internal void InplaceUnion(PolicyStatement childPolicy)
{
if (((this.Attributes & childPolicy.Attributes) & PolicyStatementAttribute.Exclusive) == PolicyStatementAttribute.Exclusive)
{
throw new PolicyException(Environment.GetResourceString("Policy_MultipleExclusive"));
}
if (childPolicy.HasDependentEvidence)
{
bool flag = this.m_permSet.IsSubsetOf(childPolicy.GetPermissionSetNoCopy()) && !childPolicy.GetPermissionSetNoCopy().IsSubsetOf(this.m_permSet);
if (this.HasDependentEvidence || flag)
{
if (this.m_dependentEvidence == null)
{
this.m_dependentEvidence = new List <IDelayEvaluatedEvidence>();
}
this.m_dependentEvidence.AddRange(childPolicy.DependentEvidence);
}
}
if ((childPolicy.Attributes & PolicyStatementAttribute.Exclusive) == PolicyStatementAttribute.Exclusive)
{
this.m_permSet = childPolicy.GetPermissionSetNoCopy();
this.Attributes = childPolicy.Attributes;
}
else
{
this.m_permSet.InplaceUnion(childPolicy.GetPermissionSetNoCopy());
this.Attributes |= childPolicy.Attributes;
}
}
/// <summary>
/// Union a child policy statement into this policy statement
/// </summary>
internal void InplaceUnion(PolicyStatement childPolicy)
{
BCLDebug.Assert(childPolicy != null, "childPolicy != null");
if (((Attributes & childPolicy.Attributes) & PolicyStatementAttribute.Exclusive) == PolicyStatementAttribute.Exclusive)
{
throw new PolicyException(Environment.GetResourceString("Policy_MultipleExclusive"));
}
// We need to merge together our grant set and attributes. The result of this merge is
// dependent upon if we're merging a child marked exclusive or not. If the child is not
// exclusive, we need to union in its grant set and or in its attributes. However, if the child
// is exclusive then it is the only code group which should have an effect on the resulting
// grant set and therefore our grant should be ignored.
if ((childPolicy.Attributes & PolicyStatementAttribute.Exclusive) == PolicyStatementAttribute.Exclusive)
{
m_permSet = childPolicy.GetPermissionSetNoCopy();
Attributes = childPolicy.Attributes;
}
else
{
m_permSet.InplaceUnion(childPolicy.GetPermissionSetNoCopy());
Attributes = Attributes | childPolicy.Attributes;
}
}
public override PolicyStatement Resolve(Evidence evidence)
{
if (evidence == null)
{
throw new ArgumentNullException("evidence");
}
if (this.MembershipCondition.Check(evidence))
{
PolicyStatement thisPolicy = CalculateAssemblyPolicy(evidence);
IEnumerator enumerator = this.Children.GetEnumerator();
while (enumerator.MoveNext())
{
PolicyStatement childPolicy = ((CodeGroup)enumerator.Current).Resolve(evidence);
if (childPolicy != null)
{
if (((thisPolicy.Attributes & childPolicy.Attributes) & PolicyStatementAttribute.Exclusive) == PolicyStatementAttribute.Exclusive)
{
throw new PolicyException(Environment.GetResourceString("Policy_MultipleExclusive"));
}
thisPolicy.GetPermissionSetNoCopy().InplaceUnion(childPolicy.GetPermissionSetNoCopy());
thisPolicy.Attributes = thisPolicy.Attributes | childPolicy.Attributes;
}
}
return(thisPolicy);
}
else
{
return(null);
}
}
/// <summary>
/// Union a child policy statement into this policy statement
/// </summary>
internal void InplaceUnion(PolicyStatement childPolicy)
{
BCLDebug.Assert(childPolicy != null, "childPolicy != null");
if (((Attributes & childPolicy.Attributes) & PolicyStatementAttribute.Exclusive) == PolicyStatementAttribute.Exclusive)
{
throw new PolicyException(Environment.GetResourceString("Policy_MultipleExclusive"));
}
#if FEATURE_CAS_POLICY
// If our code group generated a grant set based upon unverified evidence, or it generated a grant
// set strictly less than that of a child group based upon unverified evidence, we need to keep
// track of any unverified evidence our child group has.
if (childPolicy.HasDependentEvidence)
{
bool childEvidenceNeedsVerification = m_permSet.IsSubsetOf(childPolicy.GetPermissionSetNoCopy()) &&
!childPolicy.GetPermissionSetNoCopy().IsSubsetOf(m_permSet);
if (HasDependentEvidence || childEvidenceNeedsVerification)
{
if (m_dependentEvidence == null)
{
m_dependentEvidence = new List <IDelayEvaluatedEvidence>();
}
m_dependentEvidence.AddRange(childPolicy.DependentEvidence);
}
}
#endif
// We need to merge together our grant set and attributes. The result of this merge is
// dependent upon if we're merging a child marked exclusive or not. If the child is not
// exclusive, we need to union in its grant set and or in its attributes. However, if the child
// is exclusive then it is the only code group which should have an effect on the resulting
// grant set and therefore our grant should be ignored.
if ((childPolicy.Attributes & PolicyStatementAttribute.Exclusive) == PolicyStatementAttribute.Exclusive)
{
m_permSet = childPolicy.GetPermissionSetNoCopy();
Attributes = childPolicy.Attributes;
}
else
{
m_permSet.InplaceUnion(childPolicy.GetPermissionSetNoCopy());
Attributes = Attributes | childPolicy.Attributes;
}
}
/// <include file='doc\FirstMatchCodeGroup.uex' path='docs/doc[@for="FirstMatchCodeGroup.Resolve"]/*' />
public override PolicyStatement Resolve(Evidence evidence)
{
if (evidence == null)
{
throw new ArgumentNullException("evidence");
}
if (this.MembershipCondition.Check(evidence))
{
PolicyStatement childPolicy = null;
IEnumerator enumerator = this.Children.GetEnumerator();
while (enumerator.MoveNext())
{
childPolicy = ((CodeGroup)enumerator.Current).Resolve(evidence);
// If the child has a policy, we are done.
if (childPolicy != null)
{
break;
}
}
PolicyStatement thisPolicy = this.PolicyStatement;
if (thisPolicy == null)
{
return(childPolicy);
}
else if (childPolicy != null)
{
// Combine the child and this policy and return it.
PolicyStatement combined = new PolicyStatement();
combined.SetPermissionSetNoCopy(thisPolicy.GetPermissionSetNoCopy().Union(childPolicy.GetPermissionSetNoCopy()));
// if both this group and matching child group are exclusive we need to throw an exception
if (((thisPolicy.Attributes & childPolicy.Attributes) & PolicyStatementAttribute.Exclusive) == PolicyStatementAttribute.Exclusive)
{
throw new PolicyException(Environment.GetResourceString("Policy_MultipleExclusive"));
}
combined.Attributes = thisPolicy.Attributes | childPolicy.Attributes;
return(combined);
}
else
{
// Otherwise we just copy the this policy.
return(this.PolicyStatement);
}
}
else
{
return(null);
}
}
[System.Security.SecurityCritical] // auto-generated
internal SecurityElement ToXml(PolicyLevel level, String policyClassName)
{
if (m_membershipCondition == null && m_element != null)
{
ParseMembershipCondition();
}
if (m_children == null)
{
ParseChildren();
}
if (m_policy == null && m_element != null)
{
ParsePolicy();
}
SecurityElement e = new SecurityElement("CodeGroup");
System.Security.Util.XMLUtil.AddClassAttribute(e, this.GetType(), policyClassName);
// If you hit this assert then most likely you are trying to change the name of this class.
// This is ok as long as you change the hard coded string above and change the assert below.
Contract.Assert(this.GetType().FullName.Equals(policyClassName), "Incorrect class name passed in! Was: " + policyClassName + " Should be " + this.GetType().FullName);
e.AddAttribute("version", "1");
e.AddChild(m_membershipCondition.ToXml(level));
// Grab the inerts of the policy statement's xml and just stick it
// into the code group xml directly. We do this to hide the policy statement from
// users in the config file.
if (m_policy != null)
{
PermissionSet permSet = m_policy.GetPermissionSetNoCopy();
NamedPermissionSet namedPermSet = permSet as NamedPermissionSet;
if (namedPermSet != null && level != null && level.GetNamedPermissionSetInternal(namedPermSet.Name) != null)
{
e.AddAttribute("PermissionSetName", namedPermSet.Name);
}
else
{
if (!permSet.IsEmpty())
{
e.AddChild(permSet.ToXml());
}
}
if (m_policy.Attributes != PolicyStatementAttribute.Nothing)
{
e.AddAttribute("Attributes", XMLUtil.BitFieldEnumToString(typeof(PolicyStatementAttribute), m_policy.Attributes));
}
}
if (m_children.Count > 0)
{
lock (this)
{
IEnumerator enumerator = m_children.GetEnumerator();
while (enumerator.MoveNext())
{
e.AddChild(((CodeGroup)enumerator.Current).ToXml(level));
}
}
}
if (m_name != null)
{
e.AddAttribute("Name", SecurityElement.Escape(m_name));
}
if (m_description != null)
{
e.AddAttribute("Description", SecurityElement.Escape(m_description));
}
CreateXml(e, level);
return(e);
}
[System.Security.SecurityCritical] // auto-generated
internal PolicyStatement Resolve (Evidence evidence, int count, byte[] serializedEvidence) {
if (evidence == null)
throw new ArgumentNullException("evidence");
Contract.EndContractBlock();
PolicyStatement policy = null;
if (serializedEvidence != null)
policy = CheckCache(count, serializedEvidence);
if (policy == null) {
CheckLoaded();
bool allConst;
bool isFullTrust = m_fullTrustAssemblies != null && IsFullTrustAssembly(m_fullTrustAssemblies, evidence);
if (isFullTrust) {
policy = new PolicyStatement(new PermissionSet(true), PolicyStatementAttribute.Nothing);
allConst = true;
}
else {
ArrayList list = GenericResolve(evidence, out allConst);
policy = new PolicyStatement();
// This will set the permission set to the empty set.
policy.PermissionSet = null;
IEnumerator enumerator = list.GetEnumerator();
while (enumerator.MoveNext()) {
PolicyStatement ps = ((CodeGroupStackFrame)enumerator.Current).policy;
if (ps != null) {
policy.GetPermissionSetNoCopy().InplaceUnion(ps.GetPermissionSetNoCopy());
policy.Attributes |= ps.Attributes;
// If we find a policy statement that's dependent upon unverified evidence, we
// need to mark that as used so that the VM can potentially force verification on
// the evidence.
if (ps.HasDependentEvidence) {
foreach (IDelayEvaluatedEvidence delayEvidence in ps.DependentEvidence) {
delayEvidence.MarkUsed();
}
}
}
}
}
if (allConst) {
// We want to store in the cache the evidence that was touched during policy evaluation
// rather than the input serialized evidence, since that evidence is optimized for the
// standard policy and is not all-inclusive. We need to make sure that any evidence
// used to determine the grant set is added to the cache key.
Cache(count, evidence.RawSerialize(), policy);
}
}
return policy;
}
internal void InplaceUnion(PolicyStatement childPolicy)
{
if (((this.Attributes & childPolicy.Attributes) & PolicyStatementAttribute.Exclusive) == PolicyStatementAttribute.Exclusive)
{
throw new PolicyException(Environment.GetResourceString("Policy_MultipleExclusive"));
}
if (childPolicy.HasDependentEvidence)
{
bool flag = this.m_permSet.IsSubsetOf(childPolicy.GetPermissionSetNoCopy()) && !childPolicy.GetPermissionSetNoCopy().IsSubsetOf(this.m_permSet);
if (this.HasDependentEvidence || flag)
{
if (this.m_dependentEvidence == null)
{
this.m_dependentEvidence = new List<IDelayEvaluatedEvidence>();
}
this.m_dependentEvidence.AddRange(childPolicy.DependentEvidence);
}
}
if ((childPolicy.Attributes & PolicyStatementAttribute.Exclusive) == PolicyStatementAttribute.Exclusive)
{
this.m_permSet = childPolicy.GetPermissionSetNoCopy();
this.Attributes = childPolicy.Attributes;
}
else
{
this.m_permSet.InplaceUnion(childPolicy.GetPermissionSetNoCopy());
this.Attributes |= childPolicy.Attributes;
}
}
/// <summary>
/// Union a child policy statement into this policy statement
/// </summary>
internal void InplaceUnion(PolicyStatement childPolicy)
{
BCLDebug.Assert(childPolicy != null, "childPolicy != null");
if (((Attributes & childPolicy.Attributes) & PolicyStatementAttribute.Exclusive) == PolicyStatementAttribute.Exclusive)
{
throw new PolicyException(Environment.GetResourceString( "Policy_MultipleExclusive" ));
}
#if FEATURE_CAS_POLICY
// If our code group generated a grant set based upon unverified evidence, or it generated a grant
// set strictly less than that of a child group based upon unverified evidence, we need to keep
// track of any unverified evidence our child group has.
if (childPolicy.HasDependentEvidence)
{
bool childEvidenceNeedsVerification = m_permSet.IsSubsetOf(childPolicy.GetPermissionSetNoCopy()) &&
!childPolicy.GetPermissionSetNoCopy().IsSubsetOf(m_permSet);
if (HasDependentEvidence || childEvidenceNeedsVerification)
{
if (m_dependentEvidence == null)
{
m_dependentEvidence = new List<IDelayEvaluatedEvidence>();
}
m_dependentEvidence.AddRange(childPolicy.DependentEvidence);
}
}
#endif
// We need to merge together our grant set and attributes. The result of this merge is
// dependent upon if we're merging a child marked exclusive or not. If the child is not
// exclusive, we need to union in its grant set and or in its attributes. However, if the child
// is exclusive then it is the only code group which should have an effect on the resulting
// grant set and therefore our grant should be ignored.
if ((childPolicy.Attributes & PolicyStatementAttribute.Exclusive) == PolicyStatementAttribute.Exclusive)
{
m_permSet = childPolicy.GetPermissionSetNoCopy();
Attributes = childPolicy.Attributes;
}
else
{
m_permSet.InplaceUnion(childPolicy.GetPermissionSetNoCopy());
Attributes = Attributes | childPolicy.Attributes;
}
}
internal PolicyStatement Resolve(Evidence evidence, int count, byte[] serializedEvidence)
{
if (evidence == null)
{
throw new ArgumentNullException("evidence");
}
PolicyStatement policy = null;
if (serializedEvidence != null)
{
policy = this.CheckCache(count, serializedEvidence);
}
if (policy == null)
{
bool flag;
this.CheckLoaded();
if ((this.m_fullTrustAssemblies != null) && IsFullTrustAssembly(this.m_fullTrustAssemblies, evidence))
{
policy = new PolicyStatement(new PermissionSet(true), PolicyStatementAttribute.Nothing);
flag = true;
}
else
{
ArrayList list = this.GenericResolve(evidence, out flag);
policy = new PolicyStatement {
PermissionSet = null
};
IEnumerator enumerator = list.GetEnumerator();
while (enumerator.MoveNext())
{
PolicyStatement statement2 = ((CodeGroupStackFrame) enumerator.Current).policy;
if (statement2 != null)
{
policy.GetPermissionSetNoCopy().InplaceUnion(statement2.GetPermissionSetNoCopy());
policy.Attributes |= statement2.Attributes;
if (statement2.HasDependentEvidence)
{
foreach (IDelayEvaluatedEvidence evidence2 in statement2.DependentEvidence)
{
evidence2.MarkUsed();
}
}
}
}
}
if (flag)
{
this.Cache(count, evidence.RawSerialize(), policy);
}
}
return policy;
}
/// <include file='doc\CodeGroup.uex' path='docs/doc[@for="CodeGroup.ToXml1"]/*' />
public SecurityElement ToXml(PolicyLevel level)
{
if (m_membershipCondition == null && m_element != null)
{
ParseMembershipCondition();
}
if (m_children == null)
{
ParseChildren();
}
if (m_policy == null && m_element != null)
{
ParsePolicy();
}
SecurityElement e = new SecurityElement("CodeGroup");
System.Security.Util.XMLUtil.AddClassAttribute(e, this.GetType());
e.AddAttribute("version", "1");
e.AddChild(m_membershipCondition.ToXml(level));
// Grab the inerts of the policy statement's xml and just stick it
// into the code group xml directly. We do this to hide the policy statement from
// users in the config file.
if (m_policy != null)
{
PermissionSet permSet = m_policy.GetPermissionSetNoCopy();
NamedPermissionSet namedPermSet = permSet as NamedPermissionSet;
if (namedPermSet != null && level != null && level.GetNamedPermissionSetInternal(namedPermSet.Name) != null)
{
e.AddAttribute("PermissionSetName", namedPermSet.Name);
}
else
{
if (!permSet.IsEmpty())
{
e.AddChild(permSet.ToXml());
}
}
if (m_policy.Attributes != PolicyStatementAttribute.Nothing)
{
e.AddAttribute("Attributes", XMLUtil.BitFieldEnumToString(typeof(PolicyStatementAttribute), m_policy.Attributes));
}
}
if (m_children.Count > 0)
{
lock (this)
{
IEnumerator enumerator = m_children.GetEnumerator();
while (enumerator.MoveNext())
{
e.AddChild(((CodeGroup)enumerator.Current).ToXml(level));
}
}
}
if (m_name != null)
{
e.AddAttribute("Name", SecurityElement.Escape(m_name));
}
if (m_description != null)
{
e.AddAttribute("Description", SecurityElement.Escape(m_description));
}
CreateXml(e, level);
return(e);
}
/// <summary>
/// Union a child policy statement into this policy statement
/// </summary>
internal void InplaceUnion(PolicyStatement childPolicy)
{
BCLDebug.Assert(childPolicy != null, "childPolicy != null");
if (((Attributes & childPolicy.Attributes) & PolicyStatementAttribute.Exclusive) == PolicyStatementAttribute.Exclusive)
{
throw new PolicyException(Environment.GetResourceString( "Policy_MultipleExclusive" ));
}
// We need to merge together our grant set and attributes. The result of this merge is
// dependent upon if we're merging a child marked exclusive or not. If the child is not
// exclusive, we need to union in its grant set and or in its attributes. However, if the child
// is exclusive then it is the only code group which should have an effect on the resulting
// grant set and therefore our grant should be ignored.
if ((childPolicy.Attributes & PolicyStatementAttribute.Exclusive) == PolicyStatementAttribute.Exclusive)
{
m_permSet = childPolicy.GetPermissionSetNoCopy();
Attributes = childPolicy.Attributes;
}
else
{
m_permSet.InplaceUnion(childPolicy.GetPermissionSetNoCopy());
Attributes = Attributes | childPolicy.Attributes;
}
}
internal PolicyStatement Resolve (Evidence evidence, int count, char[] serializedEvidence) {
if (evidence == null)
throw new ArgumentNullException("evidence");
PolicyStatement policy = null;
if (serializedEvidence != null)
policy = CheckCache(count, serializedEvidence);
if (policy == null) {
CheckLoaded();
bool allConst;
bool isFullTrust = m_fullTrustAssemblies != null && IsFullTrustAssembly(m_fullTrustAssemblies, evidence);
if (isFullTrust) {
policy = new PolicyStatement(new PermissionSet(true), PolicyStatementAttribute.Nothing);
allConst = true;
}
else {
ArrayList list = GenericResolve(evidence, out allConst);
policy = new PolicyStatement();
// This will set the permission set to the empty set.
policy.PermissionSet = null;
IEnumerator enumerator = list.GetEnumerator();
while (enumerator.MoveNext()) {
PolicyStatement ps = ((CodeGroupStackFrame)enumerator.Current).policy;
if (ps != null) {
policy.GetPermissionSetNoCopy().InplaceUnion(ps.GetPermissionSetNoCopy());
policy.Attributes |= ps.Attributes;
}
}
}
if (allConst && serializedEvidence != null)
Cache(count, serializedEvidence, policy);
}
return policy;
}
private void CombinePolicy( PolicyStatement left, PolicyStatement right )
{
#if _DEBUG
if (debug)
{
DEBUG_OUT( "left = \n" + (left == null ? "<null>" : left.ToXml().ToString() ) );
DEBUG_OUT( "right = \n" + (right == null ? "<null>" : right.ToXml().ToString() ) );
}
#endif
if (right == null)
{
return;
}
else
{
// An exception somewhere in here means that a permission
// failed some operation. This simply means that it will be
// dropped from the grant set which is safe operation that
// can be ignored.
try
{
left.GetPermissionSetNoCopy().InplaceUnion( right.GetPermissionSetNoCopy() );
}
catch (Exception)
{
}
left.Attributes = left.Attributes | right.Attributes;
}
#if _DEBUG
if (debug)
DEBUG_OUT( "outcome =\n" + left.ToXml().ToString() );
#endif
}
/// <include file='doc\NetCodeGroup.uex' path='docs/doc[@for="NetCodeGroup.Resolve"]/*' />
public override PolicyStatement Resolve(Evidence evidence)
{
if (evidence == null)
{
throw new ArgumentNullException("evidence");
}
if (this.MembershipCondition.Check(evidence))
{
PolicyStatement thisPolicy = null;
IEnumerator evidenceEnumerator = evidence.GetHostEnumerator();
Site site = null;
while (evidenceEnumerator.MoveNext())
{
Url url = evidenceEnumerator.Current as Url;
if (url != null)
{
thisPolicy = CalculatePolicy(url.GetURLString().Host, url.GetURLString().Scheme);
}
else
{
if (site == null)
{
site = evidenceEnumerator.Current as Site;
}
}
}
if (thisPolicy == null && site != null)
{
thisPolicy = CalculatePolicy(site.Name, null);
}
if (thisPolicy == null)
{
thisPolicy = new PolicyStatement(new PermissionSet(false), PolicyStatementAttribute.Nothing);
}
IEnumerator enumerator = this.Children.GetEnumerator();
while (enumerator.MoveNext())
{
PolicyStatement childPolicy = ((CodeGroup)enumerator.Current).Resolve(evidence);
if (childPolicy != null)
{
if (((thisPolicy.Attributes & childPolicy.Attributes) & PolicyStatementAttribute.Exclusive) == PolicyStatementAttribute.Exclusive)
{
throw new PolicyException(Environment.GetResourceString("Policy_MultipleExclusive"));
}
thisPolicy.GetPermissionSetNoCopy().InplaceUnion(childPolicy.GetPermissionSetNoCopy());
thisPolicy.Attributes = thisPolicy.Attributes | childPolicy.Attributes;
}
}
return(thisPolicy);
}
else
{
return(null);
}
}
