internal void MergeDeniedSet(PermissionSet denied)
 {
     if (((denied != null) && !denied.FastIsEmpty()) && !this.FastIsEmpty())
     {
         this.m_CheckedForNonCas = false;
         if ((this.m_permSet != null) && (denied.m_permSet != null))
         {
             int num = (denied.m_permSet.GetMaxUsedIndex() > this.m_permSet.GetMaxUsedIndex()) ? this.m_permSet.GetMaxUsedIndex() : denied.m_permSet.GetMaxUsedIndex();
             for (int i = 0; i <= num; i++)
             {
                 IPermission item = denied.m_permSet.GetItem(i) as IPermission;
                 if (item != null)
                 {
                     IPermission permission2 = this.m_permSet.GetItem(i) as IPermission;
                     if ((permission2 == null) && !this.m_Unrestricted)
                     {
                         denied.m_permSet.SetItem(i, null);
                     }
                     else if (((permission2 != null) && (item != null)) && permission2.IsSubsetOf(item))
                     {
                         this.m_permSet.SetItem(i, null);
                         denied.m_permSet.SetItem(i, null);
                     }
                 }
             }
         }
     }
 }
 internal bool CheckDeny(PermissionSet deniedSet, out IPermission firstPermThatFailed)
 {
     firstPermThatFailed = null;
     if (((deniedSet != null) && !deniedSet.FastIsEmpty()) && !this.FastIsEmpty())
     {
         if (this.m_Unrestricted && deniedSet.m_Unrestricted)
         {
             return false;
         }
         PermissionSetEnumeratorInternal internal2 = new PermissionSetEnumeratorInternal(this);
         while (internal2.MoveNext())
         {
             CodeAccessPermission current = internal2.Current as CodeAccessPermission;
             if ((current != null) && !current.IsSubsetOf(null))
             {
                 if (deniedSet.m_Unrestricted)
                 {
                     firstPermThatFailed = current;
                     return false;
                 }
                 CodeAccessPermission permission = (CodeAccessPermission) deniedSet.GetPermission(internal2.GetCurrentIndex());
                 if (!current.CheckDeny(permission))
                 {
                     firstPermThatFailed = current;
                     return false;
                 }
             }
         }
         if (this.m_Unrestricted)
         {
             PermissionSetEnumeratorInternal internal3 = new PermissionSetEnumeratorInternal(deniedSet);
             while (internal3.MoveNext())
             {
                 if (internal3.Current is IPermission)
                 {
                     return false;
                 }
             }
         }
     }
     return true;
 }
Beispiel #3
0
        internal void InplaceIntersect( PermissionSet other )
        {
            Exception savedException = null;
        
            m_CheckedForNonCas = false;
            
            if (this == other)
                return;
            
            if (other == null || other.FastIsEmpty())
            {
                // If the other is empty or null, make this empty.
                Reset();
                return;
            }

            if (this.FastIsEmpty())
                return;

            int maxMax = this.m_permSet == null ? -1 : this.m_permSet.GetMaxUsedIndex();
            int otherMax = other.m_permSet == null ? -1 : other.m_permSet.GetMaxUsedIndex();

            if (this.IsUnrestricted() && maxMax < otherMax)
            {
                maxMax = otherMax;
                this.CheckSet();
            }
                
            if (other.IsUnrestricted())
            {
                other.CheckSet();
            }
                
            for (int i = 0; i <= maxMax; ++i)
            {
                Object thisObj = this.m_permSet.GetItem( i );
                IPermission thisPerm = thisObj as IPermission;

                Object otherObj = other.m_permSet.GetItem( i );
                IPermission otherPerm = otherObj as IPermission;

                if (thisObj == null && otherObj == null)
                    continue;

                if (thisObj == null)
                {
                    // There is no object in <this>, so intersection is empty except for IUnrestrictedPermissions
                    if (this.IsUnrestricted())
                    {
                        {
                            PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i );
                            if ((token.m_type & PermissionTokenType.IUnrestricted) != 0)
                            {
                                this.m_permSet.SetItem( i, otherPerm.Copy() );
                                Debug.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" );
                            }
                        }
                    }
                }
                else if (otherObj == null)
                {
                    if (other.IsUnrestricted())
                    {
                        {
                            PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i );
                            if ((token.m_type & PermissionTokenType.IUnrestricted) == 0)
                                this.m_permSet.SetItem( i, null );
                        }
                    }
                    else
                    {
                        this.m_permSet.SetItem( i, null );
                    }
                }
                else
                {
                    try
                    {
                        IPermission intersectPerm;
                        if (thisPerm == null)
                            intersectPerm = otherPerm;
                        else if(otherPerm == null)
                            intersectPerm = thisPerm;
                        else
                            intersectPerm = thisPerm.Intersect( otherPerm );
                        this.m_permSet.SetItem( i, intersectPerm );
                    }
                    catch (Exception e)
                    {
                        if (savedException == null)
                            savedException = e;
                    }
                }
            }

            this.m_Unrestricted = this.m_Unrestricted && other.m_Unrestricted;

            if (savedException != null)
                throw savedException;
        }
        internal bool IsSubsetOfHelper(PermissionSet target, IsSubsetOfType type, out IPermission firstPermThatFailed, bool ignoreNonCas)
        {
            firstPermThatFailed = null;
            if ((target == null) || target.FastIsEmpty())
            {
                if (this.IsEmpty())
                {
                    return true;
                }
                firstPermThatFailed = this.GetFirstPerm();
                return false;
            }
            if (this.IsUnrestricted() && !target.IsUnrestricted())
            {
                return false;
            }
            if (this.m_permSet != null)
            {
                target.CheckSet();
                for (int i = this.m_permSet.GetStartingIndex(); i <= this.m_permSet.GetMaxUsedIndex(); i++)
                {
                    IPermission permission = this.GetPermission(i);
                    if ((permission != null) && !permission.IsSubsetOf(null))
                    {
                        IPermission permission2 = target.GetPermission(i);
                        if (!target.m_Unrestricted)
                        {
                            CodeAccessPermission permission3 = permission as CodeAccessPermission;
                            if (permission3 == null)
                            {
                                if (!ignoreNonCas && !permission.IsSubsetOf(permission2))
                                {
                                    firstPermThatFailed = permission;
                                    return false;
                                }
                                continue;
                            }
                            firstPermThatFailed = permission;
                            switch (type)
                            {
                                case IsSubsetOfType.Normal:
                                    if (permission.IsSubsetOf(permission2))
                                    {
                                        break;
                                    }
                                    return false;

                                case IsSubsetOfType.CheckDemand:
                                    if (permission3.CheckDemand((CodeAccessPermission) permission2))
                                    {
                                        break;
                                    }
                                    return false;

                                case IsSubsetOfType.CheckPermitOnly:
                                    if (permission3.CheckPermitOnly((CodeAccessPermission) permission2))
                                    {
                                        break;
                                    }
                                    return false;

                                case IsSubsetOfType.CheckAssertion:
                                    if (permission3.CheckAssert((CodeAccessPermission) permission2))
                                    {
                                        break;
                                    }
                                    return false;
                            }
                            firstPermThatFailed = null;
                        }
                    }
                }
            }
            return true;
        }
Beispiel #5
0
        internal bool IsSubsetOfHelper(PermissionSet target, IsSubsetOfType type, out IPermission firstPermThatFailed, bool ignoreNonCas)
        {
    #if _DEBUG
            if (debug)     
                DEBUG_WRITE("IsSubsetOf\n" +
                            "Other:\n" +
                            (target == null ? "<null>" : target.ToString()) +
                            "\nMe:\n" +
                            ToString());
    #endif
    
            firstPermThatFailed = null;
            if (target == null || target.FastIsEmpty())
            {
                if(this.IsEmpty())
                    return true;
                else
                {
                    firstPermThatFailed = GetFirstPerm();
                    return false;
                }
            }
            else if (this.IsUnrestricted() && !target.IsUnrestricted())
                return false;
            else if (this.m_permSet == null)
                return true;
            else
            {
                target.CheckSet();

                for (int i = m_permSet.GetStartingIndex(); i <= this.m_permSet.GetMaxUsedIndex(); ++i)
                {
                    IPermission thisPerm = this.GetPermission(i);
                    if (thisPerm == null || thisPerm.IsSubsetOf(null))
                        continue;

                    IPermission targetPerm = target.GetPermission(i);
#if _DEBUG                    
                    PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i );
                    Contract.Assert(targetPerm == null || (token.m_type & PermissionTokenType.DontKnow) == 0, "Token not properly initialized");
#endif

                    if (target.m_Unrestricted)
                        continue;

                    // targetPerm can be null here, but that is fine since it thisPerm is a subset
                    // of empty/null then we can continue in the loop.
                    CodeAccessPermission cap = thisPerm as CodeAccessPermission;
                    if(cap == null)
                    {
                        if (!ignoreNonCas && !thisPerm.IsSubsetOf( targetPerm ))
                        {
                            firstPermThatFailed = thisPerm;
                            return false;
                        }
                    }
                    else
                    {
                        firstPermThatFailed = thisPerm;
                        switch(type)
                        {
                        case IsSubsetOfType.Normal:
                            if (!thisPerm.IsSubsetOf( targetPerm ))
                                return false;
                            break;
                        case IsSubsetOfType.CheckDemand:
                            if (!cap.CheckDemand( (CodeAccessPermission)targetPerm ))
                                return false;
                            break;
                        case IsSubsetOfType.CheckPermitOnly:
                            if (!cap.CheckPermitOnly( (CodeAccessPermission)targetPerm ))
                                return false;
                            break;
                        case IsSubsetOfType.CheckAssertion:
                            if (!cap.CheckAssert( (CodeAccessPermission)targetPerm ))
                                return false;
                            break;
                        }
                        firstPermThatFailed = null;
                    }
                }
            }

            return true;
        }
Beispiel #6
0
        internal void InplaceIntersect( PermissionSet other )
        {
            Exception savedException = null;
        
            m_CheckedForNonCas = false;
            
            if (this == other)
                return;
            
            if (other == null || other.FastIsEmpty())
            {
                // If the other is empty or null, make this empty.
                Reset();
                return;
            }

            if (this.FastIsEmpty())
                return;

            int maxMax = this.m_permSet == null ? -1 : this.m_permSet.GetMaxUsedIndex();
            int otherMax = other.m_permSet == null ? -1 : other.m_permSet.GetMaxUsedIndex();

            if (this.IsUnrestricted() && maxMax < otherMax)
            {
                maxMax = otherMax;
                this.CheckSet();
            }
                
            if (other.IsUnrestricted())
            {
                other.CheckSet();
            }
                
            for (int i = 0; i <= maxMax; ++i)
            {
                Object thisObj = this.m_permSet.GetItem( i );
                IPermission thisPerm = thisObj as IPermission;
#if FEATURE_CAS_POLICY
                ISecurityElementFactory thisElem = thisObj as ISecurityElementFactory;
#endif // FEATURE_CAS_POLICY

                Object otherObj = other.m_permSet.GetItem( i );
                IPermission otherPerm = otherObj as IPermission;
#if FEATURE_CAS_POLICY
                ISecurityElementFactory otherElem = otherObj as ISecurityElementFactory;
#endif // FEATURE_CAS_POLICY

                if (thisObj == null && otherObj == null)
                    continue;

#if FEATURE_CAS_POLICY
                if (thisElem != null && otherElem != null)
                {
                    // If we already have an intersection node, just add another child
                    if (thisElem.GetTag().Equals( s_str_PermissionIntersection ) ||
                        thisElem.GetTag().Equals( s_str_PermissionUnrestrictedIntersection ))
                    {
                        Contract.Assert( thisElem is SecurityElement, "SecurityElement expected" );
                        SafeChildAdd( (SecurityElement)thisElem, otherElem, true );
                    }
                    // If either set is unrestricted, intersect the nodes unrestricted
                    else
                    {
                        bool copyOther = true;
                        if (this.IsUnrestricted())
                        {
                            SecurityElement newElemUU = new SecurityElement( s_str_PermissionUnrestrictedUnion );
                            newElemUU.AddAttribute( "class", thisElem.Attribute( "class" ) );
                            SafeChildAdd( newElemUU, thisElem, false );
                            thisElem = newElemUU;
                        }
                        if (other.IsUnrestricted())
                        {
                            SecurityElement newElemUU = new SecurityElement( s_str_PermissionUnrestrictedUnion );
                            newElemUU.AddAttribute( "class", otherElem.Attribute( "class" ) );
                            SafeChildAdd( newElemUU, otherElem, true );
                            otherElem = newElemUU;
                            copyOther = false;
                        }
                        
                        SecurityElement newElem = new SecurityElement( s_str_PermissionIntersection );
                        newElem.AddAttribute( "class", thisElem.Attribute( "class" ) );
                        
                        SafeChildAdd( newElem, thisElem, false );
                        SafeChildAdd( newElem, otherElem, copyOther );
                        this.m_permSet.SetItem( i, newElem );
                    }
                }
                else
#endif // FEATURE_CAS_POLICY
                if (thisObj == null)
                {
                    // There is no object in <this>, so intersection is empty except for IUnrestrictedPermissions
                    if (this.IsUnrestricted())
                    {
#if FEATURE_CAS_POLICY
                        if (otherElem != null)
                        {
                            SecurityElement newElem = new SecurityElement( s_str_PermissionUnrestrictedIntersection );
                            newElem.AddAttribute( "class", otherElem.Attribute( "class" ) );
                            SafeChildAdd( newElem, otherElem, true );
                            this.m_permSet.SetItem( i, newElem );
                            Contract.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" );
                        }
                        else
#endif // FEATURE_CAS_POLICY
                        {
                            PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i );
                            if ((token.m_type & PermissionTokenType.IUnrestricted) != 0)
                            {
                                this.m_permSet.SetItem( i, otherPerm.Copy() );
                                Contract.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" );
                            }
                        }
                    }
                }
                else if (otherObj == null)
                {
                    if (other.IsUnrestricted())
                    {
#if FEATURE_CAS_POLICY
                        if (thisElem != null)
                        {
                            SecurityElement newElem = new SecurityElement( s_str_PermissionUnrestrictedIntersection );
                            newElem.AddAttribute( "class", thisElem.Attribute( "class" ) );
                            SafeChildAdd( newElem, thisElem, false );
                            this.m_permSet.SetItem( i, newElem );
                        }
                        else
#endif // FEATURE_CAS_POLICY
                        {
                            PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i );
                            if ((token.m_type & PermissionTokenType.IUnrestricted) == 0)
                                this.m_permSet.SetItem( i, null );
                        }
                    }
                    else
                    {
                        this.m_permSet.SetItem( i, null );
                    }
                }
                else
                {
#if FEATURE_CAS_POLICY
                    if (thisElem != null)
                        thisPerm = this.CreatePermission(thisElem, i);
                    if (otherElem != null)
                        otherPerm = other.CreatePermission(otherElem, i);
#endif // FEATURE_CAS_POLICY

                    try
                    {
                        IPermission intersectPerm;
                        if (thisPerm == null)
                            intersectPerm = otherPerm;
                        else if(otherPerm == null)
                            intersectPerm = thisPerm;
                        else
                            intersectPerm = thisPerm.Intersect( otherPerm );
                        this.m_permSet.SetItem( i, intersectPerm );
                    }
                    catch (Exception e)
                    {
                        if (savedException == null)
                            savedException = e;
                    }
                }
            }

            this.m_Unrestricted = this.m_Unrestricted && other.m_Unrestricted;

            if (savedException != null)
                throw savedException;
        }
        internal PermissionSet CodeGroupResolve(Evidence evidence, bool systemPolicy)
        {
            Contract.Assert(AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled);

            PermissionSet   grant = null;
            PolicyStatement policy;
            PolicyLevel     currentLevel = null;

            IEnumerator levelEnumerator = PolicyLevels.GetEnumerator();

            // We're optimized for standard policy, where the only evidence that is generally evaluated are
            // Zone, StrongName and Url.  Since all of these are relatively inexpensive, we'll force them to
            // generate, then use that as a key into the cache.
            evidence.GetHostEvidence <Zone>();
            evidence.GetHostEvidence <StrongName>();
            evidence.GetHostEvidence <Url>();
            byte[] serializedEvidence = evidence.RawSerialize();
            int    count = evidence.RawCount;

            bool legacyIgnoreSystemPolicy = (AppDomain.CurrentDomain.GetData("IgnoreSystemPolicy") != null);
            bool testApplicationLevels    = false;

            while (levelEnumerator.MoveNext())
            {
                currentLevel = (PolicyLevel)levelEnumerator.Current;
                if (systemPolicy)
                {
                    if (currentLevel.Type == PolicyLevelType.AppDomain)
                    {
                        continue;
                    }
                }
                else if (legacyIgnoreSystemPolicy && currentLevel.Type != PolicyLevelType.AppDomain)
                {
                    continue;
                }

                policy = currentLevel.Resolve(evidence, count, serializedEvidence);

                // If the grant is "AllPossible", the intersection is just the other permission set.
                // Otherwise, do an inplace intersection (since we know we can alter the grant set since
                // it is a copy of the first policy statement's permission set).

                if (grant == null)
                {
                    grant = policy.PermissionSet;
                }
                else
                {
                    grant.InplaceIntersect(policy.GetPermissionSetNoCopy());
                }

                if (grant == null || grant.FastIsEmpty())
                {
                    break;
                }
                else if ((policy.Attributes & PolicyStatementAttribute.LevelFinal) == PolicyStatementAttribute.LevelFinal)
                {
                    if (currentLevel.Type != PolicyLevelType.AppDomain)
                    {
                        testApplicationLevels = true;
                    }
                    break;
                }
            }

            if (grant != null && testApplicationLevels)
            {
                PolicyLevel appDomainLevel = null;

                for (int i = PolicyLevels.Count - 1; i >= 0; --i)
                {
                    currentLevel = (PolicyLevel)PolicyLevels[i];
                    if (currentLevel.Type == PolicyLevelType.AppDomain)
                    {
                        appDomainLevel = currentLevel;
                        break;
                    }
                }

                if (appDomainLevel != null)
                {
                    policy = appDomainLevel.Resolve(evidence, count, serializedEvidence);
                    grant.InplaceIntersect(policy.GetPermissionSetNoCopy());
                }
            }

            if (grant == null)
            {
                grant = new PermissionSet(PermissionState.None);
            }

            // Each piece of evidence can possibly create an identity permission that we
            // need to add to our grant set.  Therefore, for all pieces of evidence that
            // implement the IIdentityPermissionFactory interface, ask it for its
            // adjoining identity permission and add it to the grant.

            if (!grant.IsUnrestricted())
            {
                IEnumerator enumerator = evidence.GetHostEnumerator();
                while (enumerator.MoveNext())
                {
                    Object obj = enumerator.Current;
                    IIdentityPermissionFactory factory = obj as IIdentityPermissionFactory;
                    if (factory != null)
                    {
                        IPermission perm = factory.CreateIdentityPermission(evidence);
                        if (perm != null)
                        {
                            grant.AddPermission(perm);
                        }
                    }
                }
            }

            grant.IgnoreTypeLoadFailures = true;
            return(grant);
        }
Beispiel #8
0
        public PermissionSet Union(PermissionSet other)
        {
            // if other is null or empty, return a clone of myself
            if (other == null || other.FastIsEmpty())
            {
                return this.Copy();
            }
            
            if (this.FastIsEmpty())
            {
                return other.Copy();
            }

            int maxMax = -1;

            PermissionSet pset = new PermissionSet();
            pset.m_Unrestricted = this.m_Unrestricted || other.m_Unrestricted;
            if (pset.m_Unrestricted)
            {
                // if the result of Union is unrestricted permset, just return
                return pset;
            }
            
            // degenerate case where we look at both this.m_permSet and other.m_permSet
            this.CheckSet();
            other.CheckSet();
            maxMax = this.m_permSet.GetMaxUsedIndex() > other.m_permSet.GetMaxUsedIndex() ? this.m_permSet.GetMaxUsedIndex() : other.m_permSet.GetMaxUsedIndex();
            pset.m_permSet = new TokenBasedSet();



            for (int i = 0; i <= maxMax; ++i)
            {
                Object thisObj = this.m_permSet.GetItem( i );
                IPermission thisPerm = thisObj as IPermission;
#if FEATURE_CAS_POLICY
                ISecurityElementFactory thisElem = thisObj as ISecurityElementFactory;
#endif // FEATURE_CAS_POLICY

                Object otherObj = other.m_permSet.GetItem( i );
                IPermission otherPerm = otherObj as IPermission;
#if FEATURE_CAS_POLICY
                ISecurityElementFactory otherElem = otherObj as ISecurityElementFactory;
#endif // FEATURE_CAS_POLICY

                if (thisObj == null && otherObj == null)
                    continue;

#if FEATURE_CAS_POLICY
                if (thisElem != null && otherElem != null)
                {
                    SecurityElement newElem;
                    if (this.IsUnrestricted() || other.IsUnrestricted())
                        newElem = new SecurityElement( s_str_PermissionUnrestrictedUnion );
                    else
                        newElem = new SecurityElement( s_str_PermissionUnion );
                    newElem.AddAttribute( "class", thisElem.Attribute( "class" ) );
                    SafeChildAdd( newElem, thisElem, true );
                    SafeChildAdd( newElem, otherElem, true );
                    pset.m_permSet.SetItem( i, newElem );
                }
                else
#endif // FEATURE_CAS_POLICY
                if (thisObj == null)
                {
#if FEATURE_CAS_POLICY
                    if (otherElem != null)
                    {
                        pset.m_permSet.SetItem( i, otherElem.Copy() );
                        Contract.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" );
                    }
                    else
#endif // FEATURE_CAS_POLICY
                    if (otherPerm != null)
                    {
                        PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i );
                        if (((token.m_type & PermissionTokenType.IUnrestricted) == 0) || !pset.m_Unrestricted)
                        {
                            pset.m_permSet.SetItem( i, otherPerm.Copy() );
                            Contract.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" );
                        }
                    }
                }
                else if (otherObj == null)
                {
#if FEATURE_CAS_POLICY
                    if (thisElem != null)
                    {
                        pset.m_permSet.SetItem( i, thisElem.Copy() );
                    }
                    else
#endif // FEATURE_CAS_POLICY
                    if (thisPerm != null)
                    {
                        PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i );
                        if (((token.m_type & PermissionTokenType.IUnrestricted) == 0) || !pset.m_Unrestricted)
                        {
                            pset.m_permSet.SetItem( i, thisPerm.Copy() );
                            Contract.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" );
                        }
                    }
                }
                else
                {
#if FEATURE_CAS_POLICY
                    if (thisElem != null)
                        thisPerm = this.CreatePermission(thisElem, i);
                    if (otherElem != null)
                        otherPerm = other.CreatePermission(otherElem, i);
#endif // FEATURE_CAS_POLICY

                    IPermission unionPerm;
                    if(thisPerm == null)
                        unionPerm = otherPerm;
                    else if(otherPerm == null)
                        unionPerm = thisPerm;
                    else
                        unionPerm = thisPerm.Union( otherPerm );
                    pset.m_permSet.SetItem( i, unionPerm );
                    Contract.Assert( unionPerm == null || PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" );
                }
            }
            
            return pset;
        }
        internal PermissionSet CodeGroupResolve(Evidence evidence, bool systemPolicy)
        {
            PermissionSet permissionSet = null;
            PolicyLevel   current       = null;
            IEnumerator   enumerator    = this.PolicyLevels.GetEnumerator();

            evidence.GetHostEvidence <Zone>();
            evidence.GetHostEvidence <StrongName>();
            evidence.GetHostEvidence <Url>();
            byte[] serializedEvidence = evidence.RawSerialize();
            int    rawCount           = evidence.RawCount;
            bool   flag  = AppDomain.CurrentDomain.GetData("IgnoreSystemPolicy") != null;
            bool   flag2 = false;

            while (enumerator.MoveNext())
            {
                PolicyStatement statement;
                current = (PolicyLevel)enumerator.Current;
                if (systemPolicy)
                {
                    if (current.Type != PolicyLevelType.AppDomain)
                    {
                        goto Label_0078;
                    }
                    continue;
                }
                if (flag && (current.Type != PolicyLevelType.AppDomain))
                {
                    continue;
                }
Label_0078:
                statement = current.Resolve(evidence, rawCount, serializedEvidence);
                if (permissionSet == null)
                {
                    permissionSet = statement.PermissionSet;
                }
                else
                {
                    permissionSet.InplaceIntersect(statement.GetPermissionSetNoCopy());
                }
                if ((permissionSet == null) || permissionSet.FastIsEmpty())
                {
                    break;
                }
                if ((statement.Attributes & PolicyStatementAttribute.LevelFinal) == PolicyStatementAttribute.LevelFinal)
                {
                    if (current.Type != PolicyLevelType.AppDomain)
                    {
                        flag2 = true;
                    }
                    break;
                }
            }
            if ((permissionSet != null) && flag2)
            {
                PolicyLevel level2 = null;
                for (int i = this.PolicyLevels.Count - 1; i >= 0; i--)
                {
                    current = (PolicyLevel)this.PolicyLevels[i];
                    if (current.Type == PolicyLevelType.AppDomain)
                    {
                        level2 = current;
                        break;
                    }
                }
                if (level2 != null)
                {
                    permissionSet.InplaceIntersect(level2.Resolve(evidence, rawCount, serializedEvidence).GetPermissionSetNoCopy());
                }
            }
            if (permissionSet == null)
            {
                permissionSet = new PermissionSet(PermissionState.None);
            }
            if (!permissionSet.IsUnrestricted())
            {
                IEnumerator hostEnumerator = evidence.GetHostEnumerator();
                while (hostEnumerator.MoveNext())
                {
                    object obj2 = hostEnumerator.Current;
                    IIdentityPermissionFactory factory = obj2 as IIdentityPermissionFactory;
                    if (factory != null)
                    {
                        IPermission perm = factory.CreateIdentityPermission(evidence);
                        if (perm != null)
                        {
                            permissionSet.AddPermission(perm);
                        }
                    }
                }
            }
            permissionSet.IgnoreTypeLoadFailures = true;
            return(permissionSet);
        }
        public PermissionSet Union(PermissionSet other)
        {
            // if other is null or empty, return a clone of myself
            if (other == null || other.FastIsEmpty())
            {
                return this.Copy();
            }
            
            if (this.FastIsEmpty())
            {
                return other.Copy();
            }

            int maxMax = -1;

            PermissionSet pset = new PermissionSet();
            pset.m_Unrestricted = this.m_Unrestricted || other.m_Unrestricted;
            if (pset.m_Unrestricted)
            {
                if (CodeAccessSecurityEngine.DoesFullTrustMeanFullTrust())
                {
                    // FullTrustMeansFullTrust is on...so if the result of Union is unrestricted permset, just return
                    return pset;
                }
                if (this.m_canUnrestrictedOverride && other.m_canUnrestrictedOverride)
                {
                    // Only unrestricted override-able permissions in both this and other ...again, we can return just an unrestricted pset
                    return pset;
                }
                if (other.m_canUnrestrictedOverride)
                {
                    // Only unrestricted override-able permissions in other...cannot null pset.m_permSet, but don't look at other.m_permSet
                    // just copy over this.m_permSet
                    pset.m_permSet = (this.m_permSet != null)? new TokenBasedSet(this.m_permSet): null;
                    return pset;
                }
            }
            
            // degenerate case where we look at both this.m_permSet and other.m_permSet
            this.CheckSet();
            other.CheckSet();
            maxMax = this.m_permSet.GetMaxUsedIndex() > other.m_permSet.GetMaxUsedIndex() ? this.m_permSet.GetMaxUsedIndex() : other.m_permSet.GetMaxUsedIndex();
            pset.m_permSet = new TokenBasedSet();



            for (int i = 0; i <= maxMax; ++i)
            {
                Object thisObj = this.m_permSet.GetItem( i );
                IPermission thisPerm = thisObj as IPermission;
                ISecurityElementFactory thisElem = thisObj as ISecurityElementFactory;
                
                Object otherObj = other.m_permSet.GetItem( i );
                IPermission otherPerm = otherObj as IPermission;
                ISecurityElementFactory otherElem = otherObj as ISecurityElementFactory;

                if (thisObj == null && otherObj == null)
                    continue;

                if (thisElem != null && otherElem != null)
                {
                    SecurityElement newElem;
                    if (this.IsUnrestricted() || other.IsUnrestricted())
                        newElem = new SecurityElement( s_str_PermissionUnrestrictedUnion );
                    else
                        newElem = new SecurityElement( s_str_PermissionUnion );
                    newElem.AddAttribute( "class", thisElem.Attribute( "class" ) );
                    SafeChildAdd( newElem, thisElem, true );
                    SafeChildAdd( newElem, otherElem, true );
                    pset.m_permSet.SetItem( i, newElem );
                }
                else if (thisObj == null)
                {
                    if (otherElem != null)
                    {
                        pset.m_permSet.SetItem( i, otherElem.Copy() );
                        BCLDebug.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" );
                    }
                    else if (otherPerm != null)
                    {
                        PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i );
                        if (((token.m_type & PermissionTokenType.IUnrestricted) == 0) || !pset.m_Unrestricted)
                        {
                            pset.m_permSet.SetItem( i, otherPerm.Copy() );
                            BCLDebug.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" );
                        }
                    }
                }
                else if (otherObj == null)
                {
                    if (thisElem != null)
                    {
                        pset.m_permSet.SetItem( i, thisElem.Copy() );
                    }
                    else if (thisPerm != null)
                    {
                        PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i );
                        if (((token.m_type & PermissionTokenType.IUnrestricted) == 0) || !pset.m_Unrestricted)
                        {
                            pset.m_permSet.SetItem( i, thisPerm.Copy() );
                            BCLDebug.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" );
                        }
                    }
                }
                else
                {
                    if (thisElem != null)
                        thisPerm = this.CreatePermission(thisElem, i);
                    if (otherElem != null)
                        otherPerm = other.CreatePermission(otherElem, i);

                    IPermission unionPerm;
                    if(thisPerm == null)
                        unionPerm = otherPerm;
                    else if(otherPerm == null)
                        unionPerm = thisPerm;
                    else
                        unionPerm = thisPerm.Union( otherPerm );
                    pset.m_permSet.SetItem( i, unionPerm );
                    BCLDebug.Assert( unionPerm == null || PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" );
                }
            }
            
            return pset;
        }
Beispiel #11
0
        public PermissionSet Union(PermissionSet other)
        {
            // if other is null or empty, return a clone of myself
            if (other == null || other.FastIsEmpty())
            {
                return this.Copy();
            }
            
            if (this.FastIsEmpty())
            {
                return other.Copy();
            }

            int maxMax = -1;

            PermissionSet pset = new PermissionSet();
            pset.m_Unrestricted = this.m_Unrestricted || other.m_Unrestricted;
            if (pset.m_Unrestricted)
            {
                // if the result of Union is unrestricted permset, just return
                return pset;
            }
            
            // degenerate case where we look at both this.m_permSet and other.m_permSet
            this.CheckSet();
            other.CheckSet();
            maxMax = this.m_permSet.GetMaxUsedIndex() > other.m_permSet.GetMaxUsedIndex() ? this.m_permSet.GetMaxUsedIndex() : other.m_permSet.GetMaxUsedIndex();
            pset.m_permSet = new TokenBasedSet();



            for (int i = 0; i <= maxMax; ++i)
            {
                Object thisObj = this.m_permSet.GetItem( i );
                IPermission thisPerm = thisObj as IPermission;

                Object otherObj = other.m_permSet.GetItem( i );
                IPermission otherPerm = otherObj as IPermission;

                if (thisObj == null && otherObj == null)
                    continue;

                if (thisObj == null)
                {
                    if (otherPerm != null)
                    {
                        PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i );
                        if (((token.m_type & PermissionTokenType.IUnrestricted) == 0) || !pset.m_Unrestricted)
                        {
                            pset.m_permSet.SetItem( i, otherPerm.Copy() );
                            Debug.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" );
                        }
                    }
                }
                else if (otherObj == null)
                {
                    if (thisPerm != null)
                    {
                        PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i );
                        if (((token.m_type & PermissionTokenType.IUnrestricted) == 0) || !pset.m_Unrestricted)
                        {
                            pset.m_permSet.SetItem( i, thisPerm.Copy() );
                            Debug.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" );
                        }
                    }
                }
                else
                {
                    IPermission unionPerm;
                    if(thisPerm == null)
                        unionPerm = otherPerm;
                    else if(otherPerm == null)
                        unionPerm = thisPerm;
                    else
                        unionPerm = thisPerm.Union( otherPerm );
                    pset.m_permSet.SetItem( i, unionPerm );
                    Debug.Assert( unionPerm == null || PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" );
                }
            }

            return pset;
        }
Beispiel #12
0
        internal void InplaceUnion( PermissionSet other )
        {
            // Unions the "other" PermissionSet into this one.  It can be optimized to do less copies than
            // need be done by the traditional union (and we don't have to create a new PermissionSet).
            
            if (this == other)
                return;
            
            // Quick out conditions, union doesn't change this PermissionSet
            if (other == null || other.FastIsEmpty())
                return;

            m_CheckedForNonCas = false;

            this.m_Unrestricted = this.m_Unrestricted || other.m_Unrestricted;

            if (this.m_Unrestricted)
            {
                // if the result of Union is unrestricted permset, null the m_permSet member
                this.m_permSet = null;
                return;
            }


            // If we reach here, result of Union is not unrestricted
            // We have to union "normal" permission no matter what now.
            int maxMax = -1;            
            if (other.m_permSet != null)
            {
                maxMax = other.m_permSet.GetMaxUsedIndex();
                this.CheckSet();
            }
            // Save exceptions until the end
            Exception savedException = null;

            for (int i = 0; i <= maxMax; ++i)
            {
                Object thisObj = this.m_permSet.GetItem( i );
                IPermission thisPerm = thisObj as IPermission;

                Object otherObj = other.m_permSet.GetItem( i );
                IPermission otherPerm = otherObj as IPermission;

                if (thisObj == null && otherObj == null)
                    continue;

                if (thisObj == null)
                {
                    if (otherPerm != null)
                    {
                        PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i );
                        if (((token.m_type & PermissionTokenType.IUnrestricted) == 0) || !this.m_Unrestricted)
                        {
                            this.m_permSet.SetItem( i, otherPerm.Copy() );
                        }
                    }
                }
                else if (otherObj == null)
                {
                    continue;
                }
                else
                {
                    try
                    {
                        IPermission unionPerm;
                        if(thisPerm == null)
                            unionPerm = otherPerm;
                        else if(otherPerm == null)
                            unionPerm = thisPerm;
                        else
                            unionPerm = thisPerm.Union( otherPerm );
                        this.m_permSet.SetItem( i, unionPerm );
                    }
                    catch (Exception e)
                    {
                        if (savedException == null)
                            savedException = e;
                    }
                }
            }
            
            if (savedException != null)
                throw savedException;
        }
Beispiel #13
0
        public PermissionSet Intersect(PermissionSet other)
        {
            if (other == null || other.FastIsEmpty() || this.FastIsEmpty())
            {
                return null;
            }

            int thisMax = this.m_permSet == null ? -1 : this.m_permSet.GetMaxUsedIndex();
            int otherMax = other.m_permSet == null ? -1 : other.m_permSet.GetMaxUsedIndex();
            int minMax = thisMax < otherMax ? thisMax : otherMax;

            if (this.IsUnrestricted() && minMax < otherMax)
            {
                minMax = otherMax;
                this.CheckSet();
            }

            if (other.IsUnrestricted() && minMax < thisMax)
            {
                minMax = thisMax;
                other.CheckSet();
            }

            PermissionSet pset = new PermissionSet( false );

            if (minMax > -1)
            {
                pset.m_permSet = new TokenBasedSet();
            }

            for (int i = 0; i <= minMax; ++i)
            {
                Object thisObj = this.m_permSet.GetItem( i );
                IPermission thisPerm = thisObj as IPermission;
                Object otherObj = other.m_permSet.GetItem( i );
                IPermission otherPerm = otherObj as IPermission;

                if (thisObj == null && otherObj == null)
                    continue;

                if (thisObj == null)
                {
                    if (this.m_Unrestricted)
                    {
                        if (otherPerm != null)
                        {
                            PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i );
                            if ((token.m_type & PermissionTokenType.IUnrestricted) != 0)
                            {
                                pset.m_permSet.SetItem( i, otherPerm.Copy() );
                                Debug.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" );
                            }
                        }
                    }
                }
                else if (otherObj == null)
                {
                    if (other.m_Unrestricted)
                    {
                        if (thisPerm != null)
                        {
                            PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i );
                            if ((token.m_type & PermissionTokenType.IUnrestricted) != 0)
                            {
                                pset.m_permSet.SetItem( i, thisPerm.Copy() );
                                Debug.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" );
                            }
                        }
                    }
                }
                else
                {
                    IPermission intersectPerm;
                    if (thisPerm == null)
                        intersectPerm = otherPerm;
                    else if(otherPerm == null)
                        intersectPerm = thisPerm;
                    else
                        intersectPerm = thisPerm.Intersect( otherPerm );
                    pset.m_permSet.SetItem( i, intersectPerm );
                    Debug.Assert( intersectPerm == null || PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" );
                }
            }

            pset.m_Unrestricted = this.m_Unrestricted && other.m_Unrestricted;
            if (pset.FastIsEmpty())
                return null;
            else
                return pset;
        }
 public PermissionSet Union(PermissionSet other)
 {
     if ((other == null) || other.FastIsEmpty())
     {
         return this.Copy();
     }
     if (this.FastIsEmpty())
     {
         return other.Copy();
     }
     int num = -1;
     PermissionSet set = new PermissionSet {
         m_Unrestricted = this.m_Unrestricted || other.m_Unrestricted
     };
     if (!set.m_Unrestricted)
     {
         this.CheckSet();
         other.CheckSet();
         num = (this.m_permSet.GetMaxUsedIndex() > other.m_permSet.GetMaxUsedIndex()) ? this.m_permSet.GetMaxUsedIndex() : other.m_permSet.GetMaxUsedIndex();
         set.m_permSet = new TokenBasedSet();
         for (int i = 0; i <= num; i++)
         {
             object item = this.m_permSet.GetItem(i);
             IPermission permission = item as IPermission;
             ISecurityElementFactory child = item as ISecurityElementFactory;
             object obj3 = other.m_permSet.GetItem(i);
             IPermission target = obj3 as IPermission;
             ISecurityElementFactory factory2 = obj3 as ISecurityElementFactory;
             if ((item != null) || (obj3 != null))
             {
                 if ((child != null) && (factory2 != null))
                 {
                     SecurityElement element;
                     if (this.IsUnrestricted() || other.IsUnrestricted())
                     {
                         element = new SecurityElement("PermissionUnrestrictedUnion");
                     }
                     else
                     {
                         element = new SecurityElement("PermissionUnion");
                     }
                     element.AddAttribute("class", child.Attribute("class"));
                     SafeChildAdd(element, child, true);
                     SafeChildAdd(element, factory2, true);
                     set.m_permSet.SetItem(i, element);
                 }
                 else if (item == null)
                 {
                     if (factory2 != null)
                     {
                         set.m_permSet.SetItem(i, factory2.Copy());
                     }
                     else if (target != null)
                     {
                         PermissionToken token = (PermissionToken) PermissionToken.s_tokenSet.GetItem(i);
                         if (((token.m_type & PermissionTokenType.IUnrestricted) == 0) || !set.m_Unrestricted)
                         {
                             set.m_permSet.SetItem(i, target.Copy());
                         }
                     }
                 }
                 else if (obj3 == null)
                 {
                     if (child != null)
                     {
                         set.m_permSet.SetItem(i, child.Copy());
                     }
                     else if (permission != null)
                     {
                         PermissionToken token2 = (PermissionToken) PermissionToken.s_tokenSet.GetItem(i);
                         if (((token2.m_type & PermissionTokenType.IUnrestricted) == 0) || !set.m_Unrestricted)
                         {
                             set.m_permSet.SetItem(i, permission.Copy());
                         }
                     }
                 }
                 else
                 {
                     IPermission permission3;
                     if (child != null)
                     {
                         permission = this.CreatePermission(child, i);
                     }
                     if (factory2 != null)
                     {
                         target = other.CreatePermission(factory2, i);
                     }
                     if (permission == null)
                     {
                         permission3 = target;
                     }
                     else if (target == null)
                     {
                         permission3 = permission;
                     }
                     else
                     {
                         permission3 = permission.Union(target);
                     }
                     set.m_permSet.SetItem(i, permission3);
                 }
             }
         }
     }
     return set;
 }
Beispiel #15
0
        internal PermissionSet CodeGroupResolve(Evidence evidence, bool systemPolicy)
        {
            PermissionSet   grant = null;
            PolicyStatement policy;
            PolicyLevel     currentLevel = null;

            IEnumerator levelEnumerator = PolicyLevels.GetEnumerator();

            char[] serializedEvidence = MakeEvidenceArray(evidence, false);
            int    count = evidence.Count;

            bool legacyIgnoreSystemPolicy = (AppDomain.CurrentDomain.GetData("IgnoreSystemPolicy") != null);
            bool testApplicationLevels    = false;

            while (levelEnumerator.MoveNext())
            {
                currentLevel = (PolicyLevel)levelEnumerator.Current;
                if (systemPolicy)
                {
                    if (currentLevel.Type == PolicyLevelType.AppDomain)
                    {
                        continue;
                    }
                }
                else if (legacyIgnoreSystemPolicy && currentLevel.Type != PolicyLevelType.AppDomain)
                {
                    continue;
                }

                policy = currentLevel.Resolve(evidence, count, serializedEvidence);

                // If the grant is "AllPossible", the intersection is just the other permission set.
                // Otherwise, do an inplace intersection (since we know we can alter the grant set since
                // it is a copy of the first policy statement's permission set).

                if (grant == null)
                {
                    grant = policy.PermissionSet;
                }
                else
                {
                    grant.InplaceIntersect(policy.GetPermissionSetNoCopy());
                }

                if (grant == null || grant.FastIsEmpty())
                {
                    break;
                }
                else if ((policy.Attributes & PolicyStatementAttribute.LevelFinal) == PolicyStatementAttribute.LevelFinal)
                {
                    if (currentLevel.Type != PolicyLevelType.AppDomain)
                    {
                        testApplicationLevels = true;
                    }
                    break;
                }
            }

            if (grant != null && testApplicationLevels)
            {
                PolicyLevel appDomainLevel = null;

                for (int i = PolicyLevels.Count - 1; i >= 0; --i)
                {
                    currentLevel = (PolicyLevel)PolicyLevels[i];
                    if (currentLevel.Type == PolicyLevelType.AppDomain)
                    {
                        appDomainLevel = currentLevel;
                        break;
                    }
                }

                if (appDomainLevel != null)
                {
                    policy = appDomainLevel.Resolve(evidence, count, serializedEvidence);
                    grant.InplaceIntersect(policy.GetPermissionSetNoCopy());
                }
            }

            if (grant == null)
            {
                grant = new PermissionSet(PermissionState.None);
            }

            // Each piece of evidence can possibly create an identity permission that we
            // need to add to our grant set.  Therefore, for all pieces of evidence that
            // implement the IIdentityPermissionFactory interface, ask it for its
            // adjoining identity permission and add it to the grant.

            if (!CodeAccessSecurityEngine.DoesFullTrustMeanFullTrust() || !grant.IsUnrestricted())
            {
                IEnumerator enumerator = evidence.GetHostEnumerator();
                while (enumerator.MoveNext())
                {
                    Object obj = enumerator.Current;
                    IIdentityPermissionFactory factory = obj as IIdentityPermissionFactory;
                    if (factory != null)
                    {
                        IPermission perm = factory.CreateIdentityPermission(evidence);
                        if (perm != null)
                        {
                            grant.AddPermission(perm);
                        }
                    }
                }
            }

            grant.IgnoreTypeLoadFailures = true;
            return(grant);
        }
Beispiel #16
0
        internal void InplaceUnion( PermissionSet other )
        {
            // Unions the "other" PermissionSet into this one.  It can be optimized to do less copies than
            // need be done by the traditional union (and we don't have to create a new PermissionSet).
            
            if (this == other)
                return;
            
            // Quick out conditions, union doesn't change this PermissionSet
            if (other == null || other.FastIsEmpty())
                return;
    
    
            m_CheckedForNonCas = false;
            


                
            this.m_Unrestricted = this.m_Unrestricted || other.m_Unrestricted;

            if (this.m_Unrestricted)
            {
                // if the result of Union is unrestricted permset, null the m_permSet member
                this.m_permSet = null;
                return;
            }


            // If we reach here, result of Union is not unrestricted
            // We have to union "normal" permission no matter what now.
            int maxMax = -1;            
            if (other.m_permSet != null)
            {
                maxMax = other.m_permSet.GetMaxUsedIndex();                        
                this.CheckSet();
            }
            // Save exceptions until the end
            Exception savedException = null;

            for (int i = 0; i <= maxMax; ++i)
            {
                Object thisObj = this.m_permSet.GetItem( i );
                IPermission thisPerm = thisObj as IPermission;
#if FEATURE_CAS_POLICY
                ISecurityElementFactory thisElem = thisObj as ISecurityElementFactory;
#endif // FEATURE_CAS_POLICY

                Object otherObj = other.m_permSet.GetItem( i );
                IPermission otherPerm = otherObj as IPermission;
#if FEATURE_CAS_POLICY
                ISecurityElementFactory otherElem = otherObj as ISecurityElementFactory;
#endif // FEATURE_CAS_POLICY

                if (thisObj == null && otherObj == null)
                    continue;

#if FEATURE_CAS_POLICY
                if (thisElem != null && otherElem != null)
                {
                    if (thisElem.GetTag().Equals( s_str_PermissionUnion ) ||
                        thisElem.GetTag().Equals( s_str_PermissionUnrestrictedUnion ))
                    {
                        Contract.Assert( thisElem is SecurityElement, "SecurityElement expected" );
                        SafeChildAdd( (SecurityElement)thisElem, otherElem, true );
                    }
                    else
                    {
                        SecurityElement newElem;
                        if (this.IsUnrestricted() || other.IsUnrestricted())
                            newElem = new SecurityElement( s_str_PermissionUnrestrictedUnion );
                        else
                            newElem = new SecurityElement( s_str_PermissionUnion );
                        newElem.AddAttribute( "class", thisElem.Attribute( "class" ) );
                        SafeChildAdd( newElem, thisElem, false );
                        SafeChildAdd( newElem, otherElem, true );
                        this.m_permSet.SetItem( i, newElem );
                    }
                }
                else
#endif // FEATURE_CAS_POLICY
                if (thisObj == null)
                {
#if FEATURE_CAS_POLICY
                    if (otherElem != null)
                    {
                        this.m_permSet.SetItem( i, otherElem.Copy() );
                    }
                    else
#endif // FEATURE_CAS_POLICY
                    if (otherPerm != null)
                    {
                        PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i );
                        if (((token.m_type & PermissionTokenType.IUnrestricted) == 0) || !this.m_Unrestricted)
                        {
                            this.m_permSet.SetItem( i, otherPerm.Copy() );
                        }
                    }
                }
                else if (otherObj == null)
                {
                    continue;
                }
                else
                {
#if FEATURE_CAS_POLICY
                    if (thisElem != null)
                        thisPerm = this.CreatePermission(thisElem, i);
                    if (otherElem != null)
                        otherPerm = other.CreatePermission(otherElem, i);
#endif // FEATURE_CAS_POLICY

                    try
                    {
                        IPermission unionPerm;
                        if(thisPerm == null)
                            unionPerm = otherPerm;
                        else if(otherPerm == null)
                            unionPerm = thisPerm;
                        else
                            unionPerm = thisPerm.Union( otherPerm );
                        this.m_permSet.SetItem( i, unionPerm );
                    }
                    catch (Exception e)
                    {
                        if (savedException == null)
                            savedException = e;
                    }
                }
            }
            
            if (savedException != null)
                throw savedException;
        }
 internal void InplaceIntersect(PermissionSet other)
 {
     Exception exception = null;
     this.m_CheckedForNonCas = false;
     if (this != other)
     {
         if ((other == null) || other.FastIsEmpty())
         {
             this.Reset();
         }
         else if (!this.FastIsEmpty())
         {
             int num = (this.m_permSet == null) ? -1 : this.m_permSet.GetMaxUsedIndex();
             int num2 = (other.m_permSet == null) ? -1 : other.m_permSet.GetMaxUsedIndex();
             if (this.IsUnrestricted() && (num < num2))
             {
                 num = num2;
                 this.CheckSet();
             }
             if (other.IsUnrestricted())
             {
                 other.CheckSet();
             }
             for (int i = 0; i <= num; i++)
             {
                 object item = this.m_permSet.GetItem(i);
                 IPermission permission = item as IPermission;
                 ISecurityElementFactory child = item as ISecurityElementFactory;
                 object obj3 = other.m_permSet.GetItem(i);
                 IPermission target = obj3 as IPermission;
                 ISecurityElementFactory factory2 = obj3 as ISecurityElementFactory;
                 if ((item != null) || (obj3 != null))
                 {
                     if ((child != null) && (factory2 != null))
                     {
                         if (child.GetTag().Equals("PermissionIntersection") || child.GetTag().Equals("PermissionUnrestrictedIntersection"))
                         {
                             SafeChildAdd((SecurityElement) child, factory2, true);
                         }
                         else
                         {
                             bool copy = true;
                             if (this.IsUnrestricted())
                             {
                                 SecurityElement element = new SecurityElement("PermissionUnrestrictedUnion");
                                 element.AddAttribute("class", child.Attribute("class"));
                                 SafeChildAdd(element, child, false);
                                 child = element;
                             }
                             if (other.IsUnrestricted())
                             {
                                 SecurityElement element2 = new SecurityElement("PermissionUnrestrictedUnion");
                                 element2.AddAttribute("class", factory2.Attribute("class"));
                                 SafeChildAdd(element2, factory2, true);
                                 factory2 = element2;
                                 copy = false;
                             }
                             SecurityElement parent = new SecurityElement("PermissionIntersection");
                             parent.AddAttribute("class", child.Attribute("class"));
                             SafeChildAdd(parent, child, false);
                             SafeChildAdd(parent, factory2, copy);
                             this.m_permSet.SetItem(i, parent);
                         }
                     }
                     else if (item == null)
                     {
                         if (this.IsUnrestricted())
                         {
                             if (factory2 != null)
                             {
                                 SecurityElement element4 = new SecurityElement("PermissionUnrestrictedIntersection");
                                 element4.AddAttribute("class", factory2.Attribute("class"));
                                 SafeChildAdd(element4, factory2, true);
                                 this.m_permSet.SetItem(i, element4);
                             }
                             else
                             {
                                 PermissionToken token = (PermissionToken) PermissionToken.s_tokenSet.GetItem(i);
                                 if ((token.m_type & PermissionTokenType.IUnrestricted) != 0)
                                 {
                                     this.m_permSet.SetItem(i, target.Copy());
                                 }
                             }
                         }
                     }
                     else if (obj3 == null)
                     {
                         if (other.IsUnrestricted())
                         {
                             if (child != null)
                             {
                                 SecurityElement element5 = new SecurityElement("PermissionUnrestrictedIntersection");
                                 element5.AddAttribute("class", child.Attribute("class"));
                                 SafeChildAdd(element5, child, false);
                                 this.m_permSet.SetItem(i, element5);
                             }
                             else
                             {
                                 PermissionToken token2 = (PermissionToken) PermissionToken.s_tokenSet.GetItem(i);
                                 if ((token2.m_type & PermissionTokenType.IUnrestricted) == 0)
                                 {
                                     this.m_permSet.SetItem(i, null);
                                 }
                             }
                         }
                         else
                         {
                             this.m_permSet.SetItem(i, null);
                         }
                     }
                     else
                     {
                         if (child != null)
                         {
                             permission = this.CreatePermission(child, i);
                         }
                         if (factory2 != null)
                         {
                             target = other.CreatePermission(factory2, i);
                         }
                         try
                         {
                             IPermission permission3;
                             if (permission == null)
                             {
                                 permission3 = target;
                             }
                             else if (target == null)
                             {
                                 permission3 = permission;
                             }
                             else
                             {
                                 permission3 = permission.Intersect(target);
                             }
                             this.m_permSet.SetItem(i, permission3);
                         }
                         catch (Exception exception2)
                         {
                             if (exception == null)
                             {
                                 exception = exception2;
                             }
                         }
                     }
                 }
             }
             this.m_Unrestricted = this.m_Unrestricted && other.m_Unrestricted;
             if (exception != null)
             {
                 throw exception;
             }
         }
     }
 }
Beispiel #18
0
        // Treating the current permission set as a grant set, and the input set as
        // a set of permissions to be denied, try to cancel out as many permissions
        // from both sets as possible. For a first cut, any granted permission that
        // is a safe subset of the corresponding denied permission can result in
        // that permission being removed from both sides.

        internal void MergeDeniedSet(PermissionSet denied)
        {
            if (denied == null || denied.FastIsEmpty() || this.FastIsEmpty())
                return;

            m_CheckedForNonCas = false;

            // Check for the unrestricted case: FastIsEmpty() will return false if the PSet is unrestricted, but has no items
            if (this.m_permSet == null || denied.m_permSet == null)
                return; //nothing can be removed

            int maxIndex = denied.m_permSet.GetMaxUsedIndex() > this.m_permSet.GetMaxUsedIndex() ? this.m_permSet.GetMaxUsedIndex() : denied.m_permSet.GetMaxUsedIndex();
            for (int i = 0; i <= maxIndex; ++i) {
                IPermission deniedPerm = denied.m_permSet.GetItem(i) as IPermission;
                if (deniedPerm == null)
                    continue;

                IPermission thisPerm = this.m_permSet.GetItem(i) as IPermission;

                if (thisPerm == null && !this.m_Unrestricted) {
                    denied.m_permSet.SetItem(i, null);
                    continue;
                }

                if (thisPerm != null && deniedPerm != null) {
                    if (thisPerm.IsSubsetOf(deniedPerm)) {
                        this.m_permSet.SetItem(i, null);
                        denied.m_permSet.SetItem(i, null);
                    }
                }
            }
        }
 internal void InplaceUnion(PermissionSet other)
 {
     if ((this != other) && ((other != null) && !other.FastIsEmpty()))
     {
         this.m_CheckedForNonCas = false;
         this.m_Unrestricted = this.m_Unrestricted || other.m_Unrestricted;
         if (this.m_Unrestricted)
         {
             this.m_permSet = null;
         }
         else
         {
             int maxUsedIndex = -1;
             if (other.m_permSet != null)
             {
                 maxUsedIndex = other.m_permSet.GetMaxUsedIndex();
                 this.CheckSet();
             }
             Exception exception = null;
             for (int i = 0; i <= maxUsedIndex; i++)
             {
                 object item = this.m_permSet.GetItem(i);
                 IPermission permission = item as IPermission;
                 ISecurityElementFactory child = item as ISecurityElementFactory;
                 object obj3 = other.m_permSet.GetItem(i);
                 IPermission target = obj3 as IPermission;
                 ISecurityElementFactory factory2 = obj3 as ISecurityElementFactory;
                 if ((item != null) || (obj3 != null))
                 {
                     if ((child != null) && (factory2 != null))
                     {
                         if (child.GetTag().Equals("PermissionUnion") || child.GetTag().Equals("PermissionUnrestrictedUnion"))
                         {
                             SafeChildAdd((SecurityElement) child, factory2, true);
                         }
                         else
                         {
                             SecurityElement element;
                             if (this.IsUnrestricted() || other.IsUnrestricted())
                             {
                                 element = new SecurityElement("PermissionUnrestrictedUnion");
                             }
                             else
                             {
                                 element = new SecurityElement("PermissionUnion");
                             }
                             element.AddAttribute("class", child.Attribute("class"));
                             SafeChildAdd(element, child, false);
                             SafeChildAdd(element, factory2, true);
                             this.m_permSet.SetItem(i, element);
                         }
                     }
                     else if (item == null)
                     {
                         if (factory2 != null)
                         {
                             this.m_permSet.SetItem(i, factory2.Copy());
                         }
                         else if (target != null)
                         {
                             PermissionToken token = (PermissionToken) PermissionToken.s_tokenSet.GetItem(i);
                             if (((token.m_type & PermissionTokenType.IUnrestricted) == 0) || !this.m_Unrestricted)
                             {
                                 this.m_permSet.SetItem(i, target.Copy());
                             }
                         }
                     }
                     else if (obj3 != null)
                     {
                         if (child != null)
                         {
                             permission = this.CreatePermission(child, i);
                         }
                         if (factory2 != null)
                         {
                             target = other.CreatePermission(factory2, i);
                         }
                         try
                         {
                             IPermission permission3;
                             if (permission == null)
                             {
                                 permission3 = target;
                             }
                             else if (target == null)
                             {
                                 permission3 = permission;
                             }
                             else
                             {
                                 permission3 = permission.Union(target);
                             }
                             this.m_permSet.SetItem(i, permission3);
                         }
                         catch (Exception exception2)
                         {
                             if (exception == null)
                             {
                                 exception = exception2;
                             }
                         }
                     }
                 }
             }
             if (exception != null)
             {
                 throw exception;
             }
         }
     }
 }
Beispiel #20
0
        internal bool CheckDeny(PermissionSet deniedSet, out IPermission firstPermThatFailed)
        {
            firstPermThatFailed = null;
            if (deniedSet == null || deniedSet.FastIsEmpty() || this.FastIsEmpty())
                return true;

            if(this.m_Unrestricted && deniedSet.m_Unrestricted)
                return false;

            CodeAccessPermission permThis, permThat;
            PermissionSetEnumeratorInternal enumThis = new PermissionSetEnumeratorInternal(this);

            while (enumThis.MoveNext())
            {
                permThis = enumThis.Current as CodeAccessPermission;
                if(permThis == null || permThis.IsSubsetOf(null))
                    continue; // ignore non-CAS permissions in the grant set.
                if (deniedSet.m_Unrestricted)
                {
                    firstPermThatFailed = permThis;
                    return false;
                }
                permThat = (CodeAccessPermission)deniedSet.GetPermission(enumThis.GetCurrentIndex());
                if (!permThis.CheckDeny(permThat))
                {
                    firstPermThatFailed = permThis;
                    return false;
                }
            }
            if(this.m_Unrestricted)
            {
                PermissionSetEnumeratorInternal enumThat = new PermissionSetEnumeratorInternal(deniedSet);
                while (enumThat.MoveNext())
                {
                    if(enumThat.Current is IPermission)
                        return false;
                }
            }
            return true;
        }
 public PermissionSet Intersect(PermissionSet other)
 {
     if (((other == null) || other.FastIsEmpty()) || this.FastIsEmpty())
     {
         return null;
     }
     int num = (this.m_permSet == null) ? -1 : this.m_permSet.GetMaxUsedIndex();
     int num2 = (other.m_permSet == null) ? -1 : other.m_permSet.GetMaxUsedIndex();
     int num3 = (num < num2) ? num : num2;
     if (this.IsUnrestricted() && (num3 < num2))
     {
         num3 = num2;
         this.CheckSet();
     }
     if (other.IsUnrestricted() && (num3 < num))
     {
         num3 = num;
         other.CheckSet();
     }
     PermissionSet set = new PermissionSet(false);
     if (num3 > -1)
     {
         set.m_permSet = new TokenBasedSet();
     }
     for (int i = 0; i <= num3; i++)
     {
         object item = this.m_permSet.GetItem(i);
         IPermission permission = item as IPermission;
         ISecurityElementFactory child = item as ISecurityElementFactory;
         object obj3 = other.m_permSet.GetItem(i);
         IPermission target = obj3 as IPermission;
         ISecurityElementFactory factory2 = obj3 as ISecurityElementFactory;
         if ((item != null) || (obj3 != null))
         {
             if ((child != null) && (factory2 != null))
             {
                 bool copy = true;
                 bool flag2 = true;
                 SecurityElement parent = new SecurityElement("PermissionIntersection");
                 parent.AddAttribute("class", factory2.Attribute("class"));
                 if (this.IsUnrestricted())
                 {
                     SecurityElement element2 = new SecurityElement("PermissionUnrestrictedUnion");
                     element2.AddAttribute("class", child.Attribute("class"));
                     SafeChildAdd(element2, child, true);
                     flag2 = false;
                     child = element2;
                 }
                 if (other.IsUnrestricted())
                 {
                     SecurityElement element3 = new SecurityElement("PermissionUnrestrictedUnion");
                     element3.AddAttribute("class", factory2.Attribute("class"));
                     SafeChildAdd(element3, factory2, true);
                     copy = false;
                     factory2 = element3;
                 }
                 SafeChildAdd(parent, factory2, copy);
                 SafeChildAdd(parent, child, flag2);
                 set.m_permSet.SetItem(i, parent);
             }
             else if (item == null)
             {
                 if (this.m_Unrestricted)
                 {
                     if (factory2 != null)
                     {
                         SecurityElement element4 = new SecurityElement("PermissionUnrestrictedIntersection");
                         element4.AddAttribute("class", factory2.Attribute("class"));
                         SafeChildAdd(element4, factory2, true);
                         set.m_permSet.SetItem(i, element4);
                     }
                     else if (target != null)
                     {
                         PermissionToken token = (PermissionToken) PermissionToken.s_tokenSet.GetItem(i);
                         if ((token.m_type & PermissionTokenType.IUnrestricted) != 0)
                         {
                             set.m_permSet.SetItem(i, target.Copy());
                         }
                     }
                 }
             }
             else if (obj3 == null)
             {
                 if (other.m_Unrestricted)
                 {
                     if (child != null)
                     {
                         SecurityElement element5 = new SecurityElement("PermissionUnrestrictedIntersection");
                         element5.AddAttribute("class", child.Attribute("class"));
                         SafeChildAdd(element5, child, true);
                         set.m_permSet.SetItem(i, element5);
                     }
                     else if (permission != null)
                     {
                         PermissionToken token2 = (PermissionToken) PermissionToken.s_tokenSet.GetItem(i);
                         if ((token2.m_type & PermissionTokenType.IUnrestricted) != 0)
                         {
                             set.m_permSet.SetItem(i, permission.Copy());
                         }
                     }
                 }
             }
             else
             {
                 IPermission permission3;
                 if (child != null)
                 {
                     permission = this.CreatePermission(child, i);
                 }
                 if (factory2 != null)
                 {
                     target = other.CreatePermission(factory2, i);
                 }
                 if (permission == null)
                 {
                     permission3 = target;
                 }
                 else if (target == null)
                 {
                     permission3 = permission;
                 }
                 else
                 {
                     permission3 = permission.Intersect(target);
                 }
                 set.m_permSet.SetItem(i, permission3);
             }
         }
     }
     set.m_Unrestricted = this.m_Unrestricted && other.m_Unrestricted;
     if (set.FastIsEmpty())
     {
         return null;
     }
     return set;
 }
Beispiel #22
0
        public PermissionSet Intersect(PermissionSet other)
        {
            if (other == null || other.FastIsEmpty() || this.FastIsEmpty())
            {
                return null;
            }

            int thisMax = this.m_permSet == null ? -1 : this.m_permSet.GetMaxUsedIndex();
            int otherMax = other.m_permSet == null ? -1 : other.m_permSet.GetMaxUsedIndex();
            int minMax = thisMax < otherMax ? thisMax : otherMax;

            if (this.IsUnrestricted() && minMax < otherMax)
            {
                minMax = otherMax;
                this.CheckSet();
            }

            if (other.IsUnrestricted() && minMax < thisMax)
            {
                minMax = thisMax;
                other.CheckSet();
            }

            PermissionSet pset = new PermissionSet( false );

            if (minMax > -1)
            {
                pset.m_permSet = new TokenBasedSet();
            }

            for (int i = 0; i <= minMax; ++i)
            {
                Object thisObj = this.m_permSet.GetItem( i );
                IPermission thisPerm = thisObj as IPermission;
#if FEATURE_CAS_POLICY
                ISecurityElementFactory thisElem = thisObj as ISecurityElementFactory;
#endif // FEATURE_CAS_POLICY

                Object otherObj = other.m_permSet.GetItem( i );
                IPermission otherPerm = otherObj as IPermission;
#if FEATURE_CAS_POLICY
                ISecurityElementFactory otherElem = otherObj as ISecurityElementFactory;
#endif // FEATURE_CAS_POLICY

                if (thisObj == null && otherObj == null)
                    continue;

#if FEATURE_CAS_POLICY
                if (thisElem != null && otherElem != null)
                {
                    bool copyOther = true;
                    bool copyThis = true;
                    SecurityElement newElem = new SecurityElement( s_str_PermissionIntersection );
                    newElem.AddAttribute( "class", otherElem.Attribute( "class" ) );
                    if (this.IsUnrestricted())
                    {
                        SecurityElement newElemUU = new SecurityElement( s_str_PermissionUnrestrictedUnion );
                        newElemUU.AddAttribute( "class", thisElem.Attribute( "class" ) );
                        SafeChildAdd( newElemUU, thisElem, true );
                        copyThis = false;
                        thisElem = newElemUU;
                    }
                    if (other.IsUnrestricted())
                    {
                        SecurityElement newElemUU = new SecurityElement( s_str_PermissionUnrestrictedUnion );
                        newElemUU.AddAttribute( "class", otherElem.Attribute( "class" ) );
                        SafeChildAdd( newElemUU, otherElem, true );
                        copyOther = false;
                        otherElem = newElemUU;
                    }

                    SafeChildAdd( newElem, otherElem, copyOther );
                    SafeChildAdd( newElem, thisElem, copyThis );
                    pset.m_permSet.SetItem( i, newElem );
                }
                else
#endif // FEATURE_CAS_POLICY
                if (thisObj == null)
                {
                    if (this.m_Unrestricted)
                    {
#if FEATURE_CAS_POLICY
                        if (otherElem != null)
                        {
                            SecurityElement newElem = new SecurityElement( s_str_PermissionUnrestrictedIntersection );
                            newElem.AddAttribute( "class", otherElem.Attribute( "class" ) );
                            SafeChildAdd( newElem, otherElem, true );
                            pset.m_permSet.SetItem( i, newElem );
                            Contract.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" );
                        }
                        else
#endif // FEATURE_CAS_POLICY
                        if (otherPerm != null)
                        {
                            PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i );
                            if ((token.m_type & PermissionTokenType.IUnrestricted) != 0)
                            {
                                pset.m_permSet.SetItem( i, otherPerm.Copy() );
                                Contract.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" );
                            }
                        }
                    }
                }
                else if (otherObj == null)
                {
                    if (other.m_Unrestricted)
                    {
#if FEATURE_CAS_POLICY
                        if (thisElem != null)
                        {
                            SecurityElement newElem = new SecurityElement( s_str_PermissionUnrestrictedIntersection );
                            newElem.AddAttribute( "class", thisElem.Attribute( "class" ) );
                            SafeChildAdd( newElem, thisElem, true );
                            pset.m_permSet.SetItem( i, newElem );
                            Contract.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" );
                        }
                        else
#endif // FEATURE_CAS_POLICY
                        if (thisPerm != null)
                        {
                            PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i );
                            if ((token.m_type & PermissionTokenType.IUnrestricted) != 0)
                            {
                                pset.m_permSet.SetItem( i, thisPerm.Copy() );
                                Contract.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" );
                            }
                        }
                    }
                }
                else
                {
#if FEATURE_CAS_POLICY
                    if (thisElem != null)
                        thisPerm = this.CreatePermission(thisElem, i);
                    if (otherElem != null)
                        otherPerm = other.CreatePermission(otherElem, i);
#endif // FEATURE_CAS_POLICY

                    IPermission intersectPerm;
                    if (thisPerm == null)
                        intersectPerm = otherPerm;
                    else if(otherPerm == null)
                        intersectPerm = thisPerm;
                    else
                        intersectPerm = thisPerm.Intersect( otherPerm );
                    pset.m_permSet.SetItem( i, intersectPerm );
                    Contract.Assert( intersectPerm == null || PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" );
                }
            }

            pset.m_Unrestricted = this.m_Unrestricted && other.m_Unrestricted;
            if (pset.FastIsEmpty())
                return null;
            else
                return pset;
        }
Beispiel #23
0
        internal PermissionSet CodeGroupResolve(Evidence evidence, bool systemPolicy)
        {
            PermissionSet permissionSet = (PermissionSet)null;
            IEnumerator   enumerator    = this.PolicyLevels.GetEnumerator();

            evidence.GetHostEvidence <Zone>();
            evidence.GetHostEvidence <StrongName>();
            evidence.GetHostEvidence <Url>();
            byte[] serializedEvidence = evidence.RawSerialize();
            int    rawCount           = evidence.RawCount;
            bool   flag1 = AppDomain.CurrentDomain.GetData("IgnoreSystemPolicy") != null;
            bool   flag2 = false;

            while (enumerator.MoveNext())
            {
                PolicyLevel policyLevel = (PolicyLevel)enumerator.Current;
                if (systemPolicy)
                {
                    if (policyLevel.Type == PolicyLevelType.AppDomain)
                    {
                        continue;
                    }
                }
                else if (flag1 && policyLevel.Type != PolicyLevelType.AppDomain)
                {
                    continue;
                }
                PolicyStatement policyStatement = policyLevel.Resolve(evidence, rawCount, serializedEvidence);
                if (permissionSet == null)
                {
                    permissionSet = policyStatement.PermissionSet;
                }
                else
                {
                    permissionSet.InplaceIntersect(policyStatement.GetPermissionSetNoCopy());
                }
                if (permissionSet != null && !permissionSet.FastIsEmpty())
                {
                    if ((policyStatement.Attributes & PolicyStatementAttribute.LevelFinal) == PolicyStatementAttribute.LevelFinal)
                    {
                        if (policyLevel.Type != PolicyLevelType.AppDomain)
                        {
                            flag2 = true;
                            break;
                        }
                        break;
                    }
                }
                else
                {
                    break;
                }
            }
            if (permissionSet != null & flag2)
            {
                PolicyLevel policyLevel1 = (PolicyLevel)null;
                for (int index = this.PolicyLevels.Count - 1; index >= 0; --index)
                {
                    PolicyLevel policyLevel2 = (PolicyLevel)this.PolicyLevels[index];
                    if (policyLevel2.Type == PolicyLevelType.AppDomain)
                    {
                        policyLevel1 = policyLevel2;
                        break;
                    }
                }
                if (policyLevel1 != null)
                {
                    PolicyStatement policyStatement = policyLevel1.Resolve(evidence, rawCount, serializedEvidence);
                    permissionSet.InplaceIntersect(policyStatement.GetPermissionSetNoCopy());
                }
            }
            if (permissionSet == null)
            {
                permissionSet = new PermissionSet(PermissionState.None);
            }
            if (!permissionSet.IsUnrestricted())
            {
                IEnumerator hostEnumerator = evidence.GetHostEnumerator();
                while (hostEnumerator.MoveNext())
                {
                    IIdentityPermissionFactory permissionFactory = hostEnumerator.Current as IIdentityPermissionFactory;
                    if (permissionFactory != null)
                    {
                        IPermission identityPermission = permissionFactory.CreateIdentityPermission(evidence);
                        if (identityPermission != null)
                        {
                            permissionSet.AddPermission(identityPermission);
                        }
                    }
                }
            }
            permissionSet.IgnoreTypeLoadFailures = true;
            return(permissionSet);
        }