pki-servlet-engine/tomcat-9.0-catalina-policy.patch

--- conf/catalina.policy.orig	2018-06-21 13:30:04.074492012 -0400
+++ conf/catalina.policy	2018-06-21 13:30:02.111479809 -0400
@@ -50,6 +50,30 @@ grant codeBase "file:${java.home}/lib/ex
         permission java.security.AllPermission;
 };
 
+// ========== RHEL SPECIFIC CODE PERMISSIONS =======================================
+
+// Allowing everything in /usr/share/java allows too many unknowns to be permitted
+// Specifying the individual jars that tomcat needs to function with the security manager
+// is the safest way forward.
+grant codeBase "file:/usr/share/java/tomcat-servlet-4.0-api.jar" {
+        permission java.security.AllPermission;
+};
+grant codeBase "file:/usr/share/java/tomcat-jsp-2.3-api.jar" {
+        permission java.security.AllPermission;
+};
+grant codeBase "file:/usr/share/java/tomcat-el-3.0-api.jar" {
+        permission java.security.AllPermission;
+};
+grant codeBase "file:/usr/share/java/ant.jar" {
+        permission java.security.AllPermission;
+};
+grant codeBase "file:/usr/share/java/ant-launcher.jar" {
+        permission java.security.AllPermission;
+};
+grant codeBase "file:/usr/lib/jvm/java/lib/tools.jar" {
+        permission java.security.AllPermission;
+};
+
 
 // ========== CATALINA CODE PERMISSIONS =======================================
Add newly required ant, ant-launcher, and tools jars to the catalina.policy so that tomcat can access them when running under the SecurityManager 2018-06-21 17:33:12 +00:00			`--- conf/catalina.policy.orig 2018-06-21 13:30:04.074492012 -0400`
			`+++ conf/catalina.policy 2018-06-21 13:30:02.111479809 -0400`
			`@@ -50,6 +50,30 @@ grant codeBase "file:${java.home}/lib/ex`
Resolves: rhbz#1347835 The security manager doesn't work correctly (JSPs cannot be compiled) 2016-07-01 18:14:32 +00:00			`permission java.security.AllPermission;`
			`};`

			`+// ========== RHEL SPECIFIC CODE PERMISSIONS =======================================`
			`+`
			`+// Allowing everything in /usr/share/java allows too many unknowns to be permitted`
			`+// Specifying the individual jars that tomcat needs to function with the security manager`
			`+// is the safest way forward.`
Sync all RPM wrapper scripts with JWS Tomcat 2018-06-13 18:20:45 +00:00			`+grant codeBase "file:/usr/share/java/tomcat-servlet-4.0-api.jar" {`
Resolves: rhbz#1347835 The security manager doesn't work correctly (JSPs cannot be compiled) 2016-07-01 18:14:32 +00:00			`+ permission java.security.AllPermission;`
			`+};`
Sync all RPM wrapper scripts with JWS Tomcat 2018-06-13 18:20:45 +00:00			`+grant codeBase "file:/usr/share/java/tomcat-jsp-2.3-api.jar" {`
Resolves: rhbz#1347835 The security manager doesn't work correctly (JSPs cannot be compiled) 2016-07-01 18:14:32 +00:00			`+ permission java.security.AllPermission;`
			`+};`
Sync all RPM wrapper scripts with JWS Tomcat 2018-06-13 18:20:45 +00:00			`+grant codeBase "file:/usr/share/java/tomcat-el-3.0-api.jar" {`
Resolves: rhbz#1347835 The security manager doesn't work correctly (JSPs cannot be compiled) 2016-07-01 18:14:32 +00:00			`+ permission java.security.AllPermission;`
			`+};`
Add newly required ant, ant-launcher, and tools jars to the catalina.policy so that tomcat can access them when running under the SecurityManager 2018-06-21 17:33:12 +00:00			`+grant codeBase "file:/usr/share/java/ant.jar" {`
			`+ permission java.security.AllPermission;`
			`+};`
			`+grant codeBase "file:/usr/share/java/ant-launcher.jar" {`
			`+ permission java.security.AllPermission;`
			`+};`
			`+grant codeBase "file:/usr/lib/jvm/java/lib/tools.jar" {`
			`+ permission java.security.AllPermission;`
			`+};`
Resolves: rhbz#1347835 The security manager doesn't work correctly (JSPs cannot be compiled) 2016-07-01 18:14:32 +00:00			`+`

			`// ========== CATALINA CODE PERMISSIONS =======================================`