1. /*

  2.  * @(#)AWTPermission.java	1.18 00/02/02

  3.  *

  4.  * Copyright 1997-2000 Sun Microsystems, Inc. All Rights Reserved.

  5.  * 

  6.  * This software is the proprietary information of Sun Microsystems, Inc.  

  7.  * Use is subject to license terms.

  8.  * 

  9.  */

  10. 

  11. package java.awt;

  12. 

  13. import java.security.BasicPermission;

  14. 

  15. /**

  16.  * This class is for AWT permissions.

  17.  * An AWTPermission contains a target name but

  18.  * no actions list; you either have the named permission

  19.  * or you don't.

  20.  *

  21.  * <P>

  22.  * The target name is the name of the AWT permission (see below). The naming

  23.  * convention follows the hierarchical property naming convention.

  24.  * Also, an asterisk could be used to represent all AWT permissions.

  25.  *

  26.  * <P>

  27.  * The following table lists all the possible AWTPermission target names,

  28.  * and for each provides a description of what the permission allows

  29.  * and a discussion of the risks of granting code the permission.

  30.  * <P>

  31.  *

  32.  * <table border=1 cellpadding=5>

  33.  * <tr>

  34.  * <th>Permission Target Name</th>

  35.  * <th>What the Permission Allows</th>

  36.  * <th>Risks of Allowing this Permission</th>

  37.  * </tr>

  38.  *

  39.  * <tr>

  40.  *   <td>accessClipboard</td>

  41.  *   <td>Posting and retrieval of information to and from the AWT clipboard</td>

  42.  *   <td>This would allow malfeasant code to share

  43.  * potentially sensitive or confidential information.</td>

  44.  * </tr>

  45.  *

  46.  * <tr>

  47.  *   <td>accessEventQueue</td>

  48.  *   <td>Access to the AWT event queue</td>

  49.  *   <td>After retrieving the AWT event queue,

  50.  * malicious code may peek at and even remove existing events

  51.  * from its event queue, as well as post bogus events which may purposefully

  52.  * cause the application or applet to misbehave in an insecure manner.</td>

  53.  * </tr>

  54.  *

  55.  * <tr>

  56.  *   <td>listenToAllAWTEvents</td>

  57.  *   <td>Listen to all AWT events, system-wide</td>

  58.  *   <td>After adding an AWT event listener,

  59.  * malicious code may scan all AWT events dispatched in the system,

  60.  * allowing it to read all user input (such as passwords).  Each

  61.  * AWT event listener is called from within the context of that

  62.  * event queue's EventDispatchThread, so if the accessEventQueue

  63.  * permission is also enabled, malicious code could modify the

  64.  * contents of AWT event queues system-wide, causing the application

  65.  * or applet to misbehave in an insecure manner.</td>

  66.  * </tr>

  67.  *

  68.  * <tr>

  69.  *   <td>showWindowWithoutWarningBanner</td>

  70.  *   <td>Display of a window without also displaying a banner warning

  71.  * that the window was created by an applet</td>

  72.  *   <td>Without this warning,

  73.  * an applet may pop up windows without the user knowing that they

  74.  * belong to an applet.  Since users may make security-sensitive

  75.  * decisions based on whether or not the window belongs to an applet

  76.  * (entering a username and password into a dialog box, for example),

  77.  * disabling this warning banner may allow applets to trick the user

  78.  * into entering such information.</td>

  79.  * </tr>

  80.  *

  81.  * <tr>

  82.  *   <td>readDisplayPixels</td>

  83.  *   <td>Readback of pixels from the display screen</td>

  84.  *   <td>Interfaces such as the java.awt.Composite interface or the 

  85.  * java.awt.Robot class allow arbitrary code to examine pixels on the 

  86.  * display enable malicious code to snoop on the activities of the user.</td>

  87.  * </tr>

  88.  *

  89.  * <tr>

  90.  *   <td>createRobot</td>

  91.  *   <td>Create java.awt.Robot objects</td>

  92.  *   <td>The java.awt.Robot object allows code to generate native-level

  93.  * mouse and keyboard events as well as read the screen. It could allow

  94.  * malicious code to control the system, run other programs, read the

  95.  * display, and deny mouse and keyboard access to the user.</td>

  96.  * </tr>

  97.  * </table>

  98.  *

  99.  * @see java.security.BasicPermission

  100.  * @see java.security.Permission

  101.  * @see java.security.Permissions

  102.  * @see java.security.PermissionCollection

  103.  * @see java.lang.SecurityManager

  104.  *

  105.  * @version 	1.18, 02/02/00

  106.  *

  107.  * @author Marianne Mueller

  108.  * @author Roland Schemers

  109.  */

  110. 

  111. public final class AWTPermission extends BasicPermission {

  112. 

  113.     /** use serialVersionUID from the Java 2 platform for interoperability */

  114.     private static final long serialVersionUID = 8890392402588814465L;

  115. 

  116.     /**

  117.      * Creates a new AWTPermission with the specified name.

  118.      * The name is the symbolic name of the AWTPermission, such as

  119.      * "topLevelWindow", "systemClipboard", etc. An asterisk

  120.      * may be used to indicate all AWT permissions.

  121.      *

  122.      * @param name the name of the AWTPermission.

  123.      */

  124. 

  125.     public AWTPermission(String name)

  126.     {

  127. 	super(name);

  128.     }

  129. 

  130.     /**

  131.      * Creates a new AWTPermission object with the specified name.

  132.      * The name is the symbolic name of the AWTPermission, and the

  133.      * actions String is currently unused and should be null. This

  134.      * constructor exists for use by the <code>Policy</code> object

  135.      * to instantiate new Permission objects.

  136.      *

  137.      * @param name the name of the AWTPermission.

  138.      * @param actions should be null.

  139.      */

  140. 

  141.     public AWTPermission(String name, String actions)

  142.     {

  143. 	super(name, actions);

  144.     }

  145. }