Mercurial Mercurial > jdk-sandbox / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
src/jdk.attach/share/classes/com/sun/tools/attach/AttachPermission.java
changeset 47216 71c04702a3d5
parent 46896 161d696f4ff4 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/jdk.attach/share/classes/com/sun/tools/attach/AttachPermission.java	Tue Sep 12 19:03:39 2017 +0200
@@ -0,0 +1,126 @@
+/*
+ * Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package com.sun.tools.attach;
+
+/**
+ * When a {@link java.lang.SecurityManager SecurityManager} set, this
+ * is the permission which will be checked when code invokes {@link
+ * VirtualMachine#attach VirtualMachine.attach} to attach to a target virtual
+ * machine.
+ * This permission is also checked when an {@link
+ * com.sun.tools.attach.spi.AttachProvider AttachProvider} is created.
+ *
+ * <p> An <code>AttachPermission</code> object contains a name (also referred
+ * to as a "target name") but no actions list; you either have the
+ * named permission or you don't.
+ * The following table provides a summary description of what the
+ * permission allows, and discusses the risks of granting code the
+ * permission.
+ *
+ * <table class="striped"><caption style="display:none">Table shows permission
+ * target name, what the permission allows, and associated risks</caption>
+ * <thead>
+ * <tr>
+ * <th scope="col">Permission Target Name</th>
+ * <th scope="col">What the Permission Allows</th>
+ * <th scope="col">Risks of Allowing this Permission</th>
+ * </tr>
+ * </thead>
+ * <tbody>
+ * <tr>
+ *   <th scope="row">attachVirtualMachine</th>
+ *   <td>Ability to attach to another Java virtual machine and load agents
+ *       into that VM.
+ *   </td>
+ *   <td>This allows an attacker to control the target VM which can potentially
+ *       cause it to misbehave.
+ *   </td>
+ * </tr>
+ *
+ * <tr>
+ *   <th scope="row">createAttachProvider</th>
+ *   <td>Ability to create an <code>AttachProvider</code> instance.
+ *   </td>
+ *   <td>This allows an attacker to create an AttachProvider which can
+ *       potentially be used to attach to other Java virtual machines.
+ *   </td>
+ * </tr>
+ * </tbody>
+ *
+ * </table>
+
+ * <p>
+ * Programmers do not normally create AttachPermission objects directly.
+ * Instead they are created by the security policy code based on reading
+ * the security policy file.
+ *
+ * @see com.sun.tools.attach.VirtualMachine
+ * @see com.sun.tools.attach.spi.AttachProvider
+ */
+
+public final class AttachPermission extends java.security.BasicPermission {
+
+    /** use serialVersionUID for interoperability */
+    static final long serialVersionUID = -4619447669752976181L;
+
+    /**
+     * Constructs a new AttachPermission object.
+     *
+     * @param name Permission name. Must be either "attachVirtualMachine",
+     *             or "createAttachProvider".
+     *
+     * @throws NullPointerException if name is <code>null</code>.
+     * @throws IllegalArgumentException if the name is invalid.
+     */
+    public AttachPermission(String name) {
+        super(name);
+        if (!name.equals("attachVirtualMachine") && !name.equals("createAttachProvider")) {
+            throw new IllegalArgumentException("name: " + name);
+        }
+    }
+
+    /**
+     * Constructs a new AttachPermission object.
+     *
+     * @param name Permission name.   Must be either "attachVirtualMachine",
+     *             or "createAttachProvider".
+     *
+     * @param actions Not used and should be <code>null</code>, or
+     *                the empty string.
+     *
+     * @throws NullPointerException if name is <code>null</code>.
+     * @throws IllegalArgumentException if arguments are invalid.
+     */
+    public AttachPermission(String name, String actions) {
+        super(name);
+        if (!name.equals("attachVirtualMachine") && !name.equals("createAttachProvider")) {
+            throw new IllegalArgumentException("name: " + name);
+        }
+        if (actions != null && actions.length() > 0) {
+            throw new IllegalArgumentException("actions: " + actions);
+        }
+    }
+}
jdk-sandbox