001: /*
002: * @(#)RuntimePermission.java 1.46 06/10/10
003: *
004: * Copyright 1990-2006 Sun Microsystems, Inc. All Rights Reserved.
005: * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER
006: *
007: * This program is free software; you can redistribute it and/or
008: * modify it under the terms of the GNU General Public License version
009: * 2 only, as published by the Free Software Foundation.
010: *
011: * This program is distributed in the hope that it will be useful, but
012: * WITHOUT ANY WARRANTY; without even the implied warranty of
013: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
014: * General Public License version 2 for more details (a copy is
015: * included at /legal/license.txt).
016: *
017: * You should have received a copy of the GNU General Public License
018: * version 2 along with this work; if not, write to the Free Software
019: * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
020: * 02110-1301 USA
021: *
022: * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa
023: * Clara, CA 95054 or visit www.sun.com if you need additional
024: * information or have any questions.
025: *
026: */
027:
028: package java.lang;
029:
030: import java.security.*;
031: import java.util.Enumeration;
032: import java.util.Hashtable;
033: import java.util.StringTokenizer;
034:
035: /**
036: * This class is for runtime permissions. A RuntimePermission
037: * contains a name (also referred to as a "target name") but
038: * no actions list; you either have the named permission
039: * or you don't.
040: *
041: * <P>
042: * The target name is the name of the runtime permission (see below). The
043: * naming convention follows the hierarchical property naming convention.
044: * Also, an asterisk
045: * may appear at the end of the name, following a ".", or by itself, to
046: * signify a wildcard match. For example: "loadLibrary.*" or "*" is valid,
047: * "*loadLibrary" or "a*b" is not valid.
048: * <P>
049: * The following table lists all the possible RuntimePermission target names,
050: * and for each provides a description of what the permission allows
051: * and a discussion of the risks of granting code the permission.
052: * <P>
053: *
054: * <table border=1 cellpadding=5 summary="permission target name,
055: * what the target allows,and associated risks">
056: * <tr>
057: * <th>Permission Target Name</th>
058: * <th>What the Permission Allows</th>
059: * <th>Risks of Allowing this Permission</th>
060: * </tr>
061: *
062: * <tr>
063: * <td>createClassLoader</td>
064: * <td>Creation of a class loader</td>
065: * <td>This is an extremely dangerous permission to grant.
066: * Malicious applications that can instantiate their own class
067: * loaders could then load their own rogue classes into the system.
068: * These newly loaded classes could be placed into any protection
069: * domain by the class loader, thereby automatically granting the
070: * classes the permissions for that domain.</td>
071: * </tr>
072: *
073: * <tr>
074: * <td>getClassLoader</td>
075: * <td>Retrieval of a class loader (e.g., the class loader for the calling
076: * class)</td>
077: * <td>This would grant an attacker permission to get the
078: * class loader for a particular class. This is dangerous because
079: * having access to a class's class loader allows the attacker to
080: * load other classes available to that class loader. The attacker
081: * would typically otherwise not have access to those classes.</td>
082: * </tr>
083: *
084: * <tr>
085: * <td>setContextClassLoader</td>
086: * <td>Setting of the context class loader used by a thread</td>
087: * <td>The context class loader is used by system code and extensions
088: * when they need to lookup resources that might not exist in the system
089: * class loader. Granting setContextClassLoader permission would allow
090: * code to change which context class loader is used
091: * for a particular thread, including system threads.</td>
092: * </tr>
093: *
094: * <tr>
095: * <td>setSecurityManager</td>
096: * <td>Setting of the security manager (possibly replacing an existing one)
097: * </td>
098: * <td>The security manager is a class that allows
099: * applications to implement a security policy. Granting the setSecurityManager
100: * permission would allow code to change which security manager is used by
101: * installing a different, possibly less restrictive security manager,
102: * thereby bypassing checks that would have been enforced by the original
103: * security manager.</td>
104: * </tr>
105: *
106: * <tr>
107: * <td>createSecurityManager</td>
108: * <td>Creation of a new security manager</td>
109: * <td>This gives code access to protected, sensitive methods that may
110: * disclose information about other classes or the execution stack.</td>
111: * </tr>
112: *
113: * <tr>
114: * <td>exitVM</td>
115: * <td>Halting of the Java Virtual Machine</td>
116: * <td>This allows an attacker to mount a denial-of-service attack
117: * by automatically forcing the virtual machine to halt.
118: * Note: The "exitVM" permission is automatically granted to all code
119: * loaded from the application class path, thus enabling applications
120: * to terminate themselves.</td>
121: * </tr>
122: *
123: * <tr>
124: * <td>shutdownHooks</td>
125: * <td>Registration and cancellation of virtual-machine shutdown hooks</td>
126: * <td>This allows an attacker to register a malicious shutdown
127: * hook that interferes with the clean shutdown of the virtual machine.</td>
128: * </tr>
129: *
130: * <tr>
131: * <td>setFactory</td>
132: * <td>Setting of the socket factory used by ServerSocket or Socket,
133: * or of the stream handler factory used by URL</td>
134: * <td>This allows code to set the actual implementation
135: * for the socket, server socket, stream handler, or RMI socket factory.
136: * NOTE: <B>java.net.ServerSocket, java.net.Socket</B> are found in J2ME
137: * CDC profiles such as J2ME Foundation Profile.
138: * An attacker may set a faulty implementation which mangles the data
139: * stream.</td>
140: * </tr>
141: *
142: * <tr>
143: * <td>setIO</td>
144: * <td>Setting of System.out, System.in, and System.err</td>
145: * <td>This allows changing the value of the standard system streams.
146: * An attacker may change System.in to monitor and
147: * steal user input, or may set System.err to a "null" OutputSteam,
148: * which would hide any error messages sent to System.err. </td>
149: * </tr>
150: *
151: * <tr>
152: * <td>modifyThread</td>
153: * <td>Modification of threads, e.g., via calls to Thread <code>stop</code>,
154: * <code>suspend</code>, <code>resume</code>, <code>setPriority</code>,
155: * and <code>setName</code> methods</td>
156: * <td>This allows an attacker to start or suspend any thread
157: * in the system.</td>
158: * </tr>
159: *
160: * <tr>
161: * <td>stopThread</td>
162: * <td>Stopping of threads via calls to the Thread <code>stop</code>
163: * method</td>
164: * <td>This allows code to stop any thread in the system provided that it is
165: * already granted permission to access that thread.
166: * This poses as a threat, because that code may corrupt the system by
167: * killing existing threads.</td>
168: * </tr>
169: *
170: * <tr>
171: * <td>modifyThreadGroup</td>
172: * <td>modification of thread groups, e.g., via calls to ThreadGroup
173: * <code>destroy</code>, <code>getParent</code>, <code>resume</code>,
174: * <code>setDaemon</code>, <code>setMaxPriority</code>, <code>stop</code>,
175: * and <code>suspend</code> methods</td>
176: * <td>This allows an attacker to create thread groups and
177: * set their run priority.</td>
178: * </tr>
179: *
180: * <tr>
181: * <td>getProtectionDomain</td>
182: * <td>Retrieval of the ProtectionDomain for a class</td>
183: * <td>This allows code to obtain policy information
184: * for a particular code source. While obtaining policy information
185: * does not compromise the security of the system, it does give
186: * attackers additional information, such as local file names for
187: * example, to better aim an attack.</td>
188: * </tr>
189: *
190: * <tr>
191: * <td>readFileDescriptor</td>
192: * <td>Reading of file descriptors</td>
193: * <td>This would allow code to read the particular file associated
194: * with the file descriptor read. This is dangerous if the file
195: * contains confidential data.</td>
196: * </tr>
197: *
198: * <tr>
199: * <td>writeFileDescriptor</td>
200: * <td>Writing to file descriptors</td>
201: * <td>This allows code to write to a particular file associated
202: * with the descriptor. This is dangerous because it may allow
203: * malicious code to plant viruses or at the very least, fill up
204: * your entire disk.</td>
205: * </tr>
206: *
207: * <tr>
208: * <td>loadLibrary.{library name}</td>
209: * <td>Dynamic linking of the specified library</td>
210: * <td>It is dangerous to allow an applet permission to load native code
211: * libraries, because the Java security architecture is not designed to and
212: * does not prevent malicious behavior at the level of native code.</td>
213: * </tr>
214: *
215: * <tr>
216: * <td>accessClassInPackage.{package name}</td>
217: * <td>Access to the specified package via a class loader's
218: * <code>loadClass</code> method when that class loader calls
219: * the SecurityManager <code>checkPackageAcesss</code> method</td>
220: * <td>This gives code access to classes in packages
221: * to which it normally does not have access. Malicious code
222: * may use these classes to help in its attempt to compromise
223: * security in the system.</td>
224: * </tr>
225: *
226: * <tr>
227: * <td>defineClassInPackage.{package name}</td>
228: * <td>Definition of classes in the specified package, via a class
229: * loader's <code>defineClass</code> method when that class loader calls
230: * the SecurityManager <code>checkPackageDefinition</code> method.</td>
231: * <td>This grants code permission to define a class
232: * in a particular package. This is dangerous because malicious
233: * code with this permission may define rogue classes in
234: * trusted packages like <code>java.security</code> or <code>java.lang</code>,
235: * for example.</td>
236: * </tr>
237: *
238: * <tr>
239: * <td>accessDeclaredMembers</td>
240: * <td>Access to the declared members of a class</td>
241: * <td>This grants code permission to query a class for its public,
242: * protected, default (package) access, and private fields and/or
243: * methods. Although the code would have
244: * access to the private and protected field and method names, it would not
245: * have access to the private/protected field data and would not be able
246: * to invoke any private methods. Nevertheless, malicious code
247: * may use this information to better aim an attack.
248: * Additionally, it may invoke any public methods and/or access public fields
249: * in the class. This could be dangerous if
250: * the code would normally not be able to invoke those methods and/or
251: * access the fields because
252: * it can't cast the object to the class/interface with those methods
253: * and fields.
254: </td>
255: * </tr>
256: * <tr>
257: * <td>queuePrintJob</td>
258: * <td>Initiation of a print job request</td>
259: * <td>This could print sensitive information to a printer,
260: * or simply waste paper.</td>
261: * </tr>
262: *
263: * </table>
264: *
265: * @see java.security.BasicPermission
266: * @see java.security.Permission
267: * @see java.security.Permissions
268: * @see java.security.PermissionCollection
269: * @see java.lang.SecurityManager
270: *
271: * @version 1.37 00/02/02
272: *
273: * @author Marianne Mueller
274: * @author Roland Schemers
275: */
276:
277: public final class RuntimePermission extends BasicPermission {
278:
279: /**
280: * Creates a new RuntimePermission with the specified name.
281: * The name is the symbolic name of the RuntimePermission, such as
282: * "exit", "setFactory", etc. An asterisk
283: * may appear at the end of the name, following a ".", or by itself, to
284: * signify a wildcard match.
285: *
286: * @param name the name of the RuntimePermission.
287: */
288:
289: public RuntimePermission(String name) {
290: super (name);
291: }
292:
293: /**
294: * Creates a new RuntimePermission object with the specified name.
295: * The name is the symbolic name of the RuntimePermission, and the
296: * actions String is currently unused and should be null.
297: *
298: * @param name the name of the RuntimePermission.
299: * @param actions should be null.
300: */
301:
302: public RuntimePermission(String name, String actions) {
303: super(name, actions);
304: }
305: }
|