static bool TryProcessPermissionSetAttribute (SecurityDeclaration declaration, out PermissionSet set)
{
set = null;
if (!declaration.HasSecurityAttributes && declaration.SecurityAttributes.Count != 1)
return false;
var security_attribute = declaration.SecurityAttributes [0];
var attribute_type = security_attribute.AttributeType;
if (attribute_type.Name != "PermissionSetAttribute" || attribute_type.Namespace != "System.Security.Permissions")
return false;
var attribute = new SSP.PermissionSetAttribute ((SSP.SecurityAction) declaration.Action);
var named_argument = security_attribute.Properties [0];
string value = (string) named_argument.Argument.Value;
switch (named_argument.Name) {
case "XML":
attribute.XML = value;
break;
case "Name":
attribute.Name = value;
break;
default:
throw new NotImplementedException (named_argument.Name);
}
set = attribute.CreatePermissionSet ();
return true;
}
public static void CopySecurityAttributes(SecurityDeclaration source, SecurityDeclaration target, ReferenceResolver resolver)
{
if (!source.HasSecurityAttributes)
return;
foreach (var attribute in source.SecurityAttributes)
target.InjectSecurityAttribute(attribute, resolver);
}
static PermissionSet CreatePermissionSet (SecurityDeclaration declaration)
{
var set = new PermissionSet (SSP.PermissionState.None);
foreach (var attribute in declaration.SecurityAttributes) {
var permission = CreatePermission (declaration, attribute);
set.AddPermission (permission);
}
return set;
}
public SecurityDeclaration FromByteArray (SecurityAction action, byte [] declaration, bool resolve)
{
SecurityDeclaration dec = new SecurityDeclaration (action, this);
#if !CF_1_0 && !CF_2_0
dec.PermissionSet = new PermissionSet (SSP.PermissionState.None);
if (IsEmptyDeclaration (declaration))
return dec;
if (declaration[0] == 0x2e) {
// new binary format introduced in 2.0
int pos = 1;
int start;
int numattr = Utilities.ReadCompressedInteger (declaration, pos, out start);
if (numattr == 0)
return dec;
BinaryReader br = new BinaryReader (new MemoryStream (declaration));
for (int i = 0; i < numattr; i++) {
pos = start;
SSP.SecurityAttribute sa = CreateSecurityAttribute (action, br, declaration, pos, out start, resolve);
if (sa == null) {
dec.Resolved = false;
dec.Blob = declaration;
return dec;
}
try {
IPermission p = sa.CreatePermission ();
dec.PermissionSet.AddPermission (p);
} catch {
dec.Resolved = false;
dec.Blob = declaration;
return dec;
}
}
dec.Resolved = true;
} else {
Parser.LoadXml (Encoding.Unicode.GetString (declaration));
try {
dec.PermissionSet.FromXml (Parser.ToXml ());
dec.PermissionSet.ToXml ();
dec.Resolved = true;
} catch {
dec.Resolved = false;
dec.Blob = declaration;
}
}
#endif
return dec;
}
static IPermission CreatePermission (SecurityDeclaration declaration, SecurityAttribute attribute)
{
var attribute_type = Type.GetType (attribute.AttributeType.FullName);
if (attribute_type == null)
throw new ArgumentException ();
var security_attribute = CreateSecurityAttribute (attribute_type, declaration);
if (security_attribute == null)
throw new InvalidOperationException ();
CompleteSecurityAttribute (security_attribute, attribute);
return security_attribute.CreatePermission ();
}
internal static SecurityDeclaration Clone (SecurityDeclaration sec)
{
SecurityDeclaration sd = new SecurityDeclaration (sec.Action);
if (!sec.IsReadable) {
sd.IsReadable = false;
sd.Blob = sec.Blob;
return sd;
}
#if !CF_1_0 && !CF_2_0
sd.PermissionSet = sec.PermissionSet.Copy ();
#endif
return sd;
}
static bool TryProcessPermissionSetAttribute (SecurityDeclaration declaration, out PermissionSet set)
{
set = null;
if (!declaration.HasSecurityAttributes)
return false;
var attributes = declaration.SecurityAttributes;
if (attributes.Count != 1)
return false;
var security_attribute = attributes [0];
var attribute_type = security_attribute.AttributeType;
if (attribute_type.Name != "PermissionSetAttribute" || attribute_type.Namespace != "System.Security.Permissions")
return false;
var attribute = new SSP.PermissionSetAttribute ((SSP.SecurityAction) declaration.Action);
foreach (var named_argument in security_attribute.Properties) {
object value = named_argument.Argument.Value;
switch (named_argument.Name) {
case "Unrestricted":
attribute.Unrestricted = (bool) value;
break;
case "UnicodeEncoded":
attribute.UnicodeEncoded = (bool) value;
break;
case "XML":
attribute.XML = (string) value;
break;
case "Name":
attribute.Name = (string) value;
break;
case "File":
attribute.File = (string) value;
break;
case "Hex":
attribute.Hex = (string) value;
break;
default:
throw new NotImplementedException (named_argument.Name);
}
}
set = attribute.CreatePermissionSet ();
return true;
}
public void Add (SecurityDeclaration value)
{
if (value == null)
throw new ArgumentNullException ("value");
// Each action can only be added once so...
SecurityDeclaration current = (SecurityDeclaration) m_items[value.Action];
if (current != null) {
// ... further additions are transformed into unions
#if !CF_1_0 && !CF_2_0
current.PermissionSet = current.PermissionSet.Union (value.PermissionSet);
#endif
} else {
m_items.Add (value.Action, value);
SetHasSecurity (true);
}
}
public static bool IsXmlPermissionSet(SecurityDeclaration xmlDeclaration)
{
if (!xmlDeclaration.HasSecurityAttributes || xmlDeclaration.SecurityAttributes.Count == 0)
// nothing to convert
return false;
if (xmlDeclaration.SecurityAttributes.Count > 1)
return false;
SecurityAttribute sa = xmlDeclaration.SecurityAttributes[0];
if (sa.HasFields)
return false;
if (!sa.HasProperties || sa.Properties.Count > 1)
return false;
CustomAttributeNamedArgument arg = sa.Properties[0];
if (arg.Name != "XML" || arg.Argument.Type.FullName != "System.String")
return false;
return true;
}
public static SecurityDeclaration Permission2XmlSet(SecurityDeclaration declaration, ModuleDefinition targetModule)
{
if (!declaration.HasSecurityAttributes || declaration.SecurityAttributes.Count == 0)
// nothing to convert
return declaration;
if (declaration.SecurityAttributes.Count > 1)
throw new Exception("Cannot convert SecurityDeclaration with more than one attribute");
SecurityAttribute sa = declaration.SecurityAttributes[0];
if (sa.HasFields)
throw new NotSupportedException("Cannot convert SecurityDeclaration with fields");
TypeReference attrType = sa.AttributeType;
AssemblyNameReference attrAsm = (AssemblyNameReference)attrType.Scope;
string className = attrType.FullName + ", " + attrAsm.FullName;
XmlDocument xmlDoc = new XmlDocument();
XmlElement permissionSet = xmlDoc.CreateElement("PermissionSet");
permissionSet.SetAttribute("class", "System.Security.PermissionSet");
permissionSet.SetAttribute("version", "1");
XmlElement iPermission = xmlDoc.CreateElement("IPermission");
iPermission.SetAttribute("class", className);
iPermission.SetAttribute("version", "1");
foreach (var arg in sa.Properties)
{
iPermission.SetAttribute(arg.Name, arg.Argument.Value.ToString());
}
permissionSet.AppendChild(iPermission);
xmlDoc.AppendChild(permissionSet);
string xmlDocString = xmlDoc.InnerXml;
SecurityDeclaration xmlDeclaration = new SecurityDeclaration(declaration.Action);
SecurityAttribute attribute = new SecurityAttribute(GetTypeRef("System.Security.Permissions", "PermissionSetAttribute", "mscorlib", targetModule));
attribute.Properties.Add(new CustomAttributeNamedArgument("XML",
new CustomAttributeArgument(targetModule.TypeSystem.String, xmlDoc.InnerXml)));
xmlDeclaration.SecurityAttributes.Add(attribute);
return xmlDeclaration;
}
static bool TryProcessPermissionSetAttribute (SecurityDeclaration declaration, out PermissionSet set)
{
set = null;
if (!declaration.HasSecurityAttributes && declaration.SecurityAttributes.Count != 1)
return false;
var security_attribute = declaration.SecurityAttributes [0];
var attribute_type = security_attribute.AttributeType;
if (attribute_type.Name != "PermissionSetAttribute" || attribute_type.Namespace != "System.Security.Permissions")
return false;
var named_argument = security_attribute.Properties [0];
if (named_argument.Name != "XML")
throw new NotSupportedException ();
var attribute = new SSP.PermissionSetAttribute ((SSP.SecurityAction) declaration.Action);
attribute.XML = (string) named_argument.Argument.Value;
set = attribute.CreatePermissionSet ();
return true;
}
public virtual void VisitSecurityDeclaration(SecurityDeclaration secDecl)
{
}
static SSP.SecurityAttribute CreateSecurityAttribute (Type attribute_type, SecurityDeclaration declaration)
{
SSP.SecurityAttribute security_attribute;
try {
security_attribute = (SSP.SecurityAttribute) Activator.CreateInstance (
attribute_type, new object [] { (SSP.SecurityAction) declaration.Action });
} catch (MissingMethodException) {
security_attribute = (SSP.SecurityAttribute) Activator.CreateInstance (attribute_type, new object [0]);
}
return security_attribute;
}
static IPermission CreatePermission (SecurityDeclaration declaration, SecurityAttribute attribute)
{
TypeReference atype = attribute.AttributeType;
string name = atype.FullName;
// most of the permissions resides inside mscorlib.dll
Type attribute_type = Type.GetType (name);
if (attribute_type == null) {
// but not all of them, so we need to try harder :-)
TypeDefinition rtype = atype.Resolve ();
AssemblyDefinition ad = rtype == null ? atype.Module.Assembly : rtype.Module.Assembly;
attribute_type = Type.GetType (name + ", " + ad.FullName);
}
if (attribute_type == null)
throw new ArgumentException ("attribute");
var security_attribute = CreateSecurityAttribute (attribute_type, declaration);
if (security_attribute == null)
throw new InvalidOperationException ();
CompleteSecurityAttribute (security_attribute, attribute);
return security_attribute.CreatePermission ();
}
public static SecurityDeclaration Xml2PermissionSet(SecurityDeclaration xmlDeclaration, ModuleDefinition targetModule)
{
if (!xmlDeclaration.HasSecurityAttributes || xmlDeclaration.SecurityAttributes.Count == 0)
// nothing to convert
return null;
if (xmlDeclaration.SecurityAttributes.Count > 1)
throw new Exception("Cannot convert SecurityDeclaration with more than one attribute");
SecurityAttribute sa = xmlDeclaration.SecurityAttributes[0];
if (sa.HasFields)
throw new NotSupportedException("Cannot convert SecurityDeclaration with fields");
if (!sa.HasProperties || sa.Properties.Count > 1)
throw new NotSupportedException("Invalid XML SecurityDeclaration (only 1 property supported)");
CustomAttributeNamedArgument arg = sa.Properties[0];
if (arg.Name != "XML" || arg.Argument.Type.FullName != "System.String")
throw new ArgumentException("Property \"XML\" expected");
if (string.IsNullOrEmpty(arg.Argument.Value as string))
return null;
XmlDocument xmlDoc = new XmlDocument();
xmlDoc.LoadXml((string)arg.Argument.Value);
XmlNode permissionSet = xmlDoc.SelectSingleNode("/PermissionSet");
if (permissionSet == null)
return null;
XmlNode permissionSetClass = permissionSet.SelectSingleNode("@class"); // check version?
if (permissionSetClass == null)
return null;
if (permissionSetClass.Value != "System.Security.PermissionSet")
return null;
XmlNode iPermission = permissionSet.SelectSingleNode("IPermission");
if (iPermission == null)
return null;
XmlNode iPermissionClass = iPermission.SelectSingleNode("@class"); // check version?
if (iPermissionClass == null)
return null;
// Create Namespace & Name from FullName, AssemblyName can be ignored since we look it up.
string[] valueParts = iPermissionClass.Value.Split(',');
Collection<string> classNamespace = new Collection<string>(valueParts[0].Split('.'));
string assemblyName = valueParts[1].Trim();
string className = classNamespace[classNamespace.Count - 1];
classNamespace.RemoveAt(classNamespace.Count - 1);
SecurityAttribute attribute = new SecurityAttribute(GetTypeRef(string.Join(".", classNamespace.ToArray()), className, assemblyName, targetModule));
foreach (XmlAttribute xmlAttr in iPermission.Attributes)
{
if ((xmlAttr.Name != "class") && (xmlAttr.Name != "version"))
{
attribute.Properties.Add(new CustomAttributeNamedArgument(xmlAttr.Name,
new CustomAttributeArgument(targetModule.TypeSystem.String, xmlAttr.Value)));
}
}
SecurityDeclaration newSd = new SecurityDeclaration(xmlDeclaration.Action);
newSd.SecurityAttributes.Add(attribute);
return newSd;
}
private IEnumerable<ICustomAttribute> GetSecurityDeclaration(SecurityDeclaration securityDeclaration)
{
List<ICustomAttribute> attributes = new List<ICustomAttribute>();
if (securityDeclaration.HasSecurityAttributes)
{
foreach (SecurityAttribute attribute in securityDeclaration.SecurityAttributes)
{
attributes.Add(attribute);
securityAttributeToDeclaration.Add(attribute, securityDeclaration);
}
}
return attributes;
}
public virtual void VisitSecurityDeclaration(SecurityDeclaration secDecl)
{
}
private void WriteSecurityDeclaration(SecurityDeclaration declaration)
{
WriteDot();
WriteKeyword("permissionset");
WriteSpace();
string actionKeyword = GetActionKeyword(declaration.Action);
WriteKeyword(actionKeyword);
WriteSpace();
Write("=");
WriteLine();
WriteOpenBreckets();
WriteLine();
Indent();
if (declaration.HasSecurityAttributes) /// this should always be true, but just in case
{
List<SecurityAttribute> securityAttributes = new List<SecurityAttribute>(declaration.SecurityAttributes);
securityAttributes.Sort((x, y) => x.CompareToSecurityAttribute(y, declaration, declaration));
foreach (SecurityAttribute attr in securityAttributes)
{
WriteSingleSecurityAttributes(attr);
WriteLine();
}
}
Outdent();
WriteEndBreckets();
}
protected virtual void MarkSecurityDeclaration (SecurityDeclaration sd)
{
if (!sd.HasSecurityAttributes)
return;
foreach (var sa in sd.SecurityAttributes)
MarkSecurityAttribute (sa);
}
private bool WriteSecurityAttribute(ModuleDefinition module, bool isAssemblyDeclaration, SecurityAttribute attribute, SecurityDeclaration securityDeclaration, out bool wroteArgument)
{
genericWriter.WriteToken(OpeningBracket);
if (isAssemblyDeclaration)
{
genericWriter.WriteKeyword(genericWriter.KeyWordWriter.Assembly);
genericWriter.Write(":");
genericWriter.WriteSpace();
}
string attributeName = attribute.AttributeType.Name.EndsWith("Attribute") ? attribute.AttributeType.Name.Remove(attribute.AttributeType.Name.LastIndexOf("Attribute")) : attribute.AttributeType.Name;
genericWriter.WriteNamespaceIfTypeInCollision(attribute.AttributeType);
genericWriter.WriteReference(attributeName, attribute.AttributeType);
genericWriter.WriteToken("(");
TypeReference securityActionTypeReference = securityDeclaration.GetSecurityActionTypeReference(module);
TypeDefinition argumentTypeDefinition = securityActionTypeReference.IsDefinition ? securityActionTypeReference as TypeDefinition : securityActionTypeReference.Resolve();
if (argumentTypeDefinition != null && argumentTypeDefinition.IsEnum)
{
List<FieldDefinition> fields = EnumValueToFieldCombinationMatcher.GetEnumFieldDefinitionByValue(argumentTypeDefinition.Fields, (int)securityDeclaration.Action, argumentTypeDefinition.CustomAttributes);
if (fields.Count != 0)
{
for (int i = 0; i < fields.Count; i++)
{
genericWriter.WriteReferenceAndNamespaceIfInCollision(fields[i].DeclaringType);
genericWriter.WriteToken(".");
genericWriter.WriteEnumValueField(fields[i]);
if (i + 1 < fields.Count)
{
genericWriter.WriteSpace();
genericWriter.WriteBitwiseOr();
genericWriter.WriteSpace();
}
}
}
else
{
WriteSecurityAttributeAction(securityDeclaration.Action);
}
}
wroteArgument = true;
if (attribute.HasFields || attribute.HasProperties)
{
var attributeType = attribute.AttributeType.Resolve();
if (attribute.HasProperties)
{
wroteArgument = WriteAttributeNamedArgs(attributeType, attribute.Properties, false, wroteArgument);
}
if (attribute.HasFields)
{
WriteAttributeNamedArgs(attributeType, attribute.Fields, true, wroteArgument);
}
}
genericWriter.WriteToken(")");
genericWriter.WriteToken(ClosingBracket);
genericWriter.WriteLine();
return wroteArgument;
}
public SecurityDeclarationEventArgs(SecurityDeclaration item)
{
m_item = item;
}
public bool Contains(SecurityDeclaration value)
{
if (value == null)
return (m_items.Count == 0);
SecurityDeclaration item = (SecurityDeclaration) m_items[value.Action];
if (item == null)
return false;
#if !CF_1_0 && !CF_2_0
return value.PermissionSet.IsSubsetOf (item.PermissionSet);
#else
// XXX For CF, this concept does not exist--so always be true
return true;
#endif
}
public static void InjectSecurityDeclaration(this ISecurityDeclarationProvider target, SecurityDeclaration declaration, ReferenceResolver resolver)
{
var newDeclaration = new SecurityDeclaration(declaration.Action);
MetadataBuilderHelper.CopySecurityAttributes(declaration, newDeclaration, resolver);
target.SecurityDeclarations.Add(newDeclaration);
}
private int CompareSecurityDeclaration(SecurityDeclaration first, SecurityDeclaration second)
{
if (first == second)
{
return 0;
}
string firstKeyword = GetActionKeyword(first.Action);
string secondKeyword = GetActionKeyword(second.Action);
return firstKeyword.CompareTo(secondKeyword);
}
public byte[] GetAsByteArray(SecurityDeclaration dec)
{
// TODO - add support for 2.0 format
// note: the 1.x format is still supported in 2.0 so this isn't an immediate problem
if (!dec.IsReadable)
return dec.Blob;
#if !CF_1_0 && !CF_2_0
if (dec.PermissionSet != null)
return Encoding.Unicode.GetBytes (dec.PermissionSet.ToXml ().ToString ());
#endif
return new byte [0];
}
void addSecurityDeclaration(SecurityDeclaration decl)
{
if (decl == null)
return;
access(() => addSecurityAttributes(decl.SecurityAttributes));
}
public SecurityDeclaration FromByteArray(SecurityAction action, byte [] declaration, bool resolve)
{
SecurityDeclaration dec = new SecurityDeclaration(action, this);
#if !CF_1_0 && !CF_2_0
dec.PermissionSet = new PermissionSet(SSP.PermissionState.None);
if (IsEmptyDeclaration(declaration))
{
return(dec);
}
if (declaration[0] == 0x2e)
{
// new binary format introduced in 2.0
int pos = 1;
int start;
int numattr = Utilities.ReadCompressedInteger(declaration, pos, out start);
if (numattr == 0)
{
return(dec);
}
BinaryReader br = new BinaryReader(new MemoryStream(declaration));
for (int i = 0; i < numattr; i++)
{
pos = start;
SSP.SecurityAttribute sa = CreateSecurityAttribute(action, br, declaration, pos, out start, resolve);
if (sa == null)
{
dec.Resolved = false;
dec.Blob = declaration;
return(dec);
}
try {
IPermission p = sa.CreatePermission();
dec.PermissionSet.AddPermission(p);
} catch {
dec.Resolved = false;
dec.Blob = declaration;
return(dec);
}
}
dec.Resolved = true;
}
else
{
Parser.LoadXml(Encoding.Unicode.GetString(declaration));
try {
dec.PermissionSet.FromXml(Parser.ToXml());
dec.PermissionSet.ToXml();
dec.Resolved = true;
} catch {
dec.Resolved = false;
dec.Blob = declaration;
}
}
#endif
return(dec);
}
