コード例 #1
0
        internal static void ResolveIdentityPermissions(PermissionSet ps, Evidence evidence)
        {
            if (ps.IsUnrestricted())
            {
                return;
            }
            IEnumerator hostEnumerator = evidence.GetHostEnumerator();

            while (hostEnumerator.MoveNext())
            {
                object obj = hostEnumerator.Current;
                IIdentityPermissionFactory identityPermissionFactory = obj as IIdentityPermissionFactory;
                if (identityPermissionFactory != null)
                {
                    IPermission perm = identityPermissionFactory.CreateIdentityPermission(evidence);
                    ps.AddPermission(perm);
                }
            }
        }
コード例 #2
0
        internal static void ResolveIdentityPermissions(PermissionSet ps, Evidence evidence)
        {
            // in 2.0 identity permissions can now be unrestricted
            if (ps.IsUnrestricted())
            {
                return;
            }

            // Only host evidence are used for policy resolution
            IEnumerator ee = evidence.GetHostEnumerator();

            while (ee.MoveNext())
            {
                IIdentityPermissionFactory ipf = (ee.Current as IIdentityPermissionFactory);
                if (ipf != null)
                {
                    IPermission p = ipf.CreateIdentityPermission(evidence);
                    ps.AddPermission(p);
                }
            }
        }
コード例 #3
0
ファイル: caspol.cs プロジェクト: samcf111/unityMono5.5.0
        // -rsp assemblyname
        // -resolveperm assemblyname
        static bool ResolvePermissions(string assemblyname)
        {
            Evidence ev = GetAssemblyEvidences(assemblyname);

            if (ev == null)
            {
                return(false);
            }

            PermissionSet ps = null;

            Console.WriteLine();
            if (policyLevelDefault)
            {
                // different "default" here
                IEnumerator e = SecurityManager.PolicyHierarchy();
                while (e.MoveNext())
                {
                    PolicyLevel pl = (PolicyLevel)e.Current;
                    Console.WriteLine("Resolving {0} level", pl.Label);
                    if (ps == null)
                    {
                        ps = pl.Resolve(ev).PermissionSet;
                    }
                    else
                    {
                        ps = ps.Intersect(pl.Resolve(ev).PermissionSet);
                    }
                }
            }
            else
            {
                // use the user specified levels
                foreach (PolicyLevel pl in Levels)
                {
                    Console.WriteLine("Resolving {0} level", pl.Label);
                    if (ps == null)
                    {
                        ps = pl.Resolve(ev).PermissionSet;
                    }
                    else
                    {
                        ps = ps.Intersect(pl.Resolve(ev).PermissionSet);
                    }
                }
            }
            if (ps == null)
            {
                return(false);
            }

            IEnumerator ee = ev.GetHostEnumerator();

            while (ee.MoveNext())
            {
                IIdentityPermissionFactory ipf = (ee.Current as IIdentityPermissionFactory);
                if (ipf != null)
                {
                    IPermission p = ipf.CreateIdentityPermission(ev);
                    ps.AddPermission(p);
                }
            }

            Console.WriteLine("{0}Grant:{0}{1}", Environment.NewLine, ps.ToXml().ToString());
            return(true);
        }
コード例 #4
0
        internal PermissionSet CodeGroupResolve(Evidence evidence, bool systemPolicy)
        {
            PermissionSet   grant = null;
            PolicyStatement policy;
            PolicyLevel     currentLevel = null;

            IEnumerator levelEnumerator = PolicyLevels.GetEnumerator();

            char[] serializedEvidence = MakeEvidenceArray(evidence, false);
            int    count = evidence.Count;

            bool legacyIgnoreSystemPolicy = (AppDomain.CurrentDomain.GetData("IgnoreSystemPolicy") != null);
            bool testApplicationLevels    = false;

            while (levelEnumerator.MoveNext())
            {
                currentLevel = (PolicyLevel)levelEnumerator.Current;
                if (systemPolicy)
                {
                    if (currentLevel.Type == PolicyLevelType.AppDomain)
                    {
                        continue;
                    }
                }
                else if (legacyIgnoreSystemPolicy && currentLevel.Type != PolicyLevelType.AppDomain)
                {
                    continue;
                }

                policy = currentLevel.Resolve(evidence, count, serializedEvidence);

                // If the grant is "AllPossible", the intersection is just the other permission set.
                // Otherwise, do an inplace intersection (since we know we can alter the grant set since
                // it is a copy of the first policy statement's permission set).

                if (grant == null)
                {
                    grant = policy.PermissionSet;
                }
                else
                {
                    grant.InplaceIntersect(policy.GetPermissionSetNoCopy());
                }

                if (grant == null || grant.FastIsEmpty())
                {
                    break;
                }
                else if ((policy.Attributes & PolicyStatementAttribute.LevelFinal) == PolicyStatementAttribute.LevelFinal)
                {
                    if (currentLevel.Type != PolicyLevelType.AppDomain)
                    {
                        testApplicationLevels = true;
                    }
                    break;
                }
            }

            if (grant != null && testApplicationLevels)
            {
                PolicyLevel appDomainLevel = null;

                for (int i = PolicyLevels.Count - 1; i >= 0; --i)
                {
                    currentLevel = (PolicyLevel)PolicyLevels[i];
                    if (currentLevel.Type == PolicyLevelType.AppDomain)
                    {
                        appDomainLevel = currentLevel;
                        break;
                    }
                }

                if (appDomainLevel != null)
                {
                    policy = appDomainLevel.Resolve(evidence, count, serializedEvidence);
                    grant.InplaceIntersect(policy.GetPermissionSetNoCopy());
                }
            }

            if (grant == null)
            {
                grant = new PermissionSet(PermissionState.None);
            }

            // Each piece of evidence can possibly create an identity permission that we
            // need to add to our grant set.  Therefore, for all pieces of evidence that
            // implement the IIdentityPermissionFactory interface, ask it for its
            // adjoining identity permission and add it to the grant.

            if (!CodeAccessSecurityEngine.DoesFullTrustMeanFullTrust() || !grant.IsUnrestricted())
            {
                IEnumerator enumerator = evidence.GetHostEnumerator();
                while (enumerator.MoveNext())
                {
                    Object obj = enumerator.Current;
                    IIdentityPermissionFactory factory = obj as IIdentityPermissionFactory;
                    if (factory != null)
                    {
                        IPermission perm = factory.CreateIdentityPermission(evidence);
                        if (perm != null)
                        {
                            grant.AddPermission(perm);
                        }
                    }
                }
            }

            grant.IgnoreTypeLoadFailures = true;
            return(grant);
        }
コード例 #5
0
        internal PermissionSet CodeGroupResolve(Evidence evidence, bool systemPolicy)
        {
            Contract.Assert(AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled);

            PermissionSet   grant = null;
            PolicyStatement policy;
            PolicyLevel     currentLevel = null;

            IEnumerator levelEnumerator = PolicyLevels.GetEnumerator();

            // We're optimized for standard policy, where the only evidence that is generally evaluated are
            // Zone, StrongName and Url.  Since all of these are relatively inexpensive, we'll force them to
            // generate, then use that as a key into the cache.
            evidence.GetHostEvidence <Zone>();
            evidence.GetHostEvidence <StrongName>();
            evidence.GetHostEvidence <Url>();
            byte[] serializedEvidence = evidence.RawSerialize();
            int    count = evidence.RawCount;

            bool legacyIgnoreSystemPolicy = (AppDomain.CurrentDomain.GetData("IgnoreSystemPolicy") != null);
            bool testApplicationLevels    = false;

            while (levelEnumerator.MoveNext())
            {
                currentLevel = (PolicyLevel)levelEnumerator.Current;
                if (systemPolicy)
                {
                    if (currentLevel.Type == PolicyLevelType.AppDomain)
                    {
                        continue;
                    }
                }
                else if (legacyIgnoreSystemPolicy && currentLevel.Type != PolicyLevelType.AppDomain)
                {
                    continue;
                }

                policy = currentLevel.Resolve(evidence, count, serializedEvidence);

                // If the grant is "AllPossible", the intersection is just the other permission set.
                // Otherwise, do an inplace intersection (since we know we can alter the grant set since
                // it is a copy of the first policy statement's permission set).

                if (grant == null)
                {
                    grant = policy.PermissionSet;
                }
                else
                {
                    grant.InplaceIntersect(policy.GetPermissionSetNoCopy());
                }

                if (grant == null || grant.FastIsEmpty())
                {
                    break;
                }
                else if ((policy.Attributes & PolicyStatementAttribute.LevelFinal) == PolicyStatementAttribute.LevelFinal)
                {
                    if (currentLevel.Type != PolicyLevelType.AppDomain)
                    {
                        testApplicationLevels = true;
                    }
                    break;
                }
            }

            if (grant != null && testApplicationLevels)
            {
                PolicyLevel appDomainLevel = null;

                for (int i = PolicyLevels.Count - 1; i >= 0; --i)
                {
                    currentLevel = (PolicyLevel)PolicyLevels[i];
                    if (currentLevel.Type == PolicyLevelType.AppDomain)
                    {
                        appDomainLevel = currentLevel;
                        break;
                    }
                }

                if (appDomainLevel != null)
                {
                    policy = appDomainLevel.Resolve(evidence, count, serializedEvidence);
                    grant.InplaceIntersect(policy.GetPermissionSetNoCopy());
                }
            }

            if (grant == null)
            {
                grant = new PermissionSet(PermissionState.None);
            }

            // Each piece of evidence can possibly create an identity permission that we
            // need to add to our grant set.  Therefore, for all pieces of evidence that
            // implement the IIdentityPermissionFactory interface, ask it for its
            // adjoining identity permission and add it to the grant.

            if (!grant.IsUnrestricted())
            {
                IEnumerator enumerator = evidence.GetHostEnumerator();
                while (enumerator.MoveNext())
                {
                    Object obj = enumerator.Current;
                    IIdentityPermissionFactory factory = obj as IIdentityPermissionFactory;
                    if (factory != null)
                    {
                        IPermission perm = factory.CreateIdentityPermission(evidence);
                        if (perm != null)
                        {
                            grant.AddPermission(perm);
                        }
                    }
                }
            }

            grant.IgnoreTypeLoadFailures = true;
            return(grant);
        }
コード例 #6
0
        internal PermissionSet CodeGroupResolve(Evidence evidence, bool systemPolicy)
        {
            PermissionSet permissionSet = null;
            PolicyLevel   current       = null;
            IEnumerator   enumerator    = this.PolicyLevels.GetEnumerator();

            evidence.GetHostEvidence <Zone>();
            evidence.GetHostEvidence <StrongName>();
            evidence.GetHostEvidence <Url>();
            byte[] serializedEvidence = evidence.RawSerialize();
            int    rawCount           = evidence.RawCount;
            bool   flag  = AppDomain.CurrentDomain.GetData("IgnoreSystemPolicy") != null;
            bool   flag2 = false;

            while (enumerator.MoveNext())
            {
                PolicyStatement statement;
                current = (PolicyLevel)enumerator.Current;
                if (systemPolicy)
                {
                    if (current.Type != PolicyLevelType.AppDomain)
                    {
                        goto Label_0078;
                    }
                    continue;
                }
                if (flag && (current.Type != PolicyLevelType.AppDomain))
                {
                    continue;
                }
Label_0078:
                statement = current.Resolve(evidence, rawCount, serializedEvidence);
                if (permissionSet == null)
                {
                    permissionSet = statement.PermissionSet;
                }
                else
                {
                    permissionSet.InplaceIntersect(statement.GetPermissionSetNoCopy());
                }
                if ((permissionSet == null) || permissionSet.FastIsEmpty())
                {
                    break;
                }
                if ((statement.Attributes & PolicyStatementAttribute.LevelFinal) == PolicyStatementAttribute.LevelFinal)
                {
                    if (current.Type != PolicyLevelType.AppDomain)
                    {
                        flag2 = true;
                    }
                    break;
                }
            }
            if ((permissionSet != null) && flag2)
            {
                PolicyLevel level2 = null;
                for (int i = this.PolicyLevels.Count - 1; i >= 0; i--)
                {
                    current = (PolicyLevel)this.PolicyLevels[i];
                    if (current.Type == PolicyLevelType.AppDomain)
                    {
                        level2 = current;
                        break;
                    }
                }
                if (level2 != null)
                {
                    permissionSet.InplaceIntersect(level2.Resolve(evidence, rawCount, serializedEvidence).GetPermissionSetNoCopy());
                }
            }
            if (permissionSet == null)
            {
                permissionSet = new PermissionSet(PermissionState.None);
            }
            if (!permissionSet.IsUnrestricted())
            {
                IEnumerator hostEnumerator = evidence.GetHostEnumerator();
                while (hostEnumerator.MoveNext())
                {
                    object obj2 = hostEnumerator.Current;
                    IIdentityPermissionFactory factory = obj2 as IIdentityPermissionFactory;
                    if (factory != null)
                    {
                        IPermission perm = factory.CreateIdentityPermission(evidence);
                        if (perm != null)
                        {
                            permissionSet.AddPermission(perm);
                        }
                    }
                }
            }
            permissionSet.IgnoreTypeLoadFailures = true;
            return(permissionSet);
        }
コード例 #7
0
ファイル: policymanager.cs プロジェクト: ydunk/masters
        public PermissionSet Resolve(Evidence evidence, PermissionSet request)
        {
#if _DEBUG
            if (debug)
            {
                DEBUG_OUT("PolicyManager::Resolve");
                IEnumerator evidenceEnumerator = evidence.GetEnumerator();
                DEBUG_OUT("Evidence:");
                while (evidenceEnumerator.MoveNext())
                {
                    Object obj = evidenceEnumerator.Current;
                    if (obj is Site)
                    {
                        DEBUG_OUT(((Site)obj).ToXml().ToString());
                    }
                    else if (obj is Zone)
                    {
                        DEBUG_OUT(((Zone)obj).ToXml().ToString());
                    }
                    else if (obj is Url)
                    {
                        DEBUG_OUT(((Url)obj).ToXml().ToString());
                    }
                    else if (obj is StrongName)
                    {
                        DEBUG_OUT(((StrongName)obj).ToXml().ToString());
                    }
                    else if (obj is PermissionRequestEvidence)
                    {
                        DEBUG_OUT(((PermissionRequestEvidence)obj).ToXml().ToString());
                    }
                }
            }
#endif

            // We set grant to null to represent "AllPossible"

            PermissionSet   grant = null;
            PolicyStatement policy;
            PolicyLevel     currentLevel = null;

            IEnumerator levelEnumerator = m_levels.GetEnumerator();

            char[] serializedEvidence = MakeEvidenceArray(evidence, false);
            int    count = evidence.Count;

            bool testApplicationLevels = false;

            while (levelEnumerator.MoveNext())
            {
                currentLevel = (PolicyLevel)levelEnumerator.Current;
                policy       = currentLevel.Resolve(evidence, count, serializedEvidence);

                // If the grant is "AllPossible", the intersection is just the other permission set.
                // Otherwise, do an inplace intersection (since we know we can alter the grant set since
                // it is a copy of the first policy statement's permission set).

                if (grant == null)
                {
                    grant = policy.PermissionSet;
                }
                else
                {
                    // An exception somewhere in here means that a permission
                    // failed some operation.  This simply means that it will be
                    // dropped from the grant set which is safe operation that
                    // can be ignored.

                    try
                    {
                        grant.InplaceIntersect(policy.GetPermissionSetNoCopy());
                    }
                    catch (Exception)
                    {
                    }
                }

    #if _DEBUG
                if (debug)
                {
                    DEBUG_OUT("Level = " + currentLevel.Label);
                    DEBUG_OUT("policy =\n" + policy.ToXml().ToString());
                    DEBUG_OUT("grant so far =\n" + grant.ToXml().ToString());
                }
    #endif

                if (grant.IsEmpty())
                {
                    break;
                }
                else if ((policy.Attributes & PolicyStatementAttribute.LevelFinal) == PolicyStatementAttribute.LevelFinal)
                {
                    if (!currentLevel.Label.Equals("AppDomain"))
                    {
                        testApplicationLevels = true;
                    }

                    break;
                }
            }

            if (testApplicationLevels)
            {
                PolicyLevel appDomainLevel = null;

                for (int i = m_levels.Count - 1; i >= 0; --i)
                {
                    currentLevel = (PolicyLevel)m_levels[i];

                    if (currentLevel.Label.Equals("AppDomain"))
                    {
                        appDomainLevel = currentLevel;
                        break;
                    }
                }

                if (appDomainLevel != null)
                {
                    policy = appDomainLevel.Resolve(evidence, count, serializedEvidence);

                    grant.InplaceIntersect(policy.GetPermissionSetNoCopy());
                }
            }


    #if _DEBUG
            if (debug)
            {
                DEBUG_OUT("granted =\n" + grant.ToString());
                DEBUG_OUT("request =\n" + (request != null ? request.ToString() : "<null>"));
                DEBUG_OUT("awarded =\n" + (request != null ? grant.Intersect(request).ToString() : grant.ToString()));
            }
    #endif

            try
            {
                if (request != null)
                {
                    grant.InplaceIntersect(request);
                }
            }
            catch (Exception)
            {
            }

    #if _DEBUG
            if (debug)
            {
                DEBUG_OUT("granted after intersect w/ request =\n" + grant.ToString());
            }
    #endif

            // Each piece of evidence can possibly create an identity permission that we
            // need to add to our grant set.  Therefore, for all pieces of evidence that
            // implement the IIdentityPermissionFactory interface, ask it for its
            // adjoining identity permission and add it to the grant.

            IEnumerator enumerator = evidence.GetHostEnumerator();
            while (enumerator.MoveNext())
            {
                try
                {
                    Object obj = enumerator.Current;
                    IIdentityPermissionFactory factory = obj as IIdentityPermissionFactory;
                    if (factory != null)
                    {
                        IPermission perm = factory.CreateIdentityPermission(evidence);

                        if (perm != null)
                        {
                            grant.AddPermission(perm);
                        }
                    }
                }
                catch (Exception)
                {
                }
            }

    #if _DEBUG
            if (debug)
            {
                DEBUG_OUT("awarded with identity =\n" + grant.ToString());
            }
    #endif
            return(grant);
        }
コード例 #8
0
ファイル: policymanager.cs プロジェクト: wwkkww1983/ZJCredit
        internal PermissionSet CodeGroupResolve(Evidence evidence, bool systemPolicy)
        {
            PermissionSet permissionSet = (PermissionSet)null;
            IEnumerator   enumerator    = this.PolicyLevels.GetEnumerator();

            evidence.GetHostEvidence <Zone>();
            evidence.GetHostEvidence <StrongName>();
            evidence.GetHostEvidence <Url>();
            byte[] serializedEvidence = evidence.RawSerialize();
            int    rawCount           = evidence.RawCount;
            bool   flag1 = AppDomain.CurrentDomain.GetData("IgnoreSystemPolicy") != null;
            bool   flag2 = false;

            while (enumerator.MoveNext())
            {
                PolicyLevel policyLevel = (PolicyLevel)enumerator.Current;
                if (systemPolicy)
                {
                    if (policyLevel.Type == PolicyLevelType.AppDomain)
                    {
                        continue;
                    }
                }
                else if (flag1 && policyLevel.Type != PolicyLevelType.AppDomain)
                {
                    continue;
                }
                PolicyStatement policyStatement = policyLevel.Resolve(evidence, rawCount, serializedEvidence);
                if (permissionSet == null)
                {
                    permissionSet = policyStatement.PermissionSet;
                }
                else
                {
                    permissionSet.InplaceIntersect(policyStatement.GetPermissionSetNoCopy());
                }
                if (permissionSet != null && !permissionSet.FastIsEmpty())
                {
                    if ((policyStatement.Attributes & PolicyStatementAttribute.LevelFinal) == PolicyStatementAttribute.LevelFinal)
                    {
                        if (policyLevel.Type != PolicyLevelType.AppDomain)
                        {
                            flag2 = true;
                            break;
                        }
                        break;
                    }
                }
                else
                {
                    break;
                }
            }
            if (permissionSet != null & flag2)
            {
                PolicyLevel policyLevel1 = (PolicyLevel)null;
                for (int index = this.PolicyLevels.Count - 1; index >= 0; --index)
                {
                    PolicyLevel policyLevel2 = (PolicyLevel)this.PolicyLevels[index];
                    if (policyLevel2.Type == PolicyLevelType.AppDomain)
                    {
                        policyLevel1 = policyLevel2;
                        break;
                    }
                }
                if (policyLevel1 != null)
                {
                    PolicyStatement policyStatement = policyLevel1.Resolve(evidence, rawCount, serializedEvidence);
                    permissionSet.InplaceIntersect(policyStatement.GetPermissionSetNoCopy());
                }
            }
            if (permissionSet == null)
            {
                permissionSet = new PermissionSet(PermissionState.None);
            }
            if (!permissionSet.IsUnrestricted())
            {
                IEnumerator hostEnumerator = evidence.GetHostEnumerator();
                while (hostEnumerator.MoveNext())
                {
                    IIdentityPermissionFactory permissionFactory = hostEnumerator.Current as IIdentityPermissionFactory;
                    if (permissionFactory != null)
                    {
                        IPermission identityPermission = permissionFactory.CreateIdentityPermission(evidence);
                        if (identityPermission != null)
                        {
                            permissionSet.AddPermission(identityPermission);
                        }
                    }
                }
            }
            permissionSet.IgnoreTypeLoadFailures = true;
            return(permissionSet);
        }