IsSubsetOf() public abstract method

public abstract IsSubsetOf ( IPermission target ) : bool
target IPermission
return bool
        internal bool CheckDeny(CodeAccessPermission denied)
        {
            if (denied == null)
            {
                return(true);
            }
            Type type = denied.GetType();

            return(type != base.GetType() || this.Intersect(denied) == null || denied.IsSubsetOf(PermissionBuilder.Create(type)));
        }
        public virtual void AppendPermissionAndCompress(CodeAccessPermission perm, int type)
        {
            if (m_head == null)
            {
                BCLDebug.Assert(false, "You should not try to append and compress until there is atleast one other entry");
                throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_InvalidState"));
            }

            if (type == MatchChecked)
            {
                PListNode current = m_last;

                while (current != null)
                {
                    if (current.type == MatchChecked)
                    {
                        if (current.perm == null)
                        {
                            return;
                        }

                        if (perm == null)
                        {
                            current.perm = null;
                            return;
                        }

                        try
                        {
                            if (perm.IsSubsetOf(current.perm) &&
                                current.perm.IsSubsetOf(perm))
                            {
                                return;
                            }
                        }
                        catch (Exception)
                        {
                            // It is ok to catch and ignore exceptions here because
                            // it only means that we'll continue to iterate and worst-
                            // case add a new PListNode for the parameter perm instance.
                        }
                    }

                    current = current.prev;
                }
            }

            // If we get here, then add normally.
            m_last.next = new PListNode(perm, type, null, m_last);
            m_last      = m_last.next;
            m_cElt++;
        }
        public override bool Equals(object obj)
        {
            if (obj == null)
            {
                return(false);
            }
            if (obj.GetType() != this.GetType())
            {
                return(false);
            }
            CodeAccessPermission cap = (obj as CodeAccessPermission);

            return(IsSubsetOf(cap) && cap.IsSubsetOf(this));
        }
        public override bool Equals(object obj)
        {
            if (obj == null)
            {
                return(false);
            }
            if (obj.GetType() != base.GetType())
            {
                return(false);
            }
            CodeAccessPermission codeAccessPermission = obj as CodeAccessPermission;

            return(this.IsSubsetOf(codeAccessPermission) && codeAccessPermission.IsSubsetOf(this));
        }
Beispiel #5
0
        //
        // Check callback
        //

        /// <include file='doc\CodeAccessPermission.uex' path='docs/doc[@for="CodeAccessPermission.CheckDemand"]/*' />
        internal void CheckDemand(CodeAccessPermission demand)
        {
            if (demand == null)
            {
                return;
            }

        #if _DEBUG
            if (debug)
            {
                DEBUG_OUT("demand = " + demand.GetType().ToString() + " this = " + this.GetType().ToString());
            }
        #endif

            BCLDebug.Assert(demand.GetType().Equals(this.GetType()), "CheckDemand not defined for permissions of different type");

            if (!demand.IsSubsetOf(this))
            {
                throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString());
            }
        }
        internal bool CheckDeny(CodeAccessPermission denied)
        {
            if (denied == null)
            {
                return(true);
            }
            Type t = denied.GetType();

            if (t != this.GetType())
            {
                return(true);
            }
            IPermission inter = Intersect(denied);

            if (inter == null)
            {
                return(true);
            }
            // sadly that's not enough :( at this stage we must also check
            // if an empty (PermissionState.None) is a subset of the denied
            // (which is like a empty intersection looks like for flag based
            // permissions, e.g. AspNetHostingPermission).
            return(denied.IsSubsetOf(PermissionBuilder.Create(t)));
        }
Beispiel #7
0
        internal bool CheckDemandInternal(CodeAccessPermission demand, out Exception exception)
        {
            BCLDebug.Assert(m_head != null, "m_head != null");
            for (PListNode pnext = m_head; pnext != null; pnext = pnext.next)
            {
                if (pnext.perm == null)
                {
                    // If this is a grant set or a permit only, then we should fail since null indicates the empty permission.
                    if (pnext.type == MatchChecked || pnext.type == MatchPermitOnly)
                    {
                        BCLDebug.Assert(!demand.IsSubsetOf(null), "By the time we get here, demands that are subsets of null should have been terminated");
                        exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName));
                        return(false);
                    }

                    // If this is a deny, then we should fail since null indicates the unrestricted permission.
                    if (pnext.type == MatchDeny)
                    {
                        exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName));
                        return(false);
                    }

                    // If this is an assert, then we should return success and terminate the stack walk since
                    // null indicates the unrestricted permission.
                    if (pnext.type == MatchAssert)
                    {
                        exception = null;
                        return(false);
                    }

                    // If this is anything else, then we should act confused.
                    // This case is unexpected.
                    BCLDebug.Assert(false, "This case should never happen");
                    exception = new InvalidOperationException(Environment.GetResourceString("InvalidOperation_InvalidState"));
                    return(false);
                }

                CodeAccessPermission cap = pnext.perm;
                switch (pnext.type)
                {
                case MatchChecked:
                case MatchPermitOnly:
                    if (!demand.IsSubsetOf(cap))
                    {
                        exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName));
                        return(false);
                    }
                    break;

                case MatchAssert:
                    if (demand.IsSubsetOf(cap))
                    {
                        exception = null;
                        return(false);
                    }
                    break;

                case MatchDeny:
                    if (demand.Intersect(cap) != null)
                    {
                        exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName));
                        return(false);
                    }
                    break;

                default:
                    // Illegal entry
                    exception = new InvalidOperationException(Environment.GetResourceString("InvalidOperation_InvalidState"));
                    return(false);
                }
            }

            exception = null;
            return(true);
        }
        // Token: 0x06001E28 RID: 7720 RVA: 0x0006948C File Offset: 0x0006768C
        internal static int GetSpecialFlags(PermissionSet grantSet, PermissionSet deniedSet)
        {
            if (grantSet != null && grantSet.IsUnrestricted() && (deniedSet == null || deniedSet.IsEmpty()))
            {
                return(-1);
            }
            SecurityPermissionFlag   securityPermissionFlag   = SecurityPermissionFlag.NoFlags;
            ReflectionPermissionFlag reflectionPermissionFlag = ReflectionPermissionFlag.NoFlags;

            CodeAccessPermission[] array = new CodeAccessPermission[6];
            if (grantSet != null)
            {
                if (grantSet.IsUnrestricted())
                {
                    securityPermissionFlag   = SecurityPermissionFlag.AllFlags;
                    reflectionPermissionFlag = (ReflectionPermissionFlag.TypeInformation | ReflectionPermissionFlag.MemberAccess | ReflectionPermissionFlag.ReflectionEmit | ReflectionPermissionFlag.RestrictedMemberAccess);
                    for (int i = 0; i < array.Length; i++)
                    {
                        array[i] = SecurityManager.s_UnrestrictedSpecialPermissionMap[i];
                    }
                }
                else
                {
                    SecurityPermission securityPermission = grantSet.GetPermission(6) as SecurityPermission;
                    if (securityPermission != null)
                    {
                        securityPermissionFlag = securityPermission.Flags;
                    }
                    ReflectionPermission reflectionPermission = grantSet.GetPermission(4) as ReflectionPermission;
                    if (reflectionPermission != null)
                    {
                        reflectionPermissionFlag = reflectionPermission.Flags;
                    }
                    for (int j = 0; j < array.Length; j++)
                    {
                        array[j] = (grantSet.GetPermission(SecurityManager.s_BuiltInPermissionIndexMap[j][0]) as CodeAccessPermission);
                    }
                }
            }
            if (deniedSet != null)
            {
                if (deniedSet.IsUnrestricted())
                {
                    securityPermissionFlag   = SecurityPermissionFlag.NoFlags;
                    reflectionPermissionFlag = ReflectionPermissionFlag.NoFlags;
                    for (int k = 0; k < SecurityManager.s_BuiltInPermissionIndexMap.Length; k++)
                    {
                        array[k] = null;
                    }
                }
                else
                {
                    SecurityPermission securityPermission = deniedSet.GetPermission(6) as SecurityPermission;
                    if (securityPermission != null)
                    {
                        securityPermissionFlag &= ~securityPermission.Flags;
                    }
                    ReflectionPermission reflectionPermission = deniedSet.GetPermission(4) as ReflectionPermission;
                    if (reflectionPermission != null)
                    {
                        reflectionPermissionFlag &= ~reflectionPermission.Flags;
                    }
                    for (int l = 0; l < SecurityManager.s_BuiltInPermissionIndexMap.Length; l++)
                    {
                        CodeAccessPermission codeAccessPermission = deniedSet.GetPermission(SecurityManager.s_BuiltInPermissionIndexMap[l][0]) as CodeAccessPermission;
                        if (codeAccessPermission != null && !codeAccessPermission.IsSubsetOf(null))
                        {
                            array[l] = null;
                        }
                    }
                }
            }
            int num = SecurityManager.MapToSpecialFlags(securityPermissionFlag, reflectionPermissionFlag);

            if (num != -1)
            {
                for (int m = 0; m < array.Length; m++)
                {
                    if (array[m] != null && ((IUnrestrictedPermission)array[m]).IsUnrestricted())
                    {
                        num |= 1 << SecurityManager.s_BuiltInPermissionIndexMap[m][1];
                    }
                }
            }
            return(num);
        }
Beispiel #9
0
        internal bool CheckDemandInternal(CodeAccessPermission demand, PermissionToken permToken, out Exception exception)
        {
            BCLDebug.Assert(demand != null, "demand != null");
            BCLDebug.Assert(permToken != null, "permToken != null");
            
            // First, find if there is a permission list of this type.

            PermissionList permList = FindPermissionList(permToken);
                
            if (permList != null)
            {
                // If so, check against it to determine our action.

                bool cont = permList.CheckDemandInternal(demand, out exception);

                // We don't record modifiers for the unrestricted permission set in the
                // individual lists.  Therefore, permList.CheckDemandInternal may say
                // that we have to continue the stackwalk, but we know better.

                if (cont && permToken.m_isUnrestricted)
                {
                    if ((m_state & PermissionListSetState.UnrestrictedDeny) != 0)
                    {
                        exception = new SecurityException(String.Format( Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName ) );
                        return false;
                    }
                    else
                    {
                        cont = cont && ((m_state & PermissionListSetState.UnrestrictedAssert) == 0);
                    }
                }

                return cont;
            }
#if _DEBUG
            // Let's check to make sure we always pass demands for empty permissions.

            else if (demand.IsSubsetOf( null ))
            {
                BCLDebug.Assert( false, "We should pick of empty demands before this point" );
                exception = null;
                return true;
            }
#endif
            // If the permission is not unrestricted, the lack of a permission list
            // denotes that no frame on the stack granted this permission, and therefore
            // we pass back the failure condition.

            else if (!permToken.m_isUnrestricted)
            {
                exception = new SecurityException(String.Format( Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName ) );
                return false;
            }

            // If this permission list set is not unrestricted and there is no unrestricted assert
            // then the lack of a permission list denotes that no frame on the stack granted
            // this permission, and therefore we pass back the failure condition.  If there is
            // an unrestricted assert, then we pass back success and terminate the stack walk.

            else if (!this.IsUnrestricted())
            {
                exception = new SecurityException(String.Format( Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName ) );
                return false;
            }
            
            // If we made it all the way through, that means that we are in the unrestricted
            // state and that this permission is encompassed in that.  If we have an unrestricted
            // assert, we are done with the state walk (return false), otherwise keep going.

            exception = null;
            return (m_state & PermissionListSetState.UnrestrictedAssert) == 0;
        }
Beispiel #10
0
        internal static int GetSpecialFlags(PermissionSet grantSet, PermissionSet deniedSet)
        {
            if (((grantSet != null) && grantSet.IsUnrestricted()) && ((deniedSet == null) || deniedSet.IsEmpty()))
            {
                return(-1);
            }
            SecurityPermission       permission  = null;
            SecurityPermissionFlag   noFlags     = SecurityPermissionFlag.NoFlags;
            ReflectionPermission     permission2 = null;
            ReflectionPermissionFlag reflectionPermissionFlags = ReflectionPermissionFlag.NoFlags;

            CodeAccessPermission[] permissionArray = new CodeAccessPermission[6];
            if (grantSet != null)
            {
                if (grantSet.IsUnrestricted())
                {
                    noFlags = SecurityPermissionFlag.AllFlags;
                    reflectionPermissionFlags = ReflectionPermissionFlag.RestrictedMemberAccess | ReflectionPermissionFlag.AllFlags;
                    for (int i = 0; i < permissionArray.Length; i++)
                    {
                        permissionArray[i] = s_UnrestrictedSpecialPermissionMap[i];
                    }
                }
                else
                {
                    permission = grantSet.GetPermission(6) as SecurityPermission;
                    if (permission != null)
                    {
                        noFlags = permission.Flags;
                    }
                    permission2 = grantSet.GetPermission(4) as ReflectionPermission;
                    if (permission2 != null)
                    {
                        reflectionPermissionFlags = permission2.Flags;
                    }
                    for (int j = 0; j < permissionArray.Length; j++)
                    {
                        permissionArray[j] = grantSet.GetPermission(s_BuiltInPermissionIndexMap[j][0]) as CodeAccessPermission;
                    }
                }
            }
            if (deniedSet != null)
            {
                if (deniedSet.IsUnrestricted())
                {
                    noFlags = SecurityPermissionFlag.NoFlags;
                    reflectionPermissionFlags = ReflectionPermissionFlag.NoFlags;
                    for (int k = 0; k < s_BuiltInPermissionIndexMap.Length; k++)
                    {
                        permissionArray[k] = null;
                    }
                }
                else
                {
                    permission = deniedSet.GetPermission(6) as SecurityPermission;
                    if (permission != null)
                    {
                        noFlags &= ~permission.Flags;
                    }
                    permission2 = deniedSet.GetPermission(4) as ReflectionPermission;
                    if (permission2 != null)
                    {
                        reflectionPermissionFlags &= ~permission2.Flags;
                    }
                    for (int m = 0; m < s_BuiltInPermissionIndexMap.Length; m++)
                    {
                        CodeAccessPermission permission3 = deniedSet.GetPermission(s_BuiltInPermissionIndexMap[m][0]) as CodeAccessPermission;
                        if ((permission3 != null) && !permission3.IsSubsetOf(null))
                        {
                            permissionArray[m] = null;
                        }
                    }
                }
            }
            int num5 = MapToSpecialFlags(noFlags, reflectionPermissionFlags);

            if (num5 != -1)
            {
                for (int n = 0; n < permissionArray.Length; n++)
                {
                    if ((permissionArray[n] != null) && ((IUnrestrictedPermission)permissionArray[n]).IsUnrestricted())
                    {
                        num5 |= ((int)1) << s_BuiltInPermissionIndexMap[n][1];
                    }
                }
            }
            return(num5);
        }
        internal bool CheckDemandInternal(CodeAccessPermission demand, PermissionToken permToken, bool createException, out Exception exception)
        {
            BCLDebug.Assert(demand != null, "demand != null");
            BCLDebug.Assert(permToken != null, "permToken != null");

            // First, find if there is a permission list of this type.

            PermissionList permList = FindPermissionList(permToken);

            if (permList != null)
            {
                // If so, check against it to determine our action.

                bool cont = permList.CheckDemandInternal(demand, createException, out exception);

                // We don't record modifiers for the unrestricted permission set in the
                // individual lists.  Therefore, permList.CheckDemandInternal may say
                // that we have to continue the stackwalk, but we know better.

                if (cont && permToken.m_isUnrestricted)
                {
                    if ((m_state & PermissionListSetState.UnrestrictedDeny) != 0)
                    {
                        if (createException)
                        {
                            exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName));
                        }
                        else
                        {
                            exception = GetStaticException();
                        }
                        return(false);
                    }
                    else
                    {
                        cont = cont && ((m_state & PermissionListSetState.UnrestrictedAssert) == 0);
                    }
                }

                return(cont);
            }
#if _DEBUG
            // Let's check to make sure we always pass demands for empty permissions.

            else if (demand.IsSubsetOf(null))
            {
                BCLDebug.Assert(false, "We should pick of empty demands before this point");
                exception = null;
                return(true);
            }
#endif
            // If the permission is not unrestricted, the lack of a permission list
            // denotes that no frame on the stack granted this permission, and therefore
            // we pass back the failure condition.

            else if (!permToken.m_isUnrestricted)
            {
                if (createException)
                {
                    exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName));
                }
                else
                {
                    exception = GetStaticException();
                }
                return(false);
            }

            // If this permission list set is not unrestricted and there is no unrestricted assert
            // then the lack of a permission list denotes that no frame on the stack granted
            // this permission, and therefore we pass back the failure condition.  If there is
            // an unrestricted assert, then we pass back success and terminate the stack walk.

            else if (!this.IsUnrestricted())
            {
                if (createException)
                {
                    exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName));
                }
                else
                {
                    exception = GetStaticException();
                }
                return(false);
            }

            // If we made it all the way through, that means that we are in the unrestricted
            // state and that this permission is encompassed in that.  If we have an unrestricted
            // assert, we are done with the state walk (return false), otherwise keep going.

            exception = null;
            return((m_state & PermissionListSetState.UnrestrictedAssert) == 0);
        }
Beispiel #12
0
		internal bool CheckDeny (CodeAccessPermission denied)
		{
			if (denied == null)
				return true;
			Type t = denied.GetType ();
			if (t != this.GetType ())
				return true;
			IPermission inter = Intersect (denied);
			if (inter == null)
				return true;
			// sadly that's not enough :( at this stage we must also check
			// if an empty (PermissionState.None) is a subset of the denied
			// (which is like a empty intersection looks like for flag based
			// permissions, e.g. AspNetHostingPermission).
			return denied.IsSubsetOf (PermissionBuilder.Create (t));
		}
        private static void CheckHelper(PermissionSet grantedSet,
                                        PermissionSet deniedSet,
                                        CodeAccessPermission demand,
                                        PermissionToken permToken)
        {
    #if _DEBUG
            if (debug)
            {
                DEBUG_OUT("Granted: ");
                DEBUG_OUT(grantedSet.ToXml().ToString());
                DEBUG_OUT("Denied: ");
                DEBUG_OUT(deniedSet != null ? deniedSet.ToXml().ToString() : "<null>");
                DEBUG_OUT("Demanded: ");
                DEBUG_OUT(demand.ToString());
            }
    #endif

            if (permToken == null)
            {
                permToken = PermissionToken.GetToken(demand);
            }

            // If PermissionSet is null, then module does not have Permissions... Fail check.

            try
            {
                if (grantedSet == null)
                {
                    throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"));
                }
                else if (!grantedSet.IsUnrestricted() || !(demand is IUnrestrictedPermission))
                {
                    // If we aren't unrestricted, there is a denied set, or our permission is not of the unrestricted
                    // variety, we need to do the proper callback.

                    BCLDebug.Assert(demand != null, "demand != null");

                    // Find the permission of matching type in the permission set.

                    CodeAccessPermission grantedPerm =
                        (CodeAccessPermission)grantedSet.GetPermission(permToken);

                    // If there isn't a matching permission in the set and our demand is not a subset of null (i.e. empty)
                    // then throw an exception.

                    if (grantedPerm == null)
                    {
                        if (!demand.IsSubsetOf(null))
                        {
                            throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString());
                        }
                        else
                        {
                            return;
                        }
                    }

                    // Call the check demand for our permission.

                    grantedPerm.CheckDemand(demand);
                }


                // Make the sure the permission is not denied.

                if (deniedSet != null)
                {
                    CodeAccessPermission deniedPerm =
                        (CodeAccessPermission)deniedSet.GetPermission(permToken);
                    if (deniedPerm != null)
                    {
                        if (deniedPerm.Intersect(demand) != null)
                        {
        #if _DEBUG
                            if (debug)
                            {
                                DEBUG_OUT("Permission found in denied set");
                            }
        #endif
                            throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString());
                        }
                    }

                    if (deniedSet.IsUnrestricted() && (demand is IUnrestrictedPermission))
                    {
                        throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString());
                    }
                }
            }
            catch (Exception e)
            {
                // Any exception besides a security exception in this code means that
                // a permission was unable to properly handle what we asked of it.
                // We will define this to mean that the demand failed.

                if (e is SecurityException)
                {
                    throw e;
                }
                else
                {
                    throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString());
                }
            }


            DEBUG_OUT("Check passed");
        }
        private static void CheckTokenBasedSetHelper(bool ignoreGrants,
                                                     TokenBasedSet grants,
                                                     TokenBasedSet denied,
                                                     TokenBasedSet demands)
        {
            if (demands == null)
            {
                return;
            }

            TokenBasedSetEnumerator enumerator = (TokenBasedSetEnumerator)demands.GetEnum();

            while (enumerator.MoveNext())
            {
                CodeAccessPermission demand = (CodeAccessPermission)enumerator.Current;
                int index = enumerator.GetCurrentIndex();

                if (demand != null)
                {
                    try
                    {
                        // Check to make sure the permission was granted, unless we are supposed
                        // to ignore grants.

                        if (!ignoreGrants)
                        {
                            CodeAccessPermission grant
                                = grants != null ? (CodeAccessPermission)grants.GetItem(index) : null;
                            if (grant != null)
                            {
                                grant.CheckDemand(demand);
                            }
                            else
                            {
                                if (!demand.IsSubsetOf(null))
                                {
                                    throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString());
                                }
                            }
                        }

                        // Check to make sure our permission was not denied.

                        if (denied != null)
                        {
                            CodeAccessPermission deny
                                = (CodeAccessPermission)denied.GetItem(index);
                            if (deny != null && deny.Intersect(demand) != null)
                            {
                                throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString());
                            }
                        }
                    }
                    catch (Exception e)
                    {
                        // Any exception besides a security exception in this code means that
                        // a permission was unable to properly handle what we asked of it.
                        // We will define this to mean that the demand failed.

                        if (e is SecurityException)
                        {
                            throw e;
                        }
                        else
                        {
                            throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString());
                        }
                    }
                }
            }
        }
        private static void CheckHelper(PermissionSet grantedSet,
                                        PermissionSet deniedSet,
                                        CodeAccessPermission demand, 
                                        PermissionToken permToken)
        {
    #if _DEBUG
            if (debug)
            {
                DEBUG_OUT("Granted: ");
                DEBUG_OUT(grantedSet.ToXml().ToString());
                DEBUG_OUT("Denied: ");
                DEBUG_OUT(deniedSet!=null ? deniedSet.ToXml().ToString() : "<null>");
                DEBUG_OUT("Demanded: ");
                DEBUG_OUT(demand.ToString());
            }
    #endif
            
            if (permToken == null)
                permToken = PermissionToken.GetToken(demand);

            // If PermissionSet is null, then module does not have Permissions... Fail check.
            
            try
            {
                if (grantedSet == null)
                {
                    throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"));
                } 
                else if (!grantedSet.IsUnrestricted() || !(demand is IUnrestrictedPermission))
                {
                    // If we aren't unrestricted, there is a denied set, or our permission is not of the unrestricted
                    // variety, we need to do the proper callback.
                
                    BCLDebug.Assert(demand != null,"demand != null");
                    
                    // Find the permission of matching type in the permission set.
                    
                    CodeAccessPermission grantedPerm = 
                                (CodeAccessPermission)grantedSet.GetPermission(permToken);
                                
                    // If there isn't a matching permission in the set and our demand is not a subset of null (i.e. empty)
                    // then throw an exception.
                                
                    if (grantedPerm == null)
                    {
                        if (!demand.IsSubsetOf( null ))
                            throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString());
                        else
                            return;
                    }
                    
                    // Call the check demand for our permission.
                    
                    grantedPerm.CheckDemand(demand);
                }
                
                
                // Make the sure the permission is not denied.
    
                if (deniedSet != null)
                {
                    CodeAccessPermission deniedPerm = 
                        (CodeAccessPermission)deniedSet.GetPermission(permToken);
                    if (deniedPerm != null)
                    {
                        if (deniedPerm.Intersect(demand) != null)
                        {
        #if _DEBUG
                            if (debug)
                                DEBUG_OUT( "Permission found in denied set" );
        #endif
                            throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString());
                        }
                    }
                }
            }
            catch (Exception e)
            {
                // Any exception besides a security exception in this code means that
                // a permission was unable to properly handle what we asked of it.
                // We will define this to mean that the demand failed.
                        
                if (e is SecurityException)
                    throw e;
                else
                    throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString());
            }

            
            DEBUG_OUT( "Check passed" );

        }
Beispiel #16
0
        //
        // Check callback
        //
    
        /// <include file='doc\CodeAccessPermission.uex' path='docs/doc[@for="CodeAccessPermission.CheckDemand"]/*' />
        internal void CheckDemand(CodeAccessPermission demand)
        {
            if (demand == null)
                return;
    
	#if _DEBUG	     
			if (debug)
			{
				DEBUG_OUT( "demand = " + demand.GetType().ToString() + " this = " + this.GetType().ToString() );
			}
	#endif

            BCLDebug.Assert( demand.GetType().Equals( this.GetType() ), "CheckDemand not defined for permissions of different type" );
		        
            if (!demand.IsSubsetOf( this ))
                throw new SecurityException( String.Format( Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName ), demand.GetType(), demand.ToXml().ToString() );
        }
Beispiel #17
0
        internal bool CheckDemandInternal(CodeAccessPermission demand, out Exception exception)
        {
            BCLDebug.Assert(m_head != null,"m_head != null");
            for (PListNode pnext = m_head; pnext != null; pnext = pnext.next)
            {
                if (pnext.perm == null)
                {
                    // If this is a grant set or a permit only, then we should fail since null indicates the empty permission.
                    if (pnext.type == MatchChecked || pnext.type == MatchPermitOnly)
                    {
                        BCLDebug.Assert( !demand.IsSubsetOf( null ), "By the time we get here, demands that are subsets of null should have been terminated" );
                        exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName));
                        return false;
                    }
                    
                    // If this is a deny, then we should fail since null indicates the unrestricted permission.
                    if (pnext.type == MatchDeny)
                    {
                        exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName));
                        return false;
                    }

                    // If this is an assert, then we should return success and terminate the stack walk since
                    // null indicates the unrestricted permission.
                    if (pnext.type == MatchAssert)
                    {
                        exception = null;
                        return false;
                    }

                    // If this is anything else, then we should act confused.
                    // This case is unexpected.
                    BCLDebug.Assert( false, "This case should never happen" );
                    exception = new InvalidOperationException( Environment.GetResourceString( "InvalidOperation_InvalidState" ) );
                    return false;
                }
                
                CodeAccessPermission cap = pnext.perm;
                switch (pnext.type)
                {
                case MatchChecked:
                case MatchPermitOnly:
                    if (!demand.IsSubsetOf(cap))
                    {
                        exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName));
                        return false;
                    }
                    break;
                case MatchAssert:
                    if (demand.IsSubsetOf(cap))
                    {
                        exception = null;
                        return false;
                    }
                    break;
                case MatchDeny:
                    if (demand.Intersect(cap) != null)
                    {
                        exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName));
                        return false;
                    }
                    break;
                default:
                    // Illegal entry
                    exception = new InvalidOperationException( Environment.GetResourceString( "InvalidOperation_InvalidState" ) );
                    return false;
                }
            }

            exception = null;
            return true;
        }
Beispiel #18
0
        internal static int GetSpecialFlags(PermissionSet grantSet, PermissionSet deniedSet)
        {
            if ((grantSet != null && grantSet.IsUnrestricted()) && (deniedSet == null || deniedSet.IsEmpty()))
            {
                return(-1);
            }
            else
            {
                SecurityPermission securityPermission = null;
#pragma warning disable 618
                SecurityPermissionFlag securityPermissionFlags = SecurityPermissionFlag.NoFlags;
#pragma warning restore 618
                ReflectionPermission     reflectionPermission      = null;
                ReflectionPermissionFlag reflectionPermissionFlags = ReflectionPermissionFlag.NoFlags;

                CodeAccessPermission[] specialPermissions = new CodeAccessPermission[6];
                if (grantSet != null)
                {
                    if (grantSet.IsUnrestricted())
                    {
#pragma warning disable 618
                        securityPermissionFlags = SecurityPermissionFlag.AllFlags;
#pragma warning restore 618
                        reflectionPermissionFlags = ReflectionPermission.AllFlagsAndMore;
                        for (int i = 0; i < specialPermissions.Length; i++)
                        {
                            specialPermissions[i] = s_UnrestrictedSpecialPermissionMap[i];
                        }
                    }
                    else
                    {
                        securityPermission = grantSet.GetPermission(BuiltInPermissionIndex.SecurityPermissionIndex) as SecurityPermission;
                        if (securityPermission != null)
                        {
                            securityPermissionFlags = securityPermission.Flags;
                        }
                        reflectionPermission = grantSet.GetPermission(BuiltInPermissionIndex.ReflectionPermissionIndex) as ReflectionPermission;
                        if (reflectionPermission != null)
                        {
                            reflectionPermissionFlags = reflectionPermission.Flags;
                        }
                        for (int i = 0; i < specialPermissions.Length; i++)
                        {
                            specialPermissions[i] = grantSet.GetPermission(s_BuiltInPermissionIndexMap[i][0]) as CodeAccessPermission;
                        }
                    }
                }

                if (deniedSet != null)
                {
                    if (deniedSet.IsUnrestricted())
                    {
#pragma warning disable 618
                        securityPermissionFlags = SecurityPermissionFlag.NoFlags;
#pragma warning restore 618
                        reflectionPermissionFlags = ReflectionPermissionFlag.NoFlags;
                        for (int i = 0; i < s_BuiltInPermissionIndexMap.Length; i++)
                        {
                            specialPermissions[i] = null;
                        }
                    }
                    else
                    {
                        securityPermission = deniedSet.GetPermission(BuiltInPermissionIndex.SecurityPermissionIndex) as SecurityPermission;
                        if (securityPermission != null)
                        {
                            securityPermissionFlags &= ~securityPermission.Flags;
                        }
                        reflectionPermission = deniedSet.GetPermission(BuiltInPermissionIndex.ReflectionPermissionIndex) as ReflectionPermission;
                        if (reflectionPermission != null)
                        {
                            reflectionPermissionFlags &= ~reflectionPermission.Flags;
                        }
                        for (int i = 0; i < s_BuiltInPermissionIndexMap.Length; i++)
                        {
                            CodeAccessPermission deniedSpecialPermission = deniedSet.GetPermission(s_BuiltInPermissionIndexMap[i][0]) as CodeAccessPermission;
                            if (deniedSpecialPermission != null && !deniedSpecialPermission.IsSubsetOf(null))
                            {
                                specialPermissions[i] = null; // we don't care about the exact value here.
                            }
                        }
                    }
                }
                int flags = MapToSpecialFlags(securityPermissionFlags, reflectionPermissionFlags);
                if (flags != -1)
                {
                    for (int i = 0; i < specialPermissions.Length; i++)
                    {
                        if (specialPermissions[i] != null && ((IUnrestrictedPermission)specialPermissions[i]).IsUnrestricted())
                        {
                            flags |= (1 << (int)s_BuiltInPermissionIndexMap[i][1]);
                        }
                    }
                }
                return(flags);
            }
        }
Beispiel #19
0
        internal static int GetSpecialFlags(PermissionSet grantSet, PermissionSet deniedSet)
        {
            if (grantSet != null && grantSet.IsUnrestricted() && (deniedSet == null || deniedSet.IsEmpty()))
            {
                return(-1);
            }
            SecurityPermissionFlag   securityPermissionFlags   = SecurityPermissionFlag.NoFlags;
            ReflectionPermissionFlag reflectionPermissionFlags = ReflectionPermissionFlag.NoFlags;

            CodeAccessPermission[] accessPermissionArray = new CodeAccessPermission[6];
            if (grantSet != null)
            {
                if (grantSet.IsUnrestricted())
                {
                    securityPermissionFlags   = SecurityPermissionFlag.AllFlags;
                    reflectionPermissionFlags = ReflectionPermissionFlag.AllFlags | ReflectionPermissionFlag.RestrictedMemberAccess;
                    for (int index = 0; index < accessPermissionArray.Length; ++index)
                    {
                        accessPermissionArray[index] = SecurityManager.s_UnrestrictedSpecialPermissionMap[index];
                    }
                }
                else
                {
                    SecurityPermission securityPermission = grantSet.GetPermission(6) as SecurityPermission;
                    if (securityPermission != null)
                    {
                        securityPermissionFlags = securityPermission.Flags;
                    }
                    ReflectionPermission reflectionPermission = grantSet.GetPermission(4) as ReflectionPermission;
                    if (reflectionPermission != null)
                    {
                        reflectionPermissionFlags = reflectionPermission.Flags;
                    }
                    for (int index = 0; index < accessPermissionArray.Length; ++index)
                    {
                        accessPermissionArray[index] = grantSet.GetPermission(SecurityManager.s_BuiltInPermissionIndexMap[index][0]) as CodeAccessPermission;
                    }
                }
            }
            if (deniedSet != null)
            {
                if (deniedSet.IsUnrestricted())
                {
                    securityPermissionFlags   = SecurityPermissionFlag.NoFlags;
                    reflectionPermissionFlags = ReflectionPermissionFlag.NoFlags;
                    for (int index = 0; index < SecurityManager.s_BuiltInPermissionIndexMap.Length; ++index)
                    {
                        accessPermissionArray[index] = (CodeAccessPermission)null;
                    }
                }
                else
                {
                    SecurityPermission securityPermission = deniedSet.GetPermission(6) as SecurityPermission;
                    if (securityPermission != null)
                    {
                        securityPermissionFlags &= ~securityPermission.Flags;
                    }
                    ReflectionPermission reflectionPermission = deniedSet.GetPermission(4) as ReflectionPermission;
                    if (reflectionPermission != null)
                    {
                        reflectionPermissionFlags &= ~reflectionPermission.Flags;
                    }
                    for (int index = 0; index < SecurityManager.s_BuiltInPermissionIndexMap.Length; ++index)
                    {
                        CodeAccessPermission accessPermission = deniedSet.GetPermission(SecurityManager.s_BuiltInPermissionIndexMap[index][0]) as CodeAccessPermission;
                        if (accessPermission != null && !accessPermission.IsSubsetOf((IPermission)null))
                        {
                            accessPermissionArray[index] = (CodeAccessPermission)null;
                        }
                    }
                }
            }
            int specialFlags = SecurityManager.MapToSpecialFlags(securityPermissionFlags, reflectionPermissionFlags);

            if (specialFlags != -1)
            {
                for (int index = 0; index < accessPermissionArray.Length; ++index)
                {
                    if (accessPermissionArray[index] != null && ((IUnrestrictedPermission)accessPermissionArray[index]).IsUnrestricted())
                    {
                        specialFlags |= 1 << SecurityManager.s_BuiltInPermissionIndexMap[index][1];
                    }
                }
            }
            return(specialFlags);
        }