32 * An {@code AWTPermission} contains a target name but
33 * no actions list; you either have the named permission
34 * or you don't.
35 *
36 * <P>
37 * The target name is the name of the AWT permission (see below). The naming
38 * convention follows the hierarchical property naming convention.
39 * Also, an asterisk could be used to represent all AWT permissions.
40 *
41 * <P>
42 * The following table lists all the possible {@code AWTPermission}
43 * target names, and for each provides a description of what the
44 * permission allows and a discussion of the risks of granting code
45 * the permission.
46 *
47 * <table class="striped">
48 * <caption>AWTPermission target names, descriptions, and associated risks
49 * </caption>
50 * <thead>
51 * <tr>
52 * <th>Permission Target Name</th>
53 * <th>What the Permission Allows</th>
54 * <th>Risks of Allowing this Permission</th>
55 * </tr>
56 * </thead>
57 * <tbody>
58 * <tr>
59 * <td>accessClipboard</td>
60 * <td>Posting and retrieval of information to and from the AWT clipboard</td>
61 * <td>This would allow malfeasant code to share
62 * potentially sensitive or confidential information.</td>
63 * </tr>
64 *
65 * <tr>
66 * <td>accessEventQueue</td>
67 * <td>Access to the AWT event queue</td>
68 * <td>After retrieving the AWT event queue,
69 * malicious code may peek at and even remove existing events
70 * from its event queue, as well as post bogus events which may purposefully
71 * cause the application or applet to misbehave in an insecure manner.</td>
72 * </tr>
73 *
74 * <tr>
75 * <td>accessSystemTray</td>
76 * <td>Access to the AWT SystemTray instance</td>
77 * <td>This would allow malicious code to add tray icons to the system tray.
78 * First, such an icon may look like the icon of some known application
79 * (such as a firewall or anti-virus) and order a user to do something unsafe
80 * (with help of balloon messages). Second, the system tray may be glutted with
81 * tray icons so that no one could add a tray icon anymore.</td>
82 * </tr>
83 *
84 * <tr>
85 * <td>createRobot</td>
86 * <td>Create java.awt.Robot objects</td>
87 * <td>The java.awt.Robot object allows code to generate native-level
88 * mouse and keyboard events as well as read the screen. It could allow
89 * malicious code to control the system, run other programs, read the
90 * display, and deny mouse and keyboard access to the user.</td>
91 * </tr>
92 *
93 * <tr>
94 * <td>fullScreenExclusive</td>
95 * <td>Enter full-screen exclusive mode</td>
96 * <td>Entering full-screen exclusive mode allows direct access to
97 * low-level graphics card memory. This could be used to spoof the
98 * system, since the program is in direct control of rendering. Depending on
99 * the implementation, the security warning may not be shown for the windows
100 * used to enter the full-screen exclusive mode (assuming that the {@code
101 * fullScreenExclusive} permission has been granted to this application). Note
102 * that this behavior does not mean that the {@code
103 * showWindowWithoutWarningBanner} permission will be automatically granted to
104 * the application which has the {@code fullScreenExclusive} permission:
105 * non-full-screen windows will continue to be shown with the security
106 * warning.</td>
107 * </tr>
108 *
109 * <tr>
110 * <td>listenToAllAWTEvents</td>
111 * <td>Listen to all AWT events, system-wide</td>
112 * <td>After adding an AWT event listener,
113 * malicious code may scan all AWT events dispatched in the system,
114 * allowing it to read all user input (such as passwords). Each
115 * AWT event listener is called from within the context of that
116 * event queue's EventDispatchThread, so if the accessEventQueue
117 * permission is also enabled, malicious code could modify the
118 * contents of AWT event queues system-wide, causing the application
119 * or applet to misbehave in an insecure manner.</td>
120 * </tr>
121 *
122 * <tr>
123 * <td>readDisplayPixels</td>
124 * <td>Readback of pixels from the display screen</td>
125 * <td>Interfaces such as the java.awt.Composite interface or the
126 * java.awt.Robot class allow arbitrary code to examine pixels on the
127 * display enable malicious code to snoop on the activities of the user.</td>
128 * </tr>
129 *
130 * <tr>
131 * <td>replaceKeyboardFocusManager</td>
132 * <td>Sets the {@code KeyboardFocusManager} for
133 * a particular thread.
134 * <td>When {@code SecurityManager} is installed, the invoking
135 * thread must be granted this permission in order to replace
136 * the current {@code KeyboardFocusManager}. If permission
137 * is not granted, a {@code SecurityException} will be thrown.
138 * </tr>
139 *
140 * <tr>
141 * <td>setAppletStub</td>
142 * <td>Setting the stub which implements Applet container services</td>
143 * <td>Malicious code could set an applet's stub and result in unexpected
144 * behavior or denial of service to an applet.</td>
145 * </tr>
146 *
147 * <tr>
148 * <td>setWindowAlwaysOnTop</td>
149 * <td>Setting always-on-top property of the window: {@link Window#setAlwaysOnTop}</td>
150 * <td>The malicious window might make itself look and behave like a real full desktop, so that
151 * information entered by the unsuspecting user is captured and subsequently misused </td>
152 * </tr>
153 *
154 * <tr>
155 * <td>showWindowWithoutWarningBanner</td>
156 * <td>Display of a window without also displaying a banner warning
157 * that the window was created by an applet</td>
158 * <td>Without this warning,
159 * an applet may pop up windows without the user knowing that they
160 * belong to an applet. Since users may make security-sensitive
161 * decisions based on whether or not the window belongs to an applet
162 * (entering a username and password into a dialog box, for example),
163 * disabling this warning banner may allow applets to trick the user
164 * into entering such information.</td>
165 * </tr>
166 *
167 * <tr>
168 * <td>toolkitModality</td>
169 * <td>Creating {@link Dialog.ModalityType#TOOLKIT_MODAL TOOLKIT_MODAL} dialogs
170 * and setting the {@link Dialog.ModalExclusionType#TOOLKIT_EXCLUDE
171 * TOOLKIT_EXCLUDE} window property.</td>
172 * <td>When a toolkit-modal dialog is shown from an applet, it blocks all other
173 * applets in the browser. When launching applications from Java Web Start,
174 * its windows (such as the security dialog) may also be blocked by toolkit-modal
175 * dialogs, shown from these applications.</td>
176 * </tr>
177 *
178 * <tr>
179 * <td>watchMousePointer</td>
180 * <td>Getting the information about the mouse pointer position at any
181 * time</td>
182 * <td>Constantly watching the mouse pointer,
183 * an applet can make guesses about what the user is doing, i.e. moving
184 * the mouse to the lower left corner of the screen most likely means that
185 * the user is about to launch an application. If a virtual keypad is used
186 * so that keyboard is emulated using the mouse, an applet may guess what
187 * is being typed.</td>
188 * </tr>
189 * </tbody>
190 * </table>
191 *
192 * @see java.security.BasicPermission
193 * @see java.security.Permission
194 * @see java.security.Permissions
195 * @see java.security.PermissionCollection
196 * @see java.lang.SecurityManager
197 *
198 *
199 * @author Marianne Mueller
200 * @author Roland Schemers
201 */
202
203 public final class AWTPermission extends BasicPermission {
204
205 /** use serialVersionUID from the Java 2 platform for interoperability */
206 private static final long serialVersionUID = 8890392402588814465L;
207
208 /**
209 * Creates a new {@code AWTPermission} with the specified name.
210 * The name is the symbolic name of the {@code AWTPermission},
211 * such as "topLevelWindow", "systemClipboard", etc. An asterisk
212 * may be used to indicate all AWT permissions.
213 *
214 * @param name the name of the AWTPermission
215 *
216 * @throws NullPointerException if {@code name} is {@code null}.
217 * @throws IllegalArgumentException if {@code name} is empty.
218 */
219
220 public AWTPermission(String name)
221 {
222 super(name);
|
32 * An {@code AWTPermission} contains a target name but
33 * no actions list; you either have the named permission
34 * or you don't.
35 *
36 * <P>
37 * The target name is the name of the AWT permission (see below). The naming
38 * convention follows the hierarchical property naming convention.
39 * Also, an asterisk could be used to represent all AWT permissions.
40 *
41 * <P>
42 * The following table lists all the possible {@code AWTPermission}
43 * target names, and for each provides a description of what the
44 * permission allows and a discussion of the risks of granting code
45 * the permission.
46 *
47 * <table class="striped">
48 * <caption>AWTPermission target names, descriptions, and associated risks
49 * </caption>
50 * <thead>
51 * <tr>
52 * <th scope="col">Permission Target Name
53 * <th scope="col">What the Permission Allows
54 * <th scope="col">Risks of Allowing this Permission
55 * </thead>
56 * <tbody>
57 * <tr>
58 * <th scope="row">accessClipboard
59 * <td>Posting and retrieval of information to and from the AWT clipboard
60 * <td>This would allow malfeasant code to share potentially sensitive or
61 * confidential information.
62 * <tr>
63 * <th scope="row">accessEventQueue
64 * <td>Access to the AWT event queue
65 * <td>After retrieving the AWT event queue, malicious code may peek at and
66 * even remove existing events from its event queue, as well as post bogus
67 * events which may purposefully cause the application or applet to
68 * misbehave in an insecure manner.
69 * <tr>
70 * <th scope="row">accessSystemTray
71 * <td>Access to the AWT SystemTray instance
72 * <td>This would allow malicious code to add tray icons to the system tray.
73 * First, such an icon may look like the icon of some known application
74 * (such as a firewall or anti-virus) and order a user to do something
75 * unsafe (with help of balloon messages). Second, the system tray may be
76 * glutted with tray icons so that no one could add a tray icon anymore.
77 * <tr>
78 * <th scope="row">createRobot
79 * <td>Create java.awt.Robot objects
80 * <td>The java.awt.Robot object allows code to generate native-level mouse
81 * and keyboard events as well as read the screen. It could allow malicious
82 * code to control the system, run other programs, read the display, and
83 * deny mouse and keyboard access to the user.
84 * <tr>
85 * <th scope="row">fullScreenExclusive
86 * <td>Enter full-screen exclusive mode
87 * <td>Entering full-screen exclusive mode allows direct access to low-level
88 * graphics card memory. This could be used to spoof the system, since the
89 * program is in direct control of rendering. Depending on the
90 * implementation, the security warning may not be shown for the windows
91 * used to enter the full-screen exclusive mode (assuming that the
92 * {@code fullScreenExclusive} permission has been granted to this
93 * application). Note that this behavior does not mean that the
94 * {@code showWindowWithoutWarningBanner} permission will be automatically
95 * granted to the application which has the {@code fullScreenExclusive}
96 * permission: non-full-screen windows will continue to be shown with the
97 * security warning.
98 * <tr>
99 * <th scope="row">listenToAllAWTEvents
100 * <td>Listen to all AWT events, system-wide
101 * <td>After adding an AWT event listener, malicious code may scan all AWT
102 * events dispatched in the system, allowing it to read all user input (such
103 * as passwords). Each AWT event listener is called from within the context
104 * of that event queue's EventDispatchThread, so if the accessEventQueue
105 * permission is also enabled, malicious code could modify the contents of
106 * AWT event queues system-wide, causing the application or applet to
107 * misbehave in an insecure manner.
108 * <tr>
109 * <th scope="row">readDisplayPixels
110 * <td>Readback of pixels from the display screen
111 * <td>Interfaces such as the java.awt.Composite interface or the
112 * java.awt.Robot class allow arbitrary code to examine pixels on the
113 * display enable malicious code to snoop on the activities of the user.
114 * <tr>
115 * <th scope="row">replaceKeyboardFocusManager
116 * <td>Sets the {@code KeyboardFocusManager} for a particular thread.
117 * <td>When {@code SecurityManager} is installed, the invoking thread must
118 * be granted this permission in order to replace the current
119 * {@code KeyboardFocusManager}. If permission is not granted, a
120 * {@code SecurityException} will be thrown.
121 * <tr>
122 * <th scope="row">setAppletStub
123 * <td>Setting the stub which implements Applet container services
124 * <td>Malicious code could set an applet's stub and result in unexpected
125 * behavior or denial of service to an applet.
126 * <tr>
127 * <th scope="row">setWindowAlwaysOnTop
128 * <td>Setting always-on-top property of the window:
129 * {@link Window#setAlwaysOnTop}
130 * <td>The malicious window might make itself look and behave like a real
131 * full desktop, so that information entered by the unsuspecting user is
132 * captured and subsequently misused
133 * <tr>
134 * <th scope="row">showWindowWithoutWarningBanner
135 * <td>Display of a window without also displaying a banner warning that the
136 * window was created by an applet
137 * <td>Without this warning, an applet may pop up windows without the user
138 * knowing that they belong to an applet. Since users may make
139 * security-sensitive decisions based on whether or not the window belongs
140 * to an applet (entering a username and password into a dialog box, for
141 * example), disabling this warning banner may allow applets to trick the
142 * user into entering such information.
143 * <tr>
144 * <th scope="row">toolkitModality
145 * <td>Creating {@link Dialog.ModalityType#TOOLKIT_MODAL TOOLKIT_MODAL}
146 * dialogs and setting the
147 * {@link Dialog.ModalExclusionType#TOOLKIT_EXCLUDE TOOLKIT_EXCLUDE} window
148 * property.
149 * <td>When a toolkit-modal dialog is shown from an applet, it blocks all
150 * other applets in the browser. When launching applications from Java Web
151 * Start, its windows (such as the security dialog) may also be blocked by
152 * toolkit-modal dialogs, shown from these applications.
153 * <tr>
154 * <th scope="row">watchMousePointer
155 * <td>Getting the information about the mouse pointer position at any time
156 * <td>Constantly watching the mouse pointer, an applet can make guesses
157 * about what the user is doing, i.e. moving the mouse to the lower left
158 * corner of the screen most likely means that the user is about to launch
159 * an application. If a virtual keypad is used so that keyboard is emulated
160 * using the mouse, an applet may guess what is being typed.
161 * </tbody>
162 * </table>
163 *
164 * @see java.security.BasicPermission
165 * @see java.security.Permission
166 * @see java.security.Permissions
167 * @see java.security.PermissionCollection
168 * @see java.lang.SecurityManager
169 *
170 * @author Marianne Mueller
171 * @author Roland Schemers
172 */
173 public final class AWTPermission extends BasicPermission {
174
175 /** use serialVersionUID from the Java 2 platform for interoperability */
176 private static final long serialVersionUID = 8890392402588814465L;
177
178 /**
179 * Creates a new {@code AWTPermission} with the specified name.
180 * The name is the symbolic name of the {@code AWTPermission},
181 * such as "topLevelWindow", "systemClipboard", etc. An asterisk
182 * may be used to indicate all AWT permissions.
183 *
184 * @param name the name of the AWTPermission
185 *
186 * @throws NullPointerException if {@code name} is {@code null}.
187 * @throws IllegalArgumentException if {@code name} is empty.
188 */
189
190 public AWTPermission(String name)
191 {
192 super(name);
|