001: /*
002: * @(#)AWTPermission.java 1.20 06/10/10
003: *
004: * Copyright 1990-2006 Sun Microsystems, Inc. All Rights Reserved.
005: * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER
006: *
007: * This program is free software; you can redistribute it and/or
008: * modify it under the terms of the GNU General Public License version
009: * 2 only, as published by the Free Software Foundation.
010: *
011: * This program is distributed in the hope that it will be useful, but
012: * WITHOUT ANY WARRANTY; without even the implied warranty of
013: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
014: * General Public License version 2 for more details (a copy is
015: * included at /legal/license.txt).
016: *
017: * You should have received a copy of the GNU General Public License
018: * version 2 along with this work; if not, write to the Free Software
019: * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
020: * 02110-1301 USA
021: *
022: * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa
023: * Clara, CA 95054 or visit www.sun.com if you need additional
024: * information or have any questions.
025: *
026: */
027:
028: package java.awt;
029:
030: import java.security.BasicPermission;
031:
032: /**
033: * This class is for AWT permissions.
034: * An AWTPermission contains a target name but
035: * no actions list; you either have the named permission
036: * or you don't.
037: *
038: * <P>
039: * The target name is the name of the AWT permission (see below). The naming
040: * convention follows the hierarchical property naming convention.
041: * Also, an asterisk could be used to represent all AWT permissions.
042: *
043: * <P>
044: * The following table lists all the possible AWTPermission target names,
045: * and for each provides a description of what the permission allows
046: * and a discussion of the risks of granting code the permission.
047: * <P>
048: *
049: * <table border=1 cellpadding=5>
050: * <tr>
051: * <th>Permission Target Name</th>
052: * <th>What the Permission Allows</th>
053: * <th>Risks of Allowing this Permission</th>
054: * </tr>
055: *
056: * <tr>
057: * <td>accessClipboard</td>
058: * <td>Posting and retrieval of information to and from the AWT clipboard</td>
059: * <td>This would allow malfeasant code to share
060: * potentially sensitive or confidential information.</td>
061: * </tr>
062: *
063: * <tr>
064: * <td>accessEventQueue</td>
065: * <td>Access to the AWT event queue</td>
066: * <td>After retrieving the AWT event queue,
067: * malicious code may peek at and even remove existing events
068: * from its event queue, as well as post bogus events which may purposefully
069: * cause the application or applet to misbehave in an insecure manner.</td>
070: * </tr>
071: *
072: * <tr>
073: * <td>listenToAllAWTEvents</td>
074: * <td>Listen to all AWT events, system-wide</td>
075: * <td>After adding an AWT event listener,
076: * malicious code may scan all AWT events dispatched in the system,
077: * allowing it to read all user input (such as passwords). Each
078: * AWT event listener is called from within the context of that
079: * event queue's EventDispatchThread, so if the accessEventQueue
080: * permission is also enabled, malicious code could modify the
081: * contents of AWT event queues system-wide, causing the application
082: * or applet to misbehave in an insecure manner.</td>
083: * </tr>
084: *
085: * <tr>
086: * <td>showWindowWithoutWarningBanner</td>
087: * <td>Display of a window without also displaying a banner warning
088: * that the window was created by an applet</td>
089: * <td>Without this warning,
090: * an applet may pop up windows without the user knowing that they
091: * belong to an applet. Since users may make security-sensitive
092: * decisions based on whether or not the window belongs to an applet
093: * (entering a username and password into a dialog box, for example),
094: * disabling this warning banner may allow applets to trick the user
095: * into entering such information.</td>
096: * </tr>
097: *
098: * <tr>
099: * <td>readDisplayPixels</td>
100: * <td>Readback of pixels from the display screen</td>
101: * <td>Interfaces such as the java.awt.Composite interface which
102: * allow arbitrary code to examine pixels on the display enable
103: * malicious code to snoop on the activities of the user.</td>
104: * </tr>
105: *
106: * </table>
107: *
108: * @see java.security.BasicPermission
109: * @see java.security.Permission
110: * @see java.security.Permissions
111: * @see java.security.PermissionCollection
112: * @see java.lang.SecurityManager
113: *
114: * @version 1.16 02/08/19
115: *
116: * @author Marianne Mueller
117: * @author Roland Schemers
118: */
119:
120: public final class AWTPermission extends BasicPermission {
121: /** use serialVersionUID from JDK 1.2 for interoperability */
122: private static final long serialVersionUID = 8890392402588814465L;
123:
124: /**
125: * Creates a new AWTPermission with the specified name.
126: * The name is the symbolic name of the AWTPermission, such as
127: * "topLevelWindow", "systemClipboard", etc. An asterisk
128: * may be used to indicate all AWT permissions.
129: *
130: * @param name the name of the AWTPermission.
131: */
132:
133: public AWTPermission(String name) {
134: super (name);
135: }
136:
137: /**
138: * Creates a new AWTPermission object with the specified name.
139: * The name is the symbolic name of the AWTPermission, and the
140: * actions String is currently unused and should be null. This
141: * constructor exists for use by the <code>Policy</code> object
142: * to instantiate new Permission objects.
143: *
144: * @param name the name of the AWTPermission.
145: * @param actions should be null.
146: */
147:
148: public AWTPermission(String name, String actions) {
149: super(name, actions);
150: }
151: }
|