J. Duke | 319a3b9 | 2007-12-01 00:00:00 +0000 | [diff] [blame^] | 1 | /* |
| 2 | * Copyright 1997-2005 Sun Microsystems, Inc. All Rights Reserved. |
| 3 | * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
| 4 | * |
| 5 | * This code is free software; you can redistribute it and/or modify it |
| 6 | * under the terms of the GNU General Public License version 2 only, as |
| 7 | * published by the Free Software Foundation. Sun designates this |
| 8 | * particular file as subject to the "Classpath" exception as provided |
| 9 | * by Sun in the LICENSE file that accompanied this code. |
| 10 | * |
| 11 | * This code is distributed in the hope that it will be useful, but WITHOUT |
| 12 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
| 13 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
| 14 | * version 2 for more details (a copy is included in the LICENSE file that |
| 15 | * accompanied this code). |
| 16 | * |
| 17 | * You should have received a copy of the GNU General Public License version |
| 18 | * 2 along with this work; if not, write to the Free Software Foundation, |
| 19 | * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
| 20 | * |
| 21 | * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, |
| 22 | * CA 95054 USA or visit www.sun.com if you need additional information or |
| 23 | * have any questions. |
| 24 | */ |
| 25 | |
| 26 | package java.awt; |
| 27 | |
| 28 | import java.security.BasicPermission; |
| 29 | |
| 30 | /** |
| 31 | * This class is for AWT permissions. |
| 32 | * An <code>AWTPermission</code> contains a target name but |
| 33 | * no actions list; you either have the named permission |
| 34 | * or you don't. |
| 35 | * |
| 36 | * <P> |
| 37 | * The target name is the name of the AWT permission (see below). The naming |
| 38 | * convention follows the hierarchical property naming convention. |
| 39 | * Also, an asterisk could be used to represent all AWT permissions. |
| 40 | * |
| 41 | * <P> |
| 42 | * The following table lists all the possible <code>AWTPermission</code> |
| 43 | * target names, and for each provides a description of what the |
| 44 | * permission allows and a discussion of the risks of granting code |
| 45 | * the permission. |
| 46 | * <P> |
| 47 | * |
| 48 | * <table border=1 cellpadding=5 summary="AWTPermission target names, descriptions, and associated risks."> |
| 49 | * <tr> |
| 50 | * <th>Permission Target Name</th> |
| 51 | * <th>What the Permission Allows</th> |
| 52 | * <th>Risks of Allowing this Permission</th> |
| 53 | * </tr> |
| 54 | * |
| 55 | * <tr> |
| 56 | * <td>accessClipboard</td> |
| 57 | * <td>Posting and retrieval of information to and from the AWT clipboard</td> |
| 58 | * <td>This would allow malfeasant code to share |
| 59 | * potentially sensitive or confidential information.</td> |
| 60 | * </tr> |
| 61 | * |
| 62 | * <tr> |
| 63 | * <td>accessEventQueue</td> |
| 64 | * <td>Access to the AWT event queue</td> |
| 65 | * <td>After retrieving the AWT event queue, |
| 66 | * malicious code may peek at and even remove existing events |
| 67 | * from its event queue, as well as post bogus events which may purposefully |
| 68 | * cause the application or applet to misbehave in an insecure manner.</td> |
| 69 | * </tr> |
| 70 | * |
| 71 | * <tr> |
| 72 | * <td>accessSystemTray</td> |
| 73 | * <td>Access to the AWT SystemTray instance</td> |
| 74 | * <td>This would allow malicious code to add tray icons to the system tray. |
| 75 | * First, such an icon may look like the icon of some known application |
| 76 | * (such as a firewall or anti-virus) and order a user to do something unsafe |
| 77 | * (with help of balloon messages). Second, the system tray may be glutted with |
| 78 | * tray icons so that no one could add a tray icon anymore.</td> |
| 79 | * </tr> |
| 80 | * |
| 81 | * <tr> |
| 82 | * <td>createRobot</td> |
| 83 | * <td>Create java.awt.Robot objects</td> |
| 84 | * <td>The java.awt.Robot object allows code to generate native-level |
| 85 | * mouse and keyboard events as well as read the screen. It could allow |
| 86 | * malicious code to control the system, run other programs, read the |
| 87 | * display, and deny mouse and keyboard access to the user.</td> |
| 88 | * </tr> |
| 89 | * |
| 90 | * <tr> |
| 91 | * <td>fullScreenExclusive</td> |
| 92 | * <td>Enter full-screen exclusive mode</td> |
| 93 | * <td>Entering full-screen exclusive mode allows direct access to |
| 94 | * low-level graphics card memory. This could be used to spoof the |
| 95 | * system, since the program is in direct control of rendering.</td> |
| 96 | * </tr> |
| 97 | * |
| 98 | * <tr> |
| 99 | * <td>listenToAllAWTEvents</td> |
| 100 | * <td>Listen to all AWT events, system-wide</td> |
| 101 | * <td>After adding an AWT event listener, |
| 102 | * malicious code may scan all AWT events dispatched in the system, |
| 103 | * allowing it to read all user input (such as passwords). Each |
| 104 | * AWT event listener is called from within the context of that |
| 105 | * event queue's EventDispatchThread, so if the accessEventQueue |
| 106 | * permission is also enabled, malicious code could modify the |
| 107 | * contents of AWT event queues system-wide, causing the application |
| 108 | * or applet to misbehave in an insecure manner.</td> |
| 109 | * </tr> |
| 110 | * |
| 111 | * <tr> |
| 112 | * <td>readDisplayPixels</td> |
| 113 | * <td>Readback of pixels from the display screen</td> |
| 114 | * <td>Interfaces such as the java.awt.Composite interface or the |
| 115 | * java.awt.Robot class allow arbitrary code to examine pixels on the |
| 116 | * display enable malicious code to snoop on the activities of the user.</td> |
| 117 | * </tr> |
| 118 | * |
| 119 | * <tr> |
| 120 | * <td>replaceKeyboardFocusManager</td> |
| 121 | * <td>Sets the <code>KeyboardFocusManager</code> for |
| 122 | * a particular thread. |
| 123 | * <td>When <code>SecurityManager</code> is installed, the invoking |
| 124 | * thread must be granted this permission in order to replace |
| 125 | * the current <code>KeyboardFocusManager</code>. If permission |
| 126 | * is not granted, a <code>SecurityException</code> will be thrown. |
| 127 | * </tr> |
| 128 | * |
| 129 | * <tr> |
| 130 | * <td>setAppletStub</td> |
| 131 | * <td>Setting the stub which implements Applet container services</td> |
| 132 | * <td>Malicious code could set an applet's stub and result in unexpected |
| 133 | * behavior or denial of service to an applet.</td> |
| 134 | * </tr> |
| 135 | * |
| 136 | * <tr> |
| 137 | * <td>setWindowAlwaysOnTop</td> |
| 138 | * <td>Setting always-on-top property of the window: {@link Window#setAlwaysOnTop}</td> |
| 139 | * <td>The malicious window might make itself look and behave like a real full desktop, so that |
| 140 | * information entered by the unsuspecting user is captured and subsequently misused </td> |
| 141 | * </tr> |
| 142 | * |
| 143 | * <tr> |
| 144 | * <td>showWindowWithoutWarningBanner</td> |
| 145 | * <td>Display of a window without also displaying a banner warning |
| 146 | * that the window was created by an applet</td> |
| 147 | * <td>Without this warning, |
| 148 | * an applet may pop up windows without the user knowing that they |
| 149 | * belong to an applet. Since users may make security-sensitive |
| 150 | * decisions based on whether or not the window belongs to an applet |
| 151 | * (entering a username and password into a dialog box, for example), |
| 152 | * disabling this warning banner may allow applets to trick the user |
| 153 | * into entering such information.</td> |
| 154 | * </tr> |
| 155 | * |
| 156 | * <tr> |
| 157 | * <td>toolkitModality</td> |
| 158 | * <td>Creating {@link Dialog.ModalityType#TOOLKIT_MODAL TOOLKIT_MODAL} dialogs |
| 159 | * and setting the {@link Dialog.ModalExclusionType#TOOLKIT_EXCLUDE |
| 160 | * TOOLKIT_EXCLUDE} window property.</td> |
| 161 | * <td>When a toolkit-modal dialog is shown from an applet, it blocks all other |
| 162 | * applets in the browser. When launching applications from Java Web Start, |
| 163 | * its windows (such as the security dialog) may also be blocked by toolkit-modal |
| 164 | * dialogs, shown from these applications.</td> |
| 165 | * </tr> |
| 166 | * |
| 167 | * <tr> |
| 168 | * <td>watchMousePointer</td> |
| 169 | * <td>Getting the information about the mouse pointer position at any |
| 170 | * time</td> |
| 171 | * <td>Constantly watching the mouse pointer, |
| 172 | * an applet can make guesses about what the user is doing, i.e. moving |
| 173 | * the mouse to the lower left corner of the screen most likely means that |
| 174 | * the user is about to launch an application. If a virtual keypad is used |
| 175 | * so that keyboard is emulated using the mouse, an applet may guess what |
| 176 | * is being typed.</td> |
| 177 | * </tr> |
| 178 | * </table> |
| 179 | * |
| 180 | * @see java.security.BasicPermission |
| 181 | * @see java.security.Permission |
| 182 | * @see java.security.Permissions |
| 183 | * @see java.security.PermissionCollection |
| 184 | * @see java.lang.SecurityManager |
| 185 | * |
| 186 | * |
| 187 | * @author Marianne Mueller |
| 188 | * @author Roland Schemers |
| 189 | */ |
| 190 | |
| 191 | public final class AWTPermission extends BasicPermission { |
| 192 | |
| 193 | /** use serialVersionUID from the Java 2 platform for interoperability */ |
| 194 | private static final long serialVersionUID = 8890392402588814465L; |
| 195 | |
| 196 | /** |
| 197 | * Creates a new <code>AWTPermission</code> with the specified name. |
| 198 | * The name is the symbolic name of the <code>AWTPermission</code>, |
| 199 | * such as "topLevelWindow", "systemClipboard", etc. An asterisk |
| 200 | * may be used to indicate all AWT permissions. |
| 201 | * |
| 202 | * @param name the name of the AWTPermission |
| 203 | * |
| 204 | * @throws NullPointerException if <code>name</code> is <code>null</code>. |
| 205 | * @throws IllegalArgumentException if <code>name</code> is empty. |
| 206 | */ |
| 207 | |
| 208 | public AWTPermission(String name) |
| 209 | { |
| 210 | super(name); |
| 211 | } |
| 212 | |
| 213 | /** |
| 214 | * Creates a new <code>AWTPermission</code> object with the specified name. |
| 215 | * The name is the symbolic name of the <code>AWTPermission</code>, and the |
| 216 | * actions string is currently unused and should be <code>null</code>. |
| 217 | * |
| 218 | * @param name the name of the <code>AWTPermission</code> |
| 219 | * @param actions should be <code>null</code> |
| 220 | * |
| 221 | * @throws NullPointerException if <code>name</code> is <code>null</code>. |
| 222 | * @throws IllegalArgumentException if <code>name</code> is empty. |
| 223 | */ |
| 224 | |
| 225 | public AWTPermission(String name, String actions) |
| 226 | { |
| 227 | super(name, actions); |
| 228 | } |
| 229 | } |