// Used to merge two distinct TokenBasedSets (used currently only in PermissionSet Deserialization) internal TokenBasedSet SpecialUnion(TokenBasedSet other) { // This gets called from PermissionSet.OnDeserialized and it's possible that the TokenBasedSets have // not been subjected to VTS callbacks yet OnDeserializedInternal(); TokenBasedSet unionSet = new TokenBasedSet(); int maxMax; if (other != null) { other.OnDeserializedInternal(); maxMax = this.GetMaxUsedIndex() > other.GetMaxUsedIndex() ? this.GetMaxUsedIndex() : other.GetMaxUsedIndex(); } else { maxMax = this.GetMaxUsedIndex(); } for (int i = 0; i <= maxMax; ++i) { Object thisObj = this.GetItem(i); IPermission thisPerm = thisObj as IPermission; Object otherObj = (other != null)?other.GetItem(i):null; IPermission otherPerm = otherObj as IPermission; if (thisObj == null && otherObj == null) { continue; } if (thisObj == null) { PermissionToken token = PermissionToken.GetToken(otherPerm); if (token == null) { throw new SerializationException(Environment.GetResourceString("Serialization_InsufficientState")); } unionSet.SetItem(token.m_index, otherPerm); } else if (otherObj == null) { PermissionToken token = PermissionToken.GetToken(thisPerm); if (token == null) { throw new SerializationException(Environment.GetResourceString("Serialization_InsufficientState")); } unionSet.SetItem(token.m_index, thisPerm); } else { Debug.Assert((thisObj == null || otherObj == null), "Permission cannot be in both TokenBasedSets"); } } return(unionSet); }
internal TokenBasedSet SpecialUnion(TokenBasedSet other) { int maxUsedIndex; this.OnDeserializedInternal(); TokenBasedSet set = new TokenBasedSet(); if (other != null) { other.OnDeserializedInternal(); maxUsedIndex = (this.GetMaxUsedIndex() > other.GetMaxUsedIndex()) ? this.GetMaxUsedIndex() : other.GetMaxUsedIndex(); } else { maxUsedIndex = this.GetMaxUsedIndex(); } for (int i = 0; i <= maxUsedIndex; i++) { object item = this.GetItem(i); IPermission perm = item as IPermission; ISecurityElementFactory factory = item as ISecurityElementFactory; object obj3 = (other != null) ? other.GetItem(i) : null; IPermission permission2 = obj3 as IPermission; ISecurityElementFactory factory2 = obj3 as ISecurityElementFactory; if ((item != null) || (obj3 != null)) { if (item == null) { if (factory2 != null) { permission2 = PermissionSet.CreatePerm(factory2, false); } PermissionToken token = PermissionToken.GetToken(permission2); if (token == null) { throw new SerializationException(Environment.GetResourceString("Serialization_InsufficientState")); } set.SetItem(token.m_index, permission2); } else if (obj3 == null) { if (factory != null) { perm = PermissionSet.CreatePerm(factory, false); } PermissionToken token2 = PermissionToken.GetToken(perm); if (token2 == null) { throw new SerializationException(Environment.GetResourceString("Serialization_InsufficientState")); } set.SetItem(token2.m_index, perm); } } } return(set); }
// Advances the enumerator to the next element of the enumeration and // returns a boolean indicating whether an element is available. Upon // creation, an enumerator is conceptually positioned before the first // element of the enumeration, and the first call to GetNext brings // the first element of the enumeration into view. // public virtual bool MoveNext() { Object perm = null; while (!EndConditionReached()) { ++m_currentIndex; perm = m_set.GetItem(m_currentIndex); if (perm != null) { return(true); } } return(false); }
internal virtual void MergeDeniedSet(TokenBasedSet denied) { if (denied == null) { return; } int minMaxIndex; if (this.m_maxIndex < denied.m_maxIndex) { minMaxIndex = this.m_maxIndex; for (int i = this.m_maxIndex + 1; i <= denied.m_maxIndex; ++i) { denied.RemoveItem(i); } } else { minMaxIndex = denied.m_maxIndex; } IPermission p1; IPermission p2; for (int i = 0; i <= minMaxIndex; i++) { p1 = (IPermission)this.GetItem(i); p2 = (IPermission)denied.GetItem(i); if (p1 != null) { if (p2 != null && p1.IsSubsetOf(p2)) { // If the permission appears in both sets, we can remove it from both // (i.e. now it's not granted instead of being denied) this.RemoveItem(i); denied.RemoveItem(i); } } else if (p2 != null) { // If we tried to deny it and it wasn't granted, just remove it from the denied set. denied.RemoveItem(i); } } }
public static TokenBasedSet CopyTokenBasedSet( TokenBasedSet set ) { if (set == null || set.GetCount() == 0) return null; int maxIndex = set.GetMaxUsedIndex(); TokenBasedSet copySet = new TokenBasedSet( maxIndex + 1, 4 ); for (int i = 0; i <= maxIndex; ++i) { Object obj = set.GetItem( i ); if (obj == null) copySet.SetItem( i, null ); else if (obj is IPermission) copySet.SetItem( i, ((IPermission)obj).Copy() ); else if (obj is PermissionList) copySet.SetItem( i, ((PermissionList)obj).Copy() ); else { BCLDebug.Assert( false, "CopyTokenBasedSet can only be used for IPermission and PermissionList based TokenBasedSets" ); copySet.SetItem( i, obj ); } } return copySet; }
private static bool CheckTokenBasedSets( TokenBasedSet thisSet, TokenBasedSet permSet, bool unrestricted, PermissionListSetState state, out Exception exception, bool bNeedAlteredSet, out TokenBasedSet alteredSet ) { alteredSet = null; // If the set is empty, there is no reason to walk the // stack. if (permSet == null || permSet.IsEmpty()) { if (bNeedAlteredSet) alteredSet = new TokenBasedSet( 1, 4 ); exception = null; return false; } int permMaxIndex = permSet.GetMaxUsedIndex(); // Make a quick check to see if permSet definitely contains permissions that this set doesn't if (permMaxIndex > thisSet.GetMaxUsedIndex()) { // The only way we don't want to throw an exception is // if we are unrestricted. Then, if we don't want to throw // an exception we may want to terminate the stack walk // based on an unrestricted assert. if (unrestricted) { if (((state & PermissionListSetState.UnrestrictedAssert) != 0)) { if (bNeedAlteredSet) alteredSet = new TokenBasedSet( 1, 4 ); exception = null; return false; } else { exception = null; return true; } } else { exception = new SecurityException(Environment.GetResourceString("Security_GenericNoType") ); return false; } } bool continueStackWalk = false; // We know that checking to <permMaxIndex> is sufficient because of above check for (int i = 0; i <= permMaxIndex; i++) { Object obj = permSet.GetItem(i); if (obj != null) { CodeAccessPermission cap = (CodeAccessPermission)obj; PermissionList permList = (PermissionList)thisSet.GetItem(i); if (permList != null) { bool tempContinue = permList.CheckDemandInternal(cap, out exception); if (exception != null) return false; if (tempContinue) { // If we are supposed to continue the stack walk but there is an unrestricted // deny, then we should fail. if (((state & PermissionListSetState.UnrestrictedDeny) != 0) && (cap is IUnrestrictedPermission)) { exception = new SecurityException(String.Format( Environment.GetResourceString("Security_Generic"), cap.GetType().AssemblyQualifiedName ) ); return false; } continueStackWalk = true; } else if (((state & PermissionListSetState.UnrestrictedAssert) == 0) && (cap is IUnrestrictedPermission)) { // We only want to build the altered set if we don't have an // unrestricted assert because we know if we have an unrestricted // assert and we don't throw an exception that the stackwalk should // include no unrestricted permissions. if (bNeedAlteredSet) { if (alteredSet == null) alteredSet = CopyTokenBasedSet( permSet ); alteredSet.SetItem( i, null ); } } } else { if (!unrestricted) { exception = new SecurityException(String.Format( Environment.GetResourceString("Security_Generic"), cap.GetType().AssemblyQualifiedName ) ); return false; } } } } exception = null; return continueStackWalk; }
public PermissionListSet(PermissionListSet permListSet) { if (permListSet == null) { Reset(); return; } m_unrestrictedPermSet = new TokenBasedSet(permListSet.m_unrestrictedPermSet); // Now deep copy all permission lists in set. // Note that this DOES deep copy permissions in the list. for (int i = 0; i <= m_unrestrictedPermSet.GetMaxUsedIndex(); i++) { PermissionList plist = (PermissionList)m_unrestrictedPermSet.GetItem(i); if (plist != null) { m_unrestrictedPermSet.SetItem(i, plist.Copy()); } } m_normalPermSet = new TokenBasedSet(permListSet.m_normalPermSet); // Now deep copy all permission lists in set. // Note that this DOES deep copy permissions in the list. for (int i = 0; i <= m_normalPermSet.GetMaxUsedIndex(); i++) { PermissionList plist = (PermissionList)m_normalPermSet.GetItem(i); if (plist != null) { m_normalPermSet.SetItem(i, plist.Copy()); } } m_unrestricted = permListSet.m_unrestricted; m_state = permListSet.m_state; }
private static void CheckTokenBasedSetHelper( bool ignoreGrants, TokenBasedSet grants, TokenBasedSet denied, TokenBasedSet demands ) { if (demands == null) return; TokenBasedSetEnumerator enumerator = (TokenBasedSetEnumerator)demands.GetEnum(); while (enumerator.MoveNext()) { CodeAccessPermission demand = (CodeAccessPermission)enumerator.Current; int index = enumerator.GetCurrentIndex(); if (demand != null) { try { // Check to make sure the permission was granted, unless we are supposed // to ignore grants. if (!ignoreGrants) { CodeAccessPermission grant = grants != null ? (CodeAccessPermission)grants.GetItem(index) : null; if (grant != null) { grant.CheckDemand(demand); } else { if (!demand.IsSubsetOf( null )) throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString()); } } // Check to make sure our permission was not denied. if (denied != null) { CodeAccessPermission deny = (CodeAccessPermission)denied.GetItem(index); if (deny != null && deny.Intersect(demand) != null) throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString()); } } catch (Exception e) { // Any exception besides a security exception in this code means that // a permission was unable to properly handle what we asked of it. // We will define this to mean that the demand failed. if (e is SecurityException) throw e; else throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString()); } } } }
// Used to merge two distinct TokenBasedSets (used currently only in PermissionSet Deserialization) internal TokenBasedSet SpecialUnion(TokenBasedSet other) { // This gets called from PermissionSet.OnDeserialized and it's possible that the TokenBasedSets have // not been subjected to VTS callbacks yet OnDeserializedInternal(); TokenBasedSet unionSet = new TokenBasedSet(); int maxMax; if (other != null) { other.OnDeserializedInternal(); maxMax = this.GetMaxUsedIndex() > other.GetMaxUsedIndex() ? this.GetMaxUsedIndex() : other.GetMaxUsedIndex(); } else maxMax = this.GetMaxUsedIndex(); for (int i = 0; i <= maxMax; ++i) { Object thisObj = this.GetItem( i ); IPermission thisPerm = thisObj as IPermission; #if FEATURE_CAS_POLICY ISecurityElementFactory thisElem = thisObj as ISecurityElementFactory; #endif // FEATURE_CAS_POLICY Object otherObj = (other != null)?other.GetItem( i ):null; IPermission otherPerm = otherObj as IPermission; #if FEATURE_CAS_POLICY ISecurityElementFactory otherElem = otherObj as ISecurityElementFactory; #endif // FEATURE_CAS_POLICY if (thisObj == null && otherObj == null) continue; if (thisObj == null) { #if FEATURE_CAS_POLICY if (otherElem != null) { otherPerm = PermissionSet.CreatePerm(otherElem, false); } #endif // FEATURE_CAS_POLICY PermissionToken token = PermissionToken.GetToken(otherPerm); if (token == null) { throw new SerializationException(Environment.GetResourceString("Serialization_InsufficientState")); } unionSet.SetItem(token.m_index, otherPerm); } else if (otherObj == null) { #if FEATURE_CAS_POLICY if (thisElem != null) { thisPerm = PermissionSet.CreatePerm(thisElem, false); } #endif // FEATURE_CAS_POLICY PermissionToken token = PermissionToken.GetToken(thisPerm); if (token == null) { throw new SerializationException(Environment.GetResourceString("Serialization_InsufficientState")); } unionSet.SetItem( token.m_index, thisPerm); } else { Contract.Assert( (thisObj == null || otherObj == null), "Permission cannot be in both TokenBasedSets" ); } } return unionSet; }
public PermissionSet(PermissionSet permSet) : this() { if (permSet == null) { Reset(); return; } m_Unrestricted = permSet.m_Unrestricted; m_CheckedForNonCas = permSet.m_CheckedForNonCas; m_ContainsCas = permSet.m_ContainsCas; m_ContainsNonCas = permSet.m_ContainsNonCas; m_ignoreTypeLoadFailures = permSet.m_ignoreTypeLoadFailures; if (permSet.m_permSet != null) { m_permSet = new TokenBasedSet(permSet.m_permSet); // now deep copy all permissions in set for (int i = m_permSet.GetStartingIndex(); i <= m_permSet.GetMaxUsedIndex(); i++) { Object obj = m_permSet.GetItem(i); IPermission perm = obj as IPermission; #if FEATURE_CAS_POLICY ISecurityElementFactory elem = obj as ISecurityElementFactory; #endif // FEATURE_CAS_POLICY if (perm != null) { m_permSet.SetItem(i, perm.Copy()); } #if FEATURE_CAS_POLICY else if (elem != null) { m_permSet.SetItem(i, elem.Copy()); } #endif // FEATURE_CAS_POLICY } } }
// Used to merge two distinct TokenBasedSets (used currently only in PermissionSet Deserialization) internal TokenBasedSet SpecialUnion(TokenBasedSet other, ref bool canUnrestrictedOverride) { // This gets called from PermissionSet.OnDeserialized and it's possible that the TokenBasedSets have // not been subjected to VTS callbacks yet OnDeserializedInternal(); TokenBasedSet unionSet = new TokenBasedSet(); int maxMax; if (other != null) { other.OnDeserializedInternal(); maxMax = this.GetMaxUsedIndex() > other.GetMaxUsedIndex() ? this.GetMaxUsedIndex() : other.GetMaxUsedIndex(); } else { maxMax = this.GetMaxUsedIndex(); } for (int i = 0; i <= maxMax; ++i) { Object thisObj = this.GetItem(i); IPermission thisPerm = thisObj as IPermission; ISecurityElementFactory thisElem = thisObj as ISecurityElementFactory; Object otherObj = (other != null)?other.GetItem(i):null; IPermission otherPerm = otherObj as IPermission; ISecurityElementFactory otherElem = otherObj as ISecurityElementFactory; if (thisObj == null && otherObj == null) { continue; } if (thisObj == null) { if (otherElem != null) { otherPerm = PermissionSet.CreatePerm(otherElem, false); } PermissionToken token = PermissionToken.GetToken(otherPerm); if (token == null) { throw new SerializationException(Environment.GetResourceString("Serialization_InsufficientState")); } unionSet.SetItem(token.m_index, otherPerm); if (!CodeAccessPermission.CanUnrestrictedOverride(otherPerm)) { canUnrestrictedOverride = false; } } else if (otherObj == null) { if (thisElem != null) { thisPerm = PermissionSet.CreatePerm(thisElem, false); } PermissionToken token = PermissionToken.GetToken(thisPerm); if (token == null) { throw new SerializationException(Environment.GetResourceString("Serialization_InsufficientState")); } unionSet.SetItem(token.m_index, thisPerm); if (!CodeAccessPermission.CanUnrestrictedOverride(thisPerm)) { canUnrestrictedOverride = false; } } else { BCLDebug.Assert((thisObj == null || otherObj == null), "Permission cannot be in both TokenBasedSets"); } } return(unionSet); }
/// <include file='doc\PermissionSet.uex' path='docs/doc[@for="PermissionSet.PermissionSet1"]/*' /> public PermissionSet(PermissionSet permSet) : this() { if (permSet == null) { Reset(); return; } m_Unrestricted = permSet.m_Unrestricted; m_CheckedForNonCas = permSet.m_CheckedForNonCas; m_ContainsCas = permSet.m_ContainsCas; m_ContainsNonCas = permSet.m_ContainsNonCas; if (permSet.m_normalPermSet != null) { m_normalPermSet = new TokenBasedSet(permSet.m_normalPermSet); // now deep copy all permissions in set for (int i = 0; i <= m_normalPermSet.GetMaxUsedIndex(); i++) { IPermission perm = (IPermission)m_normalPermSet.GetItem(i); if (perm != null) { m_normalPermSet.SetItem(i, perm.Copy()); } } } if (permSet.m_unrestrictedPermSet != null) { m_unrestrictedPermSet = new TokenBasedSet(permSet.m_unrestrictedPermSet); // now deep copy all permissions in set for (int i = 0; i <= m_unrestrictedPermSet.GetMaxUsedIndex(); i++) { IPermission perm = (IPermission)m_unrestrictedPermSet.GetItem(i); if (perm != null) { m_unrestrictedPermSet.SetItem(i, perm.Copy()); } } } if (permSet.m_toBeLoaded != null) { this.m_toBeLoaded = new SecurityElement(); IEnumerator enumerator = permSet.m_toBeLoaded.m_lChildren.GetEnumerator(); while (enumerator.MoveNext()) { this.m_toBeLoaded.AddChild( (SecurityElement)enumerator.Current ); } } }
public PermissionSet(PermissionSet permSet) : this() { if (permSet == null) { Reset(); return; } m_Unrestricted = permSet.m_Unrestricted; m_CheckedForNonCas = permSet.m_CheckedForNonCas; m_ContainsCas = permSet.m_ContainsCas; m_ContainsNonCas = permSet.m_ContainsNonCas; m_ignoreTypeLoadFailures = permSet.m_ignoreTypeLoadFailures; if (permSet.m_permSet != null) { m_permSet = new TokenBasedSet(permSet.m_permSet); // now deep copy all permissions in set for (int i = m_permSet.GetStartingIndex(); i <= m_permSet.GetMaxUsedIndex(); i++) { Object obj = m_permSet.GetItem(i); IPermission perm = obj as IPermission; if (perm != null) { m_permSet.SetItem(i, perm.Copy()); } } } }
internal TokenBasedSet SpecialUnion(TokenBasedSet other) { int maxUsedIndex; this.OnDeserializedInternal(); TokenBasedSet set = new TokenBasedSet(); if (other != null) { other.OnDeserializedInternal(); maxUsedIndex = (this.GetMaxUsedIndex() > other.GetMaxUsedIndex()) ? this.GetMaxUsedIndex() : other.GetMaxUsedIndex(); } else { maxUsedIndex = this.GetMaxUsedIndex(); } for (int i = 0; i <= maxUsedIndex; i++) { object item = this.GetItem(i); IPermission perm = item as IPermission; ISecurityElementFactory factory = item as ISecurityElementFactory; object obj3 = (other != null) ? other.GetItem(i) : null; IPermission permission2 = obj3 as IPermission; ISecurityElementFactory factory2 = obj3 as ISecurityElementFactory; if ((item != null) || (obj3 != null)) { if (item == null) { if (factory2 != null) { permission2 = PermissionSet.CreatePerm(factory2, false); } PermissionToken token = PermissionToken.GetToken(permission2); if (token == null) { throw new SerializationException(Environment.GetResourceString("Serialization_InsufficientState")); } set.SetItem(token.m_index, permission2); } else if (obj3 == null) { if (factory != null) { perm = PermissionSet.CreatePerm(factory, false); } PermissionToken token2 = PermissionToken.GetToken(perm); if (token2 == null) { throw new SerializationException(Environment.GetResourceString("Serialization_InsufficientState")); } set.SetItem(token2.m_index, perm); } } } return set; }
// Used to merge two distinct TokenBasedSets (used currently only in PermissionSet Deserialization) internal TokenBasedSet SpecialUnion(TokenBasedSet other, ref bool canUnrestrictedOverride) { // This gets called from PermissionSet.OnDeserialized and it's possible that the TokenBasedSets have // not been subjected to VTS callbacks yet OnDeserializedInternal(); TokenBasedSet unionSet = new TokenBasedSet(); int maxMax; if (other != null) { other.OnDeserializedInternal(); maxMax = this.GetMaxUsedIndex() > other.GetMaxUsedIndex() ? this.GetMaxUsedIndex() : other.GetMaxUsedIndex(); } else maxMax = this.GetMaxUsedIndex(); for (int i = 0; i <= maxMax; ++i) { Object thisObj = this.GetItem( i ); IPermission thisPerm = thisObj as IPermission; ISecurityElementFactory thisElem = thisObj as ISecurityElementFactory; Object otherObj = (other != null)?other.GetItem( i ):null; IPermission otherPerm = otherObj as IPermission; ISecurityElementFactory otherElem = otherObj as ISecurityElementFactory; if (thisObj == null && otherObj == null) continue; if (thisObj == null) { if (otherElem != null) { otherPerm = PermissionSet.CreatePerm(otherElem, false); } PermissionToken token = PermissionToken.GetToken(otherPerm); if (token == null) { throw new SerializationException(Environment.GetResourceString("Serialization_InsufficientState")); } unionSet.SetItem(token.m_index, otherPerm); if (!CodeAccessPermission.CanUnrestrictedOverride(otherPerm)) canUnrestrictedOverride = false; } else if (otherObj == null) { if (thisElem != null) { thisPerm = PermissionSet.CreatePerm(thisElem, false); } PermissionToken token = PermissionToken.GetToken(thisPerm); if (token == null) { throw new SerializationException(Environment.GetResourceString("Serialization_InsufficientState")); } unionSet.SetItem( token.m_index, thisPerm); if (!CodeAccessPermission.CanUnrestrictedOverride(thisPerm)) canUnrestrictedOverride = false; } else { BCLDebug.Assert( (thisObj == null || otherObj == null), "Permission cannot be in both TokenBasedSets" ); } } return unionSet; }
private void AppendTokenBasedSets( TokenBasedSet thisSet, TokenBasedSet permSet, int type, bool unrestricted ) { int thisMaxIndex = thisSet.GetMaxUsedIndex(); int permMaxIndex = permSet == null ? 0 : permSet.GetMaxUsedIndex(); int maxIndex = thisMaxIndex > permMaxIndex ? thisMaxIndex : permMaxIndex; // Loop over the relevant indexes... for (int i = 0; i <= maxIndex; i++) { PermissionList plist = (PermissionList)thisSet.GetItem(i); CodeAccessPermission cap = permSet == null ? null : (CodeAccessPermission)permSet.GetItem(i); if (plist == null) { if (this.m_unrestricted) { switch (type) { case PermissionList.MatchChecked: case PermissionList.MatchPermitOnly: plist = new PermissionList(); plist.AppendPermission(cap, type); thisSet.SetItem( i, plist ); break; case PermissionList.MatchDeny: case PermissionList.MatchAssert: if (cap != null) { plist = new PermissionList(); plist.AppendPermission(cap, type); thisSet.SetItem( i, plist ); } break; default: throw new ArgumentException(Environment.GetResourceString( "Argument_InvalidPermissionListType" )); } } } else { // A list already exists. All lists should have at least // one element in them. // Normally, only append if the permission is not null. // However, if the type is Checked, then make sure the // list is terminated with a permission, null or not. switch (type) { case PermissionList.MatchChecked: case PermissionList.MatchPermitOnly: plist.AppendPermissionAndCompress(cap, type); break; case PermissionList.MatchDeny: case PermissionList.MatchAssert: if (cap != null) plist.AppendPermissionAndCompress(cap, type); break; default: throw new ArgumentException(Environment.GetResourceString( "Argument_InvalidPermissionListType" )); } } } }
private void AppendStackHelper( TokenBasedSet thisSet, TokenBasedSet permSet, bool unrestrictedThisSet, bool unrestrictedPermSet, bool unrestricted ) { int maxThis = thisSet.GetMaxUsedIndex(); int maxPerm = permSet.GetMaxUsedIndex(); int maxIndex = maxThis > maxPerm ? maxThis : maxPerm; for (int i = 0; i <= maxIndex; i++) { PermissionList plist = (PermissionList)thisSet.GetItem(i); PermissionList appendList = (PermissionList)permSet.GetItem(i); if (plist != null) { if (appendList != null) { // This call will not add the permission if the list is // empty, or if the last element is a normal check with // a null Permission. Let the method take care of it... plist.AppendStack(appendList.Copy()); } else { // Nothing on the compressed stack for this index, // so terminate current list. if (!unrestrictedPermSet) { thisSet.SetItem( i, plist.Copy() ); } } } else if (unrestrictedThisSet && appendList != null) { thisSet.SetItem(i, appendList.Copy()); } } }
internal virtual void MergeDeniedSet( TokenBasedSet denied ) { if (denied == null) return; int minMaxIndex; if (this.m_maxIndex < denied.m_maxIndex) { minMaxIndex = this.m_maxIndex; for (int i = this.m_maxIndex + 1; i <= denied.m_maxIndex; ++i) { denied.RemoveItem(i); } } else { minMaxIndex = denied.m_maxIndex; } IPermission p1; IPermission p2; for (int i = 0; i<=minMaxIndex ; i++) { p1 = (IPermission)this.GetItem(i); p2 = (IPermission)denied.GetItem(i); if (p1 != null) { if (p2 != null && p1.IsSubsetOf(p2)) { // If the permission appears in both sets, we can remove it from both // (i.e. now it's not granted instead of being denied) this.RemoveItem(i); denied.RemoveItem(i); } } else if (p2 != null) { // If we tried to deny it and it wasn't granted, just remove it from the denied set. denied.RemoveItem(i); } } }