32 * An {@code AWTPermission} contains a target name but 33 * no actions list; you either have the named permission 34 * or you don't. 35 * 36 * <P> 37 * The target name is the name of the AWT permission (see below). The naming 38 * convention follows the hierarchical property naming convention. 39 * Also, an asterisk could be used to represent all AWT permissions. 40 * 41 * <P> 42 * The following table lists all the possible {@code AWTPermission} 43 * target names, and for each provides a description of what the 44 * permission allows and a discussion of the risks of granting code 45 * the permission. 46 * 47 * <table class="striped"> 48 * <caption>AWTPermission target names, descriptions, and associated risks 49 * </caption> 50 * <thead> 51 * <tr> 52 * <th>Permission Target Name</th> 53 * <th>What the Permission Allows</th> 54 * <th>Risks of Allowing this Permission</th> 55 * </tr> 56 * </thead> 57 * <tbody> 58 * <tr> 59 * <td>accessClipboard</td> 60 * <td>Posting and retrieval of information to and from the AWT clipboard</td> 61 * <td>This would allow malfeasant code to share 62 * potentially sensitive or confidential information.</td> 63 * </tr> 64 * 65 * <tr> 66 * <td>accessEventQueue</td> 67 * <td>Access to the AWT event queue</td> 68 * <td>After retrieving the AWT event queue, 69 * malicious code may peek at and even remove existing events 70 * from its event queue, as well as post bogus events which may purposefully 71 * cause the application or applet to misbehave in an insecure manner.</td> 72 * </tr> 73 * 74 * <tr> 75 * <td>accessSystemTray</td> 76 * <td>Access to the AWT SystemTray instance</td> 77 * <td>This would allow malicious code to add tray icons to the system tray. 78 * First, such an icon may look like the icon of some known application 79 * (such as a firewall or anti-virus) and order a user to do something unsafe 80 * (with help of balloon messages). Second, the system tray may be glutted with 81 * tray icons so that no one could add a tray icon anymore.</td> 82 * </tr> 83 * 84 * <tr> 85 * <td>createRobot</td> 86 * <td>Create java.awt.Robot objects</td> 87 * <td>The java.awt.Robot object allows code to generate native-level 88 * mouse and keyboard events as well as read the screen. It could allow 89 * malicious code to control the system, run other programs, read the 90 * display, and deny mouse and keyboard access to the user.</td> 91 * </tr> 92 * 93 * <tr> 94 * <td>fullScreenExclusive</td> 95 * <td>Enter full-screen exclusive mode</td> 96 * <td>Entering full-screen exclusive mode allows direct access to 97 * low-level graphics card memory. This could be used to spoof the 98 * system, since the program is in direct control of rendering. Depending on 99 * the implementation, the security warning may not be shown for the windows 100 * used to enter the full-screen exclusive mode (assuming that the {@code 101 * fullScreenExclusive} permission has been granted to this application). Note 102 * that this behavior does not mean that the {@code 103 * showWindowWithoutWarningBanner} permission will be automatically granted to 104 * the application which has the {@code fullScreenExclusive} permission: 105 * non-full-screen windows will continue to be shown with the security 106 * warning.</td> 107 * </tr> 108 * 109 * <tr> 110 * <td>listenToAllAWTEvents</td> 111 * <td>Listen to all AWT events, system-wide</td> 112 * <td>After adding an AWT event listener, 113 * malicious code may scan all AWT events dispatched in the system, 114 * allowing it to read all user input (such as passwords). Each 115 * AWT event listener is called from within the context of that 116 * event queue's EventDispatchThread, so if the accessEventQueue 117 * permission is also enabled, malicious code could modify the 118 * contents of AWT event queues system-wide, causing the application 119 * or applet to misbehave in an insecure manner.</td> 120 * </tr> 121 * 122 * <tr> 123 * <td>readDisplayPixels</td> 124 * <td>Readback of pixels from the display screen</td> 125 * <td>Interfaces such as the java.awt.Composite interface or the 126 * java.awt.Robot class allow arbitrary code to examine pixels on the 127 * display enable malicious code to snoop on the activities of the user.</td> 128 * </tr> 129 * 130 * <tr> 131 * <td>replaceKeyboardFocusManager</td> 132 * <td>Sets the {@code KeyboardFocusManager} for 133 * a particular thread. 134 * <td>When {@code SecurityManager} is installed, the invoking 135 * thread must be granted this permission in order to replace 136 * the current {@code KeyboardFocusManager}. If permission 137 * is not granted, a {@code SecurityException} will be thrown. 138 * </tr> 139 * 140 * <tr> 141 * <td>setAppletStub</td> 142 * <td>Setting the stub which implements Applet container services</td> 143 * <td>Malicious code could set an applet's stub and result in unexpected 144 * behavior or denial of service to an applet.</td> 145 * </tr> 146 * 147 * <tr> 148 * <td>setWindowAlwaysOnTop</td> 149 * <td>Setting always-on-top property of the window: {@link Window#setAlwaysOnTop}</td> 150 * <td>The malicious window might make itself look and behave like a real full desktop, so that 151 * information entered by the unsuspecting user is captured and subsequently misused </td> 152 * </tr> 153 * 154 * <tr> 155 * <td>showWindowWithoutWarningBanner</td> 156 * <td>Display of a window without also displaying a banner warning 157 * that the window was created by an applet</td> 158 * <td>Without this warning, 159 * an applet may pop up windows without the user knowing that they 160 * belong to an applet. Since users may make security-sensitive 161 * decisions based on whether or not the window belongs to an applet 162 * (entering a username and password into a dialog box, for example), 163 * disabling this warning banner may allow applets to trick the user 164 * into entering such information.</td> 165 * </tr> 166 * 167 * <tr> 168 * <td>toolkitModality</td> 169 * <td>Creating {@link Dialog.ModalityType#TOOLKIT_MODAL TOOLKIT_MODAL} dialogs 170 * and setting the {@link Dialog.ModalExclusionType#TOOLKIT_EXCLUDE 171 * TOOLKIT_EXCLUDE} window property.</td> 172 * <td>When a toolkit-modal dialog is shown from an applet, it blocks all other 173 * applets in the browser. When launching applications from Java Web Start, 174 * its windows (such as the security dialog) may also be blocked by toolkit-modal 175 * dialogs, shown from these applications.</td> 176 * </tr> 177 * 178 * <tr> 179 * <td>watchMousePointer</td> 180 * <td>Getting the information about the mouse pointer position at any 181 * time</td> 182 * <td>Constantly watching the mouse pointer, 183 * an applet can make guesses about what the user is doing, i.e. moving 184 * the mouse to the lower left corner of the screen most likely means that 185 * the user is about to launch an application. If a virtual keypad is used 186 * so that keyboard is emulated using the mouse, an applet may guess what 187 * is being typed.</td> 188 * </tr> 189 * </tbody> 190 * </table> 191 * 192 * @see java.security.BasicPermission 193 * @see java.security.Permission 194 * @see java.security.Permissions 195 * @see java.security.PermissionCollection 196 * @see java.lang.SecurityManager 197 * 198 * 199 * @author Marianne Mueller 200 * @author Roland Schemers 201 */ 202 203 public final class AWTPermission extends BasicPermission { 204 205 /** use serialVersionUID from the Java 2 platform for interoperability */ 206 private static final long serialVersionUID = 8890392402588814465L; 207 208 /** 209 * Creates a new {@code AWTPermission} with the specified name. 210 * The name is the symbolic name of the {@code AWTPermission}, 211 * such as "topLevelWindow", "systemClipboard", etc. An asterisk 212 * may be used to indicate all AWT permissions. 213 * 214 * @param name the name of the AWTPermission 215 * 216 * @throws NullPointerException if {@code name} is {@code null}. 217 * @throws IllegalArgumentException if {@code name} is empty. 218 */ 219 220 public AWTPermission(String name) 221 { 222 super(name); | 32 * An {@code AWTPermission} contains a target name but 33 * no actions list; you either have the named permission 34 * or you don't. 35 * 36 * <P> 37 * The target name is the name of the AWT permission (see below). The naming 38 * convention follows the hierarchical property naming convention. 39 * Also, an asterisk could be used to represent all AWT permissions. 40 * 41 * <P> 42 * The following table lists all the possible {@code AWTPermission} 43 * target names, and for each provides a description of what the 44 * permission allows and a discussion of the risks of granting code 45 * the permission. 46 * 47 * <table class="striped"> 48 * <caption>AWTPermission target names, descriptions, and associated risks 49 * </caption> 50 * <thead> 51 * <tr> 52 * <th scope="col">Permission Target Name 53 * <th scope="col">What the Permission Allows 54 * <th scope="col">Risks of Allowing this Permission 55 * </thead> 56 * <tbody> 57 * <tr> 58 * <th scope="row">accessClipboard 59 * <td>Posting and retrieval of information to and from the AWT clipboard 60 * <td>This would allow malfeasant code to share potentially sensitive or 61 * confidential information. 62 * <tr> 63 * <th scope="row">accessEventQueue 64 * <td>Access to the AWT event queue 65 * <td>After retrieving the AWT event queue, malicious code may peek at and 66 * even remove existing events from its event queue, as well as post bogus 67 * events which may purposefully cause the application or applet to 68 * misbehave in an insecure manner. 69 * <tr> 70 * <th scope="row">accessSystemTray 71 * <td>Access to the AWT SystemTray instance 72 * <td>This would allow malicious code to add tray icons to the system tray. 73 * First, such an icon may look like the icon of some known application 74 * (such as a firewall or anti-virus) and order a user to do something 75 * unsafe (with help of balloon messages). Second, the system tray may be 76 * glutted with tray icons so that no one could add a tray icon anymore. 77 * <tr> 78 * <th scope="row">createRobot 79 * <td>Create java.awt.Robot objects 80 * <td>The java.awt.Robot object allows code to generate native-level mouse 81 * and keyboard events as well as read the screen. It could allow malicious 82 * code to control the system, run other programs, read the display, and 83 * deny mouse and keyboard access to the user. 84 * <tr> 85 * <th scope="row">fullScreenExclusive 86 * <td>Enter full-screen exclusive mode 87 * <td>Entering full-screen exclusive mode allows direct access to low-level 88 * graphics card memory. This could be used to spoof the system, since the 89 * program is in direct control of rendering. Depending on the 90 * implementation, the security warning may not be shown for the windows 91 * used to enter the full-screen exclusive mode (assuming that the 92 * {@code fullScreenExclusive} permission has been granted to this 93 * application). Note that this behavior does not mean that the 94 * {@code showWindowWithoutWarningBanner} permission will be automatically 95 * granted to the application which has the {@code fullScreenExclusive} 96 * permission: non-full-screen windows will continue to be shown with the 97 * security warning. 98 * <tr> 99 * <th scope="row">listenToAllAWTEvents 100 * <td>Listen to all AWT events, system-wide 101 * <td>After adding an AWT event listener, malicious code may scan all AWT 102 * events dispatched in the system, allowing it to read all user input (such 103 * as passwords). Each AWT event listener is called from within the context 104 * of that event queue's EventDispatchThread, so if the accessEventQueue 105 * permission is also enabled, malicious code could modify the contents of 106 * AWT event queues system-wide, causing the application or applet to 107 * misbehave in an insecure manner. 108 * <tr> 109 * <th scope="row">readDisplayPixels 110 * <td>Readback of pixels from the display screen 111 * <td>Interfaces such as the java.awt.Composite interface or the 112 * java.awt.Robot class allow arbitrary code to examine pixels on the 113 * display enable malicious code to snoop on the activities of the user. 114 * <tr> 115 * <th scope="row">replaceKeyboardFocusManager 116 * <td>Sets the {@code KeyboardFocusManager} for a particular thread. 117 * <td>When {@code SecurityManager} is installed, the invoking thread must 118 * be granted this permission in order to replace the current 119 * {@code KeyboardFocusManager}. If permission is not granted, a 120 * {@code SecurityException} will be thrown. 121 * <tr> 122 * <th scope="row">setAppletStub 123 * <td>Setting the stub which implements Applet container services 124 * <td>Malicious code could set an applet's stub and result in unexpected 125 * behavior or denial of service to an applet. 126 * <tr> 127 * <th scope="row">setWindowAlwaysOnTop 128 * <td>Setting always-on-top property of the window: 129 * {@link Window#setAlwaysOnTop} 130 * <td>The malicious window might make itself look and behave like a real 131 * full desktop, so that information entered by the unsuspecting user is 132 * captured and subsequently misused 133 * <tr> 134 * <th scope="row">showWindowWithoutWarningBanner 135 * <td>Display of a window without also displaying a banner warning that the 136 * window was created by an applet 137 * <td>Without this warning, an applet may pop up windows without the user 138 * knowing that they belong to an applet. Since users may make 139 * security-sensitive decisions based on whether or not the window belongs 140 * to an applet (entering a username and password into a dialog box, for 141 * example), disabling this warning banner may allow applets to trick the 142 * user into entering such information. 143 * <tr> 144 * <th scope="row">toolkitModality 145 * <td>Creating {@link Dialog.ModalityType#TOOLKIT_MODAL TOOLKIT_MODAL} 146 * dialogs and setting the 147 * {@link Dialog.ModalExclusionType#TOOLKIT_EXCLUDE TOOLKIT_EXCLUDE} window 148 * property. 149 * <td>When a toolkit-modal dialog is shown from an applet, it blocks all 150 * other applets in the browser. When launching applications from Java Web 151 * Start, its windows (such as the security dialog) may also be blocked by 152 * toolkit-modal dialogs, shown from these applications. 153 * <tr> 154 * <th scope="row">watchMousePointer 155 * <td>Getting the information about the mouse pointer position at any time 156 * <td>Constantly watching the mouse pointer, an applet can make guesses 157 * about what the user is doing, i.e. moving the mouse to the lower left 158 * corner of the screen most likely means that the user is about to launch 159 * an application. If a virtual keypad is used so that keyboard is emulated 160 * using the mouse, an applet may guess what is being typed. 161 * </tbody> 162 * </table> 163 * 164 * @see java.security.BasicPermission 165 * @see java.security.Permission 166 * @see java.security.Permissions 167 * @see java.security.PermissionCollection 168 * @see java.lang.SecurityManager 169 * 170 * @author Marianne Mueller 171 * @author Roland Schemers 172 */ 173 public final class AWTPermission extends BasicPermission { 174 175 /** use serialVersionUID from the Java 2 platform for interoperability */ 176 private static final long serialVersionUID = 8890392402588814465L; 177 178 /** 179 * Creates a new {@code AWTPermission} with the specified name. 180 * The name is the symbolic name of the {@code AWTPermission}, 181 * such as "topLevelWindow", "systemClipboard", etc. An asterisk 182 * may be used to indicate all AWT permissions. 183 * 184 * @param name the name of the AWTPermission 185 * 186 * @throws NullPointerException if {@code name} is {@code null}. 187 * @throws IllegalArgumentException if {@code name} is empty. 188 */ 189 190 public AWTPermission(String name) 191 { 192 super(name); |