public void PermissionSetNull ()
{
// no exception is thrown
PermissionSet ps = new PermissionSet (null);
#if NET_2_0
Assert ("PermissionStateNull.IsUnrestricted", !ps.IsUnrestricted ());
Assert ("PermissionStateNull.IsEmpty", ps.IsEmpty ());
#else
Assert ("PermissionStateNull.IsUnrestricted", ps.IsUnrestricted ());
Assert ("PermissionStateNull.IsEmpty", !ps.IsEmpty ());
#endif
Assert ("PermissionStateNull.IsReadOnly", !ps.IsReadOnly);
AssertEquals ("PermissionStateNull.ToXml().ToString()==ToString()", ps.ToXml ().ToString (), ps.ToString ());
}
public void PermissionSetNull ()
{
// no exception is thrown
PermissionSet ps = new PermissionSet (null);
#if NET_2_0
Assert.IsTrue (!ps.IsUnrestricted (), "PermissionStateNull.IsUnrestricted");
Assert.IsTrue (ps.IsEmpty (), "PermissionStateNull.IsEmpty");
#else
Assert.IsTrue (ps.IsUnrestricted (), "PermissionStateNull.IsUnrestricted");
Assert.IsTrue (!ps.IsEmpty (), "PermissionStateNull.IsEmpty");
#endif
Assert.IsTrue (!ps.IsReadOnly, "PermissionStateNull.IsReadOnly");
Assert.AreEqual (ps.ToXml ().ToString (), ps.ToString (), "PermissionStateNull.ToXml().ToString()==ToString()");
Assert.IsTrue (!ps.ContainsNonCodeAccessPermissions (), "ContainsNonCodeAccessPermissions");
}
public void PermissionStateUnrestricted ()
{
PermissionSet ps = new PermissionSet (PermissionState.Unrestricted);
Assert ("PermissionStateUnrestricted.IsUnrestricted", ps.IsUnrestricted ());
Assert ("PermissionStateUnrestricted.IsEmpty", !ps.IsEmpty ());
Assert ("PermissionStateUnrestricted.IsReadOnly", !ps.IsReadOnly);
AssertEquals ("PermissionStateUnrestricted.ToXml().ToString()==ToString()", ps.ToXml ().ToString (), ps.ToString ());
}
public void PermissionStateUnrestricted ()
{
PermissionSet ps = new PermissionSet (PermissionState.Unrestricted);
Assert.IsTrue (ps.IsUnrestricted (), "PermissionStateUnrestricted.IsUnrestricted");
Assert.IsTrue (!ps.IsEmpty (), "PermissionStateUnrestricted.IsEmpty");
Assert.IsTrue (!ps.IsReadOnly, "PermissionStateUnrestricted.IsReadOnly");
Assert.AreEqual (ps.ToXml ().ToString (), ps.ToString (), "PermissionStateUnrestricted.ToXml().ToString()==ToString()");
Assert.IsTrue (!ps.ContainsNonCodeAccessPermissions (), "ContainsNonCodeAccessPermissions");
}
public void PermissionSetPermissionSet ()
{
FileDialogPermission fdp = new FileDialogPermission (FileDialogPermissionAccess.Open);
PermissionSet ps1 = new PermissionSet (PermissionState.None);
ps1.AddPermission (fdp);
Assert ("ps1.IsEmpty", !ps1.IsEmpty ());
PermissionSet ps = new PermissionSet (ps1);
Assert ("PermissionSetPermissionSet.IsUnrestricted", !ps.IsUnrestricted ());
Assert ("PermissionSetPermissionSet.IsEmpty", !ps.IsEmpty ());
Assert ("PermissionSetPermissionSet.IsReadOnly", !ps.IsReadOnly);
AssertEquals ("PermissionSetPermissionSet.ToXml().ToString()==ToString()", ps.ToXml ().ToString (), ps.ToString ());
}
public void PermissionSetPermissionSet ()
{
FileDialogPermission fdp = new FileDialogPermission (FileDialogPermissionAccess.Open);
PermissionSet ps1 = new PermissionSet (PermissionState.None);
ps1.AddPermission (fdp);
Assert.IsTrue (!ps1.IsEmpty (), "ps1.IsEmpty");
PermissionSet ps = new PermissionSet (ps1);
Assert.IsTrue (!ps.IsUnrestricted (), "PermissionSetPermissionSet.IsUnrestricted");
Assert.IsTrue (!ps.IsEmpty (), "PermissionSetPermissionSet.IsEmpty");
Assert.IsTrue (!ps.IsReadOnly, "PermissionSetPermissionSet.IsReadOnly");
Assert.AreEqual (ps.ToXml ().ToString (), ps.ToString (), "PermissionSetPermissionSet.ToXml().ToString()==ToString()");
Assert.IsTrue (!ps.ContainsNonCodeAccessPermissions (), "ContainsNonCodeAccessPermissions");
}
public bool IsSubsetOf(PermissionSet target)
{
// if target is empty we must be empty too
if ((target == null) || (target.IsEmpty()))
{
return(this.IsEmpty());
}
// all permissions support unrestricted in 2.0
if (target.IsUnrestricted())
{
return(true);
}
if (this.IsUnrestricted())
{
return(false);
}
public bool IsSubsetOf(PermissionSet target)
{
// if target is empty we must be empty too
if ((target == null) || (target.IsEmpty()))
{
return(this.IsEmpty());
}
// all permissions support unrestricted in 2.0
if (target.IsUnrestricted())
{
return(true);
}
if (this.IsUnrestricted())
{
return(false);
}
if (this.IsUnrestricted() && ((target == null) || !target.IsUnrestricted()))
{
return(false);
}
// if each of our permission is (a) present and (b) a subset of target
foreach (IPermission p in list)
{
// non CAS permissions must be evaluated for unrestricted
Type t = p.GetType();
IPermission i = null;
if (target.IsUnrestricted() && (p is CodeAccessPermission) && (p is IUnrestrictedPermission))
{
i = (IPermission)Activator.CreateInstance(t, psUnrestricted);
}
else
{
i = target.GetPermission(t);
}
if (!p.IsSubsetOf(i))
{
return(false); // not a subset (condition b)
}
}
return(true);
}
// Form the intersection of this permission set and another.
public virtual PermissionSet Intersect(PermissionSet other)
{
PermissionSet pset;
if (other == null)
{
pset = new PermissionSet(PermissionState.None);
}
else if (!IsUnrestricted() || !other.IsUnrestricted())
{
pset = new PermissionSet(PermissionState.None);
}
else
{
pset = new PermissionSet(PermissionState.Unrestricted);
}
if (other == null || other.IsEmpty() || IsEmpty())
{
return(pset);
}
IEnumerator e = other.GetEnumerator();
IPermission permOther, permThis;
int index;
while (e.MoveNext())
{
permOther = (e.Current as IPermission);
if (permOther != null)
{
index = FindPermission(permOther.GetType());
if (index != -1)
{
permThis = (IPermission)(permissions[index]);
permThis = permThis.Intersect(permOther);
if (permThis != null)
{
pset.AddPermission(permThis);
}
}
}
}
return(pset);
}
private static void CheckSetHelper(PermissionSet grants,
PermissionSet denied,
PermissionSet demands)
{
#if _DEBUG
if (debug)
{
DEBUG_OUT("Granted: ");
DEBUG_OUT(grants.ToXml().ToString());
DEBUG_OUT("Denied: ");
DEBUG_OUT(denied != null ? denied.ToXml().ToString() : "<null>");
DEBUG_OUT("Demanded: ");
DEBUG_OUT(demands != null ? demands.ToXml().ToString() : "<null>");
}
#endif
if (demands == null || demands.IsEmpty())
{
return; // demanding the empty set always passes.
}
if (grants == null)
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"));
}
if (!grants.IsUnrestricted() || (denied != null))
{
if (demands.IsUnrestricted())
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"), grants, denied);
}
if (denied != null && denied.IsUnrestricted() && demands.m_unrestrictedPermSet.GetCount() != 0)
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"));
}
CheckTokenBasedSetHelper(grants.IsUnrestricted(), grants.m_unrestrictedPermSet, denied != null ? denied.m_unrestrictedPermSet : null, demands.m_unrestrictedPermSet);
}
CheckTokenBasedSetHelper(false, grants.m_normalPermSet, denied != null ? denied.m_normalPermSet : null, demands.m_normalPermSet);
}
#pragma warning disable 169
private static bool LinkDemandFullTrust(Assembly a)
{
// FullTrust is immutable (and means Unrestricted)
// so we can skip the subset operations and jump to IsUnrestricted.
PermissionSet granted = a.GrantedPermissionSet;
if ((granted != null) && !granted.IsUnrestricted())
{
return(false);
}
PermissionSet denied = a.DeniedPermissionSet;
if ((denied != null) && !denied.IsEmpty())
{
return(false);
}
return(true);
}
public void AddDeclarativeSecurity(SecurityAction action, PermissionSet pset)
{
if (pset == null)
{
throw new ArgumentNullException("pset");
}
this.ThrowIfGeneric();
if ((!Enum.IsDefined(typeof(SecurityAction), action) || (action == SecurityAction.RequestMinimum)) || ((action == SecurityAction.RequestOptional) || (action == SecurityAction.RequestRefuse)))
{
throw new ArgumentOutOfRangeException("action");
}
this.m_containingType.ThrowIfCreated();
byte[] blob = null;
int cb = 0;
if (!pset.IsEmpty())
{
blob = pset.EncodeXml();
cb = blob.Length;
}
TypeBuilder.AddDeclarativeSecurity(this.m_module.GetNativeHandle(), this.MetadataTokenInternal, action, blob, cb);
}
internal static bool TryResolveGrantSet(Evidence evidence, out PermissionSet grantSet)
{
HostSecurityManager hostSecurityManager = AppDomain.CurrentDomain.HostSecurityManager;
if (evidence.GetHostEvidence <GacInstalled>() != null)
{
grantSet = new PermissionSet(PermissionState.Unrestricted);
return(true);
}
if ((hostSecurityManager.Flags & HostSecurityManagerOptions.HostResolvePolicy) == HostSecurityManagerOptions.HostResolvePolicy)
{
PermissionSet target = hostSecurityManager.ResolvePolicy(evidence);
if (target == null)
{
throw new PolicyException(Environment.GetResourceString("Policy_NullHostGrantSet", new object[] { hostSecurityManager.GetType().FullName }));
}
if (AppDomain.CurrentDomain.IsHomogenous)
{
if (target.IsEmpty())
{
throw new PolicyException(Environment.GetResourceString("Policy_NoExecutionPermission"));
}
PermissionSet permissionSet = AppDomain.CurrentDomain.ApplicationTrust.DefaultGrantSet.PermissionSet;
if (!(target.IsUnrestricted() || (target.IsSubsetOf(permissionSet) && permissionSet.IsSubsetOf(target))))
{
throw new PolicyException(Environment.GetResourceString("Policy_GrantSetDoesNotMatchDomain", new object[] { hostSecurityManager.GetType().FullName }));
}
}
grantSet = target;
return(true);
}
if (AppDomain.CurrentDomain.IsHomogenous)
{
grantSet = AppDomain.CurrentDomain.GetHomogenousGrantSet(evidence);
return(true);
}
grantSet = null;
return(false);
}
public PermissionSet Intersect(PermissionSet other)
{
// no intersection possible
if ((other == null) || (other.IsEmpty()) || (this.IsEmpty()))
{
return(null);
}
PermissionState state = PermissionState.None;
if (this.IsUnrestricted() && other.IsUnrestricted())
{
state = PermissionState.Unrestricted;
}
PermissionSet interSet = null;
// much simpler with 2.0
if (state == PermissionState.Unrestricted)
{
interSet = new PermissionSet(state);
}
else if (this.IsUnrestricted())
{
interSet = other.Copy();
}
else if (other.IsUnrestricted())
{
interSet = this.Copy();
}
else
{
interSet = new PermissionSet(state);
InternalIntersect(interSet, this, other, false);
}
return(interSet);
}
public void FromXmlOne ()
{
FileDialogPermission fdp = new FileDialogPermission (FileDialogPermissionAccess.Open);
PermissionSet ps1 = new PermissionSet (PermissionState.None);
ps1.AddPermission (fdp);
Assert.IsTrue (!ps1.IsEmpty (), "ps1.IsEmpty");
PermissionSet ps = new PermissionSet (ps1);
SecurityElement se = ps.ToXml ();
Assert.IsNotNull (se, "One.ToXml()");
Assert.AreEqual (1, ps.Count, "One.Count");
PermissionSet ps2 = (PermissionSet) ps.Copy ();
ps2.FromXml (se);
Assert.IsTrue (!ps2.IsUnrestricted () , "FromXml-Copy.IsUnrestricted");
Assert.AreEqual (1, ps2.Count, "Copy.Count");
se.AddAttribute ("Unrestricted", "true");
ps2.FromXml (se);
Assert.IsTrue (ps2.IsUnrestricted (), "FromXml-Unrestricted.IsUnrestricted");
#if NET_2_0
Assert.AreEqual (0, ps2.Count, "Unrestricted.Count");
#else
// IPermission not shown in XML but still present in Count
Assert.AreEqual (1, ps2.Count, "Unrestricted.Count");
#endif
}
public void AddPermission_NonCasPermission ()
{
PermissionSet ps = new PermissionSet (PermissionState.None);
ps.AddPermission (new PrincipalPermission ("name", "role"));
Assert.AreEqual (1, ps.Count, "Count");
Assert.IsTrue (!ps.IsEmpty (), "IsEmpty");
}
[System.Security.SecurityCritical] // auto-generated
private void AddDeclarativeSecurityNoLock(SecurityAction action, PermissionSet pset)
{
if (pset == null)
throw new ArgumentNullException("pset");
#pragma warning disable 618
if (!Enum.IsDefined(typeof(SecurityAction), action) ||
action == SecurityAction.RequestMinimum ||
action == SecurityAction.RequestOptional ||
action == SecurityAction.RequestRefuse)
{
throw new ArgumentOutOfRangeException("action");
}
#pragma warning restore 618
Contract.EndContractBlock();
ThrowIfCreated();
// Translate permission set into serialized format(uses standard binary serialization format).
byte[] blob = null;
int length = 0;
if (!pset.IsEmpty())
{
blob = pset.EncodeXml();
length = blob.Length;
}
// Write the blob into the metadata.
AddDeclarativeSecurity(m_module.GetNativeHandle(), m_tdType.Token, action, blob, length);
}
[System.Security.SecurityCritical] // auto-generated
static private PermissionSet ResolvePolicy(Evidence evidence,
PermissionSet reqdPset,
PermissionSet optPset,
PermissionSet denyPset,
out PermissionSet denied,
bool checkExecutionPermission)
{
Contract.Assert(AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled);
if (executionSecurityPermission == null)
{
executionSecurityPermission = new SecurityPermission(SecurityPermissionFlag.Execution);
}
PermissionSet requested = null;
PermissionSet optional;
PermissionSet allowed;
Exception savedException = null;
// We don't want to recurse back into here as a result of a
// stackwalk during resolution. So simply assert full trust (this
// implies that custom permissions cannot use any permissions that
// don't implement IUnrestrictedPermission.
// PermissionSet.s_fullTrust.Assert();
// The requested set is the union of the minimal request and the
// optional request. Minimal request defaults to empty, optional
// is "AllPossible" (includes any permission that can be defined)
// which is symbolized by null.
optional = optPset;
if (reqdPset == null)
{
requested = optional;
}
else
{
// If optional is null, the requested set becomes null/"AllPossible".
requested = optional == null ? null : reqdPset.Union(optional);
}
// Make sure that the right to execute is requested (if this feature is
// enabled).
if (requested != null && !requested.IsUnrestricted())
{
requested.AddPermission(executionSecurityPermission);
}
// If we aren't passed any evidence, just make an empty object
if (evidence == null)
{
evidence = new Evidence();
}
allowed = polmgr.Resolve(evidence);
// Intersect the grant with the RequestOptional
if (requested != null)
{
allowed.InplaceIntersect(requested);
}
// Check that we were granted the right to execute.
if (checkExecutionPermission)
{
if (!allowed.Contains(executionSecurityPermission) ||
(denyPset != null && denyPset.Contains(executionSecurityPermission)))
{
throw new PolicyException(Environment.GetResourceString("Policy_NoExecutionPermission"),
System.__HResults.CORSEC_E_NO_EXEC_PERM,
savedException);
}
}
// Check that we were granted at least the minimal set we asked for. Do
// this before pruning away any overlap with the refused set so that
// users have the flexability of defining minimal permissions that are
// only expressable as set differences (e.g. allow access to "C:\" but
// disallow "C:\Windows").
if (reqdPset != null && !reqdPset.IsSubsetOf(allowed))
{
BCLDebug.Assert(AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled, "Evaluating assembly level declarative security without legacy CAS policy enabled");
throw new PolicyException(Environment.GetResourceString("Policy_NoRequiredPermission"),
System.__HResults.CORSEC_E_MIN_GRANT_FAIL,
savedException);
}
// Remove any granted permissions that are safe subsets of some denied
// permission. The remaining denied permissions (if any) are returned
// along with the modified grant set for use in checks.
if (denyPset != null)
{
BCLDebug.Assert(AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled, "Evaluating assembly level declarative security without legacy CAS policy enabled");
denied = denyPset.Copy();
allowed.MergeDeniedSet(denied);
if (denied.IsEmpty())
{
denied = null;
}
}
else
{
denied = null;
}
allowed.IgnoreTypeLoadFailures = true;
return(allowed);
}
private static bool FrameDescSetHelper(FrameSecurityDescriptor secDesc,
PermissionSet demandSet,
out PermissionSet alteredDemandSet)
{
PermissionSet permSet;
// In the common case we are not going to alter the demand set, so just to
// be safe we'll set it to null up front.
// There's some oddness in here to deal with exceptions. The general idea behind
// this is that we need some way of dealing with custom permissions that may not
// handle all possible scenarios of Union(), Intersect(), and IsSubsetOf() properly
// (they don't support it, throw null reference exceptions, etc.).
alteredDemandSet = null;
// An empty demand always succeeds.
if (demandSet == null || demandSet.IsEmpty())
{
return(StackHalt);
}
// In the case of permit only, we define an exception to be failure of the check
// and therefore we throw a security exception.
try
{
permSet = secDesc.GetPermitOnly();
if (permSet != null)
{
if (!demandSet.IsSubsetOf(permSet))
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"));
}
}
}
catch (Exception)
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"));
}
// In the case of denial, we define an exception to be failure of the check
// and therefore we throw a security exception.
try
{
permSet = secDesc.GetDenials();
#if _DEBUG
if (debug)
{
DEBUG_OUT("Checking Denials");
DEBUG_OUT("denials set =\n" + permSet.ToXml().ToString());
DEBUG_OUT("demandSet =\n" + demandSet.ToXml().ToString());
}
#endif
if (permSet != null)
{
PermissionSet intersection = demandSet.Intersect(permSet);
if (intersection != null && !intersection.IsEmpty())
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"));
}
}
}
catch (Exception)
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"));
}
// The assert case is more complex. Since asserts have the ability to "bleed through"
// (where part of a demand is handled by an assertion, but the rest is passed on to
// continue the stackwalk), we need to be more careful in handling the "failure" case.
// Therefore, if an exception is thrown in performing any operation, we make sure to keep
// that permission in the demand set thereby continuing the demand for that permission
// walking down the stack.
if (secDesc.GetAssertAllPossible())
{
return(StackHalt);
}
permSet = secDesc.GetAssertions();
if (permSet != null)
{
// If this frame asserts a superset of the demand set we're done
try
{
if (demandSet.IsSubsetOf(permSet))
{
return(StackHalt);
}
}
catch (Exception)
{
}
// Determine whether any of the demand set asserted. We do this by
// copying the demand set and removing anything in it that is asserted.
if (!permSet.IsUnrestricted())
{
PermissionSetEnumerator enumerator = (PermissionSetEnumerator)demandSet.GetEnumerator();
while (enumerator.MoveNext())
{
IPermission perm
= (IPermission)enumerator.Current;
int i = enumerator.GetCurrentIndex();
if (perm != null)
{
bool unrestricted = perm is System.Security.Permissions.IUnrestrictedPermission;
IPermission assertPerm
= (IPermission)permSet.GetPermission(i, unrestricted);
bool removeFromAlteredDemand = false;
try
{
removeFromAlteredDemand = perm.IsSubsetOf(assertPerm);
}
catch (Exception)
{
}
if (removeFromAlteredDemand)
{
if (alteredDemandSet == null)
{
alteredDemandSet = demandSet.Copy();
}
alteredDemandSet.RemovePermission(i, unrestricted);
}
}
}
}
}
return(StackContinue);
}
public void AddDeclarativeSecurity(SecurityAction action, PermissionSet pset)
{
ThrowIfGeneric ();
if (pset == null)
throw new ArgumentNullException("pset");
if (!Enum.IsDefined(typeof(SecurityAction), action) ||
action == SecurityAction.RequestMinimum ||
action == SecurityAction.RequestOptional ||
action == SecurityAction.RequestRefuse )
throw new ArgumentOutOfRangeException("action");
// cannot declarative security after type is created
m_containingType.ThrowIfCreated();
// Translate permission set into serialized format (uses standard binary serialization format).
byte[] blob = null;
if (!pset.IsEmpty())
blob = pset.EncodeXml();
// Write the blob into the metadata.
TypeBuilder.InternalAddDeclarativeSecurity (m_module, MetadataTokenInternal, action, blob);
}
[System.Security.SecurityCritical] // auto-generated
static private PermissionSet ResolvePolicy(Evidence evidence,
PermissionSet reqdPset,
PermissionSet optPset,
PermissionSet denyPset,
out PermissionSet denied,
bool checkExecutionPermission)
{
Contract.Assert(AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled);
if (executionSecurityPermission == null)
executionSecurityPermission = new SecurityPermission(SecurityPermissionFlag.Execution);
PermissionSet requested = null;
PermissionSet optional;
PermissionSet allowed;
Exception savedException = null;
// We don't want to recurse back into here as a result of a
// stackwalk during resolution. So simply assert full trust (this
// implies that custom permissions cannot use any permissions that
// don't implement IUnrestrictedPermission.
// PermissionSet.s_fullTrust.Assert();
// The requested set is the union of the minimal request and the
// optional request. Minimal request defaults to empty, optional
// is "AllPossible" (includes any permission that can be defined)
// which is symbolized by null.
optional = optPset;
if (reqdPset == null)
requested = optional;
else
// If optional is null, the requested set becomes null/"AllPossible".
requested = optional == null ? null : reqdPset.Union(optional);
// Make sure that the right to execute is requested (if this feature is
// enabled).
if (requested != null && !requested.IsUnrestricted())
requested.AddPermission( executionSecurityPermission );
// If we aren't passed any evidence, just make an empty object
if (evidence == null)
{
evidence = new Evidence();
}
allowed = polmgr.Resolve(evidence);
// Intersect the grant with the RequestOptional
if (requested != null)
allowed.InplaceIntersect(requested);
// Check that we were granted the right to execute.
if (checkExecutionPermission)
{
if (!allowed.Contains(executionSecurityPermission) ||
(denyPset != null && denyPset.Contains(executionSecurityPermission)))
{
throw new PolicyException(Environment.GetResourceString("Policy_NoExecutionPermission"),
System.__HResults.CORSEC_E_NO_EXEC_PERM,
savedException);
}
}
// Check that we were granted at least the minimal set we asked for. Do
// this before pruning away any overlap with the refused set so that
// users have the flexability of defining minimal permissions that are
// only expressable as set differences (e.g. allow access to "C:\" but
// disallow "C:\Windows").
if (reqdPset != null && !reqdPset.IsSubsetOf(allowed))
{
BCLDebug.Assert(AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled, "Evaluating assembly level declarative security without legacy CAS policy enabled");
throw new PolicyException(Environment.GetResourceString( "Policy_NoRequiredPermission" ),
System.__HResults.CORSEC_E_MIN_GRANT_FAIL,
savedException );
}
// Remove any granted permissions that are safe subsets of some denied
// permission. The remaining denied permissions (if any) are returned
// along with the modified grant set for use in checks.
if (denyPset != null)
{
BCLDebug.Assert(AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled, "Evaluating assembly level declarative security without legacy CAS policy enabled");
denied = denyPset.Copy();
allowed.MergeDeniedSet(denied);
if (denied.IsEmpty())
denied = null;
}
else
denied = null;
allowed.IgnoreTypeLoadFailures = true;
return allowed;
}
internal static bool TryResolveGrantSet(Evidence evidence, out PermissionSet grantSet)
{
Contract.Assert(evidence != null);
HostSecurityManager securityManager = AppDomain.CurrentDomain.HostSecurityManager;
// GAC assemblies always are fully trusted
if (evidence.GetHostEvidence <GacInstalled>() != null)
{
grantSet = new PermissionSet(PermissionState.Unrestricted);
return(true);
}
// If the host wants to participate in policy resolution, then our next option is to ask it for
// a grant set
else if ((securityManager.Flags & HostSecurityManagerOptions.HostResolvePolicy) == HostSecurityManagerOptions.HostResolvePolicy)
{
PermissionSet hostGrantSet = securityManager.ResolvePolicy(evidence);
if (hostGrantSet == null)
{
throw new PolicyException(Environment.GetResourceString("Policy_NullHostGrantSet", securityManager.GetType().FullName));
}
// If we're in a homogenous domain, we don't want to allow the host to create multiple
// levels of permissions within the domain. So, if we see the host return something other
// than full trust or the homogenous grant set, we reject the grant set.
if (AppDomain.CurrentDomain.IsHomogenous)
{
// Some hosts, such as ASP.NET, return Nothing as a way of saying that the assembly should
// not be allowed to run in the AppDomain. Reject that with a specific
// no-execution-allowed-here exception message, rather than the return value validation
// exception message we'd hit below.
if (hostGrantSet.IsEmpty())
{
throw new PolicyException(Environment.GetResourceString("Policy_NoExecutionPermission"));
}
PermissionSet homogenousGrantSet = AppDomain.CurrentDomain.ApplicationTrust.DefaultGrantSet.PermissionSet;
bool isValidGrantSet = hostGrantSet.IsUnrestricted() ||
(hostGrantSet.IsSubsetOf(homogenousGrantSet) && homogenousGrantSet.IsSubsetOf(hostGrantSet));
if (!isValidGrantSet)
{
throw new PolicyException(Environment.GetResourceString("Policy_GrantSetDoesNotMatchDomain", securityManager.GetType().FullName));
}
}
grantSet = hostGrantSet;
return(true);
}
// If we're in a homogenous domain, we can get the grant set directly from the application trust
else if (AppDomain.CurrentDomain.IsHomogenous)
{
grantSet = AppDomain.CurrentDomain.GetHomogenousGrantSet(evidence);
return(true);
}
// Otherwise we have no way to figure out what the grant set is
else
{
grantSet = null;
return(false);
}
}
internal static int GetSpecialFlags(PermissionSet grantSet, PermissionSet deniedSet)
{
if (((grantSet != null) && grantSet.IsUnrestricted()) && ((deniedSet == null) || deniedSet.IsEmpty()))
{
return(-1);
}
SecurityPermission permission = null;
SecurityPermissionFlag noFlags = SecurityPermissionFlag.NoFlags;
ReflectionPermission permission2 = null;
ReflectionPermissionFlag reflectionPermissionFlags = ReflectionPermissionFlag.NoFlags;
CodeAccessPermission[] permissionArray = new CodeAccessPermission[6];
if (grantSet != null)
{
if (grantSet.IsUnrestricted())
{
noFlags = SecurityPermissionFlag.AllFlags;
reflectionPermissionFlags = ReflectionPermissionFlag.RestrictedMemberAccess | ReflectionPermissionFlag.AllFlags;
for (int i = 0; i < permissionArray.Length; i++)
{
permissionArray[i] = s_UnrestrictedSpecialPermissionMap[i];
}
}
else
{
permission = grantSet.GetPermission(6) as SecurityPermission;
if (permission != null)
{
noFlags = permission.Flags;
}
permission2 = grantSet.GetPermission(4) as ReflectionPermission;
if (permission2 != null)
{
reflectionPermissionFlags = permission2.Flags;
}
for (int j = 0; j < permissionArray.Length; j++)
{
permissionArray[j] = grantSet.GetPermission(s_BuiltInPermissionIndexMap[j][0]) as CodeAccessPermission;
}
}
}
if (deniedSet != null)
{
if (deniedSet.IsUnrestricted())
{
noFlags = SecurityPermissionFlag.NoFlags;
reflectionPermissionFlags = ReflectionPermissionFlag.NoFlags;
for (int k = 0; k < s_BuiltInPermissionIndexMap.Length; k++)
{
permissionArray[k] = null;
}
}
else
{
permission = deniedSet.GetPermission(6) as SecurityPermission;
if (permission != null)
{
noFlags &= ~permission.Flags;
}
permission2 = deniedSet.GetPermission(4) as ReflectionPermission;
if (permission2 != null)
{
reflectionPermissionFlags &= ~permission2.Flags;
}
for (int m = 0; m < s_BuiltInPermissionIndexMap.Length; m++)
{
CodeAccessPermission permission3 = deniedSet.GetPermission(s_BuiltInPermissionIndexMap[m][0]) as CodeAccessPermission;
if ((permission3 != null) && !permission3.IsSubsetOf(null))
{
permissionArray[m] = null;
}
}
}
}
int num5 = MapToSpecialFlags(noFlags, reflectionPermissionFlags);
if (num5 != -1)
{
for (int n = 0; n < permissionArray.Length; n++)
{
if ((permissionArray[n] != null) && ((IUnrestrictedPermission)permissionArray[n]).IsUnrestricted())
{
num5 |= ((int)1) << s_BuiltInPermissionIndexMap[n][1];
}
}
}
return(num5);
}
public bool CheckSetDemandInternal(PermissionSet permSet, bool createException, out Exception exception, bool bNeedAlteredSet, out PermissionSet alteredSet)
{
alteredSet = null;
BCLDebug.Assert(permSet != null, "permSet != null");
// If the compressed stack is not unrestricted and the demand is
// then we just throw an exception.
if (!this.m_unrestricted && permSet.IsUnrestricted())
{
if (createException)
{
exception = new SecurityException(Environment.GetResourceString("Security_GenericNoType"));
}
else
{
exception = GetStaticException();
}
return(false);
}
TokenBasedSet normalAlteredSet = null;
TokenBasedSet unrestrictedAlteredSet = null;
// Check the "normal" permissions since we always know we have to check them.
bool normalContinue = CheckTokenBasedSets(this.m_normalPermSet, permSet.m_normalPermSet, false, PermissionListSetState.None, createException, out exception, bNeedAlteredSet, out normalAlteredSet);
if (exception != null)
{
return(false);
}
bool unrestrictedContinue = CheckTokenBasedSets(this.m_unrestrictedPermSet, permSet.m_unrestrictedPermSet, m_unrestricted, m_state, createException, out exception, bNeedAlteredSet, out unrestrictedAlteredSet);
if (exception != null)
{
return(false);
}
if ((m_state & PermissionListSetState.UnrestrictedAssert) != 0)
{
// If we are unrestricted, we want to terminate the stack walk based
// on us having an unrestricted assert.
if (bNeedAlteredSet)
{
unrestrictedAlteredSet = new TokenBasedSet(1, 4);
}
unrestrictedContinue = false;
}
if (normalContinue || unrestrictedContinue)
{
if (!bNeedAlteredSet)
{
return(true);
}
// If we need to continue, let's build the altered set. We only
// need to do this if 1) our original demand is not unrestricted
// and 2) if we have altered token based sets.
if (!permSet.IsUnrestricted())
{
if (normalAlteredSet != null || unrestrictedAlteredSet != null)
{
alteredSet = new PermissionSet(false);
if (normalAlteredSet != null)
{
alteredSet.m_normalPermSet = normalAlteredSet;
}
else
{
alteredSet.m_normalPermSet = CopyTokenBasedSet(permSet.m_normalPermSet);
}
if (unrestrictedAlteredSet != null)
{
alteredSet.m_unrestrictedPermSet = unrestrictedAlteredSet;
}
else
{
alteredSet.m_unrestrictedPermSet = CopyTokenBasedSet(permSet.m_unrestrictedPermSet);
}
if (alteredSet.IsEmpty())
{
return(false);
}
}
}
return(true);
}
else
{
return(false);
}
}
// Treating the current permission set as a grant set, and the input set as
// a set of permissions to be denied, try to cancel out as many permissions
// from both sets as possible. For a first cut, any granted permission that
// is a safe subset of the corresponding denied permission can result in
// that permission being removed from both sides.
internal virtual void MergeDeniedSet(PermissionSet denied)
{
if (denied.IsEmpty())
{
return;
}
m_CheckedForNonCas = false;
if (!m_Unrestricted)
{
if (this.m_unrestrictedPermSet != null)
this.m_unrestrictedPermSet.MergeDeniedSet( denied.m_unrestrictedPermSet );
}
if (this.m_normalPermSet != null)
this.m_normalPermSet.MergeDeniedSet( denied.m_normalPermSet );
}
private static PermissionSet ResolvePolicy(Evidence evidence, PermissionSet reqdPset, PermissionSet optPset, PermissionSet denyPset, out PermissionSet denied, bool checkExecutionPermission)
{
if (executionSecurityPermission == null)
{
executionSecurityPermission = new SecurityPermission(SecurityPermissionFlag.Execution);
}
PermissionSet other = null;
Exception exception = null;
PermissionSet set2 = optPset;
if (reqdPset == null)
{
other = set2;
}
else
{
other = (set2 == null) ? null : reqdPset.Union(set2);
}
if ((other != null) && !other.IsUnrestricted())
{
other.AddPermission(executionSecurityPermission);
}
if (evidence == null)
{
evidence = new Evidence();
}
PermissionSet target = polmgr.Resolve(evidence);
if (other != null)
{
target.InplaceIntersect(other);
}
if (checkExecutionPermission && (!target.Contains(executionSecurityPermission) || ((denyPset != null) && denyPset.Contains(executionSecurityPermission))))
{
throw new PolicyException(Environment.GetResourceString("Policy_NoExecutionPermission"), -2146233320, exception);
}
if ((reqdPset != null) && !reqdPset.IsSubsetOf(target))
{
throw new PolicyException(Environment.GetResourceString("Policy_NoRequiredPermission"), -2146233321, exception);
}
if (denyPset != null)
{
denied = denyPset.Copy();
target.MergeDeniedSet(denied);
if (denied.IsEmpty())
{
denied = null;
}
}
else
{
denied = null;
}
target.IgnoreTypeLoadFailures = true;
return target;
}
// Given a set of evidence and some permission requests, resolve policy
// and compare the result against the given grant & deny sets. Return
// whether the two are equivalent.
static private bool CheckGrantSets(Evidence evidence,
PermissionSet minimal,
PermissionSet optional,
PermissionSet refused,
PermissionSet granted,
PermissionSet denied)
{
PermissionSet newGranted = null;
PermissionSet newDenied = null;
int isUnrestricted;
try {
newGranted = ResolvePolicy(evidence,
minimal,
optional,
refused,
out newDenied,
out isUnrestricted,
true);
} catch {
return(false);
}
if (granted == null)
{
if ((newGranted != null) && !newGranted.IsEmpty())
{
return(false);
}
}
else
{
if (newGranted == null)
{
return(granted.IsEmpty());
}
try
{
if (!granted.IsSubsetOf(newGranted) ||
!newGranted.IsSubsetOf(granted))
{
return(false);
}
}
catch (Exception)
{
// We catch any exception and just return false.
// This has to be done because not all permissions
// may support the IsSubsetOf operation.
return(false);
}
}
if (denied == null)
{
if ((newDenied != null) && !newDenied.IsEmpty())
{
return(false);
}
}
else
{
if (newDenied == null)
{
return(denied.IsEmpty());
}
try
{
if (!denied.IsSubsetOf(newDenied) ||
!newDenied.IsSubsetOf(denied))
{
return(false);
}
}
catch (Exception)
{
// We catch any exception and just return false.
// This has to be done because not all permissions
// may support the IsSubsetOf operation.
return(false);
}
}
return(true);
}
public PermissionSet Resolve(Evidence evidence, PermissionSet request)
{
#if _DEBUG
if (debug)
{
DEBUG_OUT("PolicyManager::Resolve");
IEnumerator evidenceEnumerator = evidence.GetEnumerator();
DEBUG_OUT("Evidence:");
while (evidenceEnumerator.MoveNext())
{
Object obj = evidenceEnumerator.Current;
if (obj is Site)
{
DEBUG_OUT(((Site)obj).ToXml().ToString());
}
else if (obj is Zone)
{
DEBUG_OUT(((Zone)obj).ToXml().ToString());
}
else if (obj is Url)
{
DEBUG_OUT(((Url)obj).ToXml().ToString());
}
else if (obj is StrongName)
{
DEBUG_OUT(((StrongName)obj).ToXml().ToString());
}
else if (obj is PermissionRequestEvidence)
{
DEBUG_OUT(((PermissionRequestEvidence)obj).ToXml().ToString());
}
}
}
#endif
// We set grant to null to represent "AllPossible"
PermissionSet grant = null;
PolicyStatement policy;
PolicyLevel currentLevel = null;
IEnumerator levelEnumerator = m_levels.GetEnumerator();
char[] serializedEvidence = MakeEvidenceArray(evidence, false);
int count = evidence.Count;
bool testApplicationLevels = false;
while (levelEnumerator.MoveNext())
{
currentLevel = (PolicyLevel)levelEnumerator.Current;
policy = currentLevel.Resolve(evidence, count, serializedEvidence);
// If the grant is "AllPossible", the intersection is just the other permission set.
// Otherwise, do an inplace intersection (since we know we can alter the grant set since
// it is a copy of the first policy statement's permission set).
if (grant == null)
{
grant = policy.PermissionSet;
}
else
{
// An exception somewhere in here means that a permission
// failed some operation. This simply means that it will be
// dropped from the grant set which is safe operation that
// can be ignored.
try
{
grant.InplaceIntersect(policy.GetPermissionSetNoCopy());
}
catch (Exception)
{
}
}
#if _DEBUG
if (debug)
{
DEBUG_OUT("Level = " + currentLevel.Label);
DEBUG_OUT("policy =\n" + policy.ToXml().ToString());
DEBUG_OUT("grant so far =\n" + grant.ToXml().ToString());
}
#endif
if (grant.IsEmpty())
{
break;
}
else if ((policy.Attributes & PolicyStatementAttribute.LevelFinal) == PolicyStatementAttribute.LevelFinal)
{
if (!currentLevel.Label.Equals("AppDomain"))
{
testApplicationLevels = true;
}
break;
}
}
if (testApplicationLevels)
{
PolicyLevel appDomainLevel = null;
for (int i = m_levels.Count - 1; i >= 0; --i)
{
currentLevel = (PolicyLevel)m_levels[i];
if (currentLevel.Label.Equals("AppDomain"))
{
appDomainLevel = currentLevel;
break;
}
}
if (appDomainLevel != null)
{
policy = appDomainLevel.Resolve(evidence, count, serializedEvidence);
grant.InplaceIntersect(policy.GetPermissionSetNoCopy());
}
}
#if _DEBUG
if (debug)
{
DEBUG_OUT("granted =\n" + grant.ToString());
DEBUG_OUT("request =\n" + (request != null ? request.ToString() : "<null>"));
DEBUG_OUT("awarded =\n" + (request != null ? grant.Intersect(request).ToString() : grant.ToString()));
}
#endif
try
{
if (request != null)
{
grant.InplaceIntersect(request);
}
}
catch (Exception)
{
}
#if _DEBUG
if (debug)
{
DEBUG_OUT("granted after intersect w/ request =\n" + grant.ToString());
}
#endif
// Each piece of evidence can possibly create an identity permission that we
// need to add to our grant set. Therefore, for all pieces of evidence that
// implement the IIdentityPermissionFactory interface, ask it for its
// adjoining identity permission and add it to the grant.
IEnumerator enumerator = evidence.GetHostEnumerator();
while (enumerator.MoveNext())
{
try
{
Object obj = enumerator.Current;
IIdentityPermissionFactory factory = obj as IIdentityPermissionFactory;
if (factory != null)
{
IPermission perm = factory.CreateIdentityPermission(evidence);
if (perm != null)
{
grant.AddPermission(perm);
}
}
}
catch (Exception)
{
}
}
#if _DEBUG
if (debug)
{
DEBUG_OUT("awarded with identity =\n" + grant.ToString());
}
#endif
return(grant);
}
private PermissionSet GetCasOnlySet()
{
if (!this.m_ContainsNonCas)
{
return this;
}
if (this.IsUnrestricted())
{
return this;
}
PermissionSet set = new PermissionSet(false);
PermissionSetEnumeratorInternal internal2 = new PermissionSetEnumeratorInternal(this);
while (internal2.MoveNext())
{
IPermission current = (IPermission) internal2.Current;
if (current is CodeAccessPermission)
{
set.AddPermission(current);
}
}
set.m_CheckedForNonCas = true;
set.m_ContainsCas = !set.IsEmpty();
set.m_ContainsNonCas = false;
return set;
}
static private PermissionSet ResolvePolicy(Evidence evidence,
PermissionSet reqdPset,
PermissionSet optPset,
PermissionSet denyPset,
out PermissionSet denied,
bool checkExecutionPermission)
{
PermissionSet requested;
PermissionSet optional;
PermissionSet allowed;
Exception savedException = null;
// We don't want to recurse back into here as a result of a
// stackwalk during resolution. So simply assert full trust (this
// implies that custom permissions cannot use any permissions that
// don't implement IUnrestrictedPermission.
// PermissionSet.s_fullTrust.Assert();
// The requested set is the union of the minimal request and the
// optional request. Minimal request defaults to empty, optional
// is "AllPossible" (includes any permission that can be defined)
// which is symbolized by null.
optional = optPset;
if (reqdPset == null)
{
requested = optional;
}
else
{
// If optional is null, the requested set becomes null/"AllPossible".
requested = optional == null ? null : reqdPset.Union(optional);
}
// Make sure that the right to execute is requested (if this feature is
// enabled).
if (requested != null && !requested.IsUnrestricted() && CheckExecution())
{
requested.AddPermission(executionSecurityPermission);
}
if (InitPolicy())
{
// If we aren't passed any evidence, just make an empty object
// If we are passed evidence, copy it before passing it
// to the policy manager.
// Note: this is not a deep copy, the pieces of evidence within the
// Evidence object can still be altered and affect the originals.
if (evidence == null)
{
evidence = new Evidence();
}
else
{
evidence = evidence.ShallowCopy();
}
evidence.AddHost(new PermissionRequestEvidence(reqdPset, optPset, denyPset));
// We need to make sure that no stray exceptions come out of Resolve so
// we wrap it in a try block.
try
{
allowed = polmgr.Resolve(evidence, requested);
}
catch (Exception e)
{
#if _DEBUG
if (debug)
{
DEBUG_OUT("Exception during resolve");
DEBUG_OUT(e.GetType().FullName);
DEBUG_OUT(e.Message);
DEBUG_OUT(e.StackTrace);
}
#endif
// If we get a policy exception, we are done are we are going to fail to
// load no matter what.
if (e is PolicyException)
{
throw e;
}
// If we get any other kid of exception, we set the allowed set to the
// empty set and continue processing as normal. This allows assemblies
// that make no request to be loaded but blocks any assembly that
// makes a request from being loaded. This seems like a valid design to
// me -- gregfee 6/19/2000
savedException = e;
allowed = new PermissionSet();
}
}
else
{
denied = null;
return(null);
}
#if _DEBUG
if (debug)
{
DEBUG_OUT("ResolvePolicy:");
IEnumerator enumerator = evidence.GetEnumerator();
DEBUG_OUT("Evidence:");
while (enumerator.MoveNext())
{
Object obj = enumerator.Current;
if (obj is Site)
{
DEBUG_OUT(((Site)obj).ToXml().ToString());
}
else if (obj is Zone)
{
DEBUG_OUT(((Zone)obj).ToXml().ToString());
}
else if (obj is Url)
{
DEBUG_OUT(((Url)obj).ToXml().ToString());
}
else if (obj is Publisher)
{
DEBUG_OUT(((Publisher)obj).ToXml().ToString());
}
else if (obj is StrongName)
{
DEBUG_OUT(((StrongName)obj).ToXml().ToString());
}
else if (obj is PermissionRequestEvidence)
{
DEBUG_OUT(((PermissionRequestEvidence)obj).ToXml().ToString());
}
}
DEBUG_OUT("Required permissions:");
DEBUG_OUT(reqdPset != null ? reqdPset.ToString() : "<null>");
DEBUG_OUT("Optional permissions:");
DEBUG_OUT(optPset != null ? optPset.ToString() : "<null>");
DEBUG_OUT("Denied permissions:");
DEBUG_OUT(denyPset != null ? denyPset.ToString() : "<null>");
DEBUG_OUT("Requested permissions:");
DEBUG_OUT(requested != null ? requested.ToString() : "<null>");
DEBUG_OUT("Granted permissions:");
DEBUG_OUT(allowed != null ? allowed.ToString() : "<null>");
}
#endif
// Check that we were granted the right to execute.
if (!allowed.IsUnrestricted() && checkExecutionPermission && CheckExecution())
{
SecurityPermission secPerm = (SecurityPermission)allowed.GetPermission(securityPermissionType);
if (secPerm == null || !executionSecurityPermission.IsSubsetOf(secPerm))
{
#if _DEBUG
DEBUG_OUT("No execute permission");
#endif
throw new PolicyException(Environment.GetResourceString("Policy_NoExecutionPermission"),
System.__HResults.CORSEC_E_NO_EXEC_PERM,
savedException);
}
}
// Check that we were granted at least the minimal set we asked for. Do
// this before pruning away any overlap with the refused set so that
// users have the flexability of defining minimal permissions that are
// only expressable as set differences (e.g. allow access to "C:\" but
// disallow "C:\Windows").
if (reqdPset != null && !reqdPset.IsSubsetOf(allowed))
{
#if _DEBUG
DEBUG_OUT("Didn't get required permissions");
#endif
throw new PolicyException(Environment.GetResourceString("Policy_NoRequiredPermission"),
System.__HResults.CORSEC_E_MIN_GRANT_FAIL,
savedException);
}
// Remove any granted permissions that are safe subsets of some denied
// permission. The remaining denied permissions (if any) are returned
// along with the modified grant set for use in checks.
if (denyPset != null)
{
denied = denyPset.Copy();
allowed.MergeDeniedSet(denied);
if (denied.IsEmpty())
{
denied = null;
}
}
else
{
denied = null;
}
#if _DEBUG
if (debug)
{
DEBUG_OUT("Final denied permissions:");
DEBUG_OUT(denied != null ? denied.ToString() : "<null>");
}
#endif
return(allowed);
}
public void IsEmpty_Unrestricted ()
{
PermissionSet ps = new PermissionSet (PermissionState.Unrestricted);
Assert.IsTrue (!ps.IsEmpty (), "Unrestricted.IsEmpty");
ps.AddPermission (new ZoneIdentityPermission (SecurityZone.NoZone));
#if NET_2_0
// Identity permissions aren't added to unrestricted permission sets in 2.0
Assert.AreEqual (0, ps.Count, "Count==0");
#else
Assert.AreEqual (1, ps.Count, "Count==1");
#endif
Assert.IsTrue (!ps.IsEmpty ()); // yes empty!, "Zip.IsEmpty");
}
internal static int GetSpecialFlags (PermissionSet grantSet, PermissionSet deniedSet) {
if ((grantSet != null && grantSet.IsUnrestricted()) && (deniedSet == null || deniedSet.IsEmpty())) {
return -1;
}
else {
SecurityPermission securityPermission = null;
#pragma warning disable 618
SecurityPermissionFlag securityPermissionFlags = SecurityPermissionFlag.NoFlags;
#pragma warning restore 618
ReflectionPermission reflectionPermission = null;
ReflectionPermissionFlag reflectionPermissionFlags = ReflectionPermissionFlag.NoFlags;
CodeAccessPermission[] specialPermissions = new CodeAccessPermission[6];
if (grantSet != null) {
if (grantSet.IsUnrestricted()) {
securityPermissionFlags = SecurityPermissionFlag.AllFlags;
reflectionPermissionFlags = ReflectionPermission.AllFlagsAndMore;
for (int i = 0; i < specialPermissions.Length; i++) {
specialPermissions[i] = s_UnrestrictedSpecialPermissionMap[i];
}
}
else {
securityPermission = grantSet.GetPermission(BuiltInPermissionIndex.SecurityPermissionIndex) as SecurityPermission;
if (securityPermission != null)
securityPermissionFlags = securityPermission.Flags;
reflectionPermission = grantSet.GetPermission(BuiltInPermissionIndex.ReflectionPermissionIndex) as ReflectionPermission;
if (reflectionPermission != null)
reflectionPermissionFlags = reflectionPermission.Flags;
for (int i = 0; i < specialPermissions.Length; i++) {
specialPermissions[i] = grantSet.GetPermission(s_BuiltInPermissionIndexMap[i][0]) as CodeAccessPermission;
}
}
}
if (deniedSet != null) {
if (deniedSet.IsUnrestricted()) {
securityPermissionFlags = SecurityPermissionFlag.NoFlags;
reflectionPermissionFlags = ReflectionPermissionFlag.NoFlags;
for (int i = 0; i < s_BuiltInPermissionIndexMap.Length; i++) {
specialPermissions[i] = null;
}
}
else {
securityPermission = deniedSet.GetPermission(BuiltInPermissionIndex.SecurityPermissionIndex) as SecurityPermission;
if (securityPermission != null)
securityPermissionFlags &= ~securityPermission.Flags;
reflectionPermission = deniedSet.GetPermission(BuiltInPermissionIndex.ReflectionPermissionIndex) as ReflectionPermission;
if (reflectionPermission != null)
reflectionPermissionFlags &= ~reflectionPermission.Flags;
for (int i = 0; i < s_BuiltInPermissionIndexMap.Length; i++) {
CodeAccessPermission deniedSpecialPermission = deniedSet.GetPermission(s_BuiltInPermissionIndexMap[i][0]) as CodeAccessPermission;
if (deniedSpecialPermission != null && !deniedSpecialPermission.IsSubsetOf(null))
specialPermissions[i] = null; // we don't care about the exact value here.
}
}
}
int flags = MapToSpecialFlags(securityPermissionFlags, reflectionPermissionFlags);
if (flags != -1) {
for (int i = 0; i < specialPermissions.Length; i++) {
if (specialPermissions[i] != null && ((IUnrestrictedPermission) specialPermissions[i]).IsUnrestricted())
flags |= (1 << (int) s_BuiltInPermissionIndexMap[i][1]);
}
}
return flags;
}
}
internal static IPermission CheckPermissionSet (AppDomain ad, PermissionSet ps)
{
if ((ps == null) || ps.IsEmpty ())
return null;
PermissionSet granted = ad.GrantedPermissionSet;
if (granted == null)
return null;
if (granted.IsUnrestricted ())
return null;
if (ps.IsUnrestricted ())
return new SecurityPermission (SecurityPermissionFlag.NoFlags);
foreach (IPermission p in ps) {
if (p is CodeAccessPermission) {
CodeAccessPermission grant = (CodeAccessPermission) granted.GetPermission (p.GetType ());
if (grant == null) {
if (!granted.IsUnrestricted () || !(p is IUnrestrictedPermission)) {
if (!p.IsSubsetOf (null))
return p;
}
} else if (!p.IsSubsetOf (grant)) {
return p;
}
} else {
// but non-CAS will throw on failure...
try {
p.Demand ();
}
catch (SecurityException) {
// ... so we catch
return p;
}
}
}
return null;
}
internal bool CheckSetDemand2(PermissionSet demandSet, out PermissionSet alteredDemandSet, RuntimeMethodHandleInternal rmh, bool fDeclarative)
{
alteredDemandSet = null;
if ((demandSet == null) || demandSet.IsEmpty())
{
return(false);
}
if (this.GetPermitOnly(fDeclarative) != null)
{
this.GetPermitOnly(fDeclarative).CheckDecoded(demandSet);
}
if (this.GetDenials(fDeclarative) != null)
{
this.GetDenials(fDeclarative).CheckDecoded(demandSet);
}
if (this.GetAssertions(fDeclarative) != null)
{
this.GetAssertions(fDeclarative).CheckDecoded(demandSet);
}
bool flag = SecurityManager._SetThreadSecurity(false);
try
{
PermissionSet permitOnly = this.GetPermitOnly(fDeclarative);
if (permitOnly != null)
{
IPermission firstPermThatFailed = null;
bool flag2 = true;
try
{
flag2 = !demandSet.CheckPermitOnly(permitOnly, out firstPermThatFailed);
}
catch (ArgumentException)
{
}
if (flag2)
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"), null, permitOnly, SecurityRuntime.GetMethodInfo(rmh), demandSet, firstPermThatFailed);
}
}
permitOnly = this.GetDenials(fDeclarative);
if (permitOnly != null)
{
IPermission permission2 = null;
bool flag3 = true;
try
{
flag3 = !demandSet.CheckDeny(permitOnly, out permission2);
}
catch (ArgumentException)
{
}
if (flag3)
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"), permitOnly, null, SecurityRuntime.GetMethodInfo(rmh), demandSet, permission2);
}
}
if (this.GetAssertAllPossible())
{
return(false);
}
permitOnly = this.GetAssertions(fDeclarative);
if (permitOnly != null)
{
if (demandSet.CheckAssertion(permitOnly))
{
return(false);
}
if (!permitOnly.IsUnrestricted())
{
PermissionSet.RemoveAssertedPermissionSet(demandSet, permitOnly, out alteredDemandSet);
}
}
}
finally
{
if (flag)
{
SecurityManager._SetThreadSecurity(true);
}
}
return(true);
}
// Token: 0x06001E28 RID: 7720 RVA: 0x0006948C File Offset: 0x0006768C
internal static int GetSpecialFlags(PermissionSet grantSet, PermissionSet deniedSet)
{
if (grantSet != null && grantSet.IsUnrestricted() && (deniedSet == null || deniedSet.IsEmpty()))
{
return(-1);
}
SecurityPermissionFlag securityPermissionFlag = SecurityPermissionFlag.NoFlags;
ReflectionPermissionFlag reflectionPermissionFlag = ReflectionPermissionFlag.NoFlags;
CodeAccessPermission[] array = new CodeAccessPermission[6];
if (grantSet != null)
{
if (grantSet.IsUnrestricted())
{
securityPermissionFlag = SecurityPermissionFlag.AllFlags;
reflectionPermissionFlag = (ReflectionPermissionFlag.TypeInformation | ReflectionPermissionFlag.MemberAccess | ReflectionPermissionFlag.ReflectionEmit | ReflectionPermissionFlag.RestrictedMemberAccess);
for (int i = 0; i < array.Length; i++)
{
array[i] = SecurityManager.s_UnrestrictedSpecialPermissionMap[i];
}
}
else
{
SecurityPermission securityPermission = grantSet.GetPermission(6) as SecurityPermission;
if (securityPermission != null)
{
securityPermissionFlag = securityPermission.Flags;
}
ReflectionPermission reflectionPermission = grantSet.GetPermission(4) as ReflectionPermission;
if (reflectionPermission != null)
{
reflectionPermissionFlag = reflectionPermission.Flags;
}
for (int j = 0; j < array.Length; j++)
{
array[j] = (grantSet.GetPermission(SecurityManager.s_BuiltInPermissionIndexMap[j][0]) as CodeAccessPermission);
}
}
}
if (deniedSet != null)
{
if (deniedSet.IsUnrestricted())
{
securityPermissionFlag = SecurityPermissionFlag.NoFlags;
reflectionPermissionFlag = ReflectionPermissionFlag.NoFlags;
for (int k = 0; k < SecurityManager.s_BuiltInPermissionIndexMap.Length; k++)
{
array[k] = null;
}
}
else
{
SecurityPermission securityPermission = deniedSet.GetPermission(6) as SecurityPermission;
if (securityPermission != null)
{
securityPermissionFlag &= ~securityPermission.Flags;
}
ReflectionPermission reflectionPermission = deniedSet.GetPermission(4) as ReflectionPermission;
if (reflectionPermission != null)
{
reflectionPermissionFlag &= ~reflectionPermission.Flags;
}
for (int l = 0; l < SecurityManager.s_BuiltInPermissionIndexMap.Length; l++)
{
CodeAccessPermission codeAccessPermission = deniedSet.GetPermission(SecurityManager.s_BuiltInPermissionIndexMap[l][0]) as CodeAccessPermission;
if (codeAccessPermission != null && !codeAccessPermission.IsSubsetOf(null))
{
array[l] = null;
}
}
}
}
int num = SecurityManager.MapToSpecialFlags(securityPermissionFlag, reflectionPermissionFlag);
if (num != -1)
{
for (int m = 0; m < array.Length; m++)
{
if (array[m] != null && ((IUnrestrictedPermission)array[m]).IsUnrestricted())
{
num |= 1 << SecurityManager.s_BuiltInPermissionIndexMap[m][1];
}
}
}
return(num);
}
[System.Security.SecurityCritical] // auto-generated
internal bool CheckSetDemand2(PermissionSet demandSet,
out PermissionSet alteredDemandSet,
RuntimeMethodHandleInternal rmh, bool fDeclarative)
{
PermissionSet permSet;
// In the common case we are not going to alter the demand set, so just to
// be safe we'll set it to null up front.
alteredDemandSet = null;
// There's some oddness in here to deal with exceptions. The general idea behind
// this is that we need some way of dealing with custom permissions that may not
// handle all possible scenarios of Union(), Intersect(), and IsSubsetOf() properly
// (they don't support it, throw null reference exceptions, etc.).
// An empty demand always succeeds.
if (demandSet == null || demandSet.IsEmpty())
return SecurityRuntime.StackHalt;
if (GetPermitOnly(fDeclarative) != null)
GetPermitOnly(fDeclarative).CheckDecoded( demandSet );
if (GetDenials(fDeclarative) != null)
GetDenials(fDeclarative).CheckDecoded( demandSet );
if (GetAssertions(fDeclarative) != null)
GetAssertions(fDeclarative).CheckDecoded( demandSet );
bool bThreadSecurity = SecurityManager._SetThreadSecurity(false);
try
{
// In the case of permit only, we define an exception to be failure of the check
// and therefore we throw a security exception.
permSet = GetPermitOnly(fDeclarative);
if (permSet != null)
{
IPermission permFailed = null;
bool bNeedToThrow = true;
try
{
bNeedToThrow = !demandSet.CheckPermitOnly(permSet, out permFailed);
}
catch (ArgumentException)
{
}
if (bNeedToThrow)
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"), null, permSet, SecurityRuntime.GetMethodInfo(rmh), demandSet, permFailed);
}
// In the case of denial, we define an exception to be failure of the check
// and therefore we throw a security exception.
permSet = GetDenials(fDeclarative);
if (permSet != null)
{
IPermission permFailed = null;
bool bNeedToThrow = true;
try
{
bNeedToThrow = !demandSet.CheckDeny(permSet, out permFailed);
}
catch (ArgumentException)
{
}
if (bNeedToThrow)
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"), permSet, null, SecurityRuntime.GetMethodInfo(rmh), demandSet, permFailed);
}
// The assert case is more complex. Since asserts have the ability to "bleed through"
// (where part of a demand is handled by an assertion, but the rest is passed on to
// continue the stackwalk), we need to be more careful in handling the "failure" case.
// Therefore, if an exception is thrown in performing any operation, we make sure to keep
// that permission in the demand set thereby continuing the demand for that permission
// walking down the stack.
if (GetAssertAllPossible())
{
return SecurityRuntime.StackHalt;
}
permSet = GetAssertions(fDeclarative);
if (permSet != null)
{
// If this frame asserts a superset of the demand set we're done
if (demandSet.CheckAssertion( permSet ))
return SecurityRuntime.StackHalt;
// Determine whether any of the demand set asserted. We do this by
// copying the demand set and removing anything in it that is asserted.
if (!permSet.IsUnrestricted())
{
PermissionSet.RemoveAssertedPermissionSet(demandSet, permSet, out alteredDemandSet);
}
}
}
finally
{
if (bThreadSecurity)
SecurityManager._SetThreadSecurity(true);
}
return SecurityRuntime.StackContinue;
}
private static bool FrameDescSetHelper(FrameSecurityDescriptor secDesc,
PermissionSet demandSet,
out PermissionSet alteredDemandSet)
{
PermissionSet permSet;
// In the common case we are not going to alter the demand set, so just to
// be safe we'll set it to null up front.
// There's some oddness in here to deal with exceptions. The general idea behind
// this is that we need some way of dealing with custom permissions that may not
// handle all possible scenarios of Union(), Intersect(), and IsSubsetOf() properly
// (they don't support it, throw null reference exceptions, etc.).
alteredDemandSet = null;
// An empty demand always succeeds.
if (demandSet == null || demandSet.IsEmpty())
return StackHalt;
// In the case of permit only, we define an exception to be failure of the check
// and therefore we throw a security exception.
try
{
permSet = secDesc.GetPermitOnly();
if (permSet != null)
{
if (!demandSet.IsSubsetOf(permSet))
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"));
}
}
}
catch (Exception)
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"));
}
// In the case of denial, we define an exception to be failure of the check
// and therefore we throw a security exception.
try
{
permSet = secDesc.GetDenials();
#if _DEBUG
if (debug)
{
DEBUG_OUT("Checking Denials");
DEBUG_OUT("denials set =\n" + permSet.ToXml().ToString() );
DEBUG_OUT("demandSet =\n" + demandSet.ToXml().ToString() );
}
#endif
if (permSet != null)
{
PermissionSet intersection = demandSet.Intersect(permSet);
if (intersection != null && !intersection.IsEmpty())
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"));
}
}
}
catch (Exception)
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"));
}
// The assert case is more complex. Since asserts have the ability to "bleed through"
// (where part of a demand is handled by an assertion, but the rest is passed on to
// continue the stackwalk), we need to be more careful in handling the "failure" case.
// Therefore, if an exception is thrown in performing any operation, we make sure to keep
// that permission in the demand set thereby continuing the demand for that permission
// walking down the stack.
if (secDesc.GetAssertAllPossible())
{
return StackHalt;
}
permSet = secDesc.GetAssertions();
if (permSet != null)
{
// If this frame asserts a superset of the demand set we're done
try
{
if (demandSet.IsSubsetOf( permSet ))
return StackHalt;
}
catch (Exception)
{
}
// Determine whether any of the demand set asserted. We do this by
// copying the demand set and removing anything in it that is asserted.
if (!permSet.IsUnrestricted())
{
PermissionSetEnumerator enumerator = (PermissionSetEnumerator)demandSet.GetEnumerator();
while (enumerator.MoveNext())
{
IPermission perm
= (IPermission)enumerator.Current;
int i = enumerator.GetCurrentIndex();
if (perm != null)
{
bool unrestricted = perm is System.Security.Permissions.IUnrestrictedPermission;
IPermission assertPerm
= (IPermission)permSet.GetPermission(i, unrestricted);
bool removeFromAlteredDemand = false;
try
{
removeFromAlteredDemand = perm.IsSubsetOf(assertPerm);
}
catch (Exception)
{
}
if (removeFromAlteredDemand)
{
if (alteredDemandSet == null)
alteredDemandSet = demandSet.Copy();
alteredDemandSet.RemovePermission(i, unrestricted);
}
}
}
}
}
return StackContinue;
}
public bool CheckSetDemandInternal(PermissionSet permSet, out Exception exception, bool bNeedAlteredSet, out PermissionSet alteredSet)
{
alteredSet = null;
BCLDebug.Assert(permSet != null, "permSet != null");
// If the compressed stack is not unrestricted and the demand is
// then we just throw an exception.
if (!this.m_unrestricted && permSet.IsUnrestricted())
{
exception = new SecurityException(Environment.GetResourceString("Security_GenericNoType") );
return false;
}
TokenBasedSet normalAlteredSet = null;
TokenBasedSet unrestrictedAlteredSet = null;
// Check the "normal" permissions since we always know we have to check them.
bool normalContinue = CheckTokenBasedSets( this.m_normalPermSet, permSet.m_normalPermSet, false, PermissionListSetState.None, out exception, bNeedAlteredSet, out normalAlteredSet );
if (exception != null)
{
return false;
}
bool unrestrictedContinue = CheckTokenBasedSets( this.m_unrestrictedPermSet, permSet.m_unrestrictedPermSet, m_unrestricted, m_state, out exception, bNeedAlteredSet, out unrestrictedAlteredSet );
if (exception != null)
{
return false;
}
if ((m_state & PermissionListSetState.UnrestrictedAssert) != 0)
{
// If we are unrestricted, we want to terminate the stack walk based
// on us having an unrestricted assert.
if (bNeedAlteredSet)
unrestrictedAlteredSet = new TokenBasedSet( 1, 4 );
unrestrictedContinue = false;
}
if (normalContinue || unrestrictedContinue)
{
if (!bNeedAlteredSet)
return true;
// If we need to continue, let's build the altered set. We only
// need to do this if 1) our original demand is not unrestricted
// and 2) if we have altered token based sets.
if (!permSet.IsUnrestricted())
{
if (normalAlteredSet != null || unrestrictedAlteredSet != null)
{
alteredSet = new PermissionSet( false );
if (normalAlteredSet != null)
alteredSet.m_normalPermSet = normalAlteredSet;
else
alteredSet.m_normalPermSet = CopyTokenBasedSet( permSet.m_normalPermSet );
if (unrestrictedAlteredSet != null)
alteredSet.m_unrestrictedPermSet = unrestrictedAlteredSet;
else
alteredSet.m_unrestrictedPermSet = CopyTokenBasedSet( permSet.m_unrestrictedPermSet );
if (alteredSet.IsEmpty())
return false;
}
}
return true;
}
else
{
return false;
}
}
// Returns a permission set containing only CAS-permissions. If possible
// this is just the input set, otherwise a new set is allocated.
private PermissionSet GetCasOnlySet()
{
if (!m_ContainsNonCas)
return this;
if (IsUnrestricted())
return this;
PermissionSet pset = new PermissionSet(false);
PermissionSetEnumeratorInternal enumerator = new PermissionSetEnumeratorInternal(this);
while (enumerator.MoveNext())
{
IPermission perm = (IPermission)enumerator.Current;
if (perm is CodeAccessPermission)
pset.AddPermission(perm);
}
pset.m_CheckedForNonCas = true;
pset.m_ContainsCas = !pset.IsEmpty();
pset.m_ContainsNonCas = false;
return pset;
}
internal static int GetSpecialFlags(PermissionSet grantSet, PermissionSet deniedSet)
{
if ((grantSet != null && grantSet.IsUnrestricted()) && (deniedSet == null || deniedSet.IsEmpty()))
{
return(-1);
}
else
{
SecurityPermission securityPermission = null;
#pragma warning disable 618
SecurityPermissionFlag securityPermissionFlags = SecurityPermissionFlag.NoFlags;
#pragma warning restore 618
ReflectionPermission reflectionPermission = null;
ReflectionPermissionFlag reflectionPermissionFlags = ReflectionPermissionFlag.NoFlags;
CodeAccessPermission[] specialPermissions = new CodeAccessPermission[6];
if (grantSet != null)
{
if (grantSet.IsUnrestricted())
{
#pragma warning disable 618
securityPermissionFlags = SecurityPermissionFlag.AllFlags;
#pragma warning restore 618
reflectionPermissionFlags = ReflectionPermission.AllFlagsAndMore;
for (int i = 0; i < specialPermissions.Length; i++)
{
specialPermissions[i] = s_UnrestrictedSpecialPermissionMap[i];
}
}
else
{
securityPermission = grantSet.GetPermission(BuiltInPermissionIndex.SecurityPermissionIndex) as SecurityPermission;
if (securityPermission != null)
{
securityPermissionFlags = securityPermission.Flags;
}
reflectionPermission = grantSet.GetPermission(BuiltInPermissionIndex.ReflectionPermissionIndex) as ReflectionPermission;
if (reflectionPermission != null)
{
reflectionPermissionFlags = reflectionPermission.Flags;
}
for (int i = 0; i < specialPermissions.Length; i++)
{
specialPermissions[i] = grantSet.GetPermission(s_BuiltInPermissionIndexMap[i][0]) as CodeAccessPermission;
}
}
}
if (deniedSet != null)
{
if (deniedSet.IsUnrestricted())
{
#pragma warning disable 618
securityPermissionFlags = SecurityPermissionFlag.NoFlags;
#pragma warning restore 618
reflectionPermissionFlags = ReflectionPermissionFlag.NoFlags;
for (int i = 0; i < s_BuiltInPermissionIndexMap.Length; i++)
{
specialPermissions[i] = null;
}
}
else
{
securityPermission = deniedSet.GetPermission(BuiltInPermissionIndex.SecurityPermissionIndex) as SecurityPermission;
if (securityPermission != null)
{
securityPermissionFlags &= ~securityPermission.Flags;
}
reflectionPermission = deniedSet.GetPermission(BuiltInPermissionIndex.ReflectionPermissionIndex) as ReflectionPermission;
if (reflectionPermission != null)
{
reflectionPermissionFlags &= ~reflectionPermission.Flags;
}
for (int i = 0; i < s_BuiltInPermissionIndexMap.Length; i++)
{
CodeAccessPermission deniedSpecialPermission = deniedSet.GetPermission(s_BuiltInPermissionIndexMap[i][0]) as CodeAccessPermission;
if (deniedSpecialPermission != null && !deniedSpecialPermission.IsSubsetOf(null))
{
specialPermissions[i] = null; // we don't care about the exact value here.
}
}
}
}
int flags = MapToSpecialFlags(securityPermissionFlags, reflectionPermissionFlags);
if (flags != -1)
{
for (int i = 0; i < specialPermissions.Length; i++)
{
if (specialPermissions[i] != null && ((IUnrestrictedPermission)specialPermissions[i]).IsUnrestricted())
{
flags |= (1 << (int)s_BuiltInPermissionIndexMap[i][1]);
}
}
}
return(flags);
}
}
public bool IsSubsetOf (PermissionSet target)
{
// if target is empty we must be empty too
if ((target == null) || (target.IsEmpty ()))
return this.IsEmpty ();
// all permissions support unrestricted in 2.0
if (target.IsUnrestricted ())
return true;
if (this.IsUnrestricted ())
return false;
if (this.IsUnrestricted () && ((target == null) || !target.IsUnrestricted ()))
return false;
// if each of our permission is (a) present and (b) a subset of target
foreach (IPermission p in list) {
// non CAS permissions must be evaluated for unrestricted
Type t = p.GetType ();
IPermission i = null;
if (target.IsUnrestricted () && (p is CodeAccessPermission) && (p is IUnrestrictedPermission)) {
i = (IPermission) Activator.CreateInstance (t, psUnrestricted);
} else {
i = target.GetPermission (t);
}
if (!p.IsSubsetOf (i))
return false; // not a subset (condition b)
}
return true;
}
public void AddPermission_NonCasPermissionUnrestricted ()
{
PermissionSet ps = new PermissionSet (PermissionState.None);
ps.AddPermission (new PrincipalPermission (PermissionState.Unrestricted));
Assert.AreEqual (1, ps.Count, "Count");
Assert.IsTrue (!ps.IsEmpty (), "IsEmpty");
}
public PermissionSet Intersect (PermissionSet other)
{
// no intersection possible
if ((other == null) || (other.IsEmpty ()) || (this.IsEmpty ()))
return null;
PermissionState state = PermissionState.None;
if (this.IsUnrestricted () && other.IsUnrestricted ())
state = PermissionState.Unrestricted;
PermissionSet interSet = null;
// much simpler with 2.0
if (state == PermissionState.Unrestricted) {
interSet = new PermissionSet (state);
} else if (this.IsUnrestricted ()) {
interSet = other.Copy ();
} else if (other.IsUnrestricted ()) {
interSet = this.Copy ();
} else {
interSet = new PermissionSet (state);
InternalIntersect (interSet, this, other, false);
}
return interSet;
}
internal static IPermission CheckPermissionSet(AppDomain ad, PermissionSet ps)
{
if ((ps == null) || ps.IsEmpty())
{
return(null);
}
PermissionSet granted = ad.GrantedPermissionSet;
if (granted == null)
{
return(null);
}
#if NET_2_0
if (granted.IsUnrestricted())
{
return(null);
}
#else
if ((granted.Count == 0) && granted.IsUnrestricted())
{
return(null);
}
#endif
if (ps.IsUnrestricted())
{
return(new SecurityPermission(SecurityPermissionFlag.NoFlags));
}
foreach (IPermission p in ps)
{
if (p is CodeAccessPermission)
{
CodeAccessPermission grant = (CodeAccessPermission)granted.GetPermission(p.GetType());
if (grant == null)
{
if (!granted.IsUnrestricted() || !(p is IUnrestrictedPermission))
{
if (!p.IsSubsetOf(null))
{
return(p);
}
}
}
else if (!p.IsSubsetOf(grant))
{
return(p);
}
}
else
{
// but non-CAS will throw on failure...
try {
p.Demand();
}
catch (SecurityException) {
// ... so we catch
return(p);
}
}
}
return(null);
}
private static void CheckSetHelper(PermissionSet grants,
PermissionSet denied,
PermissionSet demands)
{
#if _DEBUG
if (debug)
{
DEBUG_OUT("Granted: ");
DEBUG_OUT(grants.ToXml().ToString());
DEBUG_OUT("Denied: ");
DEBUG_OUT(denied!=null ? denied.ToXml().ToString() : "<null>");
DEBUG_OUT("Demanded: ");
DEBUG_OUT(demands!=null ? demands.ToXml().ToString() : "<null>");
}
#endif
if (demands == null || demands.IsEmpty())
return; // demanding the empty set always passes.
if (grants == null)
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"));
}
if (!grants.IsUnrestricted() || (denied != null))
{
if (demands.IsUnrestricted())
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"));
}
CheckTokenBasedSetHelper( grants.IsUnrestricted(), grants.m_unrestrictedPermSet, denied != null ? denied.m_unrestrictedPermSet : null, demands.m_unrestrictedPermSet );
}
CheckTokenBasedSetHelper( false, grants.m_normalPermSet, denied != null ? denied.m_normalPermSet : null, demands.m_normalPermSet );
}
public void IsEmpty_None ()
{
PermissionSet ps = new PermissionSet (PermissionState.None);
Assert.IsTrue (ps.IsEmpty (), "Empty.IsEmpty");
ps.AddPermission (new ZoneIdentityPermission (SecurityZone.NoZone));
Assert.AreEqual (1, ps.Count, "Count==1");
Assert.IsTrue (ps.IsEmpty ()); // yes empty!, "Zip.IsEmpty");
}
internal static int GetSpecialFlags(PermissionSet grantSet, PermissionSet deniedSet)
{
if (((grantSet != null) && grantSet.IsUnrestricted()) && ((deniedSet == null) || deniedSet.IsEmpty()))
{
return -1;
}
SecurityPermission permission = null;
SecurityPermissionFlag noFlags = SecurityPermissionFlag.NoFlags;
ReflectionPermission permission2 = null;
ReflectionPermissionFlag reflectionPermissionFlags = ReflectionPermissionFlag.NoFlags;
CodeAccessPermission[] permissionArray = new CodeAccessPermission[6];
if (grantSet != null)
{
if (grantSet.IsUnrestricted())
{
noFlags = SecurityPermissionFlag.AllFlags;
reflectionPermissionFlags = ReflectionPermissionFlag.RestrictedMemberAccess | ReflectionPermissionFlag.AllFlags;
for (int i = 0; i < permissionArray.Length; i++)
{
permissionArray[i] = s_UnrestrictedSpecialPermissionMap[i];
}
}
else
{
permission = grantSet.GetPermission(6) as SecurityPermission;
if (permission != null)
{
noFlags = permission.Flags;
}
permission2 = grantSet.GetPermission(4) as ReflectionPermission;
if (permission2 != null)
{
reflectionPermissionFlags = permission2.Flags;
}
for (int j = 0; j < permissionArray.Length; j++)
{
permissionArray[j] = grantSet.GetPermission(s_BuiltInPermissionIndexMap[j][0]) as CodeAccessPermission;
}
}
}
if (deniedSet != null)
{
if (deniedSet.IsUnrestricted())
{
noFlags = SecurityPermissionFlag.NoFlags;
reflectionPermissionFlags = ReflectionPermissionFlag.NoFlags;
for (int k = 0; k < s_BuiltInPermissionIndexMap.Length; k++)
{
permissionArray[k] = null;
}
}
else
{
permission = deniedSet.GetPermission(6) as SecurityPermission;
if (permission != null)
{
noFlags &= ~permission.Flags;
}
permission2 = deniedSet.GetPermission(4) as ReflectionPermission;
if (permission2 != null)
{
reflectionPermissionFlags &= ~permission2.Flags;
}
for (int m = 0; m < s_BuiltInPermissionIndexMap.Length; m++)
{
CodeAccessPermission permission3 = deniedSet.GetPermission(s_BuiltInPermissionIndexMap[m][0]) as CodeAccessPermission;
if ((permission3 != null) && !permission3.IsSubsetOf(null))
{
permissionArray[m] = null;
}
}
}
}
int num5 = MapToSpecialFlags(noFlags, reflectionPermissionFlags);
if (num5 != -1)
{
for (int n = 0; n < permissionArray.Length; n++)
{
if ((permissionArray[n] != null) && ((IUnrestrictedPermission) permissionArray[n]).IsUnrestricted())
{
num5 |= ((int) 1) << s_BuiltInPermissionIndexMap[n][1];
}
}
}
return num5;
}
internal static IPermission CheckPermissionSet (Assembly a, PermissionSet ps, bool noncas)
{
if (ps.IsEmpty ())
return null;
foreach (IPermission p in ps) {
// note: this may contains non CAS permissions
if ((!noncas) && (p is CodeAccessPermission)) {
if (!IsGranted (a, p))
return p;
} else {
// but non-CAS will throw on failure...
try {
p.Demand ();
}
catch (SecurityException) {
// ... so we catch
return p;
}
}
}
return null;
}
public bool IsSubsetOf (PermissionSet target)
{
// if target is empty we must be empty too
if ((target == null) || (target.IsEmpty ()))
return this.IsEmpty ();
// all permissions support unrestricted in 2.0
if (target.IsUnrestricted ())
return true;
if (this.IsUnrestricted ())
return false;
[System.Security.SecurityCritical] // auto-generated
internal bool CheckSetDemand2(PermissionSet demandSet,
out PermissionSet alteredDemandSet,
RuntimeMethodHandleInternal rmh, bool fDeclarative)
{
PermissionSet permSet;
// In the common case we are not going to alter the demand set, so just to
// be safe we'll set it to null up front.
alteredDemandSet = null;
// There's some oddness in here to deal with exceptions. The general idea behind
// this is that we need some way of dealing with custom permissions that may not
// handle all possible scenarios of Union(), Intersect(), and IsSubsetOf() properly
// (they don't support it, throw null reference exceptions, etc.).
// An empty demand always succeeds.
if (demandSet == null || demandSet.IsEmpty())
{
return(SecurityRuntime.StackHalt);
}
if (GetPermitOnly(fDeclarative) != null)
{
GetPermitOnly(fDeclarative).CheckDecoded(demandSet);
}
if (GetDenials(fDeclarative) != null)
{
GetDenials(fDeclarative).CheckDecoded(demandSet);
}
if (GetAssertions(fDeclarative) != null)
{
GetAssertions(fDeclarative).CheckDecoded(demandSet);
}
bool bThreadSecurity = SecurityManager._SetThreadSecurity(false);
try
{
// In the case of permit only, we define an exception to be failure of the check
// and therefore we throw a security exception.
permSet = GetPermitOnly(fDeclarative);
if (permSet != null)
{
IPermission permFailed = null;
bool bNeedToThrow = true;
try
{
bNeedToThrow = !demandSet.CheckPermitOnly(permSet, out permFailed);
}
catch (ArgumentException)
{
}
if (bNeedToThrow)
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"), null, permSet, SecurityRuntime.GetMethodInfo(rmh), demandSet, permFailed);
}
}
// In the case of denial, we define an exception to be failure of the check
// and therefore we throw a security exception.
permSet = GetDenials(fDeclarative);
if (permSet != null)
{
IPermission permFailed = null;
bool bNeedToThrow = true;
try
{
bNeedToThrow = !demandSet.CheckDeny(permSet, out permFailed);
}
catch (ArgumentException)
{
}
if (bNeedToThrow)
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"), permSet, null, SecurityRuntime.GetMethodInfo(rmh), demandSet, permFailed);
}
}
// The assert case is more complex. Since asserts have the ability to "bleed through"
// (where part of a demand is handled by an assertion, but the rest is passed on to
// continue the stackwalk), we need to be more careful in handling the "failure" case.
// Therefore, if an exception is thrown in performing any operation, we make sure to keep
// that permission in the demand set thereby continuing the demand for that permission
// walking down the stack.
if (GetAssertAllPossible())
{
return(SecurityRuntime.StackHalt);
}
permSet = GetAssertions(fDeclarative);
if (permSet != null)
{
// If this frame asserts a superset of the demand set we're done
if (demandSet.CheckAssertion(permSet))
{
return(SecurityRuntime.StackHalt);
}
// Determine whether any of the demand set asserted. We do this by
// copying the demand set and removing anything in it that is asserted.
if (!permSet.IsUnrestricted())
{
PermissionSet.RemoveAssertedPermissionSet(demandSet, permSet, out alteredDemandSet);
}
}
}
finally
{
if (bThreadSecurity)
{
SecurityManager._SetThreadSecurity(true);
}
}
return(SecurityRuntime.StackContinue);
}
internal static int GetSpecialFlags(PermissionSet grantSet, PermissionSet deniedSet)
{
if (grantSet != null && grantSet.IsUnrestricted() && (deniedSet == null || deniedSet.IsEmpty()))
{
return(-1);
}
SecurityPermissionFlag securityPermissionFlags = SecurityPermissionFlag.NoFlags;
ReflectionPermissionFlag reflectionPermissionFlags = ReflectionPermissionFlag.NoFlags;
CodeAccessPermission[] accessPermissionArray = new CodeAccessPermission[6];
if (grantSet != null)
{
if (grantSet.IsUnrestricted())
{
securityPermissionFlags = SecurityPermissionFlag.AllFlags;
reflectionPermissionFlags = ReflectionPermissionFlag.AllFlags | ReflectionPermissionFlag.RestrictedMemberAccess;
for (int index = 0; index < accessPermissionArray.Length; ++index)
{
accessPermissionArray[index] = SecurityManager.s_UnrestrictedSpecialPermissionMap[index];
}
}
else
{
SecurityPermission securityPermission = grantSet.GetPermission(6) as SecurityPermission;
if (securityPermission != null)
{
securityPermissionFlags = securityPermission.Flags;
}
ReflectionPermission reflectionPermission = grantSet.GetPermission(4) as ReflectionPermission;
if (reflectionPermission != null)
{
reflectionPermissionFlags = reflectionPermission.Flags;
}
for (int index = 0; index < accessPermissionArray.Length; ++index)
{
accessPermissionArray[index] = grantSet.GetPermission(SecurityManager.s_BuiltInPermissionIndexMap[index][0]) as CodeAccessPermission;
}
}
}
if (deniedSet != null)
{
if (deniedSet.IsUnrestricted())
{
securityPermissionFlags = SecurityPermissionFlag.NoFlags;
reflectionPermissionFlags = ReflectionPermissionFlag.NoFlags;
for (int index = 0; index < SecurityManager.s_BuiltInPermissionIndexMap.Length; ++index)
{
accessPermissionArray[index] = (CodeAccessPermission)null;
}
}
else
{
SecurityPermission securityPermission = deniedSet.GetPermission(6) as SecurityPermission;
if (securityPermission != null)
{
securityPermissionFlags &= ~securityPermission.Flags;
}
ReflectionPermission reflectionPermission = deniedSet.GetPermission(4) as ReflectionPermission;
if (reflectionPermission != null)
{
reflectionPermissionFlags &= ~reflectionPermission.Flags;
}
for (int index = 0; index < SecurityManager.s_BuiltInPermissionIndexMap.Length; ++index)
{
CodeAccessPermission accessPermission = deniedSet.GetPermission(SecurityManager.s_BuiltInPermissionIndexMap[index][0]) as CodeAccessPermission;
if (accessPermission != null && !accessPermission.IsSubsetOf((IPermission)null))
{
accessPermissionArray[index] = (CodeAccessPermission)null;
}
}
}
}
int specialFlags = SecurityManager.MapToSpecialFlags(securityPermissionFlags, reflectionPermissionFlags);
if (specialFlags != -1)
{
for (int index = 0; index < accessPermissionArray.Length; ++index)
{
if (accessPermissionArray[index] != null && ((IUnrestrictedPermission)accessPermissionArray[index]).IsUnrestricted())
{
specialFlags |= 1 << SecurityManager.s_BuiltInPermissionIndexMap[index][1];
}
}
}
return(specialFlags);
}
