Source Code Cross Referenced for RuntimePermission.java in  » 6.0-JDK-Modules » j2me » java » lang » Java Source Code / Java DocumentationJava Source Code and Java Documentation

Java Source Code / Java Documentation
1. 6.0 JDK Core
2. 6.0 JDK Modules
3. 6.0 JDK Modules com.sun
4. 6.0 JDK Modules com.sun.java
5. 6.0 JDK Modules sun
6. 6.0 JDK Platform
7. Ajax
8. Apache Harmony Java SE
9. Aspect oriented
10. Authentication Authorization
11. Blogger System
12. Build
13. Byte Code
14. Cache
15. Chart
16. Chat
17. Code Analyzer
18. Collaboration
19. Content Management System
20. Database Client
21. Database DBMS
22. Database JDBC Connection Pool
23. Database ORM
24. Development
25. EJB Server geronimo
26. EJB Server GlassFish
27. EJB Server JBoss 4.2.1
28. EJB Server resin 3.1.5
29. ERP CRM Financial
30. ESB
31. Forum
32. GIS
33. Graphic Library
34. Groupware
35. HTML Parser
36. IDE
37. IDE Eclipse
38. IDE Netbeans
39. Installer
40. Internationalization Localization
41. Inversion of Control
42. Issue Tracking
43. J2EE
44. JBoss
45. JMS
46. JMX
47. Library
48. Mail Clients
49. Net
50. Parser
51. PDF
52. Portal
53. Profiler
54. Project Management
55. Report
56. RSS RDF
57. Rule Engine
58. Science
59. Scripting
60. Search Engine
61. Security
62. Sevlet Container
63. Source Control
64. Swing Library
65. Template Engine
66. Test Coverage
67. Testing
68. UML
69. Web Crawler
70. Web Framework
71. Web Mail
72. Web Server
73. Web Services
74. Web Services apache cxf 2.0.1
75. Web Services AXIS2
76. Wiki Engine
77. Workflow Engines
78. XML
79. XML UI
Java
Java Tutorial
Java Open Source
Jar File Download
Java Articles
Java Products
Java by API
Photoshop Tutorials
Maya Tutorials
Flash Tutorials
3ds-Max Tutorials
Illustrator Tutorials
GIMP Tutorials
C# / C Sharp
C# / CSharp Tutorial
C# / CSharp Open Source
ASP.Net
ASP.NET Tutorial
JavaScript DHTML
JavaScript Tutorial
JavaScript Reference
HTML / CSS
HTML CSS Reference
C / ANSI-C
C Tutorial
C++
C++ Tutorial
Ruby
PHP
Python
Python Tutorial
Python Open Source
SQL Server / T-SQL
SQL Server / T-SQL Tutorial
Oracle PL / SQL
Oracle PL/SQL Tutorial
PostgreSQL
SQL / MySQL
MySQL Tutorial
VB.Net
VB.Net Tutorial
Flash / Flex / ActionScript
VBA / Excel / Access / Word
XML
XML Tutorial
Microsoft Office PowerPoint 2007 Tutorial
Microsoft Office Excel 2007 Tutorial
Microsoft Office Word 2007 Tutorial
Java Source Code / Java Documentation » 6.0 JDK Modules » j2me » java.lang 
Source Cross Referenced  Class Diagram Java Document (Java Doc) 


001:        /*
002:         * @(#)RuntimePermission.java	1.46 06/10/10
003:         *
004:         * Copyright  1990-2006 Sun Microsystems, Inc. All Rights Reserved.  
005:         * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER  
006:         *   
007:         * This program is free software; you can redistribute it and/or  
008:         * modify it under the terms of the GNU General Public License version  
009:         * 2 only, as published by the Free Software Foundation.   
010:         *   
011:         * This program is distributed in the hope that it will be useful, but  
012:         * WITHOUT ANY WARRANTY; without even the implied warranty of  
013:         * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU  
014:         * General Public License version 2 for more details (a copy is  
015:         * included at /legal/license.txt).   
016:         *   
017:         * You should have received a copy of the GNU General Public License  
018:         * version 2 along with this work; if not, write to the Free Software  
019:         * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  
020:         * 02110-1301 USA   
021:         *   
022:         * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa  
023:         * Clara, CA 95054 or visit www.sun.com if you need additional  
024:         * information or have any questions. 
025:         *
026:         */
027:
028:        package java.lang;
029:
030:        import java.security.*;
031:        import java.util.Enumeration;
032:        import java.util.Hashtable;
033:        import java.util.StringTokenizer;
034:
035:        /**
036:         * This class is for runtime permissions. A RuntimePermission
037:         * contains a name (also referred to as a "target name") but
038:         * no actions list; you either have the named permission
039:         * or you don't.
040:         *
041:         * <P>
042:         * The target name is the name of the runtime permission (see below). The
043:         * naming convention follows the  hierarchical property naming convention.
044:         * Also, an asterisk
045:         * may appear at the end of the name, following a ".", or by itself, to
046:         * signify a wildcard match. For example: "loadLibrary.*" or "*" is valid,
047:         * "*loadLibrary" or "a*b" is not valid.
048:         * <P>
049:         * The following table lists all the possible RuntimePermission target names,
050:         * and for each provides a description of what the permission allows
051:         * and a discussion of the risks of granting code the permission.
052:         * <P>
053:         *
054:         * <table border=1 cellpadding=5 summary="permission target name, 
055:         *  what the target allows,and associated risks">
056:         * <tr>
057:         * <th>Permission Target Name</th>
058:         * <th>What the Permission Allows</th>
059:         * <th>Risks of Allowing this Permission</th>
060:         * </tr>
061:         *
062:         * <tr>
063:         *   <td>createClassLoader</td>
064:         *   <td>Creation of a class loader</td>
065:         *   <td>This is an extremely dangerous permission to grant.
066:         * Malicious applications that can instantiate their own class
067:         * loaders could then load their own rogue classes into the system.
068:         * These newly loaded classes could be placed into any protection
069:         * domain by the class loader, thereby automatically granting the
070:         * classes the permissions for that domain.</td>
071:         * </tr>
072:         *
073:         * <tr>
074:         *   <td>getClassLoader</td>
075:         *   <td>Retrieval of a class loader (e.g., the class loader for the calling
076:         * class)</td>
077:         *   <td>This would grant an attacker permission to get the
078:         * class loader for a particular class. This is dangerous because
079:         * having access to a class's class loader allows the attacker to
080:         * load other classes available to that class loader. The attacker
081:         * would typically otherwise not have access to those classes.</td>
082:         * </tr>
083:         *
084:         * <tr>
085:         *   <td>setContextClassLoader</td>
086:         *   <td>Setting of the context class loader used by a thread</td>
087:         *   <td>The context class loader is used by system code and extensions
088:         * when they need to lookup resources that might not exist in the system
089:         * class loader. Granting setContextClassLoader permission would allow
090:         * code to change which context class loader is used
091:         * for a particular thread, including system threads.</td>
092:         * </tr>
093:         *
094:         * <tr>
095:         *   <td>setSecurityManager</td>
096:         *   <td>Setting of the security manager (possibly replacing an existing one)
097:         * </td>
098:         *   <td>The security manager is a class that allows 
099:         * applications to implement a security policy. Granting the setSecurityManager
100:         * permission would allow code to change which security manager is used by
101:         * installing a different, possibly less restrictive security manager,
102:         * thereby bypassing checks that would have been enforced by the original
103:         * security manager.</td>
104:         * </tr>
105:         *
106:         * <tr>
107:         *   <td>createSecurityManager</td>
108:         *   <td>Creation of a new security manager</td>
109:         *   <td>This gives code access to protected, sensitive methods that may
110:         * disclose information about other classes or the execution stack.</td>
111:         * </tr>
112:         *
113:         * <tr>
114:         *   <td>exitVM</td>
115:         *   <td>Halting of the Java Virtual Machine</td>
116:         *   <td>This allows an attacker to mount a denial-of-service attack
117:         * by automatically forcing the virtual machine to halt.
118:         * Note: The "exitVM" permission is automatically granted to all code
119:         * loaded from the application class path, thus enabling applications
120:         * to terminate themselves.</td>
121:         * </tr>
122:         *
123:         * <tr>
124:         *   <td>shutdownHooks</td>
125:         *   <td>Registration and cancellation of virtual-machine shutdown hooks</td>
126:         *   <td>This allows an attacker to register a malicious shutdown
127:         * hook that interferes with the clean shutdown of the virtual machine.</td>
128:         * </tr>
129:         *
130:         * <tr>
131:         *   <td>setFactory</td>
132:         *   <td>Setting of the socket factory used by ServerSocket or Socket,
133:         * or of the stream handler factory used by URL</td>
134:         *   <td>This allows code to set the actual implementation
135:         * for the socket, server socket, stream handler, or RMI socket factory.
136:         * NOTE: <B>java.net.ServerSocket, java.net.Socket</B> are found in J2ME 
137:         * CDC profiles such as J2ME Foundation Profile.
138:         * An attacker may set a faulty implementation which mangles the data
139:         * stream.</td>
140:         * </tr>
141:         *
142:         * <tr>
143:         *   <td>setIO</td>
144:         *   <td>Setting of System.out, System.in, and System.err</td>
145:         *   <td>This allows changing the value of the standard system streams.
146:         * An attacker may change System.in to monitor and
147:         * steal user input, or may set System.err to a "null" OutputSteam,
148:         * which would hide any error messages sent to System.err. </td>
149:         * </tr>
150:         *
151:         * <tr>
152:         *   <td>modifyThread</td>
153:         *   <td>Modification of threads, e.g., via calls to Thread <code>stop</code>,
154:         * <code>suspend</code>, <code>resume</code>, <code>setPriority</code>,
155:         * and <code>setName</code> methods</td>
156:         *   <td>This allows an attacker to start or suspend any thread
157:         * in the system.</td>
158:         * </tr>
159:         *
160:         * <tr>
161:         *   <td>stopThread</td>
162:         *   <td>Stopping of threads via calls to the Thread <code>stop</code>
163:         * method</td>
164:         *   <td>This allows code to stop any thread in the system provided that it is
165:         * already granted permission to access that thread.
166:         * This poses as a threat, because that code may corrupt the system by
167:         * killing existing threads.</td>
168:         * </tr>
169:         *
170:         * <tr>
171:         *   <td>modifyThreadGroup</td>
172:         *   <td>modification of thread groups, e.g., via calls to ThreadGroup
173:         * <code>destroy</code>, <code>getParent</code>, <code>resume</code>, 
174:         * <code>setDaemon</code>, <code>setMaxPriority</code>, <code>stop</code>, 
175:         * and <code>suspend</code> methods</td>
176:         *   <td>This allows an attacker to create thread groups and
177:         * set their run priority.</td>
178:         * </tr>
179:         *
180:         * <tr>
181:         *   <td>getProtectionDomain</td>
182:         *   <td>Retrieval of the ProtectionDomain for a class</td>
183:         *   <td>This allows code to obtain policy information
184:         * for a particular code source. While obtaining policy information
185:         * does not compromise the security of the system, it does give
186:         * attackers additional information, such as local file names for
187:         * example, to better aim an attack.</td>
188:         * </tr>
189:         *
190:         * <tr>
191:         *   <td>readFileDescriptor</td>
192:         *   <td>Reading of file descriptors</td>
193:         *   <td>This would allow code to read the particular file associated
194:         *       with the file descriptor read. This is dangerous if the file
195:         *       contains confidential data.</td>
196:         * </tr>
197:         *
198:         * <tr>
199:         *   <td>writeFileDescriptor</td>
200:         *   <td>Writing to file descriptors</td>
201:         *   <td>This allows code to write to a particular file associated
202:         *       with the descriptor. This is dangerous because it may allow
203:         *       malicious code to plant viruses or at the very least, fill up
204:         *       your entire disk.</td>
205:         * </tr>
206:         *
207:         * <tr>
208:         *   <td>loadLibrary.{library name}</td>
209:         *   <td>Dynamic linking of the specified library</td>
210:         *   <td>It is dangerous to allow an applet permission to load native code
211:         * libraries, because the Java security architecture is not designed to and
212:         * does not prevent malicious behavior at the level of native code.</td>
213:         * </tr>
214:         *
215:         * <tr>
216:         *   <td>accessClassInPackage.{package name}</td>
217:         *   <td>Access to the specified package via a class loader's
218:         * <code>loadClass</code> method when that class loader calls
219:         * the SecurityManager <code>checkPackageAcesss</code> method</td>
220:         *   <td>This gives code access to classes in packages
221:         * to which it normally does not have access. Malicious code
222:         * may use these classes to help in its attempt to compromise
223:         * security in the system.</td>
224:         * </tr>
225:         *
226:         * <tr>
227:         *   <td>defineClassInPackage.{package name}</td>
228:         *   <td>Definition of classes in the specified package, via a class
229:         * loader's <code>defineClass</code> method when that class loader calls
230:         * the SecurityManager <code>checkPackageDefinition</code> method.</td>
231:         *   <td>This grants code permission to define a class
232:         * in a particular package. This is dangerous because malicious
233:         * code with this permission may define rogue classes in
234:         * trusted packages like <code>java.security</code> or <code>java.lang</code>,
235:         * for example.</td>
236:         * </tr>
237:         *
238:         * <tr>
239:         *   <td>accessDeclaredMembers</td>
240:         *   <td>Access to the declared members of a class</td>
241:         *   <td>This grants code permission to query a class for its public,
242:         * protected, default (package) access, and private fields and/or
243:         * methods. Although the code would have
244:         * access to the private and protected field and method names, it would not
245:         * have access to the private/protected field data and would not be able
246:         * to invoke any private methods. Nevertheless, malicious code
247:         * may use this information to better aim an attack.
248:         * Additionally, it may invoke any public methods and/or access public fields
249:         * in the class.  This could be dangerous if
250:         * the code would normally not be able to invoke those methods and/or
251:         * access the fields  because
252:         * it can't cast the object to the class/interface with those methods
253:         * and fields.
254:         </td>
255:         * </tr>
256:         * <tr>
257:         *   <td>queuePrintJob</td>
258:         *   <td>Initiation of a print job request</td>
259:         *   <td>This could print sensitive information to a printer,
260:         * or simply waste paper.</td>
261:         * </tr>
262:         *
263:         * </table>
264:         *
265:         * @see java.security.BasicPermission
266:         * @see java.security.Permission
267:         * @see java.security.Permissions
268:         * @see java.security.PermissionCollection
269:         * @see java.lang.SecurityManager
270:         *
271:         * @version 1.37 00/02/02
272:         *
273:         * @author Marianne Mueller
274:         * @author Roland Schemers
275:         */
276:
277:        public final class RuntimePermission extends BasicPermission {
278:
279:            /**
280:             * Creates a new RuntimePermission with the specified name.
281:             * The name is the symbolic name of the RuntimePermission, such as
282:             * "exit", "setFactory", etc. An asterisk
283:             * may appear at the end of the name, following a ".", or by itself, to
284:             * signify a wildcard match.
285:             *
286:             * @param name the name of the RuntimePermission.
287:             */
288:
289:            public RuntimePermission(String name) {
290:                super (name);
291:            }
292:
293:            /**
294:             * Creates a new RuntimePermission object with the specified name.
295:             * The name is the symbolic name of the RuntimePermission, and the
296:             * actions String is currently unused and should be null.
297:             *
298:             * @param name the name of the RuntimePermission.
299:             * @param actions should be null.
300:             */
301:
302:            public RuntimePermission(String name, String actions) {
303:                super(name, actions);
304:            }
305:        }
www.java2java.com | Contact Us
Copyright 2009 - 12 Demo Source and Support. All rights reserved.
All other trademarks are property of their respective owners.