RuntimePermission (GNU Classpath 0.94-pre Documentation)

A RuntimePermission contains a permission name, but no actions list. This means you either have the permission or you don't. Permission names have the follow the hierarchial property naming convention. In addition, an asterisk may appear at the end of a name if following a period or by itself.

Valid names	Invalid names
"accessClassInPackage.",""	"*", "x", "*.a"

The following table provides a list of all the possible RuntimePermission permission names with a description of what that permission allows.

Permission Name	Permission Allows	Risks
`createClassLoader`	creation of a class loader	a class loader can load rogue classes which bypass all security permissions
`getClassLoader`	retrieval of the class loader for the calling class	rogue code could load classes not otherwise available
`setContextClassLoader`	allows the setting of the context class loader used by a thread	rogue code could change the context class loader needed by system threads
`setSecurityManager`	allows the application to replace the security manager	the new manager may be less restrictive, so that rogue code can bypass existing security checks
`createSecurityManager`	allows the application to create a new security manager	rogue code can use the new security manager to discover information about the execution stack
`exitVM`	allows the application to halt the virtual machine	rogue code can mount a denial-of-service attack by killing the virtual machine
`shutdownHooks`	allows registration and modification of shutdown hooks	rogue code can add a hook that interferes with clean virtual machine shutdown
`setFactory`	allows the application to set the socket factory for socket, server socket, stream handler, or RMI socket factory.	rogue code can create a rogue network object which mangles or intercepts data
`setIO`	allows the application to set System.out, System.in, and System.err	rogue code could sniff user input and intercept or mangle output
`modifyThread`	allows the application to modify any thread in the virtual machine using any of the methods `stop`, `resume`, `suspend`, `setPriority`, and `setName` of classs `Thread`	rogue code could adversely modify system or user threads
`stopThread`	allows the application to `stop` any thread it has access to in the system	rogue code can stop arbitrary threads
`modifyThreadGroup`	allows the application to modify thread groups using any of the methods `destroy`, `resume`, `setDaemon`, `setMaxPriority`, `stop`, and `suspend` of the class `ThreadGroup`	rogue code can mount a denial-of-service attack by changing run priorities
`getProtectionDomain`	retrieve a class's ProtectionDomain	rogue code can gain information about the security policy, to prepare a better attack
`readFileDescriptor`	read a file descriptor	rogue code can read sensitive information
`writeFileDescriptor`	write a file descriptor	rogue code can write files, including viruses, and can modify the virtual machine binary; if not just fill up the disk
`loadLibrary.`library name	dynamic linking of the named library	native code can bypass many security checks of pure Java
`accessClassInPackage.`package name	access to a package via a ClassLoader	rogue code can access classes not normally available
`defineClassInPackage.`package name	define a class inside a given package	rogue code can install rogue classes, including in trusted packages like java.security or java.lang
`accessDeclaredMembers`	access declared class members via reflection	rogue code can discover information, invoke methods, or modify fields that are not otherwise available
`queuePrintJob`	initiate a print job	rogue code could make a hard copy of sensitive information, or simply waste paper

Since: 1.2

UNKNOWN: updated to 1.4

Class RuntimePermission

Constructor Detail

RuntimePermission

RuntimePermission

Constructor Summary
	RuntimePermission(String permissionName) Create a new permission with the specified name.
	RuntimePermission(String permissionName, String actions) Create a new permission with the specified name.