.driver.OracleDiagnosabilityMBean#[com.oracle.jdbc:type=diagnosability,*]", "registerMBean";
  permission javax.management.MBeanTrustPermission "register";
  permission java.lang.RuntimePermission "getenv.TNS_ADMIN";
  permission java.util.PropertyPermission "TNS_ADMIN", "read";
  permission java.io.FilePermission "${oracle.jdbc.policy.CONFIG_FILE}", "read";

  /* Needed only if you use the Thin driver */
  permission java.net.SocketPermission "${oracle.jdbc.policy.CLIENT_HOST}", "connect,resolve";
  permission java.net.SocketPermission "${oracle.jdbc.policy.DBMS_HOST}:${oracle.jdbc.policy.DBMS_PORT}", "connect,resolve";

  /* Needed only if you use the OCI driver */
  permission java.lang.RuntimePermission "loadLibrary.ocijdbc12";

  /* Needed only if you need orai18n.jar in your class path for National Character Set support */
  permission java.io.FilePermission "${oracle.jdbc.policy.ORAI18N}", "read";

  /* Needed only if you use asynchronous notification: AQ notification or
     Databasase Change Notification. */
  permission java.net.SocketPermission "${oracle.jdbc.policy.DBMS_HOST}", "accept";

  /* Needed only if you use a DMS enabled jar */
  permission java.util.PropertyPermission "oracle.dms.console.DMSConsole", "read";
  permission java.util.PropertyPermission "oracle.dms.mount", "read";
  permission java.util.PropertyPermission "oracle.dms.property.file", "read";
  permission java.util.PropertyPermission "oracle.dms.clock", "read";
  permission java.util.PropertyPermission "oracle.dms.clock.units", "read";
  permission java.util.PropertyPermission "oracle.dms.publisher.classes", "read";

  /* Needed only if you use XA */
  permission java.util.PropertyPermission "oracle.jserver.version", "read";

  /*Needed only if you use xml */
   permission java.util.PropertyPermission "oracle.xdkjava.compatibility.version", "read";

  /* Needed only if you use Fast Connection Failover */
  permission oracle.ons.CreatePermission "ONSUser";
  permission oracle.ons.SubscribePermission "ONSUser";
  permission java.io.FilePermission "${oracle.jdbc.policy.OPMN_CONFIG}", "read";
  permission java.util.PropertyPermission "oracle.ons.*", "read";
  /* Add additional remote ONS host:port if necessary, one pair per line */
  permission java.net.SocketPermission "${oracle.jdbc.policy.REMOTE_ONS_HOST1}:${oracle.jdbc.policy.REMOTE_ONS_PORT1}", "connect,resolve";
  permission java.net.SocketPermission "localhost", "connect,resolve";

  /* For Oracle RowSets only */
  permission java.util.PropertyPermission "rowset.properties", "read";
  permission java.util.PropertyPermission "rowset.provider.classname", "read";
  permission java.io.FilePermission "${oracle.jdbc.policy.ROWSET_CODE_BASE}", "read";

  /* For OracleWebRowSet only*/
   permission java.util.PropertyPermission "javax.xml.parsers.SAXParserFactory","read";
   permission java.util.PropertyPermission "javax.xml.parsers.DocumentBuilderFactory","read";
   permission java.net.SocketPermission "java.sun.com:80", "connect,resolve";
   permission java.util.PropertyPermission "oracle.xml.jaxp.NoShowForInvalidURLError", "read";
   permission java.util.PropertyPermission "oracle.xml.reportdocevents", "read";
   permission java.util.PropertyPermission "oracle.xdkjava.security.resolveEntityDefault", "read";

   /* Needed only if you are using the ImplicitConnectionCache */
   permission oracle.jdbc.OracleSQLPermission "callAbort";

  /* Don't know what these do yet. */
  permission java.lang.RuntimePermission "loadLibrary.heteroxa12";
  permission java.lang.RuntimePermission "modifyThreadGroup";

  /* Needed only by Oracle Fusion Applications.Do not grant otherwise. */
  permission oracle.jdbc.proxy.ExtractDelegatePermission;

  /* Allow the JDBC driver to auto-resolve and instantiate the Oracle PKI
   * Provider (For SSL with Oracle Wallets). Not needed if the Oracle PKI
   * provider is registered with Java security.
   */
  permission java.util.PropertyPermission "oracle.pki.*", "read";
  permission java.security.SecurityPermission "putProviderProperty.OraclePKI";

  /* Allow the driver to obtain all key stores from Key Store Service */
  permission oracle.security.jps.service.keystore.KeyStoreAccessPermission "stripeName=*,keystoreName=*,alias=*", "read";
};

/* Needed only if you use a DMS enabled jar */
grant codeBase "file:${oracle.jdbc.policy.DMS_CODE_BASE}" {
  permission java.util.PropertyPermission "oracle.dms.console.DMSConsole", "read";
  permission java.util.PropertyPermission "oracle.dms.mount", "read";
  permission java.util.PropertyPermission "oracle.dms.property.file", "read";
  permission java.util.PropertyPermission "oracle.dms.clock", "read";
  permission java.util.PropertyPermission "oracle.dms.clock.units", "read";
  permission java.util.PropertyPermission "oracle.dms.publisher.classes", "read";
 };

/* Needed only if you require orai18n.jar for national
      character set support. */

grant codeBase "file:${oracle.jdbc.policy.ORAI18N}" {
  permission java.io.FilePermission "${oracle.jdbc.policy.ORAI18N}", "read";
};


/* Needed only if you use a JNDI  */
grant codeBase "file:${oracle.jdbc.policy.JNDI}" {
  permission java.io.FilePermission "${oracle.jdbc.policy.JNDI}", "read";
};

/*For Oracle RowSets only */

grant codeBase "file:${oracle.jdbc.policy.ROWSET_CODE_BASE}" {
   permission java.util.PropertyPermission "rowset.properties", "read";
   permission java.util.PropertyPermission "rowset.provider.classname", "read";

};

/* Needed only if you use XML parser   */
grant codeBase "file:${oracle.jdbc.policy.XMLPARSER_CODE_BASE}" {
  permission java.util.PropertyPermission "oracle.xdkjava.compatibility.version" , "read";
   /* For OracleWebRowSet only*/
  permission java.net.SocketPermission "java.sun.com:80", "connect,resolve";
  permission java.util.PropertyPermission "oracle.xml.jaxp.NoShowForInvalidURLError", "read";
  permission java.util.PropertyPermission "oracle.xml.reportdocevents", "read";
  permission java.util.PropertyPermission "oracle.xdkjava.security.resolveEntityDefault", "read";
 };

/* Needed only if you use XDB   */

grant codeBase "file:${oracle.jdbc.policy.XDB_CODE_BASE}" {
  permission java.io.FilePermission "${oracle.jdbc.policy.ORAI18N}", "read";
  permission java.util.PropertyPermission "oracle.jserver.version.*","read";

};

/* Needed only if you use Oracle AQ (Advanced Queueing)   */
grant codeBase "file:${oracle.jdbc.policy.AQ_CODE_BASE}" {
  permission java.lang.RuntimePermission "loadLibrary.oraclient11";
  permission java.io.FilePermission "${oracle.jdbc.policy.ORAI18N}", "read";
  permission java.util.PropertyPermission "oracle.jms.*","read";
  permission java.net.SocketPermission "${oracle.jdbc.policy.DBMS_HOST}:${oracle.jdbc.policy.DBMS_PORT}", "connect,resolve";
  permission java.net.SocketPermission "${oracle.jdbc.policy.CLIENT_HOST}", "connect,resolve";

};

/* Needed only if you use Fast Connection Failover */
grant codeBase "file:${oracle.jdbc.policy.ONS_CODE_BASE}" {

  permission oracle.ons.CreatePermission "ONSUser";
  permission oracle.ons.SubscribePermission "ONSUser";
  permission java.io.FilePermission "${oracle.jdbc.policy.OPMN_CONFIG}", "read";
  permission java.util.PropertyPermission "oracle.ons.*", "read";
  /* Add additional remote ONS host:port if necessary, one pair per line */
  permission java.net.SocketPermission "${oracle.jdbc.policy.REMOTE_ONS_HOST1}:${oracle.jdbc.policy.REMOTE_ONS_PORT1}", "connect,resolve";
  permission java.net.SocketPermission "localhost", "connect,resolve";

};


grant codeBase "file:${oracle.jdbc.policy.USER_CODE_BASE}" {

  permission java.io.FilePermission "${oracle.jdbc.policy.USER_CODE_BASE}","read,write";
  permission java.io.FilePermission "${oracle.jdbc.policy.ORAI18N}", "read";
  permission javax.management.MBeanServerPermission "createMBeanServer";

  permission java.lang.RuntimePermission "loadLibrary.heteroxa12";

  /* Needed only if you use the Thin driver */
  permission java.net.SocketPermission "${oracle.jdbc.policy.DBMS_HOST}:${oracle.jdbc.policy.DBMS_PORT}",
    "connect,resolve";
  permission java.net.SocketPermission "${oracle.jdbc.policy.CLIENT_HOST}", "connect,resolve";

  /* Needed only if you use asynchronous notification: AQ notification or
     Databasase Change Notification. */
  permission java.net.SocketPermission "${oracle.jdbc.policy.DBMS_HOST}", "accept";

  /* Needed only if you use a DMS enabled jar */
  permission java.util.PropertyPermission "oracle.dms.console.DMSConsole", "read";
  permission java.util.PropertyPermission "oracle.dms.mount", "read";
  permission java.util.PropertyPermission "oracle.dms.property.file", "read";
  permission java.util.PropertyPermission "oracle.dms.clock", "read";
  permission java.util.PropertyPermission "oracle.dms.clock.units", "read";
  permission java.util.PropertyPermission "oracle.dms.publisher.classes", "read";
   /* For Oracle RowSets only */
  permission java.util.PropertyPermission "rowset.properties", "read";
  permission java.util.PropertyPermission "rowset.provider.classname", "read";
  permission java.io.FilePermission "${oracle.jdbc.policy.ROWSET_CODE_BASE}", "read";

   /* For OracleWebRowSet only*/
   permission java.net.SocketPermission "java.sun.com:80", "connect,resolve";

  /* Needed only if you use Key Store Service. Replace the * to limit access. */
  permission oracle.security.jps.service.keystore.KeyStoreAccessPermission "stripeName=*,keystoreName=*,alias=*", "read";
};

/* Needed only if your connection pool calls OracleConnection.abort() to terminate
   broken connections. */
grant codeBase "file:${oracle.jdbc.policy.CONNECTION_POOL_CODE_BASE}" {
  permission oracle.jdbc.OracleSQLPermission "callAbort";
};