예제 #1
0
파일: Effect.cs 프로젝트: sososu/wpf
 /// <summary>
 /// Default constructor for an Effect.
 /// </summary>
 protected Effect()
 {
     // Effects are never allowed in partial trust scenarios.  So demand
     // UIWindow permission immediately in the ctor and get it
     // over with.
     SecurityHelper.DemandUIWindowPermission();
 }
        public ReadOnlyCollection <GestureRecognitionResult> Recognize(StrokeCollection strokes)
        {
            //
            // due to possible exploits in the Tablet PC Gesture recognizer's Recognize method,
            // we demand unmanaged code.
            //
            SecurityHelper.DemandUnmanagedCode();

            return(RecognizeImpl(strokes));
        }
 private static void DemandSecurityPermissionIfCustomPackage(Package package)
 {
     // Although ZipPackage is sealed and cannot be subclassed, we shouldn't depend on
     //  the "sealedness" of ZipPackage. Checking the object type is more reliable way
     //  than using "as" or "is" operator.
     if (package != null && package.GetType() != typeof(ZipPackage))
     {
         SecurityHelper.DemandEnvironmentPermission();
     }
 }
예제 #4
0
        internal static void SafeLaunchBrowserDemandWhenUnsafe(Uri originatingUri, Uri destinationUri, bool fIsTopLevel)
        {
            LaunchResult launched = LaunchResult.NotLaunched;

            launched = SafeLaunchBrowserOnlyIfPossible(originatingUri, destinationUri, fIsTopLevel);
            if (launched == LaunchResult.NotLaunched)
            {
                SecurityHelper.DemandUnmanagedCode();
                UnsafeLaunchBrowser(destinationUri);
            }
        }
예제 #5
0
        private void LoadFromFile(string fileName)
        {
            SecurityHelper.DemandFileIOReadPermission(fileName);

            // Load a Custom Cursor
            _cursorHandle = UnsafeNativeMethods.LoadImageCursor(IntPtr.Zero,
                                                                fileName,
                                                                NativeMethods.IMAGE_CURSOR,
                                                                0, 0,
                                                                NativeMethods.LR_DEFAULTCOLOR |
                                                                NativeMethods.LR_LOADFROMFILE |
                                                                (_scaleWithDpi? NativeMethods.LR_DEFAULTSIZE : 0x0000));

            int errorCode = Marshal.GetLastWin32Error();

            if (_cursorHandle == null || _cursorHandle.IsInvalid)
            {
                // Note: chandras 02/02/2005
                // Bug # 1016022: LoadImage returns a null handle but does not set
                // the error condition when icon file is of an incorrect type (e.g., .bmp)
                //
                // LoadImage has a bug where it doesn't set the correct error code
                // when a file is given that is not an ico file.  Icon load fails
                // but win32 error code is still zero (success).  Thus, we need to
                // special case this scenario.
                //
                if (errorCode != 0)
                {
                    if ((errorCode == NativeMethods.ERROR_FILE_NOT_FOUND) || (errorCode == NativeMethods.ERROR_PATH_NOT_FOUND))
                    {
                        throw new Win32Exception(errorCode, SR.Get(SRID.Cursor_LoadImageFailure, fileName));
                    }
                    else
                    {
                        throw new Win32Exception(errorCode);
                    }
                }
                else
                {
                    throw new ArgumentException(SR.Get(SRID.Cursor_LoadImageFailure, fileName));
                }
            }
        }
예제 #6
0
        private void LoadFromFile(string fileName)
        {
            SecurityHelper.DemandFileIOReadPermission(fileName);

            // Load a Custom Cursor
            _cursorHandle = UnsafeNativeMethods.LoadImageCursor(IntPtr.Zero,
                                                                fileName,
                                                                NativeMethods.IMAGE_CURSOR,
                                                                0, 0,
                                                                NativeMethods.LR_DEFAULTCOLOR |
                                                                NativeMethods.LR_LOADFROMFILE |
                                                                (_scaleWithDpi? NativeMethods.LR_DEFAULTSIZE : 0x0000));

            int errorCode = Marshal.GetLastWin32Error();

            if (_cursorHandle == null || _cursorHandle.IsInvalid)
            {
                // Note: chandras 02/02/2005
                //



                if (errorCode != 0)
                {
                    if ((errorCode == NativeMethods.ERROR_FILE_NOT_FOUND) || (errorCode == NativeMethods.ERROR_PATH_NOT_FOUND))
                    {
                        throw new Win32Exception(errorCode, SR.Get(SRID.Cursor_LoadImageFailure, fileName));
                    }
                    else
                    {
                        throw new Win32Exception(errorCode);
                    }
                }
                else
                {
                    throw new ArgumentException(SR.Get(SRID.Cursor_LoadImageFailure, fileName));
                }
            }
        }
예제 #7
0
 protected override void UpdateUnmanagedPropertyState(SafeHandle unmanagedEffect)
 {
     SecurityHelper.DemandUIWindowPermission();
 }
예제 #8
0
        public static DataFormat GetDataFormat(string format)
        {
            if (format == null)
            {
                throw new ArgumentNullException("format");
            }

            if (format == string.Empty)
            {
                throw new ArgumentException(SR.Get(SRID.DataObject_EmptyFormatNotAllowed));
            }

            // Ensures the predefined Win32 data formats into our format list.
            EnsurePredefined();

            // Lock the data format list to obtains the mutual-exclusion.
            lock (_formatListlock)
            {
                int formatId;
                int index;

                // It is much faster to do a case sensitive search here.  So do
                // the case sensitive compare first, then the expensive one.
                //
                for (int n = 0; n < _formatList.Count; n++)
                {
                    DataFormat formatItem;

                    formatItem = (DataFormat)_formatList[n];

                    if (formatItem.Name.Equals(format))
                    {
                        return(formatItem);
                    }
                }

                for (int n = 0; n < _formatList.Count; n++)
                {
                    DataFormat formatItem;

                    formatItem = (DataFormat)_formatList[n];

                    if (String.Compare(formatItem.Name, format, StringComparison.OrdinalIgnoreCase) == 0)
                    {
                        return(formatItem);
                    }
                }

                // In the most cases the default formats return earlier. If we got here
                // then this is an attempt to register a new format which is not ok in partial trust.
                SecurityHelper.DemandUnmanagedCode();
                // Reigster the this format string.
                formatId = UnsafeNativeMethods.RegisterClipboardFormat(format);

                if (formatId == 0)
                {
                    throw new System.ComponentModel.Win32Exception();
                }

                index = _formatList.Add(new DataFormat(format, formatId));

                return((DataFormat)_formatList[index]);
            }
        }
예제 #9
0
        private static LaunchResult CanNavigateToUrlWithZoneCheck(Uri originatingUri, Uri destinationUri)
        {
            LaunchResult launchResult = LaunchResult.NotLaunched;            // fail securely - assume this is the default.
            int          targetZone   = NativeMethods.URLZONE_LOCAL_MACHINE; // fail securely this is the most priveleged zone
            int          sourceZone   = NativeMethods.URLZONE_INTERNET;      // fail securely this is the least priveleged zone.
            bool         fEnabled     = true;

            EnsureSecurityManager();

            // is this feature enabled ?
            fEnabled = UnsafeNativeMethods.CoInternetIsFeatureEnabled(
                NativeMethods.FEATURE_ZONE_ELEVATION,
                NativeMethods.GET_FEATURE_FROM_PROCESS) != NativeMethods.S_FALSE;

            targetZone = MapUrlToZone(destinationUri);

            // Get source zone.

            // Initialize sourceUri to null so that source zone defaults to the least privileged zone.
            Uri sourceUri = null;

            // If the MimeType is not a container, attempt to find sourceUri.
            // sourceUri should be null for Container cases, since it always assumes
            // the least privileged zone (InternetZone).
            if (Application.Current.MimeType != MimeType.Document)
            {
                sourceUri = BrowserInteropHelper.Source;
            }
            else if (destinationUri.IsFile &&
                     System.IO.Path.GetExtension(destinationUri.LocalPath)
                     .Equals(DocumentStream.XpsFileExtension, StringComparison.OrdinalIgnoreCase))
            {
                // In this case we know the following:
                //  1) We are currently a Container
                //  2) The destination is a File and another Container

                // In this case we want to treat the destination as internet too so Container
                // can navigate to other Containers by passing zone checks
                targetZone = NativeMethods.URLZONE_INTERNET;
            }

            if (sourceUri != null)
            {
                sourceZone = MapUrlToZone(sourceUri);
            }
            else
            {
                // 2 potential ways to get here.
                //      a) We aren't a fusion hosted app. Assume full-trust.
                //      b) Some



                bool fTrusted = SecurityHelper.CheckUnmanagedCodePermission();

                if (fTrusted)
                {
                    return(LaunchResult.Launched);
                }
                else
                {
                    //
                    //  If we didn't get a SourceUri, we'll assume internet zone.
                    //  And use Source for the uri of origin.
                    //
                    //  This isn't quite right - but the sourceUri is only used to show a message to the user.
                    //  Worse case is confusing user experience. ( this uri is not used in the elevation determination).
                    //

                    sourceZone = NativeMethods.URLZONE_INTERNET;
                    sourceUri  = originatingUri;
                }
            }

            // <Notes from Trident>
            // ------------------------------
            // Check if there is a zone elevation.
            // Custom zones would have a higher value that URLZONE_UNTRUSTED, so this solution isn't quite complete.
            // However, we don't know of any product actively using custom zones, so rolling this out.
            // INTRANET and TRUSTED are treated as equals.
            // ------------------------------
            // </Notes from Trident>

            //
            // Note the negative logic - it first sees to see something is *not* a zone elevation.
            //
            if (
                // Even if feature is disabled.
                // We still block navigation to local machine.
                // IF source zone is internet or restricted.

                (!fEnabled &&
                 ((sourceZone != NativeMethods.URLZONE_INTERNET &&
                   sourceZone != NativeMethods.URLZONE_UNTRUSTED) ||
                  targetZone != NativeMethods.URLZONE_LOCAL_MACHINE)) ||

                // If feature is enabled
                // It's not a zone elevation if
                //     the zones are equal OR
                //        the zones are both less than restricted and
                //            the sourceZone is more trusted than Target OR
                //            sourceZone and TargetZone are both Intranet or Trusted
                //
                // per aganjam - Intranet and Trusted are treated as equivalent
                // as it was a common scenario for IE. ( website on intranet points to trusted site).
                //

                (fEnabled &&
                 (
                     sourceZone == targetZone ||
                     (
                         sourceZone <= NativeMethods.URLZONE_UNTRUSTED &&
                         targetZone <= NativeMethods.URLZONE_UNTRUSTED &&
                         (
                             sourceZone < targetZone ||
                             (
                                 (sourceZone == NativeMethods.URLZONE_TRUSTED || sourceZone == NativeMethods.URLZONE_INTRANET) &&
                                 (targetZone == NativeMethods.URLZONE_TRUSTED || targetZone == NativeMethods.URLZONE_INTRANET)
                             )
                         )
                     )
                 )))
            {
                // There is no zone elevation. You can launch away !
                return(LaunchResult.Launched);
            }

            launchResult = CheckBlockNavigation(sourceUri,
                                                destinationUri,
                                                fEnabled);

            return(launchResult);
        }
예제 #10
0
        public static Cursor Create(SafeHandle cursorHandle)
        {
            SecurityHelper.DemandUIWindowPermission();

            return(CriticalCreate(cursorHandle));
        }