This is a sample .ini file, complete with comments, that shows you the format accepted by signcode for special permissions. You can generate your own .ini file by using this one as a template or by using the piniedit tool included with this SDK. Each section represents one of the com.ms.security.permissions classes.
; ; PermissionDataSet INI encoding ; ; Sample INI File ; ; ; A semi-colon (;) at the beginning of a line signifies a ; comment to the end of the current line. ; AllowActiveX tells the sign tool to sign with full ActiveX ; permissions, in addition to any other permissions. ;[AllowActiveX] ; If the FullyTrusted section exists, then all other ; permissions are ignored. ;[FullyTrusted] ; ; ExecutionPermission ; [com.ms.security.permissions.ExecutionPermission] ; If Unrestricted is true then the other settings are ignored. ;Unrestricted=true Unrestricted=false IncludeNames=*.exe;*.txt;activextest ExcludeNames=foo.exe ; ; ClientStoragePermission ; [com.ms.security.permissions.ClientStoragePermission] ; Limit is in bytes Limit=100 RoamingFiles=true GlobalExempt=true ; ; FileIOPermission ; [com.ms.security.permissions.FileIOPermission] IncludeRead=blah;c* ExcludeRead=crayon IncludeWrite=89kandaf;-l?daf;s ExcludeWrite=s;-lddaf IncludeDelete=45*.4;*.*.*.*;****a;??4nf ExcludeDelete=ff4nf ReadFileURLCodebase=true ; ; MultimediaPermission ; [com.ms.security.permissions.MultimediaPermission] ; No specific settings required for MultimediaPermission ; ; NetIOPermission ; [com.ms.security.permissions.NetIOPermission] IncludeConnectIPs=1.2.3.4:1-102 ExcludeConnectIPs= IncludeBindIPs=4.4.4.4:4-55,97;4.4.4.4:4 ExcludeBindIPs=4.4.4.4:8 IncludeMulticastIPs= ExcludeMulticastIPs= IncludeConnectHosts=www.microsoft.com:80 ;IncludeConnectHosts=www.microsoft.com ExcludeConnectHosts= IncludeBindHosts= ExcludeBindHosts= IncludeMulticastHosts= ExcludeMulticastHosts= IncludeConnectGlobalPorts=3-100, 999 ExcludeConnectGlobalPorts=43, 999 IncludeBindGlobalPorts=43 ExcludeBindGlobalPorts= ConnectToFileURLCodebase=true ConnectToNonFileURLCodebase=true ; ; PrintingPermission ; [com.ms.security.permissions.PrintingPermission] ; No specific settings required for PrintingPermission ; ; PropertyPermission ; [com.ms.security.permissions.PropertyPermission] ; If Unrestricted is true then the other settings ; are ignored. Unrestricted=false AllowedSuffixes=applet;foobar IncludedProperties=*system* ExcludedProperties=*cryptsystem* ; ; ReflectionPermission ; [com.ms.security.permissions.ReflectionPermission] PublicSame=true PublicDifferent=true PublicSystem=true DeclaredSame=true DeclaredDifferent=true DeclaredSystem=true ; ; RegistryPermission ; [com.ms.security.permissions.RegistryPermission] IncludeOpen=hk* ExcludeOpen=*N IncludeRead=fdjl ExcludeRead= IncludeWrite=*?5$$ ExcludeWrite=gd5$$ IncludeDelete=* ExcludeDelete=d IncludeCreate=* ExcludeCreate=s ; ; SecurityPermission ; [com.ms.security.permissions.SecurityPermission] ; No specific settings required for SecurityPermission ; ; SystemStreamsPermission ; [com.ms.security.permissions.SystemStreamsPermission] SetSysIn=true SetSysOut=true SetSysErr=true ; ; ThreadPermission ; [com.ms.security.permissions.ThreadPermission] AllThreadGroups=true AllThreads=true ; ; UIPermission ; [com.ms.security.permissions.UIPermission] ClipboardAccess=true TopLevelWindows=true NoWarningBanners=false FileDialogs=true EventQueueAccess=true ; ; UserFileIOPermission ; [com.ms.security.permissions.UserFileIOPermission] CanRead=true CanWrite=true
For a complete reference to the permissions and their values, see the Java Permissions .INI Values Reference. For more information on using .ini files to specify special permissions when signing code, see Signing a Cabinet File with Java Permissions.