diff options
Diffstat (limited to 'libjava/java/security/SecurityPermission.java')
| -rw-r--r-- | libjava/java/security/SecurityPermission.java | 167 |
1 files changed, 118 insertions, 49 deletions
diff --git a/libjava/java/security/SecurityPermission.java b/libjava/java/security/SecurityPermission.java index d6e5bd2597a..a9982d4c3f8 100644 --- a/libjava/java/security/SecurityPermission.java +++ b/libjava/java/security/SecurityPermission.java @@ -1,5 +1,5 @@ /* SecurityPermission.java -- Class for named security permissions - Copyright (C) 1998 Free Software Foundation, Inc. + Copyright (C) 1998, 2002 Free Software Foundation, Inc. This file is part of GNU Classpath. @@ -38,56 +38,126 @@ exception statement from your version. */ package java.security; /** - * This class provides a mechanism for specified named permissions + * This class provides a mechanism for specified named permissions * related to the Java security framework. These permissions have no - * associated actions list. They are either granted or no granted. - * <p> - * The list of valid permission names is: - * <p><ul> - * <li>getPolicy - Allows retrieval of the system security policy. - * <li>setPolicy - Allows the security policy to be changed. - * <li>getProperty.<key> - Allows retrieval of the value of the named - * property or all properties if <key> is a '*'. - * <li>setProperty.<key> - Allows changing of the value of the named - * property or all properties if <key> is a '*'. - * <li>insertProvider.<key> - Allows the named provider to be added, - * or any provide if the key is '*'. - * <li>removeProvider.<key> - Allows the named provider to be removed, - * or any provide if the key is '*'. - * <li>setSystemScope - Allows the system identity scope to be set. - * <li>setIdentityPublicKey - Allows the public key of an Identity to be set. - * <li>SetIdentityInfo - Allows the description of an Identity to be set. - * <li>addIdentityCertificate - Allows a certificate to be set for the public - * key of an identity. - * <li>removeIdentityCertificate - Allows a certificate to be removed from the - * public key of an identity. - * <li>clearProviderProperties.<key%gt; - Allows the properties of the - * named provider to be cleared, or all providers if key is '*'. - * <li>putProviderProperty.<key%gt; - Allows the properties of the - * named provider to be changed, or all providers if key is '*'. - * <li>removeProviderProperty.<key%gt; - Allows the properties of the - * named provider to be deleted, or all providers if key is '*'. - * <li>getSignerPrivateKey - Allows the retrieval of the private key for - * a signer. - * <li>setSignerKeyPair - Allows the public and private key of a Signer to - * be changed. - * </ul> - * <p> - * There is some degree of security risk in granting any of these permissions. - * Some of them can completely compromise system security. Please exercise - * extreme caution in granting these permissions. + * associated actions list. They are either granted or not granted. * - * @version 0.0 + * <p>The list of valid permission names is:<br> + * <table border=1> + * <tr><th>Permission Name</th><th>Permission Allows</th><th>Risks</th</tr> + * <tr> + * <td><code>createAccessControlContext</code></td> + * <td>Allows creation of an AccessControlContext</td> + * <td>The new control context can have a rogue DomainCombiner, leading + * to a privacy leak</td></tr> + * <tr> + * <td><code>getDomainCombiner</code></td> + * <td>Get a DomainCombiner from an AccessControlContext</td> + * <td>Access to a DomainCombiner can lead to a privacy leak</td></tr> + * <tr> + * <td><code>getPolicy</code></td> + * <td>Allows retrieval of the system security policy</td> + * <td>Malicious code can use information from the policy to better plan + * an attack</td></tr> + * <tr> + * <td><code>setPolicy</code></td> + * <td>Allows the security policy to be changed</td> + * <td>Malicious code can give itself any permission it wants</td></tr> + * <tr> + * <td><code>getProperty.</code><em>key</em></td> + * <td>Retrieve the property specified by the key</td> + * <td>Malicious code can use information from the property to better plan + * an attack</td></tr> + * <tr> + * <td><code>setProperty.</code><em>key</em></td> + * <td>Allows changing of the value of all properties implied by key</td> + * <td>Malicious code can insert rogue classes to steal keys or recreate + * the security policy with whatever permissions it desires</td></tr> + * <tr> + * <td><code>insertProvider.</code><em>key</em></td> + * <td>Allows the named provider to be added</td> + * <td>Malicious code can insert rogue providers that steal data</td></tr> + * <tr> + * <td><code>removeProvider.</code><em>key</em></td> + * <td>Allows the named provider to be removed</td> + * <td>A missing provider can cripple code that relies on it</td></tr> + * <tr> + * <td><code>setSystemScope</code></td> + * <td>Allows the system identity scope to be set</td> + * <td>Malicious code can add certificates not available in the original + * identity scope, to gain more permissions</td></tr> + * <tr> + * <td><code>setIdentityPublicKey</code></td> + * <td>Allows the public key of an Identity to be set</td> + * <td>Malicious code can install its own key to gain permissions not + * allowed by the original identity scope</td></tr> + * <tr> + * <td><code>SetIdentityInfo</code></td> + * <td>Allows the description of an Identity to be set</td> + * <td>Malicious code can spoof users into trusting a fake identity</td></tr> + * <tr> + * <td><code>addIdentityCertificate</code></td> + * <td>Allows a certificate to be set for the public key of an identity</td> + * <td>The public key can become trusted to a wider audience than originally + * intended</td></tr> + * <tr> + * <td><code>removeIdentityCertificate</code></td> + * <td>Allows removal of a certificate from an identity's public key</td> + * <td>The public key can become less trusted than it should be</td></tr> + * <tr> + * <td><code>printIdentity</code></td> + * <td>View the name of the identity and scope, and whether they are + * trusted</td> + * <td>The scope may include a filename, which provides an entry point for + * further security breaches</td></tr> + * <tr> + * <td><code>clearProviderProperties.</code><em>key</em></td> + * <td>Allows the properties of the named provider to be cleared</td> + * <td>This can disable parts of the program which depend on finding the + * provider</td></tr> + * <tr> + * <td><code>putProviderProperty.</code><em>key</em></td> + * <td>Allows the properties of the named provider to be changed</td> + * <td>Malicious code can replace the implementation of a provider</td></tr> + * <tr> + * <td><code>removeProviderProperty.</code><em>key</em></td> + * <td>Allows the properties of the named provider to be deleted</td> + * <td>This can disable parts of the program which depend on finding the + * provider</td></tr> + * <tr> + * <td><code>getSignerPrivateKey</code></td> + * <td>Allows the retrieval of the private key for a signer</td> + * <td>Anyone that can access the private key can claim to be the + * Signer</td></tr> + * <tr> + * <td><code>setSignerKeyPair</code></td> + * <td>Allows the public and private key of a Signer to be changed</td> + * <td>The replacement might be a weaker encryption, or the attacker + * can use knowledge of the replaced key to decrypt an entire + * communication session</td></tr> + * </table> + * + * <p>There is some degree of security risk in granting any of these + * permissions. Some of them can completely compromise system security. + * Please exercise extreme caution in granting these permissions. * * @author Aaron M. Renn (arenn@urbanophile.com) + * @see Permission + * @see SecurityManager + * @since 1.1 + * @status updated to 1.4 */ public final class SecurityPermission extends BasicPermission { /** - * This method initializes a new instance of <code>SecurityPermission</code> - * to have the specified name. + * Compatible with JDK 1.1+. + */ + private static final long serialVersionUID = 5236109936224050470L; + + /** + * Create a new instance with the specified name. * - * @param name The name to assign to this permission. + * @param name the name to assign to this permission */ public SecurityPermission(String name) { @@ -95,15 +165,14 @@ public final class SecurityPermission extends BasicPermission } /** - * This method initializes a new instance of <code>SecurityPermission</code> - * to have the specified name. The actions parameter is ignored in this - * class. + * Create a new instance with the specified name. As SecurityPermission + * carries no actions, the second parameter is ignored. * - * @param name The name to assign to this permission. - * @param actions The action list for this permission - ignored. + * @param name the name to assign to this permission + * @param actions ignored */ public SecurityPermission(String name, String actions) { - super(name, actions); + super(name); } -} +} // class SecurityPermission |