/*
* Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.tools.attach;
/**
* When a {@link java.lang.SecurityManager SecurityManager} set, this
* is the permission which will be checked when code invokes {@link
* VirtualMachine#attach VirtalMachine.attach} to attach to a target virtual
* machine.
* This permission is also checked when an {@link
* com.sun.tools.attach.spi.AttachProvider AttachProvider} is created.
*
* <p> An <code>AttachPermission</code> object contains a name (also referred
* to as a "target name") but no actions list; you either have the
* named permission or you don't.
* The following table provides a summary description of what the
* permission allows, and discusses the risks of granting code the
* permission.
*
* <table border=1 cellpadding=5 summary="Table shows permission
* target name, what the permission allows, and associated risks">
* <tr>
* <th>Permission Target Name</th>
* <th>What the Permission Allows</th>
* <th>Risks of Allowing this Permission</th>
* </tr>
*
* <tr>
* <td>attachVirtualMachine</td>
* <td>Ability to attach to another Java virtual machine and load agents
* into that VM.
* </td>
* <td>This allows an attacker to control the target VM which can potentially
* cause it to misbehave.
* </td>
* </tr>
*
* <tr>
* <td>createAttachProvider</td>
* <td>Ability to create an <code>AttachProvider</code> instance.
* </td>
* <td>This allows an attacker to create an AttachProvider which can
* potentially be used to attach to other Java virtual machines.
* </td>
* </tr>
*
* </table>
* <p>
* Programmers do not normally create AttachPermission objects directly.
* Instead they are created by the security policy code based on reading
* the security policy file.
*
* @see com.sun.tools.attach.VirtualMachine
* @see com.sun.tools.attach.spi.AttachProvider
*/
public final class AttachPermission extends java.security.BasicPermission {
/** use serialVersionUID for interoperability */
static final long serialVersionUID = -4619447669752976181L;
/**
* Constructs a new AttachPermission object.
*
* @param name Permission name. Must be either "attachVirtualMachine",
* or "createAttachProvider".
*
* @throws NullPointerException if name is <code>null</code>.
* @throws IllegalArgumentException if the name is invalid.
*/
public AttachPermission(String name) {
super(name);
if (!name.equals("attachVirtualMachine") && !name.equals("createAttachProvider")) {
throw new IllegalArgumentException("name: " + name);
}
}
/**
* Constructs a new AttachPermission object.
*
* @param name Permission name. Must be either "attachVirtualMachine",
* or "createAttachProvider".
*
* @param actions Not used and should be <code>null</code>, or
* the empty string.
*
* @throws NullPointerException if name is <code>null</code>.
* @throws IllegalArgumentException if arguments are invalid.
*/
public AttachPermission(String name, String actions) {
super(name);
if (!name.equals("attachVirtualMachine") && !name.equals("createAttachProvider")) {
throw new IllegalArgumentException("name: " + name);
}
if (actions != null && actions.length() > 0) {
throw new IllegalArgumentException("actions: " + actions);
}
}
}