internal void MergeDeniedSet(PermissionSet denied) { if (((denied != null) && !denied.FastIsEmpty()) && !this.FastIsEmpty()) { this.m_CheckedForNonCas = false; if ((this.m_permSet != null) && (denied.m_permSet != null)) { int num = (denied.m_permSet.GetMaxUsedIndex() > this.m_permSet.GetMaxUsedIndex()) ? this.m_permSet.GetMaxUsedIndex() : denied.m_permSet.GetMaxUsedIndex(); for (int i = 0; i <= num; i++) { IPermission item = denied.m_permSet.GetItem(i) as IPermission; if (item != null) { IPermission permission2 = this.m_permSet.GetItem(i) as IPermission; if ((permission2 == null) && !this.m_Unrestricted) { denied.m_permSet.SetItem(i, null); } else if (((permission2 != null) && (item != null)) && permission2.IsSubsetOf(item)) { this.m_permSet.SetItem(i, null); denied.m_permSet.SetItem(i, null); } } } } } }
internal bool CheckDeny(PermissionSet deniedSet, out IPermission firstPermThatFailed) { firstPermThatFailed = null; if (((deniedSet != null) && !deniedSet.FastIsEmpty()) && !this.FastIsEmpty()) { if (this.m_Unrestricted && deniedSet.m_Unrestricted) { return false; } PermissionSetEnumeratorInternal internal2 = new PermissionSetEnumeratorInternal(this); while (internal2.MoveNext()) { CodeAccessPermission current = internal2.Current as CodeAccessPermission; if ((current != null) && !current.IsSubsetOf(null)) { if (deniedSet.m_Unrestricted) { firstPermThatFailed = current; return false; } CodeAccessPermission permission = (CodeAccessPermission) deniedSet.GetPermission(internal2.GetCurrentIndex()); if (!current.CheckDeny(permission)) { firstPermThatFailed = current; return false; } } } if (this.m_Unrestricted) { PermissionSetEnumeratorInternal internal3 = new PermissionSetEnumeratorInternal(deniedSet); while (internal3.MoveNext()) { if (internal3.Current is IPermission) { return false; } } } } return true; }
internal void InplaceIntersect( PermissionSet other ) { Exception savedException = null; m_CheckedForNonCas = false; if (this == other) return; if (other == null || other.FastIsEmpty()) { // If the other is empty or null, make this empty. Reset(); return; } if (this.FastIsEmpty()) return; int maxMax = this.m_permSet == null ? -1 : this.m_permSet.GetMaxUsedIndex(); int otherMax = other.m_permSet == null ? -1 : other.m_permSet.GetMaxUsedIndex(); if (this.IsUnrestricted() && maxMax < otherMax) { maxMax = otherMax; this.CheckSet(); } if (other.IsUnrestricted()) { other.CheckSet(); } for (int i = 0; i <= maxMax; ++i) { Object thisObj = this.m_permSet.GetItem( i ); IPermission thisPerm = thisObj as IPermission; Object otherObj = other.m_permSet.GetItem( i ); IPermission otherPerm = otherObj as IPermission; if (thisObj == null && otherObj == null) continue; if (thisObj == null) { // There is no object in <this>, so intersection is empty except for IUnrestrictedPermissions if (this.IsUnrestricted()) { { PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i ); if ((token.m_type & PermissionTokenType.IUnrestricted) != 0) { this.m_permSet.SetItem( i, otherPerm.Copy() ); Debug.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" ); } } } } else if (otherObj == null) { if (other.IsUnrestricted()) { { PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i ); if ((token.m_type & PermissionTokenType.IUnrestricted) == 0) this.m_permSet.SetItem( i, null ); } } else { this.m_permSet.SetItem( i, null ); } } else { try { IPermission intersectPerm; if (thisPerm == null) intersectPerm = otherPerm; else if(otherPerm == null) intersectPerm = thisPerm; else intersectPerm = thisPerm.Intersect( otherPerm ); this.m_permSet.SetItem( i, intersectPerm ); } catch (Exception e) { if (savedException == null) savedException = e; } } } this.m_Unrestricted = this.m_Unrestricted && other.m_Unrestricted; if (savedException != null) throw savedException; }
internal bool IsSubsetOfHelper(PermissionSet target, IsSubsetOfType type, out IPermission firstPermThatFailed, bool ignoreNonCas) { firstPermThatFailed = null; if ((target == null) || target.FastIsEmpty()) { if (this.IsEmpty()) { return true; } firstPermThatFailed = this.GetFirstPerm(); return false; } if (this.IsUnrestricted() && !target.IsUnrestricted()) { return false; } if (this.m_permSet != null) { target.CheckSet(); for (int i = this.m_permSet.GetStartingIndex(); i <= this.m_permSet.GetMaxUsedIndex(); i++) { IPermission permission = this.GetPermission(i); if ((permission != null) && !permission.IsSubsetOf(null)) { IPermission permission2 = target.GetPermission(i); if (!target.m_Unrestricted) { CodeAccessPermission permission3 = permission as CodeAccessPermission; if (permission3 == null) { if (!ignoreNonCas && !permission.IsSubsetOf(permission2)) { firstPermThatFailed = permission; return false; } continue; } firstPermThatFailed = permission; switch (type) { case IsSubsetOfType.Normal: if (permission.IsSubsetOf(permission2)) { break; } return false; case IsSubsetOfType.CheckDemand: if (permission3.CheckDemand((CodeAccessPermission) permission2)) { break; } return false; case IsSubsetOfType.CheckPermitOnly: if (permission3.CheckPermitOnly((CodeAccessPermission) permission2)) { break; } return false; case IsSubsetOfType.CheckAssertion: if (permission3.CheckAssert((CodeAccessPermission) permission2)) { break; } return false; } firstPermThatFailed = null; } } } } return true; }
internal bool IsSubsetOfHelper(PermissionSet target, IsSubsetOfType type, out IPermission firstPermThatFailed, bool ignoreNonCas) { #if _DEBUG if (debug) DEBUG_WRITE("IsSubsetOf\n" + "Other:\n" + (target == null ? "<null>" : target.ToString()) + "\nMe:\n" + ToString()); #endif firstPermThatFailed = null; if (target == null || target.FastIsEmpty()) { if(this.IsEmpty()) return true; else { firstPermThatFailed = GetFirstPerm(); return false; } } else if (this.IsUnrestricted() && !target.IsUnrestricted()) return false; else if (this.m_permSet == null) return true; else { target.CheckSet(); for (int i = m_permSet.GetStartingIndex(); i <= this.m_permSet.GetMaxUsedIndex(); ++i) { IPermission thisPerm = this.GetPermission(i); if (thisPerm == null || thisPerm.IsSubsetOf(null)) continue; IPermission targetPerm = target.GetPermission(i); #if _DEBUG PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i ); Contract.Assert(targetPerm == null || (token.m_type & PermissionTokenType.DontKnow) == 0, "Token not properly initialized"); #endif if (target.m_Unrestricted) continue; // targetPerm can be null here, but that is fine since it thisPerm is a subset // of empty/null then we can continue in the loop. CodeAccessPermission cap = thisPerm as CodeAccessPermission; if(cap == null) { if (!ignoreNonCas && !thisPerm.IsSubsetOf( targetPerm )) { firstPermThatFailed = thisPerm; return false; } } else { firstPermThatFailed = thisPerm; switch(type) { case IsSubsetOfType.Normal: if (!thisPerm.IsSubsetOf( targetPerm )) return false; break; case IsSubsetOfType.CheckDemand: if (!cap.CheckDemand( (CodeAccessPermission)targetPerm )) return false; break; case IsSubsetOfType.CheckPermitOnly: if (!cap.CheckPermitOnly( (CodeAccessPermission)targetPerm )) return false; break; case IsSubsetOfType.CheckAssertion: if (!cap.CheckAssert( (CodeAccessPermission)targetPerm )) return false; break; } firstPermThatFailed = null; } } } return true; }
internal void InplaceIntersect( PermissionSet other ) { Exception savedException = null; m_CheckedForNonCas = false; if (this == other) return; if (other == null || other.FastIsEmpty()) { // If the other is empty or null, make this empty. Reset(); return; } if (this.FastIsEmpty()) return; int maxMax = this.m_permSet == null ? -1 : this.m_permSet.GetMaxUsedIndex(); int otherMax = other.m_permSet == null ? -1 : other.m_permSet.GetMaxUsedIndex(); if (this.IsUnrestricted() && maxMax < otherMax) { maxMax = otherMax; this.CheckSet(); } if (other.IsUnrestricted()) { other.CheckSet(); } for (int i = 0; i <= maxMax; ++i) { Object thisObj = this.m_permSet.GetItem( i ); IPermission thisPerm = thisObj as IPermission; #if FEATURE_CAS_POLICY ISecurityElementFactory thisElem = thisObj as ISecurityElementFactory; #endif // FEATURE_CAS_POLICY Object otherObj = other.m_permSet.GetItem( i ); IPermission otherPerm = otherObj as IPermission; #if FEATURE_CAS_POLICY ISecurityElementFactory otherElem = otherObj as ISecurityElementFactory; #endif // FEATURE_CAS_POLICY if (thisObj == null && otherObj == null) continue; #if FEATURE_CAS_POLICY if (thisElem != null && otherElem != null) { // If we already have an intersection node, just add another child if (thisElem.GetTag().Equals( s_str_PermissionIntersection ) || thisElem.GetTag().Equals( s_str_PermissionUnrestrictedIntersection )) { Contract.Assert( thisElem is SecurityElement, "SecurityElement expected" ); SafeChildAdd( (SecurityElement)thisElem, otherElem, true ); } // If either set is unrestricted, intersect the nodes unrestricted else { bool copyOther = true; if (this.IsUnrestricted()) { SecurityElement newElemUU = new SecurityElement( s_str_PermissionUnrestrictedUnion ); newElemUU.AddAttribute( "class", thisElem.Attribute( "class" ) ); SafeChildAdd( newElemUU, thisElem, false ); thisElem = newElemUU; } if (other.IsUnrestricted()) { SecurityElement newElemUU = new SecurityElement( s_str_PermissionUnrestrictedUnion ); newElemUU.AddAttribute( "class", otherElem.Attribute( "class" ) ); SafeChildAdd( newElemUU, otherElem, true ); otherElem = newElemUU; copyOther = false; } SecurityElement newElem = new SecurityElement( s_str_PermissionIntersection ); newElem.AddAttribute( "class", thisElem.Attribute( "class" ) ); SafeChildAdd( newElem, thisElem, false ); SafeChildAdd( newElem, otherElem, copyOther ); this.m_permSet.SetItem( i, newElem ); } } else #endif // FEATURE_CAS_POLICY if (thisObj == null) { // There is no object in <this>, so intersection is empty except for IUnrestrictedPermissions if (this.IsUnrestricted()) { #if FEATURE_CAS_POLICY if (otherElem != null) { SecurityElement newElem = new SecurityElement( s_str_PermissionUnrestrictedIntersection ); newElem.AddAttribute( "class", otherElem.Attribute( "class" ) ); SafeChildAdd( newElem, otherElem, true ); this.m_permSet.SetItem( i, newElem ); Contract.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" ); } else #endif // FEATURE_CAS_POLICY { PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i ); if ((token.m_type & PermissionTokenType.IUnrestricted) != 0) { this.m_permSet.SetItem( i, otherPerm.Copy() ); Contract.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" ); } } } } else if (otherObj == null) { if (other.IsUnrestricted()) { #if FEATURE_CAS_POLICY if (thisElem != null) { SecurityElement newElem = new SecurityElement( s_str_PermissionUnrestrictedIntersection ); newElem.AddAttribute( "class", thisElem.Attribute( "class" ) ); SafeChildAdd( newElem, thisElem, false ); this.m_permSet.SetItem( i, newElem ); } else #endif // FEATURE_CAS_POLICY { PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i ); if ((token.m_type & PermissionTokenType.IUnrestricted) == 0) this.m_permSet.SetItem( i, null ); } } else { this.m_permSet.SetItem( i, null ); } } else { #if FEATURE_CAS_POLICY if (thisElem != null) thisPerm = this.CreatePermission(thisElem, i); if (otherElem != null) otherPerm = other.CreatePermission(otherElem, i); #endif // FEATURE_CAS_POLICY try { IPermission intersectPerm; if (thisPerm == null) intersectPerm = otherPerm; else if(otherPerm == null) intersectPerm = thisPerm; else intersectPerm = thisPerm.Intersect( otherPerm ); this.m_permSet.SetItem( i, intersectPerm ); } catch (Exception e) { if (savedException == null) savedException = e; } } } this.m_Unrestricted = this.m_Unrestricted && other.m_Unrestricted; if (savedException != null) throw savedException; }
internal PermissionSet CodeGroupResolve(Evidence evidence, bool systemPolicy) { Contract.Assert(AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled); PermissionSet grant = null; PolicyStatement policy; PolicyLevel currentLevel = null; IEnumerator levelEnumerator = PolicyLevels.GetEnumerator(); // We're optimized for standard policy, where the only evidence that is generally evaluated are // Zone, StrongName and Url. Since all of these are relatively inexpensive, we'll force them to // generate, then use that as a key into the cache. evidence.GetHostEvidence <Zone>(); evidence.GetHostEvidence <StrongName>(); evidence.GetHostEvidence <Url>(); byte[] serializedEvidence = evidence.RawSerialize(); int count = evidence.RawCount; bool legacyIgnoreSystemPolicy = (AppDomain.CurrentDomain.GetData("IgnoreSystemPolicy") != null); bool testApplicationLevels = false; while (levelEnumerator.MoveNext()) { currentLevel = (PolicyLevel)levelEnumerator.Current; if (systemPolicy) { if (currentLevel.Type == PolicyLevelType.AppDomain) { continue; } } else if (legacyIgnoreSystemPolicy && currentLevel.Type != PolicyLevelType.AppDomain) { continue; } policy = currentLevel.Resolve(evidence, count, serializedEvidence); // If the grant is "AllPossible", the intersection is just the other permission set. // Otherwise, do an inplace intersection (since we know we can alter the grant set since // it is a copy of the first policy statement's permission set). if (grant == null) { grant = policy.PermissionSet; } else { grant.InplaceIntersect(policy.GetPermissionSetNoCopy()); } if (grant == null || grant.FastIsEmpty()) { break; } else if ((policy.Attributes & PolicyStatementAttribute.LevelFinal) == PolicyStatementAttribute.LevelFinal) { if (currentLevel.Type != PolicyLevelType.AppDomain) { testApplicationLevels = true; } break; } } if (grant != null && testApplicationLevels) { PolicyLevel appDomainLevel = null; for (int i = PolicyLevels.Count - 1; i >= 0; --i) { currentLevel = (PolicyLevel)PolicyLevels[i]; if (currentLevel.Type == PolicyLevelType.AppDomain) { appDomainLevel = currentLevel; break; } } if (appDomainLevel != null) { policy = appDomainLevel.Resolve(evidence, count, serializedEvidence); grant.InplaceIntersect(policy.GetPermissionSetNoCopy()); } } if (grant == null) { grant = new PermissionSet(PermissionState.None); } // Each piece of evidence can possibly create an identity permission that we // need to add to our grant set. Therefore, for all pieces of evidence that // implement the IIdentityPermissionFactory interface, ask it for its // adjoining identity permission and add it to the grant. if (!grant.IsUnrestricted()) { IEnumerator enumerator = evidence.GetHostEnumerator(); while (enumerator.MoveNext()) { Object obj = enumerator.Current; IIdentityPermissionFactory factory = obj as IIdentityPermissionFactory; if (factory != null) { IPermission perm = factory.CreateIdentityPermission(evidence); if (perm != null) { grant.AddPermission(perm); } } } } grant.IgnoreTypeLoadFailures = true; return(grant); }
public PermissionSet Union(PermissionSet other) { // if other is null or empty, return a clone of myself if (other == null || other.FastIsEmpty()) { return this.Copy(); } if (this.FastIsEmpty()) { return other.Copy(); } int maxMax = -1; PermissionSet pset = new PermissionSet(); pset.m_Unrestricted = this.m_Unrestricted || other.m_Unrestricted; if (pset.m_Unrestricted) { // if the result of Union is unrestricted permset, just return return pset; } // degenerate case where we look at both this.m_permSet and other.m_permSet this.CheckSet(); other.CheckSet(); maxMax = this.m_permSet.GetMaxUsedIndex() > other.m_permSet.GetMaxUsedIndex() ? this.m_permSet.GetMaxUsedIndex() : other.m_permSet.GetMaxUsedIndex(); pset.m_permSet = new TokenBasedSet(); for (int i = 0; i <= maxMax; ++i) { Object thisObj = this.m_permSet.GetItem( i ); IPermission thisPerm = thisObj as IPermission; #if FEATURE_CAS_POLICY ISecurityElementFactory thisElem = thisObj as ISecurityElementFactory; #endif // FEATURE_CAS_POLICY Object otherObj = other.m_permSet.GetItem( i ); IPermission otherPerm = otherObj as IPermission; #if FEATURE_CAS_POLICY ISecurityElementFactory otherElem = otherObj as ISecurityElementFactory; #endif // FEATURE_CAS_POLICY if (thisObj == null && otherObj == null) continue; #if FEATURE_CAS_POLICY if (thisElem != null && otherElem != null) { SecurityElement newElem; if (this.IsUnrestricted() || other.IsUnrestricted()) newElem = new SecurityElement( s_str_PermissionUnrestrictedUnion ); else newElem = new SecurityElement( s_str_PermissionUnion ); newElem.AddAttribute( "class", thisElem.Attribute( "class" ) ); SafeChildAdd( newElem, thisElem, true ); SafeChildAdd( newElem, otherElem, true ); pset.m_permSet.SetItem( i, newElem ); } else #endif // FEATURE_CAS_POLICY if (thisObj == null) { #if FEATURE_CAS_POLICY if (otherElem != null) { pset.m_permSet.SetItem( i, otherElem.Copy() ); Contract.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" ); } else #endif // FEATURE_CAS_POLICY if (otherPerm != null) { PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i ); if (((token.m_type & PermissionTokenType.IUnrestricted) == 0) || !pset.m_Unrestricted) { pset.m_permSet.SetItem( i, otherPerm.Copy() ); Contract.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" ); } } } else if (otherObj == null) { #if FEATURE_CAS_POLICY if (thisElem != null) { pset.m_permSet.SetItem( i, thisElem.Copy() ); } else #endif // FEATURE_CAS_POLICY if (thisPerm != null) { PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i ); if (((token.m_type & PermissionTokenType.IUnrestricted) == 0) || !pset.m_Unrestricted) { pset.m_permSet.SetItem( i, thisPerm.Copy() ); Contract.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" ); } } } else { #if FEATURE_CAS_POLICY if (thisElem != null) thisPerm = this.CreatePermission(thisElem, i); if (otherElem != null) otherPerm = other.CreatePermission(otherElem, i); #endif // FEATURE_CAS_POLICY IPermission unionPerm; if(thisPerm == null) unionPerm = otherPerm; else if(otherPerm == null) unionPerm = thisPerm; else unionPerm = thisPerm.Union( otherPerm ); pset.m_permSet.SetItem( i, unionPerm ); Contract.Assert( unionPerm == null || PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" ); } } return pset; }
internal PermissionSet CodeGroupResolve(Evidence evidence, bool systemPolicy) { PermissionSet permissionSet = null; PolicyLevel current = null; IEnumerator enumerator = this.PolicyLevels.GetEnumerator(); evidence.GetHostEvidence <Zone>(); evidence.GetHostEvidence <StrongName>(); evidence.GetHostEvidence <Url>(); byte[] serializedEvidence = evidence.RawSerialize(); int rawCount = evidence.RawCount; bool flag = AppDomain.CurrentDomain.GetData("IgnoreSystemPolicy") != null; bool flag2 = false; while (enumerator.MoveNext()) { PolicyStatement statement; current = (PolicyLevel)enumerator.Current; if (systemPolicy) { if (current.Type != PolicyLevelType.AppDomain) { goto Label_0078; } continue; } if (flag && (current.Type != PolicyLevelType.AppDomain)) { continue; } Label_0078: statement = current.Resolve(evidence, rawCount, serializedEvidence); if (permissionSet == null) { permissionSet = statement.PermissionSet; } else { permissionSet.InplaceIntersect(statement.GetPermissionSetNoCopy()); } if ((permissionSet == null) || permissionSet.FastIsEmpty()) { break; } if ((statement.Attributes & PolicyStatementAttribute.LevelFinal) == PolicyStatementAttribute.LevelFinal) { if (current.Type != PolicyLevelType.AppDomain) { flag2 = true; } break; } } if ((permissionSet != null) && flag2) { PolicyLevel level2 = null; for (int i = this.PolicyLevels.Count - 1; i >= 0; i--) { current = (PolicyLevel)this.PolicyLevels[i]; if (current.Type == PolicyLevelType.AppDomain) { level2 = current; break; } } if (level2 != null) { permissionSet.InplaceIntersect(level2.Resolve(evidence, rawCount, serializedEvidence).GetPermissionSetNoCopy()); } } if (permissionSet == null) { permissionSet = new PermissionSet(PermissionState.None); } if (!permissionSet.IsUnrestricted()) { IEnumerator hostEnumerator = evidence.GetHostEnumerator(); while (hostEnumerator.MoveNext()) { object obj2 = hostEnumerator.Current; IIdentityPermissionFactory factory = obj2 as IIdentityPermissionFactory; if (factory != null) { IPermission perm = factory.CreateIdentityPermission(evidence); if (perm != null) { permissionSet.AddPermission(perm); } } } } permissionSet.IgnoreTypeLoadFailures = true; return(permissionSet); }
public PermissionSet Union(PermissionSet other) { // if other is null or empty, return a clone of myself if (other == null || other.FastIsEmpty()) { return this.Copy(); } if (this.FastIsEmpty()) { return other.Copy(); } int maxMax = -1; PermissionSet pset = new PermissionSet(); pset.m_Unrestricted = this.m_Unrestricted || other.m_Unrestricted; if (pset.m_Unrestricted) { if (CodeAccessSecurityEngine.DoesFullTrustMeanFullTrust()) { // FullTrustMeansFullTrust is on...so if the result of Union is unrestricted permset, just return return pset; } if (this.m_canUnrestrictedOverride && other.m_canUnrestrictedOverride) { // Only unrestricted override-able permissions in both this and other ...again, we can return just an unrestricted pset return pset; } if (other.m_canUnrestrictedOverride) { // Only unrestricted override-able permissions in other...cannot null pset.m_permSet, but don't look at other.m_permSet // just copy over this.m_permSet pset.m_permSet = (this.m_permSet != null)? new TokenBasedSet(this.m_permSet): null; return pset; } } // degenerate case where we look at both this.m_permSet and other.m_permSet this.CheckSet(); other.CheckSet(); maxMax = this.m_permSet.GetMaxUsedIndex() > other.m_permSet.GetMaxUsedIndex() ? this.m_permSet.GetMaxUsedIndex() : other.m_permSet.GetMaxUsedIndex(); pset.m_permSet = new TokenBasedSet(); for (int i = 0; i <= maxMax; ++i) { Object thisObj = this.m_permSet.GetItem( i ); IPermission thisPerm = thisObj as IPermission; ISecurityElementFactory thisElem = thisObj as ISecurityElementFactory; Object otherObj = other.m_permSet.GetItem( i ); IPermission otherPerm = otherObj as IPermission; ISecurityElementFactory otherElem = otherObj as ISecurityElementFactory; if (thisObj == null && otherObj == null) continue; if (thisElem != null && otherElem != null) { SecurityElement newElem; if (this.IsUnrestricted() || other.IsUnrestricted()) newElem = new SecurityElement( s_str_PermissionUnrestrictedUnion ); else newElem = new SecurityElement( s_str_PermissionUnion ); newElem.AddAttribute( "class", thisElem.Attribute( "class" ) ); SafeChildAdd( newElem, thisElem, true ); SafeChildAdd( newElem, otherElem, true ); pset.m_permSet.SetItem( i, newElem ); } else if (thisObj == null) { if (otherElem != null) { pset.m_permSet.SetItem( i, otherElem.Copy() ); BCLDebug.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" ); } else if (otherPerm != null) { PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i ); if (((token.m_type & PermissionTokenType.IUnrestricted) == 0) || !pset.m_Unrestricted) { pset.m_permSet.SetItem( i, otherPerm.Copy() ); BCLDebug.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" ); } } } else if (otherObj == null) { if (thisElem != null) { pset.m_permSet.SetItem( i, thisElem.Copy() ); } else if (thisPerm != null) { PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i ); if (((token.m_type & PermissionTokenType.IUnrestricted) == 0) || !pset.m_Unrestricted) { pset.m_permSet.SetItem( i, thisPerm.Copy() ); BCLDebug.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" ); } } } else { if (thisElem != null) thisPerm = this.CreatePermission(thisElem, i); if (otherElem != null) otherPerm = other.CreatePermission(otherElem, i); IPermission unionPerm; if(thisPerm == null) unionPerm = otherPerm; else if(otherPerm == null) unionPerm = thisPerm; else unionPerm = thisPerm.Union( otherPerm ); pset.m_permSet.SetItem( i, unionPerm ); BCLDebug.Assert( unionPerm == null || PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" ); } } return pset; }
public PermissionSet Union(PermissionSet other) { // if other is null or empty, return a clone of myself if (other == null || other.FastIsEmpty()) { return this.Copy(); } if (this.FastIsEmpty()) { return other.Copy(); } int maxMax = -1; PermissionSet pset = new PermissionSet(); pset.m_Unrestricted = this.m_Unrestricted || other.m_Unrestricted; if (pset.m_Unrestricted) { // if the result of Union is unrestricted permset, just return return pset; } // degenerate case where we look at both this.m_permSet and other.m_permSet this.CheckSet(); other.CheckSet(); maxMax = this.m_permSet.GetMaxUsedIndex() > other.m_permSet.GetMaxUsedIndex() ? this.m_permSet.GetMaxUsedIndex() : other.m_permSet.GetMaxUsedIndex(); pset.m_permSet = new TokenBasedSet(); for (int i = 0; i <= maxMax; ++i) { Object thisObj = this.m_permSet.GetItem( i ); IPermission thisPerm = thisObj as IPermission; Object otherObj = other.m_permSet.GetItem( i ); IPermission otherPerm = otherObj as IPermission; if (thisObj == null && otherObj == null) continue; if (thisObj == null) { if (otherPerm != null) { PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i ); if (((token.m_type & PermissionTokenType.IUnrestricted) == 0) || !pset.m_Unrestricted) { pset.m_permSet.SetItem( i, otherPerm.Copy() ); Debug.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" ); } } } else if (otherObj == null) { if (thisPerm != null) { PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i ); if (((token.m_type & PermissionTokenType.IUnrestricted) == 0) || !pset.m_Unrestricted) { pset.m_permSet.SetItem( i, thisPerm.Copy() ); Debug.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" ); } } } else { IPermission unionPerm; if(thisPerm == null) unionPerm = otherPerm; else if(otherPerm == null) unionPerm = thisPerm; else unionPerm = thisPerm.Union( otherPerm ); pset.m_permSet.SetItem( i, unionPerm ); Debug.Assert( unionPerm == null || PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" ); } } return pset; }
internal void InplaceUnion( PermissionSet other ) { // Unions the "other" PermissionSet into this one. It can be optimized to do less copies than // need be done by the traditional union (and we don't have to create a new PermissionSet). if (this == other) return; // Quick out conditions, union doesn't change this PermissionSet if (other == null || other.FastIsEmpty()) return; m_CheckedForNonCas = false; this.m_Unrestricted = this.m_Unrestricted || other.m_Unrestricted; if (this.m_Unrestricted) { // if the result of Union is unrestricted permset, null the m_permSet member this.m_permSet = null; return; } // If we reach here, result of Union is not unrestricted // We have to union "normal" permission no matter what now. int maxMax = -1; if (other.m_permSet != null) { maxMax = other.m_permSet.GetMaxUsedIndex(); this.CheckSet(); } // Save exceptions until the end Exception savedException = null; for (int i = 0; i <= maxMax; ++i) { Object thisObj = this.m_permSet.GetItem( i ); IPermission thisPerm = thisObj as IPermission; Object otherObj = other.m_permSet.GetItem( i ); IPermission otherPerm = otherObj as IPermission; if (thisObj == null && otherObj == null) continue; if (thisObj == null) { if (otherPerm != null) { PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i ); if (((token.m_type & PermissionTokenType.IUnrestricted) == 0) || !this.m_Unrestricted) { this.m_permSet.SetItem( i, otherPerm.Copy() ); } } } else if (otherObj == null) { continue; } else { try { IPermission unionPerm; if(thisPerm == null) unionPerm = otherPerm; else if(otherPerm == null) unionPerm = thisPerm; else unionPerm = thisPerm.Union( otherPerm ); this.m_permSet.SetItem( i, unionPerm ); } catch (Exception e) { if (savedException == null) savedException = e; } } } if (savedException != null) throw savedException; }
public PermissionSet Intersect(PermissionSet other) { if (other == null || other.FastIsEmpty() || this.FastIsEmpty()) { return null; } int thisMax = this.m_permSet == null ? -1 : this.m_permSet.GetMaxUsedIndex(); int otherMax = other.m_permSet == null ? -1 : other.m_permSet.GetMaxUsedIndex(); int minMax = thisMax < otherMax ? thisMax : otherMax; if (this.IsUnrestricted() && minMax < otherMax) { minMax = otherMax; this.CheckSet(); } if (other.IsUnrestricted() && minMax < thisMax) { minMax = thisMax; other.CheckSet(); } PermissionSet pset = new PermissionSet( false ); if (minMax > -1) { pset.m_permSet = new TokenBasedSet(); } for (int i = 0; i <= minMax; ++i) { Object thisObj = this.m_permSet.GetItem( i ); IPermission thisPerm = thisObj as IPermission; Object otherObj = other.m_permSet.GetItem( i ); IPermission otherPerm = otherObj as IPermission; if (thisObj == null && otherObj == null) continue; if (thisObj == null) { if (this.m_Unrestricted) { if (otherPerm != null) { PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i ); if ((token.m_type & PermissionTokenType.IUnrestricted) != 0) { pset.m_permSet.SetItem( i, otherPerm.Copy() ); Debug.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" ); } } } } else if (otherObj == null) { if (other.m_Unrestricted) { if (thisPerm != null) { PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i ); if ((token.m_type & PermissionTokenType.IUnrestricted) != 0) { pset.m_permSet.SetItem( i, thisPerm.Copy() ); Debug.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" ); } } } } else { IPermission intersectPerm; if (thisPerm == null) intersectPerm = otherPerm; else if(otherPerm == null) intersectPerm = thisPerm; else intersectPerm = thisPerm.Intersect( otherPerm ); pset.m_permSet.SetItem( i, intersectPerm ); Debug.Assert( intersectPerm == null || PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" ); } } pset.m_Unrestricted = this.m_Unrestricted && other.m_Unrestricted; if (pset.FastIsEmpty()) return null; else return pset; }
public PermissionSet Union(PermissionSet other) { if ((other == null) || other.FastIsEmpty()) { return this.Copy(); } if (this.FastIsEmpty()) { return other.Copy(); } int num = -1; PermissionSet set = new PermissionSet { m_Unrestricted = this.m_Unrestricted || other.m_Unrestricted }; if (!set.m_Unrestricted) { this.CheckSet(); other.CheckSet(); num = (this.m_permSet.GetMaxUsedIndex() > other.m_permSet.GetMaxUsedIndex()) ? this.m_permSet.GetMaxUsedIndex() : other.m_permSet.GetMaxUsedIndex(); set.m_permSet = new TokenBasedSet(); for (int i = 0; i <= num; i++) { object item = this.m_permSet.GetItem(i); IPermission permission = item as IPermission; ISecurityElementFactory child = item as ISecurityElementFactory; object obj3 = other.m_permSet.GetItem(i); IPermission target = obj3 as IPermission; ISecurityElementFactory factory2 = obj3 as ISecurityElementFactory; if ((item != null) || (obj3 != null)) { if ((child != null) && (factory2 != null)) { SecurityElement element; if (this.IsUnrestricted() || other.IsUnrestricted()) { element = new SecurityElement("PermissionUnrestrictedUnion"); } else { element = new SecurityElement("PermissionUnion"); } element.AddAttribute("class", child.Attribute("class")); SafeChildAdd(element, child, true); SafeChildAdd(element, factory2, true); set.m_permSet.SetItem(i, element); } else if (item == null) { if (factory2 != null) { set.m_permSet.SetItem(i, factory2.Copy()); } else if (target != null) { PermissionToken token = (PermissionToken) PermissionToken.s_tokenSet.GetItem(i); if (((token.m_type & PermissionTokenType.IUnrestricted) == 0) || !set.m_Unrestricted) { set.m_permSet.SetItem(i, target.Copy()); } } } else if (obj3 == null) { if (child != null) { set.m_permSet.SetItem(i, child.Copy()); } else if (permission != null) { PermissionToken token2 = (PermissionToken) PermissionToken.s_tokenSet.GetItem(i); if (((token2.m_type & PermissionTokenType.IUnrestricted) == 0) || !set.m_Unrestricted) { set.m_permSet.SetItem(i, permission.Copy()); } } } else { IPermission permission3; if (child != null) { permission = this.CreatePermission(child, i); } if (factory2 != null) { target = other.CreatePermission(factory2, i); } if (permission == null) { permission3 = target; } else if (target == null) { permission3 = permission; } else { permission3 = permission.Union(target); } set.m_permSet.SetItem(i, permission3); } } } } return set; }
internal PermissionSet CodeGroupResolve(Evidence evidence, bool systemPolicy) { PermissionSet grant = null; PolicyStatement policy; PolicyLevel currentLevel = null; IEnumerator levelEnumerator = PolicyLevels.GetEnumerator(); char[] serializedEvidence = MakeEvidenceArray(evidence, false); int count = evidence.Count; bool legacyIgnoreSystemPolicy = (AppDomain.CurrentDomain.GetData("IgnoreSystemPolicy") != null); bool testApplicationLevels = false; while (levelEnumerator.MoveNext()) { currentLevel = (PolicyLevel)levelEnumerator.Current; if (systemPolicy) { if (currentLevel.Type == PolicyLevelType.AppDomain) { continue; } } else if (legacyIgnoreSystemPolicy && currentLevel.Type != PolicyLevelType.AppDomain) { continue; } policy = currentLevel.Resolve(evidence, count, serializedEvidence); // If the grant is "AllPossible", the intersection is just the other permission set. // Otherwise, do an inplace intersection (since we know we can alter the grant set since // it is a copy of the first policy statement's permission set). if (grant == null) { grant = policy.PermissionSet; } else { grant.InplaceIntersect(policy.GetPermissionSetNoCopy()); } if (grant == null || grant.FastIsEmpty()) { break; } else if ((policy.Attributes & PolicyStatementAttribute.LevelFinal) == PolicyStatementAttribute.LevelFinal) { if (currentLevel.Type != PolicyLevelType.AppDomain) { testApplicationLevels = true; } break; } } if (grant != null && testApplicationLevels) { PolicyLevel appDomainLevel = null; for (int i = PolicyLevels.Count - 1; i >= 0; --i) { currentLevel = (PolicyLevel)PolicyLevels[i]; if (currentLevel.Type == PolicyLevelType.AppDomain) { appDomainLevel = currentLevel; break; } } if (appDomainLevel != null) { policy = appDomainLevel.Resolve(evidence, count, serializedEvidence); grant.InplaceIntersect(policy.GetPermissionSetNoCopy()); } } if (grant == null) { grant = new PermissionSet(PermissionState.None); } // Each piece of evidence can possibly create an identity permission that we // need to add to our grant set. Therefore, for all pieces of evidence that // implement the IIdentityPermissionFactory interface, ask it for its // adjoining identity permission and add it to the grant. if (!CodeAccessSecurityEngine.DoesFullTrustMeanFullTrust() || !grant.IsUnrestricted()) { IEnumerator enumerator = evidence.GetHostEnumerator(); while (enumerator.MoveNext()) { Object obj = enumerator.Current; IIdentityPermissionFactory factory = obj as IIdentityPermissionFactory; if (factory != null) { IPermission perm = factory.CreateIdentityPermission(evidence); if (perm != null) { grant.AddPermission(perm); } } } } grant.IgnoreTypeLoadFailures = true; return(grant); }
internal void InplaceUnion( PermissionSet other ) { // Unions the "other" PermissionSet into this one. It can be optimized to do less copies than // need be done by the traditional union (and we don't have to create a new PermissionSet). if (this == other) return; // Quick out conditions, union doesn't change this PermissionSet if (other == null || other.FastIsEmpty()) return; m_CheckedForNonCas = false; this.m_Unrestricted = this.m_Unrestricted || other.m_Unrestricted; if (this.m_Unrestricted) { // if the result of Union is unrestricted permset, null the m_permSet member this.m_permSet = null; return; } // If we reach here, result of Union is not unrestricted // We have to union "normal" permission no matter what now. int maxMax = -1; if (other.m_permSet != null) { maxMax = other.m_permSet.GetMaxUsedIndex(); this.CheckSet(); } // Save exceptions until the end Exception savedException = null; for (int i = 0; i <= maxMax; ++i) { Object thisObj = this.m_permSet.GetItem( i ); IPermission thisPerm = thisObj as IPermission; #if FEATURE_CAS_POLICY ISecurityElementFactory thisElem = thisObj as ISecurityElementFactory; #endif // FEATURE_CAS_POLICY Object otherObj = other.m_permSet.GetItem( i ); IPermission otherPerm = otherObj as IPermission; #if FEATURE_CAS_POLICY ISecurityElementFactory otherElem = otherObj as ISecurityElementFactory; #endif // FEATURE_CAS_POLICY if (thisObj == null && otherObj == null) continue; #if FEATURE_CAS_POLICY if (thisElem != null && otherElem != null) { if (thisElem.GetTag().Equals( s_str_PermissionUnion ) || thisElem.GetTag().Equals( s_str_PermissionUnrestrictedUnion )) { Contract.Assert( thisElem is SecurityElement, "SecurityElement expected" ); SafeChildAdd( (SecurityElement)thisElem, otherElem, true ); } else { SecurityElement newElem; if (this.IsUnrestricted() || other.IsUnrestricted()) newElem = new SecurityElement( s_str_PermissionUnrestrictedUnion ); else newElem = new SecurityElement( s_str_PermissionUnion ); newElem.AddAttribute( "class", thisElem.Attribute( "class" ) ); SafeChildAdd( newElem, thisElem, false ); SafeChildAdd( newElem, otherElem, true ); this.m_permSet.SetItem( i, newElem ); } } else #endif // FEATURE_CAS_POLICY if (thisObj == null) { #if FEATURE_CAS_POLICY if (otherElem != null) { this.m_permSet.SetItem( i, otherElem.Copy() ); } else #endif // FEATURE_CAS_POLICY if (otherPerm != null) { PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i ); if (((token.m_type & PermissionTokenType.IUnrestricted) == 0) || !this.m_Unrestricted) { this.m_permSet.SetItem( i, otherPerm.Copy() ); } } } else if (otherObj == null) { continue; } else { #if FEATURE_CAS_POLICY if (thisElem != null) thisPerm = this.CreatePermission(thisElem, i); if (otherElem != null) otherPerm = other.CreatePermission(otherElem, i); #endif // FEATURE_CAS_POLICY try { IPermission unionPerm; if(thisPerm == null) unionPerm = otherPerm; else if(otherPerm == null) unionPerm = thisPerm; else unionPerm = thisPerm.Union( otherPerm ); this.m_permSet.SetItem( i, unionPerm ); } catch (Exception e) { if (savedException == null) savedException = e; } } } if (savedException != null) throw savedException; }
internal void InplaceIntersect(PermissionSet other) { Exception exception = null; this.m_CheckedForNonCas = false; if (this != other) { if ((other == null) || other.FastIsEmpty()) { this.Reset(); } else if (!this.FastIsEmpty()) { int num = (this.m_permSet == null) ? -1 : this.m_permSet.GetMaxUsedIndex(); int num2 = (other.m_permSet == null) ? -1 : other.m_permSet.GetMaxUsedIndex(); if (this.IsUnrestricted() && (num < num2)) { num = num2; this.CheckSet(); } if (other.IsUnrestricted()) { other.CheckSet(); } for (int i = 0; i <= num; i++) { object item = this.m_permSet.GetItem(i); IPermission permission = item as IPermission; ISecurityElementFactory child = item as ISecurityElementFactory; object obj3 = other.m_permSet.GetItem(i); IPermission target = obj3 as IPermission; ISecurityElementFactory factory2 = obj3 as ISecurityElementFactory; if ((item != null) || (obj3 != null)) { if ((child != null) && (factory2 != null)) { if (child.GetTag().Equals("PermissionIntersection") || child.GetTag().Equals("PermissionUnrestrictedIntersection")) { SafeChildAdd((SecurityElement) child, factory2, true); } else { bool copy = true; if (this.IsUnrestricted()) { SecurityElement element = new SecurityElement("PermissionUnrestrictedUnion"); element.AddAttribute("class", child.Attribute("class")); SafeChildAdd(element, child, false); child = element; } if (other.IsUnrestricted()) { SecurityElement element2 = new SecurityElement("PermissionUnrestrictedUnion"); element2.AddAttribute("class", factory2.Attribute("class")); SafeChildAdd(element2, factory2, true); factory2 = element2; copy = false; } SecurityElement parent = new SecurityElement("PermissionIntersection"); parent.AddAttribute("class", child.Attribute("class")); SafeChildAdd(parent, child, false); SafeChildAdd(parent, factory2, copy); this.m_permSet.SetItem(i, parent); } } else if (item == null) { if (this.IsUnrestricted()) { if (factory2 != null) { SecurityElement element4 = new SecurityElement("PermissionUnrestrictedIntersection"); element4.AddAttribute("class", factory2.Attribute("class")); SafeChildAdd(element4, factory2, true); this.m_permSet.SetItem(i, element4); } else { PermissionToken token = (PermissionToken) PermissionToken.s_tokenSet.GetItem(i); if ((token.m_type & PermissionTokenType.IUnrestricted) != 0) { this.m_permSet.SetItem(i, target.Copy()); } } } } else if (obj3 == null) { if (other.IsUnrestricted()) { if (child != null) { SecurityElement element5 = new SecurityElement("PermissionUnrestrictedIntersection"); element5.AddAttribute("class", child.Attribute("class")); SafeChildAdd(element5, child, false); this.m_permSet.SetItem(i, element5); } else { PermissionToken token2 = (PermissionToken) PermissionToken.s_tokenSet.GetItem(i); if ((token2.m_type & PermissionTokenType.IUnrestricted) == 0) { this.m_permSet.SetItem(i, null); } } } else { this.m_permSet.SetItem(i, null); } } else { if (child != null) { permission = this.CreatePermission(child, i); } if (factory2 != null) { target = other.CreatePermission(factory2, i); } try { IPermission permission3; if (permission == null) { permission3 = target; } else if (target == null) { permission3 = permission; } else { permission3 = permission.Intersect(target); } this.m_permSet.SetItem(i, permission3); } catch (Exception exception2) { if (exception == null) { exception = exception2; } } } } } this.m_Unrestricted = this.m_Unrestricted && other.m_Unrestricted; if (exception != null) { throw exception; } } } }
// Treating the current permission set as a grant set, and the input set as // a set of permissions to be denied, try to cancel out as many permissions // from both sets as possible. For a first cut, any granted permission that // is a safe subset of the corresponding denied permission can result in // that permission being removed from both sides. internal void MergeDeniedSet(PermissionSet denied) { if (denied == null || denied.FastIsEmpty() || this.FastIsEmpty()) return; m_CheckedForNonCas = false; // Check for the unrestricted case: FastIsEmpty() will return false if the PSet is unrestricted, but has no items if (this.m_permSet == null || denied.m_permSet == null) return; //nothing can be removed int maxIndex = denied.m_permSet.GetMaxUsedIndex() > this.m_permSet.GetMaxUsedIndex() ? this.m_permSet.GetMaxUsedIndex() : denied.m_permSet.GetMaxUsedIndex(); for (int i = 0; i <= maxIndex; ++i) { IPermission deniedPerm = denied.m_permSet.GetItem(i) as IPermission; if (deniedPerm == null) continue; IPermission thisPerm = this.m_permSet.GetItem(i) as IPermission; if (thisPerm == null && !this.m_Unrestricted) { denied.m_permSet.SetItem(i, null); continue; } if (thisPerm != null && deniedPerm != null) { if (thisPerm.IsSubsetOf(deniedPerm)) { this.m_permSet.SetItem(i, null); denied.m_permSet.SetItem(i, null); } } } }
internal void InplaceUnion(PermissionSet other) { if ((this != other) && ((other != null) && !other.FastIsEmpty())) { this.m_CheckedForNonCas = false; this.m_Unrestricted = this.m_Unrestricted || other.m_Unrestricted; if (this.m_Unrestricted) { this.m_permSet = null; } else { int maxUsedIndex = -1; if (other.m_permSet != null) { maxUsedIndex = other.m_permSet.GetMaxUsedIndex(); this.CheckSet(); } Exception exception = null; for (int i = 0; i <= maxUsedIndex; i++) { object item = this.m_permSet.GetItem(i); IPermission permission = item as IPermission; ISecurityElementFactory child = item as ISecurityElementFactory; object obj3 = other.m_permSet.GetItem(i); IPermission target = obj3 as IPermission; ISecurityElementFactory factory2 = obj3 as ISecurityElementFactory; if ((item != null) || (obj3 != null)) { if ((child != null) && (factory2 != null)) { if (child.GetTag().Equals("PermissionUnion") || child.GetTag().Equals("PermissionUnrestrictedUnion")) { SafeChildAdd((SecurityElement) child, factory2, true); } else { SecurityElement element; if (this.IsUnrestricted() || other.IsUnrestricted()) { element = new SecurityElement("PermissionUnrestrictedUnion"); } else { element = new SecurityElement("PermissionUnion"); } element.AddAttribute("class", child.Attribute("class")); SafeChildAdd(element, child, false); SafeChildAdd(element, factory2, true); this.m_permSet.SetItem(i, element); } } else if (item == null) { if (factory2 != null) { this.m_permSet.SetItem(i, factory2.Copy()); } else if (target != null) { PermissionToken token = (PermissionToken) PermissionToken.s_tokenSet.GetItem(i); if (((token.m_type & PermissionTokenType.IUnrestricted) == 0) || !this.m_Unrestricted) { this.m_permSet.SetItem(i, target.Copy()); } } } else if (obj3 != null) { if (child != null) { permission = this.CreatePermission(child, i); } if (factory2 != null) { target = other.CreatePermission(factory2, i); } try { IPermission permission3; if (permission == null) { permission3 = target; } else if (target == null) { permission3 = permission; } else { permission3 = permission.Union(target); } this.m_permSet.SetItem(i, permission3); } catch (Exception exception2) { if (exception == null) { exception = exception2; } } } } } if (exception != null) { throw exception; } } } }
internal bool CheckDeny(PermissionSet deniedSet, out IPermission firstPermThatFailed) { firstPermThatFailed = null; if (deniedSet == null || deniedSet.FastIsEmpty() || this.FastIsEmpty()) return true; if(this.m_Unrestricted && deniedSet.m_Unrestricted) return false; CodeAccessPermission permThis, permThat; PermissionSetEnumeratorInternal enumThis = new PermissionSetEnumeratorInternal(this); while (enumThis.MoveNext()) { permThis = enumThis.Current as CodeAccessPermission; if(permThis == null || permThis.IsSubsetOf(null)) continue; // ignore non-CAS permissions in the grant set. if (deniedSet.m_Unrestricted) { firstPermThatFailed = permThis; return false; } permThat = (CodeAccessPermission)deniedSet.GetPermission(enumThis.GetCurrentIndex()); if (!permThis.CheckDeny(permThat)) { firstPermThatFailed = permThis; return false; } } if(this.m_Unrestricted) { PermissionSetEnumeratorInternal enumThat = new PermissionSetEnumeratorInternal(deniedSet); while (enumThat.MoveNext()) { if(enumThat.Current is IPermission) return false; } } return true; }
public PermissionSet Intersect(PermissionSet other) { if (((other == null) || other.FastIsEmpty()) || this.FastIsEmpty()) { return null; } int num = (this.m_permSet == null) ? -1 : this.m_permSet.GetMaxUsedIndex(); int num2 = (other.m_permSet == null) ? -1 : other.m_permSet.GetMaxUsedIndex(); int num3 = (num < num2) ? num : num2; if (this.IsUnrestricted() && (num3 < num2)) { num3 = num2; this.CheckSet(); } if (other.IsUnrestricted() && (num3 < num)) { num3 = num; other.CheckSet(); } PermissionSet set = new PermissionSet(false); if (num3 > -1) { set.m_permSet = new TokenBasedSet(); } for (int i = 0; i <= num3; i++) { object item = this.m_permSet.GetItem(i); IPermission permission = item as IPermission; ISecurityElementFactory child = item as ISecurityElementFactory; object obj3 = other.m_permSet.GetItem(i); IPermission target = obj3 as IPermission; ISecurityElementFactory factory2 = obj3 as ISecurityElementFactory; if ((item != null) || (obj3 != null)) { if ((child != null) && (factory2 != null)) { bool copy = true; bool flag2 = true; SecurityElement parent = new SecurityElement("PermissionIntersection"); parent.AddAttribute("class", factory2.Attribute("class")); if (this.IsUnrestricted()) { SecurityElement element2 = new SecurityElement("PermissionUnrestrictedUnion"); element2.AddAttribute("class", child.Attribute("class")); SafeChildAdd(element2, child, true); flag2 = false; child = element2; } if (other.IsUnrestricted()) { SecurityElement element3 = new SecurityElement("PermissionUnrestrictedUnion"); element3.AddAttribute("class", factory2.Attribute("class")); SafeChildAdd(element3, factory2, true); copy = false; factory2 = element3; } SafeChildAdd(parent, factory2, copy); SafeChildAdd(parent, child, flag2); set.m_permSet.SetItem(i, parent); } else if (item == null) { if (this.m_Unrestricted) { if (factory2 != null) { SecurityElement element4 = new SecurityElement("PermissionUnrestrictedIntersection"); element4.AddAttribute("class", factory2.Attribute("class")); SafeChildAdd(element4, factory2, true); set.m_permSet.SetItem(i, element4); } else if (target != null) { PermissionToken token = (PermissionToken) PermissionToken.s_tokenSet.GetItem(i); if ((token.m_type & PermissionTokenType.IUnrestricted) != 0) { set.m_permSet.SetItem(i, target.Copy()); } } } } else if (obj3 == null) { if (other.m_Unrestricted) { if (child != null) { SecurityElement element5 = new SecurityElement("PermissionUnrestrictedIntersection"); element5.AddAttribute("class", child.Attribute("class")); SafeChildAdd(element5, child, true); set.m_permSet.SetItem(i, element5); } else if (permission != null) { PermissionToken token2 = (PermissionToken) PermissionToken.s_tokenSet.GetItem(i); if ((token2.m_type & PermissionTokenType.IUnrestricted) != 0) { set.m_permSet.SetItem(i, permission.Copy()); } } } } else { IPermission permission3; if (child != null) { permission = this.CreatePermission(child, i); } if (factory2 != null) { target = other.CreatePermission(factory2, i); } if (permission == null) { permission3 = target; } else if (target == null) { permission3 = permission; } else { permission3 = permission.Intersect(target); } set.m_permSet.SetItem(i, permission3); } } } set.m_Unrestricted = this.m_Unrestricted && other.m_Unrestricted; if (set.FastIsEmpty()) { return null; } return set; }
public PermissionSet Intersect(PermissionSet other) { if (other == null || other.FastIsEmpty() || this.FastIsEmpty()) { return null; } int thisMax = this.m_permSet == null ? -1 : this.m_permSet.GetMaxUsedIndex(); int otherMax = other.m_permSet == null ? -1 : other.m_permSet.GetMaxUsedIndex(); int minMax = thisMax < otherMax ? thisMax : otherMax; if (this.IsUnrestricted() && minMax < otherMax) { minMax = otherMax; this.CheckSet(); } if (other.IsUnrestricted() && minMax < thisMax) { minMax = thisMax; other.CheckSet(); } PermissionSet pset = new PermissionSet( false ); if (minMax > -1) { pset.m_permSet = new TokenBasedSet(); } for (int i = 0; i <= minMax; ++i) { Object thisObj = this.m_permSet.GetItem( i ); IPermission thisPerm = thisObj as IPermission; #if FEATURE_CAS_POLICY ISecurityElementFactory thisElem = thisObj as ISecurityElementFactory; #endif // FEATURE_CAS_POLICY Object otherObj = other.m_permSet.GetItem( i ); IPermission otherPerm = otherObj as IPermission; #if FEATURE_CAS_POLICY ISecurityElementFactory otherElem = otherObj as ISecurityElementFactory; #endif // FEATURE_CAS_POLICY if (thisObj == null && otherObj == null) continue; #if FEATURE_CAS_POLICY if (thisElem != null && otherElem != null) { bool copyOther = true; bool copyThis = true; SecurityElement newElem = new SecurityElement( s_str_PermissionIntersection ); newElem.AddAttribute( "class", otherElem.Attribute( "class" ) ); if (this.IsUnrestricted()) { SecurityElement newElemUU = new SecurityElement( s_str_PermissionUnrestrictedUnion ); newElemUU.AddAttribute( "class", thisElem.Attribute( "class" ) ); SafeChildAdd( newElemUU, thisElem, true ); copyThis = false; thisElem = newElemUU; } if (other.IsUnrestricted()) { SecurityElement newElemUU = new SecurityElement( s_str_PermissionUnrestrictedUnion ); newElemUU.AddAttribute( "class", otherElem.Attribute( "class" ) ); SafeChildAdd( newElemUU, otherElem, true ); copyOther = false; otherElem = newElemUU; } SafeChildAdd( newElem, otherElem, copyOther ); SafeChildAdd( newElem, thisElem, copyThis ); pset.m_permSet.SetItem( i, newElem ); } else #endif // FEATURE_CAS_POLICY if (thisObj == null) { if (this.m_Unrestricted) { #if FEATURE_CAS_POLICY if (otherElem != null) { SecurityElement newElem = new SecurityElement( s_str_PermissionUnrestrictedIntersection ); newElem.AddAttribute( "class", otherElem.Attribute( "class" ) ); SafeChildAdd( newElem, otherElem, true ); pset.m_permSet.SetItem( i, newElem ); Contract.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" ); } else #endif // FEATURE_CAS_POLICY if (otherPerm != null) { PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i ); if ((token.m_type & PermissionTokenType.IUnrestricted) != 0) { pset.m_permSet.SetItem( i, otherPerm.Copy() ); Contract.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" ); } } } } else if (otherObj == null) { if (other.m_Unrestricted) { #if FEATURE_CAS_POLICY if (thisElem != null) { SecurityElement newElem = new SecurityElement( s_str_PermissionUnrestrictedIntersection ); newElem.AddAttribute( "class", thisElem.Attribute( "class" ) ); SafeChildAdd( newElem, thisElem, true ); pset.m_permSet.SetItem( i, newElem ); Contract.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" ); } else #endif // FEATURE_CAS_POLICY if (thisPerm != null) { PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i ); if ((token.m_type & PermissionTokenType.IUnrestricted) != 0) { pset.m_permSet.SetItem( i, thisPerm.Copy() ); Contract.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" ); } } } } else { #if FEATURE_CAS_POLICY if (thisElem != null) thisPerm = this.CreatePermission(thisElem, i); if (otherElem != null) otherPerm = other.CreatePermission(otherElem, i); #endif // FEATURE_CAS_POLICY IPermission intersectPerm; if (thisPerm == null) intersectPerm = otherPerm; else if(otherPerm == null) intersectPerm = thisPerm; else intersectPerm = thisPerm.Intersect( otherPerm ); pset.m_permSet.SetItem( i, intersectPerm ); Contract.Assert( intersectPerm == null || PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" ); } } pset.m_Unrestricted = this.m_Unrestricted && other.m_Unrestricted; if (pset.FastIsEmpty()) return null; else return pset; }
internal PermissionSet CodeGroupResolve(Evidence evidence, bool systemPolicy) { PermissionSet permissionSet = (PermissionSet)null; IEnumerator enumerator = this.PolicyLevels.GetEnumerator(); evidence.GetHostEvidence <Zone>(); evidence.GetHostEvidence <StrongName>(); evidence.GetHostEvidence <Url>(); byte[] serializedEvidence = evidence.RawSerialize(); int rawCount = evidence.RawCount; bool flag1 = AppDomain.CurrentDomain.GetData("IgnoreSystemPolicy") != null; bool flag2 = false; while (enumerator.MoveNext()) { PolicyLevel policyLevel = (PolicyLevel)enumerator.Current; if (systemPolicy) { if (policyLevel.Type == PolicyLevelType.AppDomain) { continue; } } else if (flag1 && policyLevel.Type != PolicyLevelType.AppDomain) { continue; } PolicyStatement policyStatement = policyLevel.Resolve(evidence, rawCount, serializedEvidence); if (permissionSet == null) { permissionSet = policyStatement.PermissionSet; } else { permissionSet.InplaceIntersect(policyStatement.GetPermissionSetNoCopy()); } if (permissionSet != null && !permissionSet.FastIsEmpty()) { if ((policyStatement.Attributes & PolicyStatementAttribute.LevelFinal) == PolicyStatementAttribute.LevelFinal) { if (policyLevel.Type != PolicyLevelType.AppDomain) { flag2 = true; break; } break; } } else { break; } } if (permissionSet != null & flag2) { PolicyLevel policyLevel1 = (PolicyLevel)null; for (int index = this.PolicyLevels.Count - 1; index >= 0; --index) { PolicyLevel policyLevel2 = (PolicyLevel)this.PolicyLevels[index]; if (policyLevel2.Type == PolicyLevelType.AppDomain) { policyLevel1 = policyLevel2; break; } } if (policyLevel1 != null) { PolicyStatement policyStatement = policyLevel1.Resolve(evidence, rawCount, serializedEvidence); permissionSet.InplaceIntersect(policyStatement.GetPermissionSetNoCopy()); } } if (permissionSet == null) { permissionSet = new PermissionSet(PermissionState.None); } if (!permissionSet.IsUnrestricted()) { IEnumerator hostEnumerator = evidence.GetHostEnumerator(); while (hostEnumerator.MoveNext()) { IIdentityPermissionFactory permissionFactory = hostEnumerator.Current as IIdentityPermissionFactory; if (permissionFactory != null) { IPermission identityPermission = permissionFactory.CreateIdentityPermission(evidence); if (identityPermission != null) { permissionSet.AddPermission(identityPermission); } } } } permissionSet.IgnoreTypeLoadFailures = true; return(permissionSet); }