java.lang.RuntimePermission
This class is for runtime permissions. A RuntimePermissioncontains a name (also referred to as a "target name") but no actionslist; you either have the named permission or you don't.
The following table lists the standard RuntimePermissiontarget names, and for each provides a description of what the permissionallows and a discussion of the risks of granting code the permission.
Declaration
public final class RuntimePermission extends BasicPermission {@java.io.Serialprivate static final long serialVersionUID =7399184964622342223L;public RuntimePermission(String name) {super(name);}public RuntimePermission(String name, String actions) {super(name, actions);}}
1.
Permission Target Name: createClassLoader
What the Permission Allows: Creation of a class loader
Risks of Allowing this Permission: This is an extremely dangerous permission to grant.Malicious applications that can instantiate their own classloaders could then load their own rogue classes into the system.These newly loaded classes could be placed into any protectiondomain by the class loader, thereby automatically granting theclasses the permissions for that domain.
2.
Permission Target Name: getClassLoader
What the Permission Allows:Retrieval of a class loader (e.g., the class loader for the callingclass).
Risks of Allowing this Permission: This would grant an attacker permission to get theclass loader for a particular class. This is dangerous becausehaving access to a class's class loader allows the attacker toload other classes available to that class loader. The attackerwould typically otherwise not have access to those classes.
3.
Permission Target Name: setContextClassLoader
What the Permission Allows: Setting of the context class loader used by a thread.
Risks of Allowing this Permission: The context class loader is used by system code and extensionswhen they need to lookup resources that might not exist in the systemclass loader. Granting setContextClassLoader permission would allowcode to change which context class loader is usedfor a particular thread, including system threads.
4.
Permission Target Name: enableContextClassLoaderOverride
What the Permission Allows: Subclass implementation of the thread context class loader methods.
Risks of Allowing this Permission: The context class loader is used by system code and extensionswhen they need to lookup resources that might not exist in the systemclass loader. Granting enableContextClassLoaderOverride permission would allowa subclass of Thread to override the methods that are usedto get or set the context class loader for a particular thread.
5.
Permission Target Name: closeClassLoader
What the Permission Allows: Closing of a ClassLoader
Risks of Allowing this Permission: Granting this permission allows code to close any URLClassLoaderthat it has a reference to.
6.
Permission Target Name: setSecurityManager
What the Permission Allows: Setting of the security manager (possibly replacing an existing one).
Risks of Allowing this Permission: The security manager is a class that allowsapplications to implement a security policy. Granting the setSecurityManagerpermission would allow code to change which security manager is used byinstalling a different, possibly less restrictive security manager,thereby bypassing checks that would have been enforced by the originalsecurity manager.
7.
Permission Target Name: createSecurityManager
What the Permission Allows: Creation of a new security manager
Risks of Allowing this Permission: This gives code access to protected, sensitive methods that maydisclose information about other classes or the execution stack.
8.
Permission Target Name: getenv.{variable name}
What the Permission Allows: Reading of the value of the specified environment variable.
Risks of Allowing this Permission: This would allow code to read the value, or determine theexistence, of a particular environment variable. This isdangerous if the variable contains confidential data.
9.
Permission Target Name: exitVM.{exit status}
What the Permission Allows: Halting of the Java Virtual Machine with the specified exit status.
Risks of Allowing this Permission: This allows an attacker to mount a denial-of-service attackby automatically forcing the virtual machine to halt.Note: The "exitVM.*" permission is automatically granted to all codeloaded from the application class path, thus enabling applicationsto terminate themselves. Also, the "exitVM" permission is equivalent to"exitVM.*".
10.
Permission Target Name: shutdownHooks
What the Permission Allows: Registration and cancellation of virtual-machine shutdown hooks.
Risks of Allowing this Permission: This allows an attacker to register a malicious shutdownhook that interferes with the clean shutdown of the virtual machine.
11.
Permission Target Name: setFactory
What the Permission Allows: Setting of the socket factory used by ServerSocket or Socket,or of the stream handler factory used by URL
Risks of Allowing this Permission: This allows code to set the actual implementationfor the socket, server socket, stream handler, or RMI socket factory.An attacker may set a faulty implementation which mangles the datastream.
12.
Permission Target Name: setIO
What the Permission Allows: Setting of System.out, System.in, and System.err
Risks of Allowing this Permission: This allows changing the value of the standard system streams.An attacker may change System.in to monitor andsteal user input, or may set System.err to a "null" OutputStream,which would hide any error messages sent to System.err.
13.
Permission Target Name: modifyThread
What the Permission Allows: Modification of threads, e.g., via calls to Thread interrupt, stop, suspend, resume, setDaemon, setPriority,setName and setUncaughtExceptionHandlermethods.
Risks of Allowing this Permission: This allows an attacker to modify the behaviour ofany thread in the system.
14.
Permission Target Name: stopThread
What the Permission Allows: Stopping of threads via calls to the Thread stopmethod.
Risks of Allowing this Permission: This allows code to stop any thread in the system provided that it isalready granted permission to access that thread.This poses as a threat, because that code may corrupt the system bykilling existing threads.
15.
Permission Target Name: modifyThreadGroup
What the Permission Allows: modification of thread groups, e.g., via calls to ThreadGroup destroy, getParent, resume, setDaemon, setMaxPriority, stop,and suspend methods.
Risks of Allowing this Permission: This allows an attacker to create thread groups andset their run priority.
16.
Permission Target Name: getProtectionDomain
What the Permission Allows: Retrieval of the ProtectionDomain for a class.
Risks of Allowing this Permission: This allows code to obtain policy informationfor a particular code source. While obtaining policy informationdoes not compromise the security of the system, it does giveattackers additional information, such as local file names forexample, to better aim an attack.
17.
Permission Target Name: getFileSystemAttributes
What the Permission Allows: Retrieval of file system attributes.
Risks of Allowing this Permission: This allows code to obtain file system information such as disk usageor disk space available to the caller. This is potentially dangerousbecause it discloses information about the system hardwareconfiguration and some information about the caller's privilege towrite files.
18.
Permission Target Name: readFileDescriptor
What the Permission Allows: Reading of file descriptors
Risks of Allowing this Permission: This would allow code to read the particular file associatedwith the file descriptor read. This is dangerous if the filecontains confidential data.
19.
Permission Target Name: writeFileDescriptor
What the Permission Allows: Writing to file descriptors.
Risks of Allowing this Permission: This allows code to write to a particular file associatedwith the descriptor. This is dangerous because it may allowmalicious code to plant viruses or at the very least, fill upyour entire disk.
20.
Permission Target Name: loadLibrary.{library name}
What the Permission Allows: Dynamic linking of the specified library.
Risks of Allowing this Permission: It is dangerous to allow an applet permission to load native codelibraries, because the Java security architecture is not designed to anddoes not prevent malicious behavior at the level of native code.
21.
Permission Target Name: accessClassInPackage.{package name}
What the Permission Allows: Access to the specified package via a class loader's loadClass method when that class loader callsthe SecurityManager checkPackageAccess method.
Risks of Allowing this Permission: This gives code access to classes in packagesto which it normally does not have access. Malicious codemay use these classes to help in its attempt to compromisesecurity in the system.
22.
Permission Target Name: defineClassInPackage.{package name}
What the Permission Allows: Definition of classes in the specified package, via a classloader's defineClass method when that class loader callsthe SecurityManager checkPackageDefinition method.
Risks of Allowing this Permission: This grants code permission to define a classin a particular package. This is dangerous because maliciouscode with this permission may define rogue classes intrusted packages like java.security or java.lang,for example.
23.
Permission Target Name: defineClass
What the Permission Allows: Define a class with Lookup.defineClass.
Risks of Allowing this Permission: This grants code with a suitably privileged Lookup objectpermission to define classes in the same package as the Lookup'slookup class.
24.
Permission Target Name: accessDeclaredMembers
What the Permission Allows: Access to the declared members of a class.
Risks of Allowing this Permission: This grants code permission to query a class for its public,protected, default (package) access, and private fields and/ormethods. Although the code would haveaccess to the private and protected field and method names, it would nothave access to the private/protected field data and would not be ableto invoke any private methods. Nevertheless, malicious codemay use this information to better aim an attack.Additionally, it may invoke any public methods and/or access public fieldsin the class. This could be dangerous ifthe code would normally not be able to invoke those methods and/oraccess the fields becauseit can't cast the object to the class/interface with those methodsand fields.
25.
Permission Target Name: queuePrintJob
What the Permission Allows: Initiation of a print job request.
Risks of Allowing this Permission: This could print sensitive information to a printer,or simply waste paper.
26.
Permission Target Name: getStackTrace
What the Permission Allows: Retrieval of the stack trace information of another thread.
Risks of Allowing this Permission: This allows retrieval of the stack trace information ofanother thread. This might allow malicious code to monitor theexecution of threads and discover vulnerabilities in applications.
27.
Permission Target Name: getStackWalkerWithClassReference
What the Permission Allows: Get a stack walker that can retrieve stack frames with class reference.
Risks of Allowing this Permission: This allows retrieval of Class objects from stack walking.This might allow malicious code to access Class objects on the stackoutside its own context.
28.
Permission Target Name: setDefaultUncaughtExceptionHandler
What the Permission Allows: Setting the default handler to be used when a threadterminates abruptly due to an uncaught exception.
Risks of Allowing this Permission: This allows an attacker to register a maliciousuncaught exception handler that could interfere with terminationof a thread
29.
Permission Target Name: preferences
What the Permission Allows: Represents the permission required to get access to thejava.util.prefs.Preferences implementations user or system rootwhich in turn allows retrieval or update operations within thePreferences persistent backing store.)
Risks of Allowing this Permission: This permission allows the user to read from or write to thepreferences backing store if the user running the code hassufficient OS privileges to read/write to that backing store.The actual backing store may reside within a traditional filesystemdirectory or within a registry depending on the platform OS.
30
Permission Target Name: manageProcess
What the Permission Allows: Native process termination and information about processes ProcessHandle.
Risks of Allowing this Permission: Allows code to identify and terminate processes that it did not create.
31.
Permission Target Name: localeServiceProvider
What the Permission Allows: This RuntimePermission is required to be granted toclasses which subclass and implement java.util.spi.LocaleServiceProvider.
Risks of Allowing this Permission: The permission ischecked during invocation of the abstract base class constructor.This permission ensures trust in classes which implement thissecurity-sensitive provider mechanism. See java.util.spi.LocaleServiceProvider for moreinformation.
32.
Permission Target Name: loggerFinder
What the Permission Allows: This RuntimePermission is required to be granted toclasses which subclass or call methods on java.lang.System.LoggerFinder.
Risks of Allowing this Permission: The permission ischecked during invocation of the abstract base class constructor, aswell as on the invocation of its public methods.This permission ensures trust in classes which provide loggersto system classes. See java.lang.System.LoggerFinderfor more information.
33.
Permission Target Name: accessSystemModules
What the Permission Allows: Access system modules in the runtime image.
Risks of Allowing this Permission: This grants the permission to access resources in the system modules in the runtime image.
Methods
1. RuntimePermission(String name)
java.lang.RuntimePermission.RuntimePermission(String name)
This method takes one argument. This method creates a new RuntimePermission with the specified name.
The name is the symbolic name of the RuntimePermission, such as"exit", "setFactory", etc. An asterisk may appear at the end of the name, following a ".", or by itself, to signify a wild card match.
Parameters: One parameter is required for this method.
name: the name of the RuntimePermission.
Throws:
1. NullPointerException - if name is null.
2. IllegalArgumentException - if name is empty.
Approach 1: When no exception
Java
package com.RuntimePermission;public class RuntimePermission1 {public static void main(String[] args) {String name = "hello";RuntimePermission runtimePermission =new RuntimePermission(name);System.out.println(runtimePermission);}}
Output:
("java.lang.RuntimePermission" "hello")
Approach 2: NullPointerException
Java
package com.RuntimePermission;public class RuntimePermission1 {public static void main(String[] args) {String name = null;RuntimePermission runtimePermission =new RuntimePermission(name);System.out.println(runtimePermission);}}
Output:
Exception in thread "main" java.lang.NullPointerException: name can't be null at java.base/java.security.BasicPermission.init(BasicPermission.java:89) at java.base/java.security.BasicPermission.<init>(BasicPermission.java:131) at java.base/java.lang.RuntimePermission.<init>(RuntimePermission.java:420) at com.RuntimePermission.RuntimePermission1.main(RuntimePermission1.java:7)
Approach 3: IllegalArgumentException
Java
package com.RuntimePermission;public class RuntimePermission1 {public static void main(String[] args) {String name = "";RuntimePermission runtimePermission =new RuntimePermission(name);System.out.println(runtimePermission);}}
Output:
Exception in thread "main" java.lang.IllegalArgumentException: name can't be empty at java.base/java.security.BasicPermission.init(BasicPermission.java:94) at java.base/java.security.BasicPermission.<init>(BasicPermission.java:131) at java.base/java.lang.RuntimePermission.<init>(RuntimePermission.java:420) at com.RuntimePermission.RuntimePermission1.main(RuntimePermission1.java:7)
2. RuntimePermission(String name, String actions)
java.lang.RuntimePermission.RuntimePermission(String name, String actions)
This method takes two arguments. This method creates a new RuntimePermission object with the specified name.The name is the symbolic name of the RuntimePermission, and the actions String is currently unused and should be null.
Parameters: Two parameters are required for this method.
name: the name of the RuntimePermission.
actions: should be null.
Throws:
1. NullPointerException - if name is null.
2. IllegalArgumentException - if name is empty.
Approach 1: When no exception
Java
package com.RuntimePermission;public class RuntimePermission2 {public static void main(String[] args) {String name = "hello";String actions = "read";RuntimePermission runtimePermission =new RuntimePermission(name, actions);System.out.println(runtimePermission);}}
Output:
("java.lang.RuntimePermission" "hello")
Approach 2: NullPointerException
Java
package com.RuntimePermission;public class RuntimePermission2 {public static void main(String[] args) {String name = null;String actions = "read";RuntimePermission runtimePermission =new RuntimePermission(name, actions);System.out.println(runtimePermission);}}
Output:
Exception in thread "main" java.lang.NullPointerException: name can't be null at java.base/java.security.BasicPermission.init(BasicPermission.java:89) at java.base/java.security.BasicPermission.<init>(BasicPermission.java:148) at java.base/java.lang.RuntimePermission.<init>(RuntimePermission.java:437) at com.RuntimePermission.RuntimePermission2.main(RuntimePermission2.java:8)
Approach 3: IllegalArgumentException
Java
package com.RuntimePermission;public class RuntimePermission2 {public static void main(String[] args) {String name = "";String actions = "read";RuntimePermission runtimePermission =new RuntimePermission(name, actions);System.out.println(runtimePermission);}}
Output:
Exception in thread "main" java.lang.IllegalArgumentException: name can't be empty at java.base/java.security.BasicPermission.init(BasicPermission.java:94) at java.base/java.security.BasicPermission.<init>(BasicPermission.java:148) at java.base/java.lang.RuntimePermission.<init>(RuntimePermission.java:437) at com.RuntimePermission.RuntimePermission2.main(RuntimePermission2.java:8)
No comments:
Post a Comment