author | darcy |
Thu, 29 Aug 2019 10:52:21 -0700 | |
changeset 57950 | 4612a3cfb927 |
parent 47216 | 71c04702a3d5 |
permissions | -rw-r--r-- |
2 | 1 |
/* |
57950
4612a3cfb927
8229999: Apply java.io.Serial annotations to security types in java.base
darcy
parents:
47216
diff
changeset
|
2 |
* Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved. |
2 | 3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 |
* |
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
5506 | 7 |
* published by the Free Software Foundation. Oracle designates this |
2 | 8 |
* particular file as subject to the "Classpath" exception as provided |
5506 | 9 |
* by Oracle in the LICENSE file that accompanied this code. |
2 | 10 |
* |
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
15 |
* accompanied this code). |
|
16 |
* |
|
17 |
* You should have received a copy of the GNU General Public License version |
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 |
* |
|
5506 | 21 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
22 |
* or visit www.oracle.com if you need additional information or have any |
|
23 |
* questions. |
|
2 | 24 |
*/ |
25 |
||
26 |
package java.security; |
|
27 |
||
28 |
import java.security.*; |
|
29 |
import java.util.Enumeration; |
|
30 |
import java.util.Hashtable; |
|
31 |
import java.util.StringTokenizer; |
|
32 |
||
33 |
/** |
|
32107
67aa4920495c
8077055: Allow other named SecurityPermissions, RuntimePermissions, and AuthPermissions to be used
mullan
parents:
25859
diff
changeset
|
34 |
* This class is for security permissions. A {@code SecurityPermission} |
67aa4920495c
8077055: Allow other named SecurityPermissions, RuntimePermissions, and AuthPermissions to be used
mullan
parents:
25859
diff
changeset
|
35 |
* contains a name (also referred to as a "target name") but no actions list; |
67aa4920495c
8077055: Allow other named SecurityPermissions, RuntimePermissions, and AuthPermissions to be used
mullan
parents:
25859
diff
changeset
|
36 |
* you either have the named permission or you don't. |
67aa4920495c
8077055: Allow other named SecurityPermissions, RuntimePermissions, and AuthPermissions to be used
mullan
parents:
25859
diff
changeset
|
37 |
* <p> |
67aa4920495c
8077055: Allow other named SecurityPermissions, RuntimePermissions, and AuthPermissions to be used
mullan
parents:
25859
diff
changeset
|
38 |
* The target name is the name of a security configuration parameter |
67aa4920495c
8077055: Allow other named SecurityPermissions, RuntimePermissions, and AuthPermissions to be used
mullan
parents:
25859
diff
changeset
|
39 |
* (see below). Currently the {@code SecurityPermission} object is used to |
67aa4920495c
8077055: Allow other named SecurityPermissions, RuntimePermissions, and AuthPermissions to be used
mullan
parents:
25859
diff
changeset
|
40 |
* guard access to the {@link AccessControlContext}, {@link Policy}, |
67aa4920495c
8077055: Allow other named SecurityPermissions, RuntimePermissions, and AuthPermissions to be used
mullan
parents:
25859
diff
changeset
|
41 |
* {@link Provider}, {@link Security}, {@link Signer}, and {@link Identity} |
2 | 42 |
* objects. |
32107
67aa4920495c
8077055: Allow other named SecurityPermissions, RuntimePermissions, and AuthPermissions to be used
mullan
parents:
25859
diff
changeset
|
43 |
* <p> |
67aa4920495c
8077055: Allow other named SecurityPermissions, RuntimePermissions, and AuthPermissions to be used
mullan
parents:
25859
diff
changeset
|
44 |
* The following table lists the standard {@code SecurityPermission} |
67aa4920495c
8077055: Allow other named SecurityPermissions, RuntimePermissions, and AuthPermissions to be used
mullan
parents:
25859
diff
changeset
|
45 |
* target names, and for each provides a description of what the permission |
67aa4920495c
8077055: Allow other named SecurityPermissions, RuntimePermissions, and AuthPermissions to be used
mullan
parents:
25859
diff
changeset
|
46 |
* allows and a discussion of the risks of granting code the permission. |
2 | 47 |
* |
45124
144479e89cdb
8179592: Update tables in java.base to be HTML 5-friendly.
jjg
parents:
32931
diff
changeset
|
48 |
* <table class="striped"> |
144479e89cdb
8179592: Update tables in java.base to be HTML 5-friendly.
jjg
parents:
32931
diff
changeset
|
49 |
* <caption style="display:none">target name, what the permission allows, and associated risks</caption> |
144479e89cdb
8179592: Update tables in java.base to be HTML 5-friendly.
jjg
parents:
32931
diff
changeset
|
50 |
* <thead> |
2 | 51 |
* <tr> |
45881
aaec0fbe17ae
8184208: update class="striped" tables for accessibility
jjg
parents:
45434
diff
changeset
|
52 |
* <th scope="col">Permission Target Name</th> |
aaec0fbe17ae
8184208: update class="striped" tables for accessibility
jjg
parents:
45434
diff
changeset
|
53 |
* <th scope="col">What the Permission Allows</th> |
aaec0fbe17ae
8184208: update class="striped" tables for accessibility
jjg
parents:
45434
diff
changeset
|
54 |
* <th scope="col">Risks of Allowing this Permission</th> |
2 | 55 |
* </tr> |
45124
144479e89cdb
8179592: Update tables in java.base to be HTML 5-friendly.
jjg
parents:
32931
diff
changeset
|
56 |
* </thead> |
144479e89cdb
8179592: Update tables in java.base to be HTML 5-friendly.
jjg
parents:
32931
diff
changeset
|
57 |
* <tbody> |
2 | 58 |
* |
59 |
* <tr> |
|
45881
aaec0fbe17ae
8184208: update class="striped" tables for accessibility
jjg
parents:
45434
diff
changeset
|
60 |
* <th scope="row">authProvider.{provider name}</th> |
32931
2ba4f06f8684
8130648: JCK test api/java_security/AuthProvider/ProviderTests_login starts failing after JDK-7191662
valeriep
parents:
32107
diff
changeset
|
61 |
* <td>Allow the named provider to be an AuthProvider for login and |
2ba4f06f8684
8130648: JCK test api/java_security/AuthProvider/ProviderTests_login starts failing after JDK-7191662
valeriep
parents:
32107
diff
changeset
|
62 |
* logout operations. </td> |
2ba4f06f8684
8130648: JCK test api/java_security/AuthProvider/ProviderTests_login starts failing after JDK-7191662
valeriep
parents:
32107
diff
changeset
|
63 |
* <td>This allows the named provider to perform login and logout |
2ba4f06f8684
8130648: JCK test api/java_security/AuthProvider/ProviderTests_login starts failing after JDK-7191662
valeriep
parents:
32107
diff
changeset
|
64 |
* operations. The named provider must extend {@code AuthProvider} |
2ba4f06f8684
8130648: JCK test api/java_security/AuthProvider/ProviderTests_login starts failing after JDK-7191662
valeriep
parents:
32107
diff
changeset
|
65 |
* and care must be taken to grant to a trusted provider since |
2ba4f06f8684
8130648: JCK test api/java_security/AuthProvider/ProviderTests_login starts failing after JDK-7191662
valeriep
parents:
32107
diff
changeset
|
66 |
* login operations involve sensitive authentication information |
2ba4f06f8684
8130648: JCK test api/java_security/AuthProvider/ProviderTests_login starts failing after JDK-7191662
valeriep
parents:
32107
diff
changeset
|
67 |
* such as PINs and passwords. </td> |
2ba4f06f8684
8130648: JCK test api/java_security/AuthProvider/ProviderTests_login starts failing after JDK-7191662
valeriep
parents:
32107
diff
changeset
|
68 |
* </tr> |
2ba4f06f8684
8130648: JCK test api/java_security/AuthProvider/ProviderTests_login starts failing after JDK-7191662
valeriep
parents:
32107
diff
changeset
|
69 |
* |
2ba4f06f8684
8130648: JCK test api/java_security/AuthProvider/ProviderTests_login starts failing after JDK-7191662
valeriep
parents:
32107
diff
changeset
|
70 |
* <tr> |
45881
aaec0fbe17ae
8184208: update class="striped" tables for accessibility
jjg
parents:
45434
diff
changeset
|
71 |
* <th scope="row">createAccessControlContext</th> |
2 | 72 |
* <td>Creation of an AccessControlContext</td> |
73 |
* <td>This allows someone to instantiate an AccessControlContext |
|
18579
b678846778ad
8019360: Cleanup of the javadoc <code> tag in java.security.*
juh
parents:
5506
diff
changeset
|
74 |
* with a {@code DomainCombiner}. Extreme care must be taken when |
2 | 75 |
* granting this permission. Malicious code could create a DomainCombiner |
76 |
* that augments the set of permissions granted to code, and even grant the |
|
77 |
* code {@link java.security.AllPermission}.</td> |
|
78 |
* </tr> |
|
79 |
* |
|
80 |
* <tr> |
|
45881
aaec0fbe17ae
8184208: update class="striped" tables for accessibility
jjg
parents:
45434
diff
changeset
|
81 |
* <th scope="row">getDomainCombiner</th> |
2 | 82 |
* <td>Retrieval of an AccessControlContext's DomainCombiner</td> |
83 |
* <td>This allows someone to retrieve an AccessControlContext's |
|
18579
b678846778ad
8019360: Cleanup of the javadoc <code> tag in java.security.*
juh
parents:
5506
diff
changeset
|
84 |
* {@code DomainCombiner}. Since DomainCombiners may contain |
2 | 85 |
* sensitive information, this could potentially lead to a privacy leak.</td> |
86 |
* </tr> |
|
87 |
* |
|
88 |
* <tr> |
|
45881
aaec0fbe17ae
8184208: update class="striped" tables for accessibility
jjg
parents:
45434
diff
changeset
|
89 |
* <th scope="row">getPolicy</th> |
2 | 90 |
* <td>Retrieval of the system-wide security policy (specifically, of the |
91 |
* currently-installed Policy object)</td> |
|
92 |
* <td>This allows someone to query the policy via the |
|
18579
b678846778ad
8019360: Cleanup of the javadoc <code> tag in java.security.*
juh
parents:
5506
diff
changeset
|
93 |
* {@code getPermissions} call, |
2 | 94 |
* which discloses which permissions would be granted to a given CodeSource. |
95 |
* While revealing the policy does not compromise the security of |
|
96 |
* the system, it does provide malicious code with additional information |
|
97 |
* which it may use to better aim an attack. It is wise |
|
98 |
* not to divulge more information than necessary.</td> |
|
99 |
* </tr> |
|
100 |
* |
|
101 |
* <tr> |
|
45881
aaec0fbe17ae
8184208: update class="striped" tables for accessibility
jjg
parents:
45434
diff
changeset
|
102 |
* <th scope="row">setPolicy</th> |
2 | 103 |
* <td>Setting of the system-wide security policy (specifically, |
104 |
* the Policy object)</td> |
|
105 |
* <td>Granting this permission is extremely dangerous, as malicious |
|
106 |
* code may grant itself all the necessary permissions it needs |
|
107 |
* to successfully mount an attack on the system.</td> |
|
108 |
* </tr> |
|
109 |
* |
|
110 |
* <tr> |
|
45881
aaec0fbe17ae
8184208: update class="striped" tables for accessibility
jjg
parents:
45434
diff
changeset
|
111 |
* <th scope="row">createPolicy.{policy type}</th> |
2 | 112 |
* <td>Getting an instance of a Policy implementation from a provider</td> |
113 |
* <td>Granting this permission enables code to obtain a Policy object. |
|
114 |
* Malicious code may query the Policy object to determine what permissions |
|
115 |
* have been granted to code other than itself. </td> |
|
116 |
* </tr> |
|
117 |
* |
|
118 |
* <tr> |
|
45881
aaec0fbe17ae
8184208: update class="striped" tables for accessibility
jjg
parents:
45434
diff
changeset
|
119 |
* <th scope="row">getProperty.{key}</th> |
2 | 120 |
* <td>Retrieval of the security property with the specified key</td> |
121 |
* <td>Depending on the particular key for which access has |
|
122 |
* been granted, the code may have access to the list of security |
|
123 |
* providers, as well as the location of the system-wide and user |
|
124 |
* security policies. while revealing this information does not |
|
125 |
* compromise the security of the system, it does provide malicious |
|
126 |
* code with additional information which it may use to better aim |
|
127 |
* an attack. |
|
128 |
</td> |
|
129 |
* </tr> |
|
130 |
* |
|
131 |
* <tr> |
|
45881
aaec0fbe17ae
8184208: update class="striped" tables for accessibility
jjg
parents:
45434
diff
changeset
|
132 |
* <th scope="row">setProperty.{key}</th> |
2 | 133 |
* <td>Setting of the security property with the specified key</td> |
134 |
* <td>This could include setting a security provider or defining |
|
2589 | 135 |
* the location of the system-wide security policy. Malicious |
2 | 136 |
* code that has permission to set a new security provider may |
137 |
* set a rogue provider that steals confidential information such |
|
138 |
* as cryptographic private keys. In addition, malicious code with |
|
139 |
* permission to set the location of the system-wide security policy |
|
140 |
* may point it to a security policy that grants the attacker |
|
141 |
* all the necessary permissions it requires to successfully mount |
|
142 |
* an attack on the system. |
|
143 |
</td> |
|
144 |
* </tr> |
|
145 |
* |
|
146 |
* <tr> |
|
45881
aaec0fbe17ae
8184208: update class="striped" tables for accessibility
jjg
parents:
45434
diff
changeset
|
147 |
* <th scope="row">insertProvider</th> |
19193
103262cae675
8001319: Add SecurityPermission "insertProvider" target name
mullan
parents:
18579
diff
changeset
|
148 |
* <td>Addition of a new provider</td> |
2 | 149 |
* <td>This would allow somebody to introduce a possibly |
150 |
* malicious provider (e.g., one that discloses the private keys passed |
|
151 |
* to it) as the highest-priority provider. This would be possible |
|
152 |
* because the Security object (which manages the installed providers) |
|
153 |
* currently does not check the integrity or authenticity of a provider |
|
19193
103262cae675
8001319: Add SecurityPermission "insertProvider" target name
mullan
parents:
18579
diff
changeset
|
154 |
* before attaching it. The "insertProvider" permission subsumes the |
103262cae675
8001319: Add SecurityPermission "insertProvider" target name
mullan
parents:
18579
diff
changeset
|
155 |
* "insertProvider.{provider name}" permission (see the section below for |
103262cae675
8001319: Add SecurityPermission "insertProvider" target name
mullan
parents:
18579
diff
changeset
|
156 |
* more information). |
103262cae675
8001319: Add SecurityPermission "insertProvider" target name
mullan
parents:
18579
diff
changeset
|
157 |
* </td> |
2 | 158 |
* </tr> |
159 |
* |
|
160 |
* <tr> |
|
45881
aaec0fbe17ae
8184208: update class="striped" tables for accessibility
jjg
parents:
45434
diff
changeset
|
161 |
* <th scope="row">removeProvider.{provider name}</th> |
2 | 162 |
* <td>Removal of the specified provider</td> |
163 |
* <td>This may change the behavior or disable execution of other |
|
164 |
* parts of the program. If a provider subsequently requested by the |
|
165 |
* program has been removed, execution may fail. Also, if the removed |
|
166 |
* provider is not explicitly requested by the rest of the program, but |
|
167 |
* it would normally be the provider chosen when a cryptography service |
|
168 |
* is requested (due to its previous order in the list of providers), |
|
169 |
* a different provider will be chosen instead, or no suitable provider |
|
170 |
* will be found, thereby resulting in program failure.</td> |
|
171 |
* </tr> |
|
172 |
* |
|
173 |
* <tr> |
|
45881
aaec0fbe17ae
8184208: update class="striped" tables for accessibility
jjg
parents:
45434
diff
changeset
|
174 |
* <th scope="row">clearProviderProperties.{provider name}</th> |
2 | 175 |
* <td>"Clearing" of a Provider so that it no longer contains the properties |
176 |
* used to look up services implemented by the provider</td> |
|
177 |
* <td>This disables the lookup of services implemented by the provider. |
|
178 |
* This may thus change the behavior or disable execution of other |
|
179 |
* parts of the program that would normally utilize the Provider, as |
|
180 |
* described under the "removeProvider.{provider name}" permission.</td> |
|
181 |
* </tr> |
|
182 |
* |
|
183 |
* <tr> |
|
45881
aaec0fbe17ae
8184208: update class="striped" tables for accessibility
jjg
parents:
45434
diff
changeset
|
184 |
* <th scope="row">putProviderProperty.{provider name}</th> |
2 | 185 |
* <td>Setting of properties for the specified Provider</td> |
186 |
* <td>The provider properties each specify the name and location |
|
187 |
* of a particular service implemented by the provider. By granting |
|
188 |
* this permission, you let code replace the service specification |
|
189 |
* with another one, thereby specifying a different implementation.</td> |
|
190 |
* </tr> |
|
191 |
* |
|
192 |
* <tr> |
|
45881
aaec0fbe17ae
8184208: update class="striped" tables for accessibility
jjg
parents:
45434
diff
changeset
|
193 |
* <th scope="row">removeProviderProperty.{provider name}</th> |
2 | 194 |
* <td>Removal of properties from the specified Provider</td> |
195 |
* <td>This disables the lookup of services implemented by the |
|
196 |
* provider. They are no longer accessible due to removal of the properties |
|
197 |
* specifying their names and locations. This |
|
198 |
* may change the behavior or disable execution of other |
|
199 |
* parts of the program that would normally utilize the Provider, as |
|
200 |
* described under the "removeProvider.{provider name}" permission.</td> |
|
201 |
* </tr> |
|
202 |
* |
|
45124
144479e89cdb
8179592: Update tables in java.base to be HTML 5-friendly.
jjg
parents:
32931
diff
changeset
|
203 |
* </tbody> |
2 | 204 |
* </table> |
205 |
* |
|
206 |
* <P> |
|
19193
103262cae675
8001319: Add SecurityPermission "insertProvider" target name
mullan
parents:
18579
diff
changeset
|
207 |
* The following permissions have been superseded by newer permissions or are |
103262cae675
8001319: Add SecurityPermission "insertProvider" target name
mullan
parents:
18579
diff
changeset
|
208 |
* associated with classes that have been deprecated: {@link Identity}, |
103262cae675
8001319: Add SecurityPermission "insertProvider" target name
mullan
parents:
18579
diff
changeset
|
209 |
* {@link IdentityScope}, {@link Signer}. Use of them is discouraged. See the |
103262cae675
8001319: Add SecurityPermission "insertProvider" target name
mullan
parents:
18579
diff
changeset
|
210 |
* applicable classes for more information. |
2 | 211 |
* |
45124
144479e89cdb
8179592: Update tables in java.base to be HTML 5-friendly.
jjg
parents:
32931
diff
changeset
|
212 |
* <table class="striped"> |
144479e89cdb
8179592: Update tables in java.base to be HTML 5-friendly.
jjg
parents:
32931
diff
changeset
|
213 |
* <caption style="display:none">target name, what the permission allows, and associated risks</caption> |
144479e89cdb
8179592: Update tables in java.base to be HTML 5-friendly.
jjg
parents:
32931
diff
changeset
|
214 |
* <thead> |
2 | 215 |
* <tr> |
45881
aaec0fbe17ae
8184208: update class="striped" tables for accessibility
jjg
parents:
45434
diff
changeset
|
216 |
* <th scope="col">Permission Target Name</th> |
aaec0fbe17ae
8184208: update class="striped" tables for accessibility
jjg
parents:
45434
diff
changeset
|
217 |
* <th scope="col">What the Permission Allows</th> |
aaec0fbe17ae
8184208: update class="striped" tables for accessibility
jjg
parents:
45434
diff
changeset
|
218 |
* <th scope="col">Risks of Allowing this Permission</th> |
2 | 219 |
* </tr> |
45124
144479e89cdb
8179592: Update tables in java.base to be HTML 5-friendly.
jjg
parents:
32931
diff
changeset
|
220 |
* </thead> |
2 | 221 |
* |
45124
144479e89cdb
8179592: Update tables in java.base to be HTML 5-friendly.
jjg
parents:
32931
diff
changeset
|
222 |
* <tbody> |
2 | 223 |
* <tr> |
45881
aaec0fbe17ae
8184208: update class="striped" tables for accessibility
jjg
parents:
45434
diff
changeset
|
224 |
* <th scope="row">insertProvider.{provider name}</th> |
19193
103262cae675
8001319: Add SecurityPermission "insertProvider" target name
mullan
parents:
18579
diff
changeset
|
225 |
* <td>Addition of a new provider, with the specified name</td> |
103262cae675
8001319: Add SecurityPermission "insertProvider" target name
mullan
parents:
18579
diff
changeset
|
226 |
* <td>Use of this permission is discouraged from further use because it is |
103262cae675
8001319: Add SecurityPermission "insertProvider" target name
mullan
parents:
18579
diff
changeset
|
227 |
* possible to circumvent the name restrictions by overriding the |
103262cae675
8001319: Add SecurityPermission "insertProvider" target name
mullan
parents:
18579
diff
changeset
|
228 |
* {@link java.security.Provider#getName} method. Also, there is an equivalent |
103262cae675
8001319: Add SecurityPermission "insertProvider" target name
mullan
parents:
18579
diff
changeset
|
229 |
* level of risk associated with granting code permission to insert a provider |
103262cae675
8001319: Add SecurityPermission "insertProvider" target name
mullan
parents:
18579
diff
changeset
|
230 |
* with a specific name, or any name it chooses. Users should use the |
103262cae675
8001319: Add SecurityPermission "insertProvider" target name
mullan
parents:
18579
diff
changeset
|
231 |
* "insertProvider" permission instead. |
103262cae675
8001319: Add SecurityPermission "insertProvider" target name
mullan
parents:
18579
diff
changeset
|
232 |
* <p>This would allow somebody to introduce a possibly |
103262cae675
8001319: Add SecurityPermission "insertProvider" target name
mullan
parents:
18579
diff
changeset
|
233 |
* malicious provider (e.g., one that discloses the private keys passed |
103262cae675
8001319: Add SecurityPermission "insertProvider" target name
mullan
parents:
18579
diff
changeset
|
234 |
* to it) as the highest-priority provider. This would be possible |
103262cae675
8001319: Add SecurityPermission "insertProvider" target name
mullan
parents:
18579
diff
changeset
|
235 |
* because the Security object (which manages the installed providers) |
103262cae675
8001319: Add SecurityPermission "insertProvider" target name
mullan
parents:
18579
diff
changeset
|
236 |
* currently does not check the integrity or authenticity of a provider |
103262cae675
8001319: Add SecurityPermission "insertProvider" target name
mullan
parents:
18579
diff
changeset
|
237 |
* before attaching it.</td> |
103262cae675
8001319: Add SecurityPermission "insertProvider" target name
mullan
parents:
18579
diff
changeset
|
238 |
* </tr> |
103262cae675
8001319: Add SecurityPermission "insertProvider" target name
mullan
parents:
18579
diff
changeset
|
239 |
* |
103262cae675
8001319: Add SecurityPermission "insertProvider" target name
mullan
parents:
18579
diff
changeset
|
240 |
* <tr> |
45881
aaec0fbe17ae
8184208: update class="striped" tables for accessibility
jjg
parents:
45434
diff
changeset
|
241 |
* <th scope="row">setSystemScope</th> |
2 | 242 |
* <td>Setting of the system identity scope</td> |
243 |
* <td>This would allow an attacker to configure the system identity scope with |
|
244 |
* certificates that should not be trusted, thereby granting applet or |
|
245 |
* application code signed with those certificates privileges that |
|
246 |
* would have been denied by the system's original identity scope.</td> |
|
247 |
* </tr> |
|
248 |
* |
|
249 |
* <tr> |
|
45881
aaec0fbe17ae
8184208: update class="striped" tables for accessibility
jjg
parents:
45434
diff
changeset
|
250 |
* <th scope="row">setIdentityPublicKey</th> |
2 | 251 |
* <td>Setting of the public key for an Identity</td> |
252 |
* <td>If the identity is marked as "trusted", this allows an attacker to |
|
253 |
* introduce a different public key (e.g., its own) that is not trusted |
|
254 |
* by the system's identity scope, thereby granting applet or |
|
255 |
* application code signed with that public key privileges that |
|
256 |
* would have been denied otherwise.</td> |
|
257 |
* </tr> |
|
258 |
* |
|
259 |
* <tr> |
|
45881
aaec0fbe17ae
8184208: update class="striped" tables for accessibility
jjg
parents:
45434
diff
changeset
|
260 |
* <th scope="row">setIdentityInfo</th> |
2 | 261 |
* <td>Setting of a general information string for an Identity</td> |
262 |
* <td>This allows attackers to set the general description for |
|
263 |
* an identity. This may trick applications into using a different |
|
264 |
* identity than intended or may prevent applications from finding a |
|
265 |
* particular identity.</td> |
|
266 |
* </tr> |
|
267 |
* |
|
268 |
* <tr> |
|
45881
aaec0fbe17ae
8184208: update class="striped" tables for accessibility
jjg
parents:
45434
diff
changeset
|
269 |
* <th scope="row">addIdentityCertificate</th> |
2 | 270 |
* <td>Addition of a certificate for an Identity</td> |
271 |
* <td>This allows attackers to set a certificate for |
|
272 |
* an identity's public key. This is dangerous because it affects |
|
273 |
* the trust relationship across the system. This public key suddenly |
|
274 |
* becomes trusted to a wider audience than it otherwise would be.</td> |
|
275 |
* </tr> |
|
276 |
* |
|
277 |
* <tr> |
|
45881
aaec0fbe17ae
8184208: update class="striped" tables for accessibility
jjg
parents:
45434
diff
changeset
|
278 |
* <th scope="row">removeIdentityCertificate</th> |
2 | 279 |
* <td>Removal of a certificate for an Identity</td> |
280 |
* <td>This allows attackers to remove a certificate for |
|
281 |
* an identity's public key. This is dangerous because it affects |
|
282 |
* the trust relationship across the system. This public key suddenly |
|
283 |
* becomes considered less trustworthy than it otherwise would be.</td> |
|
284 |
* </tr> |
|
285 |
* |
|
286 |
* <tr> |
|
45881
aaec0fbe17ae
8184208: update class="striped" tables for accessibility
jjg
parents:
45434
diff
changeset
|
287 |
* <th scope="row">printIdentity</th> |
2 | 288 |
* <td>Viewing the name of a principal |
289 |
* and optionally the scope in which it is used, and whether |
|
290 |
* or not it is considered "trusted" in that scope</td> |
|
291 |
* <td>The scope that is printed out may be a filename, in which case |
|
292 |
* it may convey local system information. For example, here's a sample |
|
293 |
* printout of an identity named "carol", who is |
|
294 |
* marked not trusted in the user's identity database:<br> |
|
295 |
* carol[/home/luehe/identitydb.obj][not trusted]</td> |
|
296 |
*</tr> |
|
297 |
* |
|
298 |
* <tr> |
|
45881
aaec0fbe17ae
8184208: update class="striped" tables for accessibility
jjg
parents:
45434
diff
changeset
|
299 |
* <th scope="row">getSignerPrivateKey</th> |
2 | 300 |
* <td>Retrieval of a Signer's private key</td> |
301 |
* <td>It is very dangerous to allow access to a private key; private |
|
302 |
* keys are supposed to be kept secret. Otherwise, code can use the |
|
303 |
* private key to sign various files and claim the signature came from |
|
304 |
* the Signer.</td> |
|
305 |
* </tr> |
|
306 |
* |
|
307 |
* <tr> |
|
45881
aaec0fbe17ae
8184208: update class="striped" tables for accessibility
jjg
parents:
45434
diff
changeset
|
308 |
* <th scope="row">setSignerKeyPair</th> |
2 | 309 |
* <td>Setting of the key pair (public key and private key) for a Signer</td> |
310 |
* <td>This would allow an attacker to replace somebody else's (the "target's") |
|
311 |
* keypair with a possibly weaker keypair (e.g., a keypair of a smaller |
|
312 |
* keysize). This also would allow the attacker to listen in on encrypted |
|
313 |
* communication between the target and its peers. The target's peers |
|
314 |
* might wrap an encryption session key under the target's "new" public |
|
315 |
* key, which would allow the attacker (who possesses the corresponding |
|
316 |
* private key) to unwrap the session key and decipher the communication |
|
317 |
* data encrypted under that session key.</td> |
|
318 |
* </tr> |
|
319 |
* |
|
45124
144479e89cdb
8179592: Update tables in java.base to be HTML 5-friendly.
jjg
parents:
32931
diff
changeset
|
320 |
* </tbody> |
2 | 321 |
* </table> |
322 |
* |
|
32107
67aa4920495c
8077055: Allow other named SecurityPermissions, RuntimePermissions, and AuthPermissions to be used
mullan
parents:
25859
diff
changeset
|
323 |
* @implNote |
67aa4920495c
8077055: Allow other named SecurityPermissions, RuntimePermissions, and AuthPermissions to be used
mullan
parents:
25859
diff
changeset
|
324 |
* Implementations may define additional target names, but should use naming |
67aa4920495c
8077055: Allow other named SecurityPermissions, RuntimePermissions, and AuthPermissions to be used
mullan
parents:
25859
diff
changeset
|
325 |
* conventions such as reverse domain name notation to avoid name clashes. |
67aa4920495c
8077055: Allow other named SecurityPermissions, RuntimePermissions, and AuthPermissions to be used
mullan
parents:
25859
diff
changeset
|
326 |
* |
2 | 327 |
* @see java.security.BasicPermission |
328 |
* @see java.security.Permission |
|
329 |
* @see java.security.Permissions |
|
330 |
* @see java.security.PermissionCollection |
|
331 |
* @see java.lang.SecurityManager |
|
332 |
* |
|
333 |
* |
|
334 |
* @author Marianne Mueller |
|
335 |
* @author Roland Schemers |
|
45434
4582657c7260
8181082: class-level since tag issues in java.base & java.datatransfer module
mli
parents:
45124
diff
changeset
|
336 |
* @since 1.2 |
2 | 337 |
*/ |
338 |
||
339 |
public final class SecurityPermission extends BasicPermission { |
|
340 |
||
57950
4612a3cfb927
8229999: Apply java.io.Serial annotations to security types in java.base
darcy
parents:
47216
diff
changeset
|
341 |
@java.io.Serial |
2 | 342 |
private static final long serialVersionUID = 5236109936224050470L; |
343 |
||
344 |
/** |
|
345 |
* Creates a new SecurityPermission with the specified name. |
|
346 |
* The name is the symbolic name of the SecurityPermission. An asterisk |
|
347 |
* may appear at the end of the name, following a ".", or by itself, to |
|
348 |
* signify a wildcard match. |
|
349 |
* |
|
350 |
* @param name the name of the SecurityPermission |
|
351 |
* |
|
18579
b678846778ad
8019360: Cleanup of the javadoc <code> tag in java.security.*
juh
parents:
5506
diff
changeset
|
352 |
* @throws NullPointerException if {@code name} is {@code null}. |
b678846778ad
8019360: Cleanup of the javadoc <code> tag in java.security.*
juh
parents:
5506
diff
changeset
|
353 |
* @throws IllegalArgumentException if {@code name} is empty. |
2 | 354 |
*/ |
355 |
public SecurityPermission(String name) |
|
356 |
{ |
|
357 |
super(name); |
|
358 |
} |
|
359 |
||
360 |
/** |
|
361 |
* Creates a new SecurityPermission object with the specified name. |
|
362 |
* The name is the symbolic name of the SecurityPermission, and the |
|
363 |
* actions String is currently unused and should be null. |
|
364 |
* |
|
365 |
* @param name the name of the SecurityPermission |
|
366 |
* @param actions should be null. |
|
367 |
* |
|
18579
b678846778ad
8019360: Cleanup of the javadoc <code> tag in java.security.*
juh
parents:
5506
diff
changeset
|
368 |
* @throws NullPointerException if {@code name} is {@code null}. |
b678846778ad
8019360: Cleanup of the javadoc <code> tag in java.security.*
juh
parents:
5506
diff
changeset
|
369 |
* @throws IllegalArgumentException if {@code name} is empty. |
2 | 370 |
*/ |
371 |
public SecurityPermission(String name, String actions) |
|
372 |
{ |
|
373 |
super(name, actions); |
|
374 |
} |
|
375 |
} |