Source for java.io.SerializablePermission

   1: /*
   2:  * @(#)SerializablePermission.java    1.19 04/01/12
   3:  *
   4:  * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
   5:  * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
   6:  */
   7: 
   8: package java.io;
   9: 
  10: import java.security.*;
  11: import java.util.Enumeration;
  12: import java.util.Hashtable;
  13: import java.util.StringTokenizer;
  14: 
  15: /**
  16:  * This class is for Serializable permissions. A SerializablePermission
  17:  * contains a name (also referred to as a "target name") but
  18:  * no actions list; you either have the named permission
  19:  * or you don't.
  20:  *
  21:  * <P>
  22:  * The target name is the name of the Serializable permission (see below).
  23:  *
  24:  * <P>
  25:  * The following table lists all the possible SerializablePermission target names,
  26:  * and for each provides a description of what the permission allows
  27:  * and a discussion of the risks of granting code the permission.
  28:  * <P>
  29:  *
  30:  * <table border=1 cellpadding=5 summary="Permission target name, what the permission allows, and associated risks">
  31:  * <tr>
  32:  * <th>Permission Target Name</th>
  33:  * <th>What the Permission Allows</th>
  34:  * <th>Risks of Allowing this Permission</th>
  35:  * </tr>
  36:  *
  37:  * <tr>
  38:  *   <td>enableSubclassImplementation</td>
  39:  *   <td>Subclass implementation of ObjectOutputStream or ObjectInputStream
  40:  * to override the default serialization or deserialization, respectively,
  41:  * of objects</td>
  42:  *   <td>Code can use this to serialize or
  43:  * deserialize classes in a purposefully malfeasant manner. For example,
  44:  * during serialization, malicious code can use this to
  45:  * purposefully store confidential private field data in a way easily accessible
  46:  * to attackers. Or, during deserialization it could, for example, deserialize
  47:  * a class with all its private fields zeroed out.</td>
  48:  * </tr>
  49:  *
  50:  * <tr>
  51:  *   <td>enableSubstitution</td>
  52:  *   <td>Substitution of one object for another during
  53:  * serialization or deserialization</td>
  54:  *   <td>This is dangerous because malicious code
  55:  * can replace the actual object with one which has incorrect or
  56:  * malignant data.</td>
  57:  * </tr>
  58:  *
  59:  * </table>
  60:  *
  61:  * @see java.security.BasicPermission
  62:  * @see java.security.Permission
  63:  * @see java.security.Permissions
  64:  * @see java.security.PermissionCollection
  65:  * @see java.lang.SecurityManager
  66:  *
  67:  * @version 1.19, 01/12/04
  68:  *
  69:  * @author Joe Fialli
  70:  * @since 1.2
  71:  */
  72: 
  73: /* code was borrowed originally from java.lang.RuntimePermission. */
  74: 
  75:	  public final class SerializablePermission extends BasicPermission {
  76:
  77:    /**
  78:     * @serial
  79:     */
  80:    private String actions;
  81:
  82:    /**
  83:     * Creates a new SerializablePermission with the specified name.
  84:     * The name is the symbolic name of the SerializablePermission, such as
  85:     * "enableSubstitution", etc.
  86:     *
  87:     * @param name the name of the SerializablePermission.
  88:     */
  89:
  90:
  91:    public SerializablePermission(String name)
  92:	      {
  93:    super(name);
  94:    }
  95:
  96:    /**
  97:     * Creates a new SerializablePermission object with the specified name.
  98:     * The name is the symbolic name of the SerializablePermission, and the
  99:     * actions String is currently unused and should be null.
 100:     *
 101:     * @param name the name of the SerializablePermission.
 102:     * @param actions currently unused and must be set to null
 103:     */
 104:
 105:    public SerializablePermission(String name, String actions)
 106:	      {
 107:    super(name, actions);
 108:    }
 109:}