001: /*
002: * Copyright 2005 Sun Microsystems, Inc. All Rights Reserved.
003: * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
004: *
005: * This code is free software; you can redistribute it and/or modify it
006: * under the terms of the GNU General Public License version 2 only, as
007: * published by the Free Software Foundation. Sun designates this
008: * particular file as subject to the "Classpath" exception as provided
009: * by Sun in the LICENSE file that accompanied this code.
010: *
011: * This code is distributed in the hope that it will be useful, but WITHOUT
012: * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
013: * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
014: * version 2 for more details (a copy is included in the LICENSE file that
015: * accompanied this code).
016: *
017: * You should have received a copy of the GNU General Public License version
018: * 2 along with this work; if not, write to the Free Software Foundation,
019: * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
020: *
021: * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
022: * CA 95054 USA or visit www.sun.com if you need additional information or
023: * have any questions.
024: */
025:
026: package com.sun.tools.attach;
027:
028: /**
029: * When a {@link java.lang.SecurityManager SecurityManager} set, this
030: * is the permission which will be checked when code invokes {@link
031: * VirtualMachine#attach VirtalMachine.attach} to attach to a target virtual
032: * machine.
033: * This permission is also checked when an {@link
034: * com.sun.tools.attach.spi.AttachProvider AttachProvider} is created. </p>
035: *
036: * <p> An <code>AttachPermission</code> object contains a name (also referred
037: * to as a "target name") but no actions list; you either have the
038: * named permission or you don't.
039: * The following table provides a summary description of what the
040: * permission allows, and discusses the risks of granting code the
041: * permission.
042: * <P>
043: * <table border=1 cellpadding=5 summary="Table shows permission
044: * target name, what the permission allows, and associated risks">
045: * <tr>
046: * <th>Permission Target Name</th>
047: * <th>What the Permission Allows</th>
048: * <th>Risks of Allowing this Permission</th>
049: * </tr>
050: *
051: * <tr>
052: * <td>attachVirtualMachine</td>
053: * <td>Ability to attach to another Java virtual machine and load agents
054: * into that VM.
055: * </td>
056: * <td>This allows an attacker to control the target VM which can potentially
057: * cause it to misbehave.
058: * </td>
059: * </tr>
060: *
061: * <tr>
062: * <td>createAttachProvider</td>
063: * <td>Ability to create an <code>AttachProvider</code> instance.
064: * </td>
065: * <td>This allows an attacker to create an AttachProvider which can
066: * potentially be used to attach to other Java virtual machines.
067: * </td>
068: * </tr>
069:
070: *
071: * </table>
072:
073: * <p>
074: * Programmers do not normally create AttachPermission objects directly.
075: * Instead they are created by the security policy code based on reading
076: * the security policy file.
077: *
078: * @see com.sun.tools.attach.VirtualMachine
079: * @see com.sun.tools.attach.spi.AttachProvider
080: */
081:
082: public final class AttachPermission extends
083: java.security.BasicPermission {
084:
085: /** use serialVersionUID for interoperability */
086: static final long serialVersionUID = -4619447669752976181L;
087:
088: /**
089: * Constructs a new AttachPermission object.
090: *
091: * @param name Permission name. Must be either "attachVirtualMachine",
092: * or "createAttachProvider".
093: *
094: * @throws NullPointerException if name is <code>null</code>.
095: * @throws IllegalArgumentException if the name is invalid.
096: */
097: public AttachPermission(String name) {
098: super (name);
099: if (!name.equals("attachVirtualMachine")
100: && !name.equals("createAttachProvider")) {
101: throw new IllegalArgumentException("name: " + name);
102: }
103: }
104:
105: /**
106: * Constructs a new AttachPermission object.
107: *
108: * @param name Permission name. Must be either "attachVirtualMachine",
109: * or "createAttachProvider".
110: *
111: * @param actions Not used and should be <code>null</code>, or
112: * the empty string.
113: *
114: * @throws NullPointerException if name is <code>null</code>.
115: * @throws IllegalArgumentException if arguments are invalid.
116: */
117: public AttachPermission(String name, String actions) {
118: super (name);
119: if (!name.equals("attachVirtualMachine")
120: && !name.equals("createAttachProvider")) {
121: throw new IllegalArgumentException("name: " + name);
122: }
123: if (actions != null && actions.length() > 0) {
124: throw new IllegalArgumentException("actions: " + actions);
125: }
126: }
127: }
|