internal void MergeDeniedSet(PermissionSet denied)
{
if (((denied != null) && !denied.FastIsEmpty()) && !this.FastIsEmpty())
{
this.m_CheckedForNonCas = false;
if ((this.m_permSet != null) && (denied.m_permSet != null))
{
int num = (denied.m_permSet.GetMaxUsedIndex() > this.m_permSet.GetMaxUsedIndex()) ? this.m_permSet.GetMaxUsedIndex() : denied.m_permSet.GetMaxUsedIndex();
for (int i = 0; i <= num; i++)
{
IPermission item = denied.m_permSet.GetItem(i) as IPermission;
if (item != null)
{
IPermission permission2 = this.m_permSet.GetItem(i) as IPermission;
if ((permission2 == null) && !this.m_Unrestricted)
{
denied.m_permSet.SetItem(i, null);
}
else if (((permission2 != null) && (item != null)) && permission2.IsSubsetOf(item))
{
this.m_permSet.SetItem(i, null);
denied.m_permSet.SetItem(i, null);
}
}
}
}
}
}
internal bool CheckDeny(PermissionSet deniedSet, out IPermission firstPermThatFailed)
{
firstPermThatFailed = null;
if (((deniedSet != null) && !deniedSet.FastIsEmpty()) && !this.FastIsEmpty())
{
if (this.m_Unrestricted && deniedSet.m_Unrestricted)
{
return false;
}
PermissionSetEnumeratorInternal internal2 = new PermissionSetEnumeratorInternal(this);
while (internal2.MoveNext())
{
CodeAccessPermission current = internal2.Current as CodeAccessPermission;
if ((current != null) && !current.IsSubsetOf(null))
{
if (deniedSet.m_Unrestricted)
{
firstPermThatFailed = current;
return false;
}
CodeAccessPermission permission = (CodeAccessPermission) deniedSet.GetPermission(internal2.GetCurrentIndex());
if (!current.CheckDeny(permission))
{
firstPermThatFailed = current;
return false;
}
}
}
if (this.m_Unrestricted)
{
PermissionSetEnumeratorInternal internal3 = new PermissionSetEnumeratorInternal(deniedSet);
while (internal3.MoveNext())
{
if (internal3.Current is IPermission)
{
return false;
}
}
}
}
return true;
}
internal void InplaceIntersect( PermissionSet other )
{
Exception savedException = null;
m_CheckedForNonCas = false;
if (this == other)
return;
if (other == null || other.FastIsEmpty())
{
// If the other is empty or null, make this empty.
Reset();
return;
}
if (this.FastIsEmpty())
return;
int maxMax = this.m_permSet == null ? -1 : this.m_permSet.GetMaxUsedIndex();
int otherMax = other.m_permSet == null ? -1 : other.m_permSet.GetMaxUsedIndex();
if (this.IsUnrestricted() && maxMax < otherMax)
{
maxMax = otherMax;
this.CheckSet();
}
if (other.IsUnrestricted())
{
other.CheckSet();
}
for (int i = 0; i <= maxMax; ++i)
{
Object thisObj = this.m_permSet.GetItem( i );
IPermission thisPerm = thisObj as IPermission;
Object otherObj = other.m_permSet.GetItem( i );
IPermission otherPerm = otherObj as IPermission;
if (thisObj == null && otherObj == null)
continue;
if (thisObj == null)
{
// There is no object in <this>, so intersection is empty except for IUnrestrictedPermissions
if (this.IsUnrestricted())
{
{
PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i );
if ((token.m_type & PermissionTokenType.IUnrestricted) != 0)
{
this.m_permSet.SetItem( i, otherPerm.Copy() );
Debug.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" );
}
}
}
}
else if (otherObj == null)
{
if (other.IsUnrestricted())
{
{
PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i );
if ((token.m_type & PermissionTokenType.IUnrestricted) == 0)
this.m_permSet.SetItem( i, null );
}
}
else
{
this.m_permSet.SetItem( i, null );
}
}
else
{
try
{
IPermission intersectPerm;
if (thisPerm == null)
intersectPerm = otherPerm;
else if(otherPerm == null)
intersectPerm = thisPerm;
else
intersectPerm = thisPerm.Intersect( otherPerm );
this.m_permSet.SetItem( i, intersectPerm );
}
catch (Exception e)
{
if (savedException == null)
savedException = e;
}
}
}
this.m_Unrestricted = this.m_Unrestricted && other.m_Unrestricted;
if (savedException != null)
throw savedException;
}
internal bool IsSubsetOfHelper(PermissionSet target, IsSubsetOfType type, out IPermission firstPermThatFailed, bool ignoreNonCas)
{
firstPermThatFailed = null;
if ((target == null) || target.FastIsEmpty())
{
if (this.IsEmpty())
{
return true;
}
firstPermThatFailed = this.GetFirstPerm();
return false;
}
if (this.IsUnrestricted() && !target.IsUnrestricted())
{
return false;
}
if (this.m_permSet != null)
{
target.CheckSet();
for (int i = this.m_permSet.GetStartingIndex(); i <= this.m_permSet.GetMaxUsedIndex(); i++)
{
IPermission permission = this.GetPermission(i);
if ((permission != null) && !permission.IsSubsetOf(null))
{
IPermission permission2 = target.GetPermission(i);
if (!target.m_Unrestricted)
{
CodeAccessPermission permission3 = permission as CodeAccessPermission;
if (permission3 == null)
{
if (!ignoreNonCas && !permission.IsSubsetOf(permission2))
{
firstPermThatFailed = permission;
return false;
}
continue;
}
firstPermThatFailed = permission;
switch (type)
{
case IsSubsetOfType.Normal:
if (permission.IsSubsetOf(permission2))
{
break;
}
return false;
case IsSubsetOfType.CheckDemand:
if (permission3.CheckDemand((CodeAccessPermission) permission2))
{
break;
}
return false;
case IsSubsetOfType.CheckPermitOnly:
if (permission3.CheckPermitOnly((CodeAccessPermission) permission2))
{
break;
}
return false;
case IsSubsetOfType.CheckAssertion:
if (permission3.CheckAssert((CodeAccessPermission) permission2))
{
break;
}
return false;
}
firstPermThatFailed = null;
}
}
}
}
return true;
}
internal bool IsSubsetOfHelper(PermissionSet target, IsSubsetOfType type, out IPermission firstPermThatFailed, bool ignoreNonCas)
{
#if _DEBUG
if (debug)
DEBUG_WRITE("IsSubsetOf\n" +
"Other:\n" +
(target == null ? "<null>" : target.ToString()) +
"\nMe:\n" +
ToString());
#endif
firstPermThatFailed = null;
if (target == null || target.FastIsEmpty())
{
if(this.IsEmpty())
return true;
else
{
firstPermThatFailed = GetFirstPerm();
return false;
}
}
else if (this.IsUnrestricted() && !target.IsUnrestricted())
return false;
else if (this.m_permSet == null)
return true;
else
{
target.CheckSet();
for (int i = m_permSet.GetStartingIndex(); i <= this.m_permSet.GetMaxUsedIndex(); ++i)
{
IPermission thisPerm = this.GetPermission(i);
if (thisPerm == null || thisPerm.IsSubsetOf(null))
continue;
IPermission targetPerm = target.GetPermission(i);
#if _DEBUG
PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i );
Contract.Assert(targetPerm == null || (token.m_type & PermissionTokenType.DontKnow) == 0, "Token not properly initialized");
#endif
if (target.m_Unrestricted)
continue;
// targetPerm can be null here, but that is fine since it thisPerm is a subset
// of empty/null then we can continue in the loop.
CodeAccessPermission cap = thisPerm as CodeAccessPermission;
if(cap == null)
{
if (!ignoreNonCas && !thisPerm.IsSubsetOf( targetPerm ))
{
firstPermThatFailed = thisPerm;
return false;
}
}
else
{
firstPermThatFailed = thisPerm;
switch(type)
{
case IsSubsetOfType.Normal:
if (!thisPerm.IsSubsetOf( targetPerm ))
return false;
break;
case IsSubsetOfType.CheckDemand:
if (!cap.CheckDemand( (CodeAccessPermission)targetPerm ))
return false;
break;
case IsSubsetOfType.CheckPermitOnly:
if (!cap.CheckPermitOnly( (CodeAccessPermission)targetPerm ))
return false;
break;
case IsSubsetOfType.CheckAssertion:
if (!cap.CheckAssert( (CodeAccessPermission)targetPerm ))
return false;
break;
}
firstPermThatFailed = null;
}
}
}
return true;
}
internal void InplaceIntersect( PermissionSet other )
{
Exception savedException = null;
m_CheckedForNonCas = false;
if (this == other)
return;
if (other == null || other.FastIsEmpty())
{
// If the other is empty or null, make this empty.
Reset();
return;
}
if (this.FastIsEmpty())
return;
int maxMax = this.m_permSet == null ? -1 : this.m_permSet.GetMaxUsedIndex();
int otherMax = other.m_permSet == null ? -1 : other.m_permSet.GetMaxUsedIndex();
if (this.IsUnrestricted() && maxMax < otherMax)
{
maxMax = otherMax;
this.CheckSet();
}
if (other.IsUnrestricted())
{
other.CheckSet();
}
for (int i = 0; i <= maxMax; ++i)
{
Object thisObj = this.m_permSet.GetItem( i );
IPermission thisPerm = thisObj as IPermission;
#if FEATURE_CAS_POLICY
ISecurityElementFactory thisElem = thisObj as ISecurityElementFactory;
#endif // FEATURE_CAS_POLICY
Object otherObj = other.m_permSet.GetItem( i );
IPermission otherPerm = otherObj as IPermission;
#if FEATURE_CAS_POLICY
ISecurityElementFactory otherElem = otherObj as ISecurityElementFactory;
#endif // FEATURE_CAS_POLICY
if (thisObj == null && otherObj == null)
continue;
#if FEATURE_CAS_POLICY
if (thisElem != null && otherElem != null)
{
// If we already have an intersection node, just add another child
if (thisElem.GetTag().Equals( s_str_PermissionIntersection ) ||
thisElem.GetTag().Equals( s_str_PermissionUnrestrictedIntersection ))
{
Contract.Assert( thisElem is SecurityElement, "SecurityElement expected" );
SafeChildAdd( (SecurityElement)thisElem, otherElem, true );
}
// If either set is unrestricted, intersect the nodes unrestricted
else
{
bool copyOther = true;
if (this.IsUnrestricted())
{
SecurityElement newElemUU = new SecurityElement( s_str_PermissionUnrestrictedUnion );
newElemUU.AddAttribute( "class", thisElem.Attribute( "class" ) );
SafeChildAdd( newElemUU, thisElem, false );
thisElem = newElemUU;
}
if (other.IsUnrestricted())
{
SecurityElement newElemUU = new SecurityElement( s_str_PermissionUnrestrictedUnion );
newElemUU.AddAttribute( "class", otherElem.Attribute( "class" ) );
SafeChildAdd( newElemUU, otherElem, true );
otherElem = newElemUU;
copyOther = false;
}
SecurityElement newElem = new SecurityElement( s_str_PermissionIntersection );
newElem.AddAttribute( "class", thisElem.Attribute( "class" ) );
SafeChildAdd( newElem, thisElem, false );
SafeChildAdd( newElem, otherElem, copyOther );
this.m_permSet.SetItem( i, newElem );
}
}
else
#endif // FEATURE_CAS_POLICY
if (thisObj == null)
{
// There is no object in <this>, so intersection is empty except for IUnrestrictedPermissions
if (this.IsUnrestricted())
{
#if FEATURE_CAS_POLICY
if (otherElem != null)
{
SecurityElement newElem = new SecurityElement( s_str_PermissionUnrestrictedIntersection );
newElem.AddAttribute( "class", otherElem.Attribute( "class" ) );
SafeChildAdd( newElem, otherElem, true );
this.m_permSet.SetItem( i, newElem );
Contract.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" );
}
else
#endif // FEATURE_CAS_POLICY
{
PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i );
if ((token.m_type & PermissionTokenType.IUnrestricted) != 0)
{
this.m_permSet.SetItem( i, otherPerm.Copy() );
Contract.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" );
}
}
}
}
else if (otherObj == null)
{
if (other.IsUnrestricted())
{
#if FEATURE_CAS_POLICY
if (thisElem != null)
{
SecurityElement newElem = new SecurityElement( s_str_PermissionUnrestrictedIntersection );
newElem.AddAttribute( "class", thisElem.Attribute( "class" ) );
SafeChildAdd( newElem, thisElem, false );
this.m_permSet.SetItem( i, newElem );
}
else
#endif // FEATURE_CAS_POLICY
{
PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i );
if ((token.m_type & PermissionTokenType.IUnrestricted) == 0)
this.m_permSet.SetItem( i, null );
}
}
else
{
this.m_permSet.SetItem( i, null );
}
}
else
{
#if FEATURE_CAS_POLICY
if (thisElem != null)
thisPerm = this.CreatePermission(thisElem, i);
if (otherElem != null)
otherPerm = other.CreatePermission(otherElem, i);
#endif // FEATURE_CAS_POLICY
try
{
IPermission intersectPerm;
if (thisPerm == null)
intersectPerm = otherPerm;
else if(otherPerm == null)
intersectPerm = thisPerm;
else
intersectPerm = thisPerm.Intersect( otherPerm );
this.m_permSet.SetItem( i, intersectPerm );
}
catch (Exception e)
{
if (savedException == null)
savedException = e;
}
}
}
this.m_Unrestricted = this.m_Unrestricted && other.m_Unrestricted;
if (savedException != null)
throw savedException;
}
internal PermissionSet CodeGroupResolve(Evidence evidence, bool systemPolicy)
{
Contract.Assert(AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled);
PermissionSet grant = null;
PolicyStatement policy;
PolicyLevel currentLevel = null;
IEnumerator levelEnumerator = PolicyLevels.GetEnumerator();
// We're optimized for standard policy, where the only evidence that is generally evaluated are
// Zone, StrongName and Url. Since all of these are relatively inexpensive, we'll force them to
// generate, then use that as a key into the cache.
evidence.GetHostEvidence <Zone>();
evidence.GetHostEvidence <StrongName>();
evidence.GetHostEvidence <Url>();
byte[] serializedEvidence = evidence.RawSerialize();
int count = evidence.RawCount;
bool legacyIgnoreSystemPolicy = (AppDomain.CurrentDomain.GetData("IgnoreSystemPolicy") != null);
bool testApplicationLevels = false;
while (levelEnumerator.MoveNext())
{
currentLevel = (PolicyLevel)levelEnumerator.Current;
if (systemPolicy)
{
if (currentLevel.Type == PolicyLevelType.AppDomain)
{
continue;
}
}
else if (legacyIgnoreSystemPolicy && currentLevel.Type != PolicyLevelType.AppDomain)
{
continue;
}
policy = currentLevel.Resolve(evidence, count, serializedEvidence);
// If the grant is "AllPossible", the intersection is just the other permission set.
// Otherwise, do an inplace intersection (since we know we can alter the grant set since
// it is a copy of the first policy statement's permission set).
if (grant == null)
{
grant = policy.PermissionSet;
}
else
{
grant.InplaceIntersect(policy.GetPermissionSetNoCopy());
}
if (grant == null || grant.FastIsEmpty())
{
break;
}
else if ((policy.Attributes & PolicyStatementAttribute.LevelFinal) == PolicyStatementAttribute.LevelFinal)
{
if (currentLevel.Type != PolicyLevelType.AppDomain)
{
testApplicationLevels = true;
}
break;
}
}
if (grant != null && testApplicationLevels)
{
PolicyLevel appDomainLevel = null;
for (int i = PolicyLevels.Count - 1; i >= 0; --i)
{
currentLevel = (PolicyLevel)PolicyLevels[i];
if (currentLevel.Type == PolicyLevelType.AppDomain)
{
appDomainLevel = currentLevel;
break;
}
}
if (appDomainLevel != null)
{
policy = appDomainLevel.Resolve(evidence, count, serializedEvidence);
grant.InplaceIntersect(policy.GetPermissionSetNoCopy());
}
}
if (grant == null)
{
grant = new PermissionSet(PermissionState.None);
}
// Each piece of evidence can possibly create an identity permission that we
// need to add to our grant set. Therefore, for all pieces of evidence that
// implement the IIdentityPermissionFactory interface, ask it for its
// adjoining identity permission and add it to the grant.
if (!grant.IsUnrestricted())
{
IEnumerator enumerator = evidence.GetHostEnumerator();
while (enumerator.MoveNext())
{
Object obj = enumerator.Current;
IIdentityPermissionFactory factory = obj as IIdentityPermissionFactory;
if (factory != null)
{
IPermission perm = factory.CreateIdentityPermission(evidence);
if (perm != null)
{
grant.AddPermission(perm);
}
}
}
}
grant.IgnoreTypeLoadFailures = true;
return(grant);
}
public PermissionSet Union(PermissionSet other)
{
// if other is null or empty, return a clone of myself
if (other == null || other.FastIsEmpty())
{
return this.Copy();
}
if (this.FastIsEmpty())
{
return other.Copy();
}
int maxMax = -1;
PermissionSet pset = new PermissionSet();
pset.m_Unrestricted = this.m_Unrestricted || other.m_Unrestricted;
if (pset.m_Unrestricted)
{
// if the result of Union is unrestricted permset, just return
return pset;
}
// degenerate case where we look at both this.m_permSet and other.m_permSet
this.CheckSet();
other.CheckSet();
maxMax = this.m_permSet.GetMaxUsedIndex() > other.m_permSet.GetMaxUsedIndex() ? this.m_permSet.GetMaxUsedIndex() : other.m_permSet.GetMaxUsedIndex();
pset.m_permSet = new TokenBasedSet();
for (int i = 0; i <= maxMax; ++i)
{
Object thisObj = this.m_permSet.GetItem( i );
IPermission thisPerm = thisObj as IPermission;
#if FEATURE_CAS_POLICY
ISecurityElementFactory thisElem = thisObj as ISecurityElementFactory;
#endif // FEATURE_CAS_POLICY
Object otherObj = other.m_permSet.GetItem( i );
IPermission otherPerm = otherObj as IPermission;
#if FEATURE_CAS_POLICY
ISecurityElementFactory otherElem = otherObj as ISecurityElementFactory;
#endif // FEATURE_CAS_POLICY
if (thisObj == null && otherObj == null)
continue;
#if FEATURE_CAS_POLICY
if (thisElem != null && otherElem != null)
{
SecurityElement newElem;
if (this.IsUnrestricted() || other.IsUnrestricted())
newElem = new SecurityElement( s_str_PermissionUnrestrictedUnion );
else
newElem = new SecurityElement( s_str_PermissionUnion );
newElem.AddAttribute( "class", thisElem.Attribute( "class" ) );
SafeChildAdd( newElem, thisElem, true );
SafeChildAdd( newElem, otherElem, true );
pset.m_permSet.SetItem( i, newElem );
}
else
#endif // FEATURE_CAS_POLICY
if (thisObj == null)
{
#if FEATURE_CAS_POLICY
if (otherElem != null)
{
pset.m_permSet.SetItem( i, otherElem.Copy() );
Contract.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" );
}
else
#endif // FEATURE_CAS_POLICY
if (otherPerm != null)
{
PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i );
if (((token.m_type & PermissionTokenType.IUnrestricted) == 0) || !pset.m_Unrestricted)
{
pset.m_permSet.SetItem( i, otherPerm.Copy() );
Contract.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" );
}
}
}
else if (otherObj == null)
{
#if FEATURE_CAS_POLICY
if (thisElem != null)
{
pset.m_permSet.SetItem( i, thisElem.Copy() );
}
else
#endif // FEATURE_CAS_POLICY
if (thisPerm != null)
{
PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i );
if (((token.m_type & PermissionTokenType.IUnrestricted) == 0) || !pset.m_Unrestricted)
{
pset.m_permSet.SetItem( i, thisPerm.Copy() );
Contract.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" );
}
}
}
else
{
#if FEATURE_CAS_POLICY
if (thisElem != null)
thisPerm = this.CreatePermission(thisElem, i);
if (otherElem != null)
otherPerm = other.CreatePermission(otherElem, i);
#endif // FEATURE_CAS_POLICY
IPermission unionPerm;
if(thisPerm == null)
unionPerm = otherPerm;
else if(otherPerm == null)
unionPerm = thisPerm;
else
unionPerm = thisPerm.Union( otherPerm );
pset.m_permSet.SetItem( i, unionPerm );
Contract.Assert( unionPerm == null || PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" );
}
}
return pset;
}
internal PermissionSet CodeGroupResolve(Evidence evidence, bool systemPolicy)
{
PermissionSet permissionSet = null;
PolicyLevel current = null;
IEnumerator enumerator = this.PolicyLevels.GetEnumerator();
evidence.GetHostEvidence <Zone>();
evidence.GetHostEvidence <StrongName>();
evidence.GetHostEvidence <Url>();
byte[] serializedEvidence = evidence.RawSerialize();
int rawCount = evidence.RawCount;
bool flag = AppDomain.CurrentDomain.GetData("IgnoreSystemPolicy") != null;
bool flag2 = false;
while (enumerator.MoveNext())
{
PolicyStatement statement;
current = (PolicyLevel)enumerator.Current;
if (systemPolicy)
{
if (current.Type != PolicyLevelType.AppDomain)
{
goto Label_0078;
}
continue;
}
if (flag && (current.Type != PolicyLevelType.AppDomain))
{
continue;
}
Label_0078:
statement = current.Resolve(evidence, rawCount, serializedEvidence);
if (permissionSet == null)
{
permissionSet = statement.PermissionSet;
}
else
{
permissionSet.InplaceIntersect(statement.GetPermissionSetNoCopy());
}
if ((permissionSet == null) || permissionSet.FastIsEmpty())
{
break;
}
if ((statement.Attributes & PolicyStatementAttribute.LevelFinal) == PolicyStatementAttribute.LevelFinal)
{
if (current.Type != PolicyLevelType.AppDomain)
{
flag2 = true;
}
break;
}
}
if ((permissionSet != null) && flag2)
{
PolicyLevel level2 = null;
for (int i = this.PolicyLevels.Count - 1; i >= 0; i--)
{
current = (PolicyLevel)this.PolicyLevels[i];
if (current.Type == PolicyLevelType.AppDomain)
{
level2 = current;
break;
}
}
if (level2 != null)
{
permissionSet.InplaceIntersect(level2.Resolve(evidence, rawCount, serializedEvidence).GetPermissionSetNoCopy());
}
}
if (permissionSet == null)
{
permissionSet = new PermissionSet(PermissionState.None);
}
if (!permissionSet.IsUnrestricted())
{
IEnumerator hostEnumerator = evidence.GetHostEnumerator();
while (hostEnumerator.MoveNext())
{
object obj2 = hostEnumerator.Current;
IIdentityPermissionFactory factory = obj2 as IIdentityPermissionFactory;
if (factory != null)
{
IPermission perm = factory.CreateIdentityPermission(evidence);
if (perm != null)
{
permissionSet.AddPermission(perm);
}
}
}
}
permissionSet.IgnoreTypeLoadFailures = true;
return(permissionSet);
}
public PermissionSet Union(PermissionSet other)
{
// if other is null or empty, return a clone of myself
if (other == null || other.FastIsEmpty())
{
return this.Copy();
}
if (this.FastIsEmpty())
{
return other.Copy();
}
int maxMax = -1;
PermissionSet pset = new PermissionSet();
pset.m_Unrestricted = this.m_Unrestricted || other.m_Unrestricted;
if (pset.m_Unrestricted)
{
if (CodeAccessSecurityEngine.DoesFullTrustMeanFullTrust())
{
// FullTrustMeansFullTrust is on...so if the result of Union is unrestricted permset, just return
return pset;
}
if (this.m_canUnrestrictedOverride && other.m_canUnrestrictedOverride)
{
// Only unrestricted override-able permissions in both this and other ...again, we can return just an unrestricted pset
return pset;
}
if (other.m_canUnrestrictedOverride)
{
// Only unrestricted override-able permissions in other...cannot null pset.m_permSet, but don't look at other.m_permSet
// just copy over this.m_permSet
pset.m_permSet = (this.m_permSet != null)? new TokenBasedSet(this.m_permSet): null;
return pset;
}
}
// degenerate case where we look at both this.m_permSet and other.m_permSet
this.CheckSet();
other.CheckSet();
maxMax = this.m_permSet.GetMaxUsedIndex() > other.m_permSet.GetMaxUsedIndex() ? this.m_permSet.GetMaxUsedIndex() : other.m_permSet.GetMaxUsedIndex();
pset.m_permSet = new TokenBasedSet();
for (int i = 0; i <= maxMax; ++i)
{
Object thisObj = this.m_permSet.GetItem( i );
IPermission thisPerm = thisObj as IPermission;
ISecurityElementFactory thisElem = thisObj as ISecurityElementFactory;
Object otherObj = other.m_permSet.GetItem( i );
IPermission otherPerm = otherObj as IPermission;
ISecurityElementFactory otherElem = otherObj as ISecurityElementFactory;
if (thisObj == null && otherObj == null)
continue;
if (thisElem != null && otherElem != null)
{
SecurityElement newElem;
if (this.IsUnrestricted() || other.IsUnrestricted())
newElem = new SecurityElement( s_str_PermissionUnrestrictedUnion );
else
newElem = new SecurityElement( s_str_PermissionUnion );
newElem.AddAttribute( "class", thisElem.Attribute( "class" ) );
SafeChildAdd( newElem, thisElem, true );
SafeChildAdd( newElem, otherElem, true );
pset.m_permSet.SetItem( i, newElem );
}
else if (thisObj == null)
{
if (otherElem != null)
{
pset.m_permSet.SetItem( i, otherElem.Copy() );
BCLDebug.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" );
}
else if (otherPerm != null)
{
PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i );
if (((token.m_type & PermissionTokenType.IUnrestricted) == 0) || !pset.m_Unrestricted)
{
pset.m_permSet.SetItem( i, otherPerm.Copy() );
BCLDebug.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" );
}
}
}
else if (otherObj == null)
{
if (thisElem != null)
{
pset.m_permSet.SetItem( i, thisElem.Copy() );
}
else if (thisPerm != null)
{
PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i );
if (((token.m_type & PermissionTokenType.IUnrestricted) == 0) || !pset.m_Unrestricted)
{
pset.m_permSet.SetItem( i, thisPerm.Copy() );
BCLDebug.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" );
}
}
}
else
{
if (thisElem != null)
thisPerm = this.CreatePermission(thisElem, i);
if (otherElem != null)
otherPerm = other.CreatePermission(otherElem, i);
IPermission unionPerm;
if(thisPerm == null)
unionPerm = otherPerm;
else if(otherPerm == null)
unionPerm = thisPerm;
else
unionPerm = thisPerm.Union( otherPerm );
pset.m_permSet.SetItem( i, unionPerm );
BCLDebug.Assert( unionPerm == null || PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" );
}
}
return pset;
}
public PermissionSet Union(PermissionSet other)
{
// if other is null or empty, return a clone of myself
if (other == null || other.FastIsEmpty())
{
return this.Copy();
}
if (this.FastIsEmpty())
{
return other.Copy();
}
int maxMax = -1;
PermissionSet pset = new PermissionSet();
pset.m_Unrestricted = this.m_Unrestricted || other.m_Unrestricted;
if (pset.m_Unrestricted)
{
// if the result of Union is unrestricted permset, just return
return pset;
}
// degenerate case where we look at both this.m_permSet and other.m_permSet
this.CheckSet();
other.CheckSet();
maxMax = this.m_permSet.GetMaxUsedIndex() > other.m_permSet.GetMaxUsedIndex() ? this.m_permSet.GetMaxUsedIndex() : other.m_permSet.GetMaxUsedIndex();
pset.m_permSet = new TokenBasedSet();
for (int i = 0; i <= maxMax; ++i)
{
Object thisObj = this.m_permSet.GetItem( i );
IPermission thisPerm = thisObj as IPermission;
Object otherObj = other.m_permSet.GetItem( i );
IPermission otherPerm = otherObj as IPermission;
if (thisObj == null && otherObj == null)
continue;
if (thisObj == null)
{
if (otherPerm != null)
{
PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i );
if (((token.m_type & PermissionTokenType.IUnrestricted) == 0) || !pset.m_Unrestricted)
{
pset.m_permSet.SetItem( i, otherPerm.Copy() );
Debug.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" );
}
}
}
else if (otherObj == null)
{
if (thisPerm != null)
{
PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i );
if (((token.m_type & PermissionTokenType.IUnrestricted) == 0) || !pset.m_Unrestricted)
{
pset.m_permSet.SetItem( i, thisPerm.Copy() );
Debug.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" );
}
}
}
else
{
IPermission unionPerm;
if(thisPerm == null)
unionPerm = otherPerm;
else if(otherPerm == null)
unionPerm = thisPerm;
else
unionPerm = thisPerm.Union( otherPerm );
pset.m_permSet.SetItem( i, unionPerm );
Debug.Assert( unionPerm == null || PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" );
}
}
return pset;
}
internal void InplaceUnion( PermissionSet other )
{
// Unions the "other" PermissionSet into this one. It can be optimized to do less copies than
// need be done by the traditional union (and we don't have to create a new PermissionSet).
if (this == other)
return;
// Quick out conditions, union doesn't change this PermissionSet
if (other == null || other.FastIsEmpty())
return;
m_CheckedForNonCas = false;
this.m_Unrestricted = this.m_Unrestricted || other.m_Unrestricted;
if (this.m_Unrestricted)
{
// if the result of Union is unrestricted permset, null the m_permSet member
this.m_permSet = null;
return;
}
// If we reach here, result of Union is not unrestricted
// We have to union "normal" permission no matter what now.
int maxMax = -1;
if (other.m_permSet != null)
{
maxMax = other.m_permSet.GetMaxUsedIndex();
this.CheckSet();
}
// Save exceptions until the end
Exception savedException = null;
for (int i = 0; i <= maxMax; ++i)
{
Object thisObj = this.m_permSet.GetItem( i );
IPermission thisPerm = thisObj as IPermission;
Object otherObj = other.m_permSet.GetItem( i );
IPermission otherPerm = otherObj as IPermission;
if (thisObj == null && otherObj == null)
continue;
if (thisObj == null)
{
if (otherPerm != null)
{
PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i );
if (((token.m_type & PermissionTokenType.IUnrestricted) == 0) || !this.m_Unrestricted)
{
this.m_permSet.SetItem( i, otherPerm.Copy() );
}
}
}
else if (otherObj == null)
{
continue;
}
else
{
try
{
IPermission unionPerm;
if(thisPerm == null)
unionPerm = otherPerm;
else if(otherPerm == null)
unionPerm = thisPerm;
else
unionPerm = thisPerm.Union( otherPerm );
this.m_permSet.SetItem( i, unionPerm );
}
catch (Exception e)
{
if (savedException == null)
savedException = e;
}
}
}
if (savedException != null)
throw savedException;
}
public PermissionSet Intersect(PermissionSet other)
{
if (other == null || other.FastIsEmpty() || this.FastIsEmpty())
{
return null;
}
int thisMax = this.m_permSet == null ? -1 : this.m_permSet.GetMaxUsedIndex();
int otherMax = other.m_permSet == null ? -1 : other.m_permSet.GetMaxUsedIndex();
int minMax = thisMax < otherMax ? thisMax : otherMax;
if (this.IsUnrestricted() && minMax < otherMax)
{
minMax = otherMax;
this.CheckSet();
}
if (other.IsUnrestricted() && minMax < thisMax)
{
minMax = thisMax;
other.CheckSet();
}
PermissionSet pset = new PermissionSet( false );
if (minMax > -1)
{
pset.m_permSet = new TokenBasedSet();
}
for (int i = 0; i <= minMax; ++i)
{
Object thisObj = this.m_permSet.GetItem( i );
IPermission thisPerm = thisObj as IPermission;
Object otherObj = other.m_permSet.GetItem( i );
IPermission otherPerm = otherObj as IPermission;
if (thisObj == null && otherObj == null)
continue;
if (thisObj == null)
{
if (this.m_Unrestricted)
{
if (otherPerm != null)
{
PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i );
if ((token.m_type & PermissionTokenType.IUnrestricted) != 0)
{
pset.m_permSet.SetItem( i, otherPerm.Copy() );
Debug.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" );
}
}
}
}
else if (otherObj == null)
{
if (other.m_Unrestricted)
{
if (thisPerm != null)
{
PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i );
if ((token.m_type & PermissionTokenType.IUnrestricted) != 0)
{
pset.m_permSet.SetItem( i, thisPerm.Copy() );
Debug.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" );
}
}
}
}
else
{
IPermission intersectPerm;
if (thisPerm == null)
intersectPerm = otherPerm;
else if(otherPerm == null)
intersectPerm = thisPerm;
else
intersectPerm = thisPerm.Intersect( otherPerm );
pset.m_permSet.SetItem( i, intersectPerm );
Debug.Assert( intersectPerm == null || PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" );
}
}
pset.m_Unrestricted = this.m_Unrestricted && other.m_Unrestricted;
if (pset.FastIsEmpty())
return null;
else
return pset;
}
public PermissionSet Union(PermissionSet other)
{
if ((other == null) || other.FastIsEmpty())
{
return this.Copy();
}
if (this.FastIsEmpty())
{
return other.Copy();
}
int num = -1;
PermissionSet set = new PermissionSet {
m_Unrestricted = this.m_Unrestricted || other.m_Unrestricted
};
if (!set.m_Unrestricted)
{
this.CheckSet();
other.CheckSet();
num = (this.m_permSet.GetMaxUsedIndex() > other.m_permSet.GetMaxUsedIndex()) ? this.m_permSet.GetMaxUsedIndex() : other.m_permSet.GetMaxUsedIndex();
set.m_permSet = new TokenBasedSet();
for (int i = 0; i <= num; i++)
{
object item = this.m_permSet.GetItem(i);
IPermission permission = item as IPermission;
ISecurityElementFactory child = item as ISecurityElementFactory;
object obj3 = other.m_permSet.GetItem(i);
IPermission target = obj3 as IPermission;
ISecurityElementFactory factory2 = obj3 as ISecurityElementFactory;
if ((item != null) || (obj3 != null))
{
if ((child != null) && (factory2 != null))
{
SecurityElement element;
if (this.IsUnrestricted() || other.IsUnrestricted())
{
element = new SecurityElement("PermissionUnrestrictedUnion");
}
else
{
element = new SecurityElement("PermissionUnion");
}
element.AddAttribute("class", child.Attribute("class"));
SafeChildAdd(element, child, true);
SafeChildAdd(element, factory2, true);
set.m_permSet.SetItem(i, element);
}
else if (item == null)
{
if (factory2 != null)
{
set.m_permSet.SetItem(i, factory2.Copy());
}
else if (target != null)
{
PermissionToken token = (PermissionToken) PermissionToken.s_tokenSet.GetItem(i);
if (((token.m_type & PermissionTokenType.IUnrestricted) == 0) || !set.m_Unrestricted)
{
set.m_permSet.SetItem(i, target.Copy());
}
}
}
else if (obj3 == null)
{
if (child != null)
{
set.m_permSet.SetItem(i, child.Copy());
}
else if (permission != null)
{
PermissionToken token2 = (PermissionToken) PermissionToken.s_tokenSet.GetItem(i);
if (((token2.m_type & PermissionTokenType.IUnrestricted) == 0) || !set.m_Unrestricted)
{
set.m_permSet.SetItem(i, permission.Copy());
}
}
}
else
{
IPermission permission3;
if (child != null)
{
permission = this.CreatePermission(child, i);
}
if (factory2 != null)
{
target = other.CreatePermission(factory2, i);
}
if (permission == null)
{
permission3 = target;
}
else if (target == null)
{
permission3 = permission;
}
else
{
permission3 = permission.Union(target);
}
set.m_permSet.SetItem(i, permission3);
}
}
}
}
return set;
}
internal PermissionSet CodeGroupResolve(Evidence evidence, bool systemPolicy)
{
PermissionSet grant = null;
PolicyStatement policy;
PolicyLevel currentLevel = null;
IEnumerator levelEnumerator = PolicyLevels.GetEnumerator();
char[] serializedEvidence = MakeEvidenceArray(evidence, false);
int count = evidence.Count;
bool legacyIgnoreSystemPolicy = (AppDomain.CurrentDomain.GetData("IgnoreSystemPolicy") != null);
bool testApplicationLevels = false;
while (levelEnumerator.MoveNext())
{
currentLevel = (PolicyLevel)levelEnumerator.Current;
if (systemPolicy)
{
if (currentLevel.Type == PolicyLevelType.AppDomain)
{
continue;
}
}
else if (legacyIgnoreSystemPolicy && currentLevel.Type != PolicyLevelType.AppDomain)
{
continue;
}
policy = currentLevel.Resolve(evidence, count, serializedEvidence);
// If the grant is "AllPossible", the intersection is just the other permission set.
// Otherwise, do an inplace intersection (since we know we can alter the grant set since
// it is a copy of the first policy statement's permission set).
if (grant == null)
{
grant = policy.PermissionSet;
}
else
{
grant.InplaceIntersect(policy.GetPermissionSetNoCopy());
}
if (grant == null || grant.FastIsEmpty())
{
break;
}
else if ((policy.Attributes & PolicyStatementAttribute.LevelFinal) == PolicyStatementAttribute.LevelFinal)
{
if (currentLevel.Type != PolicyLevelType.AppDomain)
{
testApplicationLevels = true;
}
break;
}
}
if (grant != null && testApplicationLevels)
{
PolicyLevel appDomainLevel = null;
for (int i = PolicyLevels.Count - 1; i >= 0; --i)
{
currentLevel = (PolicyLevel)PolicyLevels[i];
if (currentLevel.Type == PolicyLevelType.AppDomain)
{
appDomainLevel = currentLevel;
break;
}
}
if (appDomainLevel != null)
{
policy = appDomainLevel.Resolve(evidence, count, serializedEvidence);
grant.InplaceIntersect(policy.GetPermissionSetNoCopy());
}
}
if (grant == null)
{
grant = new PermissionSet(PermissionState.None);
}
// Each piece of evidence can possibly create an identity permission that we
// need to add to our grant set. Therefore, for all pieces of evidence that
// implement the IIdentityPermissionFactory interface, ask it for its
// adjoining identity permission and add it to the grant.
if (!CodeAccessSecurityEngine.DoesFullTrustMeanFullTrust() || !grant.IsUnrestricted())
{
IEnumerator enumerator = evidence.GetHostEnumerator();
while (enumerator.MoveNext())
{
Object obj = enumerator.Current;
IIdentityPermissionFactory factory = obj as IIdentityPermissionFactory;
if (factory != null)
{
IPermission perm = factory.CreateIdentityPermission(evidence);
if (perm != null)
{
grant.AddPermission(perm);
}
}
}
}
grant.IgnoreTypeLoadFailures = true;
return(grant);
}
internal void InplaceUnion( PermissionSet other )
{
// Unions the "other" PermissionSet into this one. It can be optimized to do less copies than
// need be done by the traditional union (and we don't have to create a new PermissionSet).
if (this == other)
return;
// Quick out conditions, union doesn't change this PermissionSet
if (other == null || other.FastIsEmpty())
return;
m_CheckedForNonCas = false;
this.m_Unrestricted = this.m_Unrestricted || other.m_Unrestricted;
if (this.m_Unrestricted)
{
// if the result of Union is unrestricted permset, null the m_permSet member
this.m_permSet = null;
return;
}
// If we reach here, result of Union is not unrestricted
// We have to union "normal" permission no matter what now.
int maxMax = -1;
if (other.m_permSet != null)
{
maxMax = other.m_permSet.GetMaxUsedIndex();
this.CheckSet();
}
// Save exceptions until the end
Exception savedException = null;
for (int i = 0; i <= maxMax; ++i)
{
Object thisObj = this.m_permSet.GetItem( i );
IPermission thisPerm = thisObj as IPermission;
#if FEATURE_CAS_POLICY
ISecurityElementFactory thisElem = thisObj as ISecurityElementFactory;
#endif // FEATURE_CAS_POLICY
Object otherObj = other.m_permSet.GetItem( i );
IPermission otherPerm = otherObj as IPermission;
#if FEATURE_CAS_POLICY
ISecurityElementFactory otherElem = otherObj as ISecurityElementFactory;
#endif // FEATURE_CAS_POLICY
if (thisObj == null && otherObj == null)
continue;
#if FEATURE_CAS_POLICY
if (thisElem != null && otherElem != null)
{
if (thisElem.GetTag().Equals( s_str_PermissionUnion ) ||
thisElem.GetTag().Equals( s_str_PermissionUnrestrictedUnion ))
{
Contract.Assert( thisElem is SecurityElement, "SecurityElement expected" );
SafeChildAdd( (SecurityElement)thisElem, otherElem, true );
}
else
{
SecurityElement newElem;
if (this.IsUnrestricted() || other.IsUnrestricted())
newElem = new SecurityElement( s_str_PermissionUnrestrictedUnion );
else
newElem = new SecurityElement( s_str_PermissionUnion );
newElem.AddAttribute( "class", thisElem.Attribute( "class" ) );
SafeChildAdd( newElem, thisElem, false );
SafeChildAdd( newElem, otherElem, true );
this.m_permSet.SetItem( i, newElem );
}
}
else
#endif // FEATURE_CAS_POLICY
if (thisObj == null)
{
#if FEATURE_CAS_POLICY
if (otherElem != null)
{
this.m_permSet.SetItem( i, otherElem.Copy() );
}
else
#endif // FEATURE_CAS_POLICY
if (otherPerm != null)
{
PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i );
if (((token.m_type & PermissionTokenType.IUnrestricted) == 0) || !this.m_Unrestricted)
{
this.m_permSet.SetItem( i, otherPerm.Copy() );
}
}
}
else if (otherObj == null)
{
continue;
}
else
{
#if FEATURE_CAS_POLICY
if (thisElem != null)
thisPerm = this.CreatePermission(thisElem, i);
if (otherElem != null)
otherPerm = other.CreatePermission(otherElem, i);
#endif // FEATURE_CAS_POLICY
try
{
IPermission unionPerm;
if(thisPerm == null)
unionPerm = otherPerm;
else if(otherPerm == null)
unionPerm = thisPerm;
else
unionPerm = thisPerm.Union( otherPerm );
this.m_permSet.SetItem( i, unionPerm );
}
catch (Exception e)
{
if (savedException == null)
savedException = e;
}
}
}
if (savedException != null)
throw savedException;
}
internal void InplaceIntersect(PermissionSet other)
{
Exception exception = null;
this.m_CheckedForNonCas = false;
if (this != other)
{
if ((other == null) || other.FastIsEmpty())
{
this.Reset();
}
else if (!this.FastIsEmpty())
{
int num = (this.m_permSet == null) ? -1 : this.m_permSet.GetMaxUsedIndex();
int num2 = (other.m_permSet == null) ? -1 : other.m_permSet.GetMaxUsedIndex();
if (this.IsUnrestricted() && (num < num2))
{
num = num2;
this.CheckSet();
}
if (other.IsUnrestricted())
{
other.CheckSet();
}
for (int i = 0; i <= num; i++)
{
object item = this.m_permSet.GetItem(i);
IPermission permission = item as IPermission;
ISecurityElementFactory child = item as ISecurityElementFactory;
object obj3 = other.m_permSet.GetItem(i);
IPermission target = obj3 as IPermission;
ISecurityElementFactory factory2 = obj3 as ISecurityElementFactory;
if ((item != null) || (obj3 != null))
{
if ((child != null) && (factory2 != null))
{
if (child.GetTag().Equals("PermissionIntersection") || child.GetTag().Equals("PermissionUnrestrictedIntersection"))
{
SafeChildAdd((SecurityElement) child, factory2, true);
}
else
{
bool copy = true;
if (this.IsUnrestricted())
{
SecurityElement element = new SecurityElement("PermissionUnrestrictedUnion");
element.AddAttribute("class", child.Attribute("class"));
SafeChildAdd(element, child, false);
child = element;
}
if (other.IsUnrestricted())
{
SecurityElement element2 = new SecurityElement("PermissionUnrestrictedUnion");
element2.AddAttribute("class", factory2.Attribute("class"));
SafeChildAdd(element2, factory2, true);
factory2 = element2;
copy = false;
}
SecurityElement parent = new SecurityElement("PermissionIntersection");
parent.AddAttribute("class", child.Attribute("class"));
SafeChildAdd(parent, child, false);
SafeChildAdd(parent, factory2, copy);
this.m_permSet.SetItem(i, parent);
}
}
else if (item == null)
{
if (this.IsUnrestricted())
{
if (factory2 != null)
{
SecurityElement element4 = new SecurityElement("PermissionUnrestrictedIntersection");
element4.AddAttribute("class", factory2.Attribute("class"));
SafeChildAdd(element4, factory2, true);
this.m_permSet.SetItem(i, element4);
}
else
{
PermissionToken token = (PermissionToken) PermissionToken.s_tokenSet.GetItem(i);
if ((token.m_type & PermissionTokenType.IUnrestricted) != 0)
{
this.m_permSet.SetItem(i, target.Copy());
}
}
}
}
else if (obj3 == null)
{
if (other.IsUnrestricted())
{
if (child != null)
{
SecurityElement element5 = new SecurityElement("PermissionUnrestrictedIntersection");
element5.AddAttribute("class", child.Attribute("class"));
SafeChildAdd(element5, child, false);
this.m_permSet.SetItem(i, element5);
}
else
{
PermissionToken token2 = (PermissionToken) PermissionToken.s_tokenSet.GetItem(i);
if ((token2.m_type & PermissionTokenType.IUnrestricted) == 0)
{
this.m_permSet.SetItem(i, null);
}
}
}
else
{
this.m_permSet.SetItem(i, null);
}
}
else
{
if (child != null)
{
permission = this.CreatePermission(child, i);
}
if (factory2 != null)
{
target = other.CreatePermission(factory2, i);
}
try
{
IPermission permission3;
if (permission == null)
{
permission3 = target;
}
else if (target == null)
{
permission3 = permission;
}
else
{
permission3 = permission.Intersect(target);
}
this.m_permSet.SetItem(i, permission3);
}
catch (Exception exception2)
{
if (exception == null)
{
exception = exception2;
}
}
}
}
}
this.m_Unrestricted = this.m_Unrestricted && other.m_Unrestricted;
if (exception != null)
{
throw exception;
}
}
}
}
// Treating the current permission set as a grant set, and the input set as
// a set of permissions to be denied, try to cancel out as many permissions
// from both sets as possible. For a first cut, any granted permission that
// is a safe subset of the corresponding denied permission can result in
// that permission being removed from both sides.
internal void MergeDeniedSet(PermissionSet denied)
{
if (denied == null || denied.FastIsEmpty() || this.FastIsEmpty())
return;
m_CheckedForNonCas = false;
// Check for the unrestricted case: FastIsEmpty() will return false if the PSet is unrestricted, but has no items
if (this.m_permSet == null || denied.m_permSet == null)
return; //nothing can be removed
int maxIndex = denied.m_permSet.GetMaxUsedIndex() > this.m_permSet.GetMaxUsedIndex() ? this.m_permSet.GetMaxUsedIndex() : denied.m_permSet.GetMaxUsedIndex();
for (int i = 0; i <= maxIndex; ++i) {
IPermission deniedPerm = denied.m_permSet.GetItem(i) as IPermission;
if (deniedPerm == null)
continue;
IPermission thisPerm = this.m_permSet.GetItem(i) as IPermission;
if (thisPerm == null && !this.m_Unrestricted) {
denied.m_permSet.SetItem(i, null);
continue;
}
if (thisPerm != null && deniedPerm != null) {
if (thisPerm.IsSubsetOf(deniedPerm)) {
this.m_permSet.SetItem(i, null);
denied.m_permSet.SetItem(i, null);
}
}
}
}
internal void InplaceUnion(PermissionSet other)
{
if ((this != other) && ((other != null) && !other.FastIsEmpty()))
{
this.m_CheckedForNonCas = false;
this.m_Unrestricted = this.m_Unrestricted || other.m_Unrestricted;
if (this.m_Unrestricted)
{
this.m_permSet = null;
}
else
{
int maxUsedIndex = -1;
if (other.m_permSet != null)
{
maxUsedIndex = other.m_permSet.GetMaxUsedIndex();
this.CheckSet();
}
Exception exception = null;
for (int i = 0; i <= maxUsedIndex; i++)
{
object item = this.m_permSet.GetItem(i);
IPermission permission = item as IPermission;
ISecurityElementFactory child = item as ISecurityElementFactory;
object obj3 = other.m_permSet.GetItem(i);
IPermission target = obj3 as IPermission;
ISecurityElementFactory factory2 = obj3 as ISecurityElementFactory;
if ((item != null) || (obj3 != null))
{
if ((child != null) && (factory2 != null))
{
if (child.GetTag().Equals("PermissionUnion") || child.GetTag().Equals("PermissionUnrestrictedUnion"))
{
SafeChildAdd((SecurityElement) child, factory2, true);
}
else
{
SecurityElement element;
if (this.IsUnrestricted() || other.IsUnrestricted())
{
element = new SecurityElement("PermissionUnrestrictedUnion");
}
else
{
element = new SecurityElement("PermissionUnion");
}
element.AddAttribute("class", child.Attribute("class"));
SafeChildAdd(element, child, false);
SafeChildAdd(element, factory2, true);
this.m_permSet.SetItem(i, element);
}
}
else if (item == null)
{
if (factory2 != null)
{
this.m_permSet.SetItem(i, factory2.Copy());
}
else if (target != null)
{
PermissionToken token = (PermissionToken) PermissionToken.s_tokenSet.GetItem(i);
if (((token.m_type & PermissionTokenType.IUnrestricted) == 0) || !this.m_Unrestricted)
{
this.m_permSet.SetItem(i, target.Copy());
}
}
}
else if (obj3 != null)
{
if (child != null)
{
permission = this.CreatePermission(child, i);
}
if (factory2 != null)
{
target = other.CreatePermission(factory2, i);
}
try
{
IPermission permission3;
if (permission == null)
{
permission3 = target;
}
else if (target == null)
{
permission3 = permission;
}
else
{
permission3 = permission.Union(target);
}
this.m_permSet.SetItem(i, permission3);
}
catch (Exception exception2)
{
if (exception == null)
{
exception = exception2;
}
}
}
}
}
if (exception != null)
{
throw exception;
}
}
}
}
internal bool CheckDeny(PermissionSet deniedSet, out IPermission firstPermThatFailed)
{
firstPermThatFailed = null;
if (deniedSet == null || deniedSet.FastIsEmpty() || this.FastIsEmpty())
return true;
if(this.m_Unrestricted && deniedSet.m_Unrestricted)
return false;
CodeAccessPermission permThis, permThat;
PermissionSetEnumeratorInternal enumThis = new PermissionSetEnumeratorInternal(this);
while (enumThis.MoveNext())
{
permThis = enumThis.Current as CodeAccessPermission;
if(permThis == null || permThis.IsSubsetOf(null))
continue; // ignore non-CAS permissions in the grant set.
if (deniedSet.m_Unrestricted)
{
firstPermThatFailed = permThis;
return false;
}
permThat = (CodeAccessPermission)deniedSet.GetPermission(enumThis.GetCurrentIndex());
if (!permThis.CheckDeny(permThat))
{
firstPermThatFailed = permThis;
return false;
}
}
if(this.m_Unrestricted)
{
PermissionSetEnumeratorInternal enumThat = new PermissionSetEnumeratorInternal(deniedSet);
while (enumThat.MoveNext())
{
if(enumThat.Current is IPermission)
return false;
}
}
return true;
}
public PermissionSet Intersect(PermissionSet other)
{
if (((other == null) || other.FastIsEmpty()) || this.FastIsEmpty())
{
return null;
}
int num = (this.m_permSet == null) ? -1 : this.m_permSet.GetMaxUsedIndex();
int num2 = (other.m_permSet == null) ? -1 : other.m_permSet.GetMaxUsedIndex();
int num3 = (num < num2) ? num : num2;
if (this.IsUnrestricted() && (num3 < num2))
{
num3 = num2;
this.CheckSet();
}
if (other.IsUnrestricted() && (num3 < num))
{
num3 = num;
other.CheckSet();
}
PermissionSet set = new PermissionSet(false);
if (num3 > -1)
{
set.m_permSet = new TokenBasedSet();
}
for (int i = 0; i <= num3; i++)
{
object item = this.m_permSet.GetItem(i);
IPermission permission = item as IPermission;
ISecurityElementFactory child = item as ISecurityElementFactory;
object obj3 = other.m_permSet.GetItem(i);
IPermission target = obj3 as IPermission;
ISecurityElementFactory factory2 = obj3 as ISecurityElementFactory;
if ((item != null) || (obj3 != null))
{
if ((child != null) && (factory2 != null))
{
bool copy = true;
bool flag2 = true;
SecurityElement parent = new SecurityElement("PermissionIntersection");
parent.AddAttribute("class", factory2.Attribute("class"));
if (this.IsUnrestricted())
{
SecurityElement element2 = new SecurityElement("PermissionUnrestrictedUnion");
element2.AddAttribute("class", child.Attribute("class"));
SafeChildAdd(element2, child, true);
flag2 = false;
child = element2;
}
if (other.IsUnrestricted())
{
SecurityElement element3 = new SecurityElement("PermissionUnrestrictedUnion");
element3.AddAttribute("class", factory2.Attribute("class"));
SafeChildAdd(element3, factory2, true);
copy = false;
factory2 = element3;
}
SafeChildAdd(parent, factory2, copy);
SafeChildAdd(parent, child, flag2);
set.m_permSet.SetItem(i, parent);
}
else if (item == null)
{
if (this.m_Unrestricted)
{
if (factory2 != null)
{
SecurityElement element4 = new SecurityElement("PermissionUnrestrictedIntersection");
element4.AddAttribute("class", factory2.Attribute("class"));
SafeChildAdd(element4, factory2, true);
set.m_permSet.SetItem(i, element4);
}
else if (target != null)
{
PermissionToken token = (PermissionToken) PermissionToken.s_tokenSet.GetItem(i);
if ((token.m_type & PermissionTokenType.IUnrestricted) != 0)
{
set.m_permSet.SetItem(i, target.Copy());
}
}
}
}
else if (obj3 == null)
{
if (other.m_Unrestricted)
{
if (child != null)
{
SecurityElement element5 = new SecurityElement("PermissionUnrestrictedIntersection");
element5.AddAttribute("class", child.Attribute("class"));
SafeChildAdd(element5, child, true);
set.m_permSet.SetItem(i, element5);
}
else if (permission != null)
{
PermissionToken token2 = (PermissionToken) PermissionToken.s_tokenSet.GetItem(i);
if ((token2.m_type & PermissionTokenType.IUnrestricted) != 0)
{
set.m_permSet.SetItem(i, permission.Copy());
}
}
}
}
else
{
IPermission permission3;
if (child != null)
{
permission = this.CreatePermission(child, i);
}
if (factory2 != null)
{
target = other.CreatePermission(factory2, i);
}
if (permission == null)
{
permission3 = target;
}
else if (target == null)
{
permission3 = permission;
}
else
{
permission3 = permission.Intersect(target);
}
set.m_permSet.SetItem(i, permission3);
}
}
}
set.m_Unrestricted = this.m_Unrestricted && other.m_Unrestricted;
if (set.FastIsEmpty())
{
return null;
}
return set;
}
public PermissionSet Intersect(PermissionSet other)
{
if (other == null || other.FastIsEmpty() || this.FastIsEmpty())
{
return null;
}
int thisMax = this.m_permSet == null ? -1 : this.m_permSet.GetMaxUsedIndex();
int otherMax = other.m_permSet == null ? -1 : other.m_permSet.GetMaxUsedIndex();
int minMax = thisMax < otherMax ? thisMax : otherMax;
if (this.IsUnrestricted() && minMax < otherMax)
{
minMax = otherMax;
this.CheckSet();
}
if (other.IsUnrestricted() && minMax < thisMax)
{
minMax = thisMax;
other.CheckSet();
}
PermissionSet pset = new PermissionSet( false );
if (minMax > -1)
{
pset.m_permSet = new TokenBasedSet();
}
for (int i = 0; i <= minMax; ++i)
{
Object thisObj = this.m_permSet.GetItem( i );
IPermission thisPerm = thisObj as IPermission;
#if FEATURE_CAS_POLICY
ISecurityElementFactory thisElem = thisObj as ISecurityElementFactory;
#endif // FEATURE_CAS_POLICY
Object otherObj = other.m_permSet.GetItem( i );
IPermission otherPerm = otherObj as IPermission;
#if FEATURE_CAS_POLICY
ISecurityElementFactory otherElem = otherObj as ISecurityElementFactory;
#endif // FEATURE_CAS_POLICY
if (thisObj == null && otherObj == null)
continue;
#if FEATURE_CAS_POLICY
if (thisElem != null && otherElem != null)
{
bool copyOther = true;
bool copyThis = true;
SecurityElement newElem = new SecurityElement( s_str_PermissionIntersection );
newElem.AddAttribute( "class", otherElem.Attribute( "class" ) );
if (this.IsUnrestricted())
{
SecurityElement newElemUU = new SecurityElement( s_str_PermissionUnrestrictedUnion );
newElemUU.AddAttribute( "class", thisElem.Attribute( "class" ) );
SafeChildAdd( newElemUU, thisElem, true );
copyThis = false;
thisElem = newElemUU;
}
if (other.IsUnrestricted())
{
SecurityElement newElemUU = new SecurityElement( s_str_PermissionUnrestrictedUnion );
newElemUU.AddAttribute( "class", otherElem.Attribute( "class" ) );
SafeChildAdd( newElemUU, otherElem, true );
copyOther = false;
otherElem = newElemUU;
}
SafeChildAdd( newElem, otherElem, copyOther );
SafeChildAdd( newElem, thisElem, copyThis );
pset.m_permSet.SetItem( i, newElem );
}
else
#endif // FEATURE_CAS_POLICY
if (thisObj == null)
{
if (this.m_Unrestricted)
{
#if FEATURE_CAS_POLICY
if (otherElem != null)
{
SecurityElement newElem = new SecurityElement( s_str_PermissionUnrestrictedIntersection );
newElem.AddAttribute( "class", otherElem.Attribute( "class" ) );
SafeChildAdd( newElem, otherElem, true );
pset.m_permSet.SetItem( i, newElem );
Contract.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" );
}
else
#endif // FEATURE_CAS_POLICY
if (otherPerm != null)
{
PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i );
if ((token.m_type & PermissionTokenType.IUnrestricted) != 0)
{
pset.m_permSet.SetItem( i, otherPerm.Copy() );
Contract.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" );
}
}
}
}
else if (otherObj == null)
{
if (other.m_Unrestricted)
{
#if FEATURE_CAS_POLICY
if (thisElem != null)
{
SecurityElement newElem = new SecurityElement( s_str_PermissionUnrestrictedIntersection );
newElem.AddAttribute( "class", thisElem.Attribute( "class" ) );
SafeChildAdd( newElem, thisElem, true );
pset.m_permSet.SetItem( i, newElem );
Contract.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" );
}
else
#endif // FEATURE_CAS_POLICY
if (thisPerm != null)
{
PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i );
if ((token.m_type & PermissionTokenType.IUnrestricted) != 0)
{
pset.m_permSet.SetItem( i, thisPerm.Copy() );
Contract.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" );
}
}
}
}
else
{
#if FEATURE_CAS_POLICY
if (thisElem != null)
thisPerm = this.CreatePermission(thisElem, i);
if (otherElem != null)
otherPerm = other.CreatePermission(otherElem, i);
#endif // FEATURE_CAS_POLICY
IPermission intersectPerm;
if (thisPerm == null)
intersectPerm = otherPerm;
else if(otherPerm == null)
intersectPerm = thisPerm;
else
intersectPerm = thisPerm.Intersect( otherPerm );
pset.m_permSet.SetItem( i, intersectPerm );
Contract.Assert( intersectPerm == null || PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" );
}
}
pset.m_Unrestricted = this.m_Unrestricted && other.m_Unrestricted;
if (pset.FastIsEmpty())
return null;
else
return pset;
}
internal PermissionSet CodeGroupResolve(Evidence evidence, bool systemPolicy)
{
PermissionSet permissionSet = (PermissionSet)null;
IEnumerator enumerator = this.PolicyLevels.GetEnumerator();
evidence.GetHostEvidence <Zone>();
evidence.GetHostEvidence <StrongName>();
evidence.GetHostEvidence <Url>();
byte[] serializedEvidence = evidence.RawSerialize();
int rawCount = evidence.RawCount;
bool flag1 = AppDomain.CurrentDomain.GetData("IgnoreSystemPolicy") != null;
bool flag2 = false;
while (enumerator.MoveNext())
{
PolicyLevel policyLevel = (PolicyLevel)enumerator.Current;
if (systemPolicy)
{
if (policyLevel.Type == PolicyLevelType.AppDomain)
{
continue;
}
}
else if (flag1 && policyLevel.Type != PolicyLevelType.AppDomain)
{
continue;
}
PolicyStatement policyStatement = policyLevel.Resolve(evidence, rawCount, serializedEvidence);
if (permissionSet == null)
{
permissionSet = policyStatement.PermissionSet;
}
else
{
permissionSet.InplaceIntersect(policyStatement.GetPermissionSetNoCopy());
}
if (permissionSet != null && !permissionSet.FastIsEmpty())
{
if ((policyStatement.Attributes & PolicyStatementAttribute.LevelFinal) == PolicyStatementAttribute.LevelFinal)
{
if (policyLevel.Type != PolicyLevelType.AppDomain)
{
flag2 = true;
break;
}
break;
}
}
else
{
break;
}
}
if (permissionSet != null & flag2)
{
PolicyLevel policyLevel1 = (PolicyLevel)null;
for (int index = this.PolicyLevels.Count - 1; index >= 0; --index)
{
PolicyLevel policyLevel2 = (PolicyLevel)this.PolicyLevels[index];
if (policyLevel2.Type == PolicyLevelType.AppDomain)
{
policyLevel1 = policyLevel2;
break;
}
}
if (policyLevel1 != null)
{
PolicyStatement policyStatement = policyLevel1.Resolve(evidence, rawCount, serializedEvidence);
permissionSet.InplaceIntersect(policyStatement.GetPermissionSetNoCopy());
}
}
if (permissionSet == null)
{
permissionSet = new PermissionSet(PermissionState.None);
}
if (!permissionSet.IsUnrestricted())
{
IEnumerator hostEnumerator = evidence.GetHostEnumerator();
while (hostEnumerator.MoveNext())
{
IIdentityPermissionFactory permissionFactory = hostEnumerator.Current as IIdentityPermissionFactory;
if (permissionFactory != null)
{
IPermission identityPermission = permissionFactory.CreateIdentityPermission(evidence);
if (identityPermission != null)
{
permissionSet.AddPermission(identityPermission);
}
}
}
}
permissionSet.IgnoreTypeLoadFailures = true;
return(permissionSet);
}
