diff options
| -rw-r--r-- | udkapi/com/sun/star/connection/SocketPermission.idl | 49 | ||||
| -rw-r--r-- | udkapi/com/sun/star/io/FilePermission.idl | 39 | ||||
| -rw-r--r-- | udkapi/com/sun/star/security/RuntimePermission.idl | 10 | ||||
| -rw-r--r-- | udkapi/com/sun/star/security/XAccessController.idl | 23 |
4 files changed, 63 insertions, 58 deletions
diff --git a/udkapi/com/sun/star/connection/SocketPermission.idl b/udkapi/com/sun/star/connection/SocketPermission.idl index ed858def2625..2d62bc776480 100644 --- a/udkapi/com/sun/star/connection/SocketPermission.idl +++ b/udkapi/com/sun/star/connection/SocketPermission.idl @@ -2,9 +2,9 @@ * * $RCSfile: SocketPermission.idl,v $ * - * $Revision: 1.1 $ + * $Revision: 1.2 $ * - * last change: $Author: dbo $ $Date: 2002-01-10 13:35:49 $ + * last change: $Author: dbo $ $Date: 2002-04-11 08:45:24 $ * * The Contents of this file are made available subject to the terms of * either of the following licenses @@ -68,45 +68,47 @@ module com { module sun { module star { module connection { //============================================================================= /** This permission represents access to a network via sockets. - A SocketPermission consists of a host specification and a set of "actions" - specifying ways to connect to that host. The host is specified as + A SocketPermission consists of a host specification and a set of actions + specifying ways to connect to that host. The host is specified as <pre> host = (hostname | IPaddress)[:portrange] portrange = portnumber | -portnumber | portnumber-[portnumber] </pre> The host is expressed as a DNS name, as a numerical IP address, or as - "localhost" (for the local machine). The wildcard "*" may be included once + <code>"localhost"</code> (for the local machine). The wildcard <code>"*"</code> + may be included once in a DNS name host specification. If it is included, it must be in the - leftmost position, as in "*.sun.com". + leftmost position, as in <code>"*.sun.com"</code>. <br> - The port or portrange is optional. A port specification of the form "N-", - where N is a port number, signifies all ports numbered N and above, - while a specification of the form "-N" indicates all ports numbered N and below. + The port or portrange is optional. A port specification of the form <code>"N-"</code>, + where <code>N</code> is a port number, signifies all ports numbered <code>N</code> and above, + while a specification of the form <code>"-N"</code> indicates all ports numbered + <code>N</code> and below. <p> The possible ways to connect to the host are <ul> - <li>accept</li> - <li>connect</li> - <li>listen</li> - <li>resolve</li> - </ul> - The "listen" action is only meaningful when used with "localhost". - The "resolve" (resolve host/ip name service lookups) action is implied when + <li><code>accept</code></li> + <li><code>connect</code></li> + <li><code>listen</code></li> + <li><code>resolve</code></li> + </ul><br> + The <code>"listen"</code> action is only meaningful when used with <code>"localhost"</code>. + The <code>"resolve"</code> (resolve host/ip name service lookups) action is implied when any of the other actions are present. <br> As an example of the creation and meaning of SocketPermissions, note that if the following permission - <pre> - SocketPermission("puffin.eng.sun.com:7777", "connect,accept"); - </pre> - is granted, it allows to connect to port 7777 on puffin.eng.sun.com, and to +<pre> +SocketPermission("foo.bar.com:7777", "connect,accept"); +</pre> + is granted, it allows to connect to port 7777 on foo.bar.com, and to accept connections on that port. <br> Similarly, if the following permission - <pre> - SocketPermission("localhost:1024-", "accept,connect,listen"); - </pre> +<pre> +SocketPermission("localhost:1024-", "accept,connect,listen"); +</pre> is granted, it allows that code to accept connections on, connect to, or listen on any port between 1024 and 65535 on the local host. </p> @@ -115,6 +117,7 @@ module com { module sun { module star { module connection { Granting code permission to accept or make connections to remote hosts may be dangerous because malevolent code can then more easily transfer and share confidential data among parties who may not otherwise have access to the data. + </p> */ struct SocketPermission { diff --git a/udkapi/com/sun/star/io/FilePermission.idl b/udkapi/com/sun/star/io/FilePermission.idl index cfd80d5bd18f..634f3f31ee13 100644 --- a/udkapi/com/sun/star/io/FilePermission.idl +++ b/udkapi/com/sun/star/io/FilePermission.idl @@ -2,9 +2,9 @@ * * $RCSfile: FilePermission.idl,v $ * - * $Revision: 1.2 $ + * $Revision: 1.3 $ * - * last change: $Author: dbo $ $Date: 2002-03-20 14:20:50 $ + * last change: $Author: dbo $ $Date: 2002-04-11 08:45:52 $ * * The Contents of this file are made available subject to the terms of * either of the following licenses @@ -67,37 +67,38 @@ module com { module sun { module star { module io { //============================================================================= -/** This permission represents access to a file or directory. A FilePermission - consists of a file url and a set of actions valid for that url. +/** This permission represents access to a file or directory. + A FilePermission consists of a file url and a set of actions valid for that url. <p> - The path of the file url that ends in "/*" indicates all the files and - directories contained in that directory. A path that ends with "/-" + The path of the file url that ends in <code>"/*"</code> indicates all the files and + directories contained in that directory. A path that ends with <code>"/-"</code> indicates (recursively) all files and subdirectories contained in that - directory. A file url string consisting of the special token "<<ALL FILES>>" - matches any file. + directory. A file url string consisting of the special token + <code>"<<ALL FILES>>"</code> matches any file. <br> - Note: A file url string consisting of a single "*" indicates all the files - in the current directory, while a string consisting of a single "-" indicates + Note: A file url string consisting of a single <code>"*"</code> indicates all the files + in the current directory, while a string consisting of a single <code>"-"</code> indicates all the files in the current directory and (recursively) all files and subdirectories contained in the current directory. <br> The actions to be granted is a list of one or more comma-separated keywords. - The possible keywords are "read", "write", "execute", and "delete". + The possible keywords are <code>"read"</code>, <code>"write"</code>, + <code>"execute"</code>, and <code>"delete"</code>. Their meaning is defined as follows: <ul> - <li>read -- read permission</li> - <li>write -- write permission</li> - <li>execute -- execute permission</li> - <li>delete -- delete permission</li> - </ul> - The actions string is converted to lowercase before processing. + <li><code>read</code> -- read permission</li> + <li><code>write</code> -- write permission</li> + <li><code>execute</code> -- execute permission</li> + <li><code>delete</code> -- delete permission</li> + </ul><br> + The actions string is processed case-insensitive. </p> @attention Be careful when granting FilePermissions. Think about the implications of granting read and especially write access to various files and directories. - The "<<ALL FILES>>" permission with write action is especially dangerous. - This grants permission to write to the entire file system. + The <code>"<<ALL FILES>>"</code> permission with write action is + especially dangerous. This grants permission to write to the entire file system. */ struct FilePermission { diff --git a/udkapi/com/sun/star/security/RuntimePermission.idl b/udkapi/com/sun/star/security/RuntimePermission.idl index fbd3b9c8d86e..a558c9ae715d 100644 --- a/udkapi/com/sun/star/security/RuntimePermission.idl +++ b/udkapi/com/sun/star/security/RuntimePermission.idl @@ -2,9 +2,9 @@ * * $RCSfile: RuntimePermission.idl,v $ * - * $Revision: 1.1 $ + * $Revision: 1.2 $ * - * last change: $Author: dbo $ $Date: 2002-01-11 10:01:12 $ + * last change: $Author: dbo $ $Date: 2002-04-11 08:46:21 $ * * The Contents of this file are made available subject to the terms of * either of the following licenses @@ -67,9 +67,9 @@ module com { module sun { module star { module security { //============================================================================= -/** This permission is for runtime permissions. A RuntimePermission contains - a name (also referred to as a "target name") but no actions list; - you either have the named permission or you don't. +/** This permission grants runtime access to some named functionality. + A RuntimePermission contains a name (also referred to as a "target name") + but no actions list; you either have the named permission or you don't. */ struct RuntimePermission { diff --git a/udkapi/com/sun/star/security/XAccessController.idl b/udkapi/com/sun/star/security/XAccessController.idl index b354bcc94906..01d91f8961bc 100644 --- a/udkapi/com/sun/star/security/XAccessController.idl +++ b/udkapi/com/sun/star/security/XAccessController.idl @@ -2,9 +2,9 @@ * * $RCSfile: XAccessController.idl,v $ * - * $Revision: 1.9 $ + * $Revision: 1.10 $ * - * last change: $Author: dbo $ $Date: 2002-01-11 10:01:12 $ + * last change: $Author: dbo $ $Date: 2002-04-11 08:46:21 $ * * The Contents of this file are made available subject to the terms of * either of the following licenses @@ -119,10 +119,9 @@ interface XAccessController : com::sun::star::uno::XInterface /** Perform the specified action restricting permissions to the given XAccessControlContext. - The action is performed with the intersection of the permissions of all given - XAccessControlContexts (including the ones given by earlier doRestricted() calls of the - call chain) and the security policy currently in effect. - The latter includes static security, e.g. based on user credentials. + The action is performed with the intersection of the permissions of the currently installed + XAccessControlContext, the given XAccessControlContext and the security policy currently + in effect. The latter includes static security, e.g. based on user credentials. <p> If the specified XAccessControlContext is null, then the action is performed with unmodified permissions, i.e. the call makes no sense. @@ -142,12 +141,14 @@ interface XAccessController : com::sun::star::uno::XInterface [in] XAccessControlContext restriction ) raises (com::sun::star::uno::Exception); - /** Perform the specified action reducing restrictions to only the given XAccessControlContext - and the security policy currently in effect. - The latter includes static security, e.g. based on user credentials. + /** Perform the specified action adding a set of permissions defined by the given + XAccessControlContext. + The action is performed with the union of the permissions of the currently installed + XAccessControlContext, the given XAccessControlContext and the security policy currently + in effect. The latter includes static security, e.g. based on user credentials. <p> - If the specified XAccessControlContext is null, then the action is performed - only with the permissions of the security policy currently in effect. + If the given XAccessControlContext is null, then the action is performed + <b>only</b> with the permissions of the security policy currently in effect. </p> @attention |