1 /* 2 * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package java.io; 27 28 import java.security.*; 29 import java.util.Enumeration; 30 import java.util.Hashtable; 31 import java.util.StringTokenizer; 32 33 /** 34 * This class is for Serializable permissions. A SerializablePermission 35 * contains a name (also referred to as a "target name") but 36 * no actions list; you either have the named permission 37 * or you don't. 38 * 39 * <P> 40 * The target name is the name of the Serializable permission (see below). 41 * 42 * <P> 43 * The following table lists the standard {@code SerializablePermission} target names, 44 * and for each provides a description of what the permission allows 45 * and a discussion of the risks of granting code the permission. 46 * 47 * <table border=1 cellpadding=5 summary="Permission target name, what the permission allows, and associated risks"> 48 * <tr> 49 * <th>Permission Target Name</th> 50 * <th>What the Permission Allows</th> 51 * <th>Risks of Allowing this Permission</th> 52 * </tr> 53 * 54 * <tr> 55 * <td>enableSubclassImplementation</td> 56 * <td>Subclass implementation of ObjectOutputStream or ObjectInputStream 57 * to override the default serialization or deserialization, respectively, 58 * of objects</td> 59 * <td>Code can use this to serialize or 60 * deserialize classes in a purposefully malfeasant manner. For example, 61 * during serialization, malicious code can use this to 62 * purposefully store confidential private field data in a way easily accessible 63 * to attackers. Or, during deserialization it could, for example, deserialize 64 * a class with all its private fields zeroed out.</td> 65 * </tr> 66 * 67 * <tr> 68 * <td>enableSubstitution</td> 69 * <td>Substitution of one object for another during 70 * serialization or deserialization</td> 71 * <td>This is dangerous because malicious code 72 * can replace the actual object with one which has incorrect or 73 * malignant data.</td> 74 * </tr> 75 * 76 * <tr> 77 * <td>serialFilter</td> 78 * <td>Setting a filter for ObjectInputStreams.</td> 79 * <td>Code could remove a configured filter and remove protections 80 * already established.</td> 81 * </tr> 82 * 83 * </table> 84 * 85 * @see java.security.BasicPermission 86 * @see java.security.Permission 87 * @see java.security.Permissions 88 * @see java.security.PermissionCollection 89 * @see java.lang.SecurityManager 90 * 91 * 92 * @author Joe Fialli 93 * @since 1.2 94 */ 95 96 /* code was borrowed originally from java.lang.RuntimePermission. */ 97 98 public final class SerializablePermission extends BasicPermission { 99 100 private static final long serialVersionUID = 8537212141160296410L; 101 102 /** 103 * @serial 104 */ 105 private String actions; 106 107 /** 108 * Creates a new SerializablePermission with the specified name. 109 * The name is the symbolic name of the SerializablePermission, such as 110 * "enableSubstitution", etc. 111 * 112 * @param name the name of the SerializablePermission. 113 * 114 * @throws NullPointerException if <code>name</code> is <code>null</code>. 115 * @throws IllegalArgumentException if <code>name</code> is empty. 116 */ 117 public SerializablePermission(String name) 118 { 119 super(name); 120 } 121 122 /** 123 * Creates a new SerializablePermission object with the specified name. 124 * The name is the symbolic name of the SerializablePermission, and the 125 * actions String is currently unused and should be null. 126 * 127 * @param name the name of the SerializablePermission. 128 * @param actions currently unused and must be set to null 129 * 130 * @throws NullPointerException if <code>name</code> is <code>null</code>. 131 * @throws IllegalArgumentException if <code>name</code> is empty. 132 */ 133 134 public SerializablePermission(String name, String actions) 135 { 136 super(name, actions); 137 } 138 }