LCOV - code coverage report
Current view: top level - libreoffice/stoc/source/security - permissions.cxx (source / functions) Hit Total Coverage
Test: libreoffice_filtered.info Lines: 0 238 0.0 %
Date: 2012-12-27 Functions: 0 25 0.0 %
Legend: Lines: hit not hit

          Line data    Source code
       1             : /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
       2             : /*
       3             :  * This file is part of the LibreOffice project.
       4             :  *
       5             :  * This Source Code Form is subject to the terms of the Mozilla Public
       6             :  * License, v. 2.0. If a copy of the MPL was not distributed with this
       7             :  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
       8             :  *
       9             :  * This file incorporates work covered by the following license notice:
      10             :  *
      11             :  *   Licensed to the Apache Software Foundation (ASF) under one or more
      12             :  *   contributor license agreements. See the NOTICE file distributed
      13             :  *   with this work for additional information regarding copyright
      14             :  *   ownership. The ASF licenses this file to you under the Apache
      15             :  *   License, Version 2.0 (the "License"); you may not use this file
      16             :  *   except in compliance with the License. You may obtain a copy of
      17             :  *   the License at http://www.apache.org/licenses/LICENSE-2.0 .
      18             :  */
      19             : 
      20             : 
      21             : #include <vector>
      22             : 
      23             : #include <osl/process.h>
      24             : #include <osl/socket.hxx>
      25             : #include <osl/mutex.hxx>
      26             : 
      27             : #include <rtl/string.hxx>
      28             : #include <rtl/ustrbuf.hxx>
      29             : 
      30             : #include <com/sun/star/security/RuntimePermission.hpp>
      31             : #include <com/sun/star/security/AllPermission.hpp>
      32             : #include <com/sun/star/io/FilePermission.hpp>
      33             : #include <com/sun/star/connection/SocketPermission.hpp>
      34             : #include <com/sun/star/security/AccessControlException.hpp>
      35             : 
      36             : #include "permissions.h"
      37             : 
      38             : #define OUSTR(x) ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM(x) )
      39             : 
      40             : 
      41             : using namespace ::std;
      42             : using namespace ::osl;
      43             : using namespace ::com::sun::star;
      44             : using namespace ::com::sun::star::uno;
      45             : using ::rtl::OUString;
      46             : using ::rtl::OUStringBuffer;
      47             : 
      48             : namespace stoc_sec
      49             : {
      50             : 
      51             : //--------------------------------------------------------------------------------------------------
      52           0 : static inline sal_Int32 makeMask(
      53             :     OUString const & items, char const * const * strings ) SAL_THROW(())
      54             : {
      55           0 :     sal_Int32 mask = 0;
      56             : 
      57           0 :     sal_Int32 n = 0;
      58           0 :     do
      59             :     {
      60           0 :         OUString item( items.getToken( 0, ',', n ).trim() );
      61           0 :         if ( item.isEmpty())
      62           0 :             continue;
      63           0 :         sal_Int32 nPos = 0;
      64           0 :         while (strings[ nPos ])
      65             :         {
      66           0 :             if (item.equalsAscii( strings[ nPos ] ))
      67             :             {
      68           0 :                 mask |= (0x80000000 >> nPos);
      69           0 :                 break;
      70             :             }
      71           0 :             ++nPos;
      72           0 :         }
      73             : #if OSL_DEBUG_LEVEL > 0
      74             :         if (! strings[ nPos ])
      75             :         {
      76             :             OUStringBuffer buf( 48 );
      77             :             buf.appendAscii( RTL_CONSTASCII_STRINGPARAM("### ignoring unknown socket action: ") );
      78             :             buf.append( item );
      79             :             ::rtl::OString str( ::rtl::OUStringToOString(
      80             :                 buf.makeStringAndClear(), RTL_TEXTENCODING_ASCII_US ) );
      81             :             OSL_TRACE( "%s", str.getStr() );
      82             :         }
      83             : #endif
      84             :     }
      85             :     while (n >= 0); // all items
      86           0 :     return mask;
      87             : }
      88             : //--------------------------------------------------------------------------------------------------
      89           0 : static inline OUString makeStrings(
      90             :     sal_Int32 mask, char const * const * strings ) SAL_THROW(())
      91             : {
      92           0 :     OUStringBuffer buf( 48 );
      93           0 :     while (mask)
      94             :     {
      95           0 :         if (0x80000000 & mask)
      96             :         {
      97           0 :             buf.appendAscii( *strings );
      98           0 :             if (mask << 1) // more items following
      99           0 :                 buf.append( (sal_Unicode)',' );
     100             :         }
     101           0 :         mask = (mask << 1);
     102           0 :         ++strings;
     103             :     }
     104           0 :     return buf.makeStringAndClear();
     105             : }
     106             : 
     107             : //##################################################################################################
     108             : 
     109             : //==================================================================================================
     110           0 : class SocketPermission : public Permission
     111             : {
     112             :     static char const * s_actions [];
     113             :     sal_Int32 m_actions;
     114             : 
     115             :     OUString m_host;
     116             :     sal_Int32 m_lowerPort;
     117             :     sal_Int32 m_upperPort;
     118             :     mutable OUString m_ip;
     119             :     mutable bool m_resolveErr;
     120             :     mutable bool m_resolvedHost;
     121             :     bool m_wildCardHost;
     122             : 
     123             :     inline bool resolveHost() const SAL_THROW(());
     124             : 
     125             : public:
     126             :     SocketPermission(
     127             :         connection::SocketPermission const & perm,
     128             :         ::rtl::Reference< Permission > const & next = ::rtl::Reference< Permission >() )
     129             :         SAL_THROW(());
     130             :     virtual bool implies( Permission const & perm ) const SAL_THROW(());
     131             :     virtual OUString toString() const SAL_THROW(());
     132             : };
     133             : //__________________________________________________________________________________________________
     134             : char const * SocketPermission::s_actions [] = { "accept", "connect", "listen", "resolve", 0 };
     135             : //__________________________________________________________________________________________________
     136           0 : SocketPermission::SocketPermission(
     137             :     connection::SocketPermission const & perm,
     138             :     ::rtl::Reference< Permission > const & next )
     139             :     SAL_THROW(())
     140             :     : Permission( SOCKET, next )
     141           0 :     , m_actions( makeMask( perm.Actions, s_actions ) )
     142             :     , m_host( perm.Host )
     143             :     , m_lowerPort( 0 )
     144             :     , m_upperPort( 65535 )
     145             :     , m_resolveErr( false )
     146             :     , m_resolvedHost( false )
     147           0 :     , m_wildCardHost( !perm.Host.isEmpty() && '*' == perm.Host.pData->buffer[ 0 ] )
     148             : {
     149           0 :     if (0xe0000000 & m_actions) // if any (except resolve) is given => resolve implied
     150           0 :         m_actions |= 0x10000000;
     151             : 
     152             :     // separate host from portrange
     153           0 :     sal_Int32 colon = m_host.indexOf( ':' );
     154           0 :     if (colon >= 0) // port [range] given
     155             :     {
     156           0 :         sal_Int32 minus = m_host.indexOf( '-', colon +1 );
     157           0 :         if (minus < 0)
     158             :         {
     159           0 :             m_lowerPort = m_upperPort = m_host.copy( colon +1 ).toInt32();
     160             :         }
     161           0 :         else if (minus == (colon +1)) // -N
     162             :         {
     163           0 :             m_upperPort = m_host.copy( minus +1 ).toInt32();
     164             :         }
     165           0 :         else if (minus == (m_host.getLength() -1)) // N-
     166             :         {
     167           0 :             m_lowerPort = m_host.copy( colon +1, m_host.getLength() -1 -colon -1 ).toInt32();
     168             :         }
     169             :         else // A-B
     170             :         {
     171           0 :             m_lowerPort = m_host.copy( colon +1, minus - colon -1 ).toInt32();
     172           0 :             m_upperPort = m_host.copy( minus +1, m_host.getLength() -minus -1 ).toInt32();
     173             :         }
     174           0 :         m_host = m_host.copy( 0, colon );
     175             :     }
     176           0 : }
     177             : //__________________________________________________________________________________________________
     178           0 : inline bool SocketPermission::resolveHost() const SAL_THROW(())
     179             : {
     180           0 :     if (m_resolveErr)
     181           0 :         return false;
     182             : 
     183           0 :     if (! m_resolvedHost)
     184             :     {
     185             :         // dns lookup
     186           0 :         SocketAddr addr;
     187           0 :         SocketAddr::resolveHostname( m_host, addr );
     188           0 :         OUString ip;
     189             :         m_resolveErr = (::osl_Socket_Ok != ::osl_getDottedInetAddrOfSocketAddr(
     190           0 :             addr.getHandle(), &ip.pData ));
     191           0 :         if (m_resolveErr)
     192           0 :             return false;
     193             : 
     194           0 :         MutexGuard guard( Mutex::getGlobalMutex() );
     195           0 :         if (! m_resolvedHost)
     196             :         {
     197           0 :             m_ip = ip;
     198           0 :             m_resolvedHost = true;
     199           0 :         }
     200             :     }
     201           0 :     return m_resolvedHost;
     202             : }
     203             : //__________________________________________________________________________________________________
     204           0 : bool SocketPermission::implies( Permission const & perm ) const SAL_THROW(())
     205             : {
     206             :     // check type
     207           0 :     if (SOCKET != perm.m_type)
     208           0 :         return false;
     209           0 :     SocketPermission const & demanded = static_cast< SocketPermission const & >( perm );
     210             : 
     211             :     // check actions
     212           0 :     if ((m_actions & demanded.m_actions) != demanded.m_actions)
     213           0 :         return false;
     214             : 
     215             :     // check ports
     216           0 :     if (demanded.m_lowerPort < m_lowerPort)
     217           0 :         return false;
     218           0 :     if (demanded.m_upperPort > m_upperPort)
     219           0 :         return false;
     220             : 
     221             :     // quick check host (DNS names: RFC 1034/1035)
     222           0 :     if (m_host.equalsIgnoreAsciiCase( demanded.m_host ))
     223           0 :         return true;
     224             :     // check for host wildcards
     225           0 :     if (m_wildCardHost)
     226             :     {
     227           0 :         OUString const & demanded_host = demanded.m_host;
     228           0 :         if (demanded_host.getLength() <= m_host.getLength())
     229           0 :             return false;
     230           0 :         sal_Int32 len = m_host.getLength() -1; // skip star
     231             :         return (0 == ::rtl_ustr_compareIgnoreAsciiCase_WithLength(
     232           0 :             demanded_host.getStr() + demanded_host.getLength() - len, len,
     233           0 :             m_host.pData->buffer + 1, len ));
     234             :     }
     235           0 :     if (demanded.m_wildCardHost)
     236           0 :         return false;
     237             : 
     238             :     // compare IP addresses
     239           0 :     if (! resolveHost())
     240           0 :         return false;
     241           0 :     if (! demanded.resolveHost())
     242           0 :         return false;
     243           0 :     return (sal_False != m_ip.equals( demanded.m_ip ));
     244             : }
     245             : //__________________________________________________________________________________________________
     246           0 : OUString SocketPermission::toString() const SAL_THROW(())
     247             : {
     248           0 :     OUStringBuffer buf( 48 );
     249             :     // host
     250             :     buf.appendAscii(
     251           0 :         RTL_CONSTASCII_STRINGPARAM("com.sun.star.connection.SocketPermission (host=\"") );
     252           0 :     buf.append( m_host );
     253           0 :     if (m_resolvedHost)
     254             :     {
     255           0 :         buf.append( (sal_Unicode)'[' );
     256           0 :         buf.append( m_ip );
     257           0 :         buf.append( (sal_Unicode)']' );
     258             :     }
     259             :     // port
     260           0 :     if (0 != m_lowerPort || 65535 != m_upperPort)
     261             :     {
     262           0 :         buf.append( (sal_Unicode)':' );
     263           0 :         if (m_lowerPort > 0)
     264           0 :             buf.append( m_lowerPort );
     265           0 :         if (m_upperPort > m_lowerPort)
     266             :         {
     267           0 :             buf.append( (sal_Unicode)'-' );
     268           0 :             if (m_upperPort < 65535)
     269           0 :                 buf.append( m_upperPort );
     270             :         }
     271             :     }
     272             :     // actions
     273           0 :     buf.appendAscii( RTL_CONSTASCII_STRINGPARAM("\", actions=\"") );
     274           0 :     buf.append( makeStrings( m_actions, s_actions ) );
     275           0 :     buf.appendAscii( RTL_CONSTASCII_STRINGPARAM("\")") );
     276           0 :     return buf.makeStringAndClear();
     277             : }
     278             : 
     279             : //##################################################################################################
     280             : 
     281             : //==================================================================================================
     282           0 : class FilePermission : public Permission
     283             : {
     284             :     static char const * s_actions [];
     285             :     sal_Int32 m_actions;
     286             : 
     287             :     OUString m_url;
     288             :     bool m_allFiles;
     289             : 
     290             : public:
     291             :     FilePermission(
     292             :         io::FilePermission const & perm,
     293             :         ::rtl::Reference< Permission > const & next = ::rtl::Reference< Permission >() )
     294             :         SAL_THROW(());
     295             :     virtual bool implies( Permission const & perm ) const SAL_THROW(());
     296             :     virtual OUString toString() const SAL_THROW(());
     297             : };
     298             : //__________________________________________________________________________________________________
     299             : char const * FilePermission::s_actions [] = { "read", "write", "execute", "delete", 0 };
     300             : //--------------------------------------------------------------------------------------------------
     301           0 : static OUString const & getWorkingDir() SAL_THROW(())
     302             : {
     303             :     static OUString * s_workingDir = 0;
     304           0 :     if (! s_workingDir)
     305             :     {
     306           0 :         OUString workingDir;
     307           0 :         ::osl_getProcessWorkingDir( &workingDir.pData );
     308             : 
     309           0 :         MutexGuard guard( Mutex::getGlobalMutex() );
     310           0 :         if (! s_workingDir)
     311             :         {
     312           0 :             static OUString s_dir( workingDir );
     313           0 :             s_workingDir = &s_dir;
     314           0 :         }
     315             :     }
     316           0 :     return *s_workingDir;
     317             : }
     318             : //__________________________________________________________________________________________________
     319           0 : FilePermission::FilePermission(
     320             :     io::FilePermission const & perm,
     321             :     ::rtl::Reference< Permission > const & next )
     322             :     SAL_THROW(())
     323             :     : Permission( FILE, next )
     324           0 :     , m_actions( makeMask( perm.Actions, s_actions ) )
     325             :     , m_url( perm.URL )
     326           0 :     , m_allFiles( sal_False != perm.URL.equalsAsciiL(RTL_CONSTASCII_STRINGPARAM("<<ALL FILES>>")) )
     327             : {
     328           0 :     if (! m_allFiles)
     329             :     {
     330           0 :         if ( m_url == "*" )
     331             :         {
     332           0 :             OUStringBuffer buf( 64 );
     333           0 :             buf.append( getWorkingDir() );
     334           0 :             buf.appendAscii( RTL_CONSTASCII_STRINGPARAM("/*") );
     335           0 :             m_url = buf.makeStringAndClear();
     336             :         }
     337           0 :         else if ( m_url == "-" )
     338             :         {
     339           0 :             OUStringBuffer buf( 64 );
     340           0 :             buf.append( getWorkingDir() );
     341           0 :             buf.appendAscii( RTL_CONSTASCII_STRINGPARAM("/-") );
     342           0 :             m_url = buf.makeStringAndClear();
     343             :         }
     344           0 :         else if (0 != m_url.compareToAscii( RTL_CONSTASCII_STRINGPARAM("file:///") ))
     345             :         {
     346             :             // relative path
     347           0 :             OUString out;
     348             :             oslFileError rc = ::osl_getAbsoluteFileURL(
     349           0 :                 getWorkingDir().pData, perm.URL.pData, &out.pData );
     350           0 :             m_url = (osl_File_E_None == rc ? out : perm.URL); // fallback
     351             :         }
     352             : #ifdef SAL_W32
     353             :         // correct win drive letters
     354             :         if (9 < m_url.getLength() && '|' == m_url[ 9 ]) // file:///X|
     355             :         {
     356             :             static OUString s_colon = OUSTR(":");
     357             :             // common case in API is a ':' (sal), so convert '|' to ':'
     358             :             m_url = m_url.replaceAt( 9, 1, s_colon );
     359             :         }
     360             : #endif
     361             :     }
     362           0 : }
     363             : //__________________________________________________________________________________________________
     364           0 : bool FilePermission::implies( Permission const & perm ) const SAL_THROW(())
     365             : {
     366             :     // check type
     367           0 :     if (FILE != perm.m_type)
     368           0 :         return false;
     369           0 :     FilePermission const & demanded = static_cast< FilePermission const & >( perm );
     370             : 
     371             :     // check actions
     372           0 :     if ((m_actions & demanded.m_actions) != demanded.m_actions)
     373           0 :         return false;
     374             : 
     375             :     // check url
     376           0 :     if (m_allFiles)
     377           0 :         return true;
     378           0 :     if (demanded.m_allFiles)
     379           0 :         return false;
     380             : 
     381             : #ifdef SAL_W32
     382             :     if (m_url.equalsIgnoreAsciiCase( demanded.m_url ))
     383             :         return true;
     384             : #else
     385           0 :     if (m_url.equals( demanded.m_url ))
     386           0 :         return true;
     387             : #endif
     388           0 :     if (m_url.getLength() > demanded.m_url.getLength())
     389           0 :         return false;
     390             :     // check /- wildcard: all files and recursive in that path
     391           0 :     if (1 < m_url.getLength() &&
     392           0 :         0 == ::rtl_ustr_ascii_compare_WithLength( m_url.getStr() + m_url.getLength() - 2, 2, "/-" ))
     393             :     {
     394             :         // demanded url must start with granted path (including path trailing path sep)
     395           0 :         sal_Int32 len = m_url.getLength() -1;
     396             : #ifdef SAL_W32
     397             :         return (0 == ::rtl_ustr_compareIgnoreAsciiCase_WithLength(
     398             :                     demanded.m_url.pData->buffer, len, m_url.pData->buffer, len ));
     399             : #else
     400             :         return (0 == ::rtl_ustr_reverseCompare_WithLength(
     401           0 :                     demanded.m_url.pData->buffer, len, m_url.pData->buffer, len ));
     402             : #endif
     403             :     }
     404             :     // check /* wildcard: all files in that path (not recursive!)
     405           0 :     if (1 < m_url.getLength() &&
     406           0 :         0 == ::rtl_ustr_ascii_compare_WithLength( m_url.getStr() + m_url.getLength() - 2, 2, "/*" ))
     407             :     {
     408             :         // demanded url must start with granted path (including path trailing path sep)
     409           0 :         sal_Int32 len = m_url.getLength() -1;
     410             : #ifdef SAL_W32
     411             :         return ((0 == ::rtl_ustr_compareIgnoreAsciiCase_WithLength(
     412             :                      demanded.m_url.pData->buffer, len, m_url.pData->buffer, len )) &&
     413             :                 (0 > demanded.m_url.indexOf( '/', len ))); // in addition, no deeper paths
     414             : #else
     415             :         return ((0 == ::rtl_ustr_reverseCompare_WithLength(
     416           0 :                      demanded.m_url.pData->buffer, len, m_url.pData->buffer, len )) &&
     417           0 :                 (0 > demanded.m_url.indexOf( '/', len ))); // in addition, no deeper paths
     418             : #endif
     419             :     }
     420           0 :     return false;
     421             : }
     422             : //__________________________________________________________________________________________________
     423           0 : OUString FilePermission::toString() const SAL_THROW(())
     424             : {
     425           0 :     OUStringBuffer buf( 48 );
     426             :     // url
     427           0 :     buf.appendAscii( RTL_CONSTASCII_STRINGPARAM("com.sun.star.io.FilePermission (url=\"") );
     428           0 :     buf.append( m_url );
     429             :     // actions
     430           0 :     buf.appendAscii( RTL_CONSTASCII_STRINGPARAM("\", actions=\"") );
     431           0 :     buf.append( makeStrings( m_actions, s_actions ) );
     432           0 :     buf.appendAscii( RTL_CONSTASCII_STRINGPARAM("\")") );
     433           0 :     return buf.makeStringAndClear();
     434             : }
     435             : 
     436             : //##################################################################################################
     437             : 
     438             : //==================================================================================================
     439           0 : class RuntimePermission : public Permission
     440             : {
     441             :     OUString m_name;
     442             : 
     443             : public:
     444           0 :     inline RuntimePermission(
     445             :         security::RuntimePermission const & perm,
     446             :         ::rtl::Reference< Permission > const & next = ::rtl::Reference< Permission >() )
     447             :         SAL_THROW(())
     448             :         : Permission( RUNTIME, next )
     449           0 :         , m_name( perm.Name )
     450           0 :         {}
     451             :     virtual bool implies( Permission const & perm ) const SAL_THROW(());
     452             :     virtual OUString toString() const SAL_THROW(());
     453             : };
     454             : //__________________________________________________________________________________________________
     455           0 : bool RuntimePermission::implies( Permission const & perm ) const SAL_THROW(())
     456             : {
     457             :     // check type
     458           0 :     if (RUNTIME != perm.m_type)
     459           0 :         return false;
     460           0 :     RuntimePermission const & demanded = static_cast< RuntimePermission const & >( perm );
     461             : 
     462             :     // check name
     463           0 :     return (sal_False != m_name.equals( demanded.m_name ));
     464             : }
     465             : //__________________________________________________________________________________________________
     466           0 : OUString RuntimePermission::toString() const SAL_THROW(())
     467             : {
     468           0 :     OUStringBuffer buf( 48 );
     469             :     buf.appendAscii(
     470           0 :         RTL_CONSTASCII_STRINGPARAM("com.sun.star.security.RuntimePermission (name=\"") );
     471           0 :     buf.append( m_name );
     472           0 :     buf.appendAscii( RTL_CONSTASCII_STRINGPARAM("\")") );
     473           0 :     return buf.makeStringAndClear();
     474             : }
     475             : 
     476             : //##################################################################################################
     477             : 
     478             : //__________________________________________________________________________________________________
     479           0 : bool AllPermission::implies( Permission const & ) const SAL_THROW(())
     480             : {
     481           0 :     return true;
     482             : }
     483             : //__________________________________________________________________________________________________
     484           0 : OUString AllPermission::toString() const SAL_THROW(())
     485             : {
     486           0 :     return OUSTR("com.sun.star.security.AllPermission");
     487             : }
     488             : 
     489             : //##################################################################################################
     490             : 
     491             : //__________________________________________________________________________________________________
     492           0 : PermissionCollection::PermissionCollection(
     493             :     Sequence< Any > const & permissions, PermissionCollection const & addition )
     494             :     SAL_THROW( (RuntimeException) )
     495           0 :     : m_head( addition.m_head )
     496             : {
     497           0 :     Any const * perms = permissions.getConstArray();
     498           0 :     for ( sal_Int32 nPos = permissions.getLength(); nPos--; )
     499             :     {
     500           0 :         Any const & perm = perms[ nPos ];
     501           0 :         Type const & perm_type = perm.getValueType();
     502             : 
     503             :         // supported permission types
     504           0 :         if (perm_type.equals( ::getCppuType( (io::FilePermission const *)0 ) ))
     505             :         {
     506             :             m_head = new FilePermission(
     507           0 :                 *reinterpret_cast< io::FilePermission const * >( perm.pData ), m_head );
     508             :         }
     509           0 :         else if (perm_type.equals( ::getCppuType( (connection::SocketPermission const *)0 ) ))
     510             :         {
     511             :             m_head = new SocketPermission(
     512           0 :                 *reinterpret_cast< connection::SocketPermission const * >( perm.pData ), m_head );
     513             :         }
     514           0 :         else if (perm_type.equals( ::getCppuType( (security::RuntimePermission const *)0 ) ))
     515             :         {
     516             :             m_head = new RuntimePermission(
     517           0 :                 *reinterpret_cast< security::RuntimePermission const * >( perm.pData ), m_head );
     518             :         }
     519           0 :         else if (perm_type.equals( ::getCppuType( (security::AllPermission const *)0 ) ))
     520             :         {
     521           0 :             m_head = new AllPermission( m_head );
     522             :         }
     523             :         else
     524             :         {
     525           0 :             OUStringBuffer buf( 48 );
     526             :             buf.appendAscii( RTL_CONSTASCII_STRINGPARAM(
     527           0 :                 "checking for unsupported permission type: ") );
     528           0 :             buf.append( perm_type.getTypeName() );
     529             :             throw RuntimeException(
     530           0 :                 buf.makeStringAndClear(), Reference< XInterface >() );
     531             :         }
     532             :     }
     533           0 : }
     534             : #ifdef __DIAGNOSE
     535             : //__________________________________________________________________________________________________
     536             : Sequence< OUString > PermissionCollection::toStrings() const SAL_THROW(())
     537             : {
     538             :     vector< OUString > strings;
     539             :     strings.reserve( 8 );
     540             :     for ( Permission * perm = m_head.get(); perm; perm = perm->m_next.get() )
     541             :     {
     542             :         strings.push_back( perm->toString() );
     543             :     }
     544             :     return Sequence< OUString >(
     545             :         strings.empty() ? 0 : &strings[ 0 ], strings.size() );
     546             : }
     547             : #endif
     548             : //__________________________________________________________________________________________________
     549           0 : inline static bool __implies(
     550             :     ::rtl::Reference< Permission > const & head, Permission const & demanded ) SAL_THROW(())
     551             : {
     552           0 :     for ( Permission * perm = head.get(); perm; perm = perm->m_next.get() )
     553             :     {
     554           0 :         if (perm->implies( demanded ))
     555           0 :             return true;
     556             :     }
     557           0 :     return false;
     558             : }
     559             : 
     560             : #ifdef __DIAGNOSE
     561             : //--------------------------------------------------------------------------------------------------
     562             : static void demanded_diag(
     563             :     Permission const & perm )
     564             :     SAL_THROW(())
     565             : {
     566             :     OUStringBuffer buf( 48 );
     567             :     buf.appendAscii( RTL_CONSTASCII_STRINGPARAM("demanding ") );
     568             :     buf.append( perm.toString() );
     569             :     buf.appendAscii( RTL_CONSTASCII_STRINGPARAM(" => ok.") );
     570             :     ::rtl::OString str(
     571             :         ::rtl::OUStringToOString( buf.makeStringAndClear(), RTL_TEXTENCODING_ASCII_US ) );
     572             :     OSL_TRACE( "%s", str.getStr() );
     573             : }
     574             : #endif
     575             : //--------------------------------------------------------------------------------------------------
     576           0 : static void throwAccessControlException(
     577             :     Permission const & perm, Any const & demanded_perm )
     578             :     SAL_THROW( (security::AccessControlException) )
     579             : {
     580           0 :     OUStringBuffer buf( 48 );
     581           0 :     buf.appendAscii( RTL_CONSTASCII_STRINGPARAM("access denied: ") );
     582           0 :     buf.append( perm.toString() );
     583             :     throw security::AccessControlException(
     584           0 :         buf.makeStringAndClear(), Reference< XInterface >(), demanded_perm );
     585             : }
     586             : //==================================================================================================
     587           0 : void PermissionCollection::checkPermission( Any const & perm ) const
     588             :     SAL_THROW( (RuntimeException) )
     589             : {
     590           0 :     Type const & demanded_type = perm.getValueType();
     591             : 
     592             :     // supported permission types
     593             :     // stack object of SimpleReferenceObject are ok, as long as they are not
     594             :     // assigned to a ::rtl::Reference<> (=> delete this)
     595           0 :     if (demanded_type.equals( ::getCppuType( (io::FilePermission const *)0 ) ))
     596             :     {
     597             :         FilePermission demanded(
     598           0 :             *reinterpret_cast< io::FilePermission const * >( perm.pData ) );
     599           0 :         if (__implies( m_head, demanded ))
     600             :         {
     601             : #ifdef __DIAGNOSE
     602             :             demanded_diag( demanded );
     603             : #endif
     604             :             return;
     605             :         }
     606           0 :         throwAccessControlException( demanded, perm );
     607             :     }
     608           0 :     else if (demanded_type.equals( ::getCppuType( (connection::SocketPermission const *)0 ) ))
     609             :     {
     610             :         SocketPermission demanded(
     611           0 :             *reinterpret_cast< connection::SocketPermission const * >( perm.pData ) );
     612           0 :         if (__implies( m_head, demanded ))
     613             :         {
     614             : #ifdef __DIAGNOSE
     615             :             demanded_diag( demanded );
     616             : #endif
     617             :             return;
     618             :         }
     619           0 :         throwAccessControlException( demanded, perm );
     620             :     }
     621           0 :     else if (demanded_type.equals( ::getCppuType( (security::RuntimePermission const *)0 ) ))
     622             :     {
     623             :         RuntimePermission demanded(
     624           0 :             *reinterpret_cast< security::RuntimePermission const * >( perm.pData ) );
     625           0 :         if (__implies( m_head, demanded ))
     626             :         {
     627             : #ifdef __DIAGNOSE
     628             :             demanded_diag( demanded );
     629             : #endif
     630             :             return;
     631             :         }
     632           0 :         throwAccessControlException( demanded, perm );
     633             :     }
     634           0 :     else if (demanded_type.equals( ::getCppuType( (security::AllPermission const *)0 ) ))
     635             :     {
     636           0 :         AllPermission demanded;
     637           0 :         if (__implies( m_head, demanded ))
     638             :         {
     639             : #ifdef __DIAGNOSE
     640             :             demanded_diag( demanded );
     641             : #endif
     642             :             return;
     643             :         }
     644           0 :         throwAccessControlException( demanded, perm );
     645             :     }
     646             :     else
     647             :     {
     648           0 :         OUStringBuffer buf( 48 );
     649           0 :         buf.appendAscii( RTL_CONSTASCII_STRINGPARAM("checking for unsupported permission type: ") );
     650           0 :         buf.append( demanded_type.getTypeName() );
     651             :         throw RuntimeException(
     652           0 :             buf.makeStringAndClear(), Reference< XInterface >() );
     653             :     }
     654             : }
     655             : 
     656             : }
     657             : 
     658             : /* vim:set shiftwidth=4 softtabstop=4 expandtab: */

Generated by: LCOV version 1.10