/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ /* * This file is part of the LibreOffice project. * * This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. * * This file incorporates work covered by the following license notice: * * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed * with this work for additional information regarding copyright * ownership. The ASF licenses this file to you under the Apache * License, Version 2.0 (the "License"); you may not use this file * except in compliance with the License. You may obtain a copy of * the License at http://www.apache.org/licenses/LICENSE-2.0 . */ module com { module sun { module star { module security { /** Interface for checking permissions and invoking privileged or restricted actions. @since OOo 1.1.2 */ published interface XAccessController : com::sun::star::uno::XInterface { /** Determines whether the access request indicated by the specified permission should be allowed or denied, based on the security policy currently in effect. The semantics are equivalent to the security permission classes of the Java platform.
You can also pass a sequence of permissions (sequence< any >) to check a set of permissions, e.g. for performance reasons. This method quietly returns if the access request is permitted, or throws a suitable AccessControlException otherwise.
@param perm permission to be checked @throws AccessControlException thrown if access is denied @see ::com::sun::star::security::AccessControlException @see ::com::sun::star::security::AllPermission @see ::com::sun::star::security::RuntimePermission @see ::com::sun::star::io::FilePermission @see ::com::sun::star::connection::SocketPermission */ void checkPermission( [in] any perm ) raises (AccessControlException); /** Perform the specified action restricting permissions to the given XAccessControlContext. The action is performed with the intersection of the permissions of the currently installed XAccessControlContext, the given XAccessControlContext and the security policy currently in effect. The latter includes static security, e.g. based on user credentials.If the specified XAccessControlContext is null, then the action is performed with unmodified permissions, i.e. the call makes no sense.
@param action action object to be executed @param restriction access control context to restrict permission; null for no restriction @return result @throws com::sun::star::uno::Exception any UNO exception may be thrown */ any doRestricted( [in] XAction action, [in] XAccessControlContext restriction ) raises (com::sun::star::uno::Exception); /** Perform the specified action adding a set of permissions defined by the given XAccessControlContext. The action is performed with the union of the permissions of the currently installed XAccessControlContext, the given XAccessControlContext and the security policy currently in effect. The latter includes static security, e.g. based on user credentials.If the given XAccessControlContext is null, then the action is performed only with the permissions of the security policy currently in effect.
@attention Do carefully use this method only for well known use-cases to avoid exploits! Script engines executing sandboxed scripts should generally deny calling this method. @param action action object to be executed @param restriction access control context to restrict permission; null for no restriction @return result @throws com::sun::star::uno::Exception any UNO exception may be thrown */ any doPrivileged( [in] XAction action, [in] XAccessControlContext restriction ) raises (com::sun::star::uno::Exception); /** This method takes a "snapshot" of the current calling context and returns it.This context may then be checked at a later point, possibly in another thread.
@return snapshot of context */ XAccessControlContext getContext(); }; }; }; }; }; /* vim:set shiftwidth=4 softtabstop=4 expandtab: */