From 90825e2392b2d70e43c7a25b8a3752299a933894 Mon Sep 17 00:00:00 2001 From: toma Date: Wed, 25 Nov 2009 17:56:58 +0000 Subject: Copy the KDE 3.5 branch to branches/trinity for new KDE 3.5 features. BUG:215923 git-svn-id: svn://anonsvn.kde.org/home/kde/branches/trinity/kdebindings@1054174 283d02a7-25f6-0310-bc7c-ecb5cbfe19da --- kjsembed/jssecuritypolicy.h | 153 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 153 insertions(+) create mode 100644 kjsembed/jssecuritypolicy.h (limited to 'kjsembed/jssecuritypolicy.h') diff --git a/kjsembed/jssecuritypolicy.h b/kjsembed/jssecuritypolicy.h new file mode 100644 index 00000000..0709b214 --- /dev/null +++ b/kjsembed/jssecuritypolicy.h @@ -0,0 +1,153 @@ +// -*- c++ -*- + +/* + * Copyright (C) 2001-2003, Richard J. Moore + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Library General Public + * License as published by the Free Software Foundation; either + * version 2 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Library General Public License for more details. + * + * You should have received a copy of the GNU Library General Public License + * along with this library; see the file COPYING.LIB. If not, write to + * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + * Boston, MA 02110-1301, USA. + */ + +#ifndef KJSEMBEDSECURITYPOLICY_H +#define KJSEMBEDSECURITYPOLICY_H +#include "global.h" +#include + +namespace KJSEmbed { + +class JSObjectProxy; + +/** + * Implements the default security policy. + * This class defines the interface for security policies, and provides + * a default implementation that should be sufficient for most situations. + *

Security Checks

+ * A SecurityPolicy must define tests for the following situations: + *
    + *
  • Does this request come from the correct @ref KJS::Interpreter ? + *
  • Is the script allowed to access the specified QObject ? + *
  • Is the script allowed to access the specified property ? + *
+ * The various isAllowed() methods are called automatically by @ref JSObjectProxy + * when a script attempts to perform a controlled operation. + * + *

Default Policy

+ * The security policy applied by default is as follows: + *
    + *
  • Only the interpreter specified when the initial binding was + * defined may access the proxy. + *
  • Scripts may only access QObjects that are children of the root + * object. The root object is specified when the embedding application + * creates the initial binding, and is automatically inherited by any + * sub-proxies that may be created by the script. + *
  • Scripts may access any properties of the objects they can access. + *
+ * Applications tjat want a custom policy should define a SecurityPolicy + * that re-implement the various isAllowed() methods, then use + * @ref JSObjectProxy::setSecurityPolicy() to apply the policy to a proxy. + * + * @see KJSEmbed::JSObjectProxy + * @author Richard Moore, rich@kde.org + * $Id$ + */ +class KJSEMBED_EXPORT JSSecurityPolicy +{ +public: + JSSecurityPolicy( uint capabilities = 0 ); + virtual ~JSSecurityPolicy(); + + /** + * Defines a set of flags that indicate if access to a given API + * should be allowed. + */ + enum Capabilities { + CapabilityTree = 0x0001, + CapabilityGetProperties = 0x0002, + CapabilitySetProperties = 0x0004, + CapabilitySlots = 0x0008, + CapabilityFactory = 0x0010, + CapabilityTopLevel = 0x0020, + CapabilityCustom = 0x4000, + + CapabilityNone = 0x0000, + CapabilityReadOnly = CapabilityTree | CapabilityGetProperties, + CapabilityReadWrite = CapabilityReadOnly | CapabilitySetProperties | CapabilitySlots, + CapabilityAll = 0xffff + }; + + /** + * Returns true if any of the specified capabilities are allowed. + */ + bool hasCapability( uint cap ) const { return (cap & caps) ? true : false; } + + /** + * Specifies that the passed capabilities are allowed. + */ + void setCapability( uint cap ) { caps = caps | cap; } + + /** + * Specifies that the passed capabilities are disallowed. + */ + void clearCapability( uint cap ) { caps = caps | (CapabilityAll & cap); } + + /** + * Returns true if the specified interpreter may access the proxy. + */ + virtual bool isInterpreterAllowed( const JSObjectProxy *prx, const KJS::Interpreter *interp ) const; + + /** + * Returns true if scripts are allowed to see the specified QObject. + */ + virtual bool isObjectAllowed( const JSObjectProxy *prx, const QObject *obj ) const; + + /** + * Returns true if scripts are allowed to see the specified property. + */ + virtual bool isPropertyAllowed( const JSObjectProxy *prx, const QObject *obj, const char *prop ) const; + + /** + * Returns true if scripts are allowed to create the specified child object. + */ + virtual bool isCreateAllowed( const JSObjectProxy *prx, const QObject *parent, + const QString &clazz, const QString &name ) const; + + /** + * Returns the default SecurityPolicy. + */ + static JSSecurityPolicy *defaultPolicy(); + + /** + * Sets the default SecurityPolicy. + */ + static void setDefaultPolicy( JSSecurityPolicy *pol ); + + /** + * Sets the default SecurityPolicy. + */ + static void setDefaultPolicy( uint capabilities ); + + /** + * Deletes the default SecurityPolicy. + */ + static void deleteDefaultPolicy(); + +private: + static JSSecurityPolicy *policy; + uint caps; + class JSSecurityPolicyPrivate *d; +}; + +} // namespace KJSEmbed + +#endif // KJSEMBEDSECURITYPOLICY_H -- cgit v1.2.1