|
public RemovePermission ( |
||
| permClass | ||
| return | IPermission | |
public void RemovePermission_Unrestricted ()
{
PermissionSet ps = new PermissionSet (PermissionState.Unrestricted);
Assert.IsNull (ps.RemovePermission (typeof (SecurityPermission)), "Empty");
SecurityPermission sp = new SecurityPermission (SecurityPermissionFlag.Assertion);
ps.AddPermission (sp);
Assert.IsNull (ps.RemovePermission (typeof (SecurityPermission)), "SecurityPermissionn");
ZoneIdentityPermission zip = new ZoneIdentityPermission (SecurityZone.MyComputer);
ps.AddPermission (zip);
ZoneIdentityPermission removed = (ZoneIdentityPermission)ps.RemovePermission (typeof (ZoneIdentityPermission));
#if NET_2_0
// identity permissions aren't added to unrestricted permission sets
// so they cannot be removed later (hence the null)
Assert.IsNull (removed, "ZoneIdentityPermission");
#else
Assert.IsNotNull (removed, "ZoneIdentityPermission");
#endif
}
public void RemovePermission_Null ()
{
PermissionSet ps = new PermissionSet (PermissionState.None);
Assert.IsNull (ps.RemovePermission (null));
}
public void RemovePermission_None ()
{
PermissionSet ps = new PermissionSet (PermissionState.None);
Assert.IsNull (ps.RemovePermission (typeof (SecurityPermission)), "Empty");
SecurityPermission sp = new SecurityPermission (SecurityPermissionFlag.Assertion);
ps.AddPermission (sp);
SecurityPermission removed = (SecurityPermission) ps.RemovePermission (typeof (SecurityPermission));
Assert.IsNotNull (removed, "SecurityPermission");
Assert.AreEqual (sp.Flags, removed.Flags, "Flags");
Assert.IsNull (ps.RemovePermission (typeof (SecurityPermission)), "Empty-Again");
}
internal static void RemoveAssertedPermissionSet(PermissionSet demandSet, PermissionSet assertSet, out PermissionSet alteredDemandSet)
{
Contract.Assert(!assertSet.IsUnrestricted(), "Cannot call this function if assertSet is unrestricted");
alteredDemandSet = null;
PermissionSetEnumeratorInternal enumerator = new PermissionSetEnumeratorInternal(demandSet);
while (enumerator.MoveNext())
{
CodeAccessPermission demandDerm = (CodeAccessPermission)enumerator.Current;
int i = enumerator.GetCurrentIndex();
if (demandDerm != null)
{
CodeAccessPermission assertPerm
= (CodeAccessPermission)assertSet.GetPermission(i);
try
{
if (demandDerm.CheckAssert(assertPerm))
{
if (alteredDemandSet == null)
alteredDemandSet = demandSet.Copy();
alteredDemandSet.RemovePermission(i);
}
}
catch (ArgumentException)
{
}
}
}
return;
}
private static bool FrameDescSetHelper(FrameSecurityDescriptor secDesc,
PermissionSet demandSet,
out PermissionSet alteredDemandSet)
{
PermissionSet permSet;
// In the common case we are not going to alter the demand set, so just to
// be safe we'll set it to null up front.
// There's some oddness in here to deal with exceptions. The general idea behind
// this is that we need some way of dealing with custom permissions that may not
// handle all possible scenarios of Union(), Intersect(), and IsSubsetOf() properly
// (they don't support it, throw null reference exceptions, etc.).
alteredDemandSet = null;
// An empty demand always succeeds.
if (demandSet == null || demandSet.IsEmpty())
{
return(StackHalt);
}
// In the case of permit only, we define an exception to be failure of the check
// and therefore we throw a security exception.
try
{
permSet = secDesc.GetPermitOnly();
if (permSet != null)
{
if (!demandSet.IsSubsetOf(permSet))
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"));
}
}
}
catch (Exception)
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"));
}
// In the case of denial, we define an exception to be failure of the check
// and therefore we throw a security exception.
try
{
permSet = secDesc.GetDenials();
#if _DEBUG
if (debug)
{
DEBUG_OUT("Checking Denials");
DEBUG_OUT("denials set =\n" + permSet.ToXml().ToString());
DEBUG_OUT("demandSet =\n" + demandSet.ToXml().ToString());
}
#endif
if (permSet != null)
{
PermissionSet intersection = demandSet.Intersect(permSet);
if (intersection != null && !intersection.IsEmpty())
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"));
}
}
}
catch (Exception)
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"));
}
// The assert case is more complex. Since asserts have the ability to "bleed through"
// (where part of a demand is handled by an assertion, but the rest is passed on to
// continue the stackwalk), we need to be more careful in handling the "failure" case.
// Therefore, if an exception is thrown in performing any operation, we make sure to keep
// that permission in the demand set thereby continuing the demand for that permission
// walking down the stack.
if (secDesc.GetAssertAllPossible())
{
return(StackHalt);
}
permSet = secDesc.GetAssertions();
if (permSet != null)
{
// If this frame asserts a superset of the demand set we're done
try
{
if (demandSet.IsSubsetOf(permSet))
{
return(StackHalt);
}
}
catch (Exception)
{
}
// Determine whether any of the demand set asserted. We do this by
// copying the demand set and removing anything in it that is asserted.
if (!permSet.IsUnrestricted())
{
PermissionSetEnumerator enumerator = (PermissionSetEnumerator)demandSet.GetEnumerator();
while (enumerator.MoveNext())
{
IPermission perm
= (IPermission)enumerator.Current;
int i = enumerator.GetCurrentIndex();
if (perm != null)
{
bool unrestricted = perm is System.Security.Permissions.IUnrestrictedPermission;
IPermission assertPerm
= (IPermission)permSet.GetPermission(i, unrestricted);
bool removeFromAlteredDemand = false;
try
{
removeFromAlteredDemand = perm.IsSubsetOf(assertPerm);
}
catch (Exception)
{
}
if (removeFromAlteredDemand)
{
if (alteredDemandSet == null)
{
alteredDemandSet = demandSet.Copy();
}
alteredDemandSet.RemovePermission(i, unrestricted);
}
}
}
}
}
return(StackContinue);
}
internal PermissionSet CopyWithNoIdentityPermissions()
{
// Explicitly make a new PermissionSet, rather than copying, since we may have a
// ReadOnlyPermissionSet which cannot have identity permissions removed from it in a true copy.
PermissionSet copy = new PermissionSet(this);
// There's no easy way to distinguish an identity permission from any other CodeAccessPermission,
// so remove them directly.
#if FEATURE_CAS_POLICY
copy.RemovePermission(typeof(GacIdentityPermission));
#if FEATURE_X509
copy.RemovePermission(typeof(PublisherIdentityPermission));
#endif
copy.RemovePermission(typeof(StrongNameIdentityPermission));
copy.RemovePermission(typeof(UrlIdentityPermission));
copy.RemovePermission(typeof(ZoneIdentityPermission));
#endif // FEATURE_CAS_POLICY
return copy;
}
private static bool FrameDescSetHelper(FrameSecurityDescriptor secDesc,
PermissionSet demandSet,
out PermissionSet alteredDemandSet)
{
PermissionSet permSet;
// In the common case we are not going to alter the demand set, so just to
// be safe we'll set it to null up front.
// There's some oddness in here to deal with exceptions. The general idea behind
// this is that we need some way of dealing with custom permissions that may not
// handle all possible scenarios of Union(), Intersect(), and IsSubsetOf() properly
// (they don't support it, throw null reference exceptions, etc.).
alteredDemandSet = null;
// An empty demand always succeeds.
if (demandSet == null || demandSet.IsEmpty())
return StackHalt;
// In the case of permit only, we define an exception to be failure of the check
// and therefore we throw a security exception.
try
{
permSet = secDesc.GetPermitOnly();
if (permSet != null)
{
if (!demandSet.IsSubsetOf(permSet))
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"));
}
}
}
catch (Exception)
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"));
}
// In the case of denial, we define an exception to be failure of the check
// and therefore we throw a security exception.
try
{
permSet = secDesc.GetDenials();
#if _DEBUG
if (debug)
{
DEBUG_OUT("Checking Denials");
DEBUG_OUT("denials set =\n" + permSet.ToXml().ToString() );
DEBUG_OUT("demandSet =\n" + demandSet.ToXml().ToString() );
}
#endif
if (permSet != null)
{
PermissionSet intersection = demandSet.Intersect(permSet);
if (intersection != null && !intersection.IsEmpty())
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"));
}
}
}
catch (Exception)
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"));
}
// The assert case is more complex. Since asserts have the ability to "bleed through"
// (where part of a demand is handled by an assertion, but the rest is passed on to
// continue the stackwalk), we need to be more careful in handling the "failure" case.
// Therefore, if an exception is thrown in performing any operation, we make sure to keep
// that permission in the demand set thereby continuing the demand for that permission
// walking down the stack.
if (secDesc.GetAssertAllPossible())
{
return StackHalt;
}
permSet = secDesc.GetAssertions();
if (permSet != null)
{
// If this frame asserts a superset of the demand set we're done
try
{
if (demandSet.IsSubsetOf( permSet ))
return StackHalt;
}
catch (Exception)
{
}
// Determine whether any of the demand set asserted. We do this by
// copying the demand set and removing anything in it that is asserted.
if (!permSet.IsUnrestricted())
{
PermissionSetEnumerator enumerator = (PermissionSetEnumerator)demandSet.GetEnumerator();
while (enumerator.MoveNext())
{
IPermission perm
= (IPermission)enumerator.Current;
int i = enumerator.GetCurrentIndex();
if (perm != null)
{
bool unrestricted = perm is System.Security.Permissions.IUnrestrictedPermission;
IPermission assertPerm
= (IPermission)permSet.GetPermission(i, unrestricted);
bool removeFromAlteredDemand = false;
try
{
removeFromAlteredDemand = perm.IsSubsetOf(assertPerm);
}
catch (Exception)
{
}
if (removeFromAlteredDemand)
{
if (alteredDemandSet == null)
alteredDemandSet = demandSet.Copy();
alteredDemandSet.RemovePermission(i, unrestricted);
}
}
}
}
}
return StackContinue;
}
internal PermissionSet CopyWithNoIdentityPermissions()
{
PermissionSet set = new PermissionSet(this);
set.RemovePermission(typeof(GacIdentityPermission));
set.RemovePermission(typeof(PublisherIdentityPermission));
set.RemovePermission(typeof(StrongNameIdentityPermission));
set.RemovePermission(typeof(UrlIdentityPermission));
set.RemovePermission(typeof(ZoneIdentityPermission));
return set;
}
internal static void RemoveAssertedPermissionSet(PermissionSet demandSet, PermissionSet assertSet, out PermissionSet alteredDemandSet)
{
alteredDemandSet = null;
PermissionSetEnumeratorInternal internal2 = new PermissionSetEnumeratorInternal(demandSet);
while (internal2.MoveNext())
{
CodeAccessPermission current = (CodeAccessPermission) internal2.Current;
int currentIndex = internal2.GetCurrentIndex();
if (current != null)
{
CodeAccessPermission permission = (CodeAccessPermission) assertSet.GetPermission(currentIndex);
try
{
if (current.CheckAssert(permission))
{
if (alteredDemandSet == null)
{
alteredDemandSet = demandSet.Copy();
}
alteredDemandSet.RemovePermission(currentIndex);
}
continue;
}
catch (ArgumentException)
{
continue;
}
}
}
}
public void RemovePermission_None ()
{
PermissionSet ps = new PermissionSet (PermissionState.None);
AssertNull ("Empty", ps.RemovePermission (typeof (SecurityPermission)));
SecurityPermission sp = new SecurityPermission (SecurityPermissionFlag.Assertion);
ps.AddPermission (sp);
SecurityPermission removed = (SecurityPermission) ps.RemovePermission (typeof (SecurityPermission));
AssertNotNull ("SecurityPermission", removed);
AssertEquals ("Flags", sp.Flags, removed.Flags);
AssertNull ("Empty-Again", ps.RemovePermission (typeof (SecurityPermission)));
}
