public static void RevertPermitOnly()
        {
            if (!SecurityManager.SecurityEnabled)
            {
                return;
            }

            SecurityFrame sf = new SecurityFrame(1);

            if ((sf.PermitOnly != null) && sf.PermitOnly.DeclarativeSecurity)
            {
                throw new NotSupportedException("Currently only declarative PermitOnly are supported.");
            }
            else
            {
                // we can't revert declarative security (or an empty frame) imperatively
                ThrowExecutionEngineException(SecurityAction.PermitOnly);
            }
        }
Exemple #2
0
        public static void RevertDeny()
        {
                        #if UNITY_DISABLE_CORECLR
                        #if !DISABLE_SECURITY
            if (!SecurityManager.SecurityEnabled)
            {
                return;
            }

            SecurityFrame sf = new SecurityFrame(1);
            if ((sf.Deny != null) && !sf.Deny.DeclarativeSecurity)
            {
                throw new NotSupportedException("Currently only declarative Deny are supported.");
            }
            else
            {
                // we can't revert declarative security (or an empty frame) imperatively
                ThrowExecutionEngineException(SecurityAction.Deny);
            }
                        #endif
                        #endif
        }
Exemple #3
0
        public static void RevertAll()
        {
                        #if UNITY_DISABLE_CORECLR
                        #if !DISABLE_SECURITY
            if (!SecurityManager.SecurityEnabled)
            {
                return;
            }

            SecurityFrame sf     = new SecurityFrame(1);
            bool          revert = false;
            if ((sf.Assert != null) && !sf.Assert.DeclarativeSecurity)
            {
                revert = true;
                throw new NotSupportedException("Currently only declarative Assert are supported.");
            }
            if ((sf.Deny != null) && !sf.Deny.DeclarativeSecurity)
            {
                revert = true;
                throw new NotSupportedException("Currently only declarative Deny are supported.");
            }
            if ((sf.PermitOnly != null) && !sf.PermitOnly.DeclarativeSecurity)
            {
                revert = true;
                throw new NotSupportedException("Currently only declarative PermitOnly are supported.");
            }

            if (!revert)
            {
                string msg = Locale.GetText("No stack modifiers are present on the current stack frame.");
                // FIXME: we don't (yet) support imperative stack modifiers
                msg += Environment.NewLine + "Currently only declarative stack modifiers are supported.";
                throw new ExecutionEngineException(msg);
            }
                        #endif
                        #endif
        }
 public bool Equals(SecurityFrame sf)
 {
     return(object.ReferenceEquals(this._domain, sf.Domain) && !(this.Assembly.ToString() != sf.Assembly.ToString()) && !(this.Method.ToString() != sf.Method.ToString()) && (this._assert == null || this._assert.Equals(sf.Assert)) && (this._deny == null || this._deny.Equals(sf.Deny)) && (this._permitonly == null || this._permitonly.Equals(sf.PermitOnly)));
 }
        internal bool ProcessFrame(SecurityFrame frame)
        {
            // 1. CheckPermitOnly
            if (frame.PermitOnly != null)
            {
                // the demanded permission must be in one of the permitted...
                bool permit = frame.PermitOnly.IsUnrestricted();
                if (!permit)
                {
                    // check individual permissions
                    foreach (IPermission p in frame.PermitOnly)
                    {
                        if (CheckPermitOnly(p as CodeAccessPermission))
                        {
                            permit = true;
                            break;
                        }
                    }
                }
                if (!permit)
                {
                    // ...or else we throw
                    ThrowSecurityException(this, "PermitOnly", frame, SecurityAction.Demand, null);
                }
            }

            // 2. CheckDeny
            if (frame.Deny != null)
            {
                // special case where everything is denied (i.e. no child to be processed)
                if (frame.Deny.IsUnrestricted())
                {
                    ThrowSecurityException(this, "Deny", frame, SecurityAction.Demand, null);
                }
                foreach (IPermission p in frame.Deny)
                {
                    if (!CheckDeny(p as CodeAccessPermission))
                    {
                        ThrowSecurityException(this, "Deny", frame, SecurityAction.Demand, p);
                    }
                }
            }

            // 3. CheckAssert
            if (frame.Assert != null)
            {
                if (frame.Assert.IsUnrestricted())
                {
                    return(true); // remove permission and continue stack walk
                }
                foreach (IPermission p in frame.Assert)
                {
                    if (CheckAssert(p as CodeAccessPermission))
                    {
                        return(true); // remove permission and continue stack walk
                    }
                }
            }

            // continue the stack walk
            return(false);
        }
Exemple #6
0
		internal void CheckAppDomain (AppDomain domain, SecurityFrame frame)
		{
			IPermission p = SecurityManager.CheckPermissionSet (domain, this);
			if (p != null) {
				CodeAccessPermission.ThrowSecurityException (this, "Demand failed appdomain permissions checks.",
					frame, SecurityAction.Demand, p);
			}
		}
Exemple #7
0
		internal void CheckAssembly (Assembly a, SecurityFrame frame)
		{
			IPermission p = SecurityManager.CheckPermissionSet (a, this, false);
			if (p != null) {
				CodeAccessPermission.ThrowSecurityException (this, "Demand failed assembly permissions checks.",
					frame, SecurityAction.Demand, p);
			}
		}
Exemple #8
0
		internal bool ProcessFrame (SecurityFrame frame, ref Assembly current, ref AppDomain domain)
		{
			if (IsUnrestricted ()) {
				// we request unrestricted
				if (frame.Deny != null) {
					// but have restrictions (some denied permissions)
					CodeAccessPermission.ThrowSecurityException (this, "Deny", frame, SecurityAction.Demand, null);
				} else if ((frame.PermitOnly != null) && !frame.PermitOnly.IsUnrestricted ()) {
					// but have restrictions (only some permitted permissions)
					CodeAccessPermission.ThrowSecurityException (this, "PermitOnly", frame, SecurityAction.Demand, null);
				}
			}

			// skip next steps if no Assert, Deny or PermitOnly are present
			if (frame.HasStackModifiers) {
				for (int i = 0; i < list.Count; i++) {
					CodeAccessPermission cap = (CodeAccessPermission) list [i];
					if (cap.ProcessFrame (frame)) {
						_ignored [i] = true; // asserted
						if (AllIgnored ())
							return true; // no more, abort stack walk!
					}
				}
			}

			// however the "final" grant set is resolved by assembly, so
			// there's no need to check it every time (just when we're 
			// changing assemblies between frames).
			if (frame.Assembly != current) {
				CheckAssembly (current, frame);
				current = frame.Assembly;
			}

			if (frame.Domain != domain) {
				CheckAppDomain (domain, frame);
				domain = frame.Domain;
			}

			return false;
		}
 internal static void ThrowSecurityException(object demanded, string message, SecurityFrame frame, SecurityAction action, IPermission failed)
 {
     throw new SecurityException(message);
 }
		public bool Equals (SecurityFrame sf)
		{
			if (!Object.ReferenceEquals (_domain, sf.Domain))
				return false;
			if (Assembly.ToString () != sf.Assembly.ToString ())
				return false;
			if (Method.ToString () != sf.Method.ToString ())
				return false;

			if ((_assert != null) && !_assert.Equals (sf.Assert))
				return false;
			if ((_deny != null) && !_deny.Equals (sf.Deny))
				return false;
			if ((_permitonly != null) && !_permitonly.Equals (sf.PermitOnly))
				return false;

			return true;
		}
Exemple #11
0
		internal static void ThrowSecurityException (object demanded, string message, SecurityFrame frame,
			SecurityAction action, IPermission failed)
		{
#if NET_2_1
			throw new SecurityException (message);
#else
			Assembly a = frame.Assembly;
			throw new SecurityException (Locale.GetText (message), 
				a.UnprotectedGetName (), a.GrantedPermissionSet, 
				a.DeniedPermissionSet, frame.Method, action, demanded, 
				failed, a.UnprotectedGetEvidence ());
#endif
		}
Exemple #12
0
		internal bool ProcessFrame (SecurityFrame frame)
		{ 
			// 1. CheckPermitOnly
			if (frame.PermitOnly != null) {
				// the demanded permission must be in one of the permitted...
				bool permit = frame.PermitOnly.IsUnrestricted ();
				if (!permit) {
					// check individual permissions
					foreach (IPermission p in frame.PermitOnly) {
						if (CheckPermitOnly (p as CodeAccessPermission)) {
							permit = true;
							break;
						}
					}
				}
				if (!permit) {
					// ...or else we throw
					ThrowSecurityException (this, "PermitOnly", frame, SecurityAction.Demand, null);
				}
			}

			// 2. CheckDeny
			if (frame.Deny != null) {
				// special case where everything is denied (i.e. no child to be processed)
				if (frame.Deny.IsUnrestricted ())
					ThrowSecurityException (this, "Deny", frame, SecurityAction.Demand, null);
				foreach (IPermission p in frame.Deny) {
					if (!CheckDeny (p as CodeAccessPermission))
						ThrowSecurityException (this, "Deny", frame, SecurityAction.Demand, p);
				}
			}

			// 3. CheckAssert
			if (frame.Assert != null) {
				if (frame.Assert.IsUnrestricted ())
					return true; // remove permission and continue stack walk
				foreach (IPermission p in frame.Assert) {
					if (CheckAssert (p as CodeAccessPermission)) {
						return true; // remove permission and continue stack walk
					}
				}
			}

			// continue the stack walk
			return false; 
		}
Exemple #13
0
		public static void RevertPermitOnly ()
		{
			if (!SecurityManager.SecurityEnabled)
				return;

			SecurityFrame sf = new SecurityFrame (1);
			if ((sf.PermitOnly != null) && sf.PermitOnly.DeclarativeSecurity) {
				throw new NotSupportedException ("Currently only declarative PermitOnly are supported.");
			} else {
				// we can't revert declarative security (or an empty frame) imperatively
				ThrowExecutionEngineException (SecurityAction.PermitOnly);
			}
		}
Exemple #14
0
		public static void RevertAll ()
		{
			if (!SecurityManager.SecurityEnabled)
				return;

			SecurityFrame sf = new SecurityFrame (1);
			bool revert = false;
			if ((sf.Assert != null) && !sf.Assert.DeclarativeSecurity) {
				revert = true;
				throw new NotSupportedException ("Currently only declarative Assert are supported.");
			}
			if ((sf.Deny != null) && !sf.Deny.DeclarativeSecurity) {
				revert = true;
				throw new NotSupportedException ("Currently only declarative Deny are supported.");
			}
			if ((sf.PermitOnly != null) && !sf.PermitOnly.DeclarativeSecurity) {
				revert = true;
				throw new NotSupportedException ("Currently only declarative PermitOnly are supported.");
			}

			if (!revert) {
				string msg = Locale.GetText ("No stack modifiers are present on the current stack frame.");
				// FIXME: we don't (yet) support imperative stack modifiers
				msg += Environment.NewLine + "Currently only declarative stack modifiers are supported.";
				throw new ExecutionEngineException (msg);
			}
		}