1/*
2 * Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.  Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26package javax.xml.bind;
27
28import java.security.BasicPermission;
29
30/**
31 * This class is for JAXB permissions. A {@code JAXBPermission}
32 * contains a name (also referred to as a "target name") but
33 * no actions list; you either have the named permission
34 * or you don't.
35 *
36 * <P>
37 * The target name is the name of the JAXB permission (see below).
38 *
39 * <P>
40 * The following table lists all the possible {@code JAXBPermission} target names,
41 * and for each provides a description of what the permission allows
42 * and a discussion of the risks of granting code the permission.
43 *
44 * <table class="striped">
45 * <caption style="display:none">Permission target name, what the permission allows, and associated risks"</caption>
46 * <thead>
47 * <tr>
48 * <th scope="col">Permission Target Name</th>
49 * <th scope="col">What the Permission Allows</th>
50 * <th scope="col">Risks of Allowing this Permission</th>
51 * </tr>
52 * </thead>
53 *
54 * <tbody style="text-align:left">
55 * <tr>
56 *   <th scope="row">setDatatypeConverter</th>
57 *   <td>
58 *     Allows the code to set VM-wide {@link DatatypeConverterInterface}
59 *     via {@link DatatypeConverter#setDatatypeConverter(DatatypeConverterInterface) the setDatatypeConverter method}
60 *     that all the methods on {@link DatatypeConverter} uses.
61 *   </td>
62 *   <td>
63 *     Malicious code can set {@link DatatypeConverterInterface}, which has
64 *     VM-wide singleton semantics,  before a genuine JAXB implementation sets one.
65 *     This allows malicious code to gain access to objects that it may otherwise
66 *     not have access to, such as {@link java.awt.Frame#getFrames()} that belongs to
67 *     another application running in the same JVM.
68 *   </td>
69 * </tr>
70 * </tbody>
71 * </table>
72 *
73 * @see java.security.BasicPermission
74 * @see java.security.Permission
75 * @see java.security.Permissions
76 * @see java.security.PermissionCollection
77 * @see java.lang.SecurityManager
78 *
79 * @author Joe Fialli
80 * @since 1.7, JAXB 2.2
81 */
82
83/* code was borrowed originally from java.lang.RuntimePermission. */
84public final class JAXBPermission extends BasicPermission {
85    /**
86     * Creates a new JAXBPermission with the specified name.
87     *
88     * @param name
89     * The name of the JAXBPermission. As of 2.2 only "setDatatypeConverter"
90     * is defined.
91     */
92    public JAXBPermission(String name) {
93        super(name);
94    }
95
96    private static final long serialVersionUID = 1L;
97}
98