1. /*
  2. * @(#)AWTPermission.java 1.13 01/11/29
  3. *
  4. * Copyright 2002 Sun Microsystems, Inc. All rights reserved.
  5. * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
  6. */
  7. package java.awt;
  8. import java.security.BasicPermission;
  9. /**
  10. * This class is for AWT permissions.
  11. * An AWTPermission contains a target name but
  12. * no actions list; you either have the named permission
  13. * or you don't.
  14. *
  15. * <P>
  16. * The target name is the name of the AWT permission (see below). The naming
  17. * convention follows the hierarchical property naming convention.
  18. * Also, an asterisk could be used to represent all AWT permissions.
  19. *
  20. * <P>
  21. * The following table lists all the possible AWTPermission target names,
  22. * and for each provides a description of what the permission allows
  23. * and a discussion of the risks of granting code the permission.
  24. * <P>
  25. *
  26. * <table border=1 cellpadding=5>
  27. * <tr>
  28. * <th>Permission Target Name</th>
  29. * <th>What the Permission Allows</th>
  30. * <th>Risks of Allowing this Permission</th>
  31. * </tr>
  32. *
  33. * <tr>
  34. * <td>accessClipboard</td>
  35. * <td>Posting and retrieval of information to and from the AWT clipboard</td>
  36. * <td>This would allow malfeasant code to share
  37. * potentially sensitive or confidential information.</td>
  38. * </tr>
  39. *
  40. * <tr>
  41. * <td>accessEventQueue</td>
  42. * <td>Access to the AWT event queue</td>
  43. * <td>After retrieving the AWT event queue,
  44. * malicious code may peek at and even remove existing events
  45. * from its event queue, as well as post bogus events which may purposefully
  46. * cause the application or applet to misbehave in an insecure manner.</td>
  47. * </tr>
  48. *
  49. * <tr>
  50. * <td>listenToAllAWTEvents</td>
  51. * <td>Listen to all AWT events, system-wide</td>
  52. * <td>After adding an AWT event listener,
  53. * malicious code may scan all AWT events dispatched in the system,
  54. * allowing it to read all user input (such as passwords). Each
  55. * AWT event listener is called from within the context of that
  56. * event queue's EventDispatchThread, so if the accessEventQueue
  57. * permission is also enabled, malicious code could modify the
  58. * contents of AWT event queues system-wide, causing the application
  59. * or applet to misbehave in an insecure manner.</td>
  60. * </tr>
  61. *
  62. * <tr>
  63. * <td>showWindowWithoutWarningBanner</td>
  64. * <td>Display of a window without also displaying a banner warning
  65. * that the window was created by an applet</td>
  66. * <td>Without this warning,
  67. * an applet may pop up windows without the user knowing that they
  68. * belong to an applet. Since users may make security-sensitive
  69. * decisions based on whether or not the window belongs to an applet
  70. * (entering a username and password into a dialog box, for example),
  71. * disabling this warning banner may allow applets to trick the user
  72. * into entering such information.</td>
  73. * </tr>
  74. *
  75. * <tr>
  76. * <td>readDisplayPixels</td>
  77. * <td>Readback of pixels from the display screen</td>
  78. * <td>Interfaces such as the java.awt.Composite interface which
  79. * allow arbitrary code to examine pixels on the display enable
  80. * malicious code to snoop on the activities of the user.</td>
  81. * </tr>
  82. *
  83. * </table>
  84. *
  85. * @see java.security.BasicPermission
  86. * @see java.security.Permission
  87. * @see java.security.Permissions
  88. * @see java.security.PermissionCollection
  89. * @see java.lang.SecurityManager
  90. *
  91. * @version 1.13 01/11/29
  92. *
  93. * @author Marianne Mueller
  94. * @author Roland Schemers
  95. */
  96. public final class AWTPermission extends BasicPermission {
  97. /** use serialVersionUID from JDK 1.2 for interoperability */
  98. private static final long serialVersionUID = 8890392402588814465L;
  99. /**
  100. * Creates a new AWTPermission with the specified name.
  101. * The name is the symbolic name of the AWTPermission, such as
  102. * "topLevelWindow", "systemClipboard", etc. An asterisk
  103. * may be used to indicate all AWT permissions.
  104. *
  105. * @param name the name of the AWTPermission.
  106. */
  107. public AWTPermission(String name)
  108. {
  109. super(name);
  110. }
  111. /**
  112. * Creates a new AWTPermission object with the specified name.
  113. * The name is the symbolic name of the AWTPermission, and the
  114. * actions String is currently unused and should be null. This
  115. * constructor exists for use by the <code>Policy</code> object
  116. * to instantiate new Permission objects.
  117. *
  118. * @param name the name of the AWTPermission.
  119. * @param actions should be null.
  120. */
  121. public AWTPermission(String name, String actions)
  122. {
  123. super(name, actions);
  124. }
  125. }