java.security
public final class SecurityPermission extends BasicPermission
The list of valid permission names is:
| Permission Name | Permission Allows | Risks |
|---|---|---|
createAccessControlContext |
Allows creation of an AccessControlContext | The new control context can have a rogue DomainCombiner, leading to a privacy leak |
getDomainCombiner |
Get a DomainCombiner from an AccessControlContext | Access to a DomainCombiner can lead to a privacy leak |
getPolicy |
Allows retrieval of the system security policy | Malicious code can use information from the policy to better plan an attack |
setPolicy |
Allows the security policy to be changed | Malicious code can give itself any permission it wants |
getProperty.key |
Retrieve the property specified by the key | Malicious code can use information from the property to better plan an attack |
setProperty.key |
Allows changing of the value of all properties implied by key | Malicious code can insert rogue classes to steal keys or recreate the security policy with whatever permissions it desires |
insertProvider.key |
Allows the named provider to be added | Malicious code can insert rogue providers that steal data |
removeProvider.key |
Allows the named provider to be removed | A missing provider can cripple code that relies on it |
setSystemScope |
Allows the system identity scope to be set | Malicious code can add certificates not available in the original identity scope, to gain more permissions |
setIdentityPublicKey |
Allows the public key of an Identity to be set | Malicious code can install its own key to gain permissions not allowed by the original identity scope |
SetIdentityInfo |
Allows the description of an Identity to be set | Malicious code can spoof users into trusting a fake identity |
addIdentityCertificate |
Allows a certificate to be set for the public key of an identity | The public key can become trusted to a wider audience than originally intended |
removeIdentityCertificate |
Allows removal of a certificate from an identity's public key | The public key can become less trusted than it should be |
printIdentity |
View the name of the identity and scope, and whether they are trusted | The scope may include a filename, which provides an entry point for further security breaches |
clearProviderProperties.key |
Allows the properties of the named provider to be cleared | This can disable parts of the program which depend on finding the provider |
putProviderProperty.key |
Allows the properties of the named provider to be changed | Malicious code can replace the implementation of a provider |
removeProviderProperty.key |
Allows the properties of the named provider to be deleted | This can disable parts of the program which depend on finding the provider |
getSignerPrivateKey |
Allows the retrieval of the private key for a signer | Anyone that can access the private key can claim to be the Signer |
setSignerKeyPair |
Allows the public and private key of a Signer to be changed | The replacement might be a weaker encryption, or the attacker can use knowledge of the replaced key to decrypt an entire communication session |
There is some degree of security risk in granting any of these permissions. Some of them can completely compromise system security. Please exercise extreme caution in granting these permissions.
Since: 1.1
See Also: Permission SecurityManager
UNKNOWN: updated to 1.4
| Constructor Summary | |
|---|---|
| SecurityPermission(String name)
Create a new instance with the specified name.
| |
| SecurityPermission(String name, String actions)
Create a new instance with the specified name. | |
Parameters: name the name to assign to this permission
Parameters: name the name to assign to this permission actions ignored