1 /*
2 * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package java.lang;
27
28 import java.security.*;
29 import java.util.Enumeration;
30 import java.util.Hashtable;
31 import java.util.StringTokenizer;
32
33 /**
34 * This class is for runtime permissions. A {@code RuntimePermission}
35 * contains a name (also referred to as a "target name") but no actions
36 * list; you either have the named permission or you don't.
37 * <p>
38 * The target name is the name of the runtime permission (see below). The
39 * naming convention follows the hierarchical property naming convention.
40 * Also, an asterisk may appear at the end of the name, following a ".",
41 * or by itself, to signify a wildcard match. For example: "loadLibrary.*"
42 * and "*" signify a wildcard match, while "*loadLibrary" and "a*b" do not.
43 * <p>
44 * The following table lists the standard {@code RuntimePermission}
45 * target names, and for each provides a description of what the permission
46 * allows and a discussion of the risks of granting code the permission.
47 *
48 * <table border=1 cellpadding=5 summary="permission target name,
49 * what the target allows,and associated risks">
50 * <tr>
51 * <th>Permission Target Name</th>
248 * the SecurityManager <code>checkPackageAccess</code> method</td>
249 * <td>This gives code access to classes in packages
250 * to which it normally does not have access. Malicious code
251 * may use these classes to help in its attempt to compromise
252 * security in the system.</td>
253 * </tr>
254 *
255 * <tr>
256 * <td>defineClassInPackage.{package name}</td>
257 * <td>Definition of classes in the specified package, via a class
258 * loader's <code>defineClass</code> method when that class loader calls
259 * the SecurityManager <code>checkPackageDefinition</code> method.</td>
260 * <td>This grants code permission to define a class
261 * in a particular package. This is dangerous because malicious
262 * code with this permission may define rogue classes in
263 * trusted packages like <code>java.security</code> or <code>java.lang</code>,
264 * for example.</td>
265 * </tr>
266 *
267 * <tr>
268 * <td>accessDeclaredMembers</td>
269 * <td>Access to the declared members of a class</td>
270 * <td>This grants code permission to query a class for its public,
271 * protected, default (package) access, and private fields and/or
272 * methods. Although the code would have
273 * access to the private and protected field and method names, it would not
274 * have access to the private/protected field data and would not be able
275 * to invoke any private methods. Nevertheless, malicious code
276 * may use this information to better aim an attack.
277 * Additionally, it may invoke any public methods and/or access public fields
278 * in the class. This could be dangerous if
279 * the code would normally not be able to invoke those methods and/or
280 * access the fields because
281 * it can't cast the object to the class/interface with those methods
282 * and fields.
283 </td>
284 * </tr>
285 * <tr>
286 * <td>queuePrintJob</td>
287 * <td>Initiation of a print job request</td>
342 * checked during invocation of the abstract base class constructor.
343 * This permission ensures trust in classes which implement this
344 * security-sensitive provider mechanism. </td>
345 * <td>See <a href= "../util/spi/LocaleServiceProvider.html">
346 * {@code java.util.spi.LocaleServiceProvider}</a> for more
347 * information.</td>
348 * </tr>
349 *
350 * <tr>
351 * <td>loggerFinder</td>
352 * <td>This {@code RuntimePermission} is required to be granted to
353 * classes which subclass or call methods on
354 * {@code java.lang.System.LoggerFinder}. The permission is
355 * checked during invocation of the abstract base class constructor, as
356 * well as on the invocation of its public methods.
357 * This permission ensures trust in classes which provide loggers
358 * to system classes.</td>
359 * <td>See {@link java.lang.System.LoggerFinder java.lang.System.LoggerFinder}
360 * for more information.</td>
361 * </tr>
362 * </table>
363 *
364 * @implNote
365 * Implementations may define additional target names, but should use naming
366 * conventions such as reverse domain name notation to avoid name clashes.
367 *
368 * @see java.security.BasicPermission
369 * @see java.security.Permission
370 * @see java.security.Permissions
371 * @see java.security.PermissionCollection
372 * @see java.lang.SecurityManager
373 *
374 *
375 * @author Marianne Mueller
376 * @author Roland Schemers
377 */
378
379 public final class RuntimePermission extends BasicPermission {
380
381 private static final long serialVersionUID = 7399184964622342223L;
|
1 /*
2 * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package java.lang;
27
28 import java.security.*;
29 import java.lang.module.ModuleFinder;
30
31 /**
32 * This class is for runtime permissions. A {@code RuntimePermission}
33 * contains a name (also referred to as a "target name") but no actions
34 * list; you either have the named permission or you don't.
35 * <p>
36 * The target name is the name of the runtime permission (see below). The
37 * naming convention follows the hierarchical property naming convention.
38 * Also, an asterisk may appear at the end of the name, following a ".",
39 * or by itself, to signify a wildcard match. For example: "loadLibrary.*"
40 * and "*" signify a wildcard match, while "*loadLibrary" and "a*b" do not.
41 * <p>
42 * The following table lists the standard {@code RuntimePermission}
43 * target names, and for each provides a description of what the permission
44 * allows and a discussion of the risks of granting code the permission.
45 *
46 * <table border=1 cellpadding=5 summary="permission target name,
47 * what the target allows,and associated risks">
48 * <tr>
49 * <th>Permission Target Name</th>
246 * the SecurityManager <code>checkPackageAccess</code> method</td>
247 * <td>This gives code access to classes in packages
248 * to which it normally does not have access. Malicious code
249 * may use these classes to help in its attempt to compromise
250 * security in the system.</td>
251 * </tr>
252 *
253 * <tr>
254 * <td>defineClassInPackage.{package name}</td>
255 * <td>Definition of classes in the specified package, via a class
256 * loader's <code>defineClass</code> method when that class loader calls
257 * the SecurityManager <code>checkPackageDefinition</code> method.</td>
258 * <td>This grants code permission to define a class
259 * in a particular package. This is dangerous because malicious
260 * code with this permission may define rogue classes in
261 * trusted packages like <code>java.security</code> or <code>java.lang</code>,
262 * for example.</td>
263 * </tr>
264 *
265 * <tr>
266 * <td>defineClass</td>
267 * <td>Define a class with
268 * {@link java.lang.invoke.MethodHandles.Lookup#defineClass(byte[])
269 * Lookup.defineClass}.</td>
270 * <td>This grants code with a suitably privileged {@code Lookup} object
271 * permission to define classes in the same package as the {@code Lookup}'s
272 * lookup class. </td>
273 * </tr>
274 *
275 * <tr>
276 * <td>accessDeclaredMembers</td>
277 * <td>Access to the declared members of a class</td>
278 * <td>This grants code permission to query a class for its public,
279 * protected, default (package) access, and private fields and/or
280 * methods. Although the code would have
281 * access to the private and protected field and method names, it would not
282 * have access to the private/protected field data and would not be able
283 * to invoke any private methods. Nevertheless, malicious code
284 * may use this information to better aim an attack.
285 * Additionally, it may invoke any public methods and/or access public fields
286 * in the class. This could be dangerous if
287 * the code would normally not be able to invoke those methods and/or
288 * access the fields because
289 * it can't cast the object to the class/interface with those methods
290 * and fields.
291 </td>
292 * </tr>
293 * <tr>
294 * <td>queuePrintJob</td>
295 * <td>Initiation of a print job request</td>
350 * checked during invocation of the abstract base class constructor.
351 * This permission ensures trust in classes which implement this
352 * security-sensitive provider mechanism. </td>
353 * <td>See <a href= "../util/spi/LocaleServiceProvider.html">
354 * {@code java.util.spi.LocaleServiceProvider}</a> for more
355 * information.</td>
356 * </tr>
357 *
358 * <tr>
359 * <td>loggerFinder</td>
360 * <td>This {@code RuntimePermission} is required to be granted to
361 * classes which subclass or call methods on
362 * {@code java.lang.System.LoggerFinder}. The permission is
363 * checked during invocation of the abstract base class constructor, as
364 * well as on the invocation of its public methods.
365 * This permission ensures trust in classes which provide loggers
366 * to system classes.</td>
367 * <td>See {@link java.lang.System.LoggerFinder java.lang.System.LoggerFinder}
368 * for more information.</td>
369 * </tr>
370 *
371 * <tr>
372 * <td>accessSystemModules</td>
373 * <td>Access system modules in the runtime image.</td>
374 * <td>This grants the permission to access resources in the
375 * {@linkplain ModuleFinder#ofSystem system modules} in the runtime image.</td>
376 * </tr>
377 *
378 * </table>
379 *
380 * @implNote
381 * Implementations may define additional target names, but should use naming
382 * conventions such as reverse domain name notation to avoid name clashes.
383 *
384 * @see java.security.BasicPermission
385 * @see java.security.Permission
386 * @see java.security.Permissions
387 * @see java.security.PermissionCollection
388 * @see java.lang.SecurityManager
389 *
390 *
391 * @author Marianne Mueller
392 * @author Roland Schemers
393 */
394
395 public final class RuntimePermission extends BasicPermission {
396
397 private static final long serialVersionUID = 7399184964622342223L;
|