2362N/A * Copyright (c) 1997, 2005, Oracle and/or its affiliates. All rights reserved. 0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 0N/A * This code is free software; you can redistribute it and/or modify it 0N/A * under the terms of the GNU General Public License version 2 only, as 2362N/A * published by the Free Software Foundation. Oracle designates this 0N/A * particular file as subject to the "Classpath" exception as provided 2362N/A * by Oracle in the LICENSE file that accompanied this code. 0N/A * This code is distributed in the hope that it will be useful, but WITHOUT 0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 0N/A * version 2 for more details (a copy is included in the LICENSE file that 0N/A * accompanied this code). 0N/A * You should have received a copy of the GNU General Public License version 0N/A * 2 along with this work; if not, write to the Free Software Foundation, 0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 2362N/A * or visit www.oracle.com if you need additional information or have any 0N/A * This class is for runtime permissions. A RuntimePermission 0N/A * contains a name (also referred to as a "target name") but 0N/A * no actions list; you either have the named permission 0N/A * The target name is the name of the runtime permission (see below). The 0N/A * naming convention follows the hierarchical property naming convention. 0N/A * may appear at the end of the name, following a ".", or by itself, to 0N/A * signify a wildcard match. For example: "loadLibrary.*" or "*" is valid, 0N/A * "*loadLibrary" or "a*b" is not valid. 0N/A * The following table lists all the possible RuntimePermission target names, 0N/A * and for each provides a description of what the permission allows 0N/A * and a discussion of the risks of granting code the permission. 0N/A * <table border=1 cellpadding=5 summary="permission target name, 0N/A * what the target allows,and associated risks"> 0N/A * <th>Permission Target Name</th> 0N/A * <th>What the Permission Allows</th> 0N/A * <th>Risks of Allowing this Permission</th> 0N/A * <td>createClassLoader</td> 0N/A * <td>Creation of a class loader</td> 0N/A * <td>This is an extremely dangerous permission to grant. 0N/A * Malicious applications that can instantiate their own class 0N/A * loaders could then load their own rogue classes into the system. 0N/A * These newly loaded classes could be placed into any protection 0N/A * domain by the class loader, thereby automatically granting the 0N/A * classes the permissions for that domain.</td> 0N/A * <td>getClassLoader</td> 0N/A * <td>Retrieval of a class loader (e.g., the class loader for the calling 0N/A * <td>This would grant an attacker permission to get the 0N/A * class loader for a particular class. This is dangerous because 0N/A * having access to a class's class loader allows the attacker to 0N/A * load other classes available to that class loader. The attacker 0N/A * would typically otherwise not have access to those classes.</td> 0N/A * <td>setContextClassLoader</td> 0N/A * <td>Setting of the context class loader used by a thread</td> 0N/A * <td>The context class loader is used by system code and extensions 0N/A * when they need to lookup resources that might not exist in the system 0N/A * class loader. Granting setContextClassLoader permission would allow 0N/A * code to change which context class loader is used 0N/A * for a particular thread, including system threads.</td> 0N/A * <td>enableContextClassLoaderOverride</td> 0N/A * <td>Subclass implementation of the thread context class loader methods</td> 0N/A * <td>The context class loader is used by system code and extensions 0N/A * when they need to lookup resources that might not exist in the system 0N/A * class loader. Granting enableContextClassLoaderOverride permission would allow 0N/A * a subclass of Thread to override the methods that are used 0N/A * to get or set the context class loader for a particular thread.</td> 848N/A * <td>closeClassLoader</td> 848N/A * <td>Closing of a ClassLoader</td> 848N/A * <td>Granting this permission allows code to close any URLClassLoader 848N/A * that it has a reference to.</td> 0N/A * <td>setSecurityManager</td> 0N/A * <td>Setting of the security manager (possibly replacing an existing one) 0N/A * <td>The security manager is a class that allows 0N/A * applications to implement a security policy. Granting the setSecurityManager 0N/A * permission would allow code to change which security manager is used by 0N/A * installing a different, possibly less restrictive security manager, 0N/A * thereby bypassing checks that would have been enforced by the original 0N/A * security manager.</td> 0N/A * <td>createSecurityManager</td> 0N/A * <td>Creation of a new security manager</td> 0N/A * <td>This gives code access to protected, sensitive methods that may 0N/A * disclose information about other classes or the execution stack.</td> 0N/A * <td>getenv.{variable name}</td> 0N/A * <td>Reading of the value of the specified environment variable</td> 0N/A * <td>This would allow code to read the value, or determine the 0N/A * existence, of a particular environment variable. This is 0N/A * dangerous if the variable contains confidential data.</td> 0N/A * <td>exitVM.{exit status}</td> 0N/A * <td>Halting of the Java Virtual Machine with the specified exit status</td> 0N/A * <td>This allows an attacker to mount a denial-of-service attack 0N/A * by automatically forcing the virtual machine to halt. 0N/A * Note: The "exitVM.*" permission is automatically granted to all code 0N/A * loaded from the application class path, thus enabling applications 0N/A * to terminate themselves. Also, the "exitVM" permission is equivalent to 0N/A * <td>shutdownHooks</td> 0N/A * <td>Registration and cancellation of virtual-machine shutdown hooks</td> 0N/A * <td>This allows an attacker to register a malicious shutdown 0N/A * hook that interferes with the clean shutdown of the virtual machine.</td> 0N/A * <td>setFactory</td> 0N/A * <td>Setting of the socket factory used by ServerSocket or Socket, 0N/A * or of the stream handler factory used by URL</td> 0N/A * <td>This allows code to set the actual implementation 0N/A * for the socket, server socket, stream handler, or RMI socket factory. 0N/A * An attacker may set a faulty implementation which mangles the data 0N/A * <td>Setting of System.out, System.in, and System.err</td> 0N/A * <td>This allows changing the value of the standard system streams. 0N/A * An attacker may change System.in to monitor and 0N/A * steal user input, or may set System.err to a "null" OutputStream, 0N/A * which would hide any error messages sent to System.err. </td> 0N/A * <td>modifyThread</td> 0N/A * <td>Modification of threads, e.g., via calls to Thread 0N/A * <tt>interrupt</tt>, <tt>stop</tt>, <tt>suspend</tt>, 0N/A * <tt>resume</tt>, <tt>setDaemon</tt>, <tt>setPriority</tt>, 0N/A * <tt>setName</tt> and <tt>setUncaughtExceptionHandler</tt> 0N/A * <td>This allows an attacker to modify the behaviour of 0N/A * any thread in the system.</td> 0N/A * <td>stopThread</td> 0N/A * <td>Stopping of threads via calls to the Thread <code>stop</code> 0N/A * <td>This allows code to stop any thread in the system provided that it is 0N/A * already granted permission to access that thread. 0N/A * This poses as a threat, because that code may corrupt the system by 0N/A * killing existing threads.</td> 0N/A * <td>modifyThreadGroup</td> 0N/A * <td>modification of thread groups, e.g., via calls to ThreadGroup 0N/A * <code>destroy</code>, <code>getParent</code>, <code>resume</code>, 0N/A * <code>setDaemon</code>, <code>setMaxPriority</code>, <code>stop</code>, 0N/A * and <code>suspend</code> methods</td> 0N/A * <td>This allows an attacker to create thread groups and 0N/A * set their run priority.</td> 0N/A * <td>getProtectionDomain</td> 0N/A * <td>Retrieval of the ProtectionDomain for a class</td> 0N/A * <td>This allows code to obtain policy information 0N/A * for a particular code source. While obtaining policy information 0N/A * does not compromise the security of the system, it does give 0N/A * attackers additional information, such as local file names for 0N/A * example, to better aim an attack.</td> 0N/A * <td>getFileSystemAttributes</td> 0N/A * <td>Retrieval of file system attributes</td> 0N/A * <td>This allows code to obtain file system information such as disk usage 0N/A * or disk space available to the caller. This is potentially dangerous 0N/A * because it discloses information about the system hardware 0N/A * configuration and some information about the caller's privilege to 0N/A * <td>readFileDescriptor</td> 0N/A * <td>Reading of file descriptors</td> 0N/A * <td>This would allow code to read the particular file associated 0N/A * with the file descriptor read. This is dangerous if the file 0N/A * contains confidential data.</td> 0N/A * <td>writeFileDescriptor</td> 0N/A * <td>Writing to file descriptors</td> 0N/A * <td>This allows code to write to a particular file associated 0N/A * with the descriptor. This is dangerous because it may allow 0N/A * malicious code to plant viruses or at the very least, fill up 0N/A * your entire disk.</td> 0N/A * <td>loadLibrary.{library name}</td> 0N/A * <td>Dynamic linking of the specified library</td> 0N/A * <td>It is dangerous to allow an applet permission to load native code 0N/A * libraries, because the Java security architecture is not designed to and 0N/A * does not prevent malicious behavior at the level of native code.</td> 0N/A * <td>accessClassInPackage.{package name}</td> 0N/A * <td>Access to the specified package via a class loader's 0N/A * <code>loadClass</code> method when that class loader calls 0N/A * the SecurityManager <code>checkPackageAccess</code> method</td> 0N/A * <td>This gives code access to classes in packages 0N/A * to which it normally does not have access. Malicious code 0N/A * may use these classes to help in its attempt to compromise 0N/A * security in the system.</td> 0N/A * <td>defineClassInPackage.{package name}</td> 0N/A * <td>Definition of classes in the specified package, via a class 0N/A * loader's <code>defineClass</code> method when that class loader calls 0N/A * the SecurityManager <code>checkPackageDefinition</code> method.</td> 0N/A * <td>This grants code permission to define a class 0N/A * in a particular package. This is dangerous because malicious 0N/A * code with this permission may define rogue classes in 0N/A * trusted packages like <code>java.security</code> or <code>java.lang</code>, 0N/A * <td>accessDeclaredMembers</td> 0N/A * <td>Access to the declared members of a class</td> 0N/A * <td>This grants code permission to query a class for its public, 0N/A * protected, default (package) access, and private fields and/or 0N/A * methods. Although the code would have 0N/A * access to the private and protected field and method names, it would not 0N/A * to invoke any private methods. Nevertheless, malicious code 0N/A * may use this information to better aim an attack. 0N/A * Additionally, it may invoke any public methods and/or access public fields 0N/A * in the class. This could be dangerous if 0N/A * the code would normally not be able to invoke those methods and/or 0N/A * access the fields because 0N/A * <td>queuePrintJob</td> 0N/A * <td>Initiation of a print job request</td> 0N/A * <td>This could print sensitive information to a printer, 0N/A * or simply waste paper.</td> 0N/A * <td>getStackTrace</td> 0N/A * <td>Retrieval of the stack trace information of another thread.</td> 0N/A * <td>This allows retrieval of the stack trace information of 0N/A * another thread. This might allow malicious code to monitor the 0N/A * execution of threads and discover vulnerabilities in applications.</td> 0N/A * <td>setDefaultUncaughtExceptionHandler</td> 0N/A * <td>Setting the default handler to be used when a thread 0N/A * terminates abruptly due to an uncaught exception</td> 0N/A * <td>This allows an attacker to register a malicious 0N/A * uncaught exception handler that could interfere with termination 0N/A * <td>preferences</td> 0N/A * <td>Represents the permission required to get access to the 0N/A * java.util.prefs.Preferences implementations user or system root 0N/A * which in turn allows retrieval or update operations within the 0N/A * Preferences persistent backing store.) </td> 0N/A * <td>This permission allows the user to read from or write to the 0N/A * preferences backing store if the user running the code has 0N/A * sufficient OS privileges to read/write to that backing store. 0N/A * The actual backing store may reside within a traditional filesystem 0N/A * directory or within a registry depending on the platform OS</td> 0N/A * <td>usePolicy</td> 0N/A * <td>Granting this permission disables the Java Plug-In's default 0N/A * security prompting behavior.</td> 0N/A * <td>For more information, refer to Java Plug-In's guides, <a href= 0N/A * Applet Security Basics</a> and <a href= 0N/A * usePolicy Permission</a>.</td> 0N/A * @see java.security.BasicPermission 0N/A * @see java.security.Permission 0N/A * @see java.security.Permissions 0N/A * @see java.security.PermissionCollection 0N/A * @see java.lang.SecurityManager 0N/A * @author Marianne Mueller 0N/A * @author Roland Schemers 0N/A * Creates a new RuntimePermission with the specified name. 0N/A * The name is the symbolic name of the RuntimePermission, such as 0N/A * "exit", "setFactory", etc. An asterisk 0N/A * may appear at the end of the name, following a ".", or by itself, to 0N/A * signify a wildcard match. 0N/A * @param name the name of the RuntimePermission. 0N/A * @throws NullPointerException if <code>name</code> is <code>null</code>. 0N/A * @throws IllegalArgumentException if <code>name</code> is empty. 0N/A * Creates a new RuntimePermission object with the specified name. 0N/A * The name is the symbolic name of the RuntimePermission, and the 0N/A * actions String is currently unused and should be null. 0N/A * @param name the name of the RuntimePermission. 0N/A * @param actions should be null. 0N/A * @throws NullPointerException if <code>name</code> is <code>null</code>. 0N/A * @throws IllegalArgumentException if <code>name</code> is empty.