Frames | No Frames |
1: /* RuntimePermission.java -- permission for a secure runtime action 2: Copyright (C) 1998, 2000, 2002, 2005 Free Software Foundation, Inc. 3: 4: This file is part of GNU Classpath. 5: 6: GNU Classpath is free software; you can redistribute it and/or modify 7: it under the terms of the GNU General Public License as published by 8: the Free Software Foundation; either version 2, or (at your option) 9: any later version. 10: 11: GNU Classpath is distributed in the hope that it will be useful, but 12: WITHOUT ANY WARRANTY; without even the implied warranty of 13: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14: General Public License for more details. 15: 16: You should have received a copy of the GNU General Public License 17: along with GNU Classpath; see the file COPYING. If not, write to the 18: Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 19: 02110-1301 USA. 20: 21: Linking this library statically or dynamically with other modules is 22: making a combined work based on this library. Thus, the terms and 23: conditions of the GNU General Public License cover the whole 24: combination. 25: 26: As a special exception, the copyright holders of this library give you 27: permission to link this library with independent modules to produce an 28: executable, regardless of the license terms of these independent 29: modules, and to copy and distribute the resulting executable under 30: terms of your choice, provided that you also meet, for each linked 31: independent module, the terms and conditions of the license of that 32: module. An independent module is a module which is not derived from 33: or based on this library. If you modify this library, you may extend 34: this exception to your version of the library, but you are not 35: obligated to do so. If you do not wish to do so, delete this 36: exception statement from your version. */ 37: 38: 39: package java.lang; 40: 41: import java.security.BasicPermission; 42: import java.security.Permission; 43: 44: /** 45: * A <code>RuntimePermission</code> contains a permission name, but no 46: * actions list. This means you either have the permission or you don't. 47: * 48: * Permission names have the follow the hierarchial property naming 49: * convention. In addition, an asterisk may appear at the end of a 50: * name if following a period or by itself. 51: * 52: * <table border=1> 53: * <tr><th>Valid names</th><th>Invalid names</th></tr> 54: * <tr><td>"accessClassInPackage.*","*"</td> 55: * <td>"**", "*x", "*.a"</td></tr> 56: * </table> 57: * <br> 58: * 59: * The following table provides a list of all the possible RuntimePermission 60: * permission names with a description of what that permission allows.<br> 61: * <table border=1> 62: * <tr><th>Permission Name</th><th>Permission Allows</th><th>Risks</th</tr> 63: * <tr> 64: * <td><code>createClassLoader</code></td> 65: * <td>creation of a class loader</td> 66: * <td>a class loader can load rogue classes which bypass all security 67: * permissions</td></tr> 68: * <tr> 69: * <td><code>getClassLoader</code></td> 70: * <td>retrieval of the class loader for the calling class</td> 71: * <td>rogue code could load classes not otherwise available</td></tr> 72: * <tr> 73: * <td><code>setContextClassLoader</code></td> 74: * <td>allows the setting of the context class loader used by a thread</td> 75: * <td>rogue code could change the context class loader needed by system 76: * threads</td></tr> 77: * <tr> 78: * <td><code>setSecurityManager</code></td> 79: * <td>allows the application to replace the security manager</td> 80: * <td>the new manager may be less restrictive, so that rogue code can 81: * bypass existing security checks</td></tr> 82: * <tr> 83: * <td><code>createSecurityManager</code></td> 84: * <td>allows the application to create a new security manager</td> 85: * <td>rogue code can use the new security manager to discover information 86: * about the execution stack</td></tr> 87: * <tr> 88: * <td><code>exitVM</code></td> 89: * <td>allows the application to halt the virtual machine</td> 90: * <td>rogue code can mount a denial-of-service attack by killing the 91: * virtual machine</td></tr> 92: * <tr> 93: * <td><code>shutdownHooks</code></td> 94: * <td>allows registration and modification of shutdown hooks</td> 95: * <td>rogue code can add a hook that interferes with clean 96: * virtual machine shutdown</td></tr> 97: * <tr> 98: * <td><code>setFactory</code></td> 99: * <td>allows the application to set the socket factory for socket, 100: * server socket, stream handler, or RMI socket factory.</td> 101: * <td>rogue code can create a rogue network object which mangles or 102: * intercepts data</td></tr> 103: * <tr> 104: * <td><code>setIO</code></td> 105: * <td>allows the application to set System.out, System.in, and 106: * System.err</td> 107: * <td>rogue code could sniff user input and intercept or mangle 108: * output</td></tr> 109: * <tr> 110: * <td><code>modifyThread</code></td> 111: * <td>allows the application to modify any thread in the virtual machine 112: * using any of the methods <code>stop</code>, <code>resume</code>, 113: * <code>suspend</code>, <code>setPriority</code>, and 114: * <code>setName</code> of classs <code>Thread</code></td> 115: * <td>rogue code could adversely modify system or user threads</td></tr> 116: * <tr> 117: * <td><code>stopThread</code></td> 118: * <td>allows the application to <code>stop</code> any thread it has 119: * access to in the system</td> 120: * <td>rogue code can stop arbitrary threads</td></tr> 121: * <tr> 122: * <td><code>modifyThreadGroup</code></td> 123: * <td>allows the application to modify thread groups using any of the 124: * methods <code>destroy</code>, <code>resume</code>, 125: * <code>setDaemon</code>, <code>setMaxPriority</code>, 126: * <code>stop</code>, and <code>suspend</code> of the class 127: * <code>ThreadGroup</code></td> 128: * <td>rogue code can mount a denial-of-service attack by changing run 129: * priorities</td></tr> 130: * <tr> 131: * <td><code>getProtectionDomain</code></td> 132: * <td>retrieve a class's ProtectionDomain</td> 133: * <td>rogue code can gain information about the security policy, to 134: * prepare a better attack</td></tr> 135: * <tr> 136: * <td><code>readFileDescriptor</code></td> 137: * <td>read a file descriptor</td> 138: * <td>rogue code can read sensitive information</td></tr> 139: * <tr> 140: * <td><code>writeFileDescriptor</code></td> 141: * <td>write a file descriptor</td> 142: * <td>rogue code can write files, including viruses, and can modify the 143: * virtual machine binary; if not just fill up the disk</td></tr> 144: * <tr> 145: * <td><code>loadLibrary.</code><em>library name</em></td> 146: * <td>dynamic linking of the named library</td> 147: * <td>native code can bypass many security checks of pure Java</td></tr> 148: * <tr> 149: * <td><code>accessClassInPackage.</code><em>package name</em></td> 150: * <td>access to a package via a ClassLoader</td> 151: * <td>rogue code can access classes not normally available</td></tr> 152: * <tr> 153: * <td><code>defineClassInPackage.</code><em>package name</em></td> 154: * <td>define a class inside a given package</td> 155: * <td>rogue code can install rogue classes, including in trusted packages 156: * like java.security or java.lang</td></tr> 157: * <tr> 158: * <td><code>accessDeclaredMembers</code></td> 159: * <td>access declared class members via reflection</td> 160: * <td>rogue code can discover information, invoke methods, or modify fields 161: * that are not otherwise available</td></tr> 162: * <tr> 163: * <td><code>queuePrintJob</code></td> 164: * <td>initiate a print job</td> 165: * <td>rogue code could make a hard copy of sensitive information, or 166: * simply waste paper</td></tr> 167: * </table> 168: * 169: * @author Brian Jones 170: * @author Eric Blake (ebb9@email.byu.edu) 171: * @see BasicPermission 172: * @see Permission 173: * @see SecurityManager 174: * @since 1.2 175: * @status updated to 1.4 176: */ 177: public final class RuntimePermission extends BasicPermission 178: { 179: /** 180: * Compatible with JDK 1.2+. 181: */ 182: private static final long serialVersionUID = 7399184964622342223L; 183: 184: /** 185: * Create a new permission with the specified name. 186: * 187: * @param permissionName the name of the granted permission 188: * @throws NullPointerException if name is null 189: * @throws IllegalArgumentException thrown if name is empty or invalid 190: */ 191: public RuntimePermission(String permissionName) 192: { 193: super(permissionName); 194: } 195: 196: /** 197: * Create a new permission with the specified name. The actions argument 198: * is ignored, as runtime permissions have no actions. 199: * 200: * @param permissionName the name of the granted permission 201: * @param actions ignored 202: * @throws NullPointerException if name is null 203: * @throws IllegalArgumentException thrown if name is empty or invalid 204: */ 205: public RuntimePermission(String permissionName, String actions) 206: { 207: super(permissionName); 208: } 209: }