26 package java.lang;
27
28 import java.security.*;
29 import java.lang.module.ModuleFinder;
30
31 /**
32 * This class is for runtime permissions. A {@code RuntimePermission}
33 * contains a name (also referred to as a "target name") but no actions
34 * list; you either have the named permission or you don't.
35 * <p>
36 * The target name is the name of the runtime permission (see below). The
37 * naming convention follows the hierarchical property naming convention.
38 * Also, an asterisk may appear at the end of the name, following a ".",
39 * or by itself, to signify a wildcard match. For example: "loadLibrary.*"
40 * and "*" signify a wildcard match, while "*loadLibrary" and "a*b" do not.
41 * <p>
42 * The following table lists the standard {@code RuntimePermission}
43 * target names, and for each provides a description of what the permission
44 * allows and a discussion of the risks of granting code the permission.
45 *
46 * <table border=1 cellpadding=5 summary="permission target name,
47 * what the target allows,and associated risks">
48 * <tr>
49 * <th>Permission Target Name</th>
50 * <th>What the Permission Allows</th>
51 * <th>Risks of Allowing this Permission</th>
52 * </tr>
53 *
54 * <tr>
55 * <td>createClassLoader</td>
56 * <td>Creation of a class loader</td>
57 * <td>This is an extremely dangerous permission to grant.
58 * Malicious applications that can instantiate their own class
59 * loaders could then load their own rogue classes into the system.
60 * These newly loaded classes could be placed into any protection
61 * domain by the class loader, thereby automatically granting the
62 * classes the permissions for that domain.</td>
63 * </tr>
64 *
65 * <tr>
66 * <td>getClassLoader</td>
67 * <td>Retrieval of a class loader (e.g., the class loader for the calling
68 * class)</td>
69 * <td>This would grant an attacker permission to get the
70 * class loader for a particular class. This is dangerous because
71 * having access to a class's class loader allows the attacker to
72 * load other classes available to that class loader. The attacker
366 * <tr>
367 * <td>loggerFinder</td>
368 * <td>This {@code RuntimePermission} is required to be granted to
369 * classes which subclass or call methods on
370 * {@code java.lang.System.LoggerFinder}. The permission is
371 * checked during invocation of the abstract base class constructor, as
372 * well as on the invocation of its public methods.
373 * This permission ensures trust in classes which provide loggers
374 * to system classes.</td>
375 * <td>See {@link java.lang.System.LoggerFinder java.lang.System.LoggerFinder}
376 * for more information.</td>
377 * </tr>
378 *
379 * <tr>
380 * <td>accessSystemModules</td>
381 * <td>Access system modules in the runtime image.</td>
382 * <td>This grants the permission to access resources in the
383 * {@linkplain ModuleFinder#ofSystem system modules} in the runtime image.</td>
384 * </tr>
385 *
386 * </table>
387 *
388 * @implNote
389 * Implementations may define additional target names, but should use naming
390 * conventions such as reverse domain name notation to avoid name clashes.
391 *
392 * @see java.security.BasicPermission
393 * @see java.security.Permission
394 * @see java.security.Permissions
395 * @see java.security.PermissionCollection
396 * @see java.lang.SecurityManager
397 *
398 *
399 * @author Marianne Mueller
400 * @author Roland Schemers
401 */
402
403 public final class RuntimePermission extends BasicPermission {
404
405 private static final long serialVersionUID = 7399184964622342223L;
|
26 package java.lang;
27
28 import java.security.*;
29 import java.lang.module.ModuleFinder;
30
31 /**
32 * This class is for runtime permissions. A {@code RuntimePermission}
33 * contains a name (also referred to as a "target name") but no actions
34 * list; you either have the named permission or you don't.
35 * <p>
36 * The target name is the name of the runtime permission (see below). The
37 * naming convention follows the hierarchical property naming convention.
38 * Also, an asterisk may appear at the end of the name, following a ".",
39 * or by itself, to signify a wildcard match. For example: "loadLibrary.*"
40 * and "*" signify a wildcard match, while "*loadLibrary" and "a*b" do not.
41 * <p>
42 * The following table lists the standard {@code RuntimePermission}
43 * target names, and for each provides a description of what the permission
44 * allows and a discussion of the risks of granting code the permission.
45 *
46 * <table class="altrows">
47 * <caption style="display:none">permission target name,
48 * what the target allows, and associated risks</caption>
49 * <thead>
50 * <tr>
51 * <th>Permission Target Name</th>
52 * <th>What the Permission Allows</th>
53 * <th>Risks of Allowing this Permission</th>
54 * </tr>
55 * </thead>
56 * <tbody>
57 *
58 * <tr>
59 * <td>createClassLoader</td>
60 * <td>Creation of a class loader</td>
61 * <td>This is an extremely dangerous permission to grant.
62 * Malicious applications that can instantiate their own class
63 * loaders could then load their own rogue classes into the system.
64 * These newly loaded classes could be placed into any protection
65 * domain by the class loader, thereby automatically granting the
66 * classes the permissions for that domain.</td>
67 * </tr>
68 *
69 * <tr>
70 * <td>getClassLoader</td>
71 * <td>Retrieval of a class loader (e.g., the class loader for the calling
72 * class)</td>
73 * <td>This would grant an attacker permission to get the
74 * class loader for a particular class. This is dangerous because
75 * having access to a class's class loader allows the attacker to
76 * load other classes available to that class loader. The attacker
370 * <tr>
371 * <td>loggerFinder</td>
372 * <td>This {@code RuntimePermission} is required to be granted to
373 * classes which subclass or call methods on
374 * {@code java.lang.System.LoggerFinder}. The permission is
375 * checked during invocation of the abstract base class constructor, as
376 * well as on the invocation of its public methods.
377 * This permission ensures trust in classes which provide loggers
378 * to system classes.</td>
379 * <td>See {@link java.lang.System.LoggerFinder java.lang.System.LoggerFinder}
380 * for more information.</td>
381 * </tr>
382 *
383 * <tr>
384 * <td>accessSystemModules</td>
385 * <td>Access system modules in the runtime image.</td>
386 * <td>This grants the permission to access resources in the
387 * {@linkplain ModuleFinder#ofSystem system modules} in the runtime image.</td>
388 * </tr>
389 *
390 * </tbody>
391 * </table>
392 *
393 * @implNote
394 * Implementations may define additional target names, but should use naming
395 * conventions such as reverse domain name notation to avoid name clashes.
396 *
397 * @see java.security.BasicPermission
398 * @see java.security.Permission
399 * @see java.security.Permissions
400 * @see java.security.PermissionCollection
401 * @see java.lang.SecurityManager
402 *
403 *
404 * @author Marianne Mueller
405 * @author Roland Schemers
406 */
407
408 public final class RuntimePermission extends BasicPermission {
409
410 private static final long serialVersionUID = 7399184964622342223L;
|