< prev index next >

src/java.base/share/classes/java/lang/RuntimePermission.java

Print this page 







  26 package java.lang;
  27 
  28 import java.security.*;
  29 import java.lang.module.ModuleFinder;
  30 
  31 /**
  32  * This class is for runtime permissions. A {@code RuntimePermission}
  33  * contains a name (also referred to as a "target name") but no actions
  34  * list; you either have the named permission or you don't.
  35  * <p>
  36  * The target name is the name of the runtime permission (see below). The
  37  * naming convention follows the  hierarchical property naming convention.
  38  * Also, an asterisk may appear at the end of the name, following a ".",
  39  * or by itself, to signify a wildcard match. For example: "loadLibrary.*"
  40  * and "*" signify a wildcard match, while "*loadLibrary" and "a*b" do not.
  41  * <p>
  42  * The following table lists the standard {@code RuntimePermission}
  43  * target names, and for each provides a description of what the permission
  44  * allows and a discussion of the risks of granting code the permission.
  45  *
  46  * <table border=1 cellpadding=5 summary="permission target name,
  47  *  what the target allows,and associated risks">


  48  * <tr>
  49  * <th>Permission Target Name</th>
  50  * <th>What the Permission Allows</th>
  51  * <th>Risks of Allowing this Permission</th>
  52  * </tr>


  53  *
  54  * <tr>
  55  *   <td>createClassLoader</td>
  56  *   <td>Creation of a class loader</td>
  57  *   <td>This is an extremely dangerous permission to grant.
  58  * Malicious applications that can instantiate their own class
  59  * loaders could then load their own rogue classes into the system.
  60  * These newly loaded classes could be placed into any protection
  61  * domain by the class loader, thereby automatically granting the
  62  * classes the permissions for that domain.</td>
  63  * </tr>
  64  *
  65  * <tr>
  66  *   <td>getClassLoader</td>
  67  *   <td>Retrieval of a class loader (e.g., the class loader for the calling
  68  * class)</td>
  69  *   <td>This would grant an attacker permission to get the
  70  * class loader for a particular class. This is dangerous because
  71  * having access to a class's class loader allows the attacker to
  72  * load other classes available to that class loader. The attacker


 366  * <tr>
 367  *   <td>loggerFinder</td>
 368  *   <td>This {@code RuntimePermission} is required to be granted to
 369  *   classes which subclass or call methods on
 370  *   {@code java.lang.System.LoggerFinder}. The permission is
 371  *   checked during invocation of the abstract base class constructor, as
 372  *   well as on the invocation of its public methods.
 373  *   This permission ensures trust in classes which provide loggers
 374  *   to system classes.</td>
 375  *   <td>See {@link java.lang.System.LoggerFinder java.lang.System.LoggerFinder}
 376  *   for more information.</td>
 377  * </tr>
 378  *
 379  * <tr>
 380  *   <td>accessSystemModules</td>
 381  *   <td>Access system modules in the runtime image.</td>
 382  *   <td>This grants the permission to access resources in the
 383  *   {@linkplain ModuleFinder#ofSystem system modules} in the runtime image.</td>
 384  * </tr>
 385  *

 386  * </table>
 387  *
 388  * @implNote
 389  * Implementations may define additional target names, but should use naming
 390  * conventions such as reverse domain name notation to avoid name clashes.
 391  *
 392  * @see java.security.BasicPermission
 393  * @see java.security.Permission
 394  * @see java.security.Permissions
 395  * @see java.security.PermissionCollection
 396  * @see java.lang.SecurityManager
 397  *
 398  *
 399  * @author Marianne Mueller
 400  * @author Roland Schemers
 401  */
 402 
 403 public final class RuntimePermission extends BasicPermission {
 404 
 405     private static final long serialVersionUID = 7399184964622342223L;






  26 package java.lang;
  27 
  28 import java.security.*;
  29 import java.lang.module.ModuleFinder;
  30 
  31 /**
  32  * This class is for runtime permissions. A {@code RuntimePermission}
  33  * contains a name (also referred to as a "target name") but no actions
  34  * list; you either have the named permission or you don't.
  35  * <p>
  36  * The target name is the name of the runtime permission (see below). The
  37  * naming convention follows the  hierarchical property naming convention.
  38  * Also, an asterisk may appear at the end of the name, following a ".",
  39  * or by itself, to signify a wildcard match. For example: "loadLibrary.*"
  40  * and "*" signify a wildcard match, while "*loadLibrary" and "a*b" do not.
  41  * <p>
  42  * The following table lists the standard {@code RuntimePermission}
  43  * target names, and for each provides a description of what the permission
  44  * allows and a discussion of the risks of granting code the permission.
  45  *
  46  * <table class="striped">
  47  * <caption style="display:none">permission target name,
  48  *  what the target allows, and associated risks</caption>
  49  * <thead>
  50  * <tr>
  51  * <th>Permission Target Name</th>
  52  * <th>What the Permission Allows</th>
  53  * <th>Risks of Allowing this Permission</th>
  54  * </tr>
  55  * </thead>
  56  * <tbody>
  57  *
  58  * <tr>
  59  *   <td>createClassLoader</td>
  60  *   <td>Creation of a class loader</td>
  61  *   <td>This is an extremely dangerous permission to grant.
  62  * Malicious applications that can instantiate their own class
  63  * loaders could then load their own rogue classes into the system.
  64  * These newly loaded classes could be placed into any protection
  65  * domain by the class loader, thereby automatically granting the
  66  * classes the permissions for that domain.</td>
  67  * </tr>
  68  *
  69  * <tr>
  70  *   <td>getClassLoader</td>
  71  *   <td>Retrieval of a class loader (e.g., the class loader for the calling
  72  * class)</td>
  73  *   <td>This would grant an attacker permission to get the
  74  * class loader for a particular class. This is dangerous because
  75  * having access to a class's class loader allows the attacker to
  76  * load other classes available to that class loader. The attacker


 370  * <tr>
 371  *   <td>loggerFinder</td>
 372  *   <td>This {@code RuntimePermission} is required to be granted to
 373  *   classes which subclass or call methods on
 374  *   {@code java.lang.System.LoggerFinder}. The permission is
 375  *   checked during invocation of the abstract base class constructor, as
 376  *   well as on the invocation of its public methods.
 377  *   This permission ensures trust in classes which provide loggers
 378  *   to system classes.</td>
 379  *   <td>See {@link java.lang.System.LoggerFinder java.lang.System.LoggerFinder}
 380  *   for more information.</td>
 381  * </tr>
 382  *
 383  * <tr>
 384  *   <td>accessSystemModules</td>
 385  *   <td>Access system modules in the runtime image.</td>
 386  *   <td>This grants the permission to access resources in the
 387  *   {@linkplain ModuleFinder#ofSystem system modules} in the runtime image.</td>
 388  * </tr>
 389  *
 390  * </tbody>
 391  * </table>
 392  *
 393  * @implNote
 394  * Implementations may define additional target names, but should use naming
 395  * conventions such as reverse domain name notation to avoid name clashes.
 396  *
 397  * @see java.security.BasicPermission
 398  * @see java.security.Permission
 399  * @see java.security.Permissions
 400  * @see java.security.PermissionCollection
 401  * @see java.lang.SecurityManager
 402  *
 403  *
 404  * @author Marianne Mueller
 405  * @author Roland Schemers
 406  */
 407 
 408 public final class RuntimePermission extends BasicPermission {
 409 
 410     private static final long serialVersionUID = 7399184964622342223L;







< prev index next >