|
static private GetMethodInfo ( |
||
| rmh | ||
| return | ||
internal static Exception MakeSecurityException(AssemblyName asmName, Evidence asmEvidence, PermissionSet granted, PermissionSet refused, RuntimeMethodHandleInternal rmh, SecurityAction action, object demand, IPermission permThatFailed)
{
HostProtectionPermission protectionPermission = permThatFailed as HostProtectionPermission;
if (protectionPermission != null)
{
return((Exception) new HostProtectionException(SecurityException.GetResString("HostProtection_HostProtection"), HostProtectionPermission.protectedResources, protectionPermission.Resources));
}
string message = "";
MethodInfo method = (MethodInfo)null;
try
{
message = granted != null || refused != null || demand != null ? (demand == null || !(demand is IPermission) ? (permThatFailed == null ? SecurityException.GetResString("Security_GenericNoType") : string.Format((IFormatProvider)CultureInfo.InvariantCulture, SecurityException.GetResString("Security_Generic"), (object)permThatFailed.GetType().AssemblyQualifiedName)) : string.Format((IFormatProvider)CultureInfo.InvariantCulture, SecurityException.GetResString("Security_Generic"), (object)demand.GetType().AssemblyQualifiedName)) : SecurityException.GetResString("Security_NoAPTCA");
method = SecurityRuntime.GetMethodInfo(rmh);
}
catch (Exception ex)
{
if (ex is ThreadAbortException)
{
throw;
}
}
return((Exception) new SecurityException(message, asmName, granted, refused, method, action, demand, permThatFailed, asmEvidence));
}
internal static Exception MakeSecurityException(AssemblyName asmName, Evidence asmEvidence, PermissionSet granted, PermissionSet refused, RuntimeMethodHandle rmh, SecurityAction action, Object demand, IPermission permThatFailed)
{
// See if we need to throw a HostProtectionException instead
HostProtectionPermission hostProtectionPerm = permThatFailed as HostProtectionPermission;
if (hostProtectionPerm != null)
{
return(new HostProtectionException(GetResString("HostProtection_HostProtection"), HostProtectionPermission.protectedResources, hostProtectionPerm.Resources));
}
// Produce relevant strings
String message = "";
MethodInfo method = null;
try
{
if (granted == null && refused == null && demand == null)
{
message = GetResString("Security_NoAPTCA");
}
else
{
if (demand != null && demand is IPermission)
{
message = String.Format(CultureInfo.InvariantCulture, GetResString("Security_Generic"), demand.GetType().AssemblyQualifiedName);
}
else if (permThatFailed != null)
{
message = String.Format(CultureInfo.InvariantCulture, GetResString("Security_Generic"), permThatFailed.GetType().AssemblyQualifiedName);
}
else
{
message = GetResString("Security_GenericNoType");
}
}
method = SecurityRuntime.GetMethodInfo(rmh);
}
catch (Exception e)
{
// Environment.GetResourceString will throw if we are ReadyForAbort (thread abort). (We shouldn't do a BCLDebug.Assert in this case or it will lock up the thread.)
if (e is System.Threading.ThreadAbortException)
{
throw;
}
}
/* catch(System.Threading.ThreadAbortException)
* {
* // Environment.GetResourceString will throw if we are ReadyForAbort (thread abort). (We shouldn't do a BCLDebug.Assert in this case or it will lock up the thread.)
* throw;
* }
* catch
* {
* }
*/
// make the exception object
return(new SecurityException(message, asmName, granted, refused, method, action, demand, permThatFailed, asmEvidence));
}
internal static Exception MakeSecurityException(AssemblyName asmName, Evidence asmEvidence, PermissionSet granted, PermissionSet refused, RuntimeMethodHandleInternal rmh, SecurityAction action, object demand, IPermission permThatFailed)
{
HostProtectionPermission permission = permThatFailed as HostProtectionPermission;
if (permission != null)
{
return(new HostProtectionException(GetResString("HostProtection_HostProtection"), HostProtectionPermission.protectedResources, permission.Resources));
}
string message = "";
MethodInfo method = null;
try
{
if (((granted == null) && (refused == null)) && (demand == null))
{
message = GetResString("Security_NoAPTCA");
}
else if ((demand != null) && (demand is IPermission))
{
message = string.Format(CultureInfo.InvariantCulture, GetResString("Security_Generic"), new object[] { demand.GetType().AssemblyQualifiedName });
}
else if (permThatFailed != null)
{
message = string.Format(CultureInfo.InvariantCulture, GetResString("Security_Generic"), new object[] { permThatFailed.GetType().AssemblyQualifiedName });
}
else
{
message = GetResString("Security_GenericNoType");
}
method = SecurityRuntime.GetMethodInfo(rmh);
}
catch (Exception exception)
{
if (exception is ThreadAbortException)
{
throw;
}
}
return(new SecurityException(message, asmName, granted, refused, method, action, demand, permThatFailed, asmEvidence));
}
[System.Security.SecurityCritical] // auto-generated
internal bool CheckSetDemand2(PermissionSet demandSet,
out PermissionSet alteredDemandSet,
RuntimeMethodHandleInternal rmh, bool fDeclarative)
{
PermissionSet permSet;
// In the common case we are not going to alter the demand set, so just to
// be safe we'll set it to null up front.
alteredDemandSet = null;
// There's some oddness in here to deal with exceptions. The general idea behind
// this is that we need some way of dealing with custom permissions that may not
// handle all possible scenarios of Union(), Intersect(), and IsSubsetOf() properly
// (they don't support it, throw null reference exceptions, etc.).
// An empty demand always succeeds.
if (demandSet == null || demandSet.IsEmpty())
{
return(SecurityRuntime.StackHalt);
}
if (GetPermitOnly(fDeclarative) != null)
{
GetPermitOnly(fDeclarative).CheckDecoded(demandSet);
}
if (GetDenials(fDeclarative) != null)
{
GetDenials(fDeclarative).CheckDecoded(demandSet);
}
if (GetAssertions(fDeclarative) != null)
{
GetAssertions(fDeclarative).CheckDecoded(demandSet);
}
bool bThreadSecurity = SecurityManager._SetThreadSecurity(false);
try
{
// In the case of permit only, we define an exception to be failure of the check
// and therefore we throw a security exception.
permSet = GetPermitOnly(fDeclarative);
if (permSet != null)
{
IPermission permFailed = null;
bool bNeedToThrow = true;
try
{
bNeedToThrow = !demandSet.CheckPermitOnly(permSet, out permFailed);
}
catch (ArgumentException)
{
}
if (bNeedToThrow)
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"), null, permSet, SecurityRuntime.GetMethodInfo(rmh), demandSet, permFailed);
}
}
// In the case of denial, we define an exception to be failure of the check
// and therefore we throw a security exception.
permSet = GetDenials(fDeclarative);
if (permSet != null)
{
IPermission permFailed = null;
bool bNeedToThrow = true;
try
{
bNeedToThrow = !demandSet.CheckDeny(permSet, out permFailed);
}
catch (ArgumentException)
{
}
if (bNeedToThrow)
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"), permSet, null, SecurityRuntime.GetMethodInfo(rmh), demandSet, permFailed);
}
}
// The assert case is more complex. Since asserts have the ability to "bleed through"
// (where part of a demand is handled by an assertion, but the rest is passed on to
// continue the stackwalk), we need to be more careful in handling the "failure" case.
// Therefore, if an exception is thrown in performing any operation, we make sure to keep
// that permission in the demand set thereby continuing the demand for that permission
// walking down the stack.
if (GetAssertAllPossible())
{
return(SecurityRuntime.StackHalt);
}
permSet = GetAssertions(fDeclarative);
if (permSet != null)
{
// If this frame asserts a superset of the demand set we're done
if (demandSet.CheckAssertion(permSet))
{
return(SecurityRuntime.StackHalt);
}
// Determine whether any of the demand set asserted. We do this by
// copying the demand set and removing anything in it that is asserted.
if (!permSet.IsUnrestricted())
{
PermissionSet.RemoveAssertedPermissionSet(demandSet, permSet, out alteredDemandSet);
}
}
}
finally
{
if (bThreadSecurity)
{
SecurityManager._SetThreadSecurity(true);
}
}
return(SecurityRuntime.StackContinue);
}
[System.Security.SecurityCritical] // auto-generated
internal bool CheckDemand2(CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandleInternal rmh, bool fDeclarative)
{
PermissionSet permSet;
// If the demand is null, there is no need to continue
Contract.Assert(demand != null && !demand.CheckDemand(null), "Empty demands should have been filtered out by this point");
// decode imperative
if (GetPermitOnly(fDeclarative) != null)
{
GetPermitOnly(fDeclarative).CheckDecoded(demand, permToken);
}
if (GetDenials(fDeclarative) != null)
{
GetDenials(fDeclarative).CheckDecoded(demand, permToken);
}
if (GetAssertions(fDeclarative) != null)
{
GetAssertions(fDeclarative).CheckDecoded(demand, permToken);
}
// NOTE: See notes about exceptions and exception handling in FrameDescSetHelper
bool bThreadSecurity = SecurityManager._SetThreadSecurity(false);
// Check Reduction
try
{
permSet = GetPermitOnly(fDeclarative);
if (permSet != null)
{
CodeAccessPermission perm = (CodeAccessPermission)permSet.GetPermission(demand);
// If the permit only set does not contain the demanded permission, throw a security exception
if (perm == null)
{
if (!permSet.IsUnrestricted())
{
throw new SecurityException(String.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), null, permSet, SecurityRuntime.GetMethodInfo(rmh), demand, demand);
}
}
else
{
bool bNeedToThrow = true;
try
{
bNeedToThrow = !demand.CheckPermitOnly(perm);
}
catch (ArgumentException)
{
}
if (bNeedToThrow)
{
throw new SecurityException(String.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), null, permSet, SecurityRuntime.GetMethodInfo(rmh), demand, demand);
}
}
}
// Check Denials
permSet = GetDenials(fDeclarative);
if (permSet != null)
{
CodeAccessPermission perm = (CodeAccessPermission)permSet.GetPermission(demand);
// If an unrestricted set was denied and the demand implements IUnrestricted
if (permSet.IsUnrestricted())
{
throw new SecurityException(String.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), permSet, null, SecurityRuntime.GetMethodInfo(rmh), demand, demand);
}
// If the deny set does contain the demanded permission, throw a security exception
bool bNeedToThrow = true;
try
{
bNeedToThrow = !demand.CheckDeny(perm);
}
catch (ArgumentException)
{
}
if (bNeedToThrow)
{
throw new SecurityException(String.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), permSet, null, SecurityRuntime.GetMethodInfo(rmh), demand, demand);
}
}
if (GetAssertAllPossible())
{
return(SecurityRuntime.StackHalt);
}
permSet = GetAssertions(fDeclarative);
// Check Assertions
if (permSet != null)
{
CodeAccessPermission perm = (CodeAccessPermission)permSet.GetPermission(demand);
// If the assert set does contain the demanded permission, halt the stackwalk
try
{
if (permSet.IsUnrestricted() || demand.CheckAssert(perm))
{
return(SecurityRuntime.StackHalt);
}
}
catch (ArgumentException)
{
}
}
}
finally
{
if (bThreadSecurity)
{
SecurityManager._SetThreadSecurity(true);
}
}
return(SecurityRuntime.StackContinue);
}
internal bool CheckDemand2(CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandleInternal rmh, bool fDeclarative)
{
if (this.GetPermitOnly(fDeclarative) != null)
{
this.GetPermitOnly(fDeclarative).CheckDecoded(demand, permToken);
}
if (this.GetDenials(fDeclarative) != null)
{
this.GetDenials(fDeclarative).CheckDecoded(demand, permToken);
}
if (this.GetAssertions(fDeclarative) != null)
{
this.GetAssertions(fDeclarative).CheckDecoded(demand, permToken);
}
bool flag = SecurityManager._SetThreadSecurity(false);
try
{
PermissionSet permitOnly = this.GetPermitOnly(fDeclarative);
if (permitOnly != null)
{
CodeAccessPermission permitted = (CodeAccessPermission)permitOnly.GetPermission(demand);
if (permitted == null)
{
if (!permitOnly.IsUnrestricted())
{
throw new SecurityException(string.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), new object[] { demand.GetType().AssemblyQualifiedName }), null, permitOnly, SecurityRuntime.GetMethodInfo(rmh), demand, demand);
}
}
else
{
bool flag2 = true;
try
{
flag2 = !demand.CheckPermitOnly(permitted);
}
catch (ArgumentException)
{
}
if (flag2)
{
throw new SecurityException(string.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), new object[] { demand.GetType().AssemblyQualifiedName }), null, permitOnly, SecurityRuntime.GetMethodInfo(rmh), demand, demand);
}
}
}
permitOnly = this.GetDenials(fDeclarative);
if (permitOnly != null)
{
CodeAccessPermission permission = (CodeAccessPermission)permitOnly.GetPermission(demand);
if (permitOnly.IsUnrestricted())
{
throw new SecurityException(string.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), new object[] { demand.GetType().AssemblyQualifiedName }), permitOnly, null, SecurityRuntime.GetMethodInfo(rmh), demand, demand);
}
bool flag3 = true;
try
{
flag3 = !demand.CheckDeny(permission);
}
catch (ArgumentException)
{
}
if (flag3)
{
throw new SecurityException(string.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), new object[] { demand.GetType().AssemblyQualifiedName }), permitOnly, null, SecurityRuntime.GetMethodInfo(rmh), demand, demand);
}
}
if (this.GetAssertAllPossible())
{
return(false);
}
permitOnly = this.GetAssertions(fDeclarative);
if (permitOnly != null)
{
CodeAccessPermission asserted = (CodeAccessPermission)permitOnly.GetPermission(demand);
try
{
if (permitOnly.IsUnrestricted() || demand.CheckAssert(asserted))
{
return(false);
}
}
catch (ArgumentException)
{
}
}
}
finally
{
if (flag)
{
SecurityManager._SetThreadSecurity(true);
}
}
return(true);
}
internal bool CheckSetDemand2(PermissionSet demandSet, out PermissionSet alteredDemandSet, RuntimeMethodHandleInternal rmh, bool fDeclarative)
{
alteredDemandSet = null;
if ((demandSet == null) || demandSet.IsEmpty())
{
return(false);
}
if (this.GetPermitOnly(fDeclarative) != null)
{
this.GetPermitOnly(fDeclarative).CheckDecoded(demandSet);
}
if (this.GetDenials(fDeclarative) != null)
{
this.GetDenials(fDeclarative).CheckDecoded(demandSet);
}
if (this.GetAssertions(fDeclarative) != null)
{
this.GetAssertions(fDeclarative).CheckDecoded(demandSet);
}
bool flag = SecurityManager._SetThreadSecurity(false);
try
{
PermissionSet permitOnly = this.GetPermitOnly(fDeclarative);
if (permitOnly != null)
{
IPermission firstPermThatFailed = null;
bool flag2 = true;
try
{
flag2 = !demandSet.CheckPermitOnly(permitOnly, out firstPermThatFailed);
}
catch (ArgumentException)
{
}
if (flag2)
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"), null, permitOnly, SecurityRuntime.GetMethodInfo(rmh), demandSet, firstPermThatFailed);
}
}
permitOnly = this.GetDenials(fDeclarative);
if (permitOnly != null)
{
IPermission permission2 = null;
bool flag3 = true;
try
{
flag3 = !demandSet.CheckDeny(permitOnly, out permission2);
}
catch (ArgumentException)
{
}
if (flag3)
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"), permitOnly, null, SecurityRuntime.GetMethodInfo(rmh), demandSet, permission2);
}
}
if (this.GetAssertAllPossible())
{
return(false);
}
permitOnly = this.GetAssertions(fDeclarative);
if (permitOnly != null)
{
if (demandSet.CheckAssertion(permitOnly))
{
return(false);
}
if (!permitOnly.IsUnrestricted())
{
PermissionSet.RemoveAssertedPermissionSet(demandSet, permitOnly, out alteredDemandSet);
}
}
}
finally
{
if (flag)
{
SecurityManager._SetThreadSecurity(true);
}
}
return(true);
}
internal bool CheckDemand2(CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandleInternal rmh, bool fDeclarative)
{
if (this.GetPermitOnly(fDeclarative) != null)
{
this.GetPermitOnly(fDeclarative).CheckDecoded(demand, permToken);
}
if (this.GetDenials(fDeclarative) != null)
{
this.GetDenials(fDeclarative).CheckDecoded(demand, permToken);
}
if (this.GetAssertions(fDeclarative) != null)
{
this.GetAssertions(fDeclarative).CheckDecoded(demand, permToken);
}
bool flag1 = SecurityManager._SetThreadSecurity(false);
try
{
PermissionSet permitOnly = this.GetPermitOnly(fDeclarative);
if (permitOnly != null)
{
CodeAccessPermission permitted = (CodeAccessPermission)permitOnly.GetPermission((IPermission)demand);
if (permitted == null)
{
if (!permitOnly.IsUnrestricted())
{
throw new SecurityException(string.Format((IFormatProvider)CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), (object)demand.GetType().AssemblyQualifiedName), (object)null, (object)permitOnly, SecurityRuntime.GetMethodInfo(rmh), (object)demand, (IPermission)demand);
}
}
else
{
bool flag2 = true;
try
{
flag2 = !demand.CheckPermitOnly(permitted);
}
catch (ArgumentException ex)
{
}
if (flag2)
{
throw new SecurityException(string.Format((IFormatProvider)CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), (object)demand.GetType().AssemblyQualifiedName), (object)null, (object)permitOnly, SecurityRuntime.GetMethodInfo(rmh), (object)demand, (IPermission)demand);
}
}
}
PermissionSet denials = this.GetDenials(fDeclarative);
if (denials != null)
{
CodeAccessPermission denied = (CodeAccessPermission)denials.GetPermission((IPermission)demand);
if (denials.IsUnrestricted())
{
throw new SecurityException(string.Format((IFormatProvider)CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), (object)demand.GetType().AssemblyQualifiedName), (object)denials, (object)null, SecurityRuntime.GetMethodInfo(rmh), (object)demand, (IPermission)demand);
}
bool flag2 = true;
try
{
flag2 = !demand.CheckDeny(denied);
}
catch (ArgumentException ex)
{
}
if (flag2)
{
throw new SecurityException(string.Format((IFormatProvider)CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), (object)demand.GetType().AssemblyQualifiedName), (object)denials, (object)null, SecurityRuntime.GetMethodInfo(rmh), (object)demand, (IPermission)demand);
}
}
if (this.GetAssertAllPossible())
{
return(false);
}
PermissionSet assertions = this.GetAssertions(fDeclarative);
if (assertions != null)
{
CodeAccessPermission asserted = (CodeAccessPermission)assertions.GetPermission((IPermission)demand);
try
{
if (!assertions.IsUnrestricted())
{
if (!demand.CheckAssert(asserted))
{
goto label_35;
}
}
return(false);
}
catch (ArgumentException ex)
{
}
}
}
finally
{
if (flag1)
{
SecurityManager._SetThreadSecurity(true);
}
}
label_35:
return(true);
}
