1/************************************************************** 2 * 3 * Licensed to the Apache Software Foundation (ASF) under one 4 * or more contributor license agreements. See the NOTICE file 5 * distributed with this work for additional information 6 * regarding copyright ownership. The ASF licenses this file 7 * to you under the Apache License, Version 2.0 (the 8 * "License"); you may not use this file except in compliance 9 * with the License. You may obtain a copy of the License at 10 * 11 * http://www.apache.org/licenses/LICENSE-2.0 12 * 13 * Unless required by applicable law or agreed to in writing, 14 * software distributed under the License is distributed on an 15 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16 * KIND, either express or implied. See the License for the 17 * specific language governing permissions and limitations 18 * under the License. 19 * 20 *************************************************************/ 21 22 23#ifndef __com_sun_star_security_XAccessController_idl__ 24#define __com_sun_star_security_XAccessController_idl__ 25 26#ifndef __com_sun_star_uno_XInterface_idl__ 27#include <com/sun/star/uno/XInterface.idl> 28#endif 29#ifndef __com_sun_star_security_XAccessControlContext_idl__ 30#include <com/sun/star/security/XAccessControlContext.idl> 31#endif 32 33#ifndef __com_sun_star_security_XAction_idl__ 34#include <com/sun/star/security/XAction.idl> 35#endif 36 37#ifndef __com_sun_star_security_AccessControlException_idl__ 38#include <com/sun/star/security/AccessControlException.idl> 39#endif 40 41 42//============================================================================= 43 44module com { module sun { module star { module security { 45 46//============================================================================= 47 48/** Interface for checking permissions and invoking privileged or restricted 49 actions. 50 51 @since OOo 1.1.2 52*/ 53published interface XAccessController : com::sun::star::uno::XInterface 54{ 55 /** Determines whether the access request indicated by the specified 56 permission should be allowed or denied, based on the security policy 57 currently in effect. 58 The semantics are equivalent to the security permission classes of 59 the Java platform. 60 <p> 61 You can also pass a sequence of permissions (sequence< any >) to check 62 a set of permissions, e.g. for performance reasons. 63 This method quietly returns if the access request is permitted, 64 or throws a suitable AccessControlException otherwise. 65 </p> 66 67 @param perm 68 permission to be checked 69 70 @throws AccessControlException 71 thrown if access is denied 72 73 @see ::com::sun::star::security::AccessControlException 74 @see ::com::sun::star::security::AllPermission 75 @see ::com::sun::star::security::RuntimePermission 76 @see ::com::sun::star::io::FilePermission 77 @see ::com::sun::star::connection::SocketPermission 78 */ 79 void checkPermission( 80 [in] any perm ) 81 raises (AccessControlException); 82 83 /** Perform the specified action restricting permissions to the given 84 XAccessControlContext. 85 The action is performed with the intersection of the permissions of the currently installed 86 XAccessControlContext, the given XAccessControlContext and the security policy currently 87 in effect. The latter includes static security, e.g. based on user credentials. 88 <p> 89 If the specified XAccessControlContext is null, then the action is performed 90 with unmodified permissions, i.e. the call makes no sense. 91 </p> 92 93 @param action 94 action object to be executed 95 @param restriction 96 access control context to restrict permission; null for no restriction 97 @return 98 result 99 @throws com::sun::star::uno::Exception 100 any UNO exception may be thrown 101 */ 102 any doRestricted( 103 [in] XAction action, 104 [in] XAccessControlContext restriction ) 105 raises (com::sun::star::uno::Exception); 106 107 /** Perform the specified action adding a set of permissions defined by the given 108 XAccessControlContext. 109 The action is performed with the union of the permissions of the currently installed 110 XAccessControlContext, the given XAccessControlContext and the security policy currently 111 in effect. The latter includes static security, e.g. based on user credentials. 112 <p> 113 If the given XAccessControlContext is null, then the action is performed 114 <b>only</b> with the permissions of the security policy currently in effect. 115 </p> 116 117 @attention 118 Do carefully use this method only for well known use-cases to avoid exploits! 119 Script engines executing sandboxed scripts should generally deny calling this 120 method. 121 122 @param action 123 action object to be executed 124 @param restriction 125 access control context to restrict permission; null for no restriction 126 @return 127 result 128 @throws com::sun::star::uno::Exception 129 any UNO exception may be thrown 130 */ 131 any doPrivileged( 132 [in] XAction action, 133 [in] XAccessControlContext restriction ) 134 raises (com::sun::star::uno::Exception); 135 136 /** This method takes a "snapshot" of the current calling context 137 and returns it. 138 <p> 139 This context may then be checked at a later point, possibly in another thread. 140 </p> 141 @return 142 snapshot of context 143 */ 144 XAccessControlContext getContext(); 145}; 146 147//============================================================================= 148 149}; }; }; }; 150 151#endif 152