1. /*

  2.  * @(#)AWTPermission.java	1.13 01/11/29

  3.  *

  4.  * Copyright 2002 Sun Microsystems, Inc. All rights reserved.

  5.  * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.

  6.  */

  7. 

  8. package java.awt;

  9. 

  10. import java.security.BasicPermission;

  11. 

  12. /**

  13.  * This class is for AWT permissions.

  14.  * An AWTPermission contains a target name but

  15.  * no actions list; you either have the named permission

  16.  * or you don't.

  17.  *

  18.  * <P>

  19.  * The target name is the name of the AWT permission (see below). The naming

  20.  * convention follows the hierarchical property naming convention.

  21.  * Also, an asterisk could be used to represent all AWT permissions.

  22.  *

  23.  * <P>

  24.  * The following table lists all the possible AWTPermission target names,

  25.  * and for each provides a description of what the permission allows

  26.  * and a discussion of the risks of granting code the permission.

  27.  * <P>

  28.  *

  29.  * <table border=1 cellpadding=5>

  30.  * <tr>

  31.  * <th>Permission Target Name</th>

  32.  * <th>What the Permission Allows</th>

  33.  * <th>Risks of Allowing this Permission</th>

  34.  * </tr>

  35.  *

  36.  * <tr>

  37.  *   <td>accessClipboard</td>

  38.  *   <td>Posting and retrieval of information to and from the AWT clipboard</td>

  39.  *   <td>This would allow malfeasant code to share

  40.  * potentially sensitive or confidential information.</td>

  41.  * </tr>

  42.  *

  43.  * <tr>

  44.  *   <td>accessEventQueue</td>

  45.  *   <td>Access to the AWT event queue</td>

  46.  *   <td>After retrieving the AWT event queue,

  47.  * malicious code may peek at and even remove existing events

  48.  * from its event queue, as well as post bogus events which may purposefully

  49.  * cause the application or applet to misbehave in an insecure manner.</td>

  50.  * </tr>

  51.  *

  52.  * <tr>

  53.  *   <td>listenToAllAWTEvents</td>

  54.  *   <td>Listen to all AWT events, system-wide</td>

  55.  *   <td>After adding an AWT event listener,

  56.  * malicious code may scan all AWT events dispatched in the system,

  57.  * allowing it to read all user input (such as passwords).  Each

  58.  * AWT event listener is called from within the context of that

  59.  * event queue's EventDispatchThread, so if the accessEventQueue

  60.  * permission is also enabled, malicious code could modify the

  61.  * contents of AWT event queues system-wide, causing the application

  62.  * or applet to misbehave in an insecure manner.</td>

  63.  * </tr>

  64.  *

  65.  * <tr>

  66.  *   <td>showWindowWithoutWarningBanner</td>

  67.  *   <td>Display of a window without also displaying a banner warning

  68.  * that the window was created by an applet</td>

  69.  *   <td>Without this warning,

  70.  * an applet may pop up windows without the user knowing that they

  71.  * belong to an applet.  Since users may make security-sensitive

  72.  * decisions based on whether or not the window belongs to an applet

  73.  * (entering a username and password into a dialog box, for example),

  74.  * disabling this warning banner may allow applets to trick the user

  75.  * into entering such information.</td>

  76.  * </tr>

  77.  *

  78.  * <tr>

  79.  *   <td>readDisplayPixels</td>

  80.  *   <td>Readback of pixels from the display screen</td>

  81.  *   <td>Interfaces such as the java.awt.Composite interface which

  82.  * allow arbitrary code to examine pixels on the display enable

  83.  * malicious code to snoop on the activities of the user.</td>

  84.  * </tr>

  85.  *

  86.  * </table>

  87.  *

  88.  * @see java.security.BasicPermission

  89.  * @see java.security.Permission

  90.  * @see java.security.Permissions

  91.  * @see java.security.PermissionCollection

  92.  * @see java.lang.SecurityManager

  93.  *

  94.  * @version 1.13 01/11/29

  95.  *

  96.  * @author Marianne Mueller

  97.  * @author Roland Schemers

  98.  */

  99. 

  100. public final class AWTPermission extends BasicPermission {

  101. 

  102.     /** use serialVersionUID from JDK 1.2 for interoperability */

  103.     private static final long serialVersionUID = 8890392402588814465L;

  104. 

  105.     /**

  106.      * Creates a new AWTPermission with the specified name.

  107.      * The name is the symbolic name of the AWTPermission, such as

  108.      * "topLevelWindow", "systemClipboard", etc. An asterisk

  109.      * may be used to indicate all AWT permissions.

  110.      *

  111.      * @param name the name of the AWTPermission.

  112.      */

  113. 

  114.     public AWTPermission(String name)

  115.     {

  116. 	super(name);

  117.     }

  118. 

  119.     /**

  120.      * Creates a new AWTPermission object with the specified name.

  121.      * The name is the symbolic name of the AWTPermission, and the

  122.      * actions String is currently unused and should be null. This

  123.      * constructor exists for use by the <code>Policy</code> object

  124.      * to instantiate new Permission objects.

  125.      *

  126.      * @param name the name of the AWTPermission.

  127.      * @param actions should be null.

  128.      */

  129. 

  130.     public AWTPermission(String name, String actions)

  131.     {

  132. 	super(name, actions);

  133.     }

  134. }