| /* |
| * Copyright (c) 2007, 2021 Oracle and/or its affiliates. All rights reserved. |
| * |
| * This program and the accompanying materials are made available under the |
| * terms of the Eclipse Distribution License v. 1.0, which is available at |
| * http://www.eclipse.org/org/documents/edl-v10.php. |
| * |
| * SPDX-License-Identifier: BSD-3-Clause |
| */ |
| |
| package jakarta.xml.bind; |
| |
| import java.security.BasicPermission; |
| |
| /** |
| * This class is for Jakarta XML Binding permissions. A {@code JAXBPermission} |
| * contains a name (also referred to as a "target name") but |
| * no actions list; you either have the named permission |
| * or you don't. |
| * |
| * <P> |
| * The target name is the name of the Jakarta XML Binding permission (see below). |
| * |
| * <P> |
| * The following table lists all the possible {@code JAXBPermission} target names, |
| * and for each provides a description of what the permission allows |
| * and a discussion of the risks of granting code the permission. |
| * |
| * <table class="striped"> |
| * <caption style="display:none">Permission target name, what the permission allows, and associated risks"</caption> |
| * <thead> |
| * <tr> |
| * <th scope="col">Permission Target Name</th> |
| * <th scope="col">What the Permission Allows</th> |
| * <th scope="col">Risks of Allowing this Permission</th> |
| * </tr> |
| * </thead> |
| * |
| * <tbody style="text-align:left"> |
| * <tr> |
| * <th scope="row">setDatatypeConverter</th> |
| * <td> |
| * Allows the code to set VM-wide {@link DatatypeConverterInterface} |
| * via {@link DatatypeConverter#setDatatypeConverter(DatatypeConverterInterface) the setDatatypeConverter method} |
| * that all the methods on {@link DatatypeConverter} uses. |
| * </td> |
| * <td> |
| * Malicious code can set {@link DatatypeConverterInterface}, which has |
| * VM-wide singleton semantics, before a genuine Jakarta XML Binding implementation sets one. |
| * This allows malicious code to gain access to objects that it may otherwise |
| * not have access to, such as {@link java.awt.Frame#getFrames()} that belongs to |
| * another application running in the same JVM. |
| * </td> |
| * </tr> |
| * </tbody> |
| * </table> |
| * |
| * @see java.security.BasicPermission |
| * @see java.security.Permission |
| * @see java.security.Permissions |
| * @see java.security.PermissionCollection |
| * @see java.lang.SecurityManager |
| * |
| * @author Joe Fialli |
| * @since 1.7, JAXB 2.2 |
| */ |
| |
| /* code was borrowed originally from java.lang.RuntimePermission. */ |
| public final class JAXBPermission extends BasicPermission { |
| /** |
| * Creates a new JAXBPermission with the specified name. |
| * |
| * @param name |
| * The name of the JAXBPermission. As of 2.2 only "setDatatypeConverter" |
| * is defined. |
| */ |
| public JAXBPermission(String name) { |
| super(name); |
| } |
| |
| private static final long serialVersionUID = 1L; |
| } |