public static void RevertPermitOnly() { if (!SecurityManager.SecurityEnabled) { return; } SecurityFrame sf = new SecurityFrame(1); if ((sf.PermitOnly != null) && sf.PermitOnly.DeclarativeSecurity) { throw new NotSupportedException("Currently only declarative PermitOnly are supported."); } else { // we can't revert declarative security (or an empty frame) imperatively ThrowExecutionEngineException(SecurityAction.PermitOnly); } }
public static void RevertDeny() { #if UNITY_DISABLE_CORECLR #if !DISABLE_SECURITY if (!SecurityManager.SecurityEnabled) { return; } SecurityFrame sf = new SecurityFrame(1); if ((sf.Deny != null) && !sf.Deny.DeclarativeSecurity) { throw new NotSupportedException("Currently only declarative Deny are supported."); } else { // we can't revert declarative security (or an empty frame) imperatively ThrowExecutionEngineException(SecurityAction.Deny); } #endif #endif }
public static void RevertAll() { #if UNITY_DISABLE_CORECLR #if !DISABLE_SECURITY if (!SecurityManager.SecurityEnabled) { return; } SecurityFrame sf = new SecurityFrame(1); bool revert = false; if ((sf.Assert != null) && !sf.Assert.DeclarativeSecurity) { revert = true; throw new NotSupportedException("Currently only declarative Assert are supported."); } if ((sf.Deny != null) && !sf.Deny.DeclarativeSecurity) { revert = true; throw new NotSupportedException("Currently only declarative Deny are supported."); } if ((sf.PermitOnly != null) && !sf.PermitOnly.DeclarativeSecurity) { revert = true; throw new NotSupportedException("Currently only declarative PermitOnly are supported."); } if (!revert) { string msg = Locale.GetText("No stack modifiers are present on the current stack frame."); // FIXME: we don't (yet) support imperative stack modifiers msg += Environment.NewLine + "Currently only declarative stack modifiers are supported."; throw new ExecutionEngineException(msg); } #endif #endif }
public bool Equals(SecurityFrame sf) { return(object.ReferenceEquals(this._domain, sf.Domain) && !(this.Assembly.ToString() != sf.Assembly.ToString()) && !(this.Method.ToString() != sf.Method.ToString()) && (this._assert == null || this._assert.Equals(sf.Assert)) && (this._deny == null || this._deny.Equals(sf.Deny)) && (this._permitonly == null || this._permitonly.Equals(sf.PermitOnly))); }
internal bool ProcessFrame(SecurityFrame frame) { // 1. CheckPermitOnly if (frame.PermitOnly != null) { // the demanded permission must be in one of the permitted... bool permit = frame.PermitOnly.IsUnrestricted(); if (!permit) { // check individual permissions foreach (IPermission p in frame.PermitOnly) { if (CheckPermitOnly(p as CodeAccessPermission)) { permit = true; break; } } } if (!permit) { // ...or else we throw ThrowSecurityException(this, "PermitOnly", frame, SecurityAction.Demand, null); } } // 2. CheckDeny if (frame.Deny != null) { // special case where everything is denied (i.e. no child to be processed) if (frame.Deny.IsUnrestricted()) { ThrowSecurityException(this, "Deny", frame, SecurityAction.Demand, null); } foreach (IPermission p in frame.Deny) { if (!CheckDeny(p as CodeAccessPermission)) { ThrowSecurityException(this, "Deny", frame, SecurityAction.Demand, p); } } } // 3. CheckAssert if (frame.Assert != null) { if (frame.Assert.IsUnrestricted()) { return(true); // remove permission and continue stack walk } foreach (IPermission p in frame.Assert) { if (CheckAssert(p as CodeAccessPermission)) { return(true); // remove permission and continue stack walk } } } // continue the stack walk return(false); }
internal void CheckAppDomain (AppDomain domain, SecurityFrame frame) { IPermission p = SecurityManager.CheckPermissionSet (domain, this); if (p != null) { CodeAccessPermission.ThrowSecurityException (this, "Demand failed appdomain permissions checks.", frame, SecurityAction.Demand, p); } }
internal void CheckAssembly (Assembly a, SecurityFrame frame) { IPermission p = SecurityManager.CheckPermissionSet (a, this, false); if (p != null) { CodeAccessPermission.ThrowSecurityException (this, "Demand failed assembly permissions checks.", frame, SecurityAction.Demand, p); } }
internal bool ProcessFrame (SecurityFrame frame, ref Assembly current, ref AppDomain domain) { if (IsUnrestricted ()) { // we request unrestricted if (frame.Deny != null) { // but have restrictions (some denied permissions) CodeAccessPermission.ThrowSecurityException (this, "Deny", frame, SecurityAction.Demand, null); } else if ((frame.PermitOnly != null) && !frame.PermitOnly.IsUnrestricted ()) { // but have restrictions (only some permitted permissions) CodeAccessPermission.ThrowSecurityException (this, "PermitOnly", frame, SecurityAction.Demand, null); } } // skip next steps if no Assert, Deny or PermitOnly are present if (frame.HasStackModifiers) { for (int i = 0; i < list.Count; i++) { CodeAccessPermission cap = (CodeAccessPermission) list [i]; if (cap.ProcessFrame (frame)) { _ignored [i] = true; // asserted if (AllIgnored ()) return true; // no more, abort stack walk! } } } // however the "final" grant set is resolved by assembly, so // there's no need to check it every time (just when we're // changing assemblies between frames). if (frame.Assembly != current) { CheckAssembly (current, frame); current = frame.Assembly; } if (frame.Domain != domain) { CheckAppDomain (domain, frame); domain = frame.Domain; } return false; }
internal static void ThrowSecurityException(object demanded, string message, SecurityFrame frame, SecurityAction action, IPermission failed) { throw new SecurityException(message); }
public bool Equals (SecurityFrame sf) { if (!Object.ReferenceEquals (_domain, sf.Domain)) return false; if (Assembly.ToString () != sf.Assembly.ToString ()) return false; if (Method.ToString () != sf.Method.ToString ()) return false; if ((_assert != null) && !_assert.Equals (sf.Assert)) return false; if ((_deny != null) && !_deny.Equals (sf.Deny)) return false; if ((_permitonly != null) && !_permitonly.Equals (sf.PermitOnly)) return false; return true; }
internal static void ThrowSecurityException (object demanded, string message, SecurityFrame frame, SecurityAction action, IPermission failed) { #if NET_2_1 throw new SecurityException (message); #else Assembly a = frame.Assembly; throw new SecurityException (Locale.GetText (message), a.UnprotectedGetName (), a.GrantedPermissionSet, a.DeniedPermissionSet, frame.Method, action, demanded, failed, a.UnprotectedGetEvidence ()); #endif }
internal bool ProcessFrame (SecurityFrame frame) { // 1. CheckPermitOnly if (frame.PermitOnly != null) { // the demanded permission must be in one of the permitted... bool permit = frame.PermitOnly.IsUnrestricted (); if (!permit) { // check individual permissions foreach (IPermission p in frame.PermitOnly) { if (CheckPermitOnly (p as CodeAccessPermission)) { permit = true; break; } } } if (!permit) { // ...or else we throw ThrowSecurityException (this, "PermitOnly", frame, SecurityAction.Demand, null); } } // 2. CheckDeny if (frame.Deny != null) { // special case where everything is denied (i.e. no child to be processed) if (frame.Deny.IsUnrestricted ()) ThrowSecurityException (this, "Deny", frame, SecurityAction.Demand, null); foreach (IPermission p in frame.Deny) { if (!CheckDeny (p as CodeAccessPermission)) ThrowSecurityException (this, "Deny", frame, SecurityAction.Demand, p); } } // 3. CheckAssert if (frame.Assert != null) { if (frame.Assert.IsUnrestricted ()) return true; // remove permission and continue stack walk foreach (IPermission p in frame.Assert) { if (CheckAssert (p as CodeAccessPermission)) { return true; // remove permission and continue stack walk } } } // continue the stack walk return false; }
public static void RevertPermitOnly () { if (!SecurityManager.SecurityEnabled) return; SecurityFrame sf = new SecurityFrame (1); if ((sf.PermitOnly != null) && sf.PermitOnly.DeclarativeSecurity) { throw new NotSupportedException ("Currently only declarative PermitOnly are supported."); } else { // we can't revert declarative security (or an empty frame) imperatively ThrowExecutionEngineException (SecurityAction.PermitOnly); } }
public static void RevertAll () { if (!SecurityManager.SecurityEnabled) return; SecurityFrame sf = new SecurityFrame (1); bool revert = false; if ((sf.Assert != null) && !sf.Assert.DeclarativeSecurity) { revert = true; throw new NotSupportedException ("Currently only declarative Assert are supported."); } if ((sf.Deny != null) && !sf.Deny.DeclarativeSecurity) { revert = true; throw new NotSupportedException ("Currently only declarative Deny are supported."); } if ((sf.PermitOnly != null) && !sf.PermitOnly.DeclarativeSecurity) { revert = true; throw new NotSupportedException ("Currently only declarative PermitOnly are supported."); } if (!revert) { string msg = Locale.GetText ("No stack modifiers are present on the current stack frame."); // FIXME: we don't (yet) support imperative stack modifiers msg += Environment.NewLine + "Currently only declarative stack modifiers are supported."; throw new ExecutionEngineException (msg); } }