1408a4873SAndrew Rist/************************************************************** 2cdf0e10cSrcweir * 3408a4873SAndrew Rist * Licensed to the Apache Software Foundation (ASF) under one 4408a4873SAndrew Rist * or more contributor license agreements. See the NOTICE file 5408a4873SAndrew Rist * distributed with this work for additional information 6408a4873SAndrew Rist * regarding copyright ownership. The ASF licenses this file 7408a4873SAndrew Rist * to you under the Apache License, Version 2.0 (the 8408a4873SAndrew Rist * "License"); you may not use this file except in compliance 9408a4873SAndrew Rist * with the License. You may obtain a copy of the License at 10cdf0e10cSrcweir * 11408a4873SAndrew Rist * http://www.apache.org/licenses/LICENSE-2.0 12cdf0e10cSrcweir * 13408a4873SAndrew Rist * Unless required by applicable law or agreed to in writing, 14408a4873SAndrew Rist * software distributed under the License is distributed on an 15408a4873SAndrew Rist * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16408a4873SAndrew Rist * KIND, either express or implied. See the License for the 17408a4873SAndrew Rist * specific language governing permissions and limitations 18408a4873SAndrew Rist * under the License. 19cdf0e10cSrcweir * 20408a4873SAndrew Rist *************************************************************/ 21408a4873SAndrew Rist 22408a4873SAndrew Rist 23cdf0e10cSrcweir#ifndef __com_sun_star_security_XAccessController_idl__ 24cdf0e10cSrcweir#define __com_sun_star_security_XAccessController_idl__ 25cdf0e10cSrcweir 26cdf0e10cSrcweir#ifndef __com_sun_star_uno_XInterface_idl__ 27cdf0e10cSrcweir#include <com/sun/star/uno/XInterface.idl> 28cdf0e10cSrcweir#endif 29cdf0e10cSrcweir#ifndef __com_sun_star_security_XAccessControlContext_idl__ 30cdf0e10cSrcweir#include <com/sun/star/security/XAccessControlContext.idl> 31cdf0e10cSrcweir#endif 32cdf0e10cSrcweir 33cdf0e10cSrcweir#ifndef __com_sun_star_security_XAction_idl__ 34cdf0e10cSrcweir#include <com/sun/star/security/XAction.idl> 35cdf0e10cSrcweir#endif 36cdf0e10cSrcweir 37cdf0e10cSrcweir#ifndef __com_sun_star_security_AccessControlException_idl__ 38cdf0e10cSrcweir#include <com/sun/star/security/AccessControlException.idl> 39cdf0e10cSrcweir#endif 40cdf0e10cSrcweir 41cdf0e10cSrcweir 42cdf0e10cSrcweir//============================================================================= 43cdf0e10cSrcweir 44cdf0e10cSrcweirmodule com { module sun { module star { module security { 45cdf0e10cSrcweir 46cdf0e10cSrcweir//============================================================================= 47cdf0e10cSrcweir 48cdf0e10cSrcweir/** Interface for checking permissions and invoking privileged or restricted 49cdf0e10cSrcweir actions. 50cdf0e10cSrcweir 51*95a17a32SJürgen Schmidt @since OpenOffice 1.1.2 52cdf0e10cSrcweir*/ 53cdf0e10cSrcweirpublished interface XAccessController : com::sun::star::uno::XInterface 54cdf0e10cSrcweir{ 55cdf0e10cSrcweir /** Determines whether the access request indicated by the specified 56cdf0e10cSrcweir permission should be allowed or denied, based on the security policy 57cdf0e10cSrcweir currently in effect. 58cdf0e10cSrcweir The semantics are equivalent to the security permission classes of 59cdf0e10cSrcweir the Java platform. 60cdf0e10cSrcweir <p> 61cdf0e10cSrcweir You can also pass a sequence of permissions (sequence< any >) to check 62cdf0e10cSrcweir a set of permissions, e.g. for performance reasons. 63cdf0e10cSrcweir This method quietly returns if the access request is permitted, 64cdf0e10cSrcweir or throws a suitable AccessControlException otherwise. 65cdf0e10cSrcweir </p> 66cdf0e10cSrcweir 67cdf0e10cSrcweir @param perm 68cdf0e10cSrcweir permission to be checked 69cdf0e10cSrcweir 70cdf0e10cSrcweir @throws AccessControlException 71cdf0e10cSrcweir thrown if access is denied 72cdf0e10cSrcweir 73cdf0e10cSrcweir @see ::com::sun::star::security::AccessControlException 74cdf0e10cSrcweir @see ::com::sun::star::security::AllPermission 75cdf0e10cSrcweir @see ::com::sun::star::security::RuntimePermission 76cdf0e10cSrcweir @see ::com::sun::star::io::FilePermission 77cdf0e10cSrcweir @see ::com::sun::star::connection::SocketPermission 78cdf0e10cSrcweir */ 79cdf0e10cSrcweir void checkPermission( 80cdf0e10cSrcweir [in] any perm ) 81cdf0e10cSrcweir raises (AccessControlException); 82cdf0e10cSrcweir 83cdf0e10cSrcweir /** Perform the specified action restricting permissions to the given 84cdf0e10cSrcweir XAccessControlContext. 85cdf0e10cSrcweir The action is performed with the intersection of the permissions of the currently installed 86cdf0e10cSrcweir XAccessControlContext, the given XAccessControlContext and the security policy currently 87cdf0e10cSrcweir in effect. The latter includes static security, e.g. based on user credentials. 88cdf0e10cSrcweir <p> 89cdf0e10cSrcweir If the specified XAccessControlContext is null, then the action is performed 90cdf0e10cSrcweir with unmodified permissions, i.e. the call makes no sense. 91cdf0e10cSrcweir </p> 92cdf0e10cSrcweir 93cdf0e10cSrcweir @param action 94cdf0e10cSrcweir action object to be executed 95cdf0e10cSrcweir @param restriction 96cdf0e10cSrcweir access control context to restrict permission; null for no restriction 97cdf0e10cSrcweir @return 98cdf0e10cSrcweir result 99cdf0e10cSrcweir @throws com::sun::star::uno::Exception 100cdf0e10cSrcweir any UNO exception may be thrown 101cdf0e10cSrcweir */ 102cdf0e10cSrcweir any doRestricted( 103cdf0e10cSrcweir [in] XAction action, 104cdf0e10cSrcweir [in] XAccessControlContext restriction ) 105cdf0e10cSrcweir raises (com::sun::star::uno::Exception); 106cdf0e10cSrcweir 107cdf0e10cSrcweir /** Perform the specified action adding a set of permissions defined by the given 108cdf0e10cSrcweir XAccessControlContext. 109cdf0e10cSrcweir The action is performed with the union of the permissions of the currently installed 110cdf0e10cSrcweir XAccessControlContext, the given XAccessControlContext and the security policy currently 111cdf0e10cSrcweir in effect. The latter includes static security, e.g. based on user credentials. 112cdf0e10cSrcweir <p> 113cdf0e10cSrcweir If the given XAccessControlContext is null, then the action is performed 114cdf0e10cSrcweir <b>only</b> with the permissions of the security policy currently in effect. 115cdf0e10cSrcweir </p> 116cdf0e10cSrcweir 117cdf0e10cSrcweir @attention 118cdf0e10cSrcweir Do carefully use this method only for well known use-cases to avoid exploits! 119cdf0e10cSrcweir Script engines executing sandboxed scripts should generally deny calling this 120cdf0e10cSrcweir method. 121cdf0e10cSrcweir 122cdf0e10cSrcweir @param action 123cdf0e10cSrcweir action object to be executed 124cdf0e10cSrcweir @param restriction 125cdf0e10cSrcweir access control context to restrict permission; null for no restriction 126cdf0e10cSrcweir @return 127cdf0e10cSrcweir result 128cdf0e10cSrcweir @throws com::sun::star::uno::Exception 129cdf0e10cSrcweir any UNO exception may be thrown 130cdf0e10cSrcweir */ 131cdf0e10cSrcweir any doPrivileged( 132cdf0e10cSrcweir [in] XAction action, 133cdf0e10cSrcweir [in] XAccessControlContext restriction ) 134cdf0e10cSrcweir raises (com::sun::star::uno::Exception); 135cdf0e10cSrcweir 136cdf0e10cSrcweir /** This method takes a "snapshot" of the current calling context 137cdf0e10cSrcweir and returns it. 138cdf0e10cSrcweir <p> 139cdf0e10cSrcweir This context may then be checked at a later point, possibly in another thread. 140cdf0e10cSrcweir </p> 141cdf0e10cSrcweir @return 142cdf0e10cSrcweir snapshot of context 143cdf0e10cSrcweir */ 144cdf0e10cSrcweir XAccessControlContext getContext(); 145cdf0e10cSrcweir}; 146cdf0e10cSrcweir 147cdf0e10cSrcweir//============================================================================= 148cdf0e10cSrcweir 149cdf0e10cSrcweir}; }; }; }; 150cdf0e10cSrcweir 151cdf0e10cSrcweir#endif 152