[System.Security.SecurityCritical] // auto-generated
internal bool CheckSetDemand2(PermissionSet demandSet,
out PermissionSet alteredDemandSet,
RuntimeMethodHandleInternal rmh, bool fDeclarative)
{
PermissionSet permSet;
// In the common case we are not going to alter the demand set, so just to
// be safe we'll set it to null up front.
alteredDemandSet = null;
// There's some oddness in here to deal with exceptions. The general idea behind
// this is that we need some way of dealing with custom permissions that may not
// handle all possible scenarios of Union(), Intersect(), and IsSubsetOf() properly
// (they don't support it, throw null reference exceptions, etc.).
// An empty demand always succeeds.
if (demandSet == null || demandSet.IsEmpty())
{
return(SecurityRuntime.StackHalt);
}
if (GetPermitOnly(fDeclarative) != null)
{
GetPermitOnly(fDeclarative).CheckDecoded(demandSet);
}
if (GetDenials(fDeclarative) != null)
{
GetDenials(fDeclarative).CheckDecoded(demandSet);
}
if (GetAssertions(fDeclarative) != null)
{
GetAssertions(fDeclarative).CheckDecoded(demandSet);
}
bool bThreadSecurity = SecurityManager._SetThreadSecurity(false);
try
{
// In the case of permit only, we define an exception to be failure of the check
// and therefore we throw a security exception.
permSet = GetPermitOnly(fDeclarative);
if (permSet != null)
{
IPermission permFailed = null;
bool bNeedToThrow = true;
try
{
bNeedToThrow = !demandSet.CheckPermitOnly(permSet, out permFailed);
}
catch (ArgumentException)
{
}
if (bNeedToThrow)
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"), null, permSet, SecurityRuntime.GetMethodInfo(rmh), demandSet, permFailed);
}
}
// In the case of denial, we define an exception to be failure of the check
// and therefore we throw a security exception.
permSet = GetDenials(fDeclarative);
if (permSet != null)
{
IPermission permFailed = null;
bool bNeedToThrow = true;
try
{
bNeedToThrow = !demandSet.CheckDeny(permSet, out permFailed);
}
catch (ArgumentException)
{
}
if (bNeedToThrow)
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"), permSet, null, SecurityRuntime.GetMethodInfo(rmh), demandSet, permFailed);
}
}
// The assert case is more complex. Since asserts have the ability to "bleed through"
// (where part of a demand is handled by an assertion, but the rest is passed on to
// continue the stackwalk), we need to be more careful in handling the "failure" case.
// Therefore, if an exception is thrown in performing any operation, we make sure to keep
// that permission in the demand set thereby continuing the demand for that permission
// walking down the stack.
if (GetAssertAllPossible())
{
return(SecurityRuntime.StackHalt);
}
permSet = GetAssertions(fDeclarative);
if (permSet != null)
{
// If this frame asserts a superset of the demand set we're done
if (demandSet.CheckAssertion(permSet))
{
return(SecurityRuntime.StackHalt);
}
// Determine whether any of the demand set asserted. We do this by
// copying the demand set and removing anything in it that is asserted.
if (!permSet.IsUnrestricted())
{
PermissionSet.RemoveAssertedPermissionSet(demandSet, permSet, out alteredDemandSet);
}
}
}
finally
{
if (bThreadSecurity)
{
SecurityManager._SetThreadSecurity(true);
}
}
return(SecurityRuntime.StackContinue);
}
internal bool CheckSetDemand2(PermissionSet demandSet, out PermissionSet alteredDemandSet, RuntimeMethodHandleInternal rmh, bool fDeclarative)
{
alteredDemandSet = null;
if ((demandSet == null) || demandSet.IsEmpty())
{
return(false);
}
if (this.GetPermitOnly(fDeclarative) != null)
{
this.GetPermitOnly(fDeclarative).CheckDecoded(demandSet);
}
if (this.GetDenials(fDeclarative) != null)
{
this.GetDenials(fDeclarative).CheckDecoded(demandSet);
}
if (this.GetAssertions(fDeclarative) != null)
{
this.GetAssertions(fDeclarative).CheckDecoded(demandSet);
}
bool flag = SecurityManager._SetThreadSecurity(false);
try
{
PermissionSet permitOnly = this.GetPermitOnly(fDeclarative);
if (permitOnly != null)
{
IPermission firstPermThatFailed = null;
bool flag2 = true;
try
{
flag2 = !demandSet.CheckPermitOnly(permitOnly, out firstPermThatFailed);
}
catch (ArgumentException)
{
}
if (flag2)
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"), null, permitOnly, SecurityRuntime.GetMethodInfo(rmh), demandSet, firstPermThatFailed);
}
}
permitOnly = this.GetDenials(fDeclarative);
if (permitOnly != null)
{
IPermission permission2 = null;
bool flag3 = true;
try
{
flag3 = !demandSet.CheckDeny(permitOnly, out permission2);
}
catch (ArgumentException)
{
}
if (flag3)
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"), permitOnly, null, SecurityRuntime.GetMethodInfo(rmh), demandSet, permission2);
}
}
if (this.GetAssertAllPossible())
{
return(false);
}
permitOnly = this.GetAssertions(fDeclarative);
if (permitOnly != null)
{
if (demandSet.CheckAssertion(permitOnly))
{
return(false);
}
if (!permitOnly.IsUnrestricted())
{
PermissionSet.RemoveAssertedPermissionSet(demandSet, permitOnly, out alteredDemandSet);
}
}
}
finally
{
if (flag)
{
SecurityManager._SetThreadSecurity(true);
}
}
return(true);
}
[System.Security.SecurityCritical] // auto-generated
internal bool CheckSetDemand2(PermissionSet demandSet,
out PermissionSet alteredDemandSet,
RuntimeMethodHandleInternal rmh, bool fDeclarative)
{
PermissionSet permSet;
// In the common case we are not going to alter the demand set, so just to
// be safe we'll set it to null up front.
alteredDemandSet = null;
// There's some oddness in here to deal with exceptions. The general idea behind
// this is that we need some way of dealing with custom permissions that may not
// handle all possible scenarios of Union(), Intersect(), and IsSubsetOf() properly
// (they don't support it, throw null reference exceptions, etc.).
// An empty demand always succeeds.
if (demandSet == null || demandSet.IsEmpty())
return SecurityRuntime.StackHalt;
if (GetPermitOnly(fDeclarative) != null)
GetPermitOnly(fDeclarative).CheckDecoded( demandSet );
if (GetDenials(fDeclarative) != null)
GetDenials(fDeclarative).CheckDecoded( demandSet );
if (GetAssertions(fDeclarative) != null)
GetAssertions(fDeclarative).CheckDecoded( demandSet );
bool bThreadSecurity = SecurityManager._SetThreadSecurity(false);
try
{
// In the case of permit only, we define an exception to be failure of the check
// and therefore we throw a security exception.
permSet = GetPermitOnly(fDeclarative);
if (permSet != null)
{
IPermission permFailed = null;
bool bNeedToThrow = true;
try
{
bNeedToThrow = !demandSet.CheckPermitOnly(permSet, out permFailed);
}
catch (ArgumentException)
{
}
if (bNeedToThrow)
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"), null, permSet, SecurityRuntime.GetMethodInfo(rmh), demandSet, permFailed);
}
// In the case of denial, we define an exception to be failure of the check
// and therefore we throw a security exception.
permSet = GetDenials(fDeclarative);
if (permSet != null)
{
IPermission permFailed = null;
bool bNeedToThrow = true;
try
{
bNeedToThrow = !demandSet.CheckDeny(permSet, out permFailed);
}
catch (ArgumentException)
{
}
if (bNeedToThrow)
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"), permSet, null, SecurityRuntime.GetMethodInfo(rmh), demandSet, permFailed);
}
// The assert case is more complex. Since asserts have the ability to "bleed through"
// (where part of a demand is handled by an assertion, but the rest is passed on to
// continue the stackwalk), we need to be more careful in handling the "failure" case.
// Therefore, if an exception is thrown in performing any operation, we make sure to keep
// that permission in the demand set thereby continuing the demand for that permission
// walking down the stack.
if (GetAssertAllPossible())
{
return SecurityRuntime.StackHalt;
}
permSet = GetAssertions(fDeclarative);
if (permSet != null)
{
// If this frame asserts a superset of the demand set we're done
if (demandSet.CheckAssertion( permSet ))
return SecurityRuntime.StackHalt;
// Determine whether any of the demand set asserted. We do this by
// copying the demand set and removing anything in it that is asserted.
if (!permSet.IsUnrestricted())
{
PermissionSet.RemoveAssertedPermissionSet(demandSet, permSet, out alteredDemandSet);
}
}
}
finally
{
if (bThreadSecurity)
SecurityManager._SetThreadSecurity(true);
}
return SecurityRuntime.StackContinue;
}
internal bool CheckSetDemand2(PermissionSet demandSet, out PermissionSet alteredDemandSet, RuntimeMethodHandleInternal rmh, bool fDeclarative)
{
alteredDemandSet = null;
if ((demandSet == null) || demandSet.IsEmpty())
{
return false;
}
if (this.GetPermitOnly(fDeclarative) != null)
{
this.GetPermitOnly(fDeclarative).CheckDecoded(demandSet);
}
if (this.GetDenials(fDeclarative) != null)
{
this.GetDenials(fDeclarative).CheckDecoded(demandSet);
}
if (this.GetAssertions(fDeclarative) != null)
{
this.GetAssertions(fDeclarative).CheckDecoded(demandSet);
}
bool flag = SecurityManager._SetThreadSecurity(false);
try
{
PermissionSet permitOnly = this.GetPermitOnly(fDeclarative);
if (permitOnly != null)
{
IPermission firstPermThatFailed = null;
bool flag2 = true;
try
{
flag2 = !demandSet.CheckPermitOnly(permitOnly, out firstPermThatFailed);
}
catch (ArgumentException)
{
}
if (flag2)
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"), null, permitOnly, SecurityRuntime.GetMethodInfo(rmh), demandSet, firstPermThatFailed);
}
}
permitOnly = this.GetDenials(fDeclarative);
if (permitOnly != null)
{
IPermission permission2 = null;
bool flag3 = true;
try
{
flag3 = !demandSet.CheckDeny(permitOnly, out permission2);
}
catch (ArgumentException)
{
}
if (flag3)
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"), permitOnly, null, SecurityRuntime.GetMethodInfo(rmh), demandSet, permission2);
}
}
if (this.GetAssertAllPossible())
{
return false;
}
permitOnly = this.GetAssertions(fDeclarative);
if (permitOnly != null)
{
if (demandSet.CheckAssertion(permitOnly))
{
return false;
}
if (!permitOnly.IsUnrestricted())
{
PermissionSet.RemoveAssertedPermissionSet(demandSet, permitOnly, out alteredDemandSet);
}
}
}
finally
{
if (flag)
{
SecurityManager._SetThreadSecurity(true);
}
}
return true;
}