*
*
- * | createClassLoader |
+ * createClassLoader |
* Creation of a class loader |
* This is an extremely dangerous permission to grant.
* Malicious applications that can instantiate their own class
@@ -67,7 +67,7 @@
* |
*
*
- * | getClassLoader |
+ * getClassLoader |
* Retrieval of a class loader (e.g., the class loader for the calling
* class) |
* This would grant an attacker permission to get the
@@ -78,7 +78,7 @@
* |
*
*
- * | setContextClassLoader |
+ * setContextClassLoader |
* Setting of the context class loader used by a thread |
* The context class loader is used by system code and extensions
* when they need to lookup resources that might not exist in the system
@@ -88,7 +88,7 @@
* |
*
*
- * | enableContextClassLoaderOverride |
+ * enableContextClassLoaderOverride |
* Subclass implementation of the thread context class loader methods |
* The context class loader is used by system code and extensions
* when they need to lookup resources that might not exist in the system
@@ -98,14 +98,14 @@
* |
*
*
- * | closeClassLoader |
+ * closeClassLoader |
* Closing of a ClassLoader |
* Granting this permission allows code to close any URLClassLoader
* that it has a reference to. |
*
*
*
- * | setSecurityManager |
+ * setSecurityManager |
* Setting of the security manager (possibly replacing an existing one)
* |
* The security manager is a class that allows
@@ -117,14 +117,14 @@
* |
*
*
- * | createSecurityManager |
+ * createSecurityManager |
* Creation of a new security manager |
* This gives code access to protected, sensitive methods that may
* disclose information about other classes or the execution stack. |
*
*
*
- * | getenv.{variable name} |
+ * getenv.{variable name} |
* Reading of the value of the specified environment variable |
* This would allow code to read the value, or determine the
* existence, of a particular environment variable. This is
@@ -132,7 +132,7 @@
* |
*
*
- * | exitVM.{exit status} |
+ * exitVM.{exit status} |
* Halting of the Java Virtual Machine with the specified exit status |
* This allows an attacker to mount a denial-of-service attack
* by automatically forcing the virtual machine to halt.
@@ -143,14 +143,14 @@
* |
*
*
- * | shutdownHooks |
+ * shutdownHooks |
* Registration and cancellation of virtual-machine shutdown hooks |
* This allows an attacker to register a malicious shutdown
* hook that interferes with the clean shutdown of the virtual machine. |
*
*
*
- * | setFactory |
+ * setFactory |
* Setting of the socket factory used by ServerSocket or Socket,
* or of the stream handler factory used by URL |
* This allows code to set the actual implementation
@@ -160,7 +160,7 @@
* |
*
*
- * | setIO |
+ * setIO |
* Setting of System.out, System.in, and System.err |
* This allows changing the value of the standard system streams.
* An attacker may change System.in to monitor and
@@ -169,7 +169,7 @@
* |
*
*
- * | modifyThread |
+ * modifyThread |
* Modification of threads, e.g., via calls to Thread
* {@code interrupt, stop, suspend, resume, setDaemon, setPriority,
* setName} and {@code setUncaughtExceptionHandler}
@@ -179,7 +179,7 @@
* |
*
*
- * | stopThread |
+ * stopThread |
* Stopping of threads via calls to the Thread stop
* method |
* This allows code to stop any thread in the system provided that it is
@@ -189,7 +189,7 @@
* |
*
*
- * | modifyThreadGroup |
+ * modifyThreadGroup |
* modification of thread groups, e.g., via calls to ThreadGroup
* destroy, getParent, resume,
* setDaemon, setMaxPriority, stop,
@@ -199,7 +199,7 @@
* |
*
*
- * | getProtectionDomain |
+ * getProtectionDomain |
* Retrieval of the ProtectionDomain for a class |
* This allows code to obtain policy information
* for a particular code source. While obtaining policy information
@@ -209,7 +209,7 @@
* |
*
*
- * | getFileSystemAttributes |
+ * getFileSystemAttributes |
* Retrieval of file system attributes |
* This allows code to obtain file system information such as disk usage
* or disk space available to the caller. This is potentially dangerous
@@ -219,7 +219,7 @@
* |
*
*
- * | readFileDescriptor |
+ * readFileDescriptor |
* Reading of file descriptors |
* This would allow code to read the particular file associated
* with the file descriptor read. This is dangerous if the file
@@ -227,7 +227,7 @@
* |
*
*
- * | writeFileDescriptor |
+ * writeFileDescriptor |
* Writing to file descriptors |
* This allows code to write to a particular file associated
* with the descriptor. This is dangerous because it may allow
@@ -236,7 +236,7 @@
* |
*
*
- * | loadLibrary.{library name} |
+ * loadLibrary.{library name} |
* Dynamic linking of the specified library |
* It is dangerous to allow an applet permission to load native code
* libraries, because the Java security architecture is not designed to and
@@ -244,7 +244,7 @@
* |
*
*
- * | accessClassInPackage.{package name} |
+ * accessClassInPackage.{package name} |
* Access to the specified package via a class loader's
* loadClass method when that class loader calls
* the SecurityManager checkPackageAccess method |
@@ -255,7 +255,7 @@
*
*
*
- * | defineClassInPackage.{package name} |
+ * defineClassInPackage.{package name} |
* Definition of classes in the specified package, via a class
* loader's defineClass method when that class loader calls
* the SecurityManager checkPackageDefinition method. |
@@ -267,7 +267,7 @@
*
*
*
- * | defineClass |
+ * defineClass |
* Define a class with
* {@link java.lang.invoke.MethodHandles.Lookup#defineClass(byte[])
* Lookup.defineClass}. |
@@ -277,7 +277,7 @@
*
*
*
- * | accessDeclaredMembers |
+ * accessDeclaredMembers |
* Access to the declared members of a class |
* This grants code permission to query a class for its public,
* protected, default (package) access, and private fields and/or
@@ -295,14 +295,14 @@
|
*
*
- * | queuePrintJob |
+ * queuePrintJob |
* Initiation of a print job request |
* This could print sensitive information to a printer,
* or simply waste paper. |
*
*
*
- * | getStackTrace |
+ * getStackTrace |
* Retrieval of the stack trace information of another thread. |
* This allows retrieval of the stack trace information of
* another thread. This might allow malicious code to monitor the
@@ -310,7 +310,7 @@
* |
*
*
- * | getStackWalkerWithClassReference |
+ * getStackWalkerWithClassReference |
* Get a stack walker that can retrieve stack frames with class reference. |
* This allows retrieval of Class objects from stack walking.
* This might allow malicious code to access Class objects on the stack
@@ -318,7 +318,7 @@
* |
*
*
- * | setDefaultUncaughtExceptionHandler |
+ * setDefaultUncaughtExceptionHandler |
* Setting the default handler to be used when a thread
* terminates abruptly due to an uncaught exception |
* This allows an attacker to register a malicious
@@ -327,7 +327,7 @@
* |
*
*
- * | preferences |
+ * preferences |
* Represents the permission required to get access to the
* java.util.prefs.Preferences implementations user or system root
* which in turn allows retrieval or update operations within the
@@ -340,14 +340,14 @@
* |
*
*
- * | manageProcess |
+ * manageProcess |
* Native process termination and information about processes
* {@link ProcessHandle}. |
* Allows code to identify and terminate processes that it did not create. |
*
*
*
- * | localeServiceProvider |
+ * localeServiceProvider |
* This {@code RuntimePermission} is required to be granted to
* classes which subclass and implement
* {@code java.util.spi.LocaleServiceProvider}. The permission is
@@ -360,7 +360,7 @@
* |
*
*
- * | loggerFinder |
+ * loggerFinder |
* This {@code RuntimePermission} is required to be granted to
* classes which subclass or call methods on
* {@code java.lang.System.LoggerFinder}. The permission is
@@ -373,7 +373,7 @@
* |
*
*
- * | accessSystemModules |
+ * accessSystemModules |
* Access system modules in the runtime image. |
* This grants the permission to access resources in the
* {@linkplain ModuleFinder#ofSystem system modules} in the runtime image. |