1 /* 2 * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package java.lang.management; 27 28 /** 29 * The permission which the SecurityManager will check when code 30 * that is running with a SecurityManager calls methods defined 31 * in the management interface for the Java platform. 32 * <P> 33 * The following table 34 * provides a summary description of what the permission allows, 35 * and discusses the risks of granting code the permission. 36 * 37 * <table border=1 cellpadding=5 summary="Table shows permission target name, what the permission allows, and associated risks"> 38 * <tr> 39 * <th>Permission Target Name</th> 40 * <th>What the Permission Allows</th> 41 * <th>Risks of Allowing this Permission</th> 42 * </tr> 43 * 44 * <tr> 45 * <td>control</td> 46 * <td>Ability to control the runtime characteristics of the Java virtual 47 * machine, for example, enabling and disabling the verbose output for 48 * the class loading or memory system, setting the threshold of a memory 49 * pool, and enabling and disabling the thread contention monitoring 50 * support. Some actions controlled by this permission can disclose 51 * information about the running application, like the -verbose:class 52 * flag. 53 * </td> 54 * <td>This allows an attacker to control the runtime characteristics 55 * of the Java virtual machine and cause the system to misbehave. An 56 * attacker can also access some information related to the running 57 * application. 58 * </td> 59 * </tr> 60 * <tr> 61 * <td>monitor</td> 62 * <td>Ability to retrieve runtime information about 63 * the Java virtual machine such as thread 64 * stack trace, a list of all loaded class names, and input arguments 65 * to the Java virtual machine.</td> 66 * <td>This allows malicious code to monitor runtime information and 67 * uncover vulnerabilities.</td> 68 * </tr> 69 * 70 * </table> 71 * 72 * <p> 73 * Programmers do not normally create ManagementPermission objects directly. 74 * Instead they are created by the security policy code based on reading 75 * the security policy file. 76 * 77 * @author Mandy Chung 78 * @since 1.5 79 * 80 * @see java.security.BasicPermission 81 * @see java.security.Permission 82 * @see java.security.Permissions 83 * @see java.security.PermissionCollection 84 * @see java.lang.SecurityManager 85 * 86 */ 87 88 public final class ManagementPermission extends java.security.BasicPermission { 89 private static final long serialVersionUID = 1897496590799378737L; 90 91 /** 92 * Constructs a ManagementPermission with the specified name. 93 * 94 * @param name Permission name. Must be either "monitor" or "control". 95 * 96 * @throws NullPointerException if <code>name</code> is <code>null</code>. 97 * @throws IllegalArgumentException if <code>name</code> is empty or invalid. 98 */ ManagementPermission(String name)99 public ManagementPermission(String name) { 100 super(name); 101 if (!name.equals("control") && !name.equals("monitor")) { 102 throw new IllegalArgumentException("name: " + name); 103 } 104 } 105 106 /** 107 * Constructs a new ManagementPermission object. 108 * 109 * @param name Permission name. Must be either "monitor" or "control". 110 * @param actions Must be either null or the empty string. 111 * 112 * @throws NullPointerException if <code>name</code> is <code>null</code>. 113 * @throws IllegalArgumentException if <code>name</code> is empty or 114 * if arguments are invalid. 115 */ ManagementPermission(String name, String actions)116 public ManagementPermission(String name, String actions) 117 throws IllegalArgumentException { 118 super(name); 119 if (!name.equals("control") && !name.equals("monitor")) { 120 throw new IllegalArgumentException("name: " + name); 121 } 122 if (actions != null && actions.length() > 0) { 123 throw new IllegalArgumentException("actions: " + actions); 124 } 125 } 126 } 127