summaryrefslogtreecommitdiffstats
path: root/kjsembed/jssecuritypolicy.h
blob: 0709b214e8ff1c5d46f50f7a8c623ef00fe727c6 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
// -*- c++ -*-

/*
 *  Copyright (C) 2001-2003, Richard J. Moore <rich@kde.org>
 *
 *  This library is free software; you can redistribute it and/or
 *  modify it under the terms of the GNU Library General Public
 *  License as published by the Free Software Foundation; either
 *  version 2 of the License, or (at your option) any later version.
 *
 *  This library is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 *  Library General Public License for more details.
 *
 *  You should have received a copy of the GNU Library General Public License
 *  along with this library; see the file COPYING.LIB.  If not, write to
 *  the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
 *  Boston, MA 02110-1301, USA.
 */

#ifndef KJSEMBEDSECURITYPOLICY_H
#define KJSEMBEDSECURITYPOLICY_H
#include "global.h"
#include <kjsembed/jsobjectproxy.h>

namespace KJSEmbed {

class JSObjectProxy;

/**
 * Implements the default security policy.
 * This class defines the interface for security policies, and provides
 * a default implementation that should be sufficient for most situations.
 * <h3>Security Checks</h3>
 * A SecurityPolicy must define tests for the following situations:
 * <ul>
 * <li>Does this request come from the correct @ref KJS::Interpreter ?
 * <li>Is the script allowed to access the specified QObject ?
 * <li>Is the script allowed to access the specified property ?
 * </ul>
 * The various isAllowed() methods are called automatically by @ref JSObjectProxy
 * when a script attempts to perform a controlled operation.
 *
 * <h3>Default Policy</h3>
 * The security policy applied by default is as follows:
 * <ul>
 * <li>Only the interpreter specified when the initial binding was
 * defined may access the proxy.
 * <li>Scripts may only access QObjects that are children of the root
 * object. The root object is specified when the embedding application
 * creates the initial binding, and is automatically inherited by any
 * sub-proxies that may be created by the script.
 * <li>Scripts may access any properties of the objects they can access.
 * </ul>
 * Applications tjat want a custom policy should define a SecurityPolicy
 * that re-implement the various isAllowed() methods, then use
 * @ref JSObjectProxy::setSecurityPolicy() to apply the policy to a proxy.
 *
 * @see KJSEmbed::JSObjectProxy
 * @author Richard Moore, rich@kde.org
 * $Id$
 */
class KJSEMBED_EXPORT JSSecurityPolicy
{
public:
    JSSecurityPolicy( uint capabilities = 0 );
    virtual ~JSSecurityPolicy();

    /**
     * Defines a set of flags that indicate if access to a given API
     * should be allowed.
     */
    enum Capabilities {
	CapabilityTree = 0x0001,
	CapabilityGetProperties = 0x0002,
	CapabilitySetProperties = 0x0004,
	CapabilitySlots = 0x0008,
	CapabilityFactory = 0x0010,
	CapabilityTopLevel = 0x0020,
	CapabilityCustom = 0x4000,

	CapabilityNone = 0x0000,
	CapabilityReadOnly = CapabilityTree | CapabilityGetProperties,
	CapabilityReadWrite = CapabilityReadOnly | CapabilitySetProperties | CapabilitySlots,
	CapabilityAll = 0xffff
    };

    /**
     * Returns true if any of the specified capabilities are allowed.
     */
    bool hasCapability( uint cap ) const { return (cap & caps) ? true : false; }

    /**
     * Specifies that the passed capabilities are allowed.
     */
    void setCapability( uint cap ) { caps = caps | cap; }

    /**
     * Specifies that the passed capabilities are disallowed.
     */
    void clearCapability( uint cap ) { caps = caps | (CapabilityAll & cap); }

    /**
     * Returns true if the specified interpreter may access the proxy.
     */
    virtual bool isInterpreterAllowed( const JSObjectProxy *prx, const KJS::Interpreter *interp ) const;

    /**
     * Returns true if scripts are allowed to see the specified QObject.
     */
    virtual bool isObjectAllowed( const JSObjectProxy *prx, const QObject *obj ) const;

    /**
     * Returns true if scripts are allowed to see the specified property.
     */
    virtual bool isPropertyAllowed( const JSObjectProxy *prx, const QObject *obj, const char *prop ) const;

    /**
     * Returns true if scripts are allowed to create the specified child object.
     */
    virtual bool isCreateAllowed( const JSObjectProxy *prx, const QObject *parent,
				  const QString &clazz, const QString &name ) const;

    /**
     * Returns the default SecurityPolicy.
     */
    static JSSecurityPolicy *defaultPolicy();

    /**
     * Sets the default SecurityPolicy.
     */
    static void setDefaultPolicy( JSSecurityPolicy *pol );

    /**
     * Sets the default SecurityPolicy.
     */
    static void setDefaultPolicy( uint capabilities );

    /**
     * Deletes the default SecurityPolicy.
     */
    static void deleteDefaultPolicy();

private:
    static JSSecurityPolicy *policy;
    uint caps;
    class JSSecurityPolicyPrivate *d;
};

} // namespace KJSEmbed

#endif // KJSEMBEDSECURITYPOLICY_H