1 /*

     2  * Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved.

     3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

     4  *

     5  * This code is free software; you can redistribute it and/or modify it

     6  * under the terms of the GNU General Public License version 2 only, as

     7  * published by the Free Software Foundation.  Oracle designates this

     8  * particular file as subject to the "Classpath" exception as provided

     9  * by Oracle in the LICENSE file that accompanied this code.

    10  *

    11  * This code is distributed in the hope that it will be useful, but WITHOUT

    12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

    13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

    14  * version 2 for more details (a copy is included in the LICENSE file that

    15  * accompanied this code).

    16  *

    17  * You should have received a copy of the GNU General Public License version

    18  * 2 along with this work; if not, write to the Free Software Foundation,

    19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

    20  *

    21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

    22  * or visit www.oracle.com if you need additional information or have any

    23  * questions.

    24  */

    25 

    26 package com.sun.tools.attach;

    27 

    28 /**

    29  * When a {@link java.lang.SecurityManager SecurityManager} set, this

    30  * is the permission which will be checked when code invokes {@link

    31  * VirtualMachine#attach VirtualMachine.attach} to attach to a target virtual

    32  * machine.

    33  * This permission is also checked when an {@link

    34  * com.sun.tools.attach.spi.AttachProvider AttachProvider} is created.

    35  *

    36  * <p> An <code>AttachPermission</code> object contains a name (also referred

    37  * to as a "target name") but no actions list; you either have the

    38  * named permission or you don't.

    39  * The following table provides a summary description of what the

    40  * permission allows, and discusses the risks of granting code the

    41  * permission.

    42  *

    43  * <table class="striped"><caption style="display:none">Table shows permission

    44  * target name, what the permission allows, and associated risks</caption>

    45  * <thead>

    46  * <tr>

    47  * <th scope="col">Permission Target Name</th>

    48  * <th scope="col">What the Permission Allows</th>

    49  * <th scope="col">Risks of Allowing this Permission</th>

    50  * </tr>

    51  * </thead>

    52  * <tbody>

    53  * <tr>

    54  *   <th scope="row">attachVirtualMachine</th>

    55  *   <td>Ability to attach to another Java virtual machine and load agents

    56  *       into that VM.

    57  *   </td>

    58  *   <td>This allows an attacker to control the target VM which can potentially

    59  *       cause it to misbehave.

    60  *   </td>

    61  * </tr>

    62  *

    63  * <tr>

    64  *   <th scope="row">createAttachProvider</th>

    65  *   <td>Ability to create an <code>AttachProvider</code> instance.

    66  *   </td>

    67  *   <td>This allows an attacker to create an AttachProvider which can

    68  *       potentially be used to attach to other Java virtual machines.

    69  *   </td>

    70  * </tr>

    71  * </tbody>

    72  *

    73  * </table>

    74 

    75  * <p>

    76  * Programmers do not normally create AttachPermission objects directly.

    77  * Instead they are created by the security policy code based on reading

    78  * the security policy file.

    79  *

    80  * @see com.sun.tools.attach.VirtualMachine

    81  * @see com.sun.tools.attach.spi.AttachProvider

    82  */

    83 

    84 public final class AttachPermission extends java.security.BasicPermission {

    85 

    86     /** use serialVersionUID for interoperability */

    87     static final long serialVersionUID = -4619447669752976181L;

    88 

    89     /**

    90      * Constructs a new AttachPermission object.

    91      *

    92      * @param name Permission name. Must be either "attachVirtualMachine",

    93      *             or "createAttachProvider".

    94      *

    95      * @throws NullPointerException if name is <code>null</code>.

    96      * @throws IllegalArgumentException if the name is invalid.

    97      */

    98     public AttachPermission(String name) {

    99         super(name);

   100         if (!name.equals("attachVirtualMachine") && !name.equals("createAttachProvider")) {

   101             throw new IllegalArgumentException("name: " + name);

   102         }

   103     }

   104 

   105     /**

   106      * Constructs a new AttachPermission object.

   107      *

   108      * @param name Permission name.   Must be either "attachVirtualMachine",

   109      *             or "createAttachProvider".

   110      *

   111      * @param actions Not used and should be <code>null</code>, or

   112      *                the empty string.

   113      *

   114      * @throws NullPointerException if name is <code>null</code>.

   115      * @throws IllegalArgumentException if arguments are invalid.

   116      */

   117     public AttachPermission(String name, String actions) {

   118         super(name);

   119         if (!name.equals("attachVirtualMachine") && !name.equals("createAttachProvider")) {

   120             throw new IllegalArgumentException("name: " + name);

   121         }

   122         if (actions != null && actions.length() > 0) {

   123             throw new IllegalArgumentException("actions: " + actions);

   124         }

   125     }

   126 }