From 940b4d1848e8c70ab7642901a68594e8016caffc Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sat, 27 Apr 2024 18:51:28 +0200 Subject: Adding upstream version 1:7.0.4. Signed-off-by: Daniel Baumann --- .../sun/star/security/AccessControlException.idl | 51 ++++++++ udkapi/com/sun/star/security/AccessController.idl | 49 ++++++++ udkapi/com/sun/star/security/AllPermission.idl | 47 +++++++ udkapi/com/sun/star/security/Policy.idl | 37 ++++++ udkapi/com/sun/star/security/RuntimePermission.idl | 43 +++++++ .../sun/star/security/XAccessControlContext.idl | 78 ++++++++++++ udkapi/com/sun/star/security/XAccessController.idl | 136 +++++++++++++++++++++ udkapi/com/sun/star/security/XAction.idl | 52 ++++++++ udkapi/com/sun/star/security/XPolicy.idl | 62 ++++++++++ 9 files changed, 555 insertions(+) create mode 100644 udkapi/com/sun/star/security/AccessControlException.idl create mode 100644 udkapi/com/sun/star/security/AccessController.idl create mode 100644 udkapi/com/sun/star/security/AllPermission.idl create mode 100644 udkapi/com/sun/star/security/Policy.idl create mode 100644 udkapi/com/sun/star/security/RuntimePermission.idl create mode 100644 udkapi/com/sun/star/security/XAccessControlContext.idl create mode 100644 udkapi/com/sun/star/security/XAccessController.idl create mode 100644 udkapi/com/sun/star/security/XAction.idl create mode 100644 udkapi/com/sun/star/security/XPolicy.idl (limited to 'udkapi/com/sun/star/security') diff --git a/udkapi/com/sun/star/security/AccessControlException.idl b/udkapi/com/sun/star/security/AccessControlException.idl new file mode 100644 index 000000000..bf429351c --- /dev/null +++ b/udkapi/com/sun/star/security/AccessControlException.idl @@ -0,0 +1,51 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ +#ifndef __com_sun_star_security_AccessControlException_idl__ +#define __com_sun_star_security_AccessControlException_idl__ + +#include + + +module com { module sun { module star { module security { + + +/** Exception notifying a lacking permission to access data or execute code + thus it is thrown if permission ought to be denied. + + @since OOo 1.1.2 +*/ +published exception AccessControlException : com::sun::star::uno::SecurityException +{ + /** lacking permission. + + @attention + If it is the case, that XAccessController::checkPermission() was called + passing a sequence< any >, i.e. a sequence of permissions are demanded, + then this any holds the sequence of lacking permissions in the same + order as they were passed to XAccessController::checkPermission(). + */ + any LackingPermission; +}; + + +}; }; }; }; + +#endif + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/udkapi/com/sun/star/security/AccessController.idl b/udkapi/com/sun/star/security/AccessController.idl new file mode 100644 index 000000000..7b15eaf45 --- /dev/null +++ b/udkapi/com/sun/star/security/AccessController.idl @@ -0,0 +1,49 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ +#ifndef __com_sun_star_security_AccessController_idl__ +#define __com_sun_star_security_AccessController_idl__ + +#include + + + +module com { module sun { module star { module security { + +/** This meta service supports the XAccessController interface for checking + security permissions. + + @attention + The specific service implementation of this meta service has to take care + of bootstrapping problems, i.e. recurring calls during initialization + have to be resolved. This happens when the implementation calls other + service implementations. + + Also, it obviously has also to be ensured that the object is process-local + to assure that permission checks are not corrupted via insecure inter-process + communication. + + @since OOo 1.1.2 +*/ +published service AccessController : XAccessController; + +}; }; }; }; + +#endif + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/udkapi/com/sun/star/security/AllPermission.idl b/udkapi/com/sun/star/security/AllPermission.idl new file mode 100644 index 000000000..0817f785d --- /dev/null +++ b/udkapi/com/sun/star/security/AllPermission.idl @@ -0,0 +1,47 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ +#ifndef __com_sun_star_security_AllPermission_idl__ +#define __com_sun_star_security_AllPermission_idl__ + +module com { module sun { module star { module security { + + +/** The AllPermission is a permission that implies all other permissions. + + @attention + Granting AllPermission should be done with extreme care, as it implies all + other permissions. Thus, it grants code the ability to run with security + disabled. Extreme caution should be taken before granting such a + permission to code. This permission should be used only during testing, + or in extremely rare cases where an application is completely trusted and + adding the necessary permissions to the policy is prohibitively cumbersome. + + @since OOo 1.1.2 +*/ +published struct AllPermission +{ + byte dummy; +}; + + +}; }; }; }; + +#endif + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/udkapi/com/sun/star/security/Policy.idl b/udkapi/com/sun/star/security/Policy.idl new file mode 100644 index 000000000..38ef5f742 --- /dev/null +++ b/udkapi/com/sun/star/security/Policy.idl @@ -0,0 +1,37 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ +#ifndef __com_sun_star_security_Policy_idl__ +#define __com_sun_star_security_Policy_idl__ +#include + + +module com { module sun { module star { module security { + +/** Service for getting sets of permissions reading from some persistent + storage. + + @since OOo 1.1.2 +*/ +published service Policy : XPolicy; + +}; }; }; }; + +#endif + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/udkapi/com/sun/star/security/RuntimePermission.idl b/udkapi/com/sun/star/security/RuntimePermission.idl new file mode 100644 index 000000000..cd209942e --- /dev/null +++ b/udkapi/com/sun/star/security/RuntimePermission.idl @@ -0,0 +1,43 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ +#ifndef __com_sun_star_security_RuntimePermission_idl__ +#define __com_sun_star_security_RuntimePermission_idl__ + +module com { module sun { module star { module security { + + +/** This permission grants runtime access to some named functionality. + A RuntimePermission contains a name (also referred to as a "target name") + but no actions list; you either have the named permission or you don't. + + @since OOo 1.1.2 +*/ +published struct RuntimePermission +{ + /** name of permission + */ + string Name; +}; + + +}; }; }; }; + +#endif + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/udkapi/com/sun/star/security/XAccessControlContext.idl b/udkapi/com/sun/star/security/XAccessControlContext.idl new file mode 100644 index 000000000..98afc0af4 --- /dev/null +++ b/udkapi/com/sun/star/security/XAccessControlContext.idl @@ -0,0 +1,78 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ +#ifndef __com_sun_star_security_XAccessControlContext_idl__ +#define __com_sun_star_security_XAccessControlContext_idl__ + +#include +#include + + + +module com { module sun { module star { module security { + + +/** An XAccessControlContext is used to make system resource access decisions + based on the context it encapsulates. +

+ More specifically, it encapsulates a context and has methods to check + permissions equivalent to XAccessController interface, + with one difference: + The XAccessControlContext makes access decisions + based on the context it encapsulates, rather than + that of the current execution thread. +

+ + @since OOo 1.1.2 +*/ +published interface XAccessControlContext : com::sun::star::uno::XInterface +{ + /** Determines whether the access request indicated by the specified + permission should be allowed or denied, based on this context. + The semantics are equivalent to the security permission classes of + the Java platform. +

+ You can also pass a sequence of permissions (sequence< any >) to check + a set of permissions, e.g. for performance reasons. + This method quietly returns if the access request is permitted, + or throws a suitable AccessControlException otherwise. +

+ + @param perm + permission to be checked + + @throws AccessControlException + thrown if access is denied + + @see ::com::sun::star::security::AccessControlException + @see ::com::sun::star::security::AllPermission + @see ::com::sun::star::security::RuntimePermission + @see ::com::sun::star::io::FilePermission + @see ::com::sun::star::connection::SocketPermission + */ + void checkPermission( + [in] any perm ) + raises (AccessControlException); +}; + + +}; }; }; }; + +#endif + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/udkapi/com/sun/star/security/XAccessController.idl b/udkapi/com/sun/star/security/XAccessController.idl new file mode 100644 index 000000000..ad792b000 --- /dev/null +++ b/udkapi/com/sun/star/security/XAccessController.idl @@ -0,0 +1,136 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ +#ifndef __com_sun_star_security_XAccessController_idl__ +#define __com_sun_star_security_XAccessController_idl__ + +#include +#include +#include +#include + + + +module com { module sun { module star { module security { + + +/** Interface for checking permissions and invoking privileged or restricted + actions. + + @since OOo 1.1.2 +*/ +published interface XAccessController : com::sun::star::uno::XInterface +{ + /** Determines whether the access request indicated by the specified + permission should be allowed or denied, based on the security policy + currently in effect. + The semantics are equivalent to the security permission classes of + the Java platform. +

+ You can also pass a sequence of permissions (sequence< any >) to check + a set of permissions, e.g. for performance reasons. + This method quietly returns if the access request is permitted, + or throws a suitable AccessControlException otherwise. +

+ + @param perm + permission to be checked + + @throws AccessControlException + thrown if access is denied + + @see ::com::sun::star::security::AccessControlException + @see ::com::sun::star::security::AllPermission + @see ::com::sun::star::security::RuntimePermission + @see ::com::sun::star::io::FilePermission + @see ::com::sun::star::connection::SocketPermission + */ + void checkPermission( + [in] any perm ) + raises (AccessControlException); + + /** Perform the specified action restricting permissions to the given + XAccessControlContext. + The action is performed with the intersection of the permissions of the currently installed + XAccessControlContext, the given XAccessControlContext and the security policy currently + in effect. The latter includes static security, e.g. based on user credentials. +

+ If the specified XAccessControlContext is null, then the action is performed + with unmodified permissions, i.e. the call makes no sense. +

+ + @param action + action object to be executed + @param restriction + access control context to restrict permission; null for no restriction + @return + result + @throws com::sun::star::uno::Exception + any UNO exception may be thrown + */ + any doRestricted( + [in] XAction action, + [in] XAccessControlContext restriction ) + raises (com::sun::star::uno::Exception); + + /** Perform the specified action adding a set of permissions defined by the given + XAccessControlContext. + The action is performed with the union of the permissions of the currently installed + XAccessControlContext, the given XAccessControlContext and the security policy currently + in effect. The latter includes static security, e.g. based on user credentials. +

+ If the given XAccessControlContext is null, then the action is performed + only with the permissions of the security policy currently in effect. +

+ + @attention + Do carefully use this method only for well known use-cases to avoid exploits! + Script engines executing sandboxed scripts should generally deny calling this + method. + + @param action + action object to be executed + @param restriction + access control context to restrict permission; null for no restriction + @return + result + @throws com::sun::star::uno::Exception + any UNO exception may be thrown + */ + any doPrivileged( + [in] XAction action, + [in] XAccessControlContext restriction ) + raises (com::sun::star::uno::Exception); + + /** This method takes a "snapshot" of the current calling context + and returns it. +

+ This context may then be checked at a later point, possibly in another thread. +

+ @return + snapshot of context + */ + XAccessControlContext getContext(); +}; + + +}; }; }; }; + +#endif + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/udkapi/com/sun/star/security/XAction.idl b/udkapi/com/sun/star/security/XAction.idl new file mode 100644 index 000000000..dd6d2d492 --- /dev/null +++ b/udkapi/com/sun/star/security/XAction.idl @@ -0,0 +1,52 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ +#ifndef __com_sun_star_security_XAction_idl__ +#define __com_sun_star_security_XAction_idl__ + +#include +#include + + + +module com { module sun { module star { module security { + + +/** Interface for running an action. + + @since OOo 1.1.2 +*/ +published interface XAction : com::sun::star::uno::XInterface +{ + /** Action to be done. + + @return + result + @throws com::sun::star::uno::Exception + any UNO exception may be thrown + */ + any run() + raises (com::sun::star::uno::Exception); +}; + + +}; }; }; }; + +#endif + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/udkapi/com/sun/star/security/XPolicy.idl b/udkapi/com/sun/star/security/XPolicy.idl new file mode 100644 index 000000000..527c7f190 --- /dev/null +++ b/udkapi/com/sun/star/security/XPolicy.idl @@ -0,0 +1,62 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ +#ifndef __com_sun_star_security_XPolicy_idl__ +#define __com_sun_star_security_XPolicy_idl__ +#include + + +module com { module sun { module star { module security { + +/** Interface for getting sets of permissions of a specified user or + the default permissions if no user is given. + + @see com::sun::star::security::Policy + + @since OOo 1.1.2 +*/ +published interface XPolicy : com::sun::star::uno::XInterface +{ + /** Gets the permissions of the specified user excluding the default permissions + granted to all users. + + @param userId + user id + @return + permissions of the specified user + */ + sequence< any > getPermissions( + [in] string userId ); + + /** Gets the default permissions granted to all users. + + @return + default permissions + */ + sequence< any > getDefaultPermissions(); + + /** Refreshes the policy configuration. + */ + void refresh(); +}; + +}; }; }; }; + +#endif + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ -- cgit v1.2.3