|
public GetPermission ( |
||
| permClass | ||
| return | IPermission | |
internal static void GetZoneAndOriginHelper(PermissionSet grantSet, PermissionSet deniedSet, ArrayList zoneList, ArrayList originList)
{
ZoneIdentityPermission zone = (ZoneIdentityPermission)grantSet.GetPermission(typeof(ZoneIdentityPermission));
UrlIdentityPermission url = (UrlIdentityPermission)grantSet.GetPermission(typeof(UrlIdentityPermission));
if (zone != null)
{
zoneList.Add(zone.SecurityZone);
}
if (url != null)
{
originList.Add(url.Url);
}
}
// note: in 2.0 *all* permissions (including identity permissions) support unrestricted
internal static bool IsGranted(Assembly a, IPermission perm)
{
PermissionSet granted = a.GrantedPermissionSet;
if ((granted != null) && !granted.IsUnrestricted())
{
CodeAccessPermission grant = (CodeAccessPermission)granted.GetPermission(perm.GetType());
if (!perm.IsSubsetOf(grant))
{
return(false);
}
}
PermissionSet denied = a.DeniedPermissionSet;
if ((denied != null) && !denied.IsEmpty())
{
if (denied.IsUnrestricted())
{
return(false);
}
CodeAccessPermission refuse = (CodeAccessPermission)a.DeniedPermissionSet.GetPermission(perm.GetType());
if ((refuse != null) && perm.IsSubsetOf(refuse))
{
return(false);
}
}
return(true);
}
internal static bool IsGranted(Assembly a, IPermission perm)
{
PermissionSet grantedPermissionSet = a.GrantedPermissionSet;
if (grantedPermissionSet != null && !grantedPermissionSet.IsUnrestricted())
{
CodeAccessPermission target = (CodeAccessPermission)grantedPermissionSet.GetPermission(perm.GetType());
if (!perm.IsSubsetOf(target))
{
return(false);
}
}
PermissionSet deniedPermissionSet = a.DeniedPermissionSet;
if (deniedPermissionSet != null && !deniedPermissionSet.IsEmpty())
{
if (deniedPermissionSet.IsUnrestricted())
{
return(false);
}
CodeAccessPermission codeAccessPermission = (CodeAccessPermission)a.DeniedPermissionSet.GetPermission(perm.GetType());
if (codeAccessPermission != null && perm.IsSubsetOf(codeAccessPermission))
{
return(false);
}
}
return(true);
}
// Determine if this permission set is a subset of another.
public virtual bool IsSubsetOf(PermissionSet target)
{
// Handle the simple cases first.
if (target == null)
{
return(false);
}
else if (target.IsUnrestricted())
{
return(true);
}
else if (IsUnrestricted())
{
return(false);
}
// Scan the source permission set and check subset conditions.
IPermission other;
foreach (IPermission perm in permissions)
{
other = target.GetPermission(perm.GetType());
if (other == null || !perm.IsSubsetOf(other))
{
return(false);
}
}
return(true);
}
/// <summary>Determines what permissions to grant to code based on the specified evidence and requests.</summary>
/// <returns>The set of permissions that would be granted by the security system.</returns>
/// <param name="evidence">The evidence set used to evaluate policy. </param>
/// <param name="reqdPset">The required permissions the code needs to run. </param>
/// <param name="optPset">The optional permissions that will be used if granted, but aren't required for the code to run. </param>
/// <param name="denyPset">The denied permissions that must never be granted to the code even if policy otherwise permits it. </param>
/// <param name="denied">An output parameter that contains the set of permissions not granted. </param>
/// <exception cref="T:System.Security.Policy.PolicyException">Policy fails to grant the minimum required permissions specified by the <paramref name="reqdPset" /> parameter. </exception>
/// <PermissionSet>
/// <IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="ControlEvidence" />
/// </PermissionSet>
public static PermissionSet ResolvePolicy(Evidence evidence, PermissionSet reqdPset, PermissionSet optPset, PermissionSet denyPset, out PermissionSet denied)
{
PermissionSet permissionSet = SecurityManager.ResolvePolicy(evidence);
if (reqdPset != null && !reqdPset.IsSubsetOf(permissionSet))
{
throw new PolicyException(Locale.GetText("Policy doesn't grant the minimal permissions required to execute the assembly."));
}
if (SecurityManager.CheckExecutionRights)
{
bool flag = false;
if (permissionSet != null)
{
if (permissionSet.IsUnrestricted())
{
flag = true;
}
else
{
IPermission permission = permissionSet.GetPermission(typeof(SecurityPermission));
flag = SecurityManager._execution.IsSubsetOf(permission);
}
}
if (!flag)
{
throw new PolicyException(Locale.GetText("Policy doesn't grant the right to execute the assembly."));
}
}
denied = denyPset;
return(permissionSet);
}
internal static IPermission CheckPermissionSet(AppDomain ad, PermissionSet ps)
{
if ((ps == null) || ps.IsEmpty())
{
return(null);
}
PermissionSet granted = ad.GrantedPermissionSet;
if (granted == null)
{
return(null);
}
if (granted.IsUnrestricted())
{
return(null);
}
if (ps.IsUnrestricted())
{
return(new SecurityPermission(SecurityPermissionFlag.NoFlags));
}
foreach (IPermission p in ps)
{
if (p is CodeAccessPermission)
{
CodeAccessPermission grant = (CodeAccessPermission)granted.GetPermission(p.GetType());
if (grant == null)
{
if (!granted.IsUnrestricted() || !(p is IUnrestrictedPermission))
{
if (!p.IsSubsetOf(null))
{
return(p);
}
}
}
else if (!p.IsSubsetOf(grant))
{
return(p);
}
}
else
{
// but non-CAS will throw on failure...
try
{
p.Demand();
}
catch (SecurityException)
{
// ... so we catch
return(p);
}
}
}
return(null);
}
internal void UpdateGrant(PermissionSet in_g, out ZoneIdentityPermission z, out UrlIdentityPermission u)
{
z = null;
u = null;
if (in_g != null)
{
if (this.GrantSet == null)
{
this.GrantSet = in_g.Copy();
}
else
{
this.GrantSet.InplaceIntersect(in_g);
}
z = (ZoneIdentityPermission)in_g.GetPermission(this.ZoneToken);
u = (UrlIdentityPermission)in_g.GetPermission(this.UrlToken);
}
}
internal static void GetZoneAndOriginHelper(CompressedStack cs, PermissionSet grantSet, PermissionSet refusedSet, ArrayList zoneList, ArrayList originList)
{
if (cs != null)
{
cs.GetZoneAndOrigin(zoneList, originList, PermissionToken.GetToken(typeof(ZoneIdentityPermission)), PermissionToken.GetToken(typeof(UrlIdentityPermission)));
return;
}
ZoneIdentityPermission zoneIdentityPermission = (ZoneIdentityPermission)grantSet.GetPermission(typeof(ZoneIdentityPermission));
UrlIdentityPermission urlIdentityPermission = (UrlIdentityPermission)grantSet.GetPermission(typeof(UrlIdentityPermission));
if (zoneIdentityPermission != null)
{
zoneList.Add(zoneIdentityPermission.SecurityZone);
}
if (urlIdentityPermission != null)
{
originList.Add(urlIdentityPermission.Url);
}
}
internal static void GetZoneAndOriginHelper(CompressedStack cs, PermissionSet grantSet, PermissionSet refusedSet, ArrayList zoneList, ArrayList originList)
{
if (cs != null)
{
cs.GetZoneAndOrigin(zoneList, originList, PermissionToken.GetToken(typeof(ZoneIdentityPermission)), PermissionToken.GetToken(typeof(UrlIdentityPermission)));
}
else
{
ZoneIdentityPermission identityPermission1 = (ZoneIdentityPermission)grantSet.GetPermission(typeof(ZoneIdentityPermission));
UrlIdentityPermission identityPermission2 = (UrlIdentityPermission)grantSet.GetPermission(typeof(UrlIdentityPermission));
if (identityPermission1 != null)
{
zoneList.Add((object)identityPermission1.SecurityZone);
}
if (identityPermission2 == null)
{
return;
}
originList.Add((object)identityPermission2.Url);
}
}
public bool IsSubsetOf(PermissionSet target)
{
// if target is empty we must be empty too
if ((target == null) || (target.IsEmpty()))
{
return(this.IsEmpty());
}
// all permissions support unrestricted in 2.0
if (target.IsUnrestricted())
{
return(true);
}
if (this.IsUnrestricted())
{
return(false);
}
if (this.IsUnrestricted() && ((target == null) || !target.IsUnrestricted()))
{
return(false);
}
// if each of our permission is (a) present and (b) a subset of target
foreach (IPermission p in list)
{
// non CAS permissions must be evaluated for unrestricted
Type t = p.GetType();
IPermission i = null;
if (target.IsUnrestricted() && (p is CodeAccessPermission) && (p is IUnrestrictedPermission))
{
i = (IPermission)Activator.CreateInstance(t, psUnrestricted);
}
else
{
i = target.GetPermission(t);
}
if (!p.IsSubsetOf(i))
{
return(false); // not a subset (condition b)
}
}
return(true);
}
private static bool CheckAssert(PermissionSet pSet, CodeAccessPermission demand, PermissionToken permToken)
{
if (pSet != null)
{
pSet.CheckDecoded(demand, permToken);
CodeAccessPermission asserted = (CodeAccessPermission)pSet.GetPermission(demand);
try
{
if (pSet.IsUnrestricted() || demand.CheckAssert(asserted))
{
return(false);
}
}
catch (ArgumentException)
{
}
}
return(true);
}
internal void InternalIntersect(PermissionSet intersect, PermissionSet a, PermissionSet b, bool unrestricted)
{
foreach (IPermission p in b.list)
{
// for every type in both list
IPermission i = a.GetPermission(p.GetType());
if (i != null)
{
// add intersection for this type
intersect.AddPermission(p.Intersect(i));
}
// unrestricted is possible for indentity permissions
else if (unrestricted)
{
intersect.AddPermission(p);
}
// or reject!
}
}
private static bool CheckAssert(PermissionSet pSet, CodeAccessPermission demand, PermissionToken permToken)
{
if (pSet != null)
{
pSet.CheckDecoded(demand, permToken);
CodeAccessPermission asserted = (CodeAccessPermission) pSet.GetPermission(demand);
try
{
if (pSet.IsUnrestricted() || demand.CheckAssert(asserted))
{
return false;
}
}
catch (ArgumentException)
{
}
}
return true;
}
public virtual bool IsSubsetOf(PermissionSet target)
{
#endif
if (this.IsUnrestricted() && ((target == null) || !target.IsUnrestricted()))
{
return(false);
}
// if each of our permission is (a) present and (b) a subset of target
foreach (IPermission p in list)
{
#if !NET_2_0
if (target == null)
{
if (!p.IsSubsetOf(null))
{
return(false);
}
}
else
#endif
{
// non CAS permissions must be evaluated for unrestricted
Type t = p.GetType();
IPermission i = null;
if (target.IsUnrestricted() && (p is CodeAccessPermission) && (p is IUnrestrictedPermission))
{
i = (IPermission)Activator.CreateInstance(t, psUnrestricted);
}
else
{
i = target.GetPermission(t);
}
if (!p.IsSubsetOf(i))
{
return(false); // not a subset (condition b)
}
}
}
return(true);
}
public static PermissionSet ResolvePolicy(Evidence evidence, PermissionSet reqdPset, PermissionSet optPset, PermissionSet denyPset, out PermissionSet denied)
{
PermissionSet resolved = ResolvePolicy(evidence);
// do we have the minimal permission requested by the assembly ?
if ((reqdPset != null) && !reqdPset.IsSubsetOf(resolved))
{
throw new PolicyException(Locale.GetText(
"Policy doesn't grant the minimal permissions required to execute the assembly."));
}
// do we check for execution rights ?
if (CheckExecutionRights)
{
bool execute = false;
// an empty permissionset doesn't include Execution
if (resolved != null)
{
// unless we have "Full Trust"...
if (resolved.IsUnrestricted())
{
execute = true;
}
else
{
// ... we need to find a SecurityPermission
IPermission security = resolved.GetPermission(typeof(SecurityPermission));
execute = _execution.IsSubsetOf(security);
}
}
if (!execute)
{
throw new PolicyException(Locale.GetText(
"Policy doesn't grant the right to execute the assembly."));
}
}
denied = denyPset;
return(resolved);
}
static bool CheckAssert(PermissionSet pSet, CodeAccessPermission demand, PermissionToken permToken)
{
if (pSet != null)
{
pSet.CheckDecoded(demand, permToken);
CodeAccessPermission perm = (CodeAccessPermission)pSet.GetPermission(demand);
// If the assert set does contain the demanded permission, halt the stackwalk
try
{
if (pSet.IsUnrestricted() || demand.CheckAssert(perm))
{
return(SecurityRuntime.StackHalt);
}
}
catch (ArgumentException)
{
}
}
return(SecurityRuntime.StackContinue);
}
internal static IPermission CheckPermissionSet(AppDomain ad, PermissionSet ps)
{
if (ps == null || ps.IsEmpty())
{
return(null);
}
PermissionSet grantedPermissionSet = ad.GrantedPermissionSet;
if (grantedPermissionSet == null)
{
return(null);
}
if (grantedPermissionSet.IsUnrestricted())
{
return(null);
}
if (ps.IsUnrestricted())
{
return(new SecurityPermission(SecurityPermissionFlag.NoFlags));
}
foreach (object obj in ps)
{
IPermission permission = (IPermission)obj;
if (permission is CodeAccessPermission)
{
CodeAccessPermission codeAccessPermission = (CodeAccessPermission)grantedPermissionSet.GetPermission(permission.GetType());
if (codeAccessPermission == null)
{
if ((!grantedPermissionSet.IsUnrestricted() || !(permission is IUnrestrictedPermission)) && !permission.IsSubsetOf(null))
{
return(permission);
}
}
else if (!permission.IsSubsetOf(codeAccessPermission))
{
return(permission);
}
}
else
{
try
{
permission.Demand();
}
catch (SecurityException)
{
return(permission);
}
}
}
return(null);
}
internal bool CheckDemand2(CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandleInternal rmh, bool fDeclarative)
{
if (this.GetPermitOnly(fDeclarative) != null)
{
this.GetPermitOnly(fDeclarative).CheckDecoded(demand, permToken);
}
if (this.GetDenials(fDeclarative) != null)
{
this.GetDenials(fDeclarative).CheckDecoded(demand, permToken);
}
if (this.GetAssertions(fDeclarative) != null)
{
this.GetAssertions(fDeclarative).CheckDecoded(demand, permToken);
}
bool flag1 = SecurityManager._SetThreadSecurity(false);
try
{
PermissionSet permitOnly = this.GetPermitOnly(fDeclarative);
if (permitOnly != null)
{
CodeAccessPermission permitted = (CodeAccessPermission)permitOnly.GetPermission((IPermission)demand);
if (permitted == null)
{
if (!permitOnly.IsUnrestricted())
{
throw new SecurityException(string.Format((IFormatProvider)CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), (object)demand.GetType().AssemblyQualifiedName), (object)null, (object)permitOnly, SecurityRuntime.GetMethodInfo(rmh), (object)demand, (IPermission)demand);
}
}
else
{
bool flag2 = true;
try
{
flag2 = !demand.CheckPermitOnly(permitted);
}
catch (ArgumentException ex)
{
}
if (flag2)
{
throw new SecurityException(string.Format((IFormatProvider)CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), (object)demand.GetType().AssemblyQualifiedName), (object)null, (object)permitOnly, SecurityRuntime.GetMethodInfo(rmh), (object)demand, (IPermission)demand);
}
}
}
PermissionSet denials = this.GetDenials(fDeclarative);
if (denials != null)
{
CodeAccessPermission denied = (CodeAccessPermission)denials.GetPermission((IPermission)demand);
if (denials.IsUnrestricted())
{
throw new SecurityException(string.Format((IFormatProvider)CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), (object)demand.GetType().AssemblyQualifiedName), (object)denials, (object)null, SecurityRuntime.GetMethodInfo(rmh), (object)demand, (IPermission)demand);
}
bool flag2 = true;
try
{
flag2 = !demand.CheckDeny(denied);
}
catch (ArgumentException ex)
{
}
if (flag2)
{
throw new SecurityException(string.Format((IFormatProvider)CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), (object)demand.GetType().AssemblyQualifiedName), (object)denials, (object)null, SecurityRuntime.GetMethodInfo(rmh), (object)demand, (IPermission)demand);
}
}
if (this.GetAssertAllPossible())
{
return(false);
}
PermissionSet assertions = this.GetAssertions(fDeclarative);
if (assertions != null)
{
CodeAccessPermission asserted = (CodeAccessPermission)assertions.GetPermission((IPermission)demand);
try
{
if (!assertions.IsUnrestricted())
{
if (!demand.CheckAssert(asserted))
{
goto label_35;
}
}
return(false);
}
catch (ArgumentException ex)
{
}
}
}
finally
{
if (flag1)
{
SecurityManager._SetThreadSecurity(true);
}
}
label_35:
return(true);
}
[System.Security.SecurityCritical] // auto-generated
internal void UpdateGrant(PermissionSet in_g, out ZoneIdentityPermission z,out UrlIdentityPermission u)
{
z = null;
u = null;
if (in_g != null)
{
if (GrantSet == null)
GrantSet = in_g.Copy();
else
GrantSet.InplaceIntersect(in_g);
z = (ZoneIdentityPermission)in_g.GetPermission(ZoneToken);
u = (UrlIdentityPermission)in_g.GetPermission(UrlToken);
}
}
internal static bool CheckHelper(PermissionSet grantedSet, PermissionSet refusedSet, CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandleInternal rmh, object assemblyOrString, SecurityAction action, bool throwException)
{
if (permToken == null)
{
permToken = PermissionToken.GetToken(demand);
}
if (grantedSet != null)
{
grantedSet.CheckDecoded(permToken.m_index);
}
if (refusedSet != null)
{
refusedSet.CheckDecoded(permToken.m_index);
}
bool flag = SecurityManager._SetThreadSecurity(false);
try
{
if (grantedSet == null)
{
if (!throwException)
{
return(false);
}
CodeAccessSecurityEngine.ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
}
else if (!grantedSet.IsUnrestricted())
{
CodeAccessPermission grant = (CodeAccessPermission)grantedSet.GetPermission(permToken);
if (!demand.CheckDemand(grant))
{
if (!throwException)
{
return(false);
}
CodeAccessSecurityEngine.ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
}
}
if (refusedSet != null)
{
CodeAccessPermission codeAccessPermission = (CodeAccessPermission)refusedSet.GetPermission(permToken);
if (codeAccessPermission != null && !codeAccessPermission.CheckDeny(demand))
{
if (!throwException)
{
return(false);
}
CodeAccessSecurityEngine.ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
}
if (refusedSet.IsUnrestricted())
{
if (!throwException)
{
return(false);
}
CodeAccessSecurityEngine.ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
}
}
}
catch (SecurityException)
{
throw;
}
catch (Exception)
{
if (!throwException)
{
return(false);
}
CodeAccessSecurityEngine.ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
}
finally
{
if (flag)
{
SecurityManager._SetThreadSecurity(true);
}
}
return(true);
}
private static void CheckHelper(PermissionSet grantedSet,
PermissionSet deniedSet,
CodeAccessPermission demand,
PermissionToken permToken)
{
#if _DEBUG
if (debug)
{
DEBUG_OUT("Granted: ");
DEBUG_OUT(grantedSet.ToXml().ToString());
DEBUG_OUT("Denied: ");
DEBUG_OUT(deniedSet!=null ? deniedSet.ToXml().ToString() : "<null>");
DEBUG_OUT("Demanded: ");
DEBUG_OUT(demand.ToString());
}
#endif
if (permToken == null)
permToken = PermissionToken.GetToken(demand);
// If PermissionSet is null, then module does not have Permissions... Fail check.
try
{
if (grantedSet == null)
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"));
}
else if (!grantedSet.IsUnrestricted() || !(demand is IUnrestrictedPermission))
{
// If we aren't unrestricted, there is a denied set, or our permission is not of the unrestricted
// variety, we need to do the proper callback.
BCLDebug.Assert(demand != null,"demand != null");
// Find the permission of matching type in the permission set.
CodeAccessPermission grantedPerm =
(CodeAccessPermission)grantedSet.GetPermission(permToken);
// If there isn't a matching permission in the set and our demand is not a subset of null (i.e. empty)
// then throw an exception.
if (grantedPerm == null)
{
if (!demand.IsSubsetOf( null ))
throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString());
else
return;
}
// Call the check demand for our permission.
grantedPerm.CheckDemand(demand);
}
// Make the sure the permission is not denied.
if (deniedSet != null)
{
CodeAccessPermission deniedPerm =
(CodeAccessPermission)deniedSet.GetPermission(permToken);
if (deniedPerm != null)
{
if (deniedPerm.Intersect(demand) != null)
{
#if _DEBUG
if (debug)
DEBUG_OUT( "Permission found in denied set" );
#endif
throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString());
}
}
}
}
catch (Exception e)
{
// Any exception besides a security exception in this code means that
// a permission was unable to properly handle what we asked of it.
// We will define this to mean that the demand failed.
if (e is SecurityException)
throw e;
else
throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString());
}
DEBUG_OUT( "Check passed" );
}
public bool IsSubsetOf (PermissionSet target)
{
// if target is empty we must be empty too
if ((target == null) || (target.IsEmpty ()))
return this.IsEmpty ();
// all permissions support unrestricted in 2.0
if (target.IsUnrestricted ())
return true;
if (this.IsUnrestricted ())
return false;
if (this.IsUnrestricted () && ((target == null) || !target.IsUnrestricted ()))
return false;
// if each of our permission is (a) present and (b) a subset of target
foreach (IPermission p in list) {
// non CAS permissions must be evaluated for unrestricted
Type t = p.GetType ();
IPermission i = null;
if (target.IsUnrestricted () && (p is CodeAccessPermission) && (p is IUnrestrictedPermission)) {
i = (IPermission) Activator.CreateInstance (t, psUnrestricted);
} else {
i = target.GetPermission (t);
}
if (!p.IsSubsetOf (i))
return false; // not a subset (condition b)
}
return true;
}
internal bool CheckDeny(PermissionSet deniedSet, out IPermission firstPermThatFailed)
{
firstPermThatFailed = null;
if (((deniedSet != null) && !deniedSet.FastIsEmpty()) && !this.FastIsEmpty())
{
if (this.m_Unrestricted && deniedSet.m_Unrestricted)
{
return false;
}
PermissionSetEnumeratorInternal internal2 = new PermissionSetEnumeratorInternal(this);
while (internal2.MoveNext())
{
CodeAccessPermission current = internal2.Current as CodeAccessPermission;
if ((current != null) && !current.IsSubsetOf(null))
{
if (deniedSet.m_Unrestricted)
{
firstPermThatFailed = current;
return false;
}
CodeAccessPermission permission = (CodeAccessPermission) deniedSet.GetPermission(internal2.GetCurrentIndex());
if (!current.CheckDeny(permission))
{
firstPermThatFailed = current;
return false;
}
}
}
if (this.m_Unrestricted)
{
PermissionSetEnumeratorInternal internal3 = new PermissionSetEnumeratorInternal(deniedSet);
while (internal3.MoveNext())
{
if (internal3.Current is IPermission)
{
return false;
}
}
}
}
return true;
}
internal static PermissionSet RemoveRefusedPermissionSet(PermissionSet assertSet, PermissionSet refusedSet, out bool bFailedToCompress)
{
PermissionSet set = null;
bFailedToCompress = false;
if (assertSet == null)
{
return null;
}
if (refusedSet != null)
{
if (refusedSet.IsUnrestricted())
{
return null;
}
PermissionSetEnumeratorInternal internal2 = new PermissionSetEnumeratorInternal(refusedSet);
while (internal2.MoveNext())
{
CodeAccessPermission current = (CodeAccessPermission) internal2.Current;
int currentIndex = internal2.GetCurrentIndex();
if (current != null)
{
CodeAccessPermission permission = (CodeAccessPermission) assertSet.GetPermission(currentIndex);
try
{
if (current.Intersect(permission) == null)
{
continue;
}
if (current.Equals(permission))
{
if (set == null)
{
set = assertSet.Copy();
}
set.RemovePermission(currentIndex);
continue;
}
bFailedToCompress = true;
return assertSet;
}
catch (ArgumentException)
{
if (set == null)
{
set = assertSet.Copy();
}
set.RemovePermission(currentIndex);
continue;
}
}
}
}
if (set != null)
{
return set;
}
return assertSet;
}
internal static void RemoveAssertedPermissionSet(PermissionSet demandSet, PermissionSet assertSet, out PermissionSet alteredDemandSet)
{
alteredDemandSet = null;
PermissionSetEnumeratorInternal internal2 = new PermissionSetEnumeratorInternal(demandSet);
while (internal2.MoveNext())
{
CodeAccessPermission current = (CodeAccessPermission) internal2.Current;
int currentIndex = internal2.GetCurrentIndex();
if (current != null)
{
CodeAccessPermission permission = (CodeAccessPermission) assertSet.GetPermission(currentIndex);
try
{
if (current.CheckAssert(permission))
{
if (alteredDemandSet == null)
{
alteredDemandSet = demandSet.Copy();
}
alteredDemandSet.RemovePermission(currentIndex);
}
continue;
}
catch (ArgumentException)
{
continue;
}
}
}
}
internal bool IsSubsetOfHelper(PermissionSet target, IsSubsetOfType type, out IPermission firstPermThatFailed, bool ignoreNonCas)
{
firstPermThatFailed = null;
if ((target == null) || target.FastIsEmpty())
{
if (this.IsEmpty())
{
return true;
}
firstPermThatFailed = this.GetFirstPerm();
return false;
}
if (this.IsUnrestricted() && !target.IsUnrestricted())
{
return false;
}
if (this.m_permSet != null)
{
target.CheckSet();
for (int i = this.m_permSet.GetStartingIndex(); i <= this.m_permSet.GetMaxUsedIndex(); i++)
{
IPermission permission = this.GetPermission(i);
if ((permission != null) && !permission.IsSubsetOf(null))
{
IPermission permission2 = target.GetPermission(i);
if (!target.m_Unrestricted)
{
CodeAccessPermission permission3 = permission as CodeAccessPermission;
if (permission3 == null)
{
if (!ignoreNonCas && !permission.IsSubsetOf(permission2))
{
firstPermThatFailed = permission;
return false;
}
continue;
}
firstPermThatFailed = permission;
switch (type)
{
case IsSubsetOfType.Normal:
if (permission.IsSubsetOf(permission2))
{
break;
}
return false;
case IsSubsetOfType.CheckDemand:
if (permission3.CheckDemand((CodeAccessPermission) permission2))
{
break;
}
return false;
case IsSubsetOfType.CheckPermitOnly:
if (permission3.CheckPermitOnly((CodeAccessPermission) permission2))
{
break;
}
return false;
case IsSubsetOfType.CheckAssertion:
if (permission3.CheckAssert((CodeAccessPermission) permission2))
{
break;
}
return false;
}
firstPermThatFailed = null;
}
}
}
}
return true;
}
internal static bool IsIntersectingAssertedPermissions(PermissionSet assertSet1, PermissionSet assertSet2)
{
bool flag = false;
if ((assertSet1 != null) && (assertSet2 != null))
{
PermissionSetEnumeratorInternal internal2 = new PermissionSetEnumeratorInternal(assertSet2);
while (internal2.MoveNext())
{
CodeAccessPermission current = (CodeAccessPermission) internal2.Current;
int currentIndex = internal2.GetCurrentIndex();
if (current != null)
{
CodeAccessPermission permission = (CodeAccessPermission) assertSet1.GetPermission(currentIndex);
try
{
if ((permission != null) && !permission.Equals(current))
{
flag = true;
}
continue;
}
catch (ArgumentException)
{
flag = true;
continue;
}
}
}
}
return flag;
}
[System.Security.SecurityCritical] // auto-generated
#pragma warning disable 618
internal static bool CheckHelper(PermissionSet grantedSet,
#pragma warning restore 618
PermissionSet refusedSet,
CodeAccessPermission demand,
PermissionToken permToken,
RuntimeMethodHandleInternal rmh,
Object assemblyOrString,
SecurityAction action,
bool throwException)
{
// We should never get here with a null demand
Contract.Assert(demand != null, "Should not reach here with a null demand");
#if _DEBUG && FEATURE_CAS_POLICY
if (debug)
{
DEBUG_OUT("Granted: ");
DEBUG_OUT(grantedSet.ToXml().ToString());
DEBUG_OUT("Refused: ");
DEBUG_OUT(refusedSet != null ? refusedSet.ToXml().ToString() : "<null>");
DEBUG_OUT("Demanded: ");
DEBUG_OUT(demand.ToString());
}
#endif // _DEBUG && FEATURE_CAS_POLICY
if (permToken == null)
{
permToken = PermissionToken.GetToken(demand);
}
if (grantedSet != null)
{
grantedSet.CheckDecoded(permToken.m_index);
}
if (refusedSet != null)
{
refusedSet.CheckDecoded(permToken.m_index);
}
// If PermissionSet is null, then module does not have Permissions... Fail check.
bool bThreadSecurity = SecurityManager._SetThreadSecurity(false);
try
{
if (grantedSet == null)
{
if (throwException)
{
ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
}
else
{
return(false);
}
}
else if (!grantedSet.IsUnrestricted())
{
// If we aren't unrestricted, there is a refused set, or our permission is not of the unrestricted
// variety, we need to do the proper callback.
Contract.Assert(demand != null, "demand != null");
// Find the permission of matching type in the permission set.
CodeAccessPermission grantedPerm =
(CodeAccessPermission)grantedSet.GetPermission(permToken);
// Make sure the demand has been granted
if (!demand.CheckDemand(grantedPerm))
{
if (throwException)
{
ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
}
else
{
return(false);
}
}
}
// Make the sure the permission is not refused.
if (refusedSet != null)
{
CodeAccessPermission refusedPerm =
(CodeAccessPermission)refusedSet.GetPermission(permToken);
if (refusedPerm != null)
{
if (!refusedPerm.CheckDeny(demand))
{
#if _DEBUG
if (debug)
{
DEBUG_OUT("Permission found in refused set");
}
#endif
if (throwException)
{
ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
}
else
{
return(false);
}
}
}
if (refusedSet.IsUnrestricted())
{
if (throwException)
{
ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
}
else
{
return(false);
}
}
}
}
catch (SecurityException)
{
throw;
}
catch (Exception)
{
// Any exception besides a security exception in this code means that
// a permission was unable to properly handle what we asked of it.
// We will define this to mean that the demand failed.
if (throwException)
{
ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
}
else
{
return(false);
}
}
finally
{
if (bThreadSecurity)
{
SecurityManager._SetThreadSecurity(true);
}
}
DEBUG_OUT("Check passed");
return(true);
}
internal static int GetSpecialFlags(PermissionSet grantSet, PermissionSet deniedSet)
{
if (((grantSet != null) && grantSet.IsUnrestricted()) && ((deniedSet == null) || deniedSet.IsEmpty()))
{
return(-1);
}
SecurityPermission permission = null;
SecurityPermissionFlag noFlags = SecurityPermissionFlag.NoFlags;
ReflectionPermission permission2 = null;
ReflectionPermissionFlag reflectionPermissionFlags = ReflectionPermissionFlag.NoFlags;
CodeAccessPermission[] permissionArray = new CodeAccessPermission[6];
if (grantSet != null)
{
if (grantSet.IsUnrestricted())
{
noFlags = SecurityPermissionFlag.AllFlags;
reflectionPermissionFlags = ReflectionPermissionFlag.RestrictedMemberAccess | ReflectionPermissionFlag.AllFlags;
for (int i = 0; i < permissionArray.Length; i++)
{
permissionArray[i] = s_UnrestrictedSpecialPermissionMap[i];
}
}
else
{
permission = grantSet.GetPermission(6) as SecurityPermission;
if (permission != null)
{
noFlags = permission.Flags;
}
permission2 = grantSet.GetPermission(4) as ReflectionPermission;
if (permission2 != null)
{
reflectionPermissionFlags = permission2.Flags;
}
for (int j = 0; j < permissionArray.Length; j++)
{
permissionArray[j] = grantSet.GetPermission(s_BuiltInPermissionIndexMap[j][0]) as CodeAccessPermission;
}
}
}
if (deniedSet != null)
{
if (deniedSet.IsUnrestricted())
{
noFlags = SecurityPermissionFlag.NoFlags;
reflectionPermissionFlags = ReflectionPermissionFlag.NoFlags;
for (int k = 0; k < s_BuiltInPermissionIndexMap.Length; k++)
{
permissionArray[k] = null;
}
}
else
{
permission = deniedSet.GetPermission(6) as SecurityPermission;
if (permission != null)
{
noFlags &= ~permission.Flags;
}
permission2 = deniedSet.GetPermission(4) as ReflectionPermission;
if (permission2 != null)
{
reflectionPermissionFlags &= ~permission2.Flags;
}
for (int m = 0; m < s_BuiltInPermissionIndexMap.Length; m++)
{
CodeAccessPermission permission3 = deniedSet.GetPermission(s_BuiltInPermissionIndexMap[m][0]) as CodeAccessPermission;
if ((permission3 != null) && !permission3.IsSubsetOf(null))
{
permissionArray[m] = null;
}
}
}
}
int num5 = MapToSpecialFlags(noFlags, reflectionPermissionFlags);
if (num5 != -1)
{
for (int n = 0; n < permissionArray.Length; n++)
{
if ((permissionArray[n] != null) && ((IUnrestrictedPermission)permissionArray[n]).IsUnrestricted())
{
num5 |= ((int)1) << s_BuiltInPermissionIndexMap[n][1];
}
}
}
return(num5);
}
internal bool CheckDeny(PermissionSet deniedSet, out IPermission firstPermThatFailed)
{
firstPermThatFailed = null;
if (deniedSet == null || deniedSet.FastIsEmpty() || this.FastIsEmpty())
return true;
if(this.m_Unrestricted && deniedSet.m_Unrestricted)
return false;
CodeAccessPermission permThis, permThat;
PermissionSetEnumeratorInternal enumThis = new PermissionSetEnumeratorInternal(this);
while (enumThis.MoveNext())
{
permThis = enumThis.Current as CodeAccessPermission;
if(permThis == null || permThis.IsSubsetOf(null))
continue; // ignore non-CAS permissions in the grant set.
if (deniedSet.m_Unrestricted)
{
firstPermThatFailed = permThis;
return false;
}
permThat = (CodeAccessPermission)deniedSet.GetPermission(enumThis.GetCurrentIndex());
if (!permThis.CheckDeny(permThat))
{
firstPermThatFailed = permThis;
return false;
}
}
if(this.m_Unrestricted)
{
PermissionSetEnumeratorInternal enumThat = new PermissionSetEnumeratorInternal(deniedSet);
while (enumThat.MoveNext())
{
if(enumThat.Current is IPermission)
return false;
}
}
return true;
}
internal static int GetSpecialFlags(PermissionSet grantSet, PermissionSet deniedSet)
{
if (((grantSet != null) && grantSet.IsUnrestricted()) && ((deniedSet == null) || deniedSet.IsEmpty()))
{
return -1;
}
SecurityPermission permission = null;
SecurityPermissionFlag noFlags = SecurityPermissionFlag.NoFlags;
ReflectionPermission permission2 = null;
ReflectionPermissionFlag reflectionPermissionFlags = ReflectionPermissionFlag.NoFlags;
CodeAccessPermission[] permissionArray = new CodeAccessPermission[6];
if (grantSet != null)
{
if (grantSet.IsUnrestricted())
{
noFlags = SecurityPermissionFlag.AllFlags;
reflectionPermissionFlags = ReflectionPermissionFlag.RestrictedMemberAccess | ReflectionPermissionFlag.AllFlags;
for (int i = 0; i < permissionArray.Length; i++)
{
permissionArray[i] = s_UnrestrictedSpecialPermissionMap[i];
}
}
else
{
permission = grantSet.GetPermission(6) as SecurityPermission;
if (permission != null)
{
noFlags = permission.Flags;
}
permission2 = grantSet.GetPermission(4) as ReflectionPermission;
if (permission2 != null)
{
reflectionPermissionFlags = permission2.Flags;
}
for (int j = 0; j < permissionArray.Length; j++)
{
permissionArray[j] = grantSet.GetPermission(s_BuiltInPermissionIndexMap[j][0]) as CodeAccessPermission;
}
}
}
if (deniedSet != null)
{
if (deniedSet.IsUnrestricted())
{
noFlags = SecurityPermissionFlag.NoFlags;
reflectionPermissionFlags = ReflectionPermissionFlag.NoFlags;
for (int k = 0; k < s_BuiltInPermissionIndexMap.Length; k++)
{
permissionArray[k] = null;
}
}
else
{
permission = deniedSet.GetPermission(6) as SecurityPermission;
if (permission != null)
{
noFlags &= ~permission.Flags;
}
permission2 = deniedSet.GetPermission(4) as ReflectionPermission;
if (permission2 != null)
{
reflectionPermissionFlags &= ~permission2.Flags;
}
for (int m = 0; m < s_BuiltInPermissionIndexMap.Length; m++)
{
CodeAccessPermission permission3 = deniedSet.GetPermission(s_BuiltInPermissionIndexMap[m][0]) as CodeAccessPermission;
if ((permission3 != null) && !permission3.IsSubsetOf(null))
{
permissionArray[m] = null;
}
}
}
}
int num5 = MapToSpecialFlags(noFlags, reflectionPermissionFlags);
if (num5 != -1)
{
for (int n = 0; n < permissionArray.Length; n++)
{
if ((permissionArray[n] != null) && ((IUnrestrictedPermission) permissionArray[n]).IsUnrestricted())
{
num5 |= ((int) 1) << s_BuiltInPermissionIndexMap[n][1];
}
}
}
return num5;
}
internal void InternalIntersect (PermissionSet intersect, PermissionSet a, PermissionSet b, bool unrestricted)
{
foreach (IPermission p in b.list) {
// for every type in both list
IPermission i = a.GetPermission (p.GetType ());
if (i != null) {
// add intersection for this type
intersect.AddPermission (p.Intersect (i));
}
// unrestricted is possible for indentity permissions
else if (unrestricted) {
intersect.AddPermission (p);
}
// or reject!
}
}
[System.Security.SecurityCritical] // auto-generated
internal static void GetZoneAndOriginHelper( CompressedStack cs, PermissionSet grantSet, PermissionSet refusedSet, ArrayList zoneList, ArrayList originList )
{
if (cs != null)
cs.GetZoneAndOrigin(zoneList, originList, PermissionToken.GetToken(typeof(ZoneIdentityPermission)), PermissionToken.GetToken(typeof(UrlIdentityPermission)));
else
{
ZoneIdentityPermission zone = (ZoneIdentityPermission)grantSet.GetPermission( typeof( ZoneIdentityPermission ) );
UrlIdentityPermission url = (UrlIdentityPermission)grantSet.GetPermission( typeof( UrlIdentityPermission ) );
if (zone != null)
zoneList.Add( zone.SecurityZone );
if (url != null)
originList.Add( url.Url );
}
}
internal static int GetSpecialFlags (PermissionSet grantSet, PermissionSet deniedSet) {
if ((grantSet != null && grantSet.IsUnrestricted()) && (deniedSet == null || deniedSet.IsEmpty())) {
return -1;
}
else {
SecurityPermission securityPermission = null;
#pragma warning disable 618
SecurityPermissionFlag securityPermissionFlags = SecurityPermissionFlag.NoFlags;
#pragma warning restore 618
ReflectionPermission reflectionPermission = null;
ReflectionPermissionFlag reflectionPermissionFlags = ReflectionPermissionFlag.NoFlags;
CodeAccessPermission[] specialPermissions = new CodeAccessPermission[6];
if (grantSet != null) {
if (grantSet.IsUnrestricted()) {
securityPermissionFlags = SecurityPermissionFlag.AllFlags;
reflectionPermissionFlags = ReflectionPermission.AllFlagsAndMore;
for (int i = 0; i < specialPermissions.Length; i++) {
specialPermissions[i] = s_UnrestrictedSpecialPermissionMap[i];
}
}
else {
securityPermission = grantSet.GetPermission(BuiltInPermissionIndex.SecurityPermissionIndex) as SecurityPermission;
if (securityPermission != null)
securityPermissionFlags = securityPermission.Flags;
reflectionPermission = grantSet.GetPermission(BuiltInPermissionIndex.ReflectionPermissionIndex) as ReflectionPermission;
if (reflectionPermission != null)
reflectionPermissionFlags = reflectionPermission.Flags;
for (int i = 0; i < specialPermissions.Length; i++) {
specialPermissions[i] = grantSet.GetPermission(s_BuiltInPermissionIndexMap[i][0]) as CodeAccessPermission;
}
}
}
if (deniedSet != null) {
if (deniedSet.IsUnrestricted()) {
securityPermissionFlags = SecurityPermissionFlag.NoFlags;
reflectionPermissionFlags = ReflectionPermissionFlag.NoFlags;
for (int i = 0; i < s_BuiltInPermissionIndexMap.Length; i++) {
specialPermissions[i] = null;
}
}
else {
securityPermission = deniedSet.GetPermission(BuiltInPermissionIndex.SecurityPermissionIndex) as SecurityPermission;
if (securityPermission != null)
securityPermissionFlags &= ~securityPermission.Flags;
reflectionPermission = deniedSet.GetPermission(BuiltInPermissionIndex.ReflectionPermissionIndex) as ReflectionPermission;
if (reflectionPermission != null)
reflectionPermissionFlags &= ~reflectionPermission.Flags;
for (int i = 0; i < s_BuiltInPermissionIndexMap.Length; i++) {
CodeAccessPermission deniedSpecialPermission = deniedSet.GetPermission(s_BuiltInPermissionIndexMap[i][0]) as CodeAccessPermission;
if (deniedSpecialPermission != null && !deniedSpecialPermission.IsSubsetOf(null))
specialPermissions[i] = null; // we don't care about the exact value here.
}
}
}
int flags = MapToSpecialFlags(securityPermissionFlags, reflectionPermissionFlags);
if (flags != -1) {
for (int i = 0; i < specialPermissions.Length; i++) {
if (specialPermissions[i] != null && ((IUnrestrictedPermission) specialPermissions[i]).IsUnrestricted())
flags |= (1 << (int) s_BuiltInPermissionIndexMap[i][1]);
}
}
return flags;
}
}
internal static int GetSpecialFlags(PermissionSet grantSet, PermissionSet deniedSet)
{
if ((grantSet != null && grantSet.IsUnrestricted()) && (deniedSet == null || deniedSet.IsEmpty()))
{
return(-1);
}
else
{
SecurityPermission securityPermission = null;
#pragma warning disable 618
SecurityPermissionFlag securityPermissionFlags = SecurityPermissionFlag.NoFlags;
#pragma warning restore 618
ReflectionPermission reflectionPermission = null;
ReflectionPermissionFlag reflectionPermissionFlags = ReflectionPermissionFlag.NoFlags;
CodeAccessPermission[] specialPermissions = new CodeAccessPermission[6];
if (grantSet != null)
{
if (grantSet.IsUnrestricted())
{
#pragma warning disable 618
securityPermissionFlags = SecurityPermissionFlag.AllFlags;
#pragma warning restore 618
reflectionPermissionFlags = ReflectionPermission.AllFlagsAndMore;
for (int i = 0; i < specialPermissions.Length; i++)
{
specialPermissions[i] = s_UnrestrictedSpecialPermissionMap[i];
}
}
else
{
securityPermission = grantSet.GetPermission(BuiltInPermissionIndex.SecurityPermissionIndex) as SecurityPermission;
if (securityPermission != null)
{
securityPermissionFlags = securityPermission.Flags;
}
reflectionPermission = grantSet.GetPermission(BuiltInPermissionIndex.ReflectionPermissionIndex) as ReflectionPermission;
if (reflectionPermission != null)
{
reflectionPermissionFlags = reflectionPermission.Flags;
}
for (int i = 0; i < specialPermissions.Length; i++)
{
specialPermissions[i] = grantSet.GetPermission(s_BuiltInPermissionIndexMap[i][0]) as CodeAccessPermission;
}
}
}
if (deniedSet != null)
{
if (deniedSet.IsUnrestricted())
{
#pragma warning disable 618
securityPermissionFlags = SecurityPermissionFlag.NoFlags;
#pragma warning restore 618
reflectionPermissionFlags = ReflectionPermissionFlag.NoFlags;
for (int i = 0; i < s_BuiltInPermissionIndexMap.Length; i++)
{
specialPermissions[i] = null;
}
}
else
{
securityPermission = deniedSet.GetPermission(BuiltInPermissionIndex.SecurityPermissionIndex) as SecurityPermission;
if (securityPermission != null)
{
securityPermissionFlags &= ~securityPermission.Flags;
}
reflectionPermission = deniedSet.GetPermission(BuiltInPermissionIndex.ReflectionPermissionIndex) as ReflectionPermission;
if (reflectionPermission != null)
{
reflectionPermissionFlags &= ~reflectionPermission.Flags;
}
for (int i = 0; i < s_BuiltInPermissionIndexMap.Length; i++)
{
CodeAccessPermission deniedSpecialPermission = deniedSet.GetPermission(s_BuiltInPermissionIndexMap[i][0]) as CodeAccessPermission;
if (deniedSpecialPermission != null && !deniedSpecialPermission.IsSubsetOf(null))
{
specialPermissions[i] = null; // we don't care about the exact value here.
}
}
}
}
int flags = MapToSpecialFlags(securityPermissionFlags, reflectionPermissionFlags);
if (flags != -1)
{
for (int i = 0; i < specialPermissions.Length; i++)
{
if (specialPermissions[i] != null && ((IUnrestrictedPermission)specialPermissions[i]).IsUnrestricted())
{
flags |= (1 << (int)s_BuiltInPermissionIndexMap[i][1]);
}
}
}
return(flags);
}
}
internal bool CheckDemand2(CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandleInternal rmh, bool fDeclarative)
{
if (this.GetPermitOnly(fDeclarative) != null)
{
this.GetPermitOnly(fDeclarative).CheckDecoded(demand, permToken);
}
if (this.GetDenials(fDeclarative) != null)
{
this.GetDenials(fDeclarative).CheckDecoded(demand, permToken);
}
if (this.GetAssertions(fDeclarative) != null)
{
this.GetAssertions(fDeclarative).CheckDecoded(demand, permToken);
}
bool flag = SecurityManager._SetThreadSecurity(false);
try
{
PermissionSet permitOnly = this.GetPermitOnly(fDeclarative);
if (permitOnly != null)
{
CodeAccessPermission permitted = (CodeAccessPermission)permitOnly.GetPermission(demand);
if (permitted == null)
{
if (!permitOnly.IsUnrestricted())
{
throw new SecurityException(string.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), new object[] { demand.GetType().AssemblyQualifiedName }), null, permitOnly, SecurityRuntime.GetMethodInfo(rmh), demand, demand);
}
}
else
{
bool flag2 = true;
try
{
flag2 = !demand.CheckPermitOnly(permitted);
}
catch (ArgumentException)
{
}
if (flag2)
{
throw new SecurityException(string.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), new object[] { demand.GetType().AssemblyQualifiedName }), null, permitOnly, SecurityRuntime.GetMethodInfo(rmh), demand, demand);
}
}
}
permitOnly = this.GetDenials(fDeclarative);
if (permitOnly != null)
{
CodeAccessPermission permission = (CodeAccessPermission)permitOnly.GetPermission(demand);
if (permitOnly.IsUnrestricted())
{
throw new SecurityException(string.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), new object[] { demand.GetType().AssemblyQualifiedName }), permitOnly, null, SecurityRuntime.GetMethodInfo(rmh), demand, demand);
}
bool flag3 = true;
try
{
flag3 = !demand.CheckDeny(permission);
}
catch (ArgumentException)
{
}
if (flag3)
{
throw new SecurityException(string.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), new object[] { demand.GetType().AssemblyQualifiedName }), permitOnly, null, SecurityRuntime.GetMethodInfo(rmh), demand, demand);
}
}
if (this.GetAssertAllPossible())
{
return(false);
}
permitOnly = this.GetAssertions(fDeclarative);
if (permitOnly != null)
{
CodeAccessPermission asserted = (CodeAccessPermission)permitOnly.GetPermission(demand);
try
{
if (permitOnly.IsUnrestricted() || demand.CheckAssert(asserted))
{
return(false);
}
}
catch (ArgumentException)
{
}
}
}
finally
{
if (flag)
{
SecurityManager._SetThreadSecurity(true);
}
}
return(true);
}
public void GetPermission_Null ()
{
PermissionSet ps = new PermissionSet (PermissionState.None);
Assert.IsNull (ps.GetPermission (null), "Empty");
}
[System.Security.SecurityCritical] // auto-generated
static bool CheckAssert(PermissionSet pSet, CodeAccessPermission demand, PermissionToken permToken)
{
if (pSet != null)
{
pSet.CheckDecoded(demand, permToken);
CodeAccessPermission perm = (CodeAccessPermission)pSet.GetPermission(demand);
// If the assert set does contain the demanded permission, halt the stackwalk
try
{
if (pSet.IsUnrestricted() || demand.CheckAssert(perm))
{
return SecurityRuntime.StackHalt;
}
}
catch (ArgumentException)
{
}
}
return SecurityRuntime.StackContinue;
}
public void GetPermission_Unrestricted ()
{
PermissionSet ps = new PermissionSet (PermissionState.Unrestricted);
Assert.IsNull (ps.GetPermission (typeof (SecurityPermission)), "Empty");
}
internal static bool CheckHelper(PermissionSet grantedSet, PermissionSet refusedSet, CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandleInternal rmh, object assemblyOrString, SecurityAction action, bool throwException)
{
if (permToken == null)
{
permToken = PermissionToken.GetToken(demand);
}
if (grantedSet != null)
{
grantedSet.CheckDecoded(permToken.m_index);
}
if (refusedSet != null)
{
refusedSet.CheckDecoded(permToken.m_index);
}
bool flag = SecurityManager._SetThreadSecurity(false);
try
{
if (grantedSet == null)
{
if (!throwException)
{
return false;
}
ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
}
else if (!grantedSet.IsUnrestricted())
{
CodeAccessPermission grant = (CodeAccessPermission) grantedSet.GetPermission(permToken);
if (!demand.CheckDemand(grant))
{
if (throwException)
{
ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
}
else
{
return false;
}
}
}
if (refusedSet != null)
{
CodeAccessPermission permission = (CodeAccessPermission) refusedSet.GetPermission(permToken);
if ((permission != null) && !permission.CheckDeny(demand))
{
if (!throwException)
{
return false;
}
ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
}
if (refusedSet.IsUnrestricted())
{
if (throwException)
{
ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
}
else
{
return false;
}
}
}
}
catch (SecurityException)
{
throw;
}
catch (Exception)
{
if (throwException)
{
ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
}
else
{
return false;
}
}
finally
{
if (flag)
{
SecurityManager._SetThreadSecurity(true);
}
}
return true;
}
// Token: 0x06001E28 RID: 7720 RVA: 0x0006948C File Offset: 0x0006768C
internal static int GetSpecialFlags(PermissionSet grantSet, PermissionSet deniedSet)
{
if (grantSet != null && grantSet.IsUnrestricted() && (deniedSet == null || deniedSet.IsEmpty()))
{
return(-1);
}
SecurityPermissionFlag securityPermissionFlag = SecurityPermissionFlag.NoFlags;
ReflectionPermissionFlag reflectionPermissionFlag = ReflectionPermissionFlag.NoFlags;
CodeAccessPermission[] array = new CodeAccessPermission[6];
if (grantSet != null)
{
if (grantSet.IsUnrestricted())
{
securityPermissionFlag = SecurityPermissionFlag.AllFlags;
reflectionPermissionFlag = (ReflectionPermissionFlag.TypeInformation | ReflectionPermissionFlag.MemberAccess | ReflectionPermissionFlag.ReflectionEmit | ReflectionPermissionFlag.RestrictedMemberAccess);
for (int i = 0; i < array.Length; i++)
{
array[i] = SecurityManager.s_UnrestrictedSpecialPermissionMap[i];
}
}
else
{
SecurityPermission securityPermission = grantSet.GetPermission(6) as SecurityPermission;
if (securityPermission != null)
{
securityPermissionFlag = securityPermission.Flags;
}
ReflectionPermission reflectionPermission = grantSet.GetPermission(4) as ReflectionPermission;
if (reflectionPermission != null)
{
reflectionPermissionFlag = reflectionPermission.Flags;
}
for (int j = 0; j < array.Length; j++)
{
array[j] = (grantSet.GetPermission(SecurityManager.s_BuiltInPermissionIndexMap[j][0]) as CodeAccessPermission);
}
}
}
if (deniedSet != null)
{
if (deniedSet.IsUnrestricted())
{
securityPermissionFlag = SecurityPermissionFlag.NoFlags;
reflectionPermissionFlag = ReflectionPermissionFlag.NoFlags;
for (int k = 0; k < SecurityManager.s_BuiltInPermissionIndexMap.Length; k++)
{
array[k] = null;
}
}
else
{
SecurityPermission securityPermission = deniedSet.GetPermission(6) as SecurityPermission;
if (securityPermission != null)
{
securityPermissionFlag &= ~securityPermission.Flags;
}
ReflectionPermission reflectionPermission = deniedSet.GetPermission(4) as ReflectionPermission;
if (reflectionPermission != null)
{
reflectionPermissionFlag &= ~reflectionPermission.Flags;
}
for (int l = 0; l < SecurityManager.s_BuiltInPermissionIndexMap.Length; l++)
{
CodeAccessPermission codeAccessPermission = deniedSet.GetPermission(SecurityManager.s_BuiltInPermissionIndexMap[l][0]) as CodeAccessPermission;
if (codeAccessPermission != null && !codeAccessPermission.IsSubsetOf(null))
{
array[l] = null;
}
}
}
}
int num = SecurityManager.MapToSpecialFlags(securityPermissionFlag, reflectionPermissionFlag);
if (num != -1)
{
for (int m = 0; m < array.Length; m++)
{
if (array[m] != null && ((IUnrestrictedPermission)array[m]).IsUnrestricted())
{
num |= 1 << SecurityManager.s_BuiltInPermissionIndexMap[m][1];
}
}
}
return(num);
}
public static bool IsGranted(this IRole role, IPermission permission) {
var permissionSet = new PermissionSet(PermissionState.None);
role.Permissions.Each(perm => permissionSet.AddPermission(perm));
var getPermission = permissionSet.GetPermission(typeof(ObjectAccessPermission));
return getPermission != null && permission.IsSubsetOf(getPermission);
}
internal static bool IsIntersectingAssertedPermissions(PermissionSet assertSet1, PermissionSet assertSet2)
{
bool isIntersecting = false;
if (assertSet1 != null && assertSet2 != null)
{
PermissionSetEnumeratorInternal enumerator = new PermissionSetEnumeratorInternal(assertSet2);
while (enumerator.MoveNext())
{
CodeAccessPermission perm2 = (CodeAccessPermission)enumerator.Current;
int i = enumerator.GetCurrentIndex();
if (perm2 != null)
{
CodeAccessPermission perm1
= (CodeAccessPermission)assertSet1.GetPermission(i);
try
{
if (perm1 != null && !perm1.Equals(perm2))
{
isIntersecting = true; // Same type of permission, but with different flags or something - cannot union them
}
}
catch (ArgumentException)
{
isIntersecting = true; //assume worst case
}
}
}
}
return isIntersecting;
}
internal bool IsSubsetOfHelper(PermissionSet target, IsSubsetOfType type, out IPermission firstPermThatFailed, bool ignoreNonCas)
{
#if _DEBUG
if (debug)
DEBUG_WRITE("IsSubsetOf\n" +
"Other:\n" +
(target == null ? "<null>" : target.ToString()) +
"\nMe:\n" +
ToString());
#endif
firstPermThatFailed = null;
if (target == null || target.FastIsEmpty())
{
if(this.IsEmpty())
return true;
else
{
firstPermThatFailed = GetFirstPerm();
return false;
}
}
else if (this.IsUnrestricted() && !target.IsUnrestricted())
return false;
else if (this.m_permSet == null)
return true;
else
{
target.CheckSet();
for (int i = m_permSet.GetStartingIndex(); i <= this.m_permSet.GetMaxUsedIndex(); ++i)
{
IPermission thisPerm = this.GetPermission(i);
if (thisPerm == null || thisPerm.IsSubsetOf(null))
continue;
IPermission targetPerm = target.GetPermission(i);
#if _DEBUG
PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i );
Contract.Assert(targetPerm == null || (token.m_type & PermissionTokenType.DontKnow) == 0, "Token not properly initialized");
#endif
if (target.m_Unrestricted)
continue;
// targetPerm can be null here, but that is fine since it thisPerm is a subset
// of empty/null then we can continue in the loop.
CodeAccessPermission cap = thisPerm as CodeAccessPermission;
if(cap == null)
{
if (!ignoreNonCas && !thisPerm.IsSubsetOf( targetPerm ))
{
firstPermThatFailed = thisPerm;
return false;
}
}
else
{
firstPermThatFailed = thisPerm;
switch(type)
{
case IsSubsetOfType.Normal:
if (!thisPerm.IsSubsetOf( targetPerm ))
return false;
break;
case IsSubsetOfType.CheckDemand:
if (!cap.CheckDemand( (CodeAccessPermission)targetPerm ))
return false;
break;
case IsSubsetOfType.CheckPermitOnly:
if (!cap.CheckPermitOnly( (CodeAccessPermission)targetPerm ))
return false;
break;
case IsSubsetOfType.CheckAssertion:
if (!cap.CheckAssert( (CodeAccessPermission)targetPerm ))
return false;
break;
}
firstPermThatFailed = null;
}
}
}
return true;
}
private static void CheckHelper(PermissionSet grantedSet,
PermissionSet deniedSet,
CodeAccessPermission demand,
PermissionToken permToken)
{
#if _DEBUG
if (debug)
{
DEBUG_OUT("Granted: ");
DEBUG_OUT(grantedSet.ToXml().ToString());
DEBUG_OUT("Denied: ");
DEBUG_OUT(deniedSet != null ? deniedSet.ToXml().ToString() : "<null>");
DEBUG_OUT("Demanded: ");
DEBUG_OUT(demand.ToString());
}
#endif
if (permToken == null)
{
permToken = PermissionToken.GetToken(demand);
}
// If PermissionSet is null, then module does not have Permissions... Fail check.
try
{
if (grantedSet == null)
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"));
}
else if (!grantedSet.IsUnrestricted() || !(demand is IUnrestrictedPermission))
{
// If we aren't unrestricted, there is a denied set, or our permission is not of the unrestricted
// variety, we need to do the proper callback.
BCLDebug.Assert(demand != null, "demand != null");
// Find the permission of matching type in the permission set.
CodeAccessPermission grantedPerm =
(CodeAccessPermission)grantedSet.GetPermission(permToken);
// If there isn't a matching permission in the set and our demand is not a subset of null (i.e. empty)
// then throw an exception.
if (grantedPerm == null)
{
if (!demand.IsSubsetOf(null))
{
throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString());
}
else
{
return;
}
}
// Call the check demand for our permission.
grantedPerm.CheckDemand(demand);
}
// Make the sure the permission is not denied.
if (deniedSet != null)
{
CodeAccessPermission deniedPerm =
(CodeAccessPermission)deniedSet.GetPermission(permToken);
if (deniedPerm != null)
{
if (deniedPerm.Intersect(demand) != null)
{
#if _DEBUG
if (debug)
{
DEBUG_OUT("Permission found in denied set");
}
#endif
throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString());
}
}
if (deniedSet.IsUnrestricted() && (demand is IUnrestrictedPermission))
{
throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString());
}
}
}
catch (Exception e)
{
// Any exception besides a security exception in this code means that
// a permission was unable to properly handle what we asked of it.
// We will define this to mean that the demand failed.
if (e is SecurityException)
{
throw e;
}
else
{
throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString());
}
}
DEBUG_OUT("Check passed");
}
[System.Security.SecurityCritical] // auto-generated
#pragma warning disable 618
internal static bool CheckHelper(PermissionSet grantedSet,
#pragma warning restore 618
PermissionSet refusedSet,
CodeAccessPermission demand,
PermissionToken permToken,
RuntimeMethodHandleInternal rmh,
Object assemblyOrString,
SecurityAction action,
bool throwException)
{
// We should never get here with a null demand
Contract.Assert(demand != null, "Should not reach here with a null demand");
#if _DEBUG && FEATURE_CAS_POLICY
if (debug)
{
DEBUG_OUT("Granted: ");
DEBUG_OUT(grantedSet.ToXml().ToString());
DEBUG_OUT("Refused: ");
DEBUG_OUT(refusedSet != null ? refusedSet.ToXml().ToString() : "<null>");
DEBUG_OUT("Demanded: ");
DEBUG_OUT(demand.ToString());
}
#endif // _DEBUG && FEATURE_CAS_POLICY
if (permToken == null)
permToken = PermissionToken.GetToken(demand);
if (grantedSet != null)
grantedSet.CheckDecoded(permToken.m_index);
if (refusedSet != null)
refusedSet.CheckDecoded(permToken.m_index);
// If PermissionSet is null, then module does not have Permissions... Fail check.
bool bThreadSecurity = SecurityManager._SetThreadSecurity(false);
try
{
if (grantedSet == null)
{
if (throwException)
ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
else
return false;
}
else if (!grantedSet.IsUnrestricted())
{
// If we aren't unrestricted, there is a refused set, or our permission is not of the unrestricted
// variety, we need to do the proper callback.
Contract.Assert(demand != null,"demand != null");
// Find the permission of matching type in the permission set.
CodeAccessPermission grantedPerm =
(CodeAccessPermission)grantedSet.GetPermission(permToken);
// Make sure the demand has been granted
if (!demand.CheckDemand( grantedPerm ))
{
if (throwException)
ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
else
return false;
}
}
// Make the sure the permission is not refused.
if (refusedSet != null)
{
CodeAccessPermission refusedPerm =
(CodeAccessPermission)refusedSet.GetPermission(permToken);
if (refusedPerm != null)
{
if (!refusedPerm.CheckDeny(demand))
{
#if _DEBUG
if (debug)
DEBUG_OUT( "Permission found in refused set" );
#endif
if (throwException)
ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
else
return false;
}
}
if (refusedSet.IsUnrestricted())
{
if (throwException)
ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
else
return false;
}
}
}
catch (SecurityException)
{
throw;
}
catch (Exception)
{
// Any exception besides a security exception in this code means that
// a permission was unable to properly handle what we asked of it.
// We will define this to mean that the demand failed.
if (throwException)
ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
else
return false;
}
finally
{
if (bThreadSecurity)
SecurityManager._SetThreadSecurity(true);
}
DEBUG_OUT( "Check passed" );
return true;
}
protected override IsolatedStoragePermission GetPermission (PermissionSet ps)
{
if (ps == null)
return null;
return (IsolatedStoragePermission) ps.GetPermission (typeof (IsolatedStorageFilePermission));
}
/// <include file='doc\IsolatedStorageFile.uex' path='docs/doc[@for="IsolatedStorageFile.GetPermission"]/*' />
protected override IsolatedStoragePermission GetPermission(
PermissionSet ps)
{
if (ps == null)
return null;
else if (ps.IsUnrestricted())
return new IsolatedStorageFilePermission(
PermissionState.Unrestricted);
return (IsolatedStoragePermission) ps.
GetPermission(typeof(IsolatedStorageFilePermission));
}
public virtual bool IsSubsetOf (PermissionSet target)
{
#endif
if (this.IsUnrestricted () && ((target == null) || !target.IsUnrestricted ()))
return false;
// if each of our permission is (a) present and (b) a subset of target
foreach (IPermission p in list) {
#if !NET_2_0
if (target == null) {
if (!p.IsSubsetOf (null))
return false;
} else
#endif
{
// non CAS permissions must be evaluated for unrestricted
Type t = p.GetType ();
IPermission i = null;
if (target.IsUnrestricted () && (p is CodeAccessPermission) && (p is IUnrestrictedPermission)) {
i = (IPermission) Activator.CreateInstance (t, psUnrestricted);
} else {
i = target.GetPermission (t);
}
if (!p.IsSubsetOf (i))
return false; // not a subset (condition b)
}
}
return true;
}
public void AddPermission_NoCopy ()
{
PermissionSet ps = new PermissionSet (PermissionState.None);
SecurityPermission sp1 = new SecurityPermission (SecurityPermissionFlag.ControlEvidence);
SecurityPermission result = (SecurityPermission)ps.AddPermission (sp1);
SecurityPermission entry = (SecurityPermission)ps.GetPermission (typeof (SecurityPermission));
// are they the same (reference) or different ?
sp1.Flags = SecurityPermissionFlag.AllFlags;
result.Flags = SecurityPermissionFlag.Assertion;
}
internal static PermissionSet RemoveRefusedPermissionSet(PermissionSet assertSet, PermissionSet refusedSet, out bool bFailedToCompress)
{
Contract.Assert((assertSet == null || !assertSet.IsUnrestricted()), "Cannot be unrestricted here");
PermissionSet retPs = null;
bFailedToCompress = false;
if (assertSet == null)
return null;
if (refusedSet != null)
{
if (refusedSet.IsUnrestricted())
return null; // we're refusing everything...cannot assert anything now.
PermissionSetEnumeratorInternal enumerator = new PermissionSetEnumeratorInternal(refusedSet);
while (enumerator.MoveNext())
{
CodeAccessPermission refusedPerm = (CodeAccessPermission)enumerator.Current;
int i = enumerator.GetCurrentIndex();
if (refusedPerm != null)
{
CodeAccessPermission perm
= (CodeAccessPermission)assertSet.GetPermission(i);
try
{
if (refusedPerm.Intersect(perm) != null)
{
if (refusedPerm.Equals(perm))
{
if (retPs == null)
retPs = assertSet.Copy();
retPs.RemovePermission(i);
}
else
{
// Asserting a permission, part of which is already denied/refused
// cannot compress this assert
bFailedToCompress = true;
return assertSet;
}
}
}
catch (ArgumentException)
{
// Any exception during removing a refused set from assert set => we play it safe and not assert that perm
if (retPs == null)
retPs = assertSet.Copy();
retPs.RemovePermission(i);
}
}
}
}
if (retPs != null)
return retPs;
return assertSet;
}
public void GetPermission_None ()
{
PermissionSet ps = new PermissionSet (PermissionState.None);
Assert.IsNull (ps.GetPermission (typeof (SecurityPermission)), "Empty");
}
internal static void RemoveAssertedPermissionSet(PermissionSet demandSet, PermissionSet assertSet, out PermissionSet alteredDemandSet)
{
Contract.Assert(!assertSet.IsUnrestricted(), "Cannot call this function if assertSet is unrestricted");
alteredDemandSet = null;
PermissionSetEnumeratorInternal enumerator = new PermissionSetEnumeratorInternal(demandSet);
while (enumerator.MoveNext())
{
CodeAccessPermission demandDerm = (CodeAccessPermission)enumerator.Current;
int i = enumerator.GetCurrentIndex();
if (demandDerm != null)
{
CodeAccessPermission assertPerm
= (CodeAccessPermission)assertSet.GetPermission(i);
try
{
if (demandDerm.CheckAssert(assertPerm))
{
if (alteredDemandSet == null)
alteredDemandSet = demandSet.Copy();
alteredDemandSet.RemovePermission(i);
}
}
catch (ArgumentException)
{
}
}
}
return;
}
public void GetPermission_Subclass ()
{
IsolatedStorageFilePermission isfp = new IsolatedStorageFilePermission (PermissionState.Unrestricted);
PermissionSet ps = new PermissionSet (PermissionState.None);
ps.AddPermission (isfp);
Assert.IsNull (ps.GetPermission (typeof (IsolatedStoragePermission)), "Subclass");
}
internal static int GetSpecialFlags(PermissionSet grantSet, PermissionSet deniedSet)
{
if (grantSet != null && grantSet.IsUnrestricted() && (deniedSet == null || deniedSet.IsEmpty()))
{
return(-1);
}
SecurityPermissionFlag securityPermissionFlags = SecurityPermissionFlag.NoFlags;
ReflectionPermissionFlag reflectionPermissionFlags = ReflectionPermissionFlag.NoFlags;
CodeAccessPermission[] accessPermissionArray = new CodeAccessPermission[6];
if (grantSet != null)
{
if (grantSet.IsUnrestricted())
{
securityPermissionFlags = SecurityPermissionFlag.AllFlags;
reflectionPermissionFlags = ReflectionPermissionFlag.AllFlags | ReflectionPermissionFlag.RestrictedMemberAccess;
for (int index = 0; index < accessPermissionArray.Length; ++index)
{
accessPermissionArray[index] = SecurityManager.s_UnrestrictedSpecialPermissionMap[index];
}
}
else
{
SecurityPermission securityPermission = grantSet.GetPermission(6) as SecurityPermission;
if (securityPermission != null)
{
securityPermissionFlags = securityPermission.Flags;
}
ReflectionPermission reflectionPermission = grantSet.GetPermission(4) as ReflectionPermission;
if (reflectionPermission != null)
{
reflectionPermissionFlags = reflectionPermission.Flags;
}
for (int index = 0; index < accessPermissionArray.Length; ++index)
{
accessPermissionArray[index] = grantSet.GetPermission(SecurityManager.s_BuiltInPermissionIndexMap[index][0]) as CodeAccessPermission;
}
}
}
if (deniedSet != null)
{
if (deniedSet.IsUnrestricted())
{
securityPermissionFlags = SecurityPermissionFlag.NoFlags;
reflectionPermissionFlags = ReflectionPermissionFlag.NoFlags;
for (int index = 0; index < SecurityManager.s_BuiltInPermissionIndexMap.Length; ++index)
{
accessPermissionArray[index] = (CodeAccessPermission)null;
}
}
else
{
SecurityPermission securityPermission = deniedSet.GetPermission(6) as SecurityPermission;
if (securityPermission != null)
{
securityPermissionFlags &= ~securityPermission.Flags;
}
ReflectionPermission reflectionPermission = deniedSet.GetPermission(4) as ReflectionPermission;
if (reflectionPermission != null)
{
reflectionPermissionFlags &= ~reflectionPermission.Flags;
}
for (int index = 0; index < SecurityManager.s_BuiltInPermissionIndexMap.Length; ++index)
{
CodeAccessPermission accessPermission = deniedSet.GetPermission(SecurityManager.s_BuiltInPermissionIndexMap[index][0]) as CodeAccessPermission;
if (accessPermission != null && !accessPermission.IsSubsetOf((IPermission)null))
{
accessPermissionArray[index] = (CodeAccessPermission)null;
}
}
}
}
int specialFlags = SecurityManager.MapToSpecialFlags(securityPermissionFlags, reflectionPermissionFlags);
if (specialFlags != -1)
{
for (int index = 0; index < accessPermissionArray.Length; ++index)
{
if (accessPermissionArray[index] != null && ((IUnrestrictedPermission)accessPermissionArray[index]).IsUnrestricted())
{
specialFlags |= 1 << SecurityManager.s_BuiltInPermissionIndexMap[index][1];
}
}
}
return(specialFlags);
}
