src/share/classes/java/security/SecurityPermission.java

Print this page 





   1 /*
   2  * Copyright (c) 1997, 2006, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any


  40  * Currently the SecurityPermission object is used to guard access
  41  * to the Policy, Security, Provider, Signer, and Identity
  42  * objects.
  43  * <P>
  44  * The following table lists all the possible SecurityPermission target names,
  45  * and for each provides a description of what the permission allows
  46  * and a discussion of the risks of granting code the permission.
  47  * <P>
  48  *
  49  * <table border=1 cellpadding=5 summary="target name,what the permission allows, and associated risks">
  50  * <tr>
  51  * <th>Permission Target Name</th>
  52  * <th>What the Permission Allows</th>
  53  * <th>Risks of Allowing this Permission</th>
  54  * </tr>
  55  *
  56  * <tr>
  57  *   <td>createAccessControlContext</td>
  58  *   <td>Creation of an AccessControlContext</td>
  59  *   <td>This allows someone to instantiate an AccessControlContext
  60  * with a <code>DomainCombiner</code>.  Extreme care must be taken when
  61  * granting this permission. Malicious code could create a DomainCombiner
  62  * that augments the set of permissions granted to code, and even grant the
  63  * code {@link java.security.AllPermission}.</td>
  64  * </tr>
  65  *
  66  * <tr>
  67  *   <td>getDomainCombiner</td>
  68  *   <td>Retrieval of an AccessControlContext's DomainCombiner</td>
  69  *   <td>This allows someone to retrieve an AccessControlContext's
  70  * <code>DomainCombiner</code>.  Since DomainCombiners may contain
  71  * sensitive information, this could potentially lead to a privacy leak.</td>
  72  * </tr>
  73  *
  74  * <tr>
  75  *   <td>getPolicy</td>
  76  *   <td>Retrieval of the system-wide security policy (specifically, of the
  77  * currently-installed Policy object)</td>
  78  *   <td>This allows someone to query the policy via the
  79  * <code>getPermissions</code> call,
  80  * which discloses which permissions would be granted to a given CodeSource.
  81  * While revealing the policy does not compromise the security of
  82  * the system, it does provide malicious code with additional information
  83  * which it may use to better aim an attack. It is wise
  84  * not to divulge more information than necessary.</td>
  85  * </tr>
  86  *
  87  * <tr>
  88  *   <td>setPolicy</td>
  89  *   <td>Setting of the system-wide security policy (specifically,
  90  * the Policy object)</td>
  91  *   <td>Granting this permission is extremely dangerous, as malicious
  92  * code may grant itself all the necessary permissions it needs
  93  * to successfully mount an attack on the system.</td>
  94  * </tr>
  95  *
  96  * <tr>
  97  *   <td>createPolicy.{policy type}</td>
  98  *   <td>Getting an instance of a Policy implementation from a provider</td>
  99  *   <td>Granting this permission enables code to obtain a Policy object.


 286  * @see java.security.PermissionCollection
 287  * @see java.lang.SecurityManager
 288  *
 289  *
 290  * @author Marianne Mueller
 291  * @author Roland Schemers
 292  */
 293 
 294 public final class SecurityPermission extends BasicPermission {
 295 
 296     private static final long serialVersionUID = 5236109936224050470L;
 297 
 298     /**
 299      * Creates a new SecurityPermission with the specified name.
 300      * The name is the symbolic name of the SecurityPermission. An asterisk
 301      * may appear at the end of the name, following a ".", or by itself, to
 302      * signify a wildcard match.
 303      *
 304      * @param name the name of the SecurityPermission
 305      *
 306      * @throws NullPointerException if <code>name</code> is <code>null</code>.
 307      * @throws IllegalArgumentException if <code>name</code> is empty.
 308      */
 309 
 310     public SecurityPermission(String name)
 311     {
 312         super(name);
 313     }
 314 
 315     /**
 316      * Creates a new SecurityPermission object with the specified name.
 317      * The name is the symbolic name of the SecurityPermission, and the
 318      * actions String is currently unused and should be null.
 319      *
 320      * @param name the name of the SecurityPermission
 321      * @param actions should be null.
 322      *
 323      * @throws NullPointerException if <code>name</code> is <code>null</code>.
 324      * @throws IllegalArgumentException if <code>name</code> is empty.
 325      */
 326 
 327     public SecurityPermission(String name, String actions)
 328     {
 329         super(name, actions);
 330     }
 331 }

   1 /*
   2  * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any


  40  * Currently the SecurityPermission object is used to guard access
  41  * to the Policy, Security, Provider, Signer, and Identity
  42  * objects.
  43  * <P>
  44  * The following table lists all the possible SecurityPermission target names,
  45  * and for each provides a description of what the permission allows
  46  * and a discussion of the risks of granting code the permission.
  47  * <P>
  48  *
  49  * <table border=1 cellpadding=5 summary="target name,what the permission allows, and associated risks">
  50  * <tr>
  51  * <th>Permission Target Name</th>
  52  * <th>What the Permission Allows</th>
  53  * <th>Risks of Allowing this Permission</th>
  54  * </tr>
  55  *
  56  * <tr>
  57  *   <td>createAccessControlContext</td>
  58  *   <td>Creation of an AccessControlContext</td>
  59  *   <td>This allows someone to instantiate an AccessControlContext
  60  * with a {@code DomainCombiner}.  Extreme care must be taken when
  61  * granting this permission. Malicious code could create a DomainCombiner
  62  * that augments the set of permissions granted to code, and even grant the
  63  * code {@link java.security.AllPermission}.</td>
  64  * </tr>
  65  *
  66  * <tr>
  67  *   <td>getDomainCombiner</td>
  68  *   <td>Retrieval of an AccessControlContext's DomainCombiner</td>
  69  *   <td>This allows someone to retrieve an AccessControlContext's
  70  * {@code DomainCombiner}.  Since DomainCombiners may contain
  71  * sensitive information, this could potentially lead to a privacy leak.</td>
  72  * </tr>
  73  *
  74  * <tr>
  75  *   <td>getPolicy</td>
  76  *   <td>Retrieval of the system-wide security policy (specifically, of the
  77  * currently-installed Policy object)</td>
  78  *   <td>This allows someone to query the policy via the
  79  * {@code getPermissions} call,
  80  * which discloses which permissions would be granted to a given CodeSource.
  81  * While revealing the policy does not compromise the security of
  82  * the system, it does provide malicious code with additional information
  83  * which it may use to better aim an attack. It is wise
  84  * not to divulge more information than necessary.</td>
  85  * </tr>
  86  *
  87  * <tr>
  88  *   <td>setPolicy</td>
  89  *   <td>Setting of the system-wide security policy (specifically,
  90  * the Policy object)</td>
  91  *   <td>Granting this permission is extremely dangerous, as malicious
  92  * code may grant itself all the necessary permissions it needs
  93  * to successfully mount an attack on the system.</td>
  94  * </tr>
  95  *
  96  * <tr>
  97  *   <td>createPolicy.{policy type}</td>
  98  *   <td>Getting an instance of a Policy implementation from a provider</td>
  99  *   <td>Granting this permission enables code to obtain a Policy object.


 286  * @see java.security.PermissionCollection
 287  * @see java.lang.SecurityManager
 288  *
 289  *
 290  * @author Marianne Mueller
 291  * @author Roland Schemers
 292  */
 293 
 294 public final class SecurityPermission extends BasicPermission {
 295 
 296     private static final long serialVersionUID = 5236109936224050470L;
 297 
 298     /**
 299      * Creates a new SecurityPermission with the specified name.
 300      * The name is the symbolic name of the SecurityPermission. An asterisk
 301      * may appear at the end of the name, following a ".", or by itself, to
 302      * signify a wildcard match.
 303      *
 304      * @param name the name of the SecurityPermission
 305      *
 306      * @throws NullPointerException if {@code name} is {@code null}.
 307      * @throws IllegalArgumentException if {@code name} is empty.
 308      */
 309 
 310     public SecurityPermission(String name)
 311     {
 312         super(name);
 313     }
 314 
 315     /**
 316      * Creates a new SecurityPermission object with the specified name.
 317      * The name is the symbolic name of the SecurityPermission, and the
 318      * actions String is currently unused and should be null.
 319      *
 320      * @param name the name of the SecurityPermission
 321      * @param actions should be null.
 322      *
 323      * @throws NullPointerException if {@code name} is {@code null}.
 324      * @throws IllegalArgumentException if {@code name} is empty.
 325      */
 326 
 327     public SecurityPermission(String name, String actions)
 328     {
 329         super(name, actions);
 330     }
 331 }