12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package java.awt; 27 28 import java.security.BasicPermission; 29 30 /** 31 * This class is for AWT permissions. 32 * An <code>AWTPermission</code> contains a target name but 33 * no actions list; you either have the named permission 34 * or you don't. 35 * 36 * <P> 37 * The target name is the name of the AWT permission (see below). The naming 38 * convention follows the hierarchical property naming convention. 39 * Also, an asterisk could be used to represent all AWT permissions. 40 * 41 * <P> 42 * The following table lists all the possible <code>AWTPermission</code> 43 * target names, and for each provides a description of what the 44 * permission allows and a discussion of the risks of granting code 45 * the permission. 46 * 47 * <table border=1 cellpadding=5 summary="AWTPermission target names, descriptions, and associated risks."> 48 * <tr> 49 * <th>Permission Target Name</th> 50 * <th>What the Permission Allows</th> 51 * <th>Risks of Allowing this Permission</th> 52 * </tr> 53 * 54 * <tr> 55 * <td>accessClipboard</td> 56 * <td>Posting and retrieval of information to and from the AWT clipboard</td> 57 * <td>This would allow malfeasant code to share 58 * potentially sensitive or confidential information.</td> 59 * </tr> 60 * 61 * <tr> 62 * <td>accessEventQueue</td> 108 * <td>After adding an AWT event listener, 109 * malicious code may scan all AWT events dispatched in the system, 110 * allowing it to read all user input (such as passwords). Each 111 * AWT event listener is called from within the context of that 112 * event queue's EventDispatchThread, so if the accessEventQueue 113 * permission is also enabled, malicious code could modify the 114 * contents of AWT event queues system-wide, causing the application 115 * or applet to misbehave in an insecure manner.</td> 116 * </tr> 117 * 118 * <tr> 119 * <td>readDisplayPixels</td> 120 * <td>Readback of pixels from the display screen</td> 121 * <td>Interfaces such as the java.awt.Composite interface or the 122 * java.awt.Robot class allow arbitrary code to examine pixels on the 123 * display enable malicious code to snoop on the activities of the user.</td> 124 * </tr> 125 * 126 * <tr> 127 * <td>replaceKeyboardFocusManager</td> 128 * <td>Sets the <code>KeyboardFocusManager</code> for 129 * a particular thread. 130 * <td>When <code>SecurityManager</code> is installed, the invoking 131 * thread must be granted this permission in order to replace 132 * the current <code>KeyboardFocusManager</code>. If permission 133 * is not granted, a <code>SecurityException</code> will be thrown. 134 * </tr> 135 * 136 * <tr> 137 * <td>setAppletStub</td> 138 * <td>Setting the stub which implements Applet container services</td> 139 * <td>Malicious code could set an applet's stub and result in unexpected 140 * behavior or denial of service to an applet.</td> 141 * </tr> 142 * 143 * <tr> 144 * <td>setWindowAlwaysOnTop</td> 145 * <td>Setting always-on-top property of the window: {@link Window#setAlwaysOnTop}</td> 146 * <td>The malicious window might make itself look and behave like a real full desktop, so that 147 * information entered by the unsuspecting user is captured and subsequently misused </td> 148 * </tr> 149 * 150 * <tr> 151 * <td>showWindowWithoutWarningBanner</td> 152 * <td>Display of a window without also displaying a banner warning 153 * that the window was created by an applet</td> 184 * </tr> 185 * </table> 186 * 187 * @see java.security.BasicPermission 188 * @see java.security.Permission 189 * @see java.security.Permissions 190 * @see java.security.PermissionCollection 191 * @see java.lang.SecurityManager 192 * 193 * 194 * @author Marianne Mueller 195 * @author Roland Schemers 196 */ 197 198 public final class AWTPermission extends BasicPermission { 199 200 /** use serialVersionUID from the Java 2 platform for interoperability */ 201 private static final long serialVersionUID = 8890392402588814465L; 202 203 /** 204 * Creates a new <code>AWTPermission</code> with the specified name. 205 * The name is the symbolic name of the <code>AWTPermission</code>, 206 * such as "topLevelWindow", "systemClipboard", etc. An asterisk 207 * may be used to indicate all AWT permissions. 208 * 209 * @param name the name of the AWTPermission 210 * 211 * @throws NullPointerException if <code>name</code> is <code>null</code>. 212 * @throws IllegalArgumentException if <code>name</code> is empty. 213 */ 214 215 public AWTPermission(String name) 216 { 217 super(name); 218 } 219 220 /** 221 * Creates a new <code>AWTPermission</code> object with the specified name. 222 * The name is the symbolic name of the <code>AWTPermission</code>, and the 223 * actions string is currently unused and should be <code>null</code>. 224 * 225 * @param name the name of the <code>AWTPermission</code> 226 * @param actions should be <code>null</code> 227 * 228 * @throws NullPointerException if <code>name</code> is <code>null</code>. 229 * @throws IllegalArgumentException if <code>name</code> is empty. 230 */ 231 232 public AWTPermission(String name, String actions) 233 { 234 super(name, actions); 235 } 236 } | 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package java.awt; 27 28 import java.security.BasicPermission; 29 30 /** 31 * This class is for AWT permissions. 32 * An {@code AWTPermission} contains a target name but 33 * no actions list; you either have the named permission 34 * or you don't. 35 * 36 * <P> 37 * The target name is the name of the AWT permission (see below). The naming 38 * convention follows the hierarchical property naming convention. 39 * Also, an asterisk could be used to represent all AWT permissions. 40 * 41 * <P> 42 * The following table lists all the possible {@code AWTPermission} 43 * target names, and for each provides a description of what the 44 * permission allows and a discussion of the risks of granting code 45 * the permission. 46 * 47 * <table border=1 cellpadding=5 summary="AWTPermission target names, descriptions, and associated risks."> 48 * <tr> 49 * <th>Permission Target Name</th> 50 * <th>What the Permission Allows</th> 51 * <th>Risks of Allowing this Permission</th> 52 * </tr> 53 * 54 * <tr> 55 * <td>accessClipboard</td> 56 * <td>Posting and retrieval of information to and from the AWT clipboard</td> 57 * <td>This would allow malfeasant code to share 58 * potentially sensitive or confidential information.</td> 59 * </tr> 60 * 61 * <tr> 62 * <td>accessEventQueue</td> 108 * <td>After adding an AWT event listener, 109 * malicious code may scan all AWT events dispatched in the system, 110 * allowing it to read all user input (such as passwords). Each 111 * AWT event listener is called from within the context of that 112 * event queue's EventDispatchThread, so if the accessEventQueue 113 * permission is also enabled, malicious code could modify the 114 * contents of AWT event queues system-wide, causing the application 115 * or applet to misbehave in an insecure manner.</td> 116 * </tr> 117 * 118 * <tr> 119 * <td>readDisplayPixels</td> 120 * <td>Readback of pixels from the display screen</td> 121 * <td>Interfaces such as the java.awt.Composite interface or the 122 * java.awt.Robot class allow arbitrary code to examine pixels on the 123 * display enable malicious code to snoop on the activities of the user.</td> 124 * </tr> 125 * 126 * <tr> 127 * <td>replaceKeyboardFocusManager</td> 128 * <td>Sets the {@code KeyboardFocusManager} for 129 * a particular thread. 130 * <td>When {@code SecurityManager} is installed, the invoking 131 * thread must be granted this permission in order to replace 132 * the current {@code KeyboardFocusManager}. If permission 133 * is not granted, a {@code SecurityException} will be thrown. 134 * </tr> 135 * 136 * <tr> 137 * <td>setAppletStub</td> 138 * <td>Setting the stub which implements Applet container services</td> 139 * <td>Malicious code could set an applet's stub and result in unexpected 140 * behavior or denial of service to an applet.</td> 141 * </tr> 142 * 143 * <tr> 144 * <td>setWindowAlwaysOnTop</td> 145 * <td>Setting always-on-top property of the window: {@link Window#setAlwaysOnTop}</td> 146 * <td>The malicious window might make itself look and behave like a real full desktop, so that 147 * information entered by the unsuspecting user is captured and subsequently misused </td> 148 * </tr> 149 * 150 * <tr> 151 * <td>showWindowWithoutWarningBanner</td> 152 * <td>Display of a window without also displaying a banner warning 153 * that the window was created by an applet</td> 184 * </tr> 185 * </table> 186 * 187 * @see java.security.BasicPermission 188 * @see java.security.Permission 189 * @see java.security.Permissions 190 * @see java.security.PermissionCollection 191 * @see java.lang.SecurityManager 192 * 193 * 194 * @author Marianne Mueller 195 * @author Roland Schemers 196 */ 197 198 public final class AWTPermission extends BasicPermission { 199 200 /** use serialVersionUID from the Java 2 platform for interoperability */ 201 private static final long serialVersionUID = 8890392402588814465L; 202 203 /** 204 * Creates a new {@code AWTPermission} with the specified name. 205 * The name is the symbolic name of the {@code AWTPermission}, 206 * such as "topLevelWindow", "systemClipboard", etc. An asterisk 207 * may be used to indicate all AWT permissions. 208 * 209 * @param name the name of the AWTPermission 210 * 211 * @throws NullPointerException if {@code name} is {@code null}. 212 * @throws IllegalArgumentException if {@code name} is empty. 213 */ 214 215 public AWTPermission(String name) 216 { 217 super(name); 218 } 219 220 /** 221 * Creates a new {@code AWTPermission} object with the specified name. 222 * The name is the symbolic name of the {@code AWTPermission}, and the 223 * actions string is currently unused and should be {@code null}. 224 * 225 * @param name the name of the {@code AWTPermission} 226 * @param actions should be {@code null} 227 * 228 * @throws NullPointerException if {@code name} is {@code null}. 229 * @throws IllegalArgumentException if {@code name} is empty. 230 */ 231 232 public AWTPermission(String name, String actions) 233 { 234 super(name, actions); 235 } 236 } |