private static bool CheckTokenBasedSets(TokenBasedSet thisSet, TokenBasedSet permSet, bool unrestricted, PermissionListSetState state, bool createException, out Exception exception, bool bNeedAlteredSet, out TokenBasedSet alteredSet)
{
alteredSet = null;
// If the set is empty, there is no reason to walk the
// stack.
if (permSet == null || permSet.FastIsEmpty())
{
if (bNeedAlteredSet)
{
alteredSet = new TokenBasedSet(1, 4);
}
exception = null;
return(false);
}
int permMaxIndex = permSet.GetMaxUsedIndex();
// Make a quick check to see if permSet definitely contains permissions that this set doesn't
if (permMaxIndex > thisSet.GetMaxUsedIndex())
{
// The only way we don't want to throw an exception is
// if we are unrestricted. Then, if we don't want to throw
// an exception we may want to terminate the stack walk
// based on an unrestricted assert.
if (unrestricted)
{
if (((state & PermissionListSetState.UnrestrictedAssert) != 0))
{
if (bNeedAlteredSet)
{
alteredSet = new TokenBasedSet(1, 4);
}
exception = null;
return(false);
}
else
{
exception = null;
return(true);
}
}
else
{
if (createException)
{
exception = new SecurityException(Environment.GetResourceString("Security_GenericNoType"));
}
else
{
exception = GetStaticException();
}
return(false);
}
}
bool continueStackWalk = false;
// We know that checking to <permMaxIndex> is sufficient because of above check
for (int i = 0; i <= permMaxIndex; i++)
{
Object obj = permSet.GetItem(i);
if (obj != null)
{
CodeAccessPermission cap = (CodeAccessPermission)obj;
PermissionList permList = (PermissionList)thisSet.GetItem(i);
if (permList != null)
{
bool tempContinue = permList.CheckDemandInternal(cap, createException, out exception);
if (exception != null)
{
return(false);
}
if (tempContinue)
{
// If we are supposed to continue the stack walk but there is an unrestricted
// deny, then we should fail.
if (((state & PermissionListSetState.UnrestrictedDeny) != 0) && (cap is IUnrestrictedPermission))
{
if (createException)
{
exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), cap.GetType().AssemblyQualifiedName));
}
else
{
exception = GetStaticException();
}
return(false);
}
continueStackWalk = true;
}
else if (((state & PermissionListSetState.UnrestrictedAssert) == 0) && (cap is IUnrestrictedPermission))
{
// We only want to build the altered set if we don't have an
// unrestricted assert because we know if we have an unrestricted
// assert and we don't throw an exception that the stackwalk should
// include no unrestricted permissions.
if (bNeedAlteredSet)
{
if (alteredSet == null)
{
alteredSet = CopyTokenBasedSet(permSet);
}
alteredSet.SetItem(i, null);
}
}
}
else
{
if (!unrestricted)
{
if (createException)
{
exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), cap.GetType().AssemblyQualifiedName));
}
else
{
exception = GetStaticException();
}
return(false);
}
}
}
}
exception = null;
return(continueStackWalk);
}
internal bool CheckDemandInternal(CodeAccessPermission demand, PermissionToken permToken, bool createException, out Exception exception)
{
BCLDebug.Assert(demand != null, "demand != null");
BCLDebug.Assert(permToken != null, "permToken != null");
// First, find if there is a permission list of this type.
PermissionList permList = FindPermissionList(permToken);
if (permList != null)
{
// If so, check against it to determine our action.
bool cont = permList.CheckDemandInternal(demand, createException, out exception);
// We don't record modifiers for the unrestricted permission set in the
// individual lists. Therefore, permList.CheckDemandInternal may say
// that we have to continue the stackwalk, but we know better.
if (cont && permToken.m_isUnrestricted)
{
if ((m_state & PermissionListSetState.UnrestrictedDeny) != 0)
{
if (createException)
{
exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName));
}
else
{
exception = GetStaticException();
}
return(false);
}
else
{
cont = cont && ((m_state & PermissionListSetState.UnrestrictedAssert) == 0);
}
}
return(cont);
}
#if _DEBUG
// Let's check to make sure we always pass demands for empty permissions.
else if (demand.IsSubsetOf(null))
{
BCLDebug.Assert(false, "We should pick of empty demands before this point");
exception = null;
return(true);
}
#endif
// If the permission is not unrestricted, the lack of a permission list
// denotes that no frame on the stack granted this permission, and therefore
// we pass back the failure condition.
else if (!permToken.m_isUnrestricted)
{
if (createException)
{
exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName));
}
else
{
exception = GetStaticException();
}
return(false);
}
// If this permission list set is not unrestricted and there is no unrestricted assert
// then the lack of a permission list denotes that no frame on the stack granted
// this permission, and therefore we pass back the failure condition. If there is
// an unrestricted assert, then we pass back success and terminate the stack walk.
else if (!this.IsUnrestricted())
{
if (createException)
{
exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName));
}
else
{
exception = GetStaticException();
}
return(false);
}
// If we made it all the way through, that means that we are in the unrestricted
// state and that this permission is encompassed in that. If we have an unrestricted
// assert, we are done with the state walk (return false), otherwise keep going.
exception = null;
return((m_state & PermissionListSetState.UnrestrictedAssert) == 0);
}
