001: /*
002: * @(#)SerializablePermission.java 1.20 06/10/10
003: *
004: * Copyright 1990-2006 Sun Microsystems, Inc. All Rights Reserved.
005: * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER
006: *
007: * This program is free software; you can redistribute it and/or
008: * modify it under the terms of the GNU General Public License version
009: * 2 only, as published by the Free Software Foundation.
010: *
011: * This program is distributed in the hope that it will be useful, but
012: * WITHOUT ANY WARRANTY; without even the implied warranty of
013: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
014: * General Public License version 2 for more details (a copy is
015: * included at /legal/license.txt).
016: *
017: * You should have received a copy of the GNU General Public License
018: * version 2 along with this work; if not, write to the Free Software
019: * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
020: * 02110-1301 USA
021: *
022: * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa
023: * Clara, CA 95054 or visit www.sun.com if you need additional
024: * information or have any questions.
025: *
026: */
027:
028: package java.io;
029:
030: import java.security.*;
031: import java.util.Enumeration;
032: import java.util.Hashtable;
033: import java.util.StringTokenizer;
034:
035: /**
036: * This class is for Serializable permissions. A SerializablePermission
037: * contains a name (also referred to as a "target name") but
038: * no actions list; you either have the named permission
039: * or you don't.
040: *
041: * <P>
042: * The target name is the name of the Serializable permission (see below).
043: *
044: * <P>
045: * The following table lists all the possible SerializablePermission target names,
046: * and for each provides a description of what the permission allows
047: * and a discussion of the risks of granting code the permission.
048: * <P>
049: *
050: * <table border=1 cellpadding=5 summary="Permission target name, what the permission allows, and associated risks">
051: * <tr>
052: * <th>Permission Target Name</th>
053: * <th>What the Permission Allows</th>
054: * <th>Risks of Allowing this Permission</th>
055: * </tr>
056: *
057: * <tr>
058: * <td>enableSubclassImplementation</td>
059: * <td>Subclass implementation of ObjectOutputStream or ObjectInputStream
060: * to override the default serialization or deserialization, respectively,
061: * of objects</td>
062: * <td>Code can use this to serialize or
063: * deserialize classes in a purposefully malfeasant manner. For example,
064: * during serialization, malicious code can use this to
065: * purposefully store confidential private field data in a way easily accessible
066: * to attackers. Or, during deserializaiton it could, for example, deserialize
067: * a class with all its private fields zeroed out.</td>
068: * </tr>
069: *
070: * <tr>
071: * <td>enableSubstitution</td>
072: * <td>Substitution of one object for another during
073: * serialization or deserialization</td>
074: * <td>This is dangerous because malicious code
075: * can replace the actual object with one which has incorrect or
076: * malignant data.</td>
077: * </tr>
078: *
079: * </table>
080: *
081: * @see java.security.BasicPermission
082: * @see java.security.Permission
083: * @see java.security.Permissions
084: * @see java.security.PermissionCollection
085: * @see java.lang.SecurityManager
086: *
087: * @version 1.13, 02/02/00
088: *
089: * @author Joe Fialli
090: * @since 1.2
091: */
092:
093: /* code was borrowed originally from java.lang.RuntimePermission. */
094:
095: public final class SerializablePermission extends BasicPermission {
096:
097: /**
098: * @serial
099: */
100: private String actions;
101:
102: /**
103: * Creates a new SerializablePermission with the specified name.
104: * The name is the symbolic name of the SerializablePermission, such as
105: * "enableSubstitution", etc.
106: *
107: * @param name the name of the SerializablePermission.
108: */
109:
110: public SerializablePermission(String name) {
111: super (name);
112: }
113:
114: /**
115: * Creates a new SerializablePermission object with the specified name.
116: * The name is the symbolic name of the SerializablePermission, and the
117: * actions String is currently unused and should be null.
118: *
119: * @param name the name of the SerializablePermission.
120: * @param actions currently unused and must be set to null
121: */
122:
123: public SerializablePermission(String name, String actions) {
124: super(name, actions);
125: }
126: }
|