internal bool CheckDemandInternal(CodeAccessPermission demand, out Exception exception) { BCLDebug.Assert(m_head != null, "m_head != null"); for (PListNode pnext = m_head; pnext != null; pnext = pnext.next) { if (pnext.perm == null) { // If this is a grant set or a permit only, then we should fail since null indicates the empty permission. if (pnext.type == MatchChecked || pnext.type == MatchPermitOnly) { BCLDebug.Assert(!demand.IsSubsetOf(null), "By the time we get here, demands that are subsets of null should have been terminated"); exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName)); return(false); } // If this is a deny, then we should fail since null indicates the unrestricted permission. if (pnext.type == MatchDeny) { exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName)); return(false); } // If this is an assert, then we should return success and terminate the stack walk since // null indicates the unrestricted permission. if (pnext.type == MatchAssert) { exception = null; return(false); } // If this is anything else, then we should act confused. // This case is unexpected. BCLDebug.Assert(false, "This case should never happen"); exception = new InvalidOperationException(Environment.GetResourceString("InvalidOperation_InvalidState")); return(false); } CodeAccessPermission cap = pnext.perm; switch (pnext.type) { case MatchChecked: case MatchPermitOnly: if (!demand.IsSubsetOf(cap)) { exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName)); return(false); } break; case MatchAssert: if (demand.IsSubsetOf(cap)) { exception = null; return(false); } break; case MatchDeny: if (demand.Intersect(cap) != null) { exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName)); return(false); } break; default: // Illegal entry exception = new InvalidOperationException(Environment.GetResourceString("InvalidOperation_InvalidState")); return(false); } } exception = null; return(true); }
private static void CheckHelper(PermissionSet grantedSet, PermissionSet deniedSet, CodeAccessPermission demand, PermissionToken permToken) { #if _DEBUG if (debug) { DEBUG_OUT("Granted: "); DEBUG_OUT(grantedSet.ToXml().ToString()); DEBUG_OUT("Denied: "); DEBUG_OUT(deniedSet != null ? deniedSet.ToXml().ToString() : "<null>"); DEBUG_OUT("Demanded: "); DEBUG_OUT(demand.ToString()); } #endif if (permToken == null) { permToken = PermissionToken.GetToken(demand); } // If PermissionSet is null, then module does not have Permissions... Fail check. try { if (grantedSet == null) { throw new SecurityException(Environment.GetResourceString("Security_GenericNoType")); } else if (!grantedSet.IsUnrestricted() || !(demand is IUnrestrictedPermission)) { // If we aren't unrestricted, there is a denied set, or our permission is not of the unrestricted // variety, we need to do the proper callback. BCLDebug.Assert(demand != null, "demand != null"); // Find the permission of matching type in the permission set. CodeAccessPermission grantedPerm = (CodeAccessPermission)grantedSet.GetPermission(permToken); // If there isn't a matching permission in the set and our demand is not a subset of null (i.e. empty) // then throw an exception. if (grantedPerm == null) { if (!demand.IsSubsetOf(null)) { throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString()); } else { return; } } // Call the check demand for our permission. grantedPerm.CheckDemand(demand); } // Make the sure the permission is not denied. if (deniedSet != null) { CodeAccessPermission deniedPerm = (CodeAccessPermission)deniedSet.GetPermission(permToken); if (deniedPerm != null) { if (deniedPerm.Intersect(demand) != null) { #if _DEBUG if (debug) { DEBUG_OUT("Permission found in denied set"); } #endif throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString()); } } if (deniedSet.IsUnrestricted() && (demand is IUnrestrictedPermission)) { throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString()); } } } catch (Exception e) { // Any exception besides a security exception in this code means that // a permission was unable to properly handle what we asked of it. // We will define this to mean that the demand failed. if (e is SecurityException) { throw e; } else { throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString()); } } DEBUG_OUT("Check passed"); }
internal bool CheckDemandInternal(CodeAccessPermission demand, out Exception exception) { BCLDebug.Assert(m_head != null,"m_head != null"); for (PListNode pnext = m_head; pnext != null; pnext = pnext.next) { if (pnext.perm == null) { // If this is a grant set or a permit only, then we should fail since null indicates the empty permission. if (pnext.type == MatchChecked || pnext.type == MatchPermitOnly) { BCLDebug.Assert( !demand.IsSubsetOf( null ), "By the time we get here, demands that are subsets of null should have been terminated" ); exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName)); return false; } // If this is a deny, then we should fail since null indicates the unrestricted permission. if (pnext.type == MatchDeny) { exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName)); return false; } // If this is an assert, then we should return success and terminate the stack walk since // null indicates the unrestricted permission. if (pnext.type == MatchAssert) { exception = null; return false; } // If this is anything else, then we should act confused. // This case is unexpected. BCLDebug.Assert( false, "This case should never happen" ); exception = new InvalidOperationException( Environment.GetResourceString( "InvalidOperation_InvalidState" ) ); return false; } CodeAccessPermission cap = pnext.perm; switch (pnext.type) { case MatchChecked: case MatchPermitOnly: if (!demand.IsSubsetOf(cap)) { exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName)); return false; } break; case MatchAssert: if (demand.IsSubsetOf(cap)) { exception = null; return false; } break; case MatchDeny: if (demand.Intersect(cap) != null) { exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName)); return false; } break; default: // Illegal entry exception = new InvalidOperationException( Environment.GetResourceString( "InvalidOperation_InvalidState" ) ); return false; } } exception = null; return true; }
private static void CheckTokenBasedSetHelper(bool ignoreGrants, TokenBasedSet grants, TokenBasedSet denied, TokenBasedSet demands) { if (demands == null) { return; } TokenBasedSetEnumerator enumerator = (TokenBasedSetEnumerator)demands.GetEnum(); while (enumerator.MoveNext()) { CodeAccessPermission demand = (CodeAccessPermission)enumerator.Current; int index = enumerator.GetCurrentIndex(); if (demand != null) { try { // Check to make sure the permission was granted, unless we are supposed // to ignore grants. if (!ignoreGrants) { CodeAccessPermission grant = grants != null ? (CodeAccessPermission)grants.GetItem(index) : null; if (grant != null) { grant.CheckDemand(demand); } else { if (!demand.IsSubsetOf(null)) { throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString()); } } } // Check to make sure our permission was not denied. if (denied != null) { CodeAccessPermission deny = (CodeAccessPermission)denied.GetItem(index); if (deny != null && deny.Intersect(demand) != null) { throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString()); } } } catch (Exception e) { // Any exception besides a security exception in this code means that // a permission was unable to properly handle what we asked of it. // We will define this to mean that the demand failed. if (e is SecurityException) { throw e; } else { throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString()); } } } } }