private static bool CheckTokenBasedSets(TokenBasedSet thisSet, TokenBasedSet permSet, bool unrestricted, PermissionListSetState state, bool createException, out Exception exception, bool bNeedAlteredSet, out TokenBasedSet alteredSet) { alteredSet = null; // If the set is empty, there is no reason to walk the // stack. if (permSet == null || permSet.FastIsEmpty()) { if (bNeedAlteredSet) { alteredSet = new TokenBasedSet(1, 4); } exception = null; return(false); } int permMaxIndex = permSet.GetMaxUsedIndex(); // Make a quick check to see if permSet definitely contains permissions that this set doesn't if (permMaxIndex > thisSet.GetMaxUsedIndex()) { // The only way we don't want to throw an exception is // if we are unrestricted. Then, if we don't want to throw // an exception we may want to terminate the stack walk // based on an unrestricted assert. if (unrestricted) { if (((state & PermissionListSetState.UnrestrictedAssert) != 0)) { if (bNeedAlteredSet) { alteredSet = new TokenBasedSet(1, 4); } exception = null; return(false); } else { exception = null; return(true); } } else { if (createException) { exception = new SecurityException(Environment.GetResourceString("Security_GenericNoType")); } else { exception = GetStaticException(); } return(false); } } bool continueStackWalk = false; // We know that checking to <permMaxIndex> is sufficient because of above check for (int i = 0; i <= permMaxIndex; i++) { Object obj = permSet.GetItem(i); if (obj != null) { CodeAccessPermission cap = (CodeAccessPermission)obj; PermissionList permList = (PermissionList)thisSet.GetItem(i); if (permList != null) { bool tempContinue = permList.CheckDemandInternal(cap, createException, out exception); if (exception != null) { return(false); } if (tempContinue) { // If we are supposed to continue the stack walk but there is an unrestricted // deny, then we should fail. if (((state & PermissionListSetState.UnrestrictedDeny) != 0) && (cap is IUnrestrictedPermission)) { if (createException) { exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), cap.GetType().AssemblyQualifiedName)); } else { exception = GetStaticException(); } return(false); } continueStackWalk = true; } else if (((state & PermissionListSetState.UnrestrictedAssert) == 0) && (cap is IUnrestrictedPermission)) { // We only want to build the altered set if we don't have an // unrestricted assert because we know if we have an unrestricted // assert and we don't throw an exception that the stackwalk should // include no unrestricted permissions. if (bNeedAlteredSet) { if (alteredSet == null) { alteredSet = CopyTokenBasedSet(permSet); } alteredSet.SetItem(i, null); } } } else { if (!unrestricted) { if (createException) { exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), cap.GetType().AssemblyQualifiedName)); } else { exception = GetStaticException(); } return(false); } } } } exception = null; return(continueStackWalk); }
internal bool CheckDemandInternal(CodeAccessPermission demand, PermissionToken permToken, bool createException, out Exception exception) { BCLDebug.Assert(demand != null, "demand != null"); BCLDebug.Assert(permToken != null, "permToken != null"); // First, find if there is a permission list of this type. PermissionList permList = FindPermissionList(permToken); if (permList != null) { // If so, check against it to determine our action. bool cont = permList.CheckDemandInternal(demand, createException, out exception); // We don't record modifiers for the unrestricted permission set in the // individual lists. Therefore, permList.CheckDemandInternal may say // that we have to continue the stackwalk, but we know better. if (cont && permToken.m_isUnrestricted) { if ((m_state & PermissionListSetState.UnrestrictedDeny) != 0) { if (createException) { exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName)); } else { exception = GetStaticException(); } return(false); } else { cont = cont && ((m_state & PermissionListSetState.UnrestrictedAssert) == 0); } } return(cont); } #if _DEBUG // Let's check to make sure we always pass demands for empty permissions. else if (demand.IsSubsetOf(null)) { BCLDebug.Assert(false, "We should pick of empty demands before this point"); exception = null; return(true); } #endif // If the permission is not unrestricted, the lack of a permission list // denotes that no frame on the stack granted this permission, and therefore // we pass back the failure condition. else if (!permToken.m_isUnrestricted) { if (createException) { exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName)); } else { exception = GetStaticException(); } return(false); } // If this permission list set is not unrestricted and there is no unrestricted assert // then the lack of a permission list denotes that no frame on the stack granted // this permission, and therefore we pass back the failure condition. If there is // an unrestricted assert, then we pass back success and terminate the stack walk. else if (!this.IsUnrestricted()) { if (createException) { exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName)); } else { exception = GetStaticException(); } return(false); } // If we made it all the way through, that means that we are in the unrestricted // state and that this permission is encompassed in that. If we have an unrestricted // assert, we are done with the state walk (return false), otherwise keep going. exception = null; return((m_state & PermissionListSetState.UnrestrictedAssert) == 0); }