public override CodeGroup ResolveMatchingCodeGroups(Evidence evidence)
{
if (evidence == null)
{
throw new ArgumentNullException("evidence");
}
if (this.MembershipCondition.Check(evidence))
{
CodeGroup retGroup = this.Copy();
retGroup.Children = new ArrayList();
IEnumerator enumerator = this.Children.GetEnumerator();
while (enumerator.MoveNext())
{
CodeGroup matchingGroups = ((CodeGroup)enumerator.Current).ResolveMatchingCodeGroups(evidence);
// If the child has a policy, we are done.
if (matchingGroups != null)
{
retGroup.AddChild(matchingGroups);
break;
}
}
return(retGroup);
}
else
{
return(null);
}
}
// Constructor.
internal PolicyLevel(String label)
{
this.label = label;
fullTrustAssemblies = new ArrayList();
namedPermissionSets = new ArrayList();
rootCodeGroup = DefaultRootCodeGroup();
}
/// <summary>Resolves matching code groups.</summary>
/// <returns>A <see cref="T:System.Security.Policy.CodeGroup" />.</returns>
/// <param name="evidence">The evidence for the assembly. </param>
/// <exception cref="T:System.ArgumentNullException">The <paramref name="evidence" /> parameter is null. </exception>
/// <PermissionSet>
/// <IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="UnmanagedCode" />
/// </PermissionSet>
public override CodeGroup ResolveMatchingCodeGroups(Evidence evidence)
{
if (evidence == null)
{
throw new ArgumentNullException("evidence");
}
if (!base.MembershipCondition.Check(evidence))
{
return(null);
}
CodeGroup codeGroup = this.Copy(false);
if (base.Children.Count > 0)
{
foreach (object obj in base.Children)
{
CodeGroup codeGroup2 = (CodeGroup)obj;
CodeGroup codeGroup3 = codeGroup2.ResolveMatchingCodeGroups(evidence);
if (codeGroup3 != null)
{
codeGroup.AddChild(codeGroup3);
}
}
}
return(codeGroup);
}
/// <include file='doc\CodeGroup.uex' path='docs/doc[@for="CodeGroup.Equals"]/*' />
public override bool Equals(Object o)
{
CodeGroup that = (o as CodeGroup);
if (that != null && this.GetType().Equals(that.GetType()))
{
if (Equals(this.m_name, that.m_name) &&
Equals(this.m_description, that.m_description))
{
if (this.m_membershipCondition == null && this.m_element != null)
{
this.ParseMembershipCondition();
}
if (that.m_membershipCondition == null && that.m_element != null)
{
that.ParseMembershipCondition();
}
if (Equals(this.m_membershipCondition, that.m_membershipCondition))
{
return(true);
}
}
}
return(false);
}
public override CodeGroup ResolveMatchingCodeGroups(Evidence evidence)
{
if (evidence == null)
{
throw new ArgumentNullException("evidence");
}
if (!base.MembershipCondition.Check(evidence))
{
return(null);
}
CodeGroup group = this.Copy();
group.Children = new ArrayList();
IEnumerator enumerator = base.Children.GetEnumerator();
while (enumerator.MoveNext())
{
CodeGroup group2 = ((CodeGroup)enumerator.Current).ResolveMatchingCodeGroups(evidence);
if (group2 != null)
{
group.AddChild(group2);
}
}
return(group);
}
public override CodeGroup ResolveMatchingCodeGroups(Evidence evidence)
{
if (evidence == null)
{
throw new ArgumentNullException("evidence");
}
if (!MembershipCondition.Check(evidence))
{
return(null);
}
// Copy() would add the child (even if they didn't match)
CodeGroup match = Copy(false);
if (this.Children.Count > 0)
{
foreach (CodeGroup cg in this.Children)
{
CodeGroup child = cg.ResolveMatchingCodeGroups(evidence);
if (child != null)
{
match.AddChild(child);
}
}
}
return(match);
}
public bool Equals(CodeGroup cg, bool compareChildren)
{
if (!this.Equals(cg))
{
return(false);
}
if (compareChildren)
{
if (this.m_children == null)
{
this.ParseChildren();
}
if (cg.m_children == null)
{
cg.ParseChildren();
}
ArrayList list = new ArrayList(this.m_children);
ArrayList list2 = new ArrayList(cg.m_children);
if (list.Count != list2.Count)
{
return(false);
}
for (int i = 0; i < list.Count; i++)
{
if (!((CodeGroup)list[i]).Equals((CodeGroup)list2[i], true))
{
return(false);
}
}
}
return(true);
}
public bool Equals( CodeGroup cg, bool compareChildren)
{
if (!this.Equals( cg )) return false;
if (compareChildren)
{
if (this.m_children == null)
this.ParseChildren();
if (cg.m_children == null)
cg.ParseChildren();
ArrayList list1 = new ArrayList(this.m_children);
ArrayList list2 = new ArrayList(cg.m_children);
if (list1.Count != list2.Count) return false;
for (int i = 0; i < list1.Count; i++)
{
if (!((CodeGroup) list1[i]).Equals( (CodeGroup) list2[i], true ))
{
return false;
}
}
}
return true;
}
public bool Equals(CodeGroup cg, bool compareChildren)
{
if (cg == null)
{
return(false);
}
if (Name != cg.Name || Description != cg.Description ||
!MembershipCondition.Equals(cg.MembershipCondition))
{
return(false);
}
if (compareChildren)
{
IList list1 = Children;
IList list2 = cg.Children;
if (list1.Count != list2.Count)
{
return(false);
}
int posn;
for (posn = 0; posn < list1.Count; ++posn)
{
if (!((CodeGroup)(list1[posn])).Equals
(((CodeGroup)(list2[posn])), true))
{
return(false);
}
}
}
return(true);
}
public void RemoveChild(CodeGroup group)
{
if (group != null)
{
m_children.Remove(group);
}
}
// Constructor.
internal PolicyLevel(String label)
{
this.label = label;
fullTrustAssemblies = new ArrayList();
namedPermissionSets = new ArrayList();
rootCodeGroup = DefaultRootCodeGroup();
}
/// <summary>Resolves policy for the code group and its descendants for a set of evidence.</summary>
/// <returns>A policy statement consisting of the permissions granted by the code group with optional attributes, or null if the code group does not apply (the membership condition does not match the specified evidence).</returns>
/// <param name="evidence">The evidence for the assembly. </param>
/// <exception cref="T:System.ArgumentNullException">The <paramref name="evidence" /> parameter is null. </exception>
/// <exception cref="T:System.Security.Policy.PolicyException">More than one code group (including the parent code group and any child code groups) is marked <see cref="F:System.Security.Policy.PolicyStatementAttribute.Exclusive" />. </exception>
/// <PermissionSet>
/// <IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="UnmanagedCode" />
/// </PermissionSet>
public override PolicyStatement Resolve(Evidence evidence)
{
if (evidence == null)
{
throw new ArgumentNullException("evidence");
}
if (!base.MembershipCondition.Check(evidence))
{
return(null);
}
PermissionSet permissionSet = base.PolicyStatement.PermissionSet.Copy();
if (base.Children.Count > 0)
{
foreach (object obj in base.Children)
{
CodeGroup codeGroup = (CodeGroup)obj;
PolicyStatement policyStatement = codeGroup.Resolve(evidence);
if (policyStatement != null)
{
permissionSet = permissionSet.Union(policyStatement.PermissionSet);
}
}
}
PolicyStatement policyStatement2 = base.PolicyStatement.Copy();
policyStatement2.PermissionSet = permissionSet;
return(policyStatement2);
}
public override CodeGroup ResolveMatchingCodeGroups(Evidence evidence)
{
if (evidence == null)
{
throw new ArgumentNullException("evidence");
}
CodeGroup return_group = null;
if (MembershipCondition.Check(evidence))
{
return_group = Copy();
foreach (CodeGroup child_group in Children)
{
CodeGroup matching =
child_group.ResolveMatchingCodeGroups(evidence);
if (matching == null)
{
continue;
}
return_group.AddChild(matching);
}
}
return(return_group);
}
public override CodeGroup ResolveMatchingCodeGroups(Evidence evidence)
{
if (null == evidence)
{
throw new ArgumentNullException("evidence");
}
if (!MembershipCondition.Check(evidence))
{
return(null);
}
FileCodeGroup matchRoot = new FileCodeGroup(MembershipCondition, m_access);
foreach (CodeGroup child in Children)
{
CodeGroup childMatchingCodeGroup = child.ResolveMatchingCodeGroups(evidence);
if (childMatchingCodeGroup != null)
{
matchRoot.AddChild(childMatchingCodeGroup);
}
}
return(matchRoot);
}
internal static bool CanUseQuickCache(CodeGroup group)
{
ArrayList list = new ArrayList();
list.Add(group);
for (int i = 0; i < list.Count; i++)
{
group = (CodeGroup) list[i];
if (group is IUnionSemanticCodeGroup)
{
if (!TestPolicyStatement(group.PolicyStatement))
{
return false;
}
}
else
{
return false;
}
IMembershipCondition membershipCondition = group.MembershipCondition;
if ((membershipCondition != null) && !(membershipCondition is IConstantMembershipCondition))
{
return false;
}
IList children = group.Children;
if ((children != null) && (children.Count > 0))
{
IEnumerator enumerator = children.GetEnumerator();
while (enumerator.MoveNext())
{
list.Add(enumerator.Current);
}
}
}
return true;
}
public bool Equals(CodeGroup cg, bool compareChildren)
{
if (!this.Equals((object)cg))
{
return(false);
}
if (compareChildren)
{
if (this.m_children == null)
{
this.ParseChildren();
}
if (cg.m_children == null)
{
cg.ParseChildren();
}
ArrayList arrayList1 = new ArrayList((ICollection)this.m_children);
ArrayList arrayList2 = new ArrayList((ICollection)cg.m_children);
if (arrayList1.Count != arrayList2.Count)
{
return(false);
}
for (int index = 0; index < arrayList1.Count; ++index)
{
if (!((CodeGroup)arrayList1[index]).Equals((CodeGroup)arrayList2[index], true))
{
return(false);
}
}
}
return(true);
}
/// <summary>Reconstructs a security object with a given state from an XML encoding.</summary>
/// <param name="e">The XML encoding to use to reconstruct the security object. </param>
/// <exception cref="T:System.ArgumentNullException">The <paramref name="e" /> parameter is null. </exception>
/// <exception cref="T:System.ArgumentException">The <see cref="T:System.Security.SecurityElement" /> specified by the <paramref name="e" /> parameter is invalid. </exception>
/// <PermissionSet>
/// <IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="UnmanagedCode" />
/// </PermissionSet>
public void FromXml(SecurityElement e)
{
if (e == null)
{
throw new ArgumentNullException("e");
}
SecurityElement securityElement = e.SearchForChildByTag("SecurityClasses");
if (securityElement != null && securityElement.Children != null && securityElement.Children.Count > 0)
{
this.fullNames = new Hashtable(securityElement.Children.Count);
foreach (object obj in securityElement.Children)
{
SecurityElement securityElement2 = (SecurityElement)obj;
this.fullNames.Add(securityElement2.Attributes["Name"], securityElement2.Attributes["Description"]);
}
}
SecurityElement securityElement3 = e.SearchForChildByTag("FullTrustAssemblies");
if (securityElement3 != null && securityElement3.Children != null && securityElement3.Children.Count > 0)
{
this.full_trust_assemblies.Clear();
foreach (object obj2 in securityElement3.Children)
{
SecurityElement securityElement4 = (SecurityElement)obj2;
if (securityElement4.Tag != "IMembershipCondition")
{
throw new ArgumentException(Locale.GetText("Invalid XML"));
}
string text = securityElement4.Attribute("class");
if (text.IndexOf("StrongNameMembershipCondition") < 0)
{
throw new ArgumentException(Locale.GetText("Invalid XML - must be StrongNameMembershipCondition"));
}
this.full_trust_assemblies.Add(new StrongNameMembershipCondition(securityElement4));
}
}
SecurityElement securityElement5 = e.SearchForChildByTag("CodeGroup");
if (securityElement5 != null && securityElement5.Children != null && securityElement5.Children.Count > 0)
{
this.root_code_group = CodeGroup.CreateFromXml(securityElement5, this);
SecurityElement securityElement6 = e.SearchForChildByTag("NamedPermissionSets");
if (securityElement6 != null && securityElement6.Children != null && securityElement6.Children.Count > 0)
{
this.named_permission_sets.Clear();
foreach (object obj3 in securityElement6.Children)
{
SecurityElement et = (SecurityElement)obj3;
NamedPermissionSet namedPermissionSet = new NamedPermissionSet();
namedPermissionSet.Resolver = this;
namedPermissionSet.FromXml(et);
this.named_permission_sets.Add(namedPermissionSet);
}
}
return;
}
throw new ArgumentException(Locale.GetText("Missing Root CodeGroup"));
}
/// <summary>Adds a child code group to the current code group.</summary>
/// <param name="group">The code group to be added as a child. This new child code group is added to the end of the list. </param>
/// <exception cref="T:System.ArgumentNullException">The <paramref name="group" /> parameter is null. </exception>
/// <exception cref="T:System.ArgumentException">The <paramref name="group" /> parameter is not a valid code group. </exception>
public void AddChild(CodeGroup group)
{
if (group == null)
{
throw new ArgumentNullException("group");
}
this.m_children.Add(group.Copy());
}
/// <summary>Reconstructs a security object with a given state and policy level from an XML encoding.</summary>
/// <param name="e">The XML encoding to use to reconstruct the security object. </param>
/// <param name="level">The policy level within which the code group exists. </param>
/// <exception cref="T:System.ArgumentNullException">The <paramref name="e" /> parameter is null. </exception>
public void FromXml(SecurityElement e, PolicyLevel level)
{
if (e == null)
{
throw new ArgumentNullException("e");
}
string text = e.Attribute("PermissionSetName");
PermissionSet permissionSet;
if (text != null && level != null)
{
permissionSet = level.GetNamedPermissionSet(text);
}
else
{
SecurityElement securityElement = e.SearchForChildByTag("PermissionSet");
if (securityElement != null)
{
Type type = Type.GetType(securityElement.Attribute("class"));
permissionSet = (PermissionSet)Activator.CreateInstance(type, true);
permissionSet.FromXml(securityElement);
}
else
{
permissionSet = new PermissionSet(new PermissionSet(PermissionState.None));
}
}
this.m_policy = new PolicyStatement(permissionSet);
this.m_children.Clear();
if (e.Children != null && e.Children.Count > 0)
{
foreach (object obj in e.Children)
{
SecurityElement securityElement2 = (SecurityElement)obj;
if (securityElement2.Tag == "CodeGroup")
{
this.AddChild(CodeGroup.CreateFromXml(securityElement2, level));
}
}
}
this.m_membershipCondition = null;
SecurityElement securityElement3 = e.SearchForChildByTag("IMembershipCondition");
if (securityElement3 != null)
{
string text2 = securityElement3.Attribute("class");
Type type2 = Type.GetType(text2);
if (type2 == null)
{
type2 = Type.GetType("System.Security.Policy." + text2);
}
this.m_membershipCondition = (IMembershipCondition)Activator.CreateInstance(type2, true);
this.m_membershipCondition.FromXml(securityElement3, level);
}
this.m_name = e.Attribute("Name");
this.m_description = e.Attribute("Description");
this.ParseXml(e, level);
}
/// <summary>Resolves policy at the policy level and returns the root of a code group tree that matches the evidence.</summary>
/// <returns>A <see cref="T:System.Security.Policy.CodeGroup" /> representing the root of a tree of code groups matching the specified evidence.</returns>
/// <param name="evidence">The <see cref="T:System.Security.Policy.Evidence" /> used to resolve policy. </param>
/// <exception cref="T:System.Security.Policy.PolicyException">The policy level contains multiple matching code groups marked as exclusive. </exception>
/// <exception cref="T:System.ArgumentNullException">The <paramref name="evidence" /> parameter is null. </exception>
/// <PermissionSet>
/// <IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="ControlEvidence" />
/// </PermissionSet>
public CodeGroup ResolveMatchingCodeGroups(Evidence evidence)
{
if (evidence == null)
{
throw new ArgumentNullException("evidence");
}
CodeGroup codeGroup = this.root_code_group.ResolveMatchingCodeGroups(evidence);
return((codeGroup == null) ? null : codeGroup);
}
/// <summary>Makes a deep copy of the code group.</summary>
/// <returns>An equivalent copy of the code group, including its membership conditions and child code groups.</returns>
/// <PermissionSet>
/// <IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="UnmanagedCode" />
/// </PermissionSet>
public override CodeGroup Copy()
{
FirstMatchCodeGroup firstMatchCodeGroup = this.CopyNoChildren();
foreach (object obj in base.Children)
{
CodeGroup codeGroup = (CodeGroup)obj;
firstMatchCodeGroup.AddChild(codeGroup.Copy());
}
return(firstMatchCodeGroup);
}
public CodeGroup ResolveMatchingCodeGroups(Evidence evidence)
{
if (evidence == null)
{
throw new ArgumentNullException("evidence");
}
CodeGroup cg = root_code_group.ResolveMatchingCodeGroups(evidence);
return((cg != null) ? cg : null);
}
public override bool Equals(object o)
{
CodeGroup cg = (o as CodeGroup);
if (cg == null)
{
return(false);
}
return(Equals(cg, false));
}
// Remove a child from this code group.
public void RemoveChild(CodeGroup group)
{
if (group == null)
{
throw new ArgumentNullException("group");
}
if (!(Children.Contains(group)))
{
throw new ArgumentException
(_("Security_NotCodeGroupChild"));
}
}
internal void AddChildInternal(CodeGroup group)
{
if (group == null)
{
throw new ArgumentNullException("group");
}
if (this.m_children == null)
{
this.ParseChildren();
}
lock (this)
this.m_children.Add((object)group);
}
internal PolicyLevel(PolicyLevelType type, string path, System.Security.Policy.ConfigId configId)
{
this.m_type = type;
this.m_path = path;
this.m_loaded = path == null;
if (this.m_path == null)
{
this.m_rootCodeGroup = this.CreateDefaultAllGroup();
this.SetFactoryPermissionSets();
this.SetDefaultFullTrustAssemblies();
}
this.m_configId = configId;
}
public void AddChild(CodeGroup group)
{
if (group == null)
{
throw new ArgumentNullException("group");
}
if (this.m_children == null)
{
this.ParseChildren();
}
lock (this)
this.m_children.Add((object)group.Copy());
}
public void AddChild( CodeGroup group )
{
if (group == null)
throw new ArgumentNullException("group");
if (m_children == null)
ParseChildren();
lock (this)
{
m_children.Add( group.Copy() );
}
}
internal void AddChildInternal( CodeGroup group )
{
if (group == null)
throw new ArgumentNullException("group");
if (m_children == null)
ParseChildren();
lock (this)
{
m_children.Add( group );
}
}
// Compare two code groups for equality.
public override bool Equals(Object obj)
{
CodeGroup cg = (obj as CodeGroup);
if (cg != null)
{
return(Equals(cg, false));
}
else
{
return(false);
}
}
/// <summary>Makes a deep copy of the current code group.</summary>
/// <returns>An equivalent copy of the current code group, including its membership conditions and child code groups.</returns>
public override CodeGroup Copy()
{
FileCodeGroup fileCodeGroup = new FileCodeGroup(base.MembershipCondition, this.m_access);
fileCodeGroup.Name = base.Name;
fileCodeGroup.Description = base.Description;
foreach (object obj in base.Children)
{
CodeGroup codeGroup = (CodeGroup)obj;
fileCodeGroup.AddChild(codeGroup.Copy());
}
return(fileCodeGroup);
}
/// <summary>Makes a deep copy of the current code group.</summary>
/// <returns>An equivalent copy of the current code group, including its membership conditions and child code groups.</returns>
public override CodeGroup Copy()
{
NetCodeGroup netCodeGroup = new NetCodeGroup(base.MembershipCondition);
netCodeGroup.Name = base.Name;
netCodeGroup.Description = base.Description;
netCodeGroup.PolicyStatement = base.PolicyStatement;
foreach (object obj in base.Children)
{
CodeGroup codeGroup = (CodeGroup)obj;
netCodeGroup.AddChild(codeGroup.Copy());
}
return(netCodeGroup);
}
internal void AddChildInternal(CodeGroup group)
{
if (group == null)
{
throw new ArgumentNullException("group");
}
if (this.m_children == null)
{
this.ParseChildren();
}
lock (this)
{
this.m_children.Add(group);
}
}
// Hardcode defaults in case
// (a) the specified policy file doesn't exists; and
// (b) no corresponding default policy file exists
internal void CreateDefaultLevel(PolicyLevelType type)
{
PolicyStatement psu = new PolicyStatement(DefaultPolicies.FullTrust);
switch (type)
{
case PolicyLevelType.Machine:
// by default all stuff is in the machine policy...
PolicyStatement psn = new PolicyStatement(DefaultPolicies.Nothing);
root_code_group = new UnionCodeGroup(new AllMembershipCondition(), psn);
root_code_group.Name = "All_Code";
UnionCodeGroup myComputerZone = new UnionCodeGroup(new ZoneMembershipCondition(SecurityZone.MyComputer), psu);
myComputerZone.Name = "My_Computer_Zone";
// TODO: strongname code group for ECMA and MS keys
root_code_group.AddChild(myComputerZone);
UnionCodeGroup localIntranetZone = new UnionCodeGroup(new ZoneMembershipCondition(SecurityZone.Intranet),
new PolicyStatement(DefaultPolicies.LocalIntranet));
localIntranetZone.Name = "LocalIntranet_Zone";
// TODO: same site / same directory
root_code_group.AddChild(localIntranetZone);
PolicyStatement psi = new PolicyStatement(DefaultPolicies.Internet);
UnionCodeGroup internetZone = new UnionCodeGroup(new ZoneMembershipCondition(SecurityZone.Internet), psi);
internetZone.Name = "Internet_Zone";
// TODO: same site
root_code_group.AddChild(internetZone);
UnionCodeGroup restrictedZone = new UnionCodeGroup(new ZoneMembershipCondition(SecurityZone.Untrusted), psn);
restrictedZone.Name = "Restricted_Zone";
root_code_group.AddChild(restrictedZone);
UnionCodeGroup trustedZone = new UnionCodeGroup(new ZoneMembershipCondition(SecurityZone.Trusted), psi);
trustedZone.Name = "Trusted_Zone";
// TODO: same site
root_code_group.AddChild(trustedZone);
break;
case PolicyLevelType.User:
case PolicyLevelType.Enterprise:
case PolicyLevelType.AppDomain:
// while the other policies don't restrict anything
root_code_group = new UnionCodeGroup(new AllMembershipCondition(), psu);
root_code_group.Name = "All_Code";
break;
}
}
static Object GetLabelByName( String label, CodeGroup group, ref String numericLabel )
{
if (group.Name != null && group.Name.Equals( label ))
{
numericLabel = "1";
return group;
}
return GetLabelByNameHelper( label, group, ref numericLabel );
}
static void ReplaceLabel( String label, CodeGroup obj )
{
PolicyLevel level = GetLevel();
if (level == null)
{
return;
}
if (label == null)
{
return;
}
if (label[0] < '0' || label[0] > '9')
{
String numericLabel = "1";
GetLabelByName( label, level.RootCodeGroup, ref numericLabel );
label = numericLabel;
}
String[] separated = label.Split( m_labelSeparators.ToCharArray() );
int size = separated[separated.Length-1] == null || separated[separated.Length-1].Equals( "" )
? separated.Length-1 : separated.Length;
if (size >= 1 && !separated[0].Equals( "1" ))
{
throw new ArgumentException( String.Format( manager.GetString( "Error_InvalidLabelArg" ), label ) );
}
CodeGroup group = level.RootCodeGroup;
if (size == 1 && separated[0].Equals( "1" ))
{
level.RootCodeGroup = obj;
return;
}
ArrayList groupsList = new ArrayList();
CodeGroup newGroup = group;
groupsList.Insert( 0, group );
for (int index = 1; index < size - 1; ++index)
{
IEnumerator enumerator = group.Children.GetEnumerator();
int count = 1;
while (enumerator.MoveNext())
{
if (count == Int32.Parse( separated[index] ))
{
newGroup = (CodeGroup)enumerator.Current;
break;
}
else
{
count++;
}
}
if (newGroup == null)
throw new ArgumentException( String.Format( manager.GetString( "Error_InvalidLabelArg" ), label ) );
else
{
group = newGroup;
groupsList.Insert( 0, group );
}
}
groupsList.Insert( 0, obj );
for (int i = 1; i < groupsList.Count; ++i)
{
newGroup = (CodeGroup)groupsList[i];
IEnumerator finalEnumerator = newGroup.Children.GetEnumerator();
newGroup.Children = new ArrayList();
int finalCount = 1;
while (finalEnumerator.MoveNext())
{
if (finalCount == Int32.Parse( separated[size-i] ))
{
newGroup.AddChild( (CodeGroup)groupsList[i-1] );
}
else
{
newGroup.AddChild( (CodeGroup)finalEnumerator.Current );
}
finalCount++;
}
}
level.RootCodeGroup = (CodeGroup)groupsList[groupsList.Count-1];
}
private void SetDefault() {
lock (this) {
string path = GetLocationFromType(m_type) + ".default";
if (File.InternalExists(path)) {
PolicyLevel level = new PolicyLevel(m_type, path);
m_rootCodeGroup = level.RootCodeGroup;
m_namedPermissionSets = (ArrayList)level.NamedPermissionSets;
#pragma warning disable 618 // for obsolete FullTrustAssemblies property.
m_fullTrustAssemblies = (ArrayList)level.FullTrustAssemblies;
#pragma warning restore 618
m_loaded = true;
}
else {
m_namedPermissionSets = null;
m_rootCodeGroup = null;
m_permSetElement = null;
m_rootCodeGroup = (m_type == PolicyLevelType.Machine ? CreateDefaultMachinePolicy() : CreateDefaultAllGroup());
SetFactoryPermissionSets();
SetDefaultFullTrustAssemblies();
m_loaded = true;
}
}
}
[System.Security.SecuritySafeCritical] // auto-generated
public void Recover() {
if (m_configId == ConfigId.None)
throw new PolicyException(Environment.GetResourceString("Policy_RecoverNotFileBased"));
lock (this) {
// This call will safely swap the files.
if (!Config.RecoverData(m_configId))
throw new PolicyException(Environment.GetResourceString("Policy_RecoverNoConfigFile"));
// Now we need to blank out the level
m_loaded = false;
m_rootCodeGroup = null;
m_namedPermissionSets = null;
m_fullTrustAssemblies = new ArrayList();
}
}
// Actions
static void ShowCodeGroup (CodeGroup cg, string prefix)
{
Console.WriteLine ("{0}. {1}: {2}", prefix, cg.MembershipCondition, cg.PermissionSetName);
for (int i=0; i < cg.Children.Count; i++) {
ShowCodeGroup ((CodeGroup)cg.Children [i], " " + prefix + "." + (i + 1));
}
}
static void CodeGroupDescriptionHandler( CodeGroup group, String[] args, int index, out int offset )
{
offset = 2;
if (args[index].Equals( "__internal_usage__" ))
{
PauseCapableWriteLine( manager.GetString( "Help_Option_Description" ) );
return;
}
if (args.Length - index < 1)
{
ErrorMShip( args[0], manager.GetString( "CodeGroupAttributeTable_Description" ), manager.GetString( "Error_NotEnoughArgs" ), -1 );
}
group.Description = args[index+1];
}
private static void DisplayCodeGroupNameDescriptions( CodeGroup group )
{
String label = "1";
PauseCapableWriteLine(
label + ". " +
(group.Name != null && !group.Name.Equals( "" ) ? group.Name : "@@No label@@") +
": " +
(group.Description != null && !group.Description.Equals( "" ) ? group.Description : "@@No description@@") );
ListCodeGroupNameDescription( label, m_indent, group.Children.GetEnumerator() );
}
public void RemoveChild(CodeGroup group)
{
if (group != null)
{
if (this.m_children == null)
{
this.ParseChildren();
}
lock (this)
{
int index = this.m_children.IndexOf(group);
if (index != -1)
{
this.m_children.RemoveAt(index);
}
}
}
}
public bool Equals(CodeGroup cg, bool compareChildren)
{
if (!this.Equals(cg))
{
return false;
}
if (compareChildren)
{
if (this.m_children == null)
{
this.ParseChildren();
}
if (cg.m_children == null)
{
cg.ParseChildren();
}
ArrayList list = new ArrayList(this.m_children);
ArrayList list2 = new ArrayList(cg.m_children);
if (list.Count != list2.Count)
{
return false;
}
for (int i = 0; i < list.Count; i++)
{
if (!((CodeGroup) list[i]).Equals((CodeGroup) list2[i], true))
{
return false;
}
}
}
return true;
}
// Reset to the default state.
public void Reset()
{
fullTrustAssemblies.Clear();
namedPermissionSets.Clear();
rootCodeGroup = DefaultRootCodeGroup();
}
public void FromXml(SecurityElement e) {
if (e == null)
throw new ArgumentNullException("e");
Contract.EndContractBlock();
Hashtable classes;
lock (this) {
ArrayList fullTrustAssemblies = new ArrayList();
SecurityElement eClasses = e.SearchForChildByTag("SecurityClasses");
if (eClasses != null) {
classes = new Hashtable();
IEnumerator enumerator = eClasses.Children.GetEnumerator();
while (enumerator.MoveNext()) {
SecurityElement current = (SecurityElement)enumerator.Current;
if (current.Tag.Equals("SecurityClass")) {
string name = current.Attribute("Name");
string description = current.Attribute("Description");
if (name != null && description != null)
classes.Add(name, description);
}
}
}
else {
classes = null;
}
SecurityElement elFullTrust = e.SearchForChildByTag("FullTrustAssemblies");
if (elFullTrust != null && elFullTrust.InternalChildren != null) {
string className = typeof(System.Security.Policy.StrongNameMembershipCondition).AssemblyQualifiedName;
IEnumerator enumerator = elFullTrust.Children.GetEnumerator();
while (enumerator.MoveNext()) {
StrongNameMembershipCondition sn = new StrongNameMembershipCondition();
sn.FromXml((SecurityElement)enumerator.Current);
fullTrustAssemblies.Add(sn);
}
}
m_fullTrustAssemblies = fullTrustAssemblies;
ArrayList namedPermissionSets = new ArrayList();
SecurityElement elPermSets = e.SearchForChildByTag("NamedPermissionSets");
SecurityElement permSetElement = null;
// Here we just find the parent element for the named permission sets and
// store it so that we can lazily load them later.
if (elPermSets != null && elPermSets.InternalChildren != null) {
permSetElement = UnnormalizeClassDeep(elPermSets, classes);
// Call FindElement for each of the reserved sets (this removes their xml from
// permSetElement).
foreach (string builtInPermissionSet in s_reservedNamedPermissionSets) {
FindElement(permSetElement, builtInPermissionSet);
}
}
if (permSetElement == null)
permSetElement = new SecurityElement("NamedPermissionSets");
// Then we add in the immutable permission sets (this prevents any alterations
// to them in the XML file from impacting the runtime versions).
namedPermissionSets.Add(BuiltInPermissionSets.FullTrust);
namedPermissionSets.Add(BuiltInPermissionSets.Everything);
namedPermissionSets.Add(BuiltInPermissionSets.SkipVerification);
namedPermissionSets.Add(BuiltInPermissionSets.Execution);
namedPermissionSets.Add(BuiltInPermissionSets.Nothing);
namedPermissionSets.Add(BuiltInPermissionSets.Internet);
namedPermissionSets.Add(BuiltInPermissionSets.LocalIntranet);
foreach(PermissionSet ps in namedPermissionSets)
ps.IgnoreTypeLoadFailures = true;
m_namedPermissionSets = namedPermissionSets;
m_permSetElement = permSetElement;
// Parse the root code group.
SecurityElement elCodeGroup = e.SearchForChildByTag("CodeGroup");
if (elCodeGroup == null)
throw new ArgumentException(Environment.GetResourceString("Argument_InvalidXMLElement", "CodeGroup", this.GetType().FullName));
CodeGroup rootCodeGroup = System.Security.Util.XMLUtil.CreateCodeGroup(UnnormalizeClassDeep(elCodeGroup, classes));
if (rootCodeGroup == null)
throw new ArgumentException(Environment.GetResourceString("Argument_InvalidXMLElement", "CodeGroup", this.GetType().FullName));
rootCodeGroup.FromXml(elCodeGroup, this);
m_rootCodeGroup = rootCodeGroup;
}
}
static Object GetLabelByNameHelper( String label, CodeGroup group, ref String numericLabel )
{
IEnumerator enumerator = group.Children.GetEnumerator();
int count = 1;
while (enumerator.MoveNext())
{
String tempNumericLabel;
tempNumericLabel = numericLabel + "." + count;
CodeGroup currentGroup = (CodeGroup)enumerator.Current;
if (currentGroup.Name != null && currentGroup.Name.Equals( label ))
{
numericLabel = tempNumericLabel;
return enumerator.Current;
}
Object retval = GetLabelByNameHelper( label, currentGroup, ref tempNumericLabel );
if (retval != null)
{
numericLabel = tempNumericLabel;
return retval;
}
count++;
}
numericLabel = null;
return null;
}
public void Recover()
{
if (this.m_configId == System.Security.Policy.ConfigId.None)
{
throw new PolicyException(Environment.GetResourceString("Policy_RecoverNotFileBased"));
}
lock (this)
{
if (!Config.RecoverData(this.m_configId))
{
throw new PolicyException(Environment.GetResourceString("Policy_RecoverNoConfigFile"));
}
this.m_loaded = false;
this.m_rootCodeGroup = null;
this.m_namedPermissionSets = null;
this.m_fullTrustAssemblies = new ArrayList();
}
}
private static void DisplayCodeGroups( CodeGroup group )
{
String label = "1";
PauseCapableWriteLine( label + ". " +
(group.MergeLogic.Equals( "Union" ) ? "" : ("(" + group.MergeLogic + ") ")) +
group.MembershipCondition.ToString() + ": " +
(group.PermissionSetName == null ? manager.GetString( "Dialog_Unknown" ) : group.PermissionSetName) +
( group.AttributeString == null ||
group.AttributeString.Equals( "" ) ? "" :
" (" + group.AttributeString + ")" ) );
ListCodeGroup( label, m_indent, group.Children.GetEnumerator() );
}
public void FromXml(SecurityElement e)
{
if (e == null)
{
throw new ArgumentNullException("e");
}
lock (this)
{
Hashtable hashtable;
ArrayList list = new ArrayList();
SecurityElement element = e.SearchForChildByTag("SecurityClasses");
if (element != null)
{
hashtable = new Hashtable();
IEnumerator enumerator = element.Children.GetEnumerator();
while (enumerator.MoveNext())
{
SecurityElement current = (SecurityElement) enumerator.Current;
if (current.Tag.Equals("SecurityClass"))
{
string key = current.Attribute("Name");
string str2 = current.Attribute("Description");
if ((key != null) && (str2 != null))
{
hashtable.Add(key, str2);
}
}
}
}
else
{
hashtable = null;
}
SecurityElement element3 = e.SearchForChildByTag("FullTrustAssemblies");
if ((element3 != null) && (element3.InternalChildren != null))
{
string assemblyQualifiedName = typeof(StrongNameMembershipCondition).AssemblyQualifiedName;
IEnumerator enumerator2 = element3.Children.GetEnumerator();
while (enumerator2.MoveNext())
{
StrongNameMembershipCondition condition = new StrongNameMembershipCondition();
condition.FromXml((SecurityElement) enumerator2.Current);
list.Add(condition);
}
}
this.m_fullTrustAssemblies = list;
ArrayList list2 = new ArrayList();
SecurityElement elem = e.SearchForChildByTag("NamedPermissionSets");
SecurityElement element5 = null;
if ((elem != null) && (elem.InternalChildren != null))
{
element5 = this.UnnormalizeClassDeep(elem, hashtable);
foreach (string str3 in s_reservedNamedPermissionSets)
{
this.FindElement(element5, str3);
}
}
if (element5 == null)
{
element5 = new SecurityElement("NamedPermissionSets");
}
list2.Add(BuiltInPermissionSets.FullTrust);
list2.Add(BuiltInPermissionSets.Everything);
list2.Add(BuiltInPermissionSets.SkipVerification);
list2.Add(BuiltInPermissionSets.Execution);
list2.Add(BuiltInPermissionSets.Nothing);
list2.Add(BuiltInPermissionSets.Internet);
list2.Add(BuiltInPermissionSets.LocalIntranet);
foreach (PermissionSet set in list2)
{
set.IgnoreTypeLoadFailures = true;
}
this.m_namedPermissionSets = list2;
this.m_permSetElement = element5;
SecurityElement element6 = e.SearchForChildByTag("CodeGroup");
if (element6 == null)
{
throw new ArgumentException(Environment.GetResourceString("Argument_InvalidXMLElement", new object[] { "CodeGroup", base.GetType().FullName }));
}
CodeGroup group = XMLUtil.CreateCodeGroup(this.UnnormalizeClassDeep(element6, hashtable));
if (group == null)
{
throw new ArgumentException(Environment.GetResourceString("Argument_InvalidXMLElement", new object[] { "CodeGroup", base.GetType().FullName }));
}
group.FromXml(element6, this);
this.m_rootCodeGroup = group;
}
}
static void CodeGroupNameHandler( CodeGroup group, String[] args, int index, out int offset )
{
offset = 2;
if (args[index].Equals( "__internal_usage__" ))
{
PauseCapableWriteLine( manager.GetString( "Help_Option_Name" ) );
return;
}
if (args.Length - index < 1)
{
ErrorMShip( args[0], manager.GetString( "CodeGroupAttributeTable_Name" ), manager.GetString( "Error_NotEnoughArgs" ), -1 );
}
if (args[index+1][0] >= '0' &&
args[index+1][0] <= '9')
{
ErrorMShip( args[0], manager.GetString( "CodeGroupAttributeTable_Name" ), manager.GetString( "Error_CodeGroup_ImproperName" ), -1 );
}
group.Name = args[index+1];
}
static CodeGroup FindCodeGroupByName (string name, ref CodeGroup parent)
{
for (int i = 0; i < parent.Children.Count; i++) {
CodeGroup child = (CodeGroup)parent.Children [i];
if (child.Name == name) {
return child;
} else {
CodeGroup cg = FindCodeGroupByName (name, ref child);
if (cg != null)
return cg;
}
}
return null;
}
static PolicyStatementAttribute IsExclusive( CodeGroup group, String[] args, int index, out int argsUsed )
{
PolicyStatementAttribute attr = PolicyStatementAttribute.Nothing;
argsUsed = 0;
int usedInThisIteration;
int tableCount = cgAttrTable.Length;
do
{
usedInThisIteration = 0;
if ((args.Length - (index + argsUsed)) == 0)
{
break;
}
for (int i = 0; i < tableCount; ++i)
{
if (String.Compare( args[index+argsUsed], cgAttrTable[i].label, true, CultureInfo.InvariantCulture) == 0)
{
if (cgAttrTable[i].handler == null)
{
if (String.Compare( args[index+argsUsed+1], manager.GetString( "Misc_On" ), true, CultureInfo.InvariantCulture) == 0)
{
attr |= cgAttrTable[i].value;
}
else if (String.Compare( args[index+argsUsed+1], manager.GetString( "Misc_Off" ), true, CultureInfo.InvariantCulture) == 0)
{
attr &= ~cgAttrTable[i].value;
}
else
{
throw new Exception( String.Format( manager.GetString( "Error_InvalidOptionTo" ), cgAttrTable[i].label, args[index+argsUsed+1] ) );
}
usedInThisIteration = 2;
}
else
{
cgAttrTable[i].handler( group, args, index + argsUsed, out usedInThisIteration );
}
break;
}
}
if (usedInThisIteration == 0)
{
break;
}
else
{
argsUsed += usedInThisIteration;
}
} while (true);
return attr;
}
static CodeGroup FindCodeGroup (string name, ref CodeGroup parent, ref PolicyLevel pl)
{
if (name.Length < 1)
return null;
// Notes:
// - labels starts with numbers (e.g. 1.2.1)
// - names cannot start with numbers (A-Z, 0-9 and _)
bool label = Char.IsDigit (name, 0);
// More notes
// - we can't remove the root code group
// - we remove only one group (e.g. name)
for (int i=0; i < Levels.Count; i++) {
pl = (PolicyLevel) Levels [i];
parent = pl.RootCodeGroup;
CodeGroup cg = null;
if (label)
cg = FindCodeGroupByLabel (name, "1", ref parent);
else
cg = FindCodeGroupByName (name, ref parent);
if (cg != null)
return cg;
}
Console.WriteLine ("CodeGroup with {0} '{1}' was not found!",
label ? "label" : "name", name);
return null;
}
static void ShowDescription (CodeGroup cg, string prefix)
{
Console.WriteLine ("{0}. {1}: {2}", prefix, cg.Name, cg.Description);
for (int i = 0; i < cg.Children.Count; i++) {
ShowDescription ((CodeGroup)cg.Children [i], " " + prefix + "." + (i + 1));
}
}
internal PolicyLevel (PolicyLevelType type, string path, ConfigId configId) {
m_type = type;
m_path = path;
m_loaded = (path == null);
if (m_path == null) {
m_rootCodeGroup = CreateDefaultAllGroup();
SetFactoryPermissionSets();
SetDefaultFullTrustAssemblies();
}
m_configId = configId;
}
static CodeGroup FindCodeGroupByLabel (string label, string current, ref CodeGroup parent)
{
for (int i=0; i < parent.Children.Count; i++) {
CodeGroup child = (CodeGroup)parent.Children [i];
string temp = String.Concat (current, ".", (i + 1).ToString ());
if ((label == temp) || (label == temp + ".")) {
return child;
} else if (label.StartsWith (temp)) {
CodeGroup cg = FindCodeGroupByLabel (label, temp, ref child);
if (cg != null)
return cg;
}
}
return null;
}
private void SetDefault()
{
lock (this)
{
string path = GetLocationFromType(this.m_type) + ".default";
if (File.InternalExists(path))
{
PolicyLevel level = new PolicyLevel(this.m_type, path);
this.m_rootCodeGroup = level.RootCodeGroup;
this.m_namedPermissionSets = (ArrayList) level.NamedPermissionSets;
this.m_fullTrustAssemblies = (ArrayList) level.FullTrustAssemblies;
this.m_loaded = true;
}
else
{
this.m_namedPermissionSets = null;
this.m_rootCodeGroup = null;
this.m_permSetElement = null;
this.m_rootCodeGroup = (this.m_type == PolicyLevelType.Machine) ? this.CreateDefaultMachinePolicy() : this.CreateDefaultAllGroup();
this.SetFactoryPermissionSets();
this.SetDefaultFullTrustAssemblies();
this.m_loaded = true;
}
}
}
static bool ProcessCodeGroup (CodeGroup cg, string[] args, ref int i)
{
IMembershipCondition mship = null;
for (; i < args.Length; i++) {
switch (args [++i]) {
case "-all":
cg.MembershipCondition = new AllMembershipCondition ();
break;
case "-appdir":
cg.MembershipCondition = new ApplicationDirectoryMembershipCondition ();
break;
case "-custom":
mship = ProcessCustomMembership (args [++i]);
if (mship == null)
return false;
cg.MembershipCondition = mship;
break;
case "-hash":
mship = ProcessHashMembership (args, ref i);
if (mship == null)
return false;
cg.MembershipCondition = mship;
break;
case "-pub":
mship = ProcessPublisherMembership (args, ref i);
if (mship == null)
return false;
cg.MembershipCondition = mship;
break;
case "-site":
cg.MembershipCondition = new SiteMembershipCondition (args [++i]);
break;
case "-strong":
mship = ProcessStrongNameMembership (args, ref i);
if (mship == null)
return false;
cg.MembershipCondition = mship;
break;
case "-url":
cg.MembershipCondition = new UrlMembershipCondition (args [++i]);
break;
case "-zone":
SecurityZone zone = (SecurityZone) Enum.Parse (typeof (SecurityZone), args [++i]);
cg.MembershipCondition = new ZoneMembershipCondition (zone);
break;
case "-d":
case "-description":
cg.Description = args [++i];
break;
case "-exclusive":
bool exclusive = false;
if (OnOff (args [++i], ref exclusive)) {
if (exclusive)
cg.PolicyStatement.Attributes |= PolicyStatementAttribute.Exclusive;
}
else
return false;
break;
case "-levelfinal":
bool final = false;
if (OnOff (args [++i], ref final)) {
if (final)
cg.PolicyStatement.Attributes |= PolicyStatementAttribute.LevelFinal;
}
else
return false;
break;
case "-n":
case "-name":
cg.Name = args [++i];
break;
default:
i--;
break;
}
}
return true;
}
// Here is the managed portion of the QuickCache code. It
// is mainly concerned with detecting whether it is valid
// for us to use the quick cache, and then calculating the
// proper mapping of partial evidence to partial mapping.
//
// The choice of the partial evidence sets is fairly arbitrary
// and in this case is tailored to give us meaningful
// results from default policy.
//
// The choice of whether or not we can use the quick cache
// is far from arbitrary. There are a couple conditions that must
// be true for the QuickCache to produce valid result. These
// are:
//
// * equivalent evidence objects must produce the same
// grant set (i.e. it must be independent of time of day,
// space on the harddisk, other "external" factors, and
// cannot be random).
//
// * evidence must be used positively (i.e. if evidence A grants
// permission X, then evidence A+B must grant at least permission
// X).
//
// In particular for our implementation, this means that we
// limit the classes that can be used by policy to just
// the ones defined within mscorlib and that there are
// no Exclusive bits set on any code groups.
internal static bool CanUseQuickCache( CodeGroup group )
{
ArrayList list = new ArrayList();
list.Add( group );
for (int i = 0; i < list.Count; ++i)
{
group = (CodeGroup)list[i];
NetCodeGroup netGroup = group as NetCodeGroup;
UnionCodeGroup unionGroup = group as UnionCodeGroup;
FirstMatchCodeGroup firstGroup = group as FirstMatchCodeGroup;
FileCodeGroup fileGroup = group as FileCodeGroup;
if (netGroup != null)
{
if (!TestPolicyStatement( netGroup.PolicyStatement ))
return false;
}
else if (unionGroup != null)
{
if (!TestPolicyStatement( unionGroup.PolicyStatement ))
return false;
}
else if (firstGroup != null)
{
if (!TestPolicyStatement( firstGroup.PolicyStatement ))
return false;
}
else if (fileGroup != null)
{
if (!TestPolicyStatement( fileGroup.PolicyStatement ))
return false;
}
else
{
return false;
}
IMembershipCondition cond = group.MembershipCondition;
if (cond != null && !(cond is IConstantMembershipCondition))
{
return false;
}
IList children = group.Children;
if (children != null && children.Count > 0)
{
IEnumerator enumerator = children.GetEnumerator();
while (enumerator.MoveNext())
{
list.Add( enumerator.Current );
}
}
}
return true;
}
