[System.Security.SecurityCritical]  // auto-generated
        private void Terminate(PermissionSetTriple currentTriple, PermissionListSet pls) 
        {
#if FEATURE_COMPRESSEDSTACK
            this.UpdateZoneAndOrigin(pls);
#endif // FEATURE_COMPRESSEDSTACK 
            this.UpdatePermissions(currentTriple, pls);
            this.UpdateTripleListAndCreateNewTriple(currentTriple, null); 
        } 
Exemple #2
0
        internal static PermissionListSet CreateCompressedState(CompressedStack cs, CompressedStack innerCS)
        {
            bool constructionHalted = false;

            if (cs.CompressedStackHandle == null)
            {
                return(null);
            }
            PermissionListSet   set           = new PermissionListSet();
            PermissionSetTriple currentTriple = new PermissionSetTriple();

            for (int i = CompressedStack.GetDCSCount(cs.CompressedStackHandle) - 1; (i >= 0) && !constructionHalted; i--)
            {
                DomainCompressedStack domainCompressedStack = CompressedStack.GetDomainCompressedStack(cs.CompressedStackHandle, i);
                if (domainCompressedStack != null)
                {
                    if (domainCompressedStack.PLS == null)
                    {
                        throw new SecurityException(string.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), new object[0]));
                    }
                    set.UpdateZoneAndOrigin(domainCompressedStack.PLS);
                    set.Update(currentTriple, domainCompressedStack.PLS);
                    constructionHalted = domainCompressedStack.ConstructionHalted;
                }
            }
            if (!constructionHalted)
            {
                PermissionListSet pls = null;
                if (innerCS != null)
                {
                    innerCS.CompleteConstruction(null);
                    pls = innerCS.PLS;
                }
                set.Terminate(currentTriple, pls);
                return(set);
            }
            set.Terminate(currentTriple);
            return(set);
        }
Exemple #3
0
        static internal PermissionListSet CreateCompressedState(IntPtr unmanagedDCS, out bool bHaltConstruction)
        {
            PermissionListSet   pls           = new PermissionListSet();
            PermissionSetTriple currentTriple = new PermissionSetTriple();

            PermissionSet tmp_g, tmp_r;
            // Construct the descriptor list
            int descCount = DomainCompressedStack.GetDescCount(unmanagedDCS);

            bHaltConstruction = false;
            for (int i = 0; (i < descCount && !bHaltConstruction); i++)
            {
                FrameSecurityDescriptor fsd;
                Assembly assembly;
                if (DomainCompressedStack.GetDescriptorInfo(unmanagedDCS, i, out tmp_g, out tmp_r, out assembly, out fsd))
                {
                    // Got an FSD
                    bHaltConstruction = pls.Update(currentTriple, fsd);
                }
                else
                {
                    pls.Update(currentTriple, tmp_g, tmp_r);
                }
            }
            if (!bHaltConstruction)
            {
                // domain
                if (!DomainCompressedStack.IgnoreDomain(unmanagedDCS))
                {
                    DomainCompressedStack.GetDomainPermissionSets(unmanagedDCS, out tmp_g, out tmp_r);
                    pls.Update(currentTriple, tmp_g, tmp_r);
                }
            }
            pls.Terminate(currentTriple);


            // return the created object
            return(pls);
        }
        public PermissionListSet(PermissionListSet permListSet)
        {
            if (permListSet == null)
            {
                Reset();
                return;
            }

            m_unrestrictedPermSet = new TokenBasedSet(permListSet.m_unrestrictedPermSet);

            // Now deep copy all permission lists in set.
            // Note that this DOES deep copy permissions in the list.
            for (int i = 0; i <= m_unrestrictedPermSet.GetMaxUsedIndex(); i++)
            {
                PermissionList plist = (PermissionList)m_unrestrictedPermSet.GetItem(i);
                if (plist != null)
                {
                    m_unrestrictedPermSet.SetItem(i, plist.Copy());
                }
            }

            m_normalPermSet = new TokenBasedSet(permListSet.m_normalPermSet);

            // Now deep copy all permission lists in set.
            // Note that this DOES deep copy permissions in the list.
            for (int i = 0; i <= m_normalPermSet.GetMaxUsedIndex(); i++)
            {
                PermissionList plist = (PermissionList)m_normalPermSet.GetItem(i);
                if (plist != null)
                {
                    m_normalPermSet.SetItem(i, plist.Copy());
                }
            }

            m_unrestricted = permListSet.m_unrestricted;
            m_state        = permListSet.m_state;
        }
 [System.Security.SecurityCritical]  // auto-generated
 static internal PermissionListSet CreateCompressedState_HG() 
 {
     PermissionListSet pls = new PermissionListSet(); 
     CompressedStack.GetHomogeneousPLS(pls); 
     return pls;
 } 
        // public(internal) interface begins... 
        // Creation functions 
        static internal PermissionListSet CreateCompressedState(CompressedStack cs, CompressedStack innerCS)
        { 
            // function that completes the construction of the compressed stack if not done so already (bottom half for demand evaluation)

            bool bHaltConstruction = false;
            if (cs.CompressedStackHandle == null) 
                return null; //  FT case or Security off
 
            PermissionListSet pls = new PermissionListSet(); 
            PermissionSetTriple currentTriple = new PermissionSetTriple();
            int numDomains = CompressedStack.GetDCSCount(cs.CompressedStackHandle); 
            for (int i=numDomains-1; (i >= 0 && !bHaltConstruction) ; i--)
            {
                DomainCompressedStack dcs = CompressedStack.GetDomainCompressedStack(cs.CompressedStackHandle, i);
                if (dcs == null) 
                    continue; // we hit a FT Domain
                if (dcs.PLS == null) 
                { 
                    // We failed on some DCS
                    throw new SecurityException(String.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"))); 
                }
                pls.UpdateZoneAndOrigin(dcs.PLS);
                pls.Update(currentTriple, dcs.PLS);
                bHaltConstruction = dcs.ConstructionHalted; 
            }
            if (!bHaltConstruction) 
            { 
                PermissionListSet tmp_pls = null;
                // Construction did not halt. 
                if (innerCS != null)
                {
                    innerCS.CompleteConstruction(null);
                    tmp_pls = innerCS.PLS; 
                }
                pls.Terminate(currentTriple, tmp_pls); 
            } 
            else
            { 
                pls.Terminate(currentTriple);
            }

            return pls; 
        }
 private void UpdateZoneAndOrigin(PermissionListSet pls)
 {
     if (pls != null) 
     {
         if (this.m_zoneList == null && pls.m_zoneList != null && pls.m_zoneList.Count > 0) 
             this.m_zoneList = new ArrayList(); 
         UpdateArrayList(this.m_zoneList, pls.m_zoneList);
         if (this.m_originList == null && pls.m_originList != null && pls.m_originList.Count > 0) 
             this.m_originList = new ArrayList();
         UpdateArrayList(this.m_originList, pls.m_originList);
     }
 } 
Exemple #8
0
     public PermissionListSet(PermissionListSet permListSet)
     {
         if (permListSet == null)
         {
             Reset();
             return;
         }
         
         m_unrestrictedPermSet = new TokenBasedSet(permListSet.m_unrestrictedPermSet);
 
         // Now deep copy all permission lists in set.
         // Note that this DOES deep copy permissions in the list.
         for (int i = 0; i <= m_unrestrictedPermSet.GetMaxUsedIndex(); i++)
         {
             PermissionList plist = (PermissionList)m_unrestrictedPermSet.GetItem(i);
             if (plist != null)
             {
                 m_unrestrictedPermSet.SetItem(i, plist.Copy());
             }
         }
         
         m_normalPermSet = new TokenBasedSet(permListSet.m_normalPermSet);
         
         // Now deep copy all permission lists in set.
         // Note that this DOES deep copy permissions in the list.
         for (int i = 0; i <= m_normalPermSet.GetMaxUsedIndex(); i++)
         {
             PermissionList plist = (PermissionList)m_normalPermSet.GetItem(i);
             if (plist != null)
             {
                 m_normalPermSet.SetItem(i, plist.Copy());
             }
         }        
         
         m_unrestricted = permListSet.m_unrestricted;
         m_state = permListSet.m_state;
     }
        static bool StackCompressWalkHelper(PermissionListSet compressedStack,
                                               bool skipGrants,
                                               PermissionSet grantedPerms,
                                               PermissionSet deniedPerms,
                                               FrameSecurityDescriptor frameInfo)
        {
            if (!skipGrants)
            {
                if (!compressedStack.AppendPermissions(grantedPerms,
                                                       PermissionList.MatchChecked))
                    return false;
                if (deniedPerms != null && !compressedStack.AppendPermissions(deniedPerms,
                                                                              PermissionList.MatchDeny))
                    return false;
            }
            
            if (frameInfo != null)
            {
                PermissionSet set = frameInfo.GetPermitOnly();

                if (set != null)
                {
                    if (!compressedStack.AppendPermissions( set, PermissionList.MatchPermitOnly ))
                        return false;
                }

                set = frameInfo.GetDenials();

                if (set != null)
                {
                    if (!compressedStack.AppendPermissions( set, PermissionList.MatchDeny ))
                        return false;
                }

                set = frameInfo.GetAssertions();

                if (set != null)
                {
                    if (!compressedStack.AppendPermissions( set, PermissionList.MatchAssert ))
                        return false;
                }
            }
            
            return true;
        }
Exemple #10
0
 private bool Update(PermissionSetTriple currentTriple, PermissionListSet pls)
 {
     this.UpdateZoneAndOrigin(pls);
     return(this.UpdatePermissions(currentTriple, pls));
 }
 internal extern static void GetHomogeneousPLS(PermissionListSet hgPLS);
 private void Terminate(PermissionSetTriple currentTriple, PermissionListSet pls)
 {
     this.UpdateZoneAndOrigin(pls);
     this.UpdatePermissions(currentTriple, pls);
     this.UpdateTripleListAndCreateNewTriple(currentTriple, null);
 }
 internal static PermissionListSet CreateCompressedState_HG()
 {
     PermissionListSet hgPLS = new PermissionListSet();
     CompressedStack.GetHomogeneousPLS(hgPLS);
     return hgPLS;
 }
 internal static PermissionListSet CreateCompressedState(CompressedStack cs, CompressedStack innerCS)
 {
     bool constructionHalted = false;
     if (cs.CompressedStackHandle == null)
     {
         return null;
     }
     PermissionListSet set = new PermissionListSet();
     PermissionSetTriple currentTriple = new PermissionSetTriple();
     for (int i = CompressedStack.GetDCSCount(cs.CompressedStackHandle) - 1; (i >= 0) && !constructionHalted; i--)
     {
         DomainCompressedStack domainCompressedStack = CompressedStack.GetDomainCompressedStack(cs.CompressedStackHandle, i);
         if (domainCompressedStack != null)
         {
             if (domainCompressedStack.PLS == null)
             {
                 throw new SecurityException(string.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), new object[0]));
             }
             set.UpdateZoneAndOrigin(domainCompressedStack.PLS);
             set.Update(currentTriple, domainCompressedStack.PLS);
             constructionHalted = domainCompressedStack.ConstructionHalted;
         }
     }
     if (!constructionHalted)
     {
         PermissionListSet pls = null;
         if (innerCS != null)
         {
             innerCS.CompleteConstruction(null);
             pls = innerCS.PLS;
         }
         set.Terminate(currentTriple, pls);
         return set;
     }
     set.Terminate(currentTriple);
     return set;
 }
 internal static PermissionListSet CreateCompressedState(IntPtr unmanagedDCS, out bool bHaltConstruction)
 {
     PermissionSet set2;
     PermissionSet set3;
     PermissionListSet set = new PermissionListSet();
     PermissionSetTriple currentTriple = new PermissionSetTriple();
     int descCount = DomainCompressedStack.GetDescCount(unmanagedDCS);
     bHaltConstruction = false;
     for (int i = 0; (i < descCount) && !bHaltConstruction; i++)
     {
         FrameSecurityDescriptor descriptor;
         Assembly assembly;
         if (DomainCompressedStack.GetDescriptorInfo(unmanagedDCS, i, out set2, out set3, out assembly, out descriptor))
         {
             bHaltConstruction = set.Update(currentTriple, descriptor);
         }
         else
         {
             set.Update(currentTriple, set2, set3);
         }
     }
     if (!bHaltConstruction && !DomainCompressedStack.IgnoreDomain(unmanagedDCS))
     {
         DomainCompressedStack.GetDomainPermissionSets(unmanagedDCS, out set2, out set3);
         set.Update(currentTriple, set2, set3);
     }
     set.Terminate(currentTriple);
     return set;
 }
Exemple #16
0
 private bool Update(PermissionSetTriple currentTriple, PermissionListSet pls)
 {
     return(this.UpdatePermissions(currentTriple, pls));
 }
 private bool Update(PermissionSetTriple currentTriple, PermissionListSet pls)
 {
     this.UpdateZoneAndOrigin(pls);
     return this.UpdatePermissions(currentTriple, pls);
 }
Exemple #18
0
 private void Terminate(PermissionSetTriple currentTriple, PermissionListSet pls)
 {
     this.UpdateZoneAndOrigin(pls);
     this.UpdatePermissions(currentTriple, pls);
     this.UpdateTripleListAndCreateNewTriple(currentTriple, (ArrayList)null);
 }
 private bool UpdatePermissions(PermissionSetTriple currentTriple, PermissionListSet pls)
 {
     if (pls != null)
     {
         if (pls.m_permSetTriples != null)
         {
             this.UpdateTripleListAndCreateNewTriple(currentTriple, pls.m_permSetTriples);
         }
         else
         {
             PermissionSetTriple triple2;
             PermissionSetTriple firstPermSetTriple = pls.m_firstPermSetTriple;
             if (currentTriple.Update(firstPermSetTriple, out triple2))
             {
                 return true;
             }
             if (triple2 != null)
             {
                 this.EnsureTriplesListCreated();
                 this.m_permSetTriples.Add(triple2);
             }
         }
     }
     else
     {
         this.UpdateTripleListAndCreateNewTriple(currentTriple, null);
     }
     return false;
 }
        internal bool CheckDemandInternal(CodeAccessPermission demand, bool createException, out Exception exception)
        {
            BCLDebug.Assert(m_head != null, "m_head != null");
            for (PListNode pnext = m_head; pnext != null; pnext = pnext.next)
            {
                if (pnext.perm == null)
                {
                    // If this is a grant set or a permit only, then we should fail since null indicates the empty permission.
                    if (pnext.type == MatchChecked || pnext.type == MatchPermitOnly)
                    {
                        BCLDebug.Assert(!demand.IsSubsetOf(null), "By the time we get here, demands that are subsets of null should have been terminated");
                        if (createException)
                        {
                            exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName));
                        }
                        else
                        {
                            exception = PermissionListSet.GetStaticException();
                        }
                        return(false);
                    }

                    // If this is a deny, then we should fail since null indicates the unrestricted permission.
                    if (pnext.type == MatchDeny)
                    {
                        if (createException)
                        {
                            exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName));
                        }
                        else
                        {
                            exception = PermissionListSet.GetStaticException();
                        }
                        return(false);
                    }

                    // If this is an assert, then we should return success and terminate the stack walk since
                    // null indicates the unrestricted permission.
                    if (pnext.type == MatchAssert)
                    {
                        exception = null;
                        return(false);
                    }

                    // If this is anything else, then we should act confused.
                    // This case is unexpected.
                    BCLDebug.Assert(false, "This case should never happen");
                    exception = new InvalidOperationException(Environment.GetResourceString("InvalidOperation_InvalidState"));
                    return(false);
                }

                CodeAccessPermission cap = pnext.perm;
                switch (pnext.type)
                {
                case MatchChecked:
                case MatchPermitOnly:
                    if (!demand.IsSubsetOf(cap))
                    {
                        if (createException)
                        {
                            exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName));
                        }
                        else
                        {
                            exception = PermissionListSet.GetStaticException();
                        }
                        return(false);
                    }
                    break;

                case MatchAssert:
                    if (demand.IsSubsetOf(cap))
                    {
                        exception = null;
                        return(false);
                    }
                    break;

                case MatchDeny:
                    if (demand.Intersect(cap) != null)
                    {
                        if (createException)
                        {
                            exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName));
                        }
                        else
                        {
                            exception = PermissionListSet.GetStaticException();
                        }
                        return(false);
                    }
                    break;

                default:
                    // Illegal entry
                    exception = new InvalidOperationException(Environment.GetResourceString("InvalidOperation_InvalidState"));
                    return(false);
                }
            }

            exception = null;
            return(true);
        }
 internal void CompleteConstruction(CompressedStack innerCS)
 {
     if (this.PLS == null)
     {
         PermissionListSet set = PermissionListSet.CreateCompressedState(this, innerCS);
         lock (this)
         {
             if (this.PLS == null)
             {
                 this.m_pls = set;
             }
         }
     }
 }
 [System.Security.SecurityCritical]  // auto-generated
 private static PermissionListSet UpdateAppDomainPLS(PermissionListSet adPLS, PermissionSet grantedPerms, PermissionSet refusedPerms) {
     if (adPLS == null) {
         adPLS = new PermissionListSet();
         adPLS.UpdateDomainPLS(grantedPerms, refusedPerms);
         return adPLS;
     } else {
         PermissionListSet newPLS = new PermissionListSet();
         newPLS.UpdateDomainPLS(adPLS);
         newPLS.UpdateDomainPLS(grantedPerms, refusedPerms);
         return newPLS;
     }
 }
        internal virtual PermissionListSet GetCompressedStack(ref StackCrawlMark stackMark)
        {
            PermissionListSet permListSet = GetCompressedStackN(ref stackMark);

            return(permListSet);
        }
Exemple #24
0
        public void AppendStack(PermissionListSet permListSet)
        {
            if (permListSet == null)
                return;
            
			AppendStackHelper( this.m_normalPermSet, permListSet.m_normalPermSet, false, false, false );
            if (((m_state & (PermissionListSetState.UnrestrictedAssert | PermissionListSetState.UnrestrictedDeny)) == 0))
            {
			    AppendStackHelper( this.m_unrestrictedPermSet, permListSet.m_unrestrictedPermSet, this.m_unrestricted, permListSet.m_unrestricted, true );
                m_state = m_state | permListSet.m_state;

                // The new list set is unrestricted only if both were previously.
                m_unrestricted = m_unrestricted && permListSet.m_unrestricted;
            }

        }
 internal PermissionListSetEnumerator(PermissionListSet permListSet)
 
     : base(permListSet.m_unrestrictedPermSet) {
     m_first = true;
     m_permListSet = permListSet;
 }
        [System.Security.SecurityCritical]  // auto-generated 
        private bool UpdatePermissions(PermissionSetTriple currentTriple, PermissionListSet pls)
        { 
            if (pls != null)
            {
                if (pls.m_permSetTriples != null)
                { 
                    // DCS has an AGR List. So we need to add the AGR List
                    UpdateTripleListAndCreateNewTriple(currentTriple,pls.m_permSetTriples); 
                } 
                else
                { 
                    // Common case: One AGR set

                    PermissionSetTriple tmp_psTriple = pls.m_firstPermSetTriple;
                    PermissionSetTriple retTriple; 
                    // First try and update currentTriple. Return value indicates if we can stop construction
                    if (currentTriple.Update(tmp_psTriple, out retTriple)) 
                        return true; 
                    // If we got a non-null retTriple, what it means is that compression failed,
                    // and we now have 2 triples to deal with: retTriple and currentTriple. 
                    // retTriple has to be appended first. then currentTriple.
                    if (retTriple != null)
                    {
                        EnsureTriplesListCreated(); 
                        // we just created a new triple...add the previous one (returned) to the list
                        m_permSetTriples.Add(retTriple); 
                    } 
                }
            } 
            else
            {
                // pls can be null only outside the loop in CreateCompressedState
                UpdateTripleListAndCreateNewTriple(currentTriple, null); 
            }
 
 
            return false;
 
        }
 [System.Security.SecurityCritical]  // auto-generated
 private CompressedStack(SafeCompressedStackHandle csHandle, PermissionListSet pls)
 {
     this.m_csHandle = csHandle;
     this.m_pls = pls;
 }
        [System.Security.SecurityCritical]  // auto-generated 
        static internal PermissionListSet CreateCompressedState(IntPtr unmanagedDCS, out bool bHaltConstruction)
        { 
            PermissionListSet pls = new PermissionListSet();
            PermissionSetTriple currentTriple = new PermissionSetTriple();

            PermissionSet tmp_g, tmp_r; 
            // Construct the descriptor list
            int descCount = DomainCompressedStack.GetDescCount(unmanagedDCS); 
            bHaltConstruction = false; 
            for(int i=0; (i < descCount && !bHaltConstruction); i++)
            { 
                FrameSecurityDescriptor fsd;
                Assembly assembly;
                if (DomainCompressedStack.GetDescriptorInfo(unmanagedDCS, i, out tmp_g, out tmp_r, out assembly, out fsd))
                { 
                    // Got an FSD
                    bHaltConstruction = pls.Update(currentTriple, fsd); 
                } 
                else
                { 
                    pls.Update(currentTriple, tmp_g, tmp_r);
                }

            } 
            if (!bHaltConstruction)
            { 
                // domain 
                if (!DomainCompressedStack.IgnoreDomain(unmanagedDCS))
                { 
                    DomainCompressedStack.GetDomainPermissionSets(unmanagedDCS, out tmp_g, out tmp_r);
                    pls.Update(currentTriple, tmp_g, tmp_r);
                }
            } 
            pls.Terminate(currentTriple);
 
 
            // return the created object
            return pls; 

        }
 private CompressedStack(SerializationInfo info, StreamingContext context) 
 {
     this.m_pls = (PermissionListSet)info.GetValue("PLS", typeof(PermissionListSet));
 }
 [System.Security.SecurityCritical]  // auto-generated
 internal void UpdateDomainPLS (PermissionListSet adPLS) { 
     if (adPLS != null && adPLS.m_firstPermSetTriple != null)
         UpdateDomainPLS(adPLS.m_firstPermSetTriple.GrantSet, adPLS.m_firstPermSetTriple.RefusedSet); 
 } 
 internal void CompleteConstruction(CompressedStack innerCS)
 {
     if (PLS != null)
         return;
     PermissionListSet pls = PermissionListSet.CreateCompressedState(this, innerCS);
     lock (this)
     {
         if (PLS == null)
             m_pls = pls;
     }
 }
        [System.Security.SecurityCritical]  // auto-generated 
        private bool Update(PermissionSetTriple currentTriple, PermissionListSet pls)
        {
#if FEATURE_COMPRESSEDSTACK
            this.UpdateZoneAndOrigin(pls); 
#endif // FEATURE_COMPRESSEDSTACK
            return this.UpdatePermissions(currentTriple, pls); 
        } 
Exemple #33
0
 private void Terminate(PermissionSetTriple currentTriple, PermissionListSet pls)
 {
     this.UpdatePermissions(currentTriple, pls);
     this.UpdateTripleListAndCreateNewTriple(currentTriple, null);
 }