1 /*
  2  * Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
  3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  4  *
  5  * This code is free software; you can redistribute it and/or modify it
  6  * under the terms of the GNU General Public License version 2 only, as
  7  * published by the Free Software Foundation.  Oracle designates this
  8  * particular file as subject to the "Classpath" exception as provided
  9  * by Oracle in the LICENSE file that accompanied this code.
 10  *
 11  * This code is distributed in the hope that it will be useful, but WITHOUT
 12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 14  * version 2 for more details (a copy is included in the LICENSE file that
 15  * accompanied this code).
 16  *
 17  * You should have received a copy of the GNU General Public License version
 18  * 2 along with this work; if not, write to the Free Software Foundation,
 19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 20  *
 21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 22  * or visit www.oracle.com if you need additional information or have any
 23  * questions.
 24  */
 25 
 26 package java.net;
 27 
 28 import java.security.*;
 29 import java.util.Enumeration;
 30 import java.util.Hashtable;
 31 import java.util.StringTokenizer;
 32 
 33 /**
 34  * This class is for various network permissions.
 35  * A NetPermission contains a name (also referred to as a "target name") but
 36  * no actions list; you either have the named permission
 37  * or you don't.
 38  * <P>
 39  * The target name is the name of the network permission (see below). The naming
 40  * convention follows the  hierarchical property naming convention.
 41  * Also, an asterisk
 42  * may appear at the end of the name, following a ".", or by itself, to
 43  * signify a wildcard match. For example: "foo.*" and "*" signify a wildcard
 44  * match, while "*foo" and "a*b" do not.
 45  * <P>
 46  * The following table lists the standard NetPermission target names,
 47  * and for each provides a description of what the permission allows
 48  * and a discussion of the risks of granting code the permission.
 49  *
 50  * <table class="striped">
 51  * <caption style="display:none">Permission target name, what the permission allows, and associated risks</caption>
 52  * <thead>
 53  * <tr>
 54  * <th scope="col">Permission Target Name</th>
 55  * <th scope="col">What the Permission Allows</th>
 56  * <th scope="col">Risks of Allowing this Permission</th>
 57  * </tr>
 58  * </thead>
 59  * <tbody>
 60  * <tr>
 61  *   <th scope="row">allowHttpTrace</th>
 62  *   <td>The ability to use the HTTP TRACE method in HttpURLConnection.</td>
 63  *   <td>Malicious code using HTTP TRACE could get access to security sensitive
 64  *   information in the HTTP headers (such as cookies) that it might not
 65  *   otherwise have access to.</td>
 66  *   </tr>
 67  *
 68  * <tr>
 69  *   <th scope="row">getCookieHandler</th>
 70  *   <td>The ability to get the cookie handler that processes highly
 71  *   security sensitive cookie information for an Http session.</td>
 72  *   <td>Malicious code can get a cookie handler to obtain access to
 73  *   highly security sensitive cookie information. Some web servers
 74  *   use cookies to save user private information such as access
 75  *   control information, or to track user browsing habit.</td>
 76  *   </tr>
 77  *
 78  * <tr>
 79  *   <th scope="row">getNetworkInformation</th>
 80  *   <td>The ability to retrieve all information about local network interfaces.</td>
 81  *   <td>Malicious code can read information about network hardware such as
 82  *   MAC addresses, which could be used to construct local IPv6 addresses.</td>
 83  * </tr>
 84  *
 85  * <tr>
 86  *   <th scope="row">getProxySelector</th>
 87  *   <td>The ability to get the proxy selector used to make decisions
 88  *   on which proxies to use when making network connections.</td>
 89  *   <td>Malicious code can get a ProxySelector to discover proxy
 90  *   hosts and ports on internal networks, which could then become
 91  *   targets for attack.</td>
 92  * </tr>
 93  *
 94  * <tr>
 95  *   <th scope="row">getResponseCache</th>
 96  *   <td>The ability to get the response cache that provides
 97  *   access to a local response cache.</td>
 98  *   <td>Malicious code getting access to the local response cache
 99  *   could access security sensitive information.</td>
100  *   </tr>
101  *
102  * <tr>
103  *   <th scope="row">requestPasswordAuthentication</th>
104  *   <td>The ability
105  *   to ask the authenticator registered with the system for
106  *   a password</td>
107  *   <td>Malicious code may steal this password.</td>
108  * </tr>
109  *
110  * <tr>
111  *   <th scope="row">setCookieHandler</th>
112  *   <td>The ability to set the cookie handler that processes highly
113  *   security sensitive cookie information for an Http session.</td>
114  *   <td>Malicious code can set a cookie handler to obtain access to
115  *   highly security sensitive cookie information. Some web servers
116  *   use cookies to save user private information such as access
117  *   control information, or to track user browsing habit.</td>
118  *   </tr>
119  *
120  * <tr>
121  *   <th scope="row">setDefaultAuthenticator</th>
122  *   <td>The ability to set the
123  *   way authentication information is retrieved when
124  *   a proxy or HTTP server asks for authentication</td>
125  *   <td>Malicious
126  *   code can set an authenticator that monitors and steals user
127  *   authentication input as it retrieves the input from the user.</td>
128  * </tr>
129  *
130  * <tr>
131  *   <th scope="row">setProxySelector</th>
132  *   <td>The ability to set the proxy selector used to make decisions
133  *   on which proxies to use when making network connections.</td>
134  *   <td>Malicious code can set a ProxySelector that directs network
135  *   traffic to an arbitrary network host.</td>
136  * </tr>
137  *
138  * <tr>
139  *   <th scope="row">setResponseCache</th>
140  *   <td>The ability to set the response cache that provides access to
141  *   a local response cache.</td>
142  *   <td>Malicious code getting access to the local response cache
143  *   could access security sensitive information, or create false
144  *   entries in the response cache.</td>
145  *   </tr>
146  *
147  * <tr>
148  *   <th scope="row">setSocketImpl</th>
149  *   <td>The ability to create a sub-class of Socket or ServerSocket with a
150  *   user specified SocketImpl.</td>
151  *   <td>Malicious user-defined SocketImpls can change the behavior of
152  *   Socket and ServerSocket in surprising ways, by virtue of their
153  *   ability to access the protected fields of SocketImpl.</td>
154  *   </tr>
155  *
156  * <tr>
157  *   <th scope="row">specifyStreamHandler</th>
158  *   <td>The ability
159  *   to specify a stream handler when constructing a URL</td>
160  *   <td>Malicious code may create a URL with resources that it would
161  *   normally not have access to (like file:/foo/fum/), specifying a
162  *   stream handler that gets the actual bytes from someplace it does
163  *   have access to. Thus it might be able to trick the system into
164  *   creating a ProtectionDomain/CodeSource for a class even though
165  *   that class really didn't come from that location.</td>
166  * </tr>
167  * </tbody>
168  * </table>
169  *
170  * @implNote
171  * Implementations may define additional target names, but should use naming
172  * conventions such as reverse domain name notation to avoid name clashes.
173  *
174  * @see java.security.BasicPermission
175  * @see java.security.Permission
176  * @see java.security.Permissions
177  * @see java.security.PermissionCollection
178  * @see java.lang.SecurityManager
179  *
180  *
181  * @author Marianne Mueller
182  * @author Roland Schemers
183  * @since 1.2
184  */
185 
186 public final class NetPermission extends BasicPermission {
187     @java.io.Serial
188     private static final long serialVersionUID = -8343910153355041693L;
189 
190     /**
191      * Creates a new NetPermission with the specified name.
192      * The name is the symbolic name of the NetPermission, such as
193      * "setDefaultAuthenticator", etc. An asterisk
194      * may appear at the end of the name, following a ".", or by itself, to
195      * signify a wildcard match.
196      *
197      * @param name the name of the NetPermission.
198      *
199      * @throws NullPointerException if {@code name} is {@code null}.
200      * @throws IllegalArgumentException if {@code name} is empty.
201      */
202 
203     public NetPermission(String name)
204     {
205         super(name);
206     }
207 
208     /**
209      * Creates a new NetPermission object with the specified name.
210      * The name is the symbolic name of the NetPermission, and the
211      * actions String is currently unused and should be null.
212      *
213      * @param name the name of the NetPermission.
214      * @param actions should be null.
215      *
216      * @throws NullPointerException if {@code name} is {@code null}.
217      * @throws IllegalArgumentException if {@code name} is empty.
218      */
219 
220     public NetPermission(String name, String actions)
221     {
222         super(name, actions);
223     }
224 }