diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 09:06:44 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 09:06:44 +0000 |
commit | ed5640d8b587fbcfed7dd7967f3de04b37a76f26 (patch) | |
tree | 7a5f7c6c9d02226d7471cb3cc8fbbf631b415303 /udkapi/com/sun/star/security | |
parent | Initial commit. (diff) | |
download | libreoffice-upstream/4%7.4.7.tar.xz libreoffice-upstream/4%7.4.7.zip |
Adding upstream version 4:7.4.7.upstream/4%7.4.7upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'udkapi/com/sun/star/security')
-rw-r--r-- | udkapi/com/sun/star/security/AccessControlException.idl | 51 | ||||
-rw-r--r-- | udkapi/com/sun/star/security/AccessController.idl | 49 | ||||
-rw-r--r-- | udkapi/com/sun/star/security/AllPermission.idl | 47 | ||||
-rw-r--r-- | udkapi/com/sun/star/security/Policy.idl | 37 | ||||
-rw-r--r-- | udkapi/com/sun/star/security/RuntimePermission.idl | 43 | ||||
-rw-r--r-- | udkapi/com/sun/star/security/XAccessControlContext.idl | 78 | ||||
-rw-r--r-- | udkapi/com/sun/star/security/XAccessController.idl | 136 | ||||
-rw-r--r-- | udkapi/com/sun/star/security/XAction.idl | 52 | ||||
-rw-r--r-- | udkapi/com/sun/star/security/XPolicy.idl | 62 |
9 files changed, 555 insertions, 0 deletions
diff --git a/udkapi/com/sun/star/security/AccessControlException.idl b/udkapi/com/sun/star/security/AccessControlException.idl new file mode 100644 index 000000000..bf429351c --- /dev/null +++ b/udkapi/com/sun/star/security/AccessControlException.idl @@ -0,0 +1,51 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ +#ifndef __com_sun_star_security_AccessControlException_idl__ +#define __com_sun_star_security_AccessControlException_idl__ + +#include <com/sun/star/uno/SecurityException.idl> + + +module com { module sun { module star { module security { + + +/** Exception notifying a lacking permission to access data or execute code + thus it is thrown if permission ought to be denied. + + @since OOo 1.1.2 +*/ +published exception AccessControlException : com::sun::star::uno::SecurityException +{ + /** lacking permission. + + @attention + If it is the case, that XAccessController::checkPermission() was called + passing a sequence< any >, i.e. a sequence of permissions are demanded, + then this any holds the sequence of lacking permissions in the same + order as they were passed to XAccessController::checkPermission(). + */ + any LackingPermission; +}; + + +}; }; }; }; + +#endif + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/udkapi/com/sun/star/security/AccessController.idl b/udkapi/com/sun/star/security/AccessController.idl new file mode 100644 index 000000000..7b15eaf45 --- /dev/null +++ b/udkapi/com/sun/star/security/AccessController.idl @@ -0,0 +1,49 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ +#ifndef __com_sun_star_security_AccessController_idl__ +#define __com_sun_star_security_AccessController_idl__ + +#include <com/sun/star/security/XAccessController.idl> + + + +module com { module sun { module star { module security { + +/** This meta service supports the XAccessController interface for checking + security permissions. + + @attention + The specific service implementation of this meta service has to take care + of bootstrapping problems, i.e. recurring calls during initialization + have to be resolved. This happens when the implementation calls other + service implementations. + + Also, it obviously has also to be ensured that the object is process-local + to assure that permission checks are not corrupted via insecure inter-process + communication. + + @since OOo 1.1.2 +*/ +published service AccessController : XAccessController; + +}; }; }; }; + +#endif + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/udkapi/com/sun/star/security/AllPermission.idl b/udkapi/com/sun/star/security/AllPermission.idl new file mode 100644 index 000000000..0817f785d --- /dev/null +++ b/udkapi/com/sun/star/security/AllPermission.idl @@ -0,0 +1,47 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ +#ifndef __com_sun_star_security_AllPermission_idl__ +#define __com_sun_star_security_AllPermission_idl__ + +module com { module sun { module star { module security { + + +/** The AllPermission is a permission that implies all other permissions. + + @attention + Granting AllPermission should be done with extreme care, as it implies all + other permissions. Thus, it grants code the ability to run with security + disabled. Extreme caution should be taken before granting such a + permission to code. This permission should be used only during testing, + or in extremely rare cases where an application is completely trusted and + adding the necessary permissions to the policy is prohibitively cumbersome. + + @since OOo 1.1.2 +*/ +published struct AllPermission +{ + byte dummy; +}; + + +}; }; }; }; + +#endif + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/udkapi/com/sun/star/security/Policy.idl b/udkapi/com/sun/star/security/Policy.idl new file mode 100644 index 000000000..38ef5f742 --- /dev/null +++ b/udkapi/com/sun/star/security/Policy.idl @@ -0,0 +1,37 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ +#ifndef __com_sun_star_security_Policy_idl__ +#define __com_sun_star_security_Policy_idl__ +#include <com/sun/star/security/XPolicy.idl> + + +module com { module sun { module star { module security { + +/** Service for getting sets of permissions reading from some persistent + storage. + + @since OOo 1.1.2 +*/ +published service Policy : XPolicy; + +}; }; }; }; + +#endif + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/udkapi/com/sun/star/security/RuntimePermission.idl b/udkapi/com/sun/star/security/RuntimePermission.idl new file mode 100644 index 000000000..cd209942e --- /dev/null +++ b/udkapi/com/sun/star/security/RuntimePermission.idl @@ -0,0 +1,43 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ +#ifndef __com_sun_star_security_RuntimePermission_idl__ +#define __com_sun_star_security_RuntimePermission_idl__ + +module com { module sun { module star { module security { + + +/** This permission grants runtime access to some named functionality. + A RuntimePermission contains a name (also referred to as a "target name") + but no actions list; you either have the named permission or you don't. + + @since OOo 1.1.2 +*/ +published struct RuntimePermission +{ + /** name of permission + */ + string Name; +}; + + +}; }; }; }; + +#endif + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/udkapi/com/sun/star/security/XAccessControlContext.idl b/udkapi/com/sun/star/security/XAccessControlContext.idl new file mode 100644 index 000000000..98afc0af4 --- /dev/null +++ b/udkapi/com/sun/star/security/XAccessControlContext.idl @@ -0,0 +1,78 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ +#ifndef __com_sun_star_security_XAccessControlContext_idl__ +#define __com_sun_star_security_XAccessControlContext_idl__ + +#include <com/sun/star/uno/XInterface.idl> +#include <com/sun/star/security/AccessControlException.idl> + + + +module com { module sun { module star { module security { + + +/** An XAccessControlContext is used to make system resource access decisions + based on the context it encapsulates. + <p> + More specifically, it encapsulates a context and has methods to check + permissions equivalent to XAccessController interface, + with one difference: + The XAccessControlContext makes access decisions + based on the context it encapsulates, rather than + that of the current execution thread. + </p> + + @since OOo 1.1.2 +*/ +published interface XAccessControlContext : com::sun::star::uno::XInterface +{ + /** Determines whether the access request indicated by the specified + permission should be allowed or denied, based on this context. + The semantics are equivalent to the security permission classes of + the Java platform. + <p> + You can also pass a sequence of permissions (sequence< any >) to check + a set of permissions, e.g. for performance reasons. + This method quietly returns if the access request is permitted, + or throws a suitable AccessControlException otherwise. + </p> + + @param perm + permission to be checked + + @throws AccessControlException + thrown if access is denied + + @see ::com::sun::star::security::AccessControlException + @see ::com::sun::star::security::AllPermission + @see ::com::sun::star::security::RuntimePermission + @see ::com::sun::star::io::FilePermission + @see ::com::sun::star::connection::SocketPermission + */ + void checkPermission( + [in] any perm ) + raises (AccessControlException); +}; + + +}; }; }; }; + +#endif + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/udkapi/com/sun/star/security/XAccessController.idl b/udkapi/com/sun/star/security/XAccessController.idl new file mode 100644 index 000000000..ad792b000 --- /dev/null +++ b/udkapi/com/sun/star/security/XAccessController.idl @@ -0,0 +1,136 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ +#ifndef __com_sun_star_security_XAccessController_idl__ +#define __com_sun_star_security_XAccessController_idl__ + +#include <com/sun/star/uno/XInterface.idl> +#include <com/sun/star/security/XAccessControlContext.idl> +#include <com/sun/star/security/XAction.idl> +#include <com/sun/star/security/AccessControlException.idl> + + + +module com { module sun { module star { module security { + + +/** Interface for checking permissions and invoking privileged or restricted + actions. + + @since OOo 1.1.2 +*/ +published interface XAccessController : com::sun::star::uno::XInterface +{ + /** Determines whether the access request indicated by the specified + permission should be allowed or denied, based on the security policy + currently in effect. + The semantics are equivalent to the security permission classes of + the Java platform. + <p> + You can also pass a sequence of permissions (sequence< any >) to check + a set of permissions, e.g. for performance reasons. + This method quietly returns if the access request is permitted, + or throws a suitable AccessControlException otherwise. + </p> + + @param perm + permission to be checked + + @throws AccessControlException + thrown if access is denied + + @see ::com::sun::star::security::AccessControlException + @see ::com::sun::star::security::AllPermission + @see ::com::sun::star::security::RuntimePermission + @see ::com::sun::star::io::FilePermission + @see ::com::sun::star::connection::SocketPermission + */ + void checkPermission( + [in] any perm ) + raises (AccessControlException); + + /** Perform the specified action restricting permissions to the given + XAccessControlContext. + The action is performed with the intersection of the permissions of the currently installed + XAccessControlContext, the given XAccessControlContext and the security policy currently + in effect. The latter includes static security, e.g. based on user credentials. + <p> + If the specified XAccessControlContext is null, then the action is performed + with unmodified permissions, i.e. the call makes no sense. + </p> + + @param action + action object to be executed + @param restriction + access control context to restrict permission; null for no restriction + @return + result + @throws com::sun::star::uno::Exception + any UNO exception may be thrown + */ + any doRestricted( + [in] XAction action, + [in] XAccessControlContext restriction ) + raises (com::sun::star::uno::Exception); + + /** Perform the specified action adding a set of permissions defined by the given + XAccessControlContext. + The action is performed with the union of the permissions of the currently installed + XAccessControlContext, the given XAccessControlContext and the security policy currently + in effect. The latter includes static security, e.g. based on user credentials. + <p> + If the given XAccessControlContext is null, then the action is performed + <b>only</b> with the permissions of the security policy currently in effect. + </p> + + @attention + Do carefully use this method only for well known use-cases to avoid exploits! + Script engines executing sandboxed scripts should generally deny calling this + method. + + @param action + action object to be executed + @param restriction + access control context to restrict permission; null for no restriction + @return + result + @throws com::sun::star::uno::Exception + any UNO exception may be thrown + */ + any doPrivileged( + [in] XAction action, + [in] XAccessControlContext restriction ) + raises (com::sun::star::uno::Exception); + + /** This method takes a "snapshot" of the current calling context + and returns it. + <p> + This context may then be checked at a later point, possibly in another thread. + </p> + @return + snapshot of context + */ + XAccessControlContext getContext(); +}; + + +}; }; }; }; + +#endif + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/udkapi/com/sun/star/security/XAction.idl b/udkapi/com/sun/star/security/XAction.idl new file mode 100644 index 000000000..dd6d2d492 --- /dev/null +++ b/udkapi/com/sun/star/security/XAction.idl @@ -0,0 +1,52 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ +#ifndef __com_sun_star_security_XAction_idl__ +#define __com_sun_star_security_XAction_idl__ + +#include <com/sun/star/uno/XInterface.idl> +#include <com/sun/star/uno/Exception.idl> + + + +module com { module sun { module star { module security { + + +/** Interface for running an action. + + @since OOo 1.1.2 +*/ +published interface XAction : com::sun::star::uno::XInterface +{ + /** Action to be done. + + @return + result + @throws com::sun::star::uno::Exception + any UNO exception may be thrown + */ + any run() + raises (com::sun::star::uno::Exception); +}; + + +}; }; }; }; + +#endif + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/udkapi/com/sun/star/security/XPolicy.idl b/udkapi/com/sun/star/security/XPolicy.idl new file mode 100644 index 000000000..527c7f190 --- /dev/null +++ b/udkapi/com/sun/star/security/XPolicy.idl @@ -0,0 +1,62 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This file incorporates work covered by the following license notice: + * + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed + * with this work for additional information regarding copyright + * ownership. The ASF licenses this file to you under the Apache + * License, Version 2.0 (the "License"); you may not use this file + * except in compliance with the License. You may obtain a copy of + * the License at http://www.apache.org/licenses/LICENSE-2.0 . + */ +#ifndef __com_sun_star_security_XPolicy_idl__ +#define __com_sun_star_security_XPolicy_idl__ +#include <com/sun/star/uno/XInterface.idl> + + +module com { module sun { module star { module security { + +/** Interface for getting sets of permissions of a specified user or + the default permissions if no user is given. + + @see com::sun::star::security::Policy + + @since OOo 1.1.2 +*/ +published interface XPolicy : com::sun::star::uno::XInterface +{ + /** Gets the permissions of the specified user excluding the default permissions + granted to all users. + + @param userId + user id + @return + permissions of the specified user + */ + sequence< any > getPermissions( + [in] string userId ); + + /** Gets the default permissions granted to all users. + + @return + default permissions + */ + sequence< any > getDefaultPermissions(); + + /** Refreshes the policy configuration. + */ + void refresh(); +}; + +}; }; }; }; + +#endif + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ |