// Reinitializes all state in PermissionSet. public void Reset() { if (m_unrestrictedPermSet == null) { m_unrestrictedPermSet = new TokenBasedSet(12, 4); } else { m_unrestrictedPermSet.Reset(); } if (m_normalPermSet == null) { m_normalPermSet = new TokenBasedSet(6, 4); } else { m_normalPermSet.Reset(); } // By default, the PermissionListSet is unrestricted. Why? // At the start, having nothing on the stack should indicate success. // Once the first non-unrestricted grant is appended to the set, // then the PermissionListSet will become non-unrestricted. m_unrestricted = true; m_state = PermissionListSetState.None; }
public void AppendStack(PermissionListSet permListSet) { if (permListSet == null) { return; } AppendStackHelper(this.m_normalPermSet, permListSet.m_normalPermSet, false, false, false); if (((m_state & (PermissionListSetState.UnrestrictedAssert | PermissionListSetState.UnrestrictedDeny)) == 0)) { AppendStackHelper(this.m_unrestrictedPermSet, permListSet.m_unrestrictedPermSet, this.m_unrestricted, permListSet.m_unrestricted, true); m_state = m_state | permListSet.m_state; // The new list set is unrestricted only if both were previously. m_unrestricted = m_unrestricted && permListSet.m_unrestricted; } }
public PermissionListSet(PermissionListSet permListSet) { if (permListSet == null) { Reset(); return; } m_unrestrictedPermSet = new TokenBasedSet(permListSet.m_unrestrictedPermSet); // Now deep copy all permission lists in set. // Note that this DOES deep copy permissions in the list. for (int i = 0; i <= m_unrestrictedPermSet.GetMaxUsedIndex(); i++) { PermissionList plist = (PermissionList)m_unrestrictedPermSet.GetItem(i); if (plist != null) { m_unrestrictedPermSet.SetItem(i, plist.Copy()); } } m_normalPermSet = new TokenBasedSet(permListSet.m_normalPermSet); // Now deep copy all permission lists in set. // Note that this DOES deep copy permissions in the list. for (int i = 0; i <= m_normalPermSet.GetMaxUsedIndex(); i++) { PermissionList plist = (PermissionList)m_normalPermSet.GetItem(i); if (plist != null) { m_normalPermSet.SetItem(i, plist.Copy()); } } m_unrestricted = permListSet.m_unrestricted; m_state = permListSet.m_state; }
public void AppendStack(PermissionListSet permListSet) { if (permListSet == null) return; AppendStackHelper( this.m_normalPermSet, permListSet.m_normalPermSet, false, false, false ); if (((m_state & (PermissionListSetState.UnrestrictedAssert | PermissionListSetState.UnrestrictedDeny)) == 0)) { AppendStackHelper( this.m_unrestrictedPermSet, permListSet.m_unrestrictedPermSet, this.m_unrestricted, permListSet.m_unrestricted, true ); m_state = m_state | permListSet.m_state; // The new list set is unrestricted only if both were previously. m_unrestricted = m_unrestricted && permListSet.m_unrestricted; } }
// Returns true if it is necessary to continue compression, // or false if there is no value in continuing. public bool AppendPermissions(PermissionSet permSet, int type) { if (permSet == null) { // The null permission set has no meaning accept for the case of // PermitOnly and Checked where it will make all demands fail (except // demands for empty permissions). if (type == PermissionList.MatchChecked || type == PermissionList.MatchPermitOnly) { TerminateSet( type ); m_unrestricted = false; return false; } return true; } if (((m_state & (PermissionListSetState.UnrestrictedAssert | PermissionListSetState.UnrestrictedDeny)) == 0)) { if (permSet.IsUnrestricted()) { switch (type) { case PermissionList.MatchDeny: m_state |= PermissionListSetState.UnrestrictedDeny; m_unrestricted = false; TerminateSet( type ); break; case PermissionList.MatchAssert: m_state |= PermissionListSetState.UnrestrictedAssert; TerminateSet( type ); break; case PermissionList.MatchPermitOnly: case PermissionList.MatchChecked: break; default: throw new ArgumentException(Environment.GetResourceString("Argument_InvalidPermissionListType")); } } else { // Handle the "unrestricted" permissions. AppendTokenBasedSets( this.m_unrestrictedPermSet, permSet.m_unrestrictedPermSet, type, true ); if (type != PermissionList.MatchAssert && type != PermissionList.MatchDeny) m_unrestricted = false; } } // Handle the "normal" permissions AppendTokenBasedSets( this.m_normalPermSet, permSet.m_normalPermSet, type, false ); return true; }
private static bool CheckTokenBasedSets( TokenBasedSet thisSet, TokenBasedSet permSet, bool unrestricted, PermissionListSetState state, out Exception exception, bool bNeedAlteredSet, out TokenBasedSet alteredSet ) { alteredSet = null; // If the set is empty, there is no reason to walk the // stack. if (permSet == null || permSet.IsEmpty()) { if (bNeedAlteredSet) alteredSet = new TokenBasedSet( 1, 4 ); exception = null; return false; } int permMaxIndex = permSet.GetMaxUsedIndex(); // Make a quick check to see if permSet definitely contains permissions that this set doesn't if (permMaxIndex > thisSet.GetMaxUsedIndex()) { // The only way we don't want to throw an exception is // if we are unrestricted. Then, if we don't want to throw // an exception we may want to terminate the stack walk // based on an unrestricted assert. if (unrestricted) { if (((state & PermissionListSetState.UnrestrictedAssert) != 0)) { if (bNeedAlteredSet) alteredSet = new TokenBasedSet( 1, 4 ); exception = null; return false; } else { exception = null; return true; } } else { exception = new SecurityException(Environment.GetResourceString("Security_GenericNoType") ); return false; } } bool continueStackWalk = false; // We know that checking to <permMaxIndex> is sufficient because of above check for (int i = 0; i <= permMaxIndex; i++) { Object obj = permSet.GetItem(i); if (obj != null) { CodeAccessPermission cap = (CodeAccessPermission)obj; PermissionList permList = (PermissionList)thisSet.GetItem(i); if (permList != null) { bool tempContinue = permList.CheckDemandInternal(cap, out exception); if (exception != null) return false; if (tempContinue) { // If we are supposed to continue the stack walk but there is an unrestricted // deny, then we should fail. if (((state & PermissionListSetState.UnrestrictedDeny) != 0) && (cap is IUnrestrictedPermission)) { exception = new SecurityException(String.Format( Environment.GetResourceString("Security_Generic"), cap.GetType().AssemblyQualifiedName ) ); return false; } continueStackWalk = true; } else if (((state & PermissionListSetState.UnrestrictedAssert) == 0) && (cap is IUnrestrictedPermission)) { // We only want to build the altered set if we don't have an // unrestricted assert because we know if we have an unrestricted // assert and we don't throw an exception that the stackwalk should // include no unrestricted permissions. if (bNeedAlteredSet) { if (alteredSet == null) alteredSet = CopyTokenBasedSet( permSet ); alteredSet.SetItem( i, null ); } } } else { if (!unrestricted) { exception = new SecurityException(String.Format( Environment.GetResourceString("Security_Generic"), cap.GetType().AssemblyQualifiedName ) ); return false; } } } } exception = null; return continueStackWalk; }
// Reinitializes all state in PermissionSet. public void Reset() { if (m_unrestrictedPermSet == null) m_unrestrictedPermSet = new TokenBasedSet( 12, 4 ); else m_unrestrictedPermSet.Reset(); if (m_normalPermSet == null) m_normalPermSet = new TokenBasedSet( 6, 4 ); else m_normalPermSet.Reset(); // By default, the PermissionListSet is unrestricted. Why? // At the start, having nothing on the stack should indicate success. // Once the first non-unrestricted grant is appended to the set, // then the PermissionListSet will become non-unrestricted. m_unrestricted = true; m_state = PermissionListSetState.None; }
// Returns true if it is necessary to continue compression, // or false if there is no value in continuing. public bool AppendPermissions(PermissionSet permSet, int type) { if (permSet == null) { // The null permission set has no meaning accept for the case of // PermitOnly and Checked where it will make all demands fail (except // demands for empty permissions). if (type == PermissionList.MatchChecked || type == PermissionList.MatchPermitOnly) { TerminateSet(type); m_unrestricted = false; return(false); } return(true); } if (((m_state & (PermissionListSetState.UnrestrictedAssert | PermissionListSetState.UnrestrictedDeny)) == 0)) { if (permSet.IsUnrestricted()) { switch (type) { case PermissionList.MatchDeny: m_state |= PermissionListSetState.UnrestrictedDeny; m_unrestricted = false; TerminateSet(type); break; case PermissionList.MatchAssert: m_state |= PermissionListSetState.UnrestrictedAssert; TerminateSet(type); break; case PermissionList.MatchPermitOnly: case PermissionList.MatchChecked: break; default: throw new ArgumentException(Environment.GetResourceString("Argument_InvalidPermissionListType")); } } else { // Handle the "unrestricted" permissions. AppendTokenBasedSets(this.m_unrestrictedPermSet, permSet.m_unrestrictedPermSet, type, true); if (type != PermissionList.MatchAssert && type != PermissionList.MatchDeny) { m_unrestricted = false; } } } // Handle the "normal" permissions AppendTokenBasedSets(this.m_normalPermSet, permSet.m_normalPermSet, type, false); return(true); }
private static bool CheckTokenBasedSets(TokenBasedSet thisSet, TokenBasedSet permSet, bool unrestricted, PermissionListSetState state, bool createException, out Exception exception, bool bNeedAlteredSet, out TokenBasedSet alteredSet) { alteredSet = null; // If the set is empty, there is no reason to walk the // stack. if (permSet == null || permSet.FastIsEmpty()) { if (bNeedAlteredSet) { alteredSet = new TokenBasedSet(1, 4); } exception = null; return(false); } int permMaxIndex = permSet.GetMaxUsedIndex(); // Make a quick check to see if permSet definitely contains permissions that this set doesn't if (permMaxIndex > thisSet.GetMaxUsedIndex()) { // The only way we don't want to throw an exception is // if we are unrestricted. Then, if we don't want to throw // an exception we may want to terminate the stack walk // based on an unrestricted assert. if (unrestricted) { if (((state & PermissionListSetState.UnrestrictedAssert) != 0)) { if (bNeedAlteredSet) { alteredSet = new TokenBasedSet(1, 4); } exception = null; return(false); } else { exception = null; return(true); } } else { if (createException) { exception = new SecurityException(Environment.GetResourceString("Security_GenericNoType")); } else { exception = GetStaticException(); } return(false); } } bool continueStackWalk = false; // We know that checking to <permMaxIndex> is sufficient because of above check for (int i = 0; i <= permMaxIndex; i++) { Object obj = permSet.GetItem(i); if (obj != null) { CodeAccessPermission cap = (CodeAccessPermission)obj; PermissionList permList = (PermissionList)thisSet.GetItem(i); if (permList != null) { bool tempContinue = permList.CheckDemandInternal(cap, createException, out exception); if (exception != null) { return(false); } if (tempContinue) { // If we are supposed to continue the stack walk but there is an unrestricted // deny, then we should fail. if (((state & PermissionListSetState.UnrestrictedDeny) != 0) && (cap is IUnrestrictedPermission)) { if (createException) { exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), cap.GetType().AssemblyQualifiedName)); } else { exception = GetStaticException(); } return(false); } continueStackWalk = true; } else if (((state & PermissionListSetState.UnrestrictedAssert) == 0) && (cap is IUnrestrictedPermission)) { // We only want to build the altered set if we don't have an // unrestricted assert because we know if we have an unrestricted // assert and we don't throw an exception that the stackwalk should // include no unrestricted permissions. if (bNeedAlteredSet) { if (alteredSet == null) { alteredSet = CopyTokenBasedSet(permSet); } alteredSet.SetItem(i, null); } } } else { if (!unrestricted) { if (createException) { exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), cap.GetType().AssemblyQualifiedName)); } else { exception = GetStaticException(); } return(false); } } } } exception = null; return(continueStackWalk); }