1 /* 2 * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package java.lang; 27 28 import java.security.*; 29 import java.util.Enumeration; 30 import java.util.Hashtable; 31 import java.util.StringTokenizer; 32 33 /** 34 * This class is for runtime permissions. A {@code RuntimePermission} 35 * contains a name (also referred to as a "target name") but no actions 36 * list; you either have the named permission or you don't. 37 * <p> 38 * The target name is the name of the runtime permission (see below). The 39 * naming convention follows the hierarchical property naming convention. 40 * Also, an asterisk may appear at the end of the name, following a ".", 41 * or by itself, to signify a wildcard match. For example: "loadLibrary.*" 42 * and "*" signify a wildcard match, while "*loadLibrary" and "a*b" do not. 43 * <p> 44 * The following table lists the standard {@code RuntimePermission} 45 * target names, and for each provides a description of what the permission 46 * allows and a discussion of the risks of granting code the permission. 47 * 48 * <table border=1 cellpadding=5 summary="permission target name, 49 * what the target allows,and associated risks"> 50 * <tr> 51 * <th>Permission Target Name</th> 248 * the SecurityManager <code>checkPackageAccess</code> method</td> 249 * <td>This gives code access to classes in packages 250 * to which it normally does not have access. Malicious code 251 * may use these classes to help in its attempt to compromise 252 * security in the system.</td> 253 * </tr> 254 * 255 * <tr> 256 * <td>defineClassInPackage.{package name}</td> 257 * <td>Definition of classes in the specified package, via a class 258 * loader's <code>defineClass</code> method when that class loader calls 259 * the SecurityManager <code>checkPackageDefinition</code> method.</td> 260 * <td>This grants code permission to define a class 261 * in a particular package. This is dangerous because malicious 262 * code with this permission may define rogue classes in 263 * trusted packages like <code>java.security</code> or <code>java.lang</code>, 264 * for example.</td> 265 * </tr> 266 * 267 * <tr> 268 * <td>accessDeclaredMembers</td> 269 * <td>Access to the declared members of a class</td> 270 * <td>This grants code permission to query a class for its public, 271 * protected, default (package) access, and private fields and/or 272 * methods. Although the code would have 273 * access to the private and protected field and method names, it would not 274 * have access to the private/protected field data and would not be able 275 * to invoke any private methods. Nevertheless, malicious code 276 * may use this information to better aim an attack. 277 * Additionally, it may invoke any public methods and/or access public fields 278 * in the class. This could be dangerous if 279 * the code would normally not be able to invoke those methods and/or 280 * access the fields because 281 * it can't cast the object to the class/interface with those methods 282 * and fields. 283 </td> 284 * </tr> 285 * <tr> 286 * <td>queuePrintJob</td> 287 * <td>Initiation of a print job request</td> 342 * checked during invocation of the abstract base class constructor. 343 * This permission ensures trust in classes which implement this 344 * security-sensitive provider mechanism. </td> 345 * <td>See <a href= "../util/spi/LocaleServiceProvider.html"> 346 * {@code java.util.spi.LocaleServiceProvider}</a> for more 347 * information.</td> 348 * </tr> 349 * 350 * <tr> 351 * <td>loggerFinder</td> 352 * <td>This {@code RuntimePermission} is required to be granted to 353 * classes which subclass or call methods on 354 * {@code java.lang.System.LoggerFinder}. The permission is 355 * checked during invocation of the abstract base class constructor, as 356 * well as on the invocation of its public methods. 357 * This permission ensures trust in classes which provide loggers 358 * to system classes.</td> 359 * <td>See {@link java.lang.System.LoggerFinder java.lang.System.LoggerFinder} 360 * for more information.</td> 361 * </tr> 362 * </table> 363 * 364 * @implNote 365 * Implementations may define additional target names, but should use naming 366 * conventions such as reverse domain name notation to avoid name clashes. 367 * 368 * @see java.security.BasicPermission 369 * @see java.security.Permission 370 * @see java.security.Permissions 371 * @see java.security.PermissionCollection 372 * @see java.lang.SecurityManager 373 * 374 * 375 * @author Marianne Mueller 376 * @author Roland Schemers 377 */ 378 379 public final class RuntimePermission extends BasicPermission { 380 381 private static final long serialVersionUID = 7399184964622342223L; | 1 /* 2 * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package java.lang; 27 28 import java.security.*; 29 import java.lang.module.ModuleFinder; 30 31 /** 32 * This class is for runtime permissions. A {@code RuntimePermission} 33 * contains a name (also referred to as a "target name") but no actions 34 * list; you either have the named permission or you don't. 35 * <p> 36 * The target name is the name of the runtime permission (see below). The 37 * naming convention follows the hierarchical property naming convention. 38 * Also, an asterisk may appear at the end of the name, following a ".", 39 * or by itself, to signify a wildcard match. For example: "loadLibrary.*" 40 * and "*" signify a wildcard match, while "*loadLibrary" and "a*b" do not. 41 * <p> 42 * The following table lists the standard {@code RuntimePermission} 43 * target names, and for each provides a description of what the permission 44 * allows and a discussion of the risks of granting code the permission. 45 * 46 * <table border=1 cellpadding=5 summary="permission target name, 47 * what the target allows,and associated risks"> 48 * <tr> 49 * <th>Permission Target Name</th> 246 * the SecurityManager <code>checkPackageAccess</code> method</td> 247 * <td>This gives code access to classes in packages 248 * to which it normally does not have access. Malicious code 249 * may use these classes to help in its attempt to compromise 250 * security in the system.</td> 251 * </tr> 252 * 253 * <tr> 254 * <td>defineClassInPackage.{package name}</td> 255 * <td>Definition of classes in the specified package, via a class 256 * loader's <code>defineClass</code> method when that class loader calls 257 * the SecurityManager <code>checkPackageDefinition</code> method.</td> 258 * <td>This grants code permission to define a class 259 * in a particular package. This is dangerous because malicious 260 * code with this permission may define rogue classes in 261 * trusted packages like <code>java.security</code> or <code>java.lang</code>, 262 * for example.</td> 263 * </tr> 264 * 265 * <tr> 266 * <td>defineClass</td> 267 * <td>Define a class with 268 * {@link java.lang.invoke.MethodHandles.Lookup#defineClass(byte[]) 269 * Lookup.defineClass}.</td> 270 * <td>This grants code with a suitably privileged {@code Lookup} object 271 * permission to define classes in the same package as the {@code Lookup}'s 272 * lookup class. </td> 273 * </tr> 274 * 275 * <tr> 276 * <td>accessDeclaredMembers</td> 277 * <td>Access to the declared members of a class</td> 278 * <td>This grants code permission to query a class for its public, 279 * protected, default (package) access, and private fields and/or 280 * methods. Although the code would have 281 * access to the private and protected field and method names, it would not 282 * have access to the private/protected field data and would not be able 283 * to invoke any private methods. Nevertheless, malicious code 284 * may use this information to better aim an attack. 285 * Additionally, it may invoke any public methods and/or access public fields 286 * in the class. This could be dangerous if 287 * the code would normally not be able to invoke those methods and/or 288 * access the fields because 289 * it can't cast the object to the class/interface with those methods 290 * and fields. 291 </td> 292 * </tr> 293 * <tr> 294 * <td>queuePrintJob</td> 295 * <td>Initiation of a print job request</td> 350 * checked during invocation of the abstract base class constructor. 351 * This permission ensures trust in classes which implement this 352 * security-sensitive provider mechanism. </td> 353 * <td>See <a href= "../util/spi/LocaleServiceProvider.html"> 354 * {@code java.util.spi.LocaleServiceProvider}</a> for more 355 * information.</td> 356 * </tr> 357 * 358 * <tr> 359 * <td>loggerFinder</td> 360 * <td>This {@code RuntimePermission} is required to be granted to 361 * classes which subclass or call methods on 362 * {@code java.lang.System.LoggerFinder}. The permission is 363 * checked during invocation of the abstract base class constructor, as 364 * well as on the invocation of its public methods. 365 * This permission ensures trust in classes which provide loggers 366 * to system classes.</td> 367 * <td>See {@link java.lang.System.LoggerFinder java.lang.System.LoggerFinder} 368 * for more information.</td> 369 * </tr> 370 * 371 * <tr> 372 * <td>accessSystemModules</td> 373 * <td>Access system modules in the runtime image.</td> 374 * <td>This grants the permission to access resources in the 375 * {@linkplain ModuleFinder#ofSystem system modules} in the runtime image.</td> 376 * </tr> 377 * 378 * </table> 379 * 380 * @implNote 381 * Implementations may define additional target names, but should use naming 382 * conventions such as reverse domain name notation to avoid name clashes. 383 * 384 * @see java.security.BasicPermission 385 * @see java.security.Permission 386 * @see java.security.Permissions 387 * @see java.security.PermissionCollection 388 * @see java.lang.SecurityManager 389 * 390 * 391 * @author Marianne Mueller 392 * @author Roland Schemers 393 */ 394 395 public final class RuntimePermission extends BasicPermission { 396 397 private static final long serialVersionUID = 7399184964622342223L; |