internal void InplaceUnion(PolicyStatement childPolicy)
 {
     if (((this.Attributes & childPolicy.Attributes) & PolicyStatementAttribute.Exclusive) == PolicyStatementAttribute.Exclusive)
     {
         throw new PolicyException(Environment.GetResourceString("Policy_MultipleExclusive"));
     }
     if (childPolicy.HasDependentEvidence)
     {
         bool flag = this.m_permSet.IsSubsetOf(childPolicy.GetPermissionSetNoCopy()) && !childPolicy.GetPermissionSetNoCopy().IsSubsetOf(this.m_permSet);
         if (this.HasDependentEvidence || flag)
         {
             if (this.m_dependentEvidence == null)
             {
                 this.m_dependentEvidence = new List <IDelayEvaluatedEvidence>();
             }
             this.m_dependentEvidence.AddRange(childPolicy.DependentEvidence);
         }
     }
     if ((childPolicy.Attributes & PolicyStatementAttribute.Exclusive) == PolicyStatementAttribute.Exclusive)
     {
         this.m_permSet  = childPolicy.GetPermissionSetNoCopy();
         this.Attributes = childPolicy.Attributes;
     }
     else
     {
         this.m_permSet.InplaceUnion(childPolicy.GetPermissionSetNoCopy());
         this.Attributes |= childPolicy.Attributes;
     }
 }
Exemple #2
0
        /// <summary>
        ///     Union a child policy statement into this policy statement
        /// </summary>
        internal void InplaceUnion(PolicyStatement childPolicy)
        {
            BCLDebug.Assert(childPolicy != null, "childPolicy != null");

            if (((Attributes & childPolicy.Attributes) & PolicyStatementAttribute.Exclusive) == PolicyStatementAttribute.Exclusive)
            {
                throw new PolicyException(Environment.GetResourceString("Policy_MultipleExclusive"));
            }

            // We need to merge together our grant set and attributes.  The result of this merge is
            // dependent upon if we're merging a child marked exclusive or not.  If the child is not
            // exclusive, we need to union in its grant set and or in its attributes. However, if the child
            // is exclusive then it is the only code group which should have an effect on the resulting
            // grant set and therefore our grant should be ignored.
            if ((childPolicy.Attributes & PolicyStatementAttribute.Exclusive) == PolicyStatementAttribute.Exclusive)
            {
                m_permSet  = childPolicy.GetPermissionSetNoCopy();
                Attributes = childPolicy.Attributes;
            }
            else
            {
                m_permSet.InplaceUnion(childPolicy.GetPermissionSetNoCopy());
                Attributes = Attributes | childPolicy.Attributes;
            }
        }
Exemple #3
0
        public override PolicyStatement Resolve(Evidence evidence)
        {
            if (evidence == null)
            {
                throw new ArgumentNullException("evidence");
            }

            if (this.MembershipCondition.Check(evidence))
            {
                PolicyStatement thisPolicy = CalculateAssemblyPolicy(evidence);

                IEnumerator enumerator = this.Children.GetEnumerator();
                while (enumerator.MoveNext())
                {
                    PolicyStatement childPolicy = ((CodeGroup)enumerator.Current).Resolve(evidence);

                    if (childPolicy != null)
                    {
                        if (((thisPolicy.Attributes & childPolicy.Attributes) & PolicyStatementAttribute.Exclusive) == PolicyStatementAttribute.Exclusive)
                        {
                            throw new PolicyException(Environment.GetResourceString("Policy_MultipleExclusive"));
                        }

                        thisPolicy.GetPermissionSetNoCopy().InplaceUnion(childPolicy.GetPermissionSetNoCopy());
                        thisPolicy.Attributes = thisPolicy.Attributes | childPolicy.Attributes;
                    }
                }

                return(thisPolicy);
            }
            else
            {
                return(null);
            }
        }
Exemple #4
0
        /// <summary>
        ///     Union a child policy statement into this policy statement
        /// </summary>
        internal void InplaceUnion(PolicyStatement childPolicy)
        {
            BCLDebug.Assert(childPolicy != null, "childPolicy != null");

            if (((Attributes & childPolicy.Attributes) & PolicyStatementAttribute.Exclusive) == PolicyStatementAttribute.Exclusive)
            {
                throw new PolicyException(Environment.GetResourceString("Policy_MultipleExclusive"));
            }

#if FEATURE_CAS_POLICY
            // If our code group generated a grant set based upon unverified evidence, or it generated a grant
            // set strictly less than that of a child group based upon unverified evidence, we need to keep
            // track of any unverified evidence our child group has.
            if (childPolicy.HasDependentEvidence)
            {
                bool childEvidenceNeedsVerification = m_permSet.IsSubsetOf(childPolicy.GetPermissionSetNoCopy()) &&
                                                      !childPolicy.GetPermissionSetNoCopy().IsSubsetOf(m_permSet);

                if (HasDependentEvidence || childEvidenceNeedsVerification)
                {
                    if (m_dependentEvidence == null)
                    {
                        m_dependentEvidence = new List <IDelayEvaluatedEvidence>();
                    }

                    m_dependentEvidence.AddRange(childPolicy.DependentEvidence);
                }
            }
#endif

            // We need to merge together our grant set and attributes.  The result of this merge is
            // dependent upon if we're merging a child marked exclusive or not.  If the child is not
            // exclusive, we need to union in its grant set and or in its attributes. However, if the child
            // is exclusive then it is the only code group which should have an effect on the resulting
            // grant set and therefore our grant should be ignored.
            if ((childPolicy.Attributes & PolicyStatementAttribute.Exclusive) == PolicyStatementAttribute.Exclusive)
            {
                m_permSet  = childPolicy.GetPermissionSetNoCopy();
                Attributes = childPolicy.Attributes;
            }
            else
            {
                m_permSet.InplaceUnion(childPolicy.GetPermissionSetNoCopy());
                Attributes = Attributes | childPolicy.Attributes;
            }
        }
        /// <include file='doc\FirstMatchCodeGroup.uex' path='docs/doc[@for="FirstMatchCodeGroup.Resolve"]/*' />
        public override PolicyStatement Resolve(Evidence evidence)
        {
            if (evidence == null)
            {
                throw new ArgumentNullException("evidence");
            }

            if (this.MembershipCondition.Check(evidence))
            {
                PolicyStatement childPolicy = null;

                IEnumerator enumerator = this.Children.GetEnumerator();

                while (enumerator.MoveNext())
                {
                    childPolicy = ((CodeGroup)enumerator.Current).Resolve(evidence);

                    // If the child has a policy, we are done.

                    if (childPolicy != null)
                    {
                        break;
                    }
                }

                PolicyStatement thisPolicy = this.PolicyStatement;

                if (thisPolicy == null)
                {
                    return(childPolicy);
                }
                else if (childPolicy != null)
                {
                    // Combine the child and this policy and return it.

                    PolicyStatement combined = new PolicyStatement();

                    combined.SetPermissionSetNoCopy(thisPolicy.GetPermissionSetNoCopy().Union(childPolicy.GetPermissionSetNoCopy()));

                    // if both this group and matching child group are exclusive we need to throw an exception

                    if (((thisPolicy.Attributes & childPolicy.Attributes) & PolicyStatementAttribute.Exclusive) == PolicyStatementAttribute.Exclusive)
                    {
                        throw new PolicyException(Environment.GetResourceString("Policy_MultipleExclusive"));
                    }

                    combined.Attributes = thisPolicy.Attributes | childPolicy.Attributes;

                    return(combined);
                }
                else
                {
                    // Otherwise we just copy the this policy.

                    return(this.PolicyStatement);
                }
            }
            else
            {
                return(null);
            }
        }
        [System.Security.SecurityCritical]  // auto-generated
        internal SecurityElement ToXml(PolicyLevel level, String policyClassName)
        {
            if (m_membershipCondition == null && m_element != null)
            {
                ParseMembershipCondition();
            }

            if (m_children == null)
            {
                ParseChildren();
            }

            if (m_policy == null && m_element != null)
            {
                ParsePolicy();
            }

            SecurityElement e = new SecurityElement("CodeGroup");

            System.Security.Util.XMLUtil.AddClassAttribute(e, this.GetType(), policyClassName);
            // If you hit this assert then most likely you are trying to change the name of this class.
            // This is ok as long as you change the hard coded string above and change the assert below.
            Contract.Assert(this.GetType().FullName.Equals(policyClassName), "Incorrect class name passed in! Was: " + policyClassName + " Should be " + this.GetType().FullName);

            e.AddAttribute("version", "1");

            e.AddChild(m_membershipCondition.ToXml(level));

            // Grab the inerts of the policy statement's xml and just stick it
            // into the code group xml directly. We do this to hide the policy statement from
            // users in the config file.

            if (m_policy != null)
            {
                PermissionSet      permSet      = m_policy.GetPermissionSetNoCopy();
                NamedPermissionSet namedPermSet = permSet as NamedPermissionSet;

                if (namedPermSet != null && level != null && level.GetNamedPermissionSetInternal(namedPermSet.Name) != null)
                {
                    e.AddAttribute("PermissionSetName", namedPermSet.Name);
                }
                else
                {
                    if (!permSet.IsEmpty())
                    {
                        e.AddChild(permSet.ToXml());
                    }
                }

                if (m_policy.Attributes != PolicyStatementAttribute.Nothing)
                {
                    e.AddAttribute("Attributes", XMLUtil.BitFieldEnumToString(typeof(PolicyStatementAttribute), m_policy.Attributes));
                }
            }

            if (m_children.Count > 0)
            {
                lock (this)
                {
                    IEnumerator enumerator = m_children.GetEnumerator();

                    while (enumerator.MoveNext())
                    {
                        e.AddChild(((CodeGroup)enumerator.Current).ToXml(level));
                    }
                }
            }

            if (m_name != null)
            {
                e.AddAttribute("Name", SecurityElement.Escape(m_name));
            }

            if (m_description != null)
            {
                e.AddAttribute("Description", SecurityElement.Escape(m_description));
            }

            CreateXml(e, level);

            return(e);
        }
        [System.Security.SecurityCritical]  // auto-generated
        internal PolicyStatement Resolve (Evidence evidence, int count, byte[] serializedEvidence) {
            if (evidence == null)
                throw new ArgumentNullException("evidence");
            Contract.EndContractBlock();

            PolicyStatement policy = null;
            if (serializedEvidence != null)
                policy = CheckCache(count, serializedEvidence);

            if (policy == null) {
                CheckLoaded();

                bool allConst;
                bool isFullTrust = m_fullTrustAssemblies != null && IsFullTrustAssembly(m_fullTrustAssemblies, evidence);
                if (isFullTrust) {
                    policy = new PolicyStatement(new PermissionSet(true), PolicyStatementAttribute.Nothing);
                    allConst = true;
                }
                else {
                    ArrayList list = GenericResolve(evidence, out allConst);
                    policy = new PolicyStatement();
                    // This will set the permission set to the empty set.
                    policy.PermissionSet = null;

                    IEnumerator enumerator = list.GetEnumerator();
                    while (enumerator.MoveNext()) {
                        PolicyStatement ps = ((CodeGroupStackFrame)enumerator.Current).policy;
                        if (ps != null) {
                            policy.GetPermissionSetNoCopy().InplaceUnion(ps.GetPermissionSetNoCopy());
                            policy.Attributes |= ps.Attributes;

                            // If we find a policy statement that's dependent upon unverified evidence, we
                            // need to mark that as used so that the VM can potentially force verification on
                            // the evidence.
                            if (ps.HasDependentEvidence) {
                                foreach (IDelayEvaluatedEvidence delayEvidence in ps.DependentEvidence) {
                                    delayEvidence.MarkUsed();
                                }
                            }
                        }
                    }
                }
                if (allConst) {
                    // We want to store in the cache the evidence that was touched during policy evaluation
                    // rather than the input serialized evidence, since that evidence is optimized for the
                    // standard policy and is not all-inclusive.  We need to make sure that any evidence
                    // used to determine the grant set is added to the cache key.
                    Cache(count, evidence.RawSerialize(), policy);
                }
            }

            return policy;
        }
 internal void InplaceUnion(PolicyStatement childPolicy)
 {
     if (((this.Attributes & childPolicy.Attributes) & PolicyStatementAttribute.Exclusive) == PolicyStatementAttribute.Exclusive)
     {
         throw new PolicyException(Environment.GetResourceString("Policy_MultipleExclusive"));
     }
     if (childPolicy.HasDependentEvidence)
     {
         bool flag = this.m_permSet.IsSubsetOf(childPolicy.GetPermissionSetNoCopy()) && !childPolicy.GetPermissionSetNoCopy().IsSubsetOf(this.m_permSet);
         if (this.HasDependentEvidence || flag)
         {
             if (this.m_dependentEvidence == null)
             {
                 this.m_dependentEvidence = new List<IDelayEvaluatedEvidence>();
             }
             this.m_dependentEvidence.AddRange(childPolicy.DependentEvidence);
         }
     }
     if ((childPolicy.Attributes & PolicyStatementAttribute.Exclusive) == PolicyStatementAttribute.Exclusive)
     {
         this.m_permSet = childPolicy.GetPermissionSetNoCopy();
         this.Attributes = childPolicy.Attributes;
     }
     else
     {
         this.m_permSet.InplaceUnion(childPolicy.GetPermissionSetNoCopy());
         this.Attributes |= childPolicy.Attributes;
     }
 }
        /// <summary>
        ///     Union a child policy statement into this policy statement
        /// </summary>
        internal void InplaceUnion(PolicyStatement childPolicy)
        {
            BCLDebug.Assert(childPolicy != null, "childPolicy != null");

            if (((Attributes & childPolicy.Attributes) & PolicyStatementAttribute.Exclusive) == PolicyStatementAttribute.Exclusive)
            {
                throw new PolicyException(Environment.GetResourceString( "Policy_MultipleExclusive" ));
            }

#if FEATURE_CAS_POLICY
            // If our code group generated a grant set based upon unverified evidence, or it generated a grant
            // set strictly less than that of a child group based upon unverified evidence, we need to keep
            // track of any unverified evidence our child group has.
            if (childPolicy.HasDependentEvidence)
            {
                bool childEvidenceNeedsVerification = m_permSet.IsSubsetOf(childPolicy.GetPermissionSetNoCopy()) &&
                                                      !childPolicy.GetPermissionSetNoCopy().IsSubsetOf(m_permSet);

                if (HasDependentEvidence || childEvidenceNeedsVerification)
                {
                    if (m_dependentEvidence == null)
                    {
                        m_dependentEvidence = new List<IDelayEvaluatedEvidence>();
                    }

                    m_dependentEvidence.AddRange(childPolicy.DependentEvidence);
                }
            }
#endif

            // We need to merge together our grant set and attributes.  The result of this merge is
            // dependent upon if we're merging a child marked exclusive or not.  If the child is not
            // exclusive, we need to union in its grant set and or in its attributes. However, if the child
            // is exclusive then it is the only code group which should have an effect on the resulting
            // grant set and therefore our grant should be ignored.
            if ((childPolicy.Attributes & PolicyStatementAttribute.Exclusive) == PolicyStatementAttribute.Exclusive)
            {
                m_permSet = childPolicy.GetPermissionSetNoCopy();
                Attributes = childPolicy.Attributes;
            }
            else
            {
                m_permSet.InplaceUnion(childPolicy.GetPermissionSetNoCopy());
                Attributes = Attributes | childPolicy.Attributes;
            }
        }
 internal PolicyStatement Resolve(Evidence evidence, int count, byte[] serializedEvidence)
 {
     if (evidence == null)
     {
         throw new ArgumentNullException("evidence");
     }
     PolicyStatement policy = null;
     if (serializedEvidence != null)
     {
         policy = this.CheckCache(count, serializedEvidence);
     }
     if (policy == null)
     {
         bool flag;
         this.CheckLoaded();
         if ((this.m_fullTrustAssemblies != null) && IsFullTrustAssembly(this.m_fullTrustAssemblies, evidence))
         {
             policy = new PolicyStatement(new PermissionSet(true), PolicyStatementAttribute.Nothing);
             flag = true;
         }
         else
         {
             ArrayList list = this.GenericResolve(evidence, out flag);
             policy = new PolicyStatement {
                 PermissionSet = null
             };
             IEnumerator enumerator = list.GetEnumerator();
             while (enumerator.MoveNext())
             {
                 PolicyStatement statement2 = ((CodeGroupStackFrame) enumerator.Current).policy;
                 if (statement2 != null)
                 {
                     policy.GetPermissionSetNoCopy().InplaceUnion(statement2.GetPermissionSetNoCopy());
                     policy.Attributes |= statement2.Attributes;
                     if (statement2.HasDependentEvidence)
                     {
                         foreach (IDelayEvaluatedEvidence evidence2 in statement2.DependentEvidence)
                         {
                             evidence2.MarkUsed();
                         }
                     }
                 }
             }
         }
         if (flag)
         {
             this.Cache(count, evidence.RawSerialize(), policy);
         }
     }
     return policy;
 }
        /// <include file='doc\CodeGroup.uex' path='docs/doc[@for="CodeGroup.ToXml1"]/*' />
        public SecurityElement ToXml(PolicyLevel level)
        {
            if (m_membershipCondition == null && m_element != null)
            {
                ParseMembershipCondition();
            }

            if (m_children == null)
            {
                ParseChildren();
            }

            if (m_policy == null && m_element != null)
            {
                ParsePolicy();
            }

            SecurityElement e = new SecurityElement("CodeGroup");

            System.Security.Util.XMLUtil.AddClassAttribute(e, this.GetType());
            e.AddAttribute("version", "1");

            e.AddChild(m_membershipCondition.ToXml(level));

            // Grab the inerts of the policy statement's xml and just stick it
            // into the code group xml directly. We do this to hide the policy statement from
            // users in the config file.

            if (m_policy != null)
            {
                PermissionSet      permSet      = m_policy.GetPermissionSetNoCopy();
                NamedPermissionSet namedPermSet = permSet as NamedPermissionSet;

                if (namedPermSet != null && level != null && level.GetNamedPermissionSetInternal(namedPermSet.Name) != null)
                {
                    e.AddAttribute("PermissionSetName", namedPermSet.Name);
                }
                else
                {
                    if (!permSet.IsEmpty())
                    {
                        e.AddChild(permSet.ToXml());
                    }
                }

                if (m_policy.Attributes != PolicyStatementAttribute.Nothing)
                {
                    e.AddAttribute("Attributes", XMLUtil.BitFieldEnumToString(typeof(PolicyStatementAttribute), m_policy.Attributes));
                }
            }

            if (m_children.Count > 0)
            {
                lock (this)
                {
                    IEnumerator enumerator = m_children.GetEnumerator();

                    while (enumerator.MoveNext())
                    {
                        e.AddChild(((CodeGroup)enumerator.Current).ToXml(level));
                    }
                }
            }

            if (m_name != null)
            {
                e.AddAttribute("Name", SecurityElement.Escape(m_name));
            }

            if (m_description != null)
            {
                e.AddAttribute("Description", SecurityElement.Escape(m_description));
            }

            CreateXml(e, level);

            return(e);
        }
Exemple #12
0
        /// <summary>
        ///     Union a child policy statement into this policy statement
        /// </summary>
        internal void InplaceUnion(PolicyStatement childPolicy)
        {
            BCLDebug.Assert(childPolicy != null, "childPolicy != null");

            if (((Attributes & childPolicy.Attributes) & PolicyStatementAttribute.Exclusive) == PolicyStatementAttribute.Exclusive)
            {
                throw new PolicyException(Environment.GetResourceString( "Policy_MultipleExclusive" ));
            }

            // We need to merge together our grant set and attributes.  The result of this merge is
            // dependent upon if we're merging a child marked exclusive or not.  If the child is not
            // exclusive, we need to union in its grant set and or in its attributes. However, if the child
            // is exclusive then it is the only code group which should have an effect on the resulting
            // grant set and therefore our grant should be ignored.
            if ((childPolicy.Attributes & PolicyStatementAttribute.Exclusive) == PolicyStatementAttribute.Exclusive)
            {
                m_permSet = childPolicy.GetPermissionSetNoCopy();
                Attributes = childPolicy.Attributes;
            }
            else
            {
                m_permSet.InplaceUnion(childPolicy.GetPermissionSetNoCopy());
                Attributes = Attributes | childPolicy.Attributes;
            }
        }
        internal PolicyStatement Resolve (Evidence evidence, int count, char[] serializedEvidence) {
            if (evidence == null)
                throw new ArgumentNullException("evidence");

            PolicyStatement policy = null;
            if (serializedEvidence != null)
                policy = CheckCache(count, serializedEvidence);

            if (policy == null) {
                CheckLoaded();

                bool allConst;
                bool isFullTrust = m_fullTrustAssemblies != null && IsFullTrustAssembly(m_fullTrustAssemblies, evidence);
                if (isFullTrust) {
                    policy = new PolicyStatement(new PermissionSet(true), PolicyStatementAttribute.Nothing);
                    allConst = true;
                }
                else {
                    ArrayList list = GenericResolve(evidence, out allConst);
                    policy = new PolicyStatement();
                    // This will set the permission set to the empty set.
                    policy.PermissionSet = null;

                    IEnumerator enumerator = list.GetEnumerator();
                    while (enumerator.MoveNext()) {
                        PolicyStatement ps = ((CodeGroupStackFrame)enumerator.Current).policy;
                        if (ps != null) {
                            policy.GetPermissionSetNoCopy().InplaceUnion(ps.GetPermissionSetNoCopy());
                            policy.Attributes |= ps.Attributes;
                        }
                    }
                }
                if (allConst && serializedEvidence != null)
                    Cache(count, serializedEvidence, policy);
            }

            return policy;
        }
Exemple #14
0
        private void CombinePolicy( PolicyStatement left, PolicyStatement right )
        {
#if _DEBUG
            if (debug)
            {
                DEBUG_OUT( "left = \n" + (left == null ? "<null>" : left.ToXml().ToString() ) );
                DEBUG_OUT( "right = \n" + (right == null ? "<null>" : right.ToXml().ToString() ) );
            } 
#endif
            if (right == null)
            {
                return;
            }
            else
            {
                // An exception somewhere in here means that a permission
                // failed some operation.  This simply means that it will be
                // dropped from the grant set which is safe operation that
                // can be ignored.
                
                try
                {
                    left.GetPermissionSetNoCopy().InplaceUnion( right.GetPermissionSetNoCopy() );
                }
                catch (Exception)
                {
                }
                left.Attributes = left.Attributes | right.Attributes;
            }

#if _DEBUG
            if (debug)          
                DEBUG_OUT( "outcome =\n" + left.ToXml().ToString() );
#endif
        }
Exemple #15
0
        /// <include file='doc\NetCodeGroup.uex' path='docs/doc[@for="NetCodeGroup.Resolve"]/*' />
        public override PolicyStatement Resolve(Evidence evidence)
        {
            if (evidence == null)
            {
                throw new ArgumentNullException("evidence");
            }

            if (this.MembershipCondition.Check(evidence))
            {
                PolicyStatement thisPolicy = null;

                IEnumerator evidenceEnumerator = evidence.GetHostEnumerator();

                Site site = null;

                while (evidenceEnumerator.MoveNext())
                {
                    Url url = evidenceEnumerator.Current as Url;

                    if (url != null)
                    {
                        thisPolicy = CalculatePolicy(url.GetURLString().Host, url.GetURLString().Scheme);
                    }
                    else
                    {
                        if (site == null)
                        {
                            site = evidenceEnumerator.Current as Site;
                        }
                    }
                }

                if (thisPolicy == null && site != null)
                {
                    thisPolicy = CalculatePolicy(site.Name, null);
                }

                if (thisPolicy == null)
                {
                    thisPolicy = new PolicyStatement(new PermissionSet(false), PolicyStatementAttribute.Nothing);
                }

                IEnumerator enumerator = this.Children.GetEnumerator();

                while (enumerator.MoveNext())
                {
                    PolicyStatement childPolicy = ((CodeGroup)enumerator.Current).Resolve(evidence);

                    if (childPolicy != null)
                    {
                        if (((thisPolicy.Attributes & childPolicy.Attributes) & PolicyStatementAttribute.Exclusive) == PolicyStatementAttribute.Exclusive)
                        {
                            throw new PolicyException(Environment.GetResourceString("Policy_MultipleExclusive"));
                        }

                        thisPolicy.GetPermissionSetNoCopy().InplaceUnion(childPolicy.GetPermissionSetNoCopy());
                        thisPolicy.Attributes = thisPolicy.Attributes | childPolicy.Attributes;
                    }
                }

                return(thisPolicy);
            }
            else
            {
                return(null);
            }
        }