// // API for PermissionSets // public virtual void Assert(PermissionSet permSet, ref StackCrawlMark stackMark) { // Note: if the "AssertPermission" is not a permission that implements IUnrestrictedPermission // you need to change the fourth parameter to a zero. FrameSecurityDescriptor secObj = CodeAccessSecurityEngine.CheckNReturnSO( CodeAccessSecurityEngine.AssertPermissionToken, CodeAccessSecurityEngine.AssertPermission, ref stackMark, 1, 1); BCLDebug.Assert(secObj != null || !SecurityManager.SecurityEnabled, "Failure in SecurityRuntime.Assert() - secObj != null"); if (secObj == null) { if (SecurityManager.SecurityEnabled) { // Security: REQ_SQ flag is missing. Bad compiler ? throw new ExecutionEngineException(Environment.GetResourceString("ExecutionEngine_MissingSecurityDescriptor")); } } else { if (secObj.GetAssertions() != null) { throw new SecurityException(Environment.GetResourceString("Security_MustRevertOverride")); } secObj.SetAssert(permSet); } }
[System.Security.SecurityCritical] // auto-generated internal static void Assert(PermissionSet permSet, ref StackCrawlMark stackMark) { // Note: if the "AssertPermission" is not a permission that implements IUnrestrictedPermission // you need to change the fourth parameter to a zero. FrameSecurityDescriptor secObj = CodeAccessSecurityEngine.CheckNReturnSO( CodeAccessSecurityEngine.AssertPermissionToken, CodeAccessSecurityEngine.AssertPermission, ref stackMark, 1); Contract.Assert(secObj != null, "Failure in SecurityRuntime.Assert() - secObj != null"); if (secObj == null) { // Security: REQ_SQ flag is missing. Bad compiler ? System.Environment.FailFast(Environment.GetResourceString("ExecutionEngine_MissingSecurityDescriptor")); } else { if (secObj.HasImperativeAsserts()) { throw new SecurityException(Environment.GetResourceString("Security_MustRevertOverride")); } secObj.SetAssert(permSet); } }
internal static void DemandInternal(PermissionType permissionType) { CodeAccessSecurityEngine codeAccessSE = (CodeAccessSecurityEngine)SecurityManager.GetCodeAccessSecurityEngine(); if (commonSecObj == null) { // These correspond to SharedPermissionObjects in security.h, that is instances of commonly needed // permissions. From managed code, we regularly need Serialization and reflection emit permission. // The enum which acts as index into this array is same in EE and BCL. Thats why first 5 entries are null. // There is no synchronization on this call since the worse thing // that happens is that we create it multiple times (assuming that // assignment is atomic). commonSecObj = new CodeAccessPermission[] { null, // Unmanaged code access permission null, // Skip verification permission null, // Reflection type info permission null, // Assert permission null, // Reflection member access permission new SecurityPermission(SecurityPermissionFlag.SerializationFormatter), new ReflectionPermission(ReflectionPermissionFlag.ReflectionEmit) }; } BCLDebug.Assert(commonSecObj[(int)permissionType] != null, "Uninitialized commonSecObj in CodeAccessPermission"); if (codeAccessSE != null) { StackCrawlMark stackMark = StackCrawlMark.LookForMyCallersCaller; codeAccessSE.Check(commonSecObj[(int)permissionType], ref stackMark, permissionType); } }
private static void ReflectionTargetDemandHelper(int permission, PermissionSet targetGrant) { StackCrawlMark stackCrawlMark = StackCrawlMark.LookForMyCaller; CompressedStack compressedStack = CompressedStack.GetCompressedStack(ref stackCrawlMark); CodeAccessSecurityEngine.ReflectionTargetDemandHelper(permission, targetGrant, compressedStack); }
static private void DoInitSecurity() { s_ftPermSet = new PermissionSet(true); isr = new SecurityRuntime(); icase = new CodeAccessSecurityEngine(); }
private static void ThrowSecurityException(object assemblyOrString, PermissionSet granted, PermissionSet refused, RuntimeMethodHandleInternal rmh, SecurityAction action, object demand, IPermission permThatFailed) { if (assemblyOrString != null && !(assemblyOrString is RuntimeAssembly)) { throw SecurityException.MakeSecurityException(new AssemblyName((string)assemblyOrString), (Evidence)null, granted, refused, rmh, action, demand, permThatFailed); } CodeAccessSecurityEngine.ThrowSecurityException((RuntimeAssembly)assemblyOrString, granted, refused, rmh, action, demand, permThatFailed); }
internal static void CheckAssembly(RuntimeAssembly asm, CodeAccessPermission demand) { PermissionSet newGrant; PermissionSet newDenied; asm.GetGrantSet(out newGrant, out newDenied); CodeAccessSecurityEngine.CheckHelper(newGrant, newDenied, demand, PermissionToken.GetToken((IPermission)demand), RuntimeMethodHandleInternal.EmptyHandle, (object)asm, SecurityAction.Demand, true); }
internal bool CheckDemandNoThrow(CodeAccessPermission demand, PermissionToken permToken) { Debug.Assert(AssertSet == null, "AssertSet not null"); #pragma warning disable 618 return(CodeAccessSecurityEngine.CheckHelper(GrantSet, RefusedSet, demand, permToken, RuntimeMethodHandleInternal.EmptyHandle, null, SecurityAction.Demand, false)); #pragma warning restore 618 }
public void Demand() { if (!this.CheckDemand(null)) { StackCrawlMark stackMark = StackCrawlMark.LookForMyCallersCaller; CodeAccessSecurityEngine.Check(this, ref stackMark); } }
internal static void CheckAssembly(RuntimeAssembly asm, CodeAccessPermission demand) { PermissionSet grantedSet; PermissionSet refusedSet; asm.GetGrantSet(out grantedSet, out refusedSet); CodeAccessSecurityEngine.CheckHelper(grantedSet, refusedSet, demand, PermissionToken.GetToken(demand), RuntimeMethodHandleInternal.EmptyHandle, asm, SecurityAction.Demand, true); }
internal bool CheckDemand(CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandleInternal rmh) { if (!PermissionSetTriple.CheckAssert(this.AssertSet, demand, permToken)) { return(false); } CodeAccessSecurityEngine.CheckHelper(this.GrantSet, this.RefusedSet, demand, permToken, rmh, (object)null, SecurityAction.Demand, true); return(true); }
[System.Security.SecurityCritical] // auto-generated internal bool CheckSetDemandNoThrow(PermissionSet demandSet) { Contract.Assert(AssertSet == null, "AssertSet not null"); #pragma warning disable 618 return(CodeAccessSecurityEngine.CheckSetHelper(GrantSet, RefusedSet, demandSet, RuntimeMethodHandleInternal.EmptyHandle, null, SecurityAction.Demand, false)); #pragma warning restore 618 }
internal static void CheckSetHelper(CompressedStack cs, PermissionSet grants, PermissionSet refused, PermissionSet demands, RuntimeMethodHandleInternal rmh, RuntimeAssembly asm, SecurityAction action) { if (cs != null) { cs.CheckSetDemand(demands, rmh); return; } CodeAccessSecurityEngine.CheckSetHelper(grants, refused, demands, rmh, asm, action, true); }
internal PermissionSet Resolve(Evidence evidence) { PermissionSet grantSet = null; if (CodeAccessSecurityEngine.TryResolveGrantSet(evidence, out grantSet)) { return(grantSet); } return(this.CodeGroupResolve(evidence, false)); }
public void PermitOnly() { CodeAccessSecurityEngine icase = SecurityManager.GetCodeAccessSecurityEngine(); if (icase != null) { StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller; icase.PermitOnly(this, ref stackMark); } }
public void Demand() { if (this.CheckDemand((CodeAccessPermission)null)) { return; } StackCrawlMark stackMark = StackCrawlMark.LookForMyCallersCaller; CodeAccessSecurityEngine.Check(this, ref stackMark); }
public void Demand() { CodeAccessSecurityEngine icase = SecurityManager.GetCodeAccessSecurityEngine(); if (icase != null && !this.IsSubsetOf(null)) { StackCrawlMark stackMark = StackCrawlMark.LookForMyCallersCaller; icase.Check(this, ref stackMark); } }
internal static void CheckHelper(CompressedStack cs, PermissionSet grantedSet, PermissionSet refusedSet, CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandleInternal rmh, RuntimeAssembly asm, SecurityAction action) { if (cs != null) { cs.CheckDemand(demand, permToken, rmh); } else { CodeAccessSecurityEngine.CheckHelper(grantedSet, refusedSet, demand, permToken, rmh, (object)asm, action, true); } }
internal static bool CheckSetHelper(PermissionSet grants, PermissionSet refused, PermissionSet demands, RuntimeMethodHandleInternal rmh, object assemblyOrString, SecurityAction action, bool throwException) { IPermission permThatFailed = null; if (grants != null) { grants.CheckDecoded(demands); } if (refused != null) { refused.CheckDecoded(demands); } bool flag = SecurityManager._SetThreadSecurity(false); try { if (!demands.CheckDemand(grants, out permThatFailed)) { if (!throwException) { return(false); } CodeAccessSecurityEngine.ThrowSecurityException(assemblyOrString, grants, refused, rmh, action, demands, permThatFailed); } if (!demands.CheckDeny(refused, out permThatFailed)) { if (!throwException) { return(false); } CodeAccessSecurityEngine.ThrowSecurityException(assemblyOrString, grants, refused, rmh, action, demands, permThatFailed); } } catch (SecurityException) { throw; } catch (Exception) { if (!throwException) { return(false); } CodeAccessSecurityEngine.ThrowSecurityException(assemblyOrString, grants, refused, rmh, action, demands, permThatFailed); } finally { if (flag) { SecurityManager._SetThreadSecurity(true); } } return(true); }
internal bool CheckDemand(CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandle rmh) { if (CheckAssert(AssertSet, demand, permToken) == SecurityRuntime.StackHalt) { return(SecurityRuntime.StackHalt); } CodeAccessSecurityEngine.CheckHelper(GrantSet, RefusedSet, demand, permToken, rmh, null, SecurityAction.Demand, true); return(SecurityRuntime.StackContinue); }
private static void ThrowSecurityException(object assemblyOrString, PermissionSet granted, PermissionSet refused, RuntimeMethodHandleInternal rmh, SecurityAction action, object demand, IPermission permThatFailed) { if (assemblyOrString == null || assemblyOrString is RuntimeAssembly) { CodeAccessSecurityEngine.ThrowSecurityException((RuntimeAssembly)assemblyOrString, granted, refused, rmh, action, demand, permThatFailed); return; } AssemblyName asmName = new AssemblyName((string)assemblyOrString); throw SecurityException.MakeSecurityException(asmName, null, granted, refused, rmh, action, demand, permThatFailed); }
internal static bool CanUnrestrictedOverride(IPermission ip) { if (CodeAccessSecurityEngine.DoesFullTrustMeanFullTrust()) { return(true); } if (ip is IUnrestrictedPermission) { return(true); } return(false); }
[MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable internal static void Demand(PermissionType permissionType) { // The intent of the method is to be an internal mscorlib helper that Demands a specific permissiontype // without having to create objects. // The security annotation fxcop rule that flags all methods with a Demand() has logic // which checks for methods named Demand in types that implement IPermission or IStackWalk. Debug.Assert(new StackFrame().GetMethod().Name.Equals("Demand"), "This method needs to be named Demand"); StackCrawlMark stackMark = StackCrawlMark.LookForMyCallersCaller; CodeAccessSecurityEngine.SpecialDemand(permissionType, ref stackMark); }
internal bool CheckSetDemand(PermissionSet demandSet, out PermissionSet alteredDemandset, RuntimeMethodHandleInternal rmh) { alteredDemandset = (PermissionSet)null; if (!PermissionSetTriple.CheckAssert(this.AssertSet, demandSet, out alteredDemandset)) { return(false); } if (alteredDemandset != null) { demandSet = alteredDemandset; } CodeAccessSecurityEngine.CheckSetHelper(this.GrantSet, this.RefusedSet, demandSet, rmh, (object)null, SecurityAction.Demand, true); return(true); }
static public void GetZoneAndOrigin(out ArrayList zone, out ArrayList origin) { StackCrawlMark mark = StackCrawlMark.LookForMyCaller; if (_IsSecurityOn()) { CodeAccessSecurityEngine.GetZoneAndOrigin(ref mark, out zone, out origin); } else { zone = null; origin = null; } }
internal static void Assert(PermissionSet permSet, ref StackCrawlMark stackMark) { FrameSecurityDescriptor frameSecurityDescriptor = CodeAccessSecurityEngine.CheckNReturnSO(CodeAccessSecurityEngine.AssertPermissionToken, CodeAccessSecurityEngine.AssertPermission, ref stackMark, 1); if (frameSecurityDescriptor == null) { Environment.FailFast(Environment.GetResourceString("ExecutionEngine_MissingSecurityDescriptor")); return; } if (frameSecurityDescriptor.HasImperativeAsserts()) { throw new SecurityException(Environment.GetResourceString("Security_MustRevertOverride")); } frameSecurityDescriptor.SetAssert(permSet); }
[System.Security.SecurityCritical] // auto-generated internal PermissionSet Resolve(Evidence evidence) { // If we can resolve the grant set for the evidence via the host or the current AppDomain state, // then return that. Otherwise, call back out to code group resolution. PermissionSet grantSet = null; if (CodeAccessSecurityEngine.TryResolveGrantSet(evidence, out grantSet)) { return grantSet; } else { BCLDebug.Assert(AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled, "We're about to apply policy in a policy disabled app"); return CodeGroupResolve(evidence, false); } }
internal bool CheckSetDemand(PermissionSet demandSet, out PermissionSet alteredDemandset, RuntimeMethodHandle rmh) { alteredDemandset = null; if (CheckAssert(AssertSet, demandSet, out alteredDemandset) == SecurityRuntime.StackHalt) { return(SecurityRuntime.StackHalt); } if (alteredDemandset != null) { demandSet = alteredDemandset; // note that this does not modify demandSet external to this function. } CodeAccessSecurityEngine.CheckSetHelper(GrantSet, RefusedSet, demandSet, rmh, null, SecurityAction.Demand, true); return(SecurityRuntime.StackContinue); }
//-----------------------------------------------------------+ // R E V E R T //-----------------------------------------------------------+ internal void RevertAssert() { if (m_assertions != null) { m_assertions = null; DecrementAssertCount(); } if (m_DeclarativeAssertions != null) { m_AssertFT = (CodeAccessSecurityEngine.DoesFullTrustMeanFullTrust() && m_DeclarativeAssertions.IsUnrestricted());; } else { m_AssertFT = false; } }
// Token: 0x06001C6C RID: 7276 RVA: 0x0006188C File Offset: 0x0005FA8C private static PermissionSet ResolveGrantSet(Evidence evidence, out int specialFlags, bool checkExecutionPermission) { PermissionSet permissionSet = null; if (!CodeAccessSecurityEngine.TryResolveGrantSet(evidence, out permissionSet)) { permissionSet = new PermissionSet(PermissionState.Unrestricted); } if (checkExecutionPermission) { SecurityPermission perm = new SecurityPermission(SecurityPermissionFlag.Execution); if (!permissionSet.Contains(perm)) { throw new PolicyException(Environment.GetResourceString("Policy_NoExecutionPermission"), -2146233320); } } specialFlags = SecurityManager.GetSpecialFlags(permissionSet, null); return(permissionSet); }
static private void DoInitSecurity() { s_ftPermSet = new PermissionSet(true); isr = new SecurityRuntime(); icase = new CodeAccessSecurityEngine(); }