1 /*
2  * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4  *
5  * This code is free software; you can redistribute it and/or modify it
6  * under the terms of the GNU General Public License version 2 only, as
7  * published by the Free Software Foundation.  Oracle designates this
8  * particular file as subject to the "Classpath" exception as provided
9  * by Oracle in the LICENSE file that accompanied this code.
10  *
11  * This code is distributed in the hope that it will be useful, but WITHOUT
12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
14  * version 2 for more details (a copy is included in the LICENSE file that
15  * accompanied this code).
16  *
17  * You should have received a copy of the GNU General Public License version
18  * 2 along with this work; if not, write to the Free Software Foundation,
19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20  *
21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22  * or visit www.oracle.com if you need additional information or have any
23  * questions.
24  */
25 
26 package java.lang.management;
27 
28 /**
29  * The permission which the SecurityManager will check when code
30  * that is running with a SecurityManager calls methods defined
31  * in the management interface for the Java platform.
32  * <P>
33  * The following table
34  * provides a summary description of what the permission allows,
35  * and discusses the risks of granting code the permission.
36  *
37  * <table border=1 cellpadding=5 summary="Table shows permission target name, what the permission allows, and associated risks">
38  * <tr>
39  * <th>Permission Target Name</th>
40  * <th>What the Permission Allows</th>
41  * <th>Risks of Allowing this Permission</th>
42  * </tr>
43  *
44  * <tr>
45  *   <td>control</td>
46  *   <td>Ability to control the runtime characteristics of the Java virtual
47  *       machine, for example, enabling and disabling the verbose output for
48  *       the class loading or memory system, setting the threshold of a memory
49  *       pool, and enabling and disabling the thread contention monitoring
50  *       support. Some actions controlled by this permission can disclose
51  *       information about the running application, like the -verbose:class
52  *       flag.
53  *   </td>
54  *   <td>This allows an attacker to control the runtime characteristics
55  *       of the Java virtual machine and cause the system to misbehave. An
56  *       attacker can also access some information related to the running
57  *       application.
58  *   </td>
59  * </tr>
60  * <tr>
61  *   <td>monitor</td>
62  *   <td>Ability to retrieve runtime information about
63  *       the Java virtual machine such as thread
64  *       stack trace, a list of all loaded class names, and input arguments
65  *       to the Java virtual machine.</td>
66  *   <td>This allows malicious code to monitor runtime information and
67  *       uncover vulnerabilities.</td>
68  * </tr>
69  *
70  * </table>
71  *
72  * <p>
73  * Programmers do not normally create ManagementPermission objects directly.
74  * Instead they are created by the security policy code based on reading
75  * the security policy file.
76  *
77  * @author  Mandy Chung
78  * @since   1.5
79  *
80  * @see java.security.BasicPermission
81  * @see java.security.Permission
82  * @see java.security.Permissions
83  * @see java.security.PermissionCollection
84  * @see java.lang.SecurityManager
85  *
86  */
87 
88 public final class ManagementPermission extends java.security.BasicPermission {
89     private static final long serialVersionUID = 1897496590799378737L;
90 
91     /**
92      * Constructs a ManagementPermission with the specified name.
93      *
94      * @param name Permission name. Must be either "monitor" or "control".
95      *
96      * @throws NullPointerException if <code>name</code> is <code>null</code>.
97      * @throws IllegalArgumentException if <code>name</code> is empty or invalid.
98      */
ManagementPermission(String name)99     public ManagementPermission(String name) {
100         super(name);
101         if (!name.equals("control") && !name.equals("monitor")) {
102             throw new IllegalArgumentException("name: " + name);
103         }
104     }
105 
106     /**
107      * Constructs a new ManagementPermission object.
108      *
109      * @param name Permission name. Must be either "monitor" or "control".
110      * @param actions Must be either null or the empty string.
111      *
112      * @throws NullPointerException if <code>name</code> is <code>null</code>.
113      * @throws IllegalArgumentException if <code>name</code> is empty or
114      * if arguments are invalid.
115      */
ManagementPermission(String name, String actions)116     public ManagementPermission(String name, String actions)
117         throws IllegalArgumentException {
118         super(name);
119         if (!name.equals("control") && !name.equals("monitor")) {
120             throw new IllegalArgumentException("name: " + name);
121         }
122         if (actions != null && actions.length() > 0) {
123             throw new IllegalArgumentException("actions: " + actions);
124         }
125     }
126 }
127