diff options
author | Daniel Boelzle <dbo@openoffice.org> | 2002-01-25 11:47:36 +0000 |
---|---|---|
committer | Daniel Boelzle <dbo@openoffice.org> | 2002-01-25 11:47:36 +0000 |
commit | 03fe912c0a16c965e5569e185ce5594133685cfc (patch) | |
tree | 4e4185fb19cf48c6a985a1cb5ac82a5572377249 | |
parent | 7ef59dba1a83e2a41c5cbf999a91da3bb6440d4c (diff) |
#88919# security test
-rw-r--r-- | stoc/test/makefile.mk | 6 | ||||
-rw-r--r-- | stoc/test/security/makefile.mk | 96 | ||||
-rw-r--r-- | stoc/test/security/test_security.cxx | 378 | ||||
-rw-r--r-- | stoc/test/security/test_security.ini | 5 | ||||
-rw-r--r-- | stoc/test/security/test_security.policy | 15 | ||||
-rw-r--r-- | stoc/test/security/test_security_singleuser.ini | 6 |
6 files changed, 504 insertions, 2 deletions
diff --git a/stoc/test/makefile.mk b/stoc/test/makefile.mk index 206c46eb9d4a..64e8e0ce5ff5 100644 --- a/stoc/test/makefile.mk +++ b/stoc/test/makefile.mk @@ -2,9 +2,9 @@ # # $RCSfile: makefile.mk,v $ # -# $Revision: 1.16 $ +# $Revision: 1.17 $ # -# last change: $Author: jbu $ $Date: 2001-12-07 16:24:51 $ +# last change: $Author: dbo $ $Date: 2002-01-25 12:47:35 $ # # The Contents of this file are made available subject to the terms of # either of the following licenses @@ -250,6 +250,7 @@ TESTIADAPTER:=com.sun.star.beans.XIntrospection;com.sun.star.beans.MethodConcept TESTINTROSP:=ModuleA;ModuleA.XIntroTest;com.sun.star.beans.XPropertySet;com.sun.star.container.XIndexAccess;com.sun.star.container.XNameAccess;com.sun.star.beans.PropertyAttribute;com.sun.star.beans.PropertyConcept TESTCONV:=com.sun.star.script.XTypeConverter TESTPROXYFAC:=com.sun.star.reflection.XProxyFactory +TESTSECURITY:=com.sun.star.security.AllPermission;com.sun.star.security.XPolicy;com.sun.star.security.XAccessController;com.sun.star.io.FilePermission;com.sun.star.connection.SocketPermission;com.sun.star.uno.XCurrentContext $(BIN)$/test1.rdb: +cd $(BIN) && regcomp -register -r test1.rdb -c $(MY_DLLPREFIX)at$(MY_DLLPOSTFIX) @@ -270,4 +271,5 @@ $(MISC)$/test_types_generated.flag : $(BIN)$/stoctest.rdb makefile.mk +cppumaker $(CPPUMAKERFLAGS) -BUCR -O$(UNOUCROUT) -T"$(TESTINTROSP)" $(BIN)$/stoctest.rdb +cppumaker $(CPPUMAKERFLAGS) -BUCR -O$(UNOUCROUT) -T"$(TESTCONV)" $(BIN)$/stoctest.rdb +cppumaker $(CPPUMAKERFLAGS) -BUCR -O$(UNOUCROUT) -T"$(TESTPROXYFAC)" $(BIN)$/stoctest.rdb + +cppumaker $(CPPUMAKERFLAGS) -BUCR -O$(UNOUCROUT) -T"$(TESTSECURITY)" $(BIN)$/stoctest.rdb touch $(MISC)$/test_types_generated.flag diff --git a/stoc/test/security/makefile.mk b/stoc/test/security/makefile.mk new file mode 100644 index 000000000000..40395bcf7966 --- /dev/null +++ b/stoc/test/security/makefile.mk @@ -0,0 +1,96 @@ +#************************************************************************* +# +# $RCSfile: makefile.mk,v $ +# +# $Revision: 1.1 $ +# +# last change: $Author: dbo $ $Date: 2002-01-25 12:47:36 $ +# +# The Contents of this file are made available subject to the terms of +# either of the following licenses +# +# - GNU Lesser General Public License Version 2.1 +# - Sun Industry Standards Source License Version 1.1 +# +# Sun Microsystems Inc., October, 2000 +# +# GNU Lesser General Public License Version 2.1 +# ============================================= +# Copyright 2000 by Sun Microsystems, Inc. +# 901 San Antonio Road, Palo Alto, CA 94303, USA +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License version 2.1, as published by the Free Software Foundation. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, +# MA 02111-1307 USA +# +# +# Sun Industry Standards Source License Version 1.1 +# ================================================= +# The contents of this file are subject to the Sun Industry Standards +# Source License Version 1.1 (the "License"); You may not use this file +# except in compliance with the License. You may obtain a copy of the +# License at http://www.openoffice.org/license.html. +# +# Software provided under this License is provided on an "AS IS" basis, +# WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, +# WITHOUT LIMITATION, WARRANTIES THAT THE SOFTWARE IS FREE OF DEFECTS, +# MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE, OR NON-INFRINGING. +# See the License for the specific provisions governing your rights and +# obligations concerning the Software. +# +# The Initial Developer of the Original Code is: Sun Microsystems, Inc. +# +# Copyright: 2000 by Sun Microsystems, Inc. +# +# All Rights Reserved. +# +# Contributor(s): _______________________________________ +# +# +# +#************************************************************************* +PRJ=..$/.. + +PRJNAME=stoc +TARGET=test_security +TARGETTYPE=CUI +LIBTARGET=NO +ENABLE_EXCEPTIONS=TRUE +NO_BSYMBOLIC=TRUE + +# --- Settings ----------------------------------------------------- + +.INCLUDE : svpre.mk +.INCLUDE : settings.mk +.INCLUDE : sv.mk + +# --- Application 1 ------------------------------------------------ +APP1TARGET= $(TARGET) +APP1OBJS= $(OBJ)$/test_security.obj + +APP1STDLIBS= \ + $(CPPULIB) \ + $(CPPUHELPERLIB) \ + $(SALHELPERLIB) \ + $(SALLIB) + +.IF "$(GUI)"=="WNT" +APP1STDLIBS+= +# $(LIBCIMT) $(LIBCMT) +.ENDIF + + +# --- Target ------------------------------------------------ + +.INCLUDE : target.mk + diff --git a/stoc/test/security/test_security.cxx b/stoc/test/security/test_security.cxx new file mode 100644 index 000000000000..31aab75ffcaf --- /dev/null +++ b/stoc/test/security/test_security.cxx @@ -0,0 +1,378 @@ +/************************************************************************* + * + * $RCSfile: test_security.cxx,v $ + * + * $Revision: 1.1 $ + * + * last change: $Author: dbo $ $Date: 2002-01-25 12:47:36 $ + * + * The Contents of this file are made available subject to the terms of + * either of the following licenses + * + * - GNU Lesser General Public License Version 2.1 + * - Sun Industry Standards Source License Version 1.1 + * + * Sun Microsystems Inc., October, 2000 + * + * GNU Lesser General Public License Version 2.1 + * ============================================= + * Copyright 2000 by Sun Microsystems, Inc. + * 901 San Antonio Road, Palo Alto, CA 94303, USA + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License version 2.1, as published by the Free Software Foundation. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, + * MA 02111-1307 USA + * + * + * Sun Industry Standards Source License Version 1.1 + * ================================================= + * The contents of this file are subject to the Sun Industry Standards + * Source License Version 1.1 (the "License"); You may not use this file + * except in compliance with the License. You may obtain a copy of the + * License at http://www.openoffice.org/license.html. + * + * Software provided under this License is provided on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, + * WITHOUT LIMITATION, WARRANTIES THAT THE SOFTWARE IS FREE OF DEFECTS, + * MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE, OR NON-INFRINGING. + * See the License for the specific provisions governing your rights and + * obligations concerning the Software. + * + * The Initial Developer of the Original Code is: Sun Microsystems, Inc. + * + * Copyright: 2000 by Sun Microsystems, Inc. + * + * All Rights Reserved. + * + * Contributor(s): _______________________________________ + * + * + ************************************************************************/ + +#include <stdio.h> + +#include <osl/diagnose.h> +#include <rtl/string.hxx> +#include <rtl/ustrbuf.hxx> +#include <uno/current_context.hxx> + +#include <cppuhelper/implbase1.hxx> +#include <cppuhelper/bootstrap.hxx> +#include <cppuhelper/access_control.hxx> + +#include <com/sun/star/lang/XComponent.hpp> +#include <com/sun/star/uno/XCurrentContext.hpp> + +#define USER_CREDS "access-control.user-credentials" +#define OUSTR(x) ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM(x) ) + + +using namespace ::cppu; +using namespace ::rtl; +using namespace ::com::sun::star; +using namespace ::com::sun::star::uno; + +//-------------------------------------------------------------------------------------------------- +static inline void dispose( Reference< XInterface > const & x ) + SAL_THROW( (RuntimeException) ) +{ + Reference< lang::XComponent > xComp( x, UNO_QUERY ); + if (xComp.is()) + { + xComp->dispose(); + } +} +//================================================================================================== +class user_CurrentContext + : public ImplHelper1< XCurrentContext > +{ + oslInterlockedCount m_refcount; + + Reference< XCurrentContext > m_xDelegate; + Any m_userId; + +public: + inline user_CurrentContext( + Reference< XCurrentContext > const & xDelegate, + OUString const & userId ) + SAL_THROW( () ) + : m_refcount( 0 ) + , m_xDelegate( xDelegate ) + , m_userId( makeAny( userId ) ) + {} + + // XInterface impl + virtual void SAL_CALL acquire() + throw (); + virtual void SAL_CALL release() + throw (); + + // XCurrentContext impl + virtual Any SAL_CALL getValueByName( OUString const & name ) + throw (RuntimeException); +}; +//__________________________________________________________________________________________________ +void user_CurrentContext::acquire() + throw () +{ + ::osl_incrementInterlockedCount( &m_refcount ); +} +//__________________________________________________________________________________________________ +void user_CurrentContext::release() + throw () +{ + if (! ::osl_decrementInterlockedCount( &m_refcount )) + { + delete this; + } +} +//__________________________________________________________________________________________________ +Any user_CurrentContext::getValueByName( OUString const & name ) + throw (RuntimeException) +{ + if (name.equalsAsciiL( RTL_CONSTASCII_STRINGPARAM(USER_CREDS ".id") )) + { + return m_userId; + } + else if (m_xDelegate.is()) + { + return m_xDelegate->getValueByName( name ); + } + else + { + return Any(); + } +} + +// prepends line number +#define CHECK( check, negative_test ) \ +{ \ + try \ + { \ + if (negative_test) \ + { \ + try \ + { \ + check; \ + throw RuntimeException( \ + OUSTR("expected AccessControlException!"), Reference< XInterface >() ); \ + } \ + catch (security::AccessControlException &) \ + { \ + } \ + } \ + else \ + { \ + check; \ + } \ + } \ + catch (RuntimeException & exc) \ + { \ + OUStringBuffer buf( 64 ); \ + buf.appendAscii( RTL_CONSTASCII_STRINGPARAM("[line ") ); \ + buf.append( (sal_Int32)__LINE__ ); \ + buf.appendAscii( RTL_CONSTASCII_STRINGPARAM("] ") ); \ + buf.append( exc.Message ); \ + throw RuntimeException( buf.makeStringAndClear(), Reference< XInterface >() ); \ + } \ +} + +/* +grant +{ +permission com.sun.star.io.FilePermission "file:///usr/bin/*", "read"; +permission com.sun.star.io.FilePermission "file:///tmp/-", "read,write"; +permission com.sun.star.io.FilePermission "file:///etc/profile", "read"; +}; +*/ +static void check_defaults_pos( AccessControl & ac, bool invert = false ) +{ + // positive tests + CHECK( ac.checkFilePermission( OUSTR("file:///usr/bin/bla"), OUSTR("read") ), invert ); + CHECK( ac.checkFilePermission( OUSTR("file:///tmp/bla"), OUSTR("read,write") ), invert ); + CHECK( ac.checkFilePermission( OUSTR("file:///tmp/path/path/bla"), OUSTR("write") ), invert ); + CHECK( ac.checkFilePermission( OUSTR("file:///etc/profile"), OUSTR("read") ), invert ); +} +static void check_defaults_neg( AccessControl & ac, bool invert = false ) +{ + // negative tests + CHECK( ac.checkFilePermission( OUSTR("file:///usr/tmp"), OUSTR("read") ), !invert ); + CHECK( ac.checkFilePermission( OUSTR("file:///"), OUSTR("read") ), !invert ); + CHECK( ac.checkFilePermission( OUSTR("file:///usr/bin"), OUSTR("read") ), !invert ); + CHECK( ac.checkFilePermission( OUSTR("file:///usr/bin/bla"), OUSTR("write") ), !invert ); + CHECK( ac.checkFilePermission( OUSTR("file:///usr/bin/bla"), OUSTR("execute") ), !invert ); + CHECK( ac.checkFilePermission( OUSTR("file:///usr/bin/path/bla"), OUSTR("read") ), !invert ); + CHECK( ac.checkFilePermission( OUSTR("file:///tmp"), OUSTR("read") ), !invert ); + CHECK( ac.checkFilePermission( OUSTR("file:///tmp/"), OUSTR("read") ), !invert ); + CHECK( ac.checkFilePermission( OUSTR("file:///tm"), OUSTR("read") ), !invert ); + CHECK( ac.checkFilePermission( OUSTR("file:///etc/profile"), OUSTR("write") ), !invert ); + CHECK( ac.checkFilePermission( OUSTR("file:///etc/profile/bla"), OUSTR("read") ), !invert ); + CHECK( ac.checkFilePermission( OUSTR("file:///etc/blabla"), OUSTR("read,write,execute") ), !invert ); + CHECK( ac.checkFilePermission( OUSTR("file:///home/root"), OUSTR("read,write,execute") ), !invert ); + CHECK( ac.checkFilePermission( OUSTR("file:///root"), OUSTR("read,write,execute") ), !invert ); + CHECK( ac.checkFilePermission( OUSTR("file:///root"), OUSTR("bla") ), !invert ); + CHECK( ac.checkFilePermission( OUSTR("file:///root"), OUString() ), !invert ); +} + +/* +grant user "dbo" +{ +permission com.sun.star.io.FilePermission "file:///home/dbo/-", "read,write"; +permission com.sun.star.io.FilePermission "-", "read,write"; +permission com.sun.star.io.FilePermission "file:///usr/local/dbo/*", "read"; +}; +*/ +static void check_dbo_pos( AccessControl & ac, bool invert = false ) +{ + check_defaults_pos( ac, invert ); + // positive tests + CHECK( ac.checkFilePermission( OUSTR("file:///home/dbo/bla"), OUSTR("read") ), invert ); + CHECK( ac.checkFilePermission( OUSTR("file:///home/dbo/bla"), OUSTR("write") ), invert ); + CHECK( ac.checkFilePermission( OUSTR("file:///home/dbo/bla"), OUSTR("read,write") ), invert ); + CHECK( ac.checkFilePermission( OUSTR("file:///home/dbo/path/bla"), OUSTR("read,write") ), invert ); + CHECK( ac.checkFilePermission( OUSTR("file:///home/dbo/path/path/bla"), OUSTR("read,write") ), invert ); + CHECK( ac.checkFilePermission( OUSTR("file:///usr/local/dbo/*"), OUSTR("read") ), invert ); + CHECK( ac.checkFilePermission( OUSTR("file:///usr/local/dbo/bla"), OUSTR("read") ), invert ); +} +static void check_dbo_neg( AccessControl & ac, bool invert = false ) +{ + check_defaults_neg( ac, invert ); + // negative tests + CHECK( ac.checkFilePermission( OUSTR("file:///home/-"), OUSTR("read") ), !invert ); + CHECK( ac.checkFilePermission( OUSTR("file:///home/jbu/bla"), OUSTR("read") ), !invert ); + CHECK( ac.checkFilePermission( OUSTR("file:///home/jbu/bla"), OUSTR("write") ), !invert ); + CHECK( ac.checkFilePermission( OUSTR("file:///home/jbu/bla"), OUSTR("read,write") ), !invert ); + CHECK( ac.checkFilePermission( OUSTR("file:///home/jbu/path/bla"), OUSTR("read") ), !invert ); + CHECK( ac.checkFilePermission( OUSTR("file:///home/dbo/path/path/bla"), OUSTR("read,execute") ), !invert ); + CHECK( ac.checkFilePermission( OUSTR("file:///usr/local/-"), OUSTR("read") ), !invert ); + CHECK( ac.checkFilePermission( OUSTR("file:///usr/local/dbo/path/bla"), OUSTR("read") ), !invert ); + CHECK( ac.checkFilePermission( OUSTR("file:///usr/local/dbo/path/path/bla"), OUSTR("read") ), !invert ); +} + +/* +grant user "jbu" +{ +permission com.sun.star.io.FilePermission "file:///home/jbu/-", "read,write"; +permission com.sun.star.io.FilePermission "*", "read,write"; +}; +*/ +static void check_jbu_pos( AccessControl & ac, bool invert = false ) +{ + check_defaults_pos( ac, invert ); + // positive tests + CHECK( ac.checkFilePermission( OUSTR("file:///home/jbu/bla"), OUSTR("read") ), invert ); + CHECK( ac.checkFilePermission( OUSTR("file:///home/jbu/bla"), OUSTR("write") ), invert ); + CHECK( ac.checkFilePermission( OUSTR("file:///home/jbu/bla"), OUSTR("read,write") ), invert ); + CHECK( ac.checkFilePermission( OUSTR("file:///home/jbu/path/bla"), OUSTR("read,write") ), invert ); + CHECK( ac.checkFilePermission( OUSTR("file:///home/jbu/path/path/bla"), OUSTR("read,write") ), invert ); +} +static void check_jbu_neg( AccessControl & ac, bool invert = false ) +{ + check_defaults_neg( ac, invert ); + // negative tests + CHECK( ac.checkFilePermission( OUSTR("file:///home/-"), OUSTR("read") ), !invert ); + CHECK( ac.checkFilePermission( OUSTR("file:///home/dbo/path/bla"), OUSTR("read") ), !invert ); + CHECK( ac.checkFilePermission( OUSTR("file:///home/dbo/path/path/bla"), OUSTR("read") ), !invert ); + CHECK( ac.checkFilePermission( OUSTR("file:///home/dbo/bla"), OUSTR("read") ), !invert ); + CHECK( ac.checkFilePermission( OUSTR("file:///home/dbo/bla"), OUSTR("write") ), !invert ); + CHECK( ac.checkFilePermission( OUSTR("file:///home/dbo/bla"), OUSTR("read,write") ), !invert ); + CHECK( ac.checkFilePermission( OUSTR("file:///usr/local/-"), OUSTR("read") ), !invert ); + CHECK( ac.checkFilePermission( OUSTR("file:///usr/local/dbo/bla"), OUSTR("read") ), !invert ); + CHECK( ac.checkFilePermission( OUSTR("file:///usr/local/dbo/path/path/bla"), OUSTR("read") ), !invert ); +} + +/* +grant principal "root" +{ + permission com.sun.star.security.AllPermission; +}; +*/ +//================================================================================================== +static void check_root_pos( AccessControl & ac, bool invert = false ) +{ + check_defaults_pos( ac, invert ); + check_defaults_neg( ac, !invert ); + check_dbo_pos( ac, invert ); + check_dbo_neg( ac, !invert ); + check_jbu_pos( ac, invert ); + check_jbu_neg( ac, !invert ); + // some more root positive + CHECK( ac.checkFilePermission( OUSTR("file:///etc/blabla"), OUSTR("read,write,execute") ), invert ); + CHECK( ac.checkFilePermission( OUSTR("file:///home/root"), OUSTR("read,write,execute") ), invert ); + CHECK( ac.checkFilePermission( OUSTR("file:///root"), OUSTR("read,write,execute") ), invert ); +} + +//================================================================================================== +int SAL_CALL main( int argc, char * argv [] ) +{ + try + { + // single-user test + Reference< XComponentContext > xContext( defaultBootstrap_InitialComponentContext( + OUSTR("../../test/security/test_security_singleuser.ini") ) ); + { + ::fprintf( stderr, "[security test] single-user checking dbo..." ); + AccessControl ac( xContext ); + check_dbo_pos( ac ); + check_dbo_neg( ac ); + ::fprintf( stderr, "checked.\n" ); + } + + // multi-user test + dispose( xContext ); + xContext = defaultBootstrap_InitialComponentContext( + OUSTR("../../test/security/test_security.ini") ); // UNO_AC=on + AccessControl ac( xContext ); + + { + // set up dbo current context + ContextLayer layer( new user_CurrentContext( getCurrentContext(), OUSTR("dbo") ) ); + ::fprintf( stderr, "[security test] multi-user checking dbo..." ); + check_dbo_pos( ac ); + check_dbo_neg( ac ); + ::fprintf( stderr, "checked.\n" ); + } + { + // set up jbu current context + ContextLayer layer( new user_CurrentContext( getCurrentContext(), OUSTR("jbu") ) ); + ::fprintf( stderr, "[security test] multi-user checking jbu..." ); + check_jbu_pos( ac ); + check_jbu_neg( ac ); + ::fprintf( stderr, "checked.\n" ); + } + { + // set up root current context + ContextLayer layer( new user_CurrentContext( getCurrentContext(), OUSTR("root") ) ); + ::fprintf( stderr, "[security test] multi-user checking root..." ); + check_root_pos( ac ); + ::fprintf( stderr, "checked.\n" ); + } + { + // set up unknown user current context + ContextLayer layer( new user_CurrentContext( getCurrentContext(), OUSTR("vicious") ) ); + ::fprintf( stderr, "[security test] multi-user checking vicious..." ); + check_root_pos( ac, true ); + ::fprintf( stderr, "checked.\n" ); + } + + dispose( xContext ); + ::fprintf( stderr, "security test succeeded.\n" ); + return 0; + } + catch (Exception & exc) + { + OString str( OUStringToOString( exc.Message, RTL_TEXTENCODING_ASCII_US ) ); + ::fprintf( stderr, "[security test] error: %s!\n", str.getStr() ); + return 1; + } +} diff --git a/stoc/test/security/test_security.ini b/stoc/test/security/test_security.ini new file mode 100644 index 000000000000..84e7d481ad05 --- /dev/null +++ b/stoc/test/security/test_security.ini @@ -0,0 +1,5 @@ +UNO_TYPES=stoctest.rdb +UNO_SERVICES=stoctest.rdb +UNO_WRITERDB=stoctest.rdb +UNO_AC=on +UNO_AC_POLICYFILE=../../test/security/test_security.policy diff --git a/stoc/test/security/test_security.policy b/stoc/test/security/test_security.policy new file mode 100644 index 000000000000..55e0bfdefb73 --- /dev/null +++ b/stoc/test/security/test_security.policy @@ -0,0 +1,15 @@ +grant user "dbo"{ + permission com.sun.star.io.FilePermission "file:///home/dbo/-", "read,write"; + permission com.sun.star.io.FilePermission "-", "read,write"; + permission com.sun.star.io.FilePermission "file:///usr/local/dbo/*" , "read";}; +grant user "jbu" { +permission com.sun.star.io.FilePermission "file:///home/jbu/-" ,"read,write"; + permission com.sun.star.io.FilePermission "*","read,write";}; + grant user "root"{permission com.sun.star.security.AllPermission;}; + + grant +{ + permission com.sun.star.io.FilePermission "file:///usr/bin/*", "read"; + permission com.sun.star.io.FilePermission "file:///tmp/-", "read,write"; + permission com.sun.star.io.FilePermission "file:///etc/profile", "read"; + } ; diff --git a/stoc/test/security/test_security_singleuser.ini b/stoc/test/security/test_security_singleuser.ini new file mode 100644 index 000000000000..243c45d997f5 --- /dev/null +++ b/stoc/test/security/test_security_singleuser.ini @@ -0,0 +1,6 @@ +UNO_TYPES=stoctest.rdb +UNO_SERVICES=stoctest.rdb +UNO_WRITERDB=stoctest.rdb +UNO_AC=single-user +UNO_AC_SINGLEUSER=dbo +UNO_AC_POLICYFILE=../../test/security/test_security.policy |