/// <summary>
/// Initializes a new instance of the <see cref="SecurityService"/> class.
/// </summary>
public SecurityService()
{
this.manager = Global.DependencyInjectionContainer.Resolve<SecurityManager>();
this.securityService = Global.DependencyInjectionContainer.Resolve<ISecurityService>();
this.manager.IsSecureConnection = this.Context.Request.IsSecureConnection;
this.cookiePath = this.manager.CookiePath;
}
AppDomain CreateProxy(int dwZone,
int dwFlag,
string domainName,
bool fHasCodeBase,
string CodeBase,
string pURL,
string configFile,
byte[] uniqueId,
string licenses
)
{
Manager.Log(this, true, "Need to create domain", "");
string friendlyName = null;
// @TODO: CTS, this should allow the security id as well
Evidence documentSecurity = new Evidence();
if ((dwFlag & CORIESECURITY_ZONE) != 0)
{
documentSecurity.AddHost(new Zone((System.Security.SecurityZone)dwZone));
}
if (pURL != null)
{
friendlyName = Manager.GetSiteName(pURL);
}
else
{
friendlyName = "<Unknown>";
}
if ((dwFlag & CORIESECURITY_SITE) != 0)
{
if (fHasCodeBase)
{
documentSecurity.AddHost(Site.CreateFromUrl(CodeBase));
documentSecurity.AddHost(new Url(CodeBase));
}
}
AppDomainSetup properties = new AppDomainSetup();
if (configFile != null)
{
properties.ConfigurationFile = configFile;
Manager.Log(this, true, "Added configuration file: " + configFile, "");
}
properties.ApplicationBase = CodeBase;
Manager.Log(this, true, "Application base: " + CodeBase, "");
properties.PrivateBinPath = "bin";
Manager.Log(this, true, "Private Bin Path: bin", "");
if (licenses != null)
{
properties.LicenseFile = licenses;
Manager.Log(this, true, "LicenceFile:" + licenses, "");
}
PermissionSet ps = SecurityManager.ResolvePolicy(documentSecurity);
if (FailRebinds(ps))
{
properties.DisallowBindingRedirects = true;
}
else
{
properties.DisallowBindingRedirects = false;
}
AppDomain proxy = AppDomain.CreateDomain(friendlyName,
documentSecurity,
properties);
if (proxy != null)
{
// Add the domain to our global list.
_host.AddDomain(uniqueId, domainName, proxy);
}
else
{
Manager.Log(this, true, "Unable to create proxy to type", "");
throw new ExecutionEngineException();
}
return(proxy);
}
internal static bool CheckHelper(PermissionSet grantedSet,
PermissionSet refusedSet,
CodeAccessPermission demand,
PermissionToken permToken,
RuntimeMethodHandle rmh,
Object assemblyOrString,
SecurityAction action,
bool throwException)
{
// We should never get here with a null demand
BCLDebug.Assert(demand != null, "Should not reach here with a null demand");
#if _DEBUG
if (debug)
{
DEBUG_OUT("Granted: ");
DEBUG_OUT(grantedSet.ToXml().ToString());
DEBUG_OUT("Refused: ");
DEBUG_OUT(refusedSet != null ? refusedSet.ToXml().ToString() : "<null>");
DEBUG_OUT("Demanded: ");
DEBUG_OUT(demand.ToString());
}
#endif
if (permToken == null)
{
permToken = PermissionToken.GetToken(demand);
}
if (grantedSet != null)
{
grantedSet.CheckDecoded(permToken.m_index);
}
if (refusedSet != null)
{
refusedSet.CheckDecoded(permToken.m_index);
}
// If PermissionSet is null, then module does not have Permissions... Fail check.
bool bThreadSecurity = SecurityManager._SetThreadSecurity(false);
try
{
if (grantedSet == null)
{
if (throwException)
{
ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
}
else
{
return(false);
}
}
else if (!grantedSet.IsUnrestricted() || !demand.CanUnrestrictedOverride())
{
// If we aren't unrestricted, there is a refused set, or our permission is not of the unrestricted
// variety, we need to do the proper callback.
BCLDebug.Assert(demand != null, "demand != null");
// Find the permission of matching type in the permission set.
CodeAccessPermission grantedPerm =
(CodeAccessPermission)grantedSet.GetPermission(permToken);
// Make sure the demand has been granted
if (!demand.CheckDemand(grantedPerm))
{
if (throwException)
{
ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
}
else
{
return(false);
}
}
}
// Make the sure the permission is not refused.
if (refusedSet != null)
{
CodeAccessPermission refusedPerm =
(CodeAccessPermission)refusedSet.GetPermission(permToken);
if (refusedPerm != null)
{
if (!refusedPerm.CheckDeny(demand))
{
#if _DEBUG
if (debug)
{
DEBUG_OUT("Permission found in refused set");
}
#endif
if (throwException)
{
ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
}
else
{
return(false);
}
}
}
if (refusedSet.IsUnrestricted() && demand.CanUnrestrictedOverride())
{
if (throwException)
{
ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
}
else
{
return(false);
}
}
}
}
catch (SecurityException)
{
throw;
}
catch (Exception)
{
// Any exception besides a security exception in this code means that
// a permission was unable to properly handle what we asked of it.
// We will define this to mean that the demand failed.
if (throwException)
{
ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
}
else
{
return(false);
}
}
catch
{
return(false);
}
finally
{
if (bThreadSecurity)
{
SecurityManager._SetThreadSecurity(true);
}
}
DEBUG_OUT("Check passed");
return(true);
}
internal static bool CheckSetHelper(PermissionSet grants,
PermissionSet refused,
PermissionSet demands,
RuntimeMethodHandle rmh,
Object assemblyOrString,
SecurityAction action,
bool throwException)
{
BCLDebug.Assert(demands != null, "Should not reach here with a null demand set");
#if _DEBUG
if (debug)
{
DEBUG_OUT("Granted: ");
DEBUG_OUT(grants.ToXml().ToString());
DEBUG_OUT("Refused: ");
DEBUG_OUT(refused != null ? refused.ToXml().ToString() : "<null>");
DEBUG_OUT("Demanded: ");
DEBUG_OUT(demands != null ? demands.ToXml().ToString() : "<null>");
}
#endif
IPermission permThatFailed = null;
if (grants != null)
{
grants.CheckDecoded(demands);
}
if (refused != null)
{
refused.CheckDecoded(demands);
}
bool bThreadSecurity = SecurityManager._SetThreadSecurity(false);
try
{
// Check grant set
if (!demands.CheckDemand(grants, out permThatFailed))
{
if (throwException)
{
ThrowSecurityException(assemblyOrString, grants, refused, rmh, action, demands, permThatFailed);
}
else
{
return(false);
}
}
// Check refused set
if (!demands.CheckDeny(refused, out permThatFailed))
{
if (throwException)
{
ThrowSecurityException(assemblyOrString, grants, refused, rmh, action, demands, permThatFailed);
}
else
{
return(false);
}
}
}
catch (SecurityException)
{
throw;
}
catch (Exception)
{
// Any exception besides a security exception in this code means that
// a permission was unable to properly handle what we asked of it.
// We will define this to mean that the demand failed.
if (throwException)
{
ThrowSecurityException(assemblyOrString, grants, refused, rmh, action, demands, permThatFailed);
}
else
{
return(false);
}
}
catch
{
return(false);
}
finally
{
if (bThreadSecurity)
{
SecurityManager._SetThreadSecurity(true);
}
}
return(true);
}
// Token: 0x06001E28 RID: 7720 RVA: 0x0006948C File Offset: 0x0006768C
internal static int GetSpecialFlags(PermissionSet grantSet, PermissionSet deniedSet)
{
if (grantSet != null && grantSet.IsUnrestricted() && (deniedSet == null || deniedSet.IsEmpty()))
{
return(-1);
}
SecurityPermissionFlag securityPermissionFlag = SecurityPermissionFlag.NoFlags;
ReflectionPermissionFlag reflectionPermissionFlag = ReflectionPermissionFlag.NoFlags;
CodeAccessPermission[] array = new CodeAccessPermission[6];
if (grantSet != null)
{
if (grantSet.IsUnrestricted())
{
securityPermissionFlag = SecurityPermissionFlag.AllFlags;
reflectionPermissionFlag = (ReflectionPermissionFlag.TypeInformation | ReflectionPermissionFlag.MemberAccess | ReflectionPermissionFlag.ReflectionEmit | ReflectionPermissionFlag.RestrictedMemberAccess);
for (int i = 0; i < array.Length; i++)
{
array[i] = SecurityManager.s_UnrestrictedSpecialPermissionMap[i];
}
}
else
{
SecurityPermission securityPermission = grantSet.GetPermission(6) as SecurityPermission;
if (securityPermission != null)
{
securityPermissionFlag = securityPermission.Flags;
}
ReflectionPermission reflectionPermission = grantSet.GetPermission(4) as ReflectionPermission;
if (reflectionPermission != null)
{
reflectionPermissionFlag = reflectionPermission.Flags;
}
for (int j = 0; j < array.Length; j++)
{
array[j] = (grantSet.GetPermission(SecurityManager.s_BuiltInPermissionIndexMap[j][0]) as CodeAccessPermission);
}
}
}
if (deniedSet != null)
{
if (deniedSet.IsUnrestricted())
{
securityPermissionFlag = SecurityPermissionFlag.NoFlags;
reflectionPermissionFlag = ReflectionPermissionFlag.NoFlags;
for (int k = 0; k < SecurityManager.s_BuiltInPermissionIndexMap.Length; k++)
{
array[k] = null;
}
}
else
{
SecurityPermission securityPermission = deniedSet.GetPermission(6) as SecurityPermission;
if (securityPermission != null)
{
securityPermissionFlag &= ~securityPermission.Flags;
}
ReflectionPermission reflectionPermission = deniedSet.GetPermission(4) as ReflectionPermission;
if (reflectionPermission != null)
{
reflectionPermissionFlag &= ~reflectionPermission.Flags;
}
for (int l = 0; l < SecurityManager.s_BuiltInPermissionIndexMap.Length; l++)
{
CodeAccessPermission codeAccessPermission = deniedSet.GetPermission(SecurityManager.s_BuiltInPermissionIndexMap[l][0]) as CodeAccessPermission;
if (codeAccessPermission != null && !codeAccessPermission.IsSubsetOf(null))
{
array[l] = null;
}
}
}
}
int num = SecurityManager.MapToSpecialFlags(securityPermissionFlag, reflectionPermissionFlag);
if (num != -1)
{
for (int m = 0; m < array.Length; m++)
{
if (array[m] != null && ((IUnrestrictedPermission)array[m]).IsUnrestricted())
{
num |= 1 << SecurityManager.s_BuiltInPermissionIndexMap[m][1];
}
}
}
return(num);
}
public static PolicyLevel LoadPolicyLevelFromString(string str, PolicyLevelType type)
{
return(SecurityManager.LoadPolicyLevelFromStringHelper(str, null, type));
}