/// <summary>Resolves policy for the code group and its descendants for a set of evidence.</summary> /// <returns>A policy statement consisting of the permissions granted by the code group with optional attributes, or null if the code group does not apply (the membership condition does not match the specified evidence).</returns> /// <param name="evidence">The evidence for the assembly. </param> /// <exception cref="T:System.ArgumentNullException">The <paramref name="evidence" /> parameter is null. </exception> /// <exception cref="T:System.Security.Policy.PolicyException">More than one code group (including the parent code group and any child code groups) is marked <see cref="F:System.Security.Policy.PolicyStatementAttribute.Exclusive" />. </exception> /// <PermissionSet> /// <IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="UnmanagedCode" /> /// </PermissionSet> public override PolicyStatement Resolve(Evidence evidence) { if (evidence == null) { throw new ArgumentNullException("evidence"); } if (!base.MembershipCondition.Check(evidence)) { return(null); } PermissionSet permissionSet = base.PolicyStatement.PermissionSet.Copy(); if (base.Children.Count > 0) { foreach (object obj in base.Children) { CodeGroup codeGroup = (CodeGroup)obj; PolicyStatement policyStatement = codeGroup.Resolve(evidence); if (policyStatement != null) { permissionSet = permissionSet.Union(policyStatement.PermissionSet); } } } PolicyStatement policyStatement2 = base.PolicyStatement.Copy(); policyStatement2.PermissionSet = permissionSet; return(policyStatement2); }
public PolicyStatement Resolve(Evidence evidence) { if (evidence == null) { throw new ArgumentNullException("evidence"); } PolicyStatement ps = root_code_group.Resolve(evidence); return((ps != null) ? ps : PolicyStatement.Empty()); }
/// <summary>Resolves matching code groups.</summary> /// <returns>A <see cref="T:System.Security.Policy.CodeGroup" /> that is the root of the tree of matching code groups.</returns> /// <param name="evidence">The evidence for the assembly. </param> /// <exception cref="T:System.ArgumentNullException">The <paramref name="evidence" /> parameter is null. </exception> public override CodeGroup ResolveMatchingCodeGroups(Evidence evidence) { if (evidence == null) { throw new ArgumentNullException("evidence"); } if (!base.MembershipCondition.Check(evidence)) { return(null); } foreach (object obj in base.Children) { CodeGroup codeGroup = (CodeGroup)obj; if (codeGroup.Resolve(evidence) != null) { return(codeGroup.Copy()); } } return(this.CopyNoChildren()); }
/// <summary>Resolves policy for the code group and its descendants for a set of evidence.</summary> /// <returns>A policy statement consisting of the permissions granted by the code group with optional attributes, or null if the code group does not apply (the membership condition does not match the specified evidence).</returns> /// <param name="evidence">The evidence for the assembly. </param> /// <exception cref="T:System.ArgumentNullException">The <paramref name="evidence" /> parameter is null. </exception> /// <exception cref="T:System.Security.Policy.PolicyException">More than one code group (including the parent code group and any child code groups) is marked <see cref="F:System.Security.Policy.PolicyStatementAttribute.Exclusive" />. </exception> /// <PermissionSet> /// <IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.3600.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="UnmanagedCode" /> /// </PermissionSet> public override PolicyStatement Resolve(Evidence evidence) { if (evidence == null) { throw new ArgumentNullException("evidence"); } if (!base.MembershipCondition.Check(evidence)) { return(null); } foreach (object obj in base.Children) { CodeGroup codeGroup = (CodeGroup)obj; PolicyStatement policyStatement = codeGroup.Resolve(evidence); if (policyStatement != null) { return(policyStatement); } } return(base.PolicyStatement); }
[System.Security.SecurityCritical] // auto-generated internal void ParseChildren() { lock (this) { ArrayList childrenList = ArrayList.Synchronized(new ArrayList()); if (m_element != null && m_element.InternalChildren != null) { // We set the elements childrenList to a list that contains no code groups that are in // assemblies that have not yet been loaded. This guarantees that if // we recurse while loading the child code groups or their membership conditions // that we won't get back to this point to create an infinite recursion. m_element.Children = (ArrayList)m_element.InternalChildren.Clone(); // We need to keep track of which children are not parsed and created in our // first pass through the list of children, including what position they were // at originally so that we can add them back in as we do parse them. ArrayList unparsedChildren = ArrayList.Synchronized(new ArrayList()); Evidence evidence = new Evidence(); int childCount = m_element.InternalChildren.Count; int i = 0; while (i < childCount) { SecurityElement elGroup = (SecurityElement)m_element.Children[i]; if (elGroup.Tag.Equals("CodeGroup")) { // Using safe load here to guarantee that we don't load any assemblies that aren't // already loaded. If we find a code group or membership condition that is defined // in an assembly that is not yet loaded, we will remove the corresponding element // from the list of child elements as to avoid the infinite recursion, and then // add them back in later. CodeGroup group = System.Security.Util.XMLUtil.CreateCodeGroup(elGroup); if (group != null) { group.FromXml(elGroup, m_parentLevel); // We want to touch the membership condition to make sure it is loaded // before we put the code group in a place where Resolve will touch it. // This is critical in negotiating our recursive resolve scenario. if (ParseMembershipCondition(true)) { // In addition, we need to touch several methods to make sure they are jitted previous // to a Resolve happening with this code gropu in the hierarchy. We can run into // recursive cases where if you have a method that touchs an assembly that does // a resolve at load time (permission request, execution checking) that you recurse around // and end up trying to jit the same method again. group.Resolve(evidence); group.MembershipCondition.Check(evidence); // Now it should be ok to add the group to the hierarchy. childrenList.Add(group); // Increment the count since we are done with this child ++i; } else { // Assembly that holds the membership condition is not loaded, remove // the child from the list. m_element.InternalChildren.RemoveAt(i); // Note: we do not increment the counter since the value at 'i' should // now be what was at 'i+1' previous to the RemoveAt( i ) above. However, // we do need to update the count of children in the list childCount = m_element.InternalChildren.Count; // Add this child to the unparsed child list. unparsedChildren.Add(new CodeGroupPositionMarker(i, childrenList.Count, elGroup)); } } else { // Assembly that holds the code group is not loaded, remove // the child from the list. m_element.InternalChildren.RemoveAt(i); // Note: we do not increment the counter since the value at 'i' should // now be what was at 'i+1' previous to the RemoveAt( i ) above. However, // we do need to update the count of children in the list childCount = m_element.InternalChildren.Count; // Add this child to the unparsed child list. unparsedChildren.Add(new CodeGroupPositionMarker(i, childrenList.Count, elGroup)); } } else { // The current tag is not an <CodeGroup> tag, so we just skip it. ++i; } } // Now we have parsed all the children that only use classes in already loaded // assemblies. Now go through the process of loading the needed classes (and // therefore assemblies) and building the objects in the order that they // appear in the list of children (which is the same as they now appear in the // list of unparsed children since we always added to the back of the list). // As each is parsed, add that child back into the list of children since they // can now be parsed without loading any additional assemblies. IEnumerator enumerator = unparsedChildren.GetEnumerator(); while (enumerator.MoveNext()) { CodeGroupPositionMarker marker = (CodeGroupPositionMarker)enumerator.Current; CodeGroup group = System.Security.Util.XMLUtil.CreateCodeGroup(marker.element); if (group != null) { group.FromXml(marker.element, m_parentLevel); // We want to touch the membership condition to make sure it is loaded // before we put the code group in a place where Resolve will touch it. // This is critical in negotiating our recursive resolve scenario. group.Resolve(evidence); group.MembershipCondition.Check(evidence); // Now it should be ok to add the group to the hierarchy. childrenList.Insert(marker.groupIndex, group); // Add the element back into the child list in the proper spot. m_element.InternalChildren.Insert(marker.elementIndex, marker.element); } else { throw new ArgumentException(String.Format(CultureInfo.CurrentCulture, Environment.GetResourceString("Argument_FailedCodeGroup"), marker.element.Attribute("class"))); } } } m_children = childrenList; } }
internal void ParseChildren() { lock (this) { ArrayList list = ArrayList.Synchronized(new ArrayList()); if ((this.m_element != null) && (this.m_element.InternalChildren != null)) { this.m_element.Children = (ArrayList)this.m_element.InternalChildren.Clone(); ArrayList list2 = ArrayList.Synchronized(new ArrayList()); Evidence evidence = new Evidence(); int count = this.m_element.InternalChildren.Count; int index = 0; while (index < count) { SecurityElement el = (SecurityElement)this.m_element.Children[index]; if (el.Tag.Equals("CodeGroup")) { CodeGroup group = XMLUtil.CreateCodeGroup(el); if (group != null) { group.FromXml(el, this.m_parentLevel); if (this.ParseMembershipCondition(true)) { group.Resolve(evidence); group.MembershipCondition.Check(evidence); list.Add(group); index++; } else { this.m_element.InternalChildren.RemoveAt(index); count = this.m_element.InternalChildren.Count; list2.Add(new CodeGroupPositionMarker(index, list.Count, el)); } } else { this.m_element.InternalChildren.RemoveAt(index); count = this.m_element.InternalChildren.Count; list2.Add(new CodeGroupPositionMarker(index, list.Count, el)); } } else { index++; } } IEnumerator enumerator = list2.GetEnumerator(); while (enumerator.MoveNext()) { CodeGroupPositionMarker current = (CodeGroupPositionMarker)enumerator.Current; CodeGroup group2 = XMLUtil.CreateCodeGroup(current.element); if (group2 == null) { throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Environment.GetResourceString("Argument_FailedCodeGroup"), new object[] { current.element.Attribute("class") })); } group2.FromXml(current.element, this.m_parentLevel); group2.Resolve(evidence); group2.MembershipCondition.Check(evidence); list.Insert(current.groupIndex, group2); this.m_element.InternalChildren.Insert(current.elementIndex, current.element); } } this.m_children = list; } }
#pragma warning disable 618 internal static PolicyStatement ResolveCodeGroup(CodeGroup codeGroup, Evidence evidence) { // Custom code groups won't know how to mark the evidence they're using, so we need to // be pessimistic and mark it all as used if we encounter a code group from outside of mscorlib. if (codeGroup.GetType().Assembly != typeof(UnionCodeGroup).Assembly) { evidence.MarkAllEvidenceAsUsed(); } return codeGroup.Resolve(evidence); }
internal static PolicyStatement ResolveCodeGroup(CodeGroup codeGroup, Evidence evidence) { if (codeGroup.GetType().Assembly != typeof(UnionCodeGroup).Assembly) { evidence.MarkAllEvidenceAsUsed(); } return codeGroup.Resolve(evidence); }
internal void ParseChildren() { lock (this) { ArrayList local_2 = ArrayList.Synchronized(new ArrayList()); if (this.m_element != null && this.m_element.InternalChildren != null) { this.m_element.Children = (ArrayList)this.m_element.InternalChildren.Clone(); ArrayList local_3 = ArrayList.Synchronized(new ArrayList()); Evidence local_4 = new Evidence(); int local_5 = this.m_element.InternalChildren.Count; int local_6 = 0; while (local_6 < local_5) { SecurityElement local_8 = (SecurityElement)this.m_element.Children[local_6]; if (local_8.Tag.Equals("CodeGroup")) { CodeGroup local_9 = XMLUtil.CreateCodeGroup(local_8); if (local_9 != null) { local_9.FromXml(local_8, this.m_parentLevel); if (this.ParseMembershipCondition(true)) { local_9.Resolve(local_4); local_9.MembershipCondition.Check(local_4); local_2.Add((object)local_9); ++local_6; } else { this.m_element.InternalChildren.RemoveAt(local_6); local_5 = this.m_element.InternalChildren.Count; local_3.Add((object)new CodeGroupPositionMarker(local_6, local_2.Count, local_8)); } } else { this.m_element.InternalChildren.RemoveAt(local_6); local_5 = this.m_element.InternalChildren.Count; local_3.Add((object)new CodeGroupPositionMarker(local_6, local_2.Count, local_8)); } } else { ++local_6; } } foreach (CodeGroupPositionMarker item_0 in local_3) { CodeGroup local_11 = XMLUtil.CreateCodeGroup(item_0.element); if (local_11 == null) { throw new ArgumentException(string.Format((IFormatProvider)CultureInfo.CurrentCulture, Environment.GetResourceString("Argument_FailedCodeGroup"), (object)item_0.element.Attribute("class"))); } local_11.FromXml(item_0.element, this.m_parentLevel); local_11.Resolve(local_4); local_11.MembershipCondition.Check(local_4); local_2.Insert(item_0.groupIndex, (object)local_11); this.m_element.InternalChildren.Insert(item_0.elementIndex, (object)item_0.element); } } this.m_children = (IList)local_2; } }
internal void ParseChildren() { lock (this) { ArrayList arrayList = ArrayList.Synchronized(new ArrayList()); if (this.m_element != null && this.m_element.InternalChildren != null) { this.m_element.Children = (ArrayList)this.m_element.InternalChildren.Clone(); ArrayList arrayList2 = ArrayList.Synchronized(new ArrayList()); Evidence evidence = new Evidence(); int count = this.m_element.InternalChildren.Count; int i = 0; while (i < count) { SecurityElement securityElement = (SecurityElement)this.m_element.Children[i]; if (securityElement.Tag.Equals("CodeGroup")) { CodeGroup codeGroup = XMLUtil.CreateCodeGroup(securityElement); if (codeGroup != null) { codeGroup.FromXml(securityElement, this.m_parentLevel); if (this.ParseMembershipCondition(true)) { codeGroup.Resolve(evidence); codeGroup.MembershipCondition.Check(evidence); arrayList.Add(codeGroup); i++; } else { this.m_element.InternalChildren.RemoveAt(i); count = this.m_element.InternalChildren.Count; arrayList2.Add(new CodeGroupPositionMarker(i, arrayList.Count, securityElement)); } } else { this.m_element.InternalChildren.RemoveAt(i); count = this.m_element.InternalChildren.Count; arrayList2.Add(new CodeGroupPositionMarker(i, arrayList.Count, securityElement)); } } else { i++; } } foreach (object obj in arrayList2) { CodeGroupPositionMarker codeGroupPositionMarker = (CodeGroupPositionMarker)obj; CodeGroup codeGroup2 = XMLUtil.CreateCodeGroup(codeGroupPositionMarker.element); if (codeGroup2 == null) { throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Environment.GetResourceString("Argument_FailedCodeGroup"), codeGroupPositionMarker.element.Attribute("class"))); } codeGroup2.FromXml(codeGroupPositionMarker.element, this.m_parentLevel); codeGroup2.Resolve(evidence); codeGroup2.MembershipCondition.Check(evidence); arrayList.Insert(codeGroupPositionMarker.groupIndex, codeGroup2); this.m_element.InternalChildren.Insert(codeGroupPositionMarker.elementIndex, codeGroupPositionMarker.element); } } this.m_children = arrayList; } }