LibreOffice Module stoc (master) 1
access_controller.cxx
Go to the documentation of this file.
1/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2/*
3 * This file is part of the LibreOffice project.
4 *
5 * This Source Code Form is subject to the terms of the Mozilla Public
6 * License, v. 2.0. If a copy of the MPL was not distributed with this
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
8 *
9 * This file incorporates work covered by the following license notice:
10 *
11 * Licensed to the Apache Software Foundation (ASF) under one or more
12 * contributor license agreements. See the NOTICE file distributed
13 * with this work for additional information regarding copyright
14 * ownership. The ASF licenses this file to you under the Apache
15 * License, Version 2.0 (the "License"); you may not use this file
16 * except in compliance with the License. You may obtain a copy of
17 * the License at http://www.apache.org/licenses/LICENSE-2.0 .
18 */
19
20
21#include <utility>
22#include <vector>
23
24#include <osl/diagnose.h>
25#include <osl/mutex.hxx>
26#include <osl/thread.hxx>
27
28#include <rtl/ustrbuf.hxx>
29#include <sal/log.hxx>
30
31#include <uno/current_context.h>
32#include <uno/lbnames.h>
33
34#include <cppuhelper/basemutex.hxx>
35#include <cppuhelper/implbase.hxx>
36#include <cppuhelper/compbase.hxx>
37#include <cppuhelper/supportsservice.hxx>
38
39#include <com/sun/star/uno/XCurrentContext.hpp>
40#include <com/sun/star/uno/DeploymentException.hpp>
41#include <com/sun/star/uno/XComponentContext.hpp>
42#include <com/sun/star/lang/DisposedException.hpp>
43#include <com/sun/star/lang/XServiceInfo.hpp>
44#include <com/sun/star/lang/XInitialization.hpp>
45#include <com/sun/star/security/XAccessController.hpp>
46#include <com/sun/star/security/XPolicy.hpp>
47
48#include "lru_cache.h"
49#include "permissions.h"
50
51#include <memory>
52
53constexpr OUStringLiteral SERVICE_NAME = u"com.sun.star.security.AccessController";
54constexpr OUStringLiteral USER_CREDS = u"access-control.user-credentials.id";
55
56
57using namespace ::osl;
58using namespace ::cppu;
59using namespace ::com::sun::star;
60using namespace css::uno;
61using namespace stoc_sec;
62
63namespace {
64
65// static stuff initialized when loading lib
66OUString s_envType = CPPU_CURRENT_LANGUAGE_BINDING_NAME;
67constexpr OUStringLiteral s_acRestriction = u"access-control.restriction";
68
69
72class acc_Intersection
73 : public WeakImplHelper< security::XAccessControlContext >
74{
75 Reference< security::XAccessControlContext > m_x1, m_x2;
76
77 acc_Intersection(
78 Reference< security::XAccessControlContext > const & x1,
79 Reference< security::XAccessControlContext > const & x2 );
80
81public:
82 static Reference< security::XAccessControlContext > create(
83 Reference< security::XAccessControlContext > const & x1,
84 Reference< security::XAccessControlContext > const & x2 );
85
86 // XAccessControlContext impl
87 virtual void SAL_CALL checkPermission(
88 Any const & perm ) override;
89};
90
91acc_Intersection::acc_Intersection(
92 Reference< security::XAccessControlContext > const & x1,
93 Reference< security::XAccessControlContext > const & x2 )
94 : m_x1( x1 )
95 , m_x2( x2 )
96{}
97
98Reference< security::XAccessControlContext > acc_Intersection::create(
99 Reference< security::XAccessControlContext > const & x1,
100 Reference< security::XAccessControlContext > const & x2 )
101{
102 if (! x1.is())
103 return x2;
104 if (! x2.is())
105 return x1;
106 return new acc_Intersection( x1, x2 );
107}
108
109void acc_Intersection::checkPermission(
110 Any const & perm )
111{
112 m_x1->checkPermission( perm );
113 m_x2->checkPermission( perm );
114}
115
118class acc_Union
119 : public WeakImplHelper< security::XAccessControlContext >
120{
121 Reference< security::XAccessControlContext > m_x1, m_x2;
122
123 acc_Union(
124 Reference< security::XAccessControlContext > const & x1,
125 Reference< security::XAccessControlContext > const & x2 );
126
127public:
128 static Reference< security::XAccessControlContext > create(
129 Reference< security::XAccessControlContext > const & x1,
130 Reference< security::XAccessControlContext > const & x2 );
131
132 // XAccessControlContext impl
133 virtual void SAL_CALL checkPermission(
134 Any const & perm ) override;
135};
136
137acc_Union::acc_Union(
138 Reference< security::XAccessControlContext > const & x1,
139 Reference< security::XAccessControlContext > const & x2 )
140 : m_x1( x1 )
141 , m_x2( x2 )
142{}
143
144Reference< security::XAccessControlContext > acc_Union::create(
145 Reference< security::XAccessControlContext > const & x1,
146 Reference< security::XAccessControlContext > const & x2 )
147{
148 if (! x1.is())
149 return Reference< security::XAccessControlContext >(); // unrestricted
150 if (! x2.is())
151 return Reference< security::XAccessControlContext >(); // unrestricted
152 return new acc_Union( x1, x2 );
153}
154
155void acc_Union::checkPermission(
156 Any const & perm )
157{
158 try
159 {
160 m_x1->checkPermission( perm );
161 }
162 catch (security::AccessControlException &)
163 {
164 m_x2->checkPermission( perm );
165 }
166}
167
170class acc_Policy
171 : public WeakImplHelper< security::XAccessControlContext >
172{
173 PermissionCollection m_permissions;
174
175public:
176 explicit acc_Policy(
177 PermissionCollection permissions )
178 : m_permissions(std::move( permissions ))
179 {}
180
181 // XAccessControlContext impl
182 virtual void SAL_CALL checkPermission(
183 Any const & perm ) override;
184};
185
186void acc_Policy::checkPermission(
187 Any const & perm )
188{
189 m_permissions.checkPermission( perm );
190}
191
194class acc_CurrentContext
195 : public WeakImplHelper< XCurrentContext >
196{
197 Reference< XCurrentContext > m_xDelegate;
198 Any m_restriction;
199
200public:
201 acc_CurrentContext(
202 Reference< XCurrentContext > const & xDelegate,
203 Reference< security::XAccessControlContext > const & xRestriction );
204
205 // XCurrentContext impl
206 virtual Any SAL_CALL getValueByName( OUString const & name ) override;
207};
208
209acc_CurrentContext::acc_CurrentContext(
210 Reference< XCurrentContext > const & xDelegate,
211 Reference< security::XAccessControlContext > const & xRestriction )
212 : m_xDelegate( xDelegate )
213{
214 if (xRestriction.is())
215 {
216 m_restriction <<= xRestriction;
217 }
218 // return empty any otherwise on getValueByName(), not null interface
219}
220
221Any acc_CurrentContext::getValueByName( OUString const & name )
222{
223 if (name == s_acRestriction)
224 {
225 return m_restriction;
226 }
227 else if (m_xDelegate.is())
228 {
229 return m_xDelegate->getValueByName( name );
230 }
231 else
232 {
233 return Any();
234 }
235}
236
237
238Reference< security::XAccessControlContext > getDynamicRestriction(
239 Reference< XCurrentContext > const & xContext )
240{
241 if (xContext.is())
242 {
243 Any acc(xContext->getValueByName(s_acRestriction));
244 if (typelib_TypeClass_INTERFACE == acc.pType->eTypeClass)
245 {
246 // avoid ref-counting
247 OUString const & typeName =
248 OUString::unacquired( &acc.pType->pTypeName );
249 if ( typeName == "com.sun.star.security.XAccessControlContext" )
250 {
251 return Reference< security::XAccessControlContext >(
252 *static_cast< security::XAccessControlContext ** >( acc.pData ) );
253 }
254 else // try to query
255 {
256 return Reference< security::XAccessControlContext >::query(
257 *static_cast< XInterface ** >( acc.pData ) );
258 }
259 }
260 }
261 return Reference< security::XAccessControlContext >();
262}
263
264class cc_reset
265{
266 void * m_cc;
267public:
268 explicit cc_reset( void * cc )
269 : m_cc( cc ) {}
270 ~cc_reset()
271 { ::uno_setCurrentContext( m_cc, s_envType.pData, nullptr ); }
272};
273
274typedef WeakComponentImplHelper<
275 security::XAccessController, lang::XServiceInfo, lang::XInitialization > t_helper;
276
277
278class AccessController
279 : public cppu::BaseMutex
280 , public t_helper
281{
282 Reference< XComponentContext > m_xComponentContext;
283
284 Reference< security::XPolicy > m_xPolicy;
285 Reference< security::XPolicy > const & getPolicy();
286
287 // mode
288 enum class Mode { Off, On, DynamicOnly, SingleUser, SingleDefaultUser };
289 Mode m_mode;
290
291 PermissionCollection m_defaultPermissions;
292 // for single-user mode
293 PermissionCollection m_singleUserPermissions;
294 OUString m_singleUserId;
295 bool m_defaultPerm_init;
296 bool m_singleUser_init;
297 // for multi-user mode
298 lru_cache< OUString, PermissionCollection, OUStringHash, std::equal_to< OUString > >
299 m_user2permissions;
300
301 ThreadData m_rec;
302 typedef std::vector< std::pair< OUString, Any > > t_rec_vec;
303 void clearPostPoned();
304 void checkAndClearPostPoned();
305
306 PermissionCollection getEffectivePermissions(
307 Reference< XCurrentContext > const & xContext,
308 Any const & demanded_perm );
309
310protected:
311 virtual void SAL_CALL disposing() override;
312
313public:
314 explicit AccessController( Reference< XComponentContext > const & xComponentContext );
315
316 // XInitialization impl
317 virtual void SAL_CALL initialize(
318 Sequence< Any > const & arguments ) override;
319
320 // XAccessController impl
321 virtual void SAL_CALL checkPermission(
322 Any const & perm ) override;
323 virtual Any SAL_CALL doRestricted(
324 Reference< security::XAction > const & xAction,
325 Reference< security::XAccessControlContext > const & xRestriction ) override;
326 virtual Any SAL_CALL doPrivileged(
327 Reference< security::XAction > const & xAction,
328 Reference< security::XAccessControlContext > const & xRestriction ) override;
329 virtual Reference< security::XAccessControlContext > SAL_CALL getContext() override;
330
331 // XServiceInfo impl
332 virtual OUString SAL_CALL getImplementationName() override;
333 virtual sal_Bool SAL_CALL supportsService( OUString const & serviceName ) override;
334 virtual Sequence< OUString > SAL_CALL getSupportedServiceNames() override;
335};
336
337AccessController::AccessController( Reference< XComponentContext > const & xComponentContext )
338 : t_helper( m_aMutex )
339 , m_xComponentContext( xComponentContext )
340 , m_mode( Mode::On ) // default
341 , m_defaultPerm_init( false )
342 , m_singleUser_init( false )
343 , m_rec( nullptr )
344{
345 // The .../mode value had originally been set in
346 // cppu::add_access_control_entries (cppuhelper/source/servicefactory.cxx)
347 // to something other than "off" depending on various UNO_AC* bootstrap
348 // variables that are no longer supported, so this is mostly dead code now:
349 OUString mode;
350 if (m_xComponentContext->getValueByName( "/services/" + SERVICE_NAME + "/mode" ) >>= mode)
351 {
352 if ( mode == "off" )
353 {
354 m_mode = Mode::Off;
355 }
356 else if ( mode == "on" )
357 {
358 m_mode = Mode::On;
359 }
360 else if ( mode == "dynamic-only" )
361 {
362 m_mode = Mode::DynamicOnly;
363 }
364 else if ( mode == "single-user" )
365 {
366 m_xComponentContext->getValueByName(
367 "/services/" + SERVICE_NAME + "/single-user-id" ) >>= m_singleUserId;
368 if (m_singleUserId.isEmpty())
369 {
370 throw RuntimeException(
371 "expected a user id in component context entry "
372 "\"/services/" + SERVICE_NAME + "/single-user-id\"!",
373 getXWeak() );
374 }
375 m_mode = Mode::SingleUser;
376 }
377 else if ( mode == "single-default-user" )
378 {
379 m_mode = Mode::SingleDefaultUser;
380 }
381 }
382
383 // switch on caching for Mode::DynamicOnly and Mode::On (shareable multi-user process)
384 if (Mode::On != m_mode && Mode::DynamicOnly != m_mode)
385 return;
386
387 sal_Int32 cacheSize = 0; // multi-user cache size
388 if (! (m_xComponentContext->getValueByName(
389 "/services/" + SERVICE_NAME + "/user-cache-size" ) >>= cacheSize))
390 {
391 cacheSize = 128; // reasonable default?
392 }
393#ifdef __CACHE_DIAGNOSE
394 cacheSize = 2;
395#endif
396 m_user2permissions.setSize( cacheSize );
397}
398
399void AccessController::disposing()
400{
401 m_mode = Mode::Off; // avoid checks from now on xxx todo review/ better Mode::DynamicOnly?
402 m_xPolicy.clear();
403 m_xComponentContext.clear();
404}
405
406// XInitialization impl
407
408void AccessController::initialize(
409 Sequence< Any > const & arguments )
410{
411 // xxx todo: review for forking
412 // portal forking hack: re-initialize for another user-id
413 if (Mode::SingleUser != m_mode) // only if in single-user mode
414 {
415 throw RuntimeException(
416 "invalid call: ac must be in \"single-user\" mode!", getXWeak() );
417 }
418 OUString userId;
419 arguments[ 0 ] >>= userId;
420 if ( userId.isEmpty() )
421 {
422 throw RuntimeException(
423 "expected a user-id as first argument!", getXWeak() );
424 }
425 // assured that no sync is necessary: no check happens at this forking time
426 m_singleUserId = userId;
427 m_singleUser_init = false;
428}
429
430
431Reference< security::XPolicy > const & AccessController::getPolicy()
432{
433 // get policy singleton
434 if (! m_xPolicy.is())
435 {
436 Reference< security::XPolicy > xPolicy;
437 m_xComponentContext->getValueByName(
438 "/singletons/com.sun.star.security.thePolicy" ) >>= xPolicy;
439 if (!xPolicy.is())
440 {
441 throw SecurityException(
442 "cannot get policy singleton!", getXWeak() );
443 }
444
445 MutexGuard guard( m_aMutex );
446 if (! m_xPolicy.is())
447 {
448 m_xPolicy = xPolicy;
449 }
450 }
451 return m_xPolicy;
452}
453
454#ifdef __DIAGNOSE
455static void dumpPermissions(
456 PermissionCollection const & collection, OUString const & userId = OUString() )
457{
458 OUStringBuffer buf( 48 );
459 if (!userId.isEmpty())
460 {
461 buf.append( "> dumping permissions of user \"" );
462 buf.append( userId );
463 buf.append( "\":" );
464 }
465 else
466 {
467 buf.append( "> dumping default permissions:" );
468 }
469 SAL_INFO("stoc", buf.makeStringAndClear() );
470 Sequence< OUString > permissions( collection.toStrings() );
471 OUString const * p = permissions.getConstArray();
472 for ( sal_Int32 nPos = 0; nPos < permissions.getLength(); ++nPos )
473 {
474 SAL_INFO("stoc", p[ nPos ] );
475 }
476 SAL_INFO("stoc", "> permission dump done" );
477}
478#endif
479
480
481void AccessController::clearPostPoned()
482{
483 delete static_cast< t_rec_vec * >( m_rec.getData() );
484 m_rec.setData( nullptr );
485}
486
487void AccessController::checkAndClearPostPoned()
488{
489 // check postponed permissions
490 std::unique_ptr< t_rec_vec > rec( static_cast< t_rec_vec * >( m_rec.getData() ) );
491 m_rec.setData( nullptr ); // takeover ownership
492 OSL_ASSERT(rec);
493 if (!rec)
494 return;
495
496 t_rec_vec const& vec = *rec;
497 switch (m_mode)
498 {
499 case Mode::SingleUser:
500 {
501 OSL_ASSERT( m_singleUser_init );
502 for (const auto & p : vec)
503 {
504 OSL_ASSERT( m_singleUserId == p.first );
505 m_singleUserPermissions.checkPermission( p.second );
506 }
507 break;
508 }
509 case Mode::SingleDefaultUser:
510 {
511 OSL_ASSERT( m_defaultPerm_init );
512 for (const auto & p : vec)
513 {
514 OSL_ASSERT( p.first.isEmpty() ); // default-user
515 m_defaultPermissions.checkPermission( p.second );
516 }
517 break;
518 }
519 case Mode::On:
520 {
521 for (const auto & p : vec)
522 {
523 PermissionCollection const * pPermissions;
524 // lookup policy for user
525 {
526 MutexGuard guard( m_aMutex );
527 pPermissions = m_user2permissions.lookup( p.first );
528 }
529 OSL_ASSERT( pPermissions );
530 if (pPermissions)
531 {
532 pPermissions->checkPermission( p.second );
533 }
534 }
535 break;
536 }
537 default:
538 OSL_FAIL( "### this should never be called in this ac mode!" );
539 break;
540 }
541}
542
549PermissionCollection AccessController::getEffectivePermissions(
550 Reference< XCurrentContext > const & xContext,
551 Any const & demanded_perm )
552{
553 OUString userId;
554
555 switch (m_mode)
556 {
557 case Mode::SingleUser:
558 {
559 if (m_singleUser_init)
560 return m_singleUserPermissions;
561 userId = m_singleUserId;
562 break;
563 }
564 case Mode::SingleDefaultUser:
565 {
566 if (m_defaultPerm_init)
567 return m_defaultPermissions;
568 break;
569 }
570 case Mode::On:
571 {
572 if (xContext.is())
573 {
574 xContext->getValueByName( USER_CREDS ) >>= userId;
575 }
576 if ( userId.isEmpty() )
577 {
578 throw SecurityException(
579 "cannot determine current user in multi-user ac!", getXWeak() );
580 }
581
582 // lookup policy for user
583 MutexGuard guard( m_aMutex );
584 PermissionCollection const * pPermissions = m_user2permissions.lookup( userId );
585 if (pPermissions)
586 return *pPermissions;
587 break;
588 }
589 default:
590 OSL_FAIL( "### this should never be called in this ac mode!" );
591 return PermissionCollection();
592 }
593
594 // call on policy
595 // iff this is a recurring call for the default user, then grant all permissions
596 t_rec_vec * rec = static_cast< t_rec_vec * >( m_rec.getData() );
597 if (rec) // tls entry exists => this is recursive call
598 {
599 if (demanded_perm.hasValue())
600 {
601 // enqueue
602 rec->push_back( std::pair< OUString, Any >( userId, demanded_perm ) );
603 }
604#ifdef __DIAGNOSE
605 SAL_INFO("stoc", "> info: recurring call of user: " << userId );
606#endif
607 return PermissionCollection( new AllPermission() );
608 }
609 else // no tls
610 {
611 rec = new t_rec_vec;
612 m_rec.setData( rec );
613 }
614
615 try // calls on API
616 {
617 // init default permissions
618 if (! m_defaultPerm_init)
619 {
620 PermissionCollection defaultPermissions(
621 getPolicy()->getDefaultPermissions() );
622 // assign
623 MutexGuard guard( m_aMutex );
624 if (! m_defaultPerm_init)
625 {
626 m_defaultPermissions = defaultPermissions;
627 m_defaultPerm_init = true;
628 }
629#ifdef __DIAGNOSE
630 dumpPermissions( m_defaultPermissions );
631#endif
632 }
633
634 PermissionCollection ret;
635
636 // init user permissions
637 switch (m_mode)
638 {
639 case Mode::SingleUser:
640 {
641 ret = PermissionCollection(
642 getPolicy()->getPermissions( userId ), m_defaultPermissions );
643 {
644 // assign
645 MutexGuard guard( m_aMutex );
646 if (m_singleUser_init)
647 {
648 ret = m_singleUserPermissions;
649 }
650 else
651 {
652 m_singleUserPermissions = ret;
653 m_singleUser_init = true;
654 }
655 }
656#ifdef __DIAGNOSE
657 dumpPermissions( ret, userId );
658#endif
659 break;
660 }
661 case Mode::SingleDefaultUser:
662 {
663 ret = m_defaultPermissions;
664 break;
665 }
666 case Mode::On:
667 {
668 ret = PermissionCollection(
669 getPolicy()->getPermissions( userId ), m_defaultPermissions );
670 {
671 // cache
672 MutexGuard guard( m_aMutex );
673 m_user2permissions.set( userId, ret );
674 }
675#ifdef __DIAGNOSE
676 dumpPermissions( ret, userId );
677#endif
678 break;
679 }
680 default:
681 break;
682 }
683
684 // check postponed
685 checkAndClearPostPoned();
686 return ret;
687 }
688 catch (const security::AccessControlException & exc) // wrapped into DeploymentException
689 {
690 clearPostPoned(); // safety: exception could have happened before checking postponed?
691 throw DeploymentException( "deployment error (AccessControlException occurred): " + exc.Message, exc.Context );
692 }
693 catch (RuntimeException &)
694 {
695 // don't check postponed, just cleanup
696 clearPostPoned();
697 delete static_cast< t_rec_vec * >( m_rec.getData() );
698 m_rec.setData( nullptr );
699 throw;
700 }
701 catch (Exception &)
702 {
703 // check postponed permissions first
704 // => AccessControlExceptions are errors, user exceptions not!
705 checkAndClearPostPoned();
706 throw;
707 }
708 catch (...)
709 {
710 // don't check postponed, just cleanup
711 clearPostPoned();
712 throw;
713 }
714}
715
716// XAccessController impl
717
718void AccessController::checkPermission(
719 Any const & perm )
720{
721 if (rBHelper.bDisposed)
722 {
723 throw lang::DisposedException(
724 "checkPermission() call on disposed AccessController!", getXWeak() );
725 }
726
727 if (Mode::Off == m_mode)
728 return;
729
730 // first dynamic check of ac contexts
731 Reference< XCurrentContext > xContext;
732 ::uno_getCurrentContext( reinterpret_cast<void **>(&xContext), s_envType.pData, nullptr );
733 Reference< security::XAccessControlContext > xACC( getDynamicRestriction( xContext ) );
734 if (xACC.is())
735 {
736 xACC->checkPermission( perm );
737 }
738
739 if (Mode::DynamicOnly == m_mode)
740 return;
741
742 // then static check
743 getEffectivePermissions( xContext, perm ).checkPermission( perm );
744}
745
746Any AccessController::doRestricted(
747 Reference< security::XAction > const & xAction,
748 Reference< security::XAccessControlContext > const & xRestriction )
749{
750 if (rBHelper.bDisposed)
751 {
752 throw lang::DisposedException(
753 "doRestricted() call on disposed AccessController!", getXWeak() );
754 }
755
756 if (Mode::Off == m_mode) // optimize this way, because no dynamic check will be performed
757 return xAction->run();
758
759 if (xRestriction.is())
760 {
761 Reference< XCurrentContext > xContext;
762 ::uno_getCurrentContext( reinterpret_cast<void **>(&xContext), s_envType.pData, nullptr );
763
764 // override restriction
765 Reference< XCurrentContext > xNewContext(
766 new acc_CurrentContext( xContext, acc_Intersection::create(
767 xRestriction, getDynamicRestriction( xContext ) ) ) );
768 ::uno_setCurrentContext( xNewContext.get(), s_envType.pData, nullptr );
769 cc_reset reset( xContext.get() );
770 return xAction->run();
771 }
772 else
773 {
774 return xAction->run();
775 }
776}
777
778Any AccessController::doPrivileged(
779 Reference< security::XAction > const & xAction,
780 Reference< security::XAccessControlContext > const & xRestriction )
781{
782 if (rBHelper.bDisposed)
783 {
784 throw lang::DisposedException(
785 "doPrivileged() call on disposed AccessController!", getXWeak() );
786 }
787
788 if (Mode::Off == m_mode) // no dynamic check will be performed
789 {
790 return xAction->run();
791 }
792
793 Reference< XCurrentContext > xContext;
794 ::uno_getCurrentContext( reinterpret_cast<void **>(&xContext), s_envType.pData, nullptr );
795
796 Reference< security::XAccessControlContext > xOldRestr(
797 getDynamicRestriction( xContext ) );
798
799 if (xOldRestr.is()) // previous restriction
800 {
801 // override restriction
802 Reference< XCurrentContext > xNewContext(
803 new acc_CurrentContext( xContext, acc_Union::create( xRestriction, xOldRestr ) ) );
804 ::uno_setCurrentContext( xNewContext.get(), s_envType.pData, nullptr );
805 cc_reset reset( xContext.get() );
806 return xAction->run();
807 }
808 else // no previous restriction => never current restriction
809 {
810 return xAction->run();
811 }
812}
813
814Reference< security::XAccessControlContext > AccessController::getContext()
815{
816 if (rBHelper.bDisposed)
817 {
818 throw lang::DisposedException(
819 "getContext() call on disposed AccessController!", getXWeak() );
820 }
821
822 if (Mode::Off == m_mode) // optimize this way, because no dynamic check will be performed
823 {
824 return new acc_Policy( PermissionCollection( new AllPermission() ) );
825 }
826
827 Reference< XCurrentContext > xContext;
828 ::uno_getCurrentContext( reinterpret_cast<void **>(&xContext), s_envType.pData, nullptr );
829
830 return acc_Intersection::create(
831 getDynamicRestriction( xContext ),
832 new acc_Policy( getEffectivePermissions( xContext, Any() ) ) );
833}
834
835// XServiceInfo impl
836
837OUString AccessController::getImplementationName()
838{
839 return "com.sun.star.security.comp.stoc.AccessController";
840}
841
842sal_Bool AccessController::supportsService( OUString const & serviceName )
843{
844 return cppu::supportsService(this, serviceName);
845}
846
847Sequence< OUString > AccessController::getSupportedServiceNames()
848{
849 Sequence<OUString> aSNS { SERVICE_NAME };
850 return aSNS;
851}
852
853}
854
855extern "C" SAL_DLLPUBLIC_EXPORT css::uno::XInterface *
856com_sun_star_security_comp_stoc_AccessController_get_implementation(
857 css::uno::XComponentContext *context,
858 css::uno::Sequence<css::uno::Any> const &)
859{
860 return cppu::acquire(new AccessController(context));
861}
862
863/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
USER_CREDS
constexpr OUStringLiteral USER_CREDS
Definition: access_controller.cxx:54
SERVICE_NAME
constexpr OUStringLiteral SERVICE_NAME
Definition: access_controller.cxx:53
com_sun_star_security_comp_stoc_AccessController_get_implementation
SAL_DLLPUBLIC_EXPORT css::uno::XInterface * com_sun_star_security_comp_stoc_AccessController_get_implementation(css::uno::XComponentContext *context, css::uno::Sequence< css::uno::Any > const &)
Definition: access_controller.cxx:856
stoc_sec::AllPermission
Definition: permissions.h:52
stoc_sec::PermissionCollection
Definition: permissions.h:65
stoc_sec::PermissionCollection::checkPermission
void checkPermission(css::uno::Any const &perm) const
Definition: permissions.cxx:535
stoc_sec::lru_cache
Implementation of a least recently used (lru) cache.
Definition: lru_cache.h:42
m_xDelegate
Reference< XComponentContext > m_xDelegate
u
float u
m_aMutex
std::mutex m_aMutex
name
const char * name
m_xComponentContext
css::uno::Reference< XComponentContext > m_xComponentContext
local context
Definition: javaloader.cxx:237
p
void * p
nPos
sal_uInt16 nPos
SAL_INFO
#define SAL_INFO(area, stream)
lru_cache.h
Sort::Exception
@ Exception
getSupportedServiceNames
css::uno::Sequence< OUString > getSupportedServiceNames()
getImplementationName
OUString getImplementationName()
cppu::supportsService
bool CPPUHELPER_DLLPUBLIC supportsService(css::lang::XServiceInfo *implementation, rtl::OUString const &name)
create
css::uno::Reference< css::deployment::XPackageRegistry > create(css::uno::Reference< css::deployment::XPackageRegistry > const &xRootRegistry, OUString const &context, OUString const &cachePath, css::uno::Reference< css::uno::XComponentContext > const &xComponentContext)
t_helper
::cppu::WeakImplHelper< css::script::provider::XScriptProvider, css::script::browse::XBrowseNode, css::lang::XServiceInfo, css::lang::XInitialization, css::container::XNameContainer > t_helper
stoc_sec
Definition: lru_cache.h:36
Mode
Mode
typeName
OUString typeName
mode
ConversionMode mode
sal_Bool
unsigned char sal_Bool
Generated on Sun Jul 30 2023 04:29:17 for LibreOffice Module stoc (master) by doxygen 1.9.3