1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/*
* This file is part of the LibreOffice project.
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* This file incorporates work covered by the following license notice:
*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed
* with this work for additional information regarding copyright
* ownership. The ASF licenses this file to you under the Apache
* License, Version 2.0 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.apache.org/licenses/LICENSE-2.0 .
*/
module com { module sun { module star { module security {
/** Interface for checking permissions and invoking privileged or restricted
actions.
@since OOo 1.1.2
*/
published interface XAccessController : com::sun::star::uno::XInterface
{
/** Determines whether the access request indicated by the specified
permission should be allowed or denied, based on the security policy
currently in effect.
The semantics are equivalent to the security permission classes of
the Java platform.
<p>
You can also pass a sequence of permissions (sequence< any >) to check
a set of permissions, e.g. for performance reasons.
This method quietly returns if the access request is permitted,
or throws a suitable AccessControlException otherwise.
</p>
@param perm
permission to be checked
@throws AccessControlException
thrown if access is denied
@see ::com::sun::star::security::AccessControlException
@see ::com::sun::star::security::AllPermission
@see ::com::sun::star::security::RuntimePermission
@see ::com::sun::star::io::FilePermission
@see ::com::sun::star::connection::SocketPermission
*/
void checkPermission(
[in] any perm )
raises (AccessControlException);
/** Perform the specified action restricting permissions to the given
XAccessControlContext.
The action is performed with the intersection of the permissions of the currently installed
XAccessControlContext, the given XAccessControlContext and the security policy currently
in effect. The latter includes static security, e.g. based on user credentials.
<p>
If the specified XAccessControlContext is null, then the action is performed
with unmodified permissions, i.e. the call makes no sense.
</p>
@param action
action object to be executed
@param restriction
access control context to restrict permission; null for no restriction
@return
result
@throws com::sun::star::uno::Exception
any UNO exception may be thrown
*/
any doRestricted(
[in] XAction action,
[in] XAccessControlContext restriction )
raises (com::sun::star::uno::Exception);
/** Perform the specified action adding a set of permissions defined by the given
XAccessControlContext.
The action is performed with the union of the permissions of the currently installed
XAccessControlContext, the given XAccessControlContext and the security policy currently
in effect. The latter includes static security, e.g. based on user credentials.
<p>
If the given XAccessControlContext is null, then the action is performed
<b>only</b> with the permissions of the security policy currently in effect.
</p>
@attention
Do carefully use this method only for well known use-cases to avoid exploits!
Script engines executing sandboxed scripts should generally deny calling this
method.
@param action
action object to be executed
@param restriction
access control context to restrict permission; null for no restriction
@return
result
@throws com::sun::star::uno::Exception
any UNO exception may be thrown
*/
any doPrivileged(
[in] XAction action,
[in] XAccessControlContext restriction )
raises (com::sun::star::uno::Exception);
/** This method takes a "snapshot" of the current calling context
and returns it.
<p>
This context may then be checked at a later point, possibly in another thread.
</p>
@return
snapshot of context
*/
XAccessControlContext getContext();
};
}; }; }; };
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
|