A policy file is composed of a number of grant entires.  These entries contain:

• The grant keyword, followed by the codesource.
• The codesource can optionally have the codebase, which starts with the codeBase keyword and lists the jar or directory to which these permissions apply.  End a directory entry with a forward slash ("/").   If codebase missing, the permissions apply to all classes.
• It can also optionally have the trusted certificate signers if signatures are required.  If missing, signatures are not required.
• Next, it has curly braces to enclose the permissions granted to this code source.
• Each permission is then listed with the fully qualified class name and target (page 889) and any comma-separated actions that are required to specify fine grained control as well.
• See page 890 for special syntax for FilePermission and SocketPermission.  Remember, these are the tricky ones that do not extend BasePermission.