[System.Security.SecurityCritical] // auto-generated internal bool CheckSetDemand2(PermissionSet demandSet, out PermissionSet alteredDemandSet, RuntimeMethodHandleInternal rmh, bool fDeclarative) { PermissionSet permSet; // In the common case we are not going to alter the demand set, so just to // be safe we'll set it to null up front. alteredDemandSet = null; // There's some oddness in here to deal with exceptions. The general idea behind // this is that we need some way of dealing with custom permissions that may not // handle all possible scenarios of Union(), Intersect(), and IsSubsetOf() properly // (they don't support it, throw null reference exceptions, etc.). // An empty demand always succeeds. if (demandSet == null || demandSet.IsEmpty()) { return(SecurityRuntime.StackHalt); } if (GetPermitOnly(fDeclarative) != null) { GetPermitOnly(fDeclarative).CheckDecoded(demandSet); } if (GetDenials(fDeclarative) != null) { GetDenials(fDeclarative).CheckDecoded(demandSet); } if (GetAssertions(fDeclarative) != null) { GetAssertions(fDeclarative).CheckDecoded(demandSet); } bool bThreadSecurity = SecurityManager._SetThreadSecurity(false); try { // In the case of permit only, we define an exception to be failure of the check // and therefore we throw a security exception. permSet = GetPermitOnly(fDeclarative); if (permSet != null) { IPermission permFailed = null; bool bNeedToThrow = true; try { bNeedToThrow = !demandSet.CheckPermitOnly(permSet, out permFailed); } catch (ArgumentException) { } if (bNeedToThrow) { throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"), null, permSet, SecurityRuntime.GetMethodInfo(rmh), demandSet, permFailed); } } // In the case of denial, we define an exception to be failure of the check // and therefore we throw a security exception. permSet = GetDenials(fDeclarative); if (permSet != null) { IPermission permFailed = null; bool bNeedToThrow = true; try { bNeedToThrow = !demandSet.CheckDeny(permSet, out permFailed); } catch (ArgumentException) { } if (bNeedToThrow) { throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"), permSet, null, SecurityRuntime.GetMethodInfo(rmh), demandSet, permFailed); } } // The assert case is more complex. Since asserts have the ability to "bleed through" // (where part of a demand is handled by an assertion, but the rest is passed on to // continue the stackwalk), we need to be more careful in handling the "failure" case. // Therefore, if an exception is thrown in performing any operation, we make sure to keep // that permission in the demand set thereby continuing the demand for that permission // walking down the stack. if (GetAssertAllPossible()) { return(SecurityRuntime.StackHalt); } permSet = GetAssertions(fDeclarative); if (permSet != null) { // If this frame asserts a superset of the demand set we're done if (demandSet.CheckAssertion(permSet)) { return(SecurityRuntime.StackHalt); } // Determine whether any of the demand set asserted. We do this by // copying the demand set and removing anything in it that is asserted. if (!permSet.IsUnrestricted()) { PermissionSet.RemoveAssertedPermissionSet(demandSet, permSet, out alteredDemandSet); } } } finally { if (bThreadSecurity) { SecurityManager._SetThreadSecurity(true); } } return(SecurityRuntime.StackContinue); }
internal bool CheckSetDemand2(PermissionSet demandSet, out PermissionSet alteredDemandSet, RuntimeMethodHandleInternal rmh, bool fDeclarative) { alteredDemandSet = null; if ((demandSet == null) || demandSet.IsEmpty()) { return(false); } if (this.GetPermitOnly(fDeclarative) != null) { this.GetPermitOnly(fDeclarative).CheckDecoded(demandSet); } if (this.GetDenials(fDeclarative) != null) { this.GetDenials(fDeclarative).CheckDecoded(demandSet); } if (this.GetAssertions(fDeclarative) != null) { this.GetAssertions(fDeclarative).CheckDecoded(demandSet); } bool flag = SecurityManager._SetThreadSecurity(false); try { PermissionSet permitOnly = this.GetPermitOnly(fDeclarative); if (permitOnly != null) { IPermission firstPermThatFailed = null; bool flag2 = true; try { flag2 = !demandSet.CheckPermitOnly(permitOnly, out firstPermThatFailed); } catch (ArgumentException) { } if (flag2) { throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"), null, permitOnly, SecurityRuntime.GetMethodInfo(rmh), demandSet, firstPermThatFailed); } } permitOnly = this.GetDenials(fDeclarative); if (permitOnly != null) { IPermission permission2 = null; bool flag3 = true; try { flag3 = !demandSet.CheckDeny(permitOnly, out permission2); } catch (ArgumentException) { } if (flag3) { throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"), permitOnly, null, SecurityRuntime.GetMethodInfo(rmh), demandSet, permission2); } } if (this.GetAssertAllPossible()) { return(false); } permitOnly = this.GetAssertions(fDeclarative); if (permitOnly != null) { if (demandSet.CheckAssertion(permitOnly)) { return(false); } if (!permitOnly.IsUnrestricted()) { PermissionSet.RemoveAssertedPermissionSet(demandSet, permitOnly, out alteredDemandSet); } } } finally { if (flag) { SecurityManager._SetThreadSecurity(true); } } return(true); }
[System.Security.SecurityCritical] // auto-generated internal bool CheckSetDemand2(PermissionSet demandSet, out PermissionSet alteredDemandSet, RuntimeMethodHandleInternal rmh, bool fDeclarative) { PermissionSet permSet; // In the common case we are not going to alter the demand set, so just to // be safe we'll set it to null up front. alteredDemandSet = null; // There's some oddness in here to deal with exceptions. The general idea behind // this is that we need some way of dealing with custom permissions that may not // handle all possible scenarios of Union(), Intersect(), and IsSubsetOf() properly // (they don't support it, throw null reference exceptions, etc.). // An empty demand always succeeds. if (demandSet == null || demandSet.IsEmpty()) return SecurityRuntime.StackHalt; if (GetPermitOnly(fDeclarative) != null) GetPermitOnly(fDeclarative).CheckDecoded( demandSet ); if (GetDenials(fDeclarative) != null) GetDenials(fDeclarative).CheckDecoded( demandSet ); if (GetAssertions(fDeclarative) != null) GetAssertions(fDeclarative).CheckDecoded( demandSet ); bool bThreadSecurity = SecurityManager._SetThreadSecurity(false); try { // In the case of permit only, we define an exception to be failure of the check // and therefore we throw a security exception. permSet = GetPermitOnly(fDeclarative); if (permSet != null) { IPermission permFailed = null; bool bNeedToThrow = true; try { bNeedToThrow = !demandSet.CheckPermitOnly(permSet, out permFailed); } catch (ArgumentException) { } if (bNeedToThrow) throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"), null, permSet, SecurityRuntime.GetMethodInfo(rmh), demandSet, permFailed); } // In the case of denial, we define an exception to be failure of the check // and therefore we throw a security exception. permSet = GetDenials(fDeclarative); if (permSet != null) { IPermission permFailed = null; bool bNeedToThrow = true; try { bNeedToThrow = !demandSet.CheckDeny(permSet, out permFailed); } catch (ArgumentException) { } if (bNeedToThrow) throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"), permSet, null, SecurityRuntime.GetMethodInfo(rmh), demandSet, permFailed); } // The assert case is more complex. Since asserts have the ability to "bleed through" // (where part of a demand is handled by an assertion, but the rest is passed on to // continue the stackwalk), we need to be more careful in handling the "failure" case. // Therefore, if an exception is thrown in performing any operation, we make sure to keep // that permission in the demand set thereby continuing the demand for that permission // walking down the stack. if (GetAssertAllPossible()) { return SecurityRuntime.StackHalt; } permSet = GetAssertions(fDeclarative); if (permSet != null) { // If this frame asserts a superset of the demand set we're done if (demandSet.CheckAssertion( permSet )) return SecurityRuntime.StackHalt; // Determine whether any of the demand set asserted. We do this by // copying the demand set and removing anything in it that is asserted. if (!permSet.IsUnrestricted()) { PermissionSet.RemoveAssertedPermissionSet(demandSet, permSet, out alteredDemandSet); } } } finally { if (bThreadSecurity) SecurityManager._SetThreadSecurity(true); } return SecurityRuntime.StackContinue; }
internal bool CheckSetDemand2(PermissionSet demandSet, out PermissionSet alteredDemandSet, RuntimeMethodHandleInternal rmh, bool fDeclarative) { alteredDemandSet = null; if ((demandSet == null) || demandSet.IsEmpty()) { return false; } if (this.GetPermitOnly(fDeclarative) != null) { this.GetPermitOnly(fDeclarative).CheckDecoded(demandSet); } if (this.GetDenials(fDeclarative) != null) { this.GetDenials(fDeclarative).CheckDecoded(demandSet); } if (this.GetAssertions(fDeclarative) != null) { this.GetAssertions(fDeclarative).CheckDecoded(demandSet); } bool flag = SecurityManager._SetThreadSecurity(false); try { PermissionSet permitOnly = this.GetPermitOnly(fDeclarative); if (permitOnly != null) { IPermission firstPermThatFailed = null; bool flag2 = true; try { flag2 = !demandSet.CheckPermitOnly(permitOnly, out firstPermThatFailed); } catch (ArgumentException) { } if (flag2) { throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"), null, permitOnly, SecurityRuntime.GetMethodInfo(rmh), demandSet, firstPermThatFailed); } } permitOnly = this.GetDenials(fDeclarative); if (permitOnly != null) { IPermission permission2 = null; bool flag3 = true; try { flag3 = !demandSet.CheckDeny(permitOnly, out permission2); } catch (ArgumentException) { } if (flag3) { throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"), permitOnly, null, SecurityRuntime.GetMethodInfo(rmh), demandSet, permission2); } } if (this.GetAssertAllPossible()) { return false; } permitOnly = this.GetAssertions(fDeclarative); if (permitOnly != null) { if (demandSet.CheckAssertion(permitOnly)) { return false; } if (!permitOnly.IsUnrestricted()) { PermissionSet.RemoveAssertedPermissionSet(demandSet, permitOnly, out alteredDemandSet); } } } finally { if (flag) { SecurityManager._SetThreadSecurity(true); } } return true; }