diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-15 05:54:39 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-15 05:54:39 +0000 |
commit | 267c6f2ac71f92999e969232431ba04678e7437e (patch) | |
tree | 358c9467650e1d0a1d7227a21dac2e3d08b622b2 /udkapi/com/sun/star/security | |
parent | Initial commit. (diff) | |
download | libreoffice-267c6f2ac71f92999e969232431ba04678e7437e.tar.xz libreoffice-267c6f2ac71f92999e969232431ba04678e7437e.zip |
Adding upstream version 4:24.2.0.upstream/4%24.2.0
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'udkapi/com/sun/star/security')
-rw-r--r-- | udkapi/com/sun/star/security/AccessControlException.idl | 45 | ||||
-rw-r--r-- | udkapi/com/sun/star/security/AccessController.idl | 43 | ||||
-rw-r--r-- | udkapi/com/sun/star/security/AllPermission.idl | 43 | ||||
-rw-r--r-- | udkapi/com/sun/star/security/Policy.idl | 32 | ||||
-rw-r--r-- | udkapi/com/sun/star/security/RuntimePermission.idl | 39 | ||||
-rw-r--r-- | udkapi/com/sun/star/security/XAccessControlContext.idl | 71 | ||||
-rw-r--r-- | udkapi/com/sun/star/security/XAccessController.idl | 127 | ||||
-rw-r--r-- | udkapi/com/sun/star/security/XAction.idl | 45 | ||||
-rw-r--r-- | udkapi/com/sun/star/security/XPolicy.idl | 57 |
9 files changed, 502 insertions, 0 deletions
diff --git a/udkapi/com/sun/star/security/AccessControlException.idl b/udkapi/com/sun/star/security/AccessControlException.idl new file mode 100644 index 0000000000..84b5e29be0 --- /dev/null +++ b/udkapi/com/sun/star/security/AccessControlException.idl @@ -0,0 +1,45 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ + + +module com { module sun { module star { module security { + + +/** Exception notifying a lacking permission to access data or execute code + thus it is thrown if permission ought to be denied. + + @since OOo 1.1.2 +*/ +published exception AccessControlException : com::sun::star::uno::SecurityException +{ + /** lacking permission. + + @attention + If it is the case, that XAccessController::checkPermission() was called + passing a sequence< any >, i.e. a sequence of permissions are demanded, + then this any holds the sequence of lacking permissions in the same + order as they were passed to XAccessController::checkPermission(). + */ + any LackingPermission; +}; + + +}; }; }; }; + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/udkapi/com/sun/star/security/AccessController.idl b/udkapi/com/sun/star/security/AccessController.idl new file mode 100644 index 0000000000..d5dd2f1054 --- /dev/null +++ b/udkapi/com/sun/star/security/AccessController.idl @@ -0,0 +1,43 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ + + + +module com { module sun { module star { module security { + +/** This meta service supports the XAccessController interface for checking + security permissions. + + @attention + The specific service implementation of this meta service has to take care + of bootstrapping problems, i.e. recurring calls during initialization + have to be resolved. This happens when the implementation calls other + service implementations. + + Also, it obviously has also to be ensured that the object is process-local + to assure that permission checks are not corrupted via insecure inter-process + communication. + + @since OOo 1.1.2 +*/ +published service AccessController : XAccessController; + +}; }; }; }; + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/udkapi/com/sun/star/security/AllPermission.idl b/udkapi/com/sun/star/security/AllPermission.idl new file mode 100644 index 0000000000..7c916c69f0 --- /dev/null +++ b/udkapi/com/sun/star/security/AllPermission.idl @@ -0,0 +1,43 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ + +module com { module sun { module star { module security { + + +/** The AllPermission is a permission that implies all other permissions. + + @attention + Granting AllPermission should be done with extreme care, as it implies all + other permissions. Thus, it grants code the ability to run with security + disabled. Extreme caution should be taken before granting such a + permission to code. This permission should be used only during testing, + or in extremely rare cases where an application is completely trusted and + adding the necessary permissions to the policy is prohibitively cumbersome. + + @since OOo 1.1.2 +*/ +published struct AllPermission +{ + byte dummy; +}; + + +}; }; }; }; + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/udkapi/com/sun/star/security/Policy.idl b/udkapi/com/sun/star/security/Policy.idl new file mode 100644 index 0000000000..ac0f5ecd61 --- /dev/null +++ b/udkapi/com/sun/star/security/Policy.idl @@ -0,0 +1,32 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ + + +module com { module sun { module star { module security { + +/** Service for getting sets of permissions reading from some persistent + storage. + + @since OOo 1.1.2 +*/ +published service Policy : XPolicy; + +}; }; }; }; + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/udkapi/com/sun/star/security/RuntimePermission.idl b/udkapi/com/sun/star/security/RuntimePermission.idl new file mode 100644 index 0000000000..e918a038ec --- /dev/null +++ b/udkapi/com/sun/star/security/RuntimePermission.idl @@ -0,0 +1,39 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ + +module com { module sun { module star { module security { + + +/** This permission grants runtime access to some named functionality. + A RuntimePermission contains a name (also referred to as a "target name") + but no actions list; you either have the named permission or you don't. + + @since OOo 1.1.2 +*/ +published struct RuntimePermission +{ + /** name of permission + */ + string Name; +}; + + +}; }; }; }; + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/udkapi/com/sun/star/security/XAccessControlContext.idl b/udkapi/com/sun/star/security/XAccessControlContext.idl new file mode 100644 index 0000000000..b6ed5b8688 --- /dev/null +++ b/udkapi/com/sun/star/security/XAccessControlContext.idl @@ -0,0 +1,71 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ + + + +module com { module sun { module star { module security { + + +/** An XAccessControlContext is used to make system resource access decisions + based on the context it encapsulates. + <p> + More specifically, it encapsulates a context and has methods to check + permissions equivalent to XAccessController interface, + with one difference: + The XAccessControlContext makes access decisions + based on the context it encapsulates, rather than + that of the current execution thread. + </p> + + @since OOo 1.1.2 +*/ +published interface XAccessControlContext : com::sun::star::uno::XInterface +{ + /** Determines whether the access request indicated by the specified + permission should be allowed or denied, based on this context. + The semantics are equivalent to the security permission classes of + the Java platform. + <p> + You can also pass a sequence of permissions (sequence< any >) to check + a set of permissions, e.g. for performance reasons. + This method quietly returns if the access request is permitted, + or throws a suitable AccessControlException otherwise. + </p> + + @param perm + permission to be checked + + @throws AccessControlException + thrown if access is denied + + @see ::com::sun::star::security::AccessControlException + @see ::com::sun::star::security::AllPermission + @see ::com::sun::star::security::RuntimePermission + @see ::com::sun::star::io::FilePermission + @see ::com::sun::star::connection::SocketPermission + */ + void checkPermission( + [in] any perm ) + raises (AccessControlException); +}; + + +}; }; }; }; + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/udkapi/com/sun/star/security/XAccessController.idl b/udkapi/com/sun/star/security/XAccessController.idl new file mode 100644 index 0000000000..50c1a38af5 --- /dev/null +++ b/udkapi/com/sun/star/security/XAccessController.idl @@ -0,0 +1,127 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ + + + +module com { module sun { module star { module security { + + +/** Interface for checking permissions and invoking privileged or restricted + actions. + + @since OOo 1.1.2 +*/ +published interface XAccessController : com::sun::star::uno::XInterface +{ + /** Determines whether the access request indicated by the specified + permission should be allowed or denied, based on the security policy + currently in effect. + The semantics are equivalent to the security permission classes of + the Java platform. + <p> + You can also pass a sequence of permissions (sequence< any >) to check + a set of permissions, e.g. for performance reasons. + This method quietly returns if the access request is permitted, + or throws a suitable AccessControlException otherwise. + </p> + + @param perm + permission to be checked + + @throws AccessControlException + thrown if access is denied + + @see ::com::sun::star::security::AccessControlException + @see ::com::sun::star::security::AllPermission + @see ::com::sun::star::security::RuntimePermission + @see ::com::sun::star::io::FilePermission + @see ::com::sun::star::connection::SocketPermission + */ + void checkPermission( + [in] any perm ) + raises (AccessControlException); + + /** Perform the specified action restricting permissions to the given + XAccessControlContext. + The action is performed with the intersection of the permissions of the currently installed + XAccessControlContext, the given XAccessControlContext and the security policy currently + in effect. The latter includes static security, e.g. based on user credentials. + <p> + If the specified XAccessControlContext is null, then the action is performed + with unmodified permissions, i.e. the call makes no sense. + </p> + + @param action + action object to be executed + @param restriction + access control context to restrict permission; null for no restriction + @return + result + @throws com::sun::star::uno::Exception + any UNO exception may be thrown + */ + any doRestricted( + [in] XAction action, + [in] XAccessControlContext restriction ) + raises (com::sun::star::uno::Exception); + + /** Perform the specified action adding a set of permissions defined by the given + XAccessControlContext. + The action is performed with the union of the permissions of the currently installed + XAccessControlContext, the given XAccessControlContext and the security policy currently + in effect. The latter includes static security, e.g. based on user credentials. + <p> + If the given XAccessControlContext is null, then the action is performed + <b>only</b> with the permissions of the security policy currently in effect. + </p> + + @attention + Do carefully use this method only for well known use-cases to avoid exploits! + Script engines executing sandboxed scripts should generally deny calling this + method. + + @param action + action object to be executed + @param restriction + access control context to restrict permission; null for no restriction + @return + result + @throws com::sun::star::uno::Exception + any UNO exception may be thrown + */ + any doPrivileged( + [in] XAction action, + [in] XAccessControlContext restriction ) + raises (com::sun::star::uno::Exception); + + /** This method takes a "snapshot" of the current calling context + and returns it. + <p> + This context may then be checked at a later point, possibly in another thread. + </p> + @return + snapshot of context + */ + XAccessControlContext getContext(); +}; + + +}; }; }; }; + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/udkapi/com/sun/star/security/XAction.idl b/udkapi/com/sun/star/security/XAction.idl new file mode 100644 index 0000000000..259950be8e --- /dev/null +++ b/udkapi/com/sun/star/security/XAction.idl @@ -0,0 +1,45 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ + + + +module com { module sun { module star { module security { + + +/** Interface for running an action. + + @since OOo 1.1.2 +*/ +published interface XAction : com::sun::star::uno::XInterface +{ + /** Action to be done. + + @return + result + @throws com::sun::star::uno::Exception + any UNO exception may be thrown + */ + any run() + raises (com::sun::star::uno::Exception); +}; + + +}; }; }; }; + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/udkapi/com/sun/star/security/XPolicy.idl b/udkapi/com/sun/star/security/XPolicy.idl new file mode 100644 index 0000000000..4d42e7fea2 --- /dev/null +++ b/udkapi/com/sun/star/security/XPolicy.idl @@ -0,0 +1,57 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ + + +module com { module sun { module star { module security { + +/** Interface for getting sets of permissions of a specified user or + the default permissions if no user is given. + + @see com::sun::star::security::Policy + + @since OOo 1.1.2 +*/ +published interface XPolicy : com::sun::star::uno::XInterface +{ + /** Gets the permissions of the specified user excluding the default permissions + granted to all users. + + @param userId + user id + @return + permissions of the specified user + */ + sequence< any > getPermissions( + [in] string userId ); + + /** Gets the default permissions granted to all users. + + @return + default permissions + */ + sequence< any > getDefaultPermissions(); + + /** Refreshes the policy configuration. + */ + void refresh(); +}; + +}; }; }; }; + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ |