internal TokenBasedSet(TokenBasedSet tbSet)
{
this.m_initSize = 0x18;
this.m_increment = 8;
if (tbSet == null)
{
this.Reset();
}
else
{
if (tbSet.m_cElt > 1)
{
object[] set = tbSet.m_Set;
int length = set.Length;
object[] destinationArray = new object[length];
Array.Copy(set, 0, destinationArray, 0, length);
this.m_Set = destinationArray;
}
else
{
this.m_Obj = tbSet.m_Obj;
}
this.m_cElt = tbSet.m_cElt;
this.m_maxIndex = tbSet.m_maxIndex;
}
}
public virtual bool IsSubsetOf(TokenBasedSet target)
{
if (target == null || target.FastIsEmpty())
{
return(this.IsEmpty());
}
else
{
int minIndex = this.m_maxIndex;
// An initial sign that this class has a Permission that the
// target doesn't have is if this has a greater Token index.
if (minIndex > target.m_maxIndex)
{
return(false);
}
for (int i = 0; i <= minIndex; i++)
{
IPermission permThis = (IPermission)this.m_objSet[i];
IPermission permTarg = (IPermission)target.m_objSet[i];
if (permThis == null)
{
continue;
}
else if (!permThis.IsSubsetOf(permTarg))
{
return(this.IsEmpty());
}
}
return(true);
}
}
internal TokenBasedSet(TokenBasedSet tbSet)
{
if (tbSet == null)
{
this.Reset();
}
else
{
if (tbSet.m_cElt > 1)
{
object[] objArray1 = tbSet.m_Set;
int length1 = objArray1.Length;
object[] objArray2 = new object[length1];
int sourceIndex = 0;
object[] objArray3 = objArray2;
int destinationIndex = 0;
int length2 = length1;
Array.Copy((Array)objArray1, sourceIndex, (Array)objArray3, destinationIndex, length2);
this.m_Set = objArray2;
}
else
{
this.m_Obj = tbSet.m_Obj;
}
this.m_cElt = tbSet.m_cElt;
this.m_maxIndex = tbSet.m_maxIndex;
}
}
internal TokenBasedSet(TokenBasedSet tbSet)
{
this.m_initSize = 0x18;
this.m_increment = 8;
if (tbSet == null)
{
this.Reset();
}
else
{
if (tbSet.m_cElt > 1)
{
object[] set = tbSet.m_Set;
int length = set.Length;
object[] destinationArray = new object[length];
Array.Copy(set, 0, destinationArray, 0, length);
this.m_Set = destinationArray;
}
else
{
this.m_Obj = tbSet.m_Obj;
}
this.m_cElt = tbSet.m_cElt;
this.m_maxIndex = tbSet.m_maxIndex;
}
}
internal TokenBasedSet(TokenBasedSet tbSet)
{
if (tbSet == null)
{
Reset();
return;
}
if (tbSet.m_cElt > 1)
{
Object[] aObj = tbSet.m_Set;
int aLen = aObj.Length;
Object[] aNew = new Object[aLen];
System.Array.Copy(aObj, 0, aNew, 0, aLen);
m_Set = aNew;
}
else
{
m_Obj = tbSet.m_Obj;
}
m_cElt = tbSet.m_cElt;
m_maxIndex = tbSet.m_maxIndex;
}
public virtual TokenBasedSet Intersect(TokenBasedSet other)
{
int size = (this.m_maxIndex < other.m_maxIndex) ? this.m_maxIndex : other.m_maxIndex;
TokenBasedSet set = new TokenBasedSet(size < 0 ? 0 : size, this.m_increment);
GenericIntersect(set, other);
return(set);
}
// Used to merge two distinct TokenBasedSets (used currently only in PermissionSet Deserialization)
internal TokenBasedSet SpecialUnion(TokenBasedSet other)
{
// This gets called from PermissionSet.OnDeserialized and it's possible that the TokenBasedSets have
// not been subjected to VTS callbacks yet
OnDeserializedInternal();
TokenBasedSet unionSet = new TokenBasedSet();
int maxMax;
if (other != null)
{
other.OnDeserializedInternal();
maxMax = this.GetMaxUsedIndex() > other.GetMaxUsedIndex() ? this.GetMaxUsedIndex() : other.GetMaxUsedIndex();
}
else
{
maxMax = this.GetMaxUsedIndex();
}
for (int i = 0; i <= maxMax; ++i)
{
Object thisObj = this.GetItem(i);
IPermission thisPerm = thisObj as IPermission;
Object otherObj = (other != null)?other.GetItem(i):null;
IPermission otherPerm = otherObj as IPermission;
if (thisObj == null && otherObj == null)
{
continue;
}
if (thisObj == null)
{
PermissionToken token = PermissionToken.GetToken(otherPerm);
if (token == null)
{
throw new SerializationException(Environment.GetResourceString("Serialization_InsufficientState"));
}
unionSet.SetItem(token.m_index, otherPerm);
}
else if (otherObj == null)
{
PermissionToken token = PermissionToken.GetToken(thisPerm);
if (token == null)
{
throw new SerializationException(Environment.GetResourceString("Serialization_InsufficientState"));
}
unionSet.SetItem(token.m_index, thisPerm);
}
else
{
Debug.Assert((thisObj == null || otherObj == null), "Permission cannot be in both TokenBasedSets");
}
}
return(unionSet);
}
internal TokenBasedSet SpecialUnion(TokenBasedSet other)
{
int maxUsedIndex;
this.OnDeserializedInternal();
TokenBasedSet set = new TokenBasedSet();
if (other != null)
{
other.OnDeserializedInternal();
maxUsedIndex = (this.GetMaxUsedIndex() > other.GetMaxUsedIndex()) ? this.GetMaxUsedIndex() : other.GetMaxUsedIndex();
}
else
{
maxUsedIndex = this.GetMaxUsedIndex();
}
for (int i = 0; i <= maxUsedIndex; i++)
{
object item = this.GetItem(i);
IPermission perm = item as IPermission;
ISecurityElementFactory factory = item as ISecurityElementFactory;
object obj3 = (other != null) ? other.GetItem(i) : null;
IPermission permission2 = obj3 as IPermission;
ISecurityElementFactory factory2 = obj3 as ISecurityElementFactory;
if ((item != null) || (obj3 != null))
{
if (item == null)
{
if (factory2 != null)
{
permission2 = PermissionSet.CreatePerm(factory2, false);
}
PermissionToken token = PermissionToken.GetToken(permission2);
if (token == null)
{
throw new SerializationException(Environment.GetResourceString("Serialization_InsufficientState"));
}
set.SetItem(token.m_index, permission2);
}
else if (obj3 == null)
{
if (factory != null)
{
perm = PermissionSet.CreatePerm(factory, false);
}
PermissionToken token2 = PermissionToken.GetToken(perm);
if (token2 == null)
{
throw new SerializationException(Environment.GetResourceString("Serialization_InsufficientState"));
}
set.SetItem(token2.m_index, perm);
}
}
}
return(set);
}
private void GenericIntersect(TokenBasedSet target, TokenBasedSet other)
{
// Note: Assumes target set is large enough and empty.
int thisMaxIndex = this.m_maxIndex;
int otherMaxIndex = other != null ? other.m_maxIndex : 0;
int minMaxIndex = thisMaxIndex < otherMaxIndex ? thisMaxIndex : otherMaxIndex;
// We want to save any exceptions that occur and throw them at the end.
Exception savedException = null;
for (int i = 0; i <= minMaxIndex; i++)
{
try
{
IPermission p1 = other != null ? (IPermission)other.m_objSet[i] : null;
IPermission p2 = (IPermission)this.m_objSet[i];
if (p1 != null && p2 != null)
{
target.SetItem(i, p1.Intersect(p2));
}
else
{
target.SetItem(i, null);
}
}
catch (Exception e)
{
if (savedException == null)
{
savedException = e;
}
// Remove the permission from the intersection set
target.SetItem(i, null);
}
}
if (minMaxIndex == otherMaxIndex)
{
for (int i = otherMaxIndex + 1; i <= target.m_maxIndex; ++i)
{
target.RemoveItem(i);
}
}
if (savedException != null)
{
throw savedException;
}
}
public TokenBasedSet(TokenBasedSet tbSet)
{
if (tbSet == null)
{
Reset(DefaultSize, DefaultIncrement);
return;
}
m_objSet = new Object[tbSet.m_objSet.Length];
System.Array.Copy(tbSet.m_objSet, 0, m_objSet, 0, tbSet.m_objSet.Length);
m_cElt = tbSet.m_cElt;
m_initSize = tbSet.m_initSize;
m_increment = tbSet.m_increment;
m_maxIndex = tbSet.m_maxIndex;
}
public TokenBasedSet(TokenBasedSet tbSet)
{
if (tbSet == null)
{
Reset(DefaultSize, DefaultIncrement);
return;
}
m_objSet = new Object[tbSet.m_objSet.Length];
System.Array.Copy(tbSet.m_objSet, 0, m_objSet, 0, tbSet.m_objSet.Length);
m_cElt = tbSet.m_cElt;
m_initSize = tbSet.m_initSize;
m_increment = tbSet.m_increment;
m_maxIndex = tbSet.m_maxIndex;
}
internal virtual void MergeDeniedSet(TokenBasedSet denied)
{
if (denied == null)
{
return;
}
int minMaxIndex;
if (this.m_maxIndex < denied.m_maxIndex)
{
minMaxIndex = this.m_maxIndex;
for (int i = this.m_maxIndex + 1; i <= denied.m_maxIndex; ++i)
{
denied.RemoveItem(i);
}
}
else
{
minMaxIndex = denied.m_maxIndex;
}
IPermission p1;
IPermission p2;
for (int i = 0; i <= minMaxIndex; i++)
{
p1 = (IPermission)this.GetItem(i);
p2 = (IPermission)denied.GetItem(i);
if (p1 != null)
{
if (p2 != null && p1.IsSubsetOf(p2))
{
// If the permission appears in both sets, we can remove it from both
// (i.e. now it's not granted instead of being denied)
this.RemoveItem(i);
denied.RemoveItem(i);
}
}
else if (p2 != null)
{
// If we tried to deny it and it wasn't granted, just remove it from the denied set.
denied.RemoveItem(i);
}
}
}
public virtual TokenBasedSet Union(TokenBasedSet other)
{
int size;
if (other != null)
{
size = (this.m_maxIndex > other.m_maxIndex) ? this.m_maxIndex : other.m_maxIndex;
}
else
{
size = this.m_maxIndex;
}
TokenBasedSet set = new TokenBasedSet(size < 0 ? 0 : size, this.m_increment);
this.GenericUnion(set, other, true);
return(set);
}
internal void SpecialSplit(ref TokenBasedSet unrestrictedPermSet, ref TokenBasedSet normalPermSet, bool ignoreTypeLoadFailures)
{
int maxIndex = GetMaxUsedIndex();
for (int i = GetStartingIndex(); i <= maxIndex; ++i)
{
Object obj = GetItem(i);
if (obj != null)
{
IPermission perm = obj as IPermission;
#if FEATURE_CAS_POLICY
if (perm == null)
{
perm = PermissionSet.CreatePerm(obj, ignoreTypeLoadFailures);
}
#endif // FEATURE_CAS_POLICY
PermissionToken token = PermissionToken.GetToken(perm);
if (perm == null || token == null)
{
continue;
}
if (perm is IUnrestrictedPermission)
{
// Add to unrestrictedPermSet
if (unrestrictedPermSet == null)
{
unrestrictedPermSet = new TokenBasedSet();
}
unrestrictedPermSet.SetItem(token.m_index, perm);
}
else
{
// Add to normalPermSet
if (normalPermSet == null)
{
normalPermSet = new TokenBasedSet();
}
normalPermSet.SetItem(token.m_index, perm);
}
}
}
}
// Token: 0x06002B47 RID: 11079 RVA: 0x000A0FDC File Offset: 0x0009F1DC
internal TokenBasedSet(TokenBasedSet tbSet)
{
if (tbSet == null)
{
this.Reset();
return;
}
if (tbSet.m_cElt > 1)
{
object[] set = tbSet.m_Set;
int num = set.Length;
object[] array = new object[num];
Array.Copy(set, 0, array, 0, num);
this.m_Set = array;
}
else
{
this.m_Obj = tbSet.m_Obj;
}
this.m_cElt = tbSet.m_cElt;
this.m_maxIndex = tbSet.m_maxIndex;
}
// Token: 0x06002B52 RID: 11090 RVA: 0x000A147C File Offset: 0x0009F67C
internal void SpecialSplit(ref TokenBasedSet unrestrictedPermSet, ref TokenBasedSet normalPermSet, bool ignoreTypeLoadFailures)
{
int maxUsedIndex = this.GetMaxUsedIndex();
for (int i = this.GetStartingIndex(); i <= maxUsedIndex; i++)
{
object item = this.GetItem(i);
if (item != null)
{
IPermission permission = item as IPermission;
if (permission == null)
{
permission = PermissionSet.CreatePerm(item, ignoreTypeLoadFailures);
}
PermissionToken token = PermissionToken.GetToken(permission);
if (permission != null && token != null)
{
if (permission is IUnrestrictedPermission)
{
if (unrestrictedPermSet == null)
{
unrestrictedPermSet = new TokenBasedSet();
}
unrestrictedPermSet.SetItem(token.m_index, permission);
}
else
{
if (normalPermSet == null)
{
normalPermSet = new TokenBasedSet();
}
normalPermSet.SetItem(token.m_index, permission);
}
}
}
}
}
internal TokenBasedSet(TokenBasedSet tbSet)
{
if (tbSet == null)
{
Reset();
return;
}
if (tbSet.m_cElt > 1)
{
Object[] aObj = tbSet.m_Set;
int aLen = aObj.Length;
Object[] aNew = new Object[aLen];
System.Array.Copy(aObj, 0, aNew, 0, aLen);
m_Set = aNew;
}
else
{
m_Obj = tbSet.m_Obj;
}
m_cElt = tbSet.m_cElt;
m_maxIndex = tbSet.m_maxIndex;
}
internal void CheckSet()
{
if (this.m_permSet == null)
this.m_permSet = new TokenBasedSet();
}
public PermissionSet(PermissionSet permSet)
: this()
{
if (permSet == null)
{
Reset();
return;
}
m_Unrestricted = permSet.m_Unrestricted;
m_CheckedForNonCas = permSet.m_CheckedForNonCas;
m_ContainsCas = permSet.m_ContainsCas;
m_ContainsNonCas = permSet.m_ContainsNonCas;
m_ignoreTypeLoadFailures = permSet.m_ignoreTypeLoadFailures;
if (permSet.m_permSet != null)
{
m_permSet = new TokenBasedSet(permSet.m_permSet);
// now deep copy all permissions in set
for (int i = m_permSet.GetStartingIndex(); i <= m_permSet.GetMaxUsedIndex(); i++)
{
Object obj = m_permSet.GetItem(i);
IPermission perm = obj as IPermission;
#if FEATURE_CAS_POLICY
ISecurityElementFactory elem = obj as ISecurityElementFactory;
#endif // FEATURE_CAS_POLICY
if (perm != null)
{
m_permSet.SetItem(i, perm.Copy());
}
#if FEATURE_CAS_POLICY
else if (elem != null)
{
m_permSet.SetItem(i, elem.Copy());
}
#endif // FEATURE_CAS_POLICY
}
}
}
internal virtual void FromXml( SecurityElement et, bool allowInternalOnly, bool ignoreTypeLoadFailures )
{
if (et == null)
throw new ArgumentNullException("et");
if (!et.Tag.Equals(s_str_PermissionSet))
throw new ArgumentException(String.Format( null, Environment.GetResourceString( "Argument_InvalidXMLElement" ), "PermissionSet", this.GetType().FullName) );
Contract.EndContractBlock();
Reset();
m_ignoreTypeLoadFailures = ignoreTypeLoadFailures;
m_allPermissionsDecoded = false;
m_Unrestricted = XMLUtil.IsUnrestricted( et );
if (et.InternalChildren != null)
{
int childCount = et.InternalChildren.Count;
for (int i = 0; i < childCount; ++i)
{
SecurityElement elem = (SecurityElement)et.Children[i];
if (IsPermissionTag( elem.Tag, allowInternalOnly ))
{
String className = elem.Attribute( "class" );
PermissionToken token;
Object objectToInsert;
if (className != null)
{
token = PermissionToken.GetToken( className );
if (token == null)
{
objectToInsert = CreatePerm( elem );
#if _DEBUG
PermissionToken tokenDebug = PermissionToken.GetToken( (IPermission)objectToInsert );
Contract.Assert( tokenDebug != null && (tokenDebug.m_type & PermissionTokenType.BuiltIn) != 0, "This should only be called for built-ins" );
#endif
if (objectToInsert != null)
{
Contract.Assert( objectToInsert.GetType().Module.Assembly == System.Reflection.Assembly.GetExecutingAssembly(),
"PermissionToken.GetToken returned null for non-mscorlib permission" );
token = PermissionToken.GetToken( (IPermission)objectToInsert );
Contract.Assert( (token.m_type & PermissionTokenType.DontKnow) == 0, "We should always know the permission type when getting a token from an instance" );
}
}
else
{
objectToInsert = elem;
}
}
else
{
IPermission ip = CreatePerm( elem );
if (ip == null)
{
token = null;
objectToInsert = null;
}
else
{
token = PermissionToken.GetToken( ip );
Contract.Assert( PermissionToken.IsTokenProperlyAssigned( ip, token ),
"PermissionToken was improperly assigned" );
objectToInsert = ip;
}
}
if (token != null && objectToInsert != null)
{
if (m_permSet == null)
m_permSet = new TokenBasedSet();
if (this.m_permSet.GetItem( token.m_index ) != null)
{
// If there is already something in that slot, let's union them
// together.
IPermission permInSlot;
if (this.m_permSet.GetItem( token.m_index ) is IPermission)
permInSlot = (IPermission)this.m_permSet.GetItem( token.m_index );
else
permInSlot = CreatePerm( (SecurityElement)this.m_permSet.GetItem( token.m_index ) );
if (objectToInsert is IPermission)
objectToInsert = ((IPermission)objectToInsert).Union( permInSlot );
else
objectToInsert = CreatePerm( (SecurityElement)objectToInsert ).Union( permInSlot );
}
if(m_Unrestricted && objectToInsert is IPermission)
objectToInsert = null;
this.m_permSet.SetItem( token.m_index, objectToInsert );
}
}
}
}
}
private void OnSerialized(StreamingContext context)
{
#if FEATURE_REMOTING
if ((context.State & ~(StreamingContextStates.Clone|StreamingContextStates.CrossAppDomain)) != 0)
{
m_serializedPermissionSet = null;
m_permSet = m_permSetSaved;
m_permSetSaved = null;
m_unrestrictedPermSet = null;
m_normalPermSet = null;
}
#else // !FEATURE_REMOTING
Contract.Assert(false, "PermissionSet does not support serialization on CoreCLR");
#endif // !FEATURE_REMOTING
}
// Reinitializes all state in PermissionSet.
public void Reset()
{
if (m_unrestrictedPermSet == null)
m_unrestrictedPermSet = new TokenBasedSet( 12, 4 );
else
m_unrestrictedPermSet.Reset();
if (m_normalPermSet == null)
m_normalPermSet = new TokenBasedSet( 6, 4 );
else
m_normalPermSet.Reset();
// By default, the PermissionListSet is unrestricted. Why?
// At the start, having nothing on the stack should indicate success.
// Once the first non-unrestricted grant is appended to the set,
// then the PermissionListSet will become non-unrestricted.
m_unrestricted = true;
m_state = PermissionListSetState.None;
}
internal virtual void FromXml(SecurityDocument doc, int position, bool allowInternalOnly)
{
if (doc == null)
{
throw new ArgumentNullException("doc");
}
if (!doc.GetTagForElement(position).Equals("PermissionSet"))
{
throw new ArgumentException(string.Format(null, Environment.GetResourceString("Argument_InvalidXMLElement"), new object[] { "PermissionSet", base.GetType().FullName }));
}
this.Reset();
this.m_allPermissionsDecoded = false;
Exception exception = null;
string attributeForElement = doc.GetAttributeForElement(position, "Unrestricted");
if (attributeForElement != null)
{
this.m_Unrestricted = (attributeForElement.Equals("True") || attributeForElement.Equals("true")) || attributeForElement.Equals("TRUE");
}
else
{
this.m_Unrestricted = false;
}
ArrayList childrenPositionForElement = doc.GetChildrenPositionForElement(position);
int count = childrenPositionForElement.Count;
for (int i = 0; i < count; i++)
{
int num3 = (int) childrenPositionForElement[i];
if (IsPermissionTag(doc.GetTagForElement(num3), allowInternalOnly))
{
try
{
PermissionToken token;
object obj2;
string typeStr = doc.GetAttributeForElement(num3, "class");
if (typeStr != null)
{
token = PermissionToken.GetToken(typeStr);
if (token == null)
{
obj2 = this.CreatePerm(doc.GetElement(num3, true));
if (obj2 != null)
{
token = PermissionToken.GetToken((IPermission) obj2);
}
}
else
{
obj2 = ((ISecurityElementFactory) new SecurityDocumentElement(doc, num3)).CreateSecurityElement();
}
}
else
{
IPermission perm = this.CreatePerm(doc.GetElement(num3, true));
if (perm == null)
{
token = null;
obj2 = null;
}
else
{
token = PermissionToken.GetToken(perm);
obj2 = perm;
}
}
if ((token != null) && (obj2 != null))
{
if (this.m_permSet == null)
{
this.m_permSet = new TokenBasedSet();
}
IPermission item = null;
if (this.m_permSet.GetItem(token.m_index) != null)
{
if (this.m_permSet.GetItem(token.m_index) is IPermission)
{
item = (IPermission) this.m_permSet.GetItem(token.m_index);
}
else
{
item = this.CreatePerm(this.m_permSet.GetItem(token.m_index));
}
}
if (item != null)
{
if (obj2 is IPermission)
{
obj2 = item.Union((IPermission) obj2);
}
else
{
obj2 = item.Union(this.CreatePerm(obj2));
}
}
if (this.m_Unrestricted && (obj2 is IPermission))
{
obj2 = null;
}
this.m_permSet.SetItem(token.m_index, obj2);
}
}
catch (Exception exception2)
{
if (exception == null)
{
exception = exception2;
}
}
}
}
if (exception != null)
{
throw exception;
}
}
public virtual void InplaceUnion(TokenBasedSet other)
{
GenericUnion(this, other, false);
}
private void GenericUnion(TokenBasedSet target, TokenBasedSet other, bool needToCopy)
{
// Note: Assumes target set is large enough and empty.
// Get the max indicies
int thisMaxIndex = this.m_maxIndex;
int otherMaxIndex = other != null ? other.m_maxIndex : 0;
int minMaxUsedIndex;
int maxMaxUsedIndex;
TokenBasedSet biggerSet;
// We want to save any exceptions that occur and throw them at the end.
Exception savedException = null;
if (thisMaxIndex < otherMaxIndex)
{
minMaxUsedIndex = thisMaxIndex;
maxMaxUsedIndex = otherMaxIndex;
biggerSet = other;
}
else
{
minMaxUsedIndex = otherMaxIndex;
maxMaxUsedIndex = thisMaxIndex;
biggerSet = this;
}
IPermission p1;
IPermission p2;
int i;
for (i = 0; i <= minMaxUsedIndex; ++i)
{
try
{
p2 = other != null ? (IPermission)other.m_objSet[i] : null;
p1 = (IPermission)this.m_objSet[i];
if (p2 != null)
{
// we only need to do something is the other set has something in this slot
if (p1 == null)
{
// nothing in this set, so insert a copy.
if (needToCopy)
{
target.SetItem(i, p2.Copy());
}
else
{
target.SetItem(i, p2);
}
}
else
{
// both have it, so replace this's with the union.
target.SetItem(i, p1.Union(p2));
}
}
else if (needToCopy)
{
if (p1 != null)
{
target.SetItem(i, p1.Copy());
}
else
{
target.SetItem(i, null);
}
}
else
{
target.SetItem(i, p1);
}
}
catch (Exception e)
{
if (savedException == null)
{
savedException = e;
}
}
}
for (i = minMaxUsedIndex + 1; i <= maxMaxUsedIndex; ++i)
{
try
{
if (needToCopy && biggerSet.m_objSet[i] != null)
{
target.SetItem(i, ((IPermission)biggerSet.m_objSet[i]).Copy());
}
else
{
target.SetItem(i, biggerSet.m_objSet[i]);
}
}
catch (Exception e)
{
if (savedException == null)
{
savedException = e;
}
}
}
if (savedException != null)
{
throw savedException;
}
}
internal void SpecialSplit(ref TokenBasedSet unrestrictedPermSet, ref TokenBasedSet normalPermSet, bool ignoreTypeLoadFailures)
{
int maxIndex = GetMaxUsedIndex();
for (int i = GetStartingIndex(); i <= maxIndex; ++i)
{
Object obj = GetItem( i );
if (obj != null)
{
IPermission perm = obj as IPermission;
#if FEATURE_CAS_POLICY
if (perm == null)
perm = PermissionSet.CreatePerm(obj, ignoreTypeLoadFailures);
#endif // FEATURE_CAS_POLICY
PermissionToken token = PermissionToken.GetToken(perm);
if (perm == null || token == null)
continue;
if (perm is IUnrestrictedPermission)
{
// Add to unrestrictedPermSet
if (unrestrictedPermSet == null)
unrestrictedPermSet = new TokenBasedSet();
unrestrictedPermSet.SetItem(token.m_index, perm);
}
else
{
// Add to normalPermSet
if (normalPermSet == null)
normalPermSet = new TokenBasedSet();
normalPermSet.SetItem(token.m_index, perm);
}
}
}
}
public TokenBasedSetEnumerator(TokenBasedSet tb)
{
Index = -1;
Current = null;
_tb = tb;
}
public PermissionSet(PermissionSet permSet) : this()
{
if (permSet == null)
{
this.Reset();
}
else
{
this.m_Unrestricted = permSet.m_Unrestricted;
this.m_CheckedForNonCas = permSet.m_CheckedForNonCas;
this.m_ContainsCas = permSet.m_ContainsCas;
this.m_ContainsNonCas = permSet.m_ContainsNonCas;
this.m_ignoreTypeLoadFailures = permSet.m_ignoreTypeLoadFailures;
if (permSet.m_permSet != null)
{
this.m_permSet = new TokenBasedSet(permSet.m_permSet);
for (int i = this.m_permSet.GetStartingIndex(); i <= this.m_permSet.GetMaxUsedIndex(); i++)
{
object item = this.m_permSet.GetItem(i);
IPermission permission = item as IPermission;
ISecurityElementFactory factory = item as ISecurityElementFactory;
if (permission != null)
{
this.m_permSet.SetItem(i, permission.Copy());
}
else if (factory != null)
{
this.m_permSet.SetItem(i, factory.Copy());
}
}
}
}
}
public bool CheckSetDemandInternal(PermissionSet permSet, out Exception exception, bool bNeedAlteredSet, out PermissionSet alteredSet)
{
alteredSet = null;
BCLDebug.Assert(permSet != null, "permSet != null");
// If the compressed stack is not unrestricted and the demand is
// then we just throw an exception.
if (!this.m_unrestricted && permSet.IsUnrestricted())
{
exception = new SecurityException(Environment.GetResourceString("Security_GenericNoType") );
return false;
}
TokenBasedSet normalAlteredSet = null;
TokenBasedSet unrestrictedAlteredSet = null;
// Check the "normal" permissions since we always know we have to check them.
bool normalContinue = CheckTokenBasedSets( this.m_normalPermSet, permSet.m_normalPermSet, false, PermissionListSetState.None, out exception, bNeedAlteredSet, out normalAlteredSet );
if (exception != null)
{
return false;
}
bool unrestrictedContinue = CheckTokenBasedSets( this.m_unrestrictedPermSet, permSet.m_unrestrictedPermSet, m_unrestricted, m_state, out exception, bNeedAlteredSet, out unrestrictedAlteredSet );
if (exception != null)
{
return false;
}
if ((m_state & PermissionListSetState.UnrestrictedAssert) != 0)
{
// If we are unrestricted, we want to terminate the stack walk based
// on us having an unrestricted assert.
if (bNeedAlteredSet)
unrestrictedAlteredSet = new TokenBasedSet( 1, 4 );
unrestrictedContinue = false;
}
if (normalContinue || unrestrictedContinue)
{
if (!bNeedAlteredSet)
return true;
// If we need to continue, let's build the altered set. We only
// need to do this if 1) our original demand is not unrestricted
// and 2) if we have altered token based sets.
if (!permSet.IsUnrestricted())
{
if (normalAlteredSet != null || unrestrictedAlteredSet != null)
{
alteredSet = new PermissionSet( false );
if (normalAlteredSet != null)
alteredSet.m_normalPermSet = normalAlteredSet;
else
alteredSet.m_normalPermSet = CopyTokenBasedSet( permSet.m_normalPermSet );
if (unrestrictedAlteredSet != null)
alteredSet.m_unrestrictedPermSet = unrestrictedAlteredSet;
else
alteredSet.m_unrestrictedPermSet = CopyTokenBasedSet( permSet.m_unrestrictedPermSet );
if (alteredSet.IsEmpty())
return false;
}
}
return true;
}
else
{
return false;
}
}
internal virtual void FromXml(SecurityElement et, bool allowInternalOnly, bool ignoreTypeLoadFailures)
{
if (et == null)
{
throw new ArgumentNullException("et");
}
if (!et.Tag.Equals("PermissionSet"))
{
throw new ArgumentException(string.Format(null, Environment.GetResourceString("Argument_InvalidXMLElement"), new object[] { "PermissionSet", base.GetType().FullName }));
}
this.Reset();
this.m_ignoreTypeLoadFailures = ignoreTypeLoadFailures;
this.m_allPermissionsDecoded = false;
this.m_Unrestricted = XMLUtil.IsUnrestricted(et);
if (et.InternalChildren != null)
{
int count = et.InternalChildren.Count;
for (int i = 0; i < count; i++)
{
SecurityElement element = (SecurityElement) et.Children[i];
if (IsPermissionTag(element.Tag, allowInternalOnly))
{
PermissionToken token;
object obj2;
string typeStr = element.Attribute("class");
if (typeStr != null)
{
token = PermissionToken.GetToken(typeStr);
if (token == null)
{
obj2 = this.CreatePerm(element);
if (obj2 != null)
{
token = PermissionToken.GetToken((IPermission) obj2);
}
}
else
{
obj2 = element;
}
}
else
{
IPermission perm = this.CreatePerm(element);
if (perm == null)
{
token = null;
obj2 = null;
}
else
{
token = PermissionToken.GetToken(perm);
obj2 = perm;
}
}
if ((token != null) && (obj2 != null))
{
if (this.m_permSet == null)
{
this.m_permSet = new TokenBasedSet();
}
if (this.m_permSet.GetItem(token.m_index) != null)
{
IPermission item;
if (this.m_permSet.GetItem(token.m_index) is IPermission)
{
item = (IPermission) this.m_permSet.GetItem(token.m_index);
}
else
{
item = this.CreatePerm((SecurityElement) this.m_permSet.GetItem(token.m_index));
}
if (obj2 is IPermission)
{
obj2 = ((IPermission) obj2).Union(item);
}
else
{
obj2 = this.CreatePerm((SecurityElement) obj2).Union(item);
}
}
if (this.m_Unrestricted && (obj2 is IPermission))
{
obj2 = null;
}
this.m_permSet.SetItem(token.m_index, obj2);
}
}
}
}
}
private void OnSerializing(StreamingContext ctx)
{
if ((ctx.State & ~(StreamingContextStates.Clone|StreamingContextStates.CrossAppDomain)) != 0)
{
m_serializedPermissionSet = ToString(); // For v2.x and beyond
if (m_permSet != null)
m_permSet.SpecialSplit(ref m_unrestrictedPermSet, ref m_normalPermSet, m_ignoreTypeLoadFailures);
m_permSetSaved = m_permSet;
m_permSet = null;
}
}
public TokenBasedSetEnumerator(TokenBasedSet tb)
{
Index = -1;
Current = null;
_tb = tb;
}
private void NormalizePermissionSet()
{
// This function guarantees that all the permissions are placed at
// the proper index within the token based sets. This becomes necessary
// since these indices are dynamically allocated based on usage order.
PermissionSet permSetTemp = new PermissionSet(false);
permSetTemp.m_Unrestricted = this.m_Unrestricted;
// Move all the normal permissions to the new permission set
if (this.m_permSet != null)
{
for (int i = m_permSet.GetStartingIndex(); i <= this.m_permSet.GetMaxUsedIndex(); ++i)
{
Object obj = this.m_permSet.GetItem(i);
IPermission perm = obj as IPermission;
#if FEATURE_CAS_POLICY
ISecurityElementFactory elem = obj as ISecurityElementFactory;
if (elem != null)
perm = CreatePerm( elem );
#endif // FEATURE_CAS_POLICY
if (perm != null)
permSetTemp.SetPermission( perm );
}
}
this.m_permSet = permSetTemp.m_permSet;
}
public TokenBasedSetEnumerator(TokenBasedSet set)
{
SetData(set);
}
internal virtual void FromXml( SecurityDocument doc, int position, bool allowInternalOnly )
{
if (doc == null)
throw new ArgumentNullException("doc");
Contract.EndContractBlock();
if (!doc.GetTagForElement( position ).Equals(s_str_PermissionSet))
throw new ArgumentException(String.Format( null, Environment.GetResourceString( "Argument_InvalidXMLElement" ), "PermissionSet", this.GetType().FullName) );
Reset();
m_allPermissionsDecoded = false;
Exception savedException = null;
String strUnrestricted = doc.GetAttributeForElement( position, "Unrestricted" );
if (strUnrestricted != null)
m_Unrestricted = strUnrestricted.Equals( "True" ) || strUnrestricted.Equals( "true" ) || strUnrestricted.Equals( "TRUE" );
else
m_Unrestricted = false;
ArrayList childrenIndices = doc.GetChildrenPositionForElement( position );
int childCount = childrenIndices.Count;
for (int i = 0; i < childCount; ++i)
{
int childIndex = (int)childrenIndices[i];
if (IsPermissionTag( doc.GetTagForElement( childIndex ), allowInternalOnly ))
{
try
{
String className = doc.GetAttributeForElement( childIndex, "class" );
PermissionToken token;
Object objectToInsert;
if (className != null)
{
token = PermissionToken.GetToken( className );
if (token == null)
{
objectToInsert = CreatePerm( doc.GetElement( childIndex, true ) );
if (objectToInsert != null)
{
#if _DEBUG
PermissionToken tokenDebug = PermissionToken.GetToken( (IPermission)objectToInsert );
Contract.Assert((tokenDebug != null), "PermissionToken.GetToken returned null ");
Contract.Assert( (tokenDebug.m_type & PermissionTokenType.BuiltIn) != 0, "This should only be called for built-ins" );
#endif
Contract.Assert( objectToInsert.GetType().Module.Assembly == System.Reflection.Assembly.GetExecutingAssembly(),
"PermissionToken.GetToken returned null for non-mscorlib permission" );
token = PermissionToken.GetToken( (IPermission)objectToInsert );
Contract.Assert((token != null), "PermissionToken.GetToken returned null ");
Contract.Assert( (token.m_type & PermissionTokenType.DontKnow) == 0, "We should always know the permission type when getting a token from an instance" );
}
}
else
{
objectToInsert = ((ISecurityElementFactory)new SecurityDocumentElement(doc, childIndex)).CreateSecurityElement();
}
}
else
{
IPermission ip = CreatePerm( doc.GetElement( childIndex, true ) );
if (ip == null)
{
token = null;
objectToInsert = null;
}
else
{
token = PermissionToken.GetToken( ip );
Contract.Assert( PermissionToken.IsTokenProperlyAssigned( ip, token ),
"PermissionToken was improperly assigned" );
objectToInsert = ip;
}
}
if (token != null && objectToInsert != null)
{
if (m_permSet == null)
m_permSet = new TokenBasedSet();
IPermission permInSlot = null;
if (this.m_permSet.GetItem( token.m_index ) != null)
{
// If there is already something in that slot, let's union them
// together.
if (this.m_permSet.GetItem( token.m_index ) is IPermission)
permInSlot = (IPermission)this.m_permSet.GetItem( token.m_index );
else
permInSlot = CreatePerm( this.m_permSet.GetItem( token.m_index ) );
}
if (permInSlot != null)
{
if (objectToInsert is IPermission)
objectToInsert = permInSlot.Union((IPermission)objectToInsert);
else
objectToInsert = permInSlot.Union(CreatePerm( objectToInsert ));
}
if(m_Unrestricted && objectToInsert is IPermission)
objectToInsert = null;
this.m_permSet.SetItem( token.m_index, objectToInsert );
}
}
catch (Exception e)
{
#if _DEBUG
if (debug)
DEBUG_WRITE( "error while decoding permission set =\n" + e.ToString() );
#endif
if (savedException == null)
savedException = e;
}
}
}
if (savedException != null)
throw savedException;
}
protected void SetData(TokenBasedSet set)
{
m_set = set;
m_currentIndex = -1;
}
// Reinitializes all state in PermissionSet - DO NOT null-out m_serializedPermissionSet
internal void Reset()
{
m_Unrestricted = false;
m_allPermissionsDecoded = true;
m_permSet = null;
m_ignoreTypeLoadFailures = false;
m_CheckedForNonCas = false;
m_ContainsCas = false;
m_ContainsNonCas = false;
m_permSetSaved = null;
}
public TokenBasedSetEnumerator(TokenBasedSet tb)
{
this.Index = -1;
this.Current = null;
this._tb = tb;
}
// Make this internal soon.
internal void SetUnrestricted(bool unrestricted)
{
m_Unrestricted = unrestricted;
if (unrestricted)
{
// if this is to be an unrestricted permset, null the m_permSet member
m_permSet = null;
}
}
private void AppendTokenBasedSets( TokenBasedSet thisSet, TokenBasedSet permSet, int type, bool unrestricted )
{
int thisMaxIndex = thisSet.GetMaxUsedIndex();
int permMaxIndex = permSet == null ? 0 : permSet.GetMaxUsedIndex();
int maxIndex = thisMaxIndex > permMaxIndex ? thisMaxIndex : permMaxIndex;
// Loop over the relevant indexes...
for (int i = 0; i <= maxIndex; i++)
{
PermissionList plist = (PermissionList)thisSet.GetItem(i);
CodeAccessPermission cap = permSet == null ? null : (CodeAccessPermission)permSet.GetItem(i);
if (plist == null)
{
if (this.m_unrestricted)
{
switch (type)
{
case PermissionList.MatchChecked:
case PermissionList.MatchPermitOnly:
plist = new PermissionList();
plist.AppendPermission(cap, type);
thisSet.SetItem( i, plist );
break;
case PermissionList.MatchDeny:
case PermissionList.MatchAssert:
if (cap != null)
{
plist = new PermissionList();
plist.AppendPermission(cap, type);
thisSet.SetItem( i, plist );
}
break;
default:
throw new ArgumentException(Environment.GetResourceString( "Argument_InvalidPermissionListType" ));
}
}
}
else
{
// A list already exists. All lists should have at least
// one element in them.
// Normally, only append if the permission is not null.
// However, if the type is Checked, then make sure the
// list is terminated with a permission, null or not.
switch (type)
{
case PermissionList.MatchChecked:
case PermissionList.MatchPermitOnly:
plist.AppendPermissionAndCompress(cap, type);
break;
case PermissionList.MatchDeny:
case PermissionList.MatchAssert:
if (cap != null)
plist.AppendPermissionAndCompress(cap, type);
break;
default:
throw new ArgumentException(Environment.GetResourceString( "Argument_InvalidPermissionListType" ));
}
}
}
}
// Used to merge two distinct TokenBasedSets (used currently only in PermissionSet Deserialization)
internal TokenBasedSet SpecialUnion(TokenBasedSet other)
{
// This gets called from PermissionSet.OnDeserialized and it's possible that the TokenBasedSets have
// not been subjected to VTS callbacks yet
OnDeserializedInternal();
TokenBasedSet unionSet = new TokenBasedSet();
int maxMax;
if (other != null)
{
other.OnDeserializedInternal();
maxMax = this.GetMaxUsedIndex() > other.GetMaxUsedIndex() ? this.GetMaxUsedIndex() : other.GetMaxUsedIndex();
}
else
maxMax = this.GetMaxUsedIndex();
for (int i = 0; i <= maxMax; ++i)
{
Object thisObj = this.GetItem( i );
IPermission thisPerm = thisObj as IPermission;
#if FEATURE_CAS_POLICY
ISecurityElementFactory thisElem = thisObj as ISecurityElementFactory;
#endif // FEATURE_CAS_POLICY
Object otherObj = (other != null)?other.GetItem( i ):null;
IPermission otherPerm = otherObj as IPermission;
#if FEATURE_CAS_POLICY
ISecurityElementFactory otherElem = otherObj as ISecurityElementFactory;
#endif // FEATURE_CAS_POLICY
if (thisObj == null && otherObj == null)
continue;
if (thisObj == null)
{
#if FEATURE_CAS_POLICY
if (otherElem != null)
{
otherPerm = PermissionSet.CreatePerm(otherElem, false);
}
#endif // FEATURE_CAS_POLICY
PermissionToken token = PermissionToken.GetToken(otherPerm);
if (token == null)
{
throw new SerializationException(Environment.GetResourceString("Serialization_InsufficientState"));
}
unionSet.SetItem(token.m_index, otherPerm);
}
else if (otherObj == null)
{
#if FEATURE_CAS_POLICY
if (thisElem != null)
{
thisPerm = PermissionSet.CreatePerm(thisElem, false);
}
#endif // FEATURE_CAS_POLICY
PermissionToken token = PermissionToken.GetToken(thisPerm);
if (token == null)
{
throw new SerializationException(Environment.GetResourceString("Serialization_InsufficientState"));
}
unionSet.SetItem( token.m_index, thisPerm);
}
else
{
Contract.Assert( (thisObj == null || otherObj == null), "Permission cannot be in both TokenBasedSets" );
}
}
return unionSet;
}
public TokenBasedSetEnumerator(TokenBasedSet set)
{
SetData(set);
}
private static void CheckTokenBasedSetHelper( bool ignoreGrants,
TokenBasedSet grants,
TokenBasedSet denied,
TokenBasedSet demands )
{
if (demands == null)
return;
TokenBasedSetEnumerator enumerator = (TokenBasedSetEnumerator)demands.GetEnum();
while (enumerator.MoveNext())
{
CodeAccessPermission demand = (CodeAccessPermission)enumerator.Current;
int index = enumerator.GetCurrentIndex();
if (demand != null)
{
try
{
// Check to make sure the permission was granted, unless we are supposed
// to ignore grants.
if (!ignoreGrants)
{
CodeAccessPermission grant
= grants != null ? (CodeAccessPermission)grants.GetItem(index) : null;
if (grant != null)
{
grant.CheckDemand(demand);
}
else
{
if (!demand.IsSubsetOf( null ))
throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString());
}
}
// Check to make sure our permission was not denied.
if (denied != null)
{
CodeAccessPermission deny
= (CodeAccessPermission)denied.GetItem(index);
if (deny != null && deny.Intersect(demand) != null)
throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString());
}
}
catch (Exception e)
{
// Any exception besides a security exception in this code means that
// a permission was unable to properly handle what we asked of it.
// We will define this to mean that the demand failed.
if (e is SecurityException)
throw e;
else
throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString());
}
}
}
}
protected void SetData(TokenBasedSet set)
{
m_set = set;
m_currentIndex = -1;
}
public PermissionListSet(PermissionListSet permListSet)
{
if (permListSet == null)
{
Reset();
return;
}
m_unrestrictedPermSet = new TokenBasedSet(permListSet.m_unrestrictedPermSet);
// Now deep copy all permission lists in set.
// Note that this DOES deep copy permissions in the list.
for (int i = 0; i <= m_unrestrictedPermSet.GetMaxUsedIndex(); i++)
{
PermissionList plist = (PermissionList)m_unrestrictedPermSet.GetItem(i);
if (plist != null)
{
m_unrestrictedPermSet.SetItem(i, plist.Copy());
}
}
m_normalPermSet = new TokenBasedSet(permListSet.m_normalPermSet);
// Now deep copy all permission lists in set.
// Note that this DOES deep copy permissions in the list.
for (int i = 0; i <= m_normalPermSet.GetMaxUsedIndex(); i++)
{
PermissionList plist = (PermissionList)m_normalPermSet.GetItem(i);
if (plist != null)
{
m_normalPermSet.SetItem(i, plist.Copy());
}
}
m_unrestricted = permListSet.m_unrestricted;
m_state = permListSet.m_state;
}
internal void InplaceUnion( PermissionSet other )
{
// Unions the "other" PermissionSet into this one. It can be optimized to do less copies than
// need be done by the traditional union (and we don't have to create a new PermissionSet).
if (this == other)
return;
// Quick out conditions, union doesn't change this PermissionSet
if (other == null || other.FastIsEmpty())
return;
m_CheckedForNonCas = false;
this.m_Unrestricted = this.m_Unrestricted || other.m_Unrestricted;
if (this.m_Unrestricted)
{
// if the result of Union is unrestricted permset, null the m_permSet member
this.m_permSet = null;
return;
}
// If we reach here, result of Union is not unrestricted
// We have to union "normal" permission no matter what now.
int maxMax = -1;
if (other.m_permSet != null)
{
maxMax = other.m_permSet.GetMaxUsedIndex();
this.CheckSet();
}
// Save exceptions until the end
Exception savedException = null;
for (int i = 0; i <= maxMax; ++i)
{
Object thisObj = this.m_permSet.GetItem( i );
IPermission thisPerm = thisObj as IPermission;
#if FEATURE_CAS_POLICY
ISecurityElementFactory thisElem = thisObj as ISecurityElementFactory;
#endif // FEATURE_CAS_POLICY
Object otherObj = other.m_permSet.GetItem( i );
IPermission otherPerm = otherObj as IPermission;
#if FEATURE_CAS_POLICY
ISecurityElementFactory otherElem = otherObj as ISecurityElementFactory;
#endif // FEATURE_CAS_POLICY
if (thisObj == null && otherObj == null)
continue;
#if FEATURE_CAS_POLICY
if (thisElem != null && otherElem != null)
{
if (thisElem.GetTag().Equals( s_str_PermissionUnion ) ||
thisElem.GetTag().Equals( s_str_PermissionUnrestrictedUnion ))
{
Contract.Assert( thisElem is SecurityElement, "SecurityElement expected" );
SafeChildAdd( (SecurityElement)thisElem, otherElem, true );
}
else
{
SecurityElement newElem;
if (this.IsUnrestricted() || other.IsUnrestricted())
newElem = new SecurityElement( s_str_PermissionUnrestrictedUnion );
else
newElem = new SecurityElement( s_str_PermissionUnion );
newElem.AddAttribute( "class", thisElem.Attribute( "class" ) );
SafeChildAdd( newElem, thisElem, false );
SafeChildAdd( newElem, otherElem, true );
this.m_permSet.SetItem( i, newElem );
}
}
else
#endif // FEATURE_CAS_POLICY
if (thisObj == null)
{
#if FEATURE_CAS_POLICY
if (otherElem != null)
{
this.m_permSet.SetItem( i, otherElem.Copy() );
}
else
#endif // FEATURE_CAS_POLICY
if (otherPerm != null)
{
PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i );
if (((token.m_type & PermissionTokenType.IUnrestricted) == 0) || !this.m_Unrestricted)
{
this.m_permSet.SetItem( i, otherPerm.Copy() );
}
}
}
else if (otherObj == null)
{
continue;
}
else
{
#if FEATURE_CAS_POLICY
if (thisElem != null)
thisPerm = this.CreatePermission(thisElem, i);
if (otherElem != null)
otherPerm = other.CreatePermission(otherElem, i);
#endif // FEATURE_CAS_POLICY
try
{
IPermission unionPerm;
if(thisPerm == null)
unionPerm = otherPerm;
else if(otherPerm == null)
unionPerm = thisPerm;
else
unionPerm = thisPerm.Union( otherPerm );
this.m_permSet.SetItem( i, unionPerm );
}
catch (Exception e)
{
if (savedException == null)
savedException = e;
}
}
}
if (savedException != null)
throw savedException;
}
private static bool CheckTokenBasedSets( TokenBasedSet thisSet, TokenBasedSet permSet, bool unrestricted, PermissionListSetState state, out Exception exception, bool bNeedAlteredSet, out TokenBasedSet alteredSet )
{
alteredSet = null;
// If the set is empty, there is no reason to walk the
// stack.
if (permSet == null || permSet.IsEmpty())
{
if (bNeedAlteredSet)
alteredSet = new TokenBasedSet( 1, 4 );
exception = null;
return false;
}
int permMaxIndex = permSet.GetMaxUsedIndex();
// Make a quick check to see if permSet definitely contains permissions that this set doesn't
if (permMaxIndex > thisSet.GetMaxUsedIndex())
{
// The only way we don't want to throw an exception is
// if we are unrestricted. Then, if we don't want to throw
// an exception we may want to terminate the stack walk
// based on an unrestricted assert.
if (unrestricted)
{
if (((state & PermissionListSetState.UnrestrictedAssert) != 0))
{
if (bNeedAlteredSet)
alteredSet = new TokenBasedSet( 1, 4 );
exception = null;
return false;
}
else
{
exception = null;
return true;
}
}
else
{
exception = new SecurityException(Environment.GetResourceString("Security_GenericNoType") );
return false;
}
}
bool continueStackWalk = false;
// We know that checking to <permMaxIndex> is sufficient because of above check
for (int i = 0; i <= permMaxIndex; i++)
{
Object obj = permSet.GetItem(i);
if (obj != null)
{
CodeAccessPermission cap = (CodeAccessPermission)obj;
PermissionList permList = (PermissionList)thisSet.GetItem(i);
if (permList != null)
{
bool tempContinue = permList.CheckDemandInternal(cap, out exception);
if (exception != null)
return false;
if (tempContinue)
{
// If we are supposed to continue the stack walk but there is an unrestricted
// deny, then we should fail.
if (((state & PermissionListSetState.UnrestrictedDeny) != 0) && (cap is IUnrestrictedPermission))
{
exception = new SecurityException(String.Format( Environment.GetResourceString("Security_Generic"), cap.GetType().AssemblyQualifiedName ) );
return false;
}
continueStackWalk = true;
}
else if (((state & PermissionListSetState.UnrestrictedAssert) == 0) && (cap is IUnrestrictedPermission))
{
// We only want to build the altered set if we don't have an
// unrestricted assert because we know if we have an unrestricted
// assert and we don't throw an exception that the stackwalk should
// include no unrestricted permissions.
if (bNeedAlteredSet)
{
if (alteredSet == null)
alteredSet = CopyTokenBasedSet( permSet );
alteredSet.SetItem( i, null );
}
}
}
else
{
if (!unrestricted)
{
exception = new SecurityException(String.Format( Environment.GetResourceString("Security_Generic"), cap.GetType().AssemblyQualifiedName ) );
return false;
}
}
}
}
exception = null;
return continueStackWalk;
}
private void OnDeserialized(StreamingContext ctx)
{
if (m_serializedPermissionSet != null)
{
// Whidbey non X-AD case
FromXml(SecurityElement.FromString(m_serializedPermissionSet));
}
else if (m_normalPermSet != null)
{
// Everett non X-AD case
m_permSet = m_normalPermSet.SpecialUnion(m_unrestrictedPermSet);
}
else if (m_unrestrictedPermSet != null)
{
// Everett non X-AD case
m_permSet = m_unrestrictedPermSet.SpecialUnion(m_normalPermSet);
}
m_serializedPermissionSet = null;
m_normalPermSet = null;
m_unrestrictedPermSet = null;
}
public static TokenBasedSet CopyTokenBasedSet( TokenBasedSet set )
{
if (set == null || set.GetCount() == 0)
return null;
int maxIndex = set.GetMaxUsedIndex();
TokenBasedSet copySet = new TokenBasedSet( maxIndex + 1, 4 );
for (int i = 0; i <= maxIndex; ++i)
{
Object obj = set.GetItem( i );
if (obj == null)
copySet.SetItem( i, null );
else if (obj is IPermission)
copySet.SetItem( i, ((IPermission)obj).Copy() );
else if (obj is PermissionList)
copySet.SetItem( i, ((PermissionList)obj).Copy() );
else
{
BCLDebug.Assert( false, "CopyTokenBasedSet can only be used for IPermission and PermissionList based TokenBasedSets" );
copySet.SetItem( i, obj );
}
}
return copySet;
}
public virtual void InplaceIntersect(TokenBasedSet other)
{
GenericIntersect(this, other);
}
private void AppendStackHelper( TokenBasedSet thisSet, TokenBasedSet permSet, bool unrestrictedThisSet, bool unrestrictedPermSet, bool unrestricted )
{
int maxThis = thisSet.GetMaxUsedIndex();
int maxPerm = permSet.GetMaxUsedIndex();
int maxIndex = maxThis > maxPerm ? maxThis : maxPerm;
for (int i = 0; i <= maxIndex; i++)
{
PermissionList plist = (PermissionList)thisSet.GetItem(i);
PermissionList appendList = (PermissionList)permSet.GetItem(i);
if (plist != null)
{
if (appendList != null)
{
// This call will not add the permission if the list is
// empty, or if the last element is a normal check with
// a null Permission. Let the method take care of it...
plist.AppendStack(appendList.Copy());
}
else
{
// Nothing on the compressed stack for this index,
// so terminate current list.
if (!unrestrictedPermSet)
{
thisSet.SetItem( i, plist.Copy() );
}
}
}
else if (unrestrictedThisSet && appendList != null)
{
thisSet.SetItem(i, appendList.Copy());
}
}
}
// Used to merge two distinct TokenBasedSets (used currently only in PermissionSet Deserialization)
internal TokenBasedSet SpecialUnion(TokenBasedSet other, ref bool canUnrestrictedOverride)
{
// This gets called from PermissionSet.OnDeserialized and it's possible that the TokenBasedSets have
// not been subjected to VTS callbacks yet
OnDeserializedInternal();
TokenBasedSet unionSet = new TokenBasedSet();
int maxMax;
if (other != null)
{
other.OnDeserializedInternal();
maxMax = this.GetMaxUsedIndex() > other.GetMaxUsedIndex() ? this.GetMaxUsedIndex() : other.GetMaxUsedIndex();
}
else
{
maxMax = this.GetMaxUsedIndex();
}
for (int i = 0; i <= maxMax; ++i)
{
Object thisObj = this.GetItem(i);
IPermission thisPerm = thisObj as IPermission;
ISecurityElementFactory thisElem = thisObj as ISecurityElementFactory;
Object otherObj = (other != null)?other.GetItem(i):null;
IPermission otherPerm = otherObj as IPermission;
ISecurityElementFactory otherElem = otherObj as ISecurityElementFactory;
if (thisObj == null && otherObj == null)
{
continue;
}
if (thisObj == null)
{
if (otherElem != null)
{
otherPerm = PermissionSet.CreatePerm(otherElem, false);
}
PermissionToken token = PermissionToken.GetToken(otherPerm);
if (token == null)
{
throw new SerializationException(Environment.GetResourceString("Serialization_InsufficientState"));
}
unionSet.SetItem(token.m_index, otherPerm);
if (!CodeAccessPermission.CanUnrestrictedOverride(otherPerm))
{
canUnrestrictedOverride = false;
}
}
else if (otherObj == null)
{
if (thisElem != null)
{
thisPerm = PermissionSet.CreatePerm(thisElem, false);
}
PermissionToken token = PermissionToken.GetToken(thisPerm);
if (token == null)
{
throw new SerializationException(Environment.GetResourceString("Serialization_InsufficientState"));
}
unionSet.SetItem(token.m_index, thisPerm);
if (!CodeAccessPermission.CanUnrestrictedOverride(thisPerm))
{
canUnrestrictedOverride = false;
}
}
else
{
BCLDebug.Assert((thisObj == null || otherObj == null), "Permission cannot be in both TokenBasedSets");
}
}
return(unionSet);
}
