1 /*
   2  * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package com.sun.tools.attach;
  27 
  28 /**
  29  * When a {@link java.lang.SecurityManager SecurityManager} set, this
  30  * is the permission which will be checked when code invokes {@link
  31  * VirtualMachine#attach VirtalMachine.attach} to attach to a target virtual
  32  * machine.
  33  * This permission is also checked when an {@link
  34  * com.sun.tools.attach.spi.AttachProvider AttachProvider} is created. </p>
  35  *
  36  * <p> An <code>AttachPermission</code> object contains a name (also referred
  37  * to as a "target name") but no actions list; you either have the
  38  * named permission or you don't.
  39  * The following table provides a summary description of what the
  40  * permission allows, and discusses the risks of granting code the
  41  * permission.
  42  * <P>
  43  * <table border=1 cellpadding=5 summary="Table shows permission
  44  * target name, what the permission allows, and associated risks">
  45  * <tr>
  46  * <th>Permission Target Name</th>
  47  * <th>What the Permission Allows</th>
  48  * <th>Risks of Allowing this Permission</th>
  49  * </tr>
  50  *
  51  * <tr>
  52  *   <td>attachVirtualMachine</td>
  53  *   <td>Ability to attach to another Java virtual machine and load agents
  54  *       into that VM.
  55  *   </td>
  56  *   <td>This allows an attacker to control the target VM which can potentially
  57  *       cause it to misbehave.
  58  *   </td>
  59  * </tr>
  60  *
  61  * <tr>
  62  *   <td>createAttachProvider</td>
  63  *   <td>Ability to create an <code>AttachProvider</code> instance.
  64  *   </td>
  65  *   <td>This allows an attacker to create an AttachProvider which can
  66  *       potentially be used to attach to other Java virtual machines.
  67  *   </td>
  68  * </tr>
  69 
  70  *
  71  * </table>
  72 
  73  * <p>
  74  * Programmers do not normally create AttachPermission objects directly.
  75  * Instead they are created by the security policy code based on reading
  76  * the security policy file.
  77  *
  78  * @see com.sun.tools.attach.VirtualMachine
  79  * @see com.sun.tools.attach.spi.AttachProvider
  80  */
  81 
  82 @jdk.Exported
  83 public final class AttachPermission extends java.security.BasicPermission {
  84 
  85     /** use serialVersionUID for interoperability */
  86     static final long serialVersionUID = -4619447669752976181L;
  87 
  88     /**
  89      * Constructs a new AttachPermission object.
  90      *
  91      * @param name Permission name. Must be either "attachVirtualMachine",
  92      *             or "createAttachProvider".
  93      *
  94      * @throws NullPointerException if name is <code>null</code>.
  95      * @throws IllegalArgumentException if the name is invalid.
  96      */
  97     public AttachPermission(String name) {
  98         super(name);
  99         if (!name.equals("attachVirtualMachine") && !name.equals("createAttachProvider")) {
 100             throw new IllegalArgumentException("name: " + name);
 101         }
 102     }
 103 
 104     /**
 105      * Constructs a new AttachPermission object.
 106      *
 107      * @param name Permission name.   Must be either "attachVirtualMachine",
 108      *             or "createAttachProvider".
 109      *
 110      * @param actions Not used and should be <code>null</code>, or
 111      *                the empty string.
 112      *
 113      * @throws NullPointerException if name is <code>null</code>.
 114      * @throws IllegalArgumentException if arguments are invalid.
 115      */
 116     public AttachPermission(String name, String actions) {
 117         super(name);
 118         if (!name.equals("attachVirtualMachine") && !name.equals("createAttachProvider")) {
 119             throw new IllegalArgumentException("name: " + name);
 120         }
 121         if (actions != null && actions.length() > 0) {
 122             throw new IllegalArgumentException("actions: " + actions);
 123         }
 124     }
 125 }