From 2c35e20b2fbe8edcda2dc77d2d10b7f6d0c9beb7 Mon Sep 17 00:00:00 2001
From: Coty Sutherland <csutherl@redhat.com>
Date: Thu, 21 Jun 2018 13:33:12 -0400
Subject: [PATCH] Add newly required ant, ant-launcher, and tools jars to the
 catalina.policy so that tomcat can access them when running under the
 SecurityManager

---
 pki-servlet-container.spec       |  4 ++--
 tomcat-9.0-catalina-policy.patch | 15 ++++++++++++---
 2 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/pki-servlet-container.spec b/pki-servlet-container.spec
index bb8ee5d..3fd202d 100644
--- a/pki-servlet-container.spec
+++ b/pki-servlet-container.spec
@@ -87,7 +87,7 @@ Source32:      tomcat-named.service
 Patch0:        tomcat-%{major_version}.%{minor_version}-bootstrap-MANIFEST.MF.patch
 Patch1:        tomcat-%{major_version}.%{minor_version}-tomcat-users-webapp.patch
 Patch2:        tomcat-8.0.36-CompilerOptionsV9.patch
-Patch3:        disableJavadocFailOnWarning.patch
+Patch3:        tomcat-%{major_version}.%{minor_version}-catalina-policy.patch
 
 BuildArch:     noarch
 
@@ -166,7 +166,7 @@ find . -type f \( -name "*.bat" -o -name "*.class" -o -name Thumbs.db -o -name "
 %patch0 -p0
 %patch1 -p0
 %patch2 -p0
-#%%patch3 -p0
+%patch3 -p0
 
 # Since we don't support ECJ in RHEL anymore, remove the class that requires it
 %{__rm} -f java/org/apache/jasper/compiler/JDTCompiler.java
diff --git a/tomcat-9.0-catalina-policy.patch b/tomcat-9.0-catalina-policy.patch
index f3a5007..c8c5c08 100644
--- a/tomcat-9.0-catalina-policy.patch
+++ b/tomcat-9.0-catalina-policy.patch
@@ -1,6 +1,6 @@
---- conf/catalina.policy.orig	2018-03-16 12:18:17.835746805 -0400
-+++ conf/catalina.policy	2018-06-13 13:52:33.586872659 -0400
-@@ -50,6 +50,21 @@ grant codeBase "file:${java.home}/lib/ex
+--- conf/catalina.policy.orig	2018-06-21 13:30:04.074492012 -0400
++++ conf/catalina.policy	2018-06-21 13:30:02.111479809 -0400
+@@ -50,6 +50,30 @@ grant codeBase "file:${java.home}/lib/ex
          permission java.security.AllPermission;
  };
  
@@ -18,6 +18,15 @@
 +grant codeBase "file:/usr/share/java/tomcat-el-3.0-api.jar" {
 +        permission java.security.AllPermission;
 +};
++grant codeBase "file:/usr/share/java/ant.jar" {
++        permission java.security.AllPermission;
++};
++grant codeBase "file:/usr/share/java/ant-launcher.jar" {
++        permission java.security.AllPermission;
++};
++grant codeBase "file:/usr/lib/jvm/java/lib/tools.jar" {
++        permission java.security.AllPermission;
++};
 +
  
  // ========== CATALINA CODE PERMISSIONS =======================================