internal static void CheckAssembly(RuntimeAssembly asm, CodeAccessPermission demand)
{
PermissionSet set;
PermissionSet set2;
asm.GetGrantSet(out set, out set2);
CheckHelper(set, set2, demand, PermissionToken.GetToken(demand), RuntimeMethodHandleInternal.EmptyHandle, asm, SecurityAction.Demand, true);
}
internal bool CheckDemand (CodeAccessPermission target)
{
if (target == null)
return false;
if (target.GetType () != this.GetType ())
return false;
return IsSubsetOf (target);
}
internal bool CheckAssert (CodeAccessPermission asserted)
{
if (asserted == null)
return false;
if (asserted.GetType () != this.GetType ())
return false;
return IsSubsetOf (asserted);
}
internal bool CheckDemand(CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandleInternal rmh)
{
if (!CheckAssert(this.AssertSet, demand, permToken))
{
return false;
}
CodeAccessSecurityEngine.CheckHelper(this.GrantSet, this.RefusedSet, demand, permToken, rmh, null, SecurityAction.Demand, true);
return true;
}
internal bool CheckDeny(CodeAccessPermission denied)
{
IPermission permission = this.Intersect(denied);
if (permission != null)
{
return permission.IsSubsetOf(null);
}
return true;
}
internal bool CheckDemand(CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandle rmh)
{
this.CompleteConstruction(null);
if (this.PLS != null)
{
this.PLS.CheckDemand(demand, permToken, rmh);
}
return false;
}
internal bool CheckDemandNoThrow(CodeAccessPermission demand)
{
PermissionToken permToken = null;
if (demand != null)
{
permToken = PermissionToken.GetToken(demand);
}
return this.m_firstPermSetTriple.CheckDemandNoThrow(demand, permToken);
}
internal bool CheckDemand(CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandleInternal rmh)
{
bool flag = this.CheckDemand2(demand, permToken, rmh, false);
if (flag)
{
flag = this.CheckDemand2(demand, permToken, rmh, true);
}
return flag;
}
internal static bool IsPermissionGranted(CodeAccessPermission requestedPermission)
{
try
{
// Try and get this permission
requestedPermission.Demand();
return true;
}
catch
{
return false;
}
}
/// <devdoc>
/// Loads a picture from the requested stream.
/// </devdoc>
private void LoadPicture(UnsafeNativeMethods.IStream stream)
{
if (stream == null)
{
throw new ArgumentNullException(nameof(stream));
}
try {
Guid g = typeof(UnsafeNativeMethods.IPicture).GUID;
UnsafeNativeMethods.IPicture picture = null;
new SecurityPermission(SecurityPermissionFlag.UnmanagedCode).Assert();
try {
picture = UnsafeNativeMethods.OleCreateIPictureIndirect(null, ref g, true);
UnsafeNativeMethods.IPersistStream ipictureAsIPersist = (UnsafeNativeMethods.IPersistStream)picture;
ipictureAsIPersist.Load(stream);
if (picture != null && picture.GetPictureType() == NativeMethods.Ole.PICTYPE_ICON)
{
IntPtr cursorHandle = picture.GetHandle();
Size picSize = GetIconSize(cursorHandle);
if (DpiHelper.IsScalingRequired)
{
picSize = DpiHelper.LogicalToDeviceUnits(picSize);
}
handle = SafeNativeMethods.CopyImageAsCursor(new HandleRef(this, cursorHandle), NativeMethods.IMAGE_CURSOR,
picSize.Width, picSize.Height, 0);
ownHandle = true;
}
else
{
throw new ArgumentException(string.Format(SR.InvalidPictureType,
"picture",
"Cursor"), "picture");
}
}
finally {
CodeAccessPermission.RevertAssert();
// destroy the picture...
if (picture != null)
{
Marshal.ReleaseComObject(picture);
}
}
}
catch (COMException e) {
Debug.Fail(e.ToString());
throw new ArgumentException(SR.InvalidPictureFormat, "stream", e);
}
}
// Returns true if OK to return from check, or false if
// permission-specific information must be checked.
internal static bool CheckUnrestricted(IUnrestrictedPermission grant, CodeAccessPermission demand)
{
// We return true here because we're defining a demand of null to
// automatically pass.
if (demand == null)
return true;
if (demand.GetType() != grant.GetType())
return false;
if (grant.IsUnrestricted())
return true;
if (((IUnrestrictedPermission)demand).IsUnrestricted())
throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().FullName), demand.GetType(), demand.ToXml().ToString());
return false;
}
internal bool CheckDemand(CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandleInternal rmh)
{
bool flag = true;
if (this.m_permSetTriples != null)
{
for (int i = 0; (i < this.m_permSetTriples.Count) && flag; i++)
{
flag = ((PermissionSetTriple) this.m_permSetTriples[i]).CheckDemand(demand, permToken, rmh);
}
}
else if (this.m_firstPermSetTriple != null)
{
flag = this.m_firstPermSetTriple.CheckDemand(demand, permToken, rmh);
}
return false;
}
internal static void Assert(CodeAccessPermission cap, ref StackCrawlMark stackMark)
{
FrameSecurityDescriptor descriptor = CheckNReturnSO(AssertPermissionToken, AssertPermission, ref stackMark, 1);
if (descriptor == null)
{
Environment.FailFast(Environment.GetResourceString("ExecutionEngine_MissingSecurityDescriptor"));
}
else
{
if (descriptor.HasImperativeAsserts())
{
throw new SecurityException(Environment.GetResourceString("Security_MustRevertOverride"));
}
descriptor.SetAssert(cap);
}
}
internal bool CheckDeny (CodeAccessPermission denied)
{
if (denied == null)
return true;
Type t = denied.GetType ();
if (t != this.GetType ())
return true;
IPermission inter = Intersect (denied);
if (inter == null)
return true;
// sadly that's not enough :( at this stage we must also check
// if an empty (PermissionState.None) is a subset of the denied
// (which is like a empty intersection looks like for flag based
// permissions, e.g. AspNetHostingPermission).
return denied.IsSubsetOf (PermissionBuilder.Create (t));
}
private static bool CheckAssert(PermissionSet pSet, CodeAccessPermission demand, PermissionToken permToken)
{
if (pSet != null)
{
pSet.CheckDecoded(demand, permToken);
CodeAccessPermission asserted = (CodeAccessPermission) pSet.GetPermission(demand);
try
{
if (pSet.IsUnrestricted() || demand.CheckAssert(asserted))
{
return false;
}
}
catch (ArgumentException)
{
}
}
return true;
}
internal static void PermitOnly(CodeAccessPermission cap, ref StackCrawlMark stackMark)
{
}
internal bool CheckDemandInternal(CodeAccessPermission demand)
{
Exception exception;
return(CheckDemandInternal(demand, out exception));
}
internal static int GetSpecialFlags(PermissionSet grantSet, PermissionSet deniedSet)
{
if ((grantSet != null && grantSet.IsUnrestricted()) && (deniedSet == null || deniedSet.IsEmpty()))
{
return(-1);
}
else
{
SecurityPermission securityPermission = null;
#pragma warning disable 618
SecurityPermissionFlag securityPermissionFlags = SecurityPermissionFlag.NoFlags;
#pragma warning restore 618
ReflectionPermission reflectionPermission = null;
ReflectionPermissionFlag reflectionPermissionFlags = ReflectionPermissionFlag.NoFlags;
CodeAccessPermission[] specialPermissions = new CodeAccessPermission[6];
if (grantSet != null)
{
if (grantSet.IsUnrestricted())
{
#pragma warning disable 618
securityPermissionFlags = SecurityPermissionFlag.AllFlags;
#pragma warning restore 618
reflectionPermissionFlags = ReflectionPermission.AllFlagsAndMore;
for (int i = 0; i < specialPermissions.Length; i++)
{
specialPermissions[i] = s_UnrestrictedSpecialPermissionMap[i];
}
}
else
{
securityPermission = grantSet.GetPermission(BuiltInPermissionIndex.SecurityPermissionIndex) as SecurityPermission;
if (securityPermission != null)
{
securityPermissionFlags = securityPermission.Flags;
}
reflectionPermission = grantSet.GetPermission(BuiltInPermissionIndex.ReflectionPermissionIndex) as ReflectionPermission;
if (reflectionPermission != null)
{
reflectionPermissionFlags = reflectionPermission.Flags;
}
for (int i = 0; i < specialPermissions.Length; i++)
{
specialPermissions[i] = grantSet.GetPermission(s_BuiltInPermissionIndexMap[i][0]) as CodeAccessPermission;
}
}
}
if (deniedSet != null)
{
if (deniedSet.IsUnrestricted())
{
#pragma warning disable 618
securityPermissionFlags = SecurityPermissionFlag.NoFlags;
#pragma warning restore 618
reflectionPermissionFlags = ReflectionPermissionFlag.NoFlags;
for (int i = 0; i < s_BuiltInPermissionIndexMap.Length; i++)
{
specialPermissions[i] = null;
}
}
else
{
securityPermission = deniedSet.GetPermission(BuiltInPermissionIndex.SecurityPermissionIndex) as SecurityPermission;
if (securityPermission != null)
{
securityPermissionFlags &= ~securityPermission.Flags;
}
reflectionPermission = deniedSet.GetPermission(BuiltInPermissionIndex.ReflectionPermissionIndex) as ReflectionPermission;
if (reflectionPermission != null)
{
reflectionPermissionFlags &= ~reflectionPermission.Flags;
}
for (int i = 0; i < s_BuiltInPermissionIndexMap.Length; i++)
{
CodeAccessPermission deniedSpecialPermission = deniedSet.GetPermission(s_BuiltInPermissionIndexMap[i][0]) as CodeAccessPermission;
if (deniedSpecialPermission != null && !deniedSpecialPermission.IsSubsetOf(null))
{
specialPermissions[i] = null; // we don't care about the exact value here.
}
}
}
}
int flags = MapToSpecialFlags(securityPermissionFlags, reflectionPermissionFlags);
if (flags != -1)
{
for (int i = 0; i < specialPermissions.Length; i++)
{
if (specialPermissions[i] != null && ((IUnrestrictedPermission)specialPermissions[i]).IsUnrestricted())
{
flags |= (1 << (int)s_BuiltInPermissionIndexMap[i][1]);
}
}
}
return(flags);
}
}
internal bool CheckDemandNoThrow(CodeAccessPermission demand, PermissionToken permToken)
{
return(CodeAccessSecurityEngine.CheckHelper(this.GrantSet, this.RefusedSet, demand, permToken, RuntimeMethodHandleInternal.EmptyHandle, null, SecurityAction.Demand, false));
}
public void AddPermission(CodeAccessPermission perm, int type)
{
//BCLDebug.Assert(type == MatchAssert || type == MatchDeny, "type == MatchAssert || type == MatchDeny");
// can't get token if perm is null
if (perm == null)
return;
PermissionToken permToken = PermissionToken.GetToken(perm);
PermissionList plist = GetListForToken(permToken, true);
plist.AppendPermission(perm, type);
}
public bool CheckDemand(CodeAccessPermission demand)
{
Exception exception;
PermissionToken permToken = null;
if (demand != null)
permToken = PermissionToken.GetToken(demand);
bool cont = CheckDemandInternal(demand, permToken, out exception);
if (exception != null)
{
throw exception;
}
return cont;
}
[System.Security.SecurityCritical] // auto-generated
internal static void Assert(CodeAccessPermission cap, ref StackCrawlMark stackMark)
{
// Make sure the caller of assert has the permission to assert
//WARNING: The placement of the call here is just right to check
// the appropriate frame.
// Note: if the "AssertPermission" is not a permission that implements IUnrestrictedPermission
// you need to change the last parameter to a zero.
Contract.Assert(AssertPermissionToken != null && AssertPermission != null, "Assert Permission not setup correctly");
FrameSecurityDescriptor secObj = CheckNReturnSO(AssertPermissionToken,
AssertPermission,
ref stackMark,
1 );
if (secObj == null)
{
// Security: REQ_SQ flag is missing. Bad compiler ?
// This can happen when you create delegates over functions that need the REQ_SQ
System.Environment.FailFast(Environment.GetResourceString("ExecutionEngine_MissingSecurityDescriptor"));
}
else
{
if (secObj.HasImperativeAsserts())
throw new SecurityException( Environment.GetResourceString( "Security_MustRevertOverride" ) );
secObj.SetAssert(cap);
}
}
internal bool CheckDemandInternal(CodeAccessPermission demand, PermissionToken permToken, bool createException, out Exception exception)
{
BCLDebug.Assert(demand != null, "demand != null");
BCLDebug.Assert(permToken != null, "permToken != null");
// First, find if there is a permission list of this type.
PermissionList permList = FindPermissionList(permToken);
if (permList != null)
{
// If so, check against it to determine our action.
bool cont = permList.CheckDemandInternal(demand, createException, out exception);
// We don't record modifiers for the unrestricted permission set in the
// individual lists. Therefore, permList.CheckDemandInternal may say
// that we have to continue the stackwalk, but we know better.
if (cont && permToken.m_isUnrestricted)
{
if ((m_state & PermissionListSetState.UnrestrictedDeny) != 0)
{
if (createException)
{
exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName));
}
else
{
exception = GetStaticException();
}
return(false);
}
else
{
cont = cont && ((m_state & PermissionListSetState.UnrestrictedAssert) == 0);
}
}
return(cont);
}
#if _DEBUG
// Let's check to make sure we always pass demands for empty permissions.
else if (demand.IsSubsetOf(null))
{
BCLDebug.Assert(false, "We should pick of empty demands before this point");
exception = null;
return(true);
}
#endif
// If the permission is not unrestricted, the lack of a permission list
// denotes that no frame on the stack granted this permission, and therefore
// we pass back the failure condition.
else if (!permToken.m_isUnrestricted)
{
if (createException)
{
exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName));
}
else
{
exception = GetStaticException();
}
return(false);
}
// If this permission list set is not unrestricted and there is no unrestricted assert
// then the lack of a permission list denotes that no frame on the stack granted
// this permission, and therefore we pass back the failure condition. If there is
// an unrestricted assert, then we pass back success and terminate the stack walk.
else if (!this.IsUnrestricted())
{
if (createException)
{
exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName));
}
else
{
exception = GetStaticException();
}
return(false);
}
// If we made it all the way through, that means that we are in the unrestricted
// state and that this permission is encompassed in that. If we have an unrestricted
// assert, we are done with the state walk (return false), otherwise keep going.
exception = null;
return((m_state & PermissionListSetState.UnrestrictedAssert) == 0);
}
private static void CheckHelper(PermissionSet grantedSet,
PermissionSet deniedSet,
CodeAccessPermission demand,
PermissionToken permToken)
{
#if _DEBUG
if (debug)
{
DEBUG_OUT("Granted: ");
DEBUG_OUT(grantedSet.ToXml().ToString());
DEBUG_OUT("Denied: ");
DEBUG_OUT(deniedSet != null ? deniedSet.ToXml().ToString() : "<null>");
DEBUG_OUT("Demanded: ");
DEBUG_OUT(demand.ToString());
}
#endif
if (permToken == null)
{
permToken = PermissionToken.GetToken(demand);
}
// If PermissionSet is null, then module does not have Permissions... Fail check.
try
{
if (grantedSet == null)
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"));
}
else if (!grantedSet.IsUnrestricted() || !(demand is IUnrestrictedPermission))
{
// If we aren't unrestricted, there is a denied set, or our permission is not of the unrestricted
// variety, we need to do the proper callback.
BCLDebug.Assert(demand != null, "demand != null");
// Find the permission of matching type in the permission set.
CodeAccessPermission grantedPerm =
(CodeAccessPermission)grantedSet.GetPermission(permToken);
// If there isn't a matching permission in the set and our demand is not a subset of null (i.e. empty)
// then throw an exception.
if (grantedPerm == null)
{
if (!demand.IsSubsetOf(null))
{
throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString());
}
else
{
return;
}
}
// Call the check demand for our permission.
grantedPerm.CheckDemand(demand);
}
// Make the sure the permission is not denied.
if (deniedSet != null)
{
CodeAccessPermission deniedPerm =
(CodeAccessPermission)deniedSet.GetPermission(permToken);
if (deniedPerm != null)
{
if (deniedPerm.Intersect(demand) != null)
{
#if _DEBUG
if (debug)
{
DEBUG_OUT("Permission found in denied set");
}
#endif
throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString());
}
}
if (deniedSet.IsUnrestricted() && (demand is IUnrestrictedPermission))
{
throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString());
}
}
}
catch (Exception e)
{
// Any exception besides a security exception in this code means that
// a permission was unable to properly handle what we asked of it.
// We will define this to mean that the demand failed.
if (e is SecurityException)
{
throw e;
}
else
{
throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString());
}
}
DEBUG_OUT("Check passed");
}
private extern void Check(PermissionToken permToken,
CodeAccessPermission demand,
ref StackCrawlMark stackMark,
int checkFrames,
int unrestrictedOverride);
internal bool CheckDemandNoThrow(CodeAccessPermission demand, PermissionToken permToken)
{
BCLDebug.Assert(AssertSet == null, "AssertSet not null");
return(CodeAccessSecurityEngine.CheckHelper(GrantSet, RefusedSet, demand, permToken, s_emptyRMH, null, SecurityAction.Demand, false));
}
// FIXME what's it doing here? There's probably a reason this was added here.
static public void RevertAssert()
{
#if !DISABLE_CAS_USE
CodeAccessPermission.RevertAssert();
#endif
}
[System.Security.SecurityCritical] // auto-generated
#pragma warning disable 618
internal static bool CheckHelper(PermissionSet grantedSet,
#pragma warning restore 618
PermissionSet refusedSet,
CodeAccessPermission demand,
PermissionToken permToken,
RuntimeMethodHandleInternal rmh,
Object assemblyOrString,
SecurityAction action,
bool throwException)
{
// We should never get here with a null demand
Contract.Assert(demand != null, "Should not reach here with a null demand");
#if _DEBUG && FEATURE_CAS_POLICY
if (debug)
{
DEBUG_OUT("Granted: ");
DEBUG_OUT(grantedSet.ToXml().ToString());
DEBUG_OUT("Refused: ");
DEBUG_OUT(refusedSet != null ? refusedSet.ToXml().ToString() : "<null>");
DEBUG_OUT("Demanded: ");
DEBUG_OUT(demand.ToString());
}
#endif // _DEBUG && FEATURE_CAS_POLICY
if (permToken == null)
permToken = PermissionToken.GetToken(demand);
if (grantedSet != null)
grantedSet.CheckDecoded(permToken.m_index);
if (refusedSet != null)
refusedSet.CheckDecoded(permToken.m_index);
// If PermissionSet is null, then module does not have Permissions... Fail check.
bool bThreadSecurity = SecurityManager._SetThreadSecurity(false);
try
{
if (grantedSet == null)
{
if (throwException)
ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
else
return false;
}
else if (!grantedSet.IsUnrestricted())
{
// If we aren't unrestricted, there is a refused set, or our permission is not of the unrestricted
// variety, we need to do the proper callback.
Contract.Assert(demand != null,"demand != null");
// Find the permission of matching type in the permission set.
CodeAccessPermission grantedPerm =
(CodeAccessPermission)grantedSet.GetPermission(permToken);
// Make sure the demand has been granted
if (!demand.CheckDemand( grantedPerm ))
{
if (throwException)
ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
else
return false;
}
}
// Make the sure the permission is not refused.
if (refusedSet != null)
{
CodeAccessPermission refusedPerm =
(CodeAccessPermission)refusedSet.GetPermission(permToken);
if (refusedPerm != null)
{
if (!refusedPerm.CheckDeny(demand))
{
#if _DEBUG
if (debug)
DEBUG_OUT( "Permission found in refused set" );
#endif
if (throwException)
ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
else
return false;
}
}
if (refusedSet.IsUnrestricted())
{
if (throwException)
ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
else
return false;
}
}
}
catch (SecurityException)
{
throw;
}
catch (Exception)
{
// Any exception besides a security exception in this code means that
// a permission was unable to properly handle what we asked of it.
// We will define this to mean that the demand failed.
if (throwException)
ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
else
return false;
}
finally
{
if (bThreadSecurity)
SecurityManager._SetThreadSecurity(true);
}
DEBUG_OUT( "Check passed" );
return true;
}
[System.Security.SecurityCritical] // auto-generated
internal static void Check(CodeAccessPermission cap, ref StackCrawlMark stackMark)
{
Check(cap,
ref stackMark,
false);
}
private static bool CheckTokenBasedSets(TokenBasedSet thisSet, TokenBasedSet permSet, bool unrestricted, PermissionListSetState state, bool createException, out Exception exception, bool bNeedAlteredSet, out TokenBasedSet alteredSet)
{
alteredSet = null;
// If the set is empty, there is no reason to walk the
// stack.
if (permSet == null || permSet.FastIsEmpty())
{
if (bNeedAlteredSet)
{
alteredSet = new TokenBasedSet(1, 4);
}
exception = null;
return(false);
}
int permMaxIndex = permSet.GetMaxUsedIndex();
// Make a quick check to see if permSet definitely contains permissions that this set doesn't
if (permMaxIndex > thisSet.GetMaxUsedIndex())
{
// The only way we don't want to throw an exception is
// if we are unrestricted. Then, if we don't want to throw
// an exception we may want to terminate the stack walk
// based on an unrestricted assert.
if (unrestricted)
{
if (((state & PermissionListSetState.UnrestrictedAssert) != 0))
{
if (bNeedAlteredSet)
{
alteredSet = new TokenBasedSet(1, 4);
}
exception = null;
return(false);
}
else
{
exception = null;
return(true);
}
}
else
{
if (createException)
{
exception = new SecurityException(Environment.GetResourceString("Security_GenericNoType"));
}
else
{
exception = GetStaticException();
}
return(false);
}
}
bool continueStackWalk = false;
// We know that checking to <permMaxIndex> is sufficient because of above check
for (int i = 0; i <= permMaxIndex; i++)
{
Object obj = permSet.GetItem(i);
if (obj != null)
{
CodeAccessPermission cap = (CodeAccessPermission)obj;
PermissionList permList = (PermissionList)thisSet.GetItem(i);
if (permList != null)
{
bool tempContinue = permList.CheckDemandInternal(cap, createException, out exception);
if (exception != null)
{
return(false);
}
if (tempContinue)
{
// If we are supposed to continue the stack walk but there is an unrestricted
// deny, then we should fail.
if (((state & PermissionListSetState.UnrestrictedDeny) != 0) && (cap is IUnrestrictedPermission))
{
if (createException)
{
exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), cap.GetType().AssemblyQualifiedName));
}
else
{
exception = GetStaticException();
}
return(false);
}
continueStackWalk = true;
}
else if (((state & PermissionListSetState.UnrestrictedAssert) == 0) && (cap is IUnrestrictedPermission))
{
// We only want to build the altered set if we don't have an
// unrestricted assert because we know if we have an unrestricted
// assert and we don't throw an exception that the stackwalk should
// include no unrestricted permissions.
if (bNeedAlteredSet)
{
if (alteredSet == null)
{
alteredSet = CopyTokenBasedSet(permSet);
}
alteredSet.SetItem(i, null);
}
}
}
else
{
if (!unrestricted)
{
if (createException)
{
exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), cap.GetType().AssemblyQualifiedName));
}
else
{
exception = GetStaticException();
}
return(false);
}
}
}
}
exception = null;
return(continueStackWalk);
}
[System.Security.SecurityCritical] // auto-generated
internal static void PermitOnly(CodeAccessPermission cap, ref StackCrawlMark stackMark)
{
FrameSecurityDescriptor secObj =
SecurityRuntime.GetSecurityObjectForFrame(ref stackMark, true);
if (secObj == null)
{
// Security: REQ_SQ flag is missing. Bad compiler ?
// This can happen when you create delegates over functions that need the REQ_SQ
System.Environment.FailFast(Environment.GetResourceString("ExecutionEngine_MissingSecurityDescriptor"));
}
else
{
if (secObj.HasImperativeRestrictions())
throw new SecurityException( Environment.GetResourceString( "Security_MustRevertOverride" ) );
secObj.SetPermitOnly(cap);
}
}
private void AppendTokenBasedSets(TokenBasedSet thisSet, TokenBasedSet permSet, int type, bool unrestricted)
{
int thisMaxIndex = thisSet.GetMaxUsedIndex();
int permMaxIndex = permSet == null ? 0 : permSet.GetMaxUsedIndex();
int maxIndex = thisMaxIndex > permMaxIndex ? thisMaxIndex : permMaxIndex;
// Loop over the relevant indexes...
for (int i = 0; i <= maxIndex; i++)
{
PermissionList plist = (PermissionList)thisSet.GetItem(i);
CodeAccessPermission cap = permSet == null ? null : (CodeAccessPermission)permSet.GetItem(i);
if (plist == null)
{
if (this.m_unrestricted)
{
switch (type)
{
case PermissionList.MatchChecked:
case PermissionList.MatchPermitOnly:
plist = new PermissionList();
plist.AppendPermission(cap, type);
thisSet.SetItem(i, plist);
break;
case PermissionList.MatchDeny:
case PermissionList.MatchAssert:
if (cap != null)
{
plist = new PermissionList();
plist.AppendPermission(cap, type);
thisSet.SetItem(i, plist);
}
break;
default:
throw new ArgumentException(Environment.GetResourceString("Argument_InvalidPermissionListType"));
}
}
}
else
{
// A list already exists. All lists should have at least
// one element in them.
// Normally, only append if the permission is not null.
// However, if the type is Checked, then make sure the
// list is terminated with a permission, null or not.
switch (type)
{
case PermissionList.MatchChecked:
case PermissionList.MatchPermitOnly:
plist.AppendPermissionAndCompress(cap, type);
break;
case PermissionList.MatchDeny:
case PermissionList.MatchAssert:
if (cap != null)
{
plist.AppendPermissionAndCompress(cap, type);
}
break;
default:
throw new ArgumentException(Environment.GetResourceString("Argument_InvalidPermissionListType"));
}
}
}
}
internal bool CheckDemandNoThrow(CodeAccessPermission demand)
{
PermissionToken permToken = null;
if (demand != null)
permToken = PermissionToken.GetToken(demand);
return CheckDemandNoThrow(demand, permToken);
}
internal static int GetSpecialFlags(PermissionSet grantSet, PermissionSet deniedSet)
{
if (((grantSet != null) && grantSet.IsUnrestricted()) && ((deniedSet == null) || deniedSet.IsEmpty()))
{
return(-1);
}
SecurityPermission permission = null;
SecurityPermissionFlag noFlags = SecurityPermissionFlag.NoFlags;
ReflectionPermission permission2 = null;
ReflectionPermissionFlag reflectionPermissionFlags = ReflectionPermissionFlag.NoFlags;
CodeAccessPermission[] permissionArray = new CodeAccessPermission[6];
if (grantSet != null)
{
if (grantSet.IsUnrestricted())
{
noFlags = SecurityPermissionFlag.AllFlags;
reflectionPermissionFlags = ReflectionPermissionFlag.RestrictedMemberAccess | ReflectionPermissionFlag.AllFlags;
for (int i = 0; i < permissionArray.Length; i++)
{
permissionArray[i] = s_UnrestrictedSpecialPermissionMap[i];
}
}
else
{
permission = grantSet.GetPermission(6) as SecurityPermission;
if (permission != null)
{
noFlags = permission.Flags;
}
permission2 = grantSet.GetPermission(4) as ReflectionPermission;
if (permission2 != null)
{
reflectionPermissionFlags = permission2.Flags;
}
for (int j = 0; j < permissionArray.Length; j++)
{
permissionArray[j] = grantSet.GetPermission(s_BuiltInPermissionIndexMap[j][0]) as CodeAccessPermission;
}
}
}
if (deniedSet != null)
{
if (deniedSet.IsUnrestricted())
{
noFlags = SecurityPermissionFlag.NoFlags;
reflectionPermissionFlags = ReflectionPermissionFlag.NoFlags;
for (int k = 0; k < s_BuiltInPermissionIndexMap.Length; k++)
{
permissionArray[k] = null;
}
}
else
{
permission = deniedSet.GetPermission(6) as SecurityPermission;
if (permission != null)
{
noFlags &= ~permission.Flags;
}
permission2 = deniedSet.GetPermission(4) as ReflectionPermission;
if (permission2 != null)
{
reflectionPermissionFlags &= ~permission2.Flags;
}
for (int m = 0; m < s_BuiltInPermissionIndexMap.Length; m++)
{
CodeAccessPermission permission3 = deniedSet.GetPermission(s_BuiltInPermissionIndexMap[m][0]) as CodeAccessPermission;
if ((permission3 != null) && !permission3.IsSubsetOf(null))
{
permissionArray[m] = null;
}
}
}
}
int num5 = MapToSpecialFlags(noFlags, reflectionPermissionFlags);
if (num5 != -1)
{
for (int n = 0; n < permissionArray.Length; n++)
{
if ((permissionArray[n] != null) && ((IUnrestrictedPermission)permissionArray[n]).IsUnrestricted())
{
num5 |= ((int)1) << s_BuiltInPermissionIndexMap[n][1];
}
}
}
return(num5);
}
[System.Security.SecurityCritical] // auto-generated
internal bool CheckDemand(CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandleInternal rmh)
{
bool bRet = SecurityRuntime.StackContinue;
if (m_permSetTriples != null)
{
for (int i=0; (i < m_permSetTriples.Count && bRet != SecurityRuntime.StackHalt) ; i++)
{
PermissionSetTriple psTriple = (PermissionSetTriple)m_permSetTriples[i];
bRet = psTriple.CheckDemand(demand, permToken, rmh);
}
}
else if (m_firstPermSetTriple != null)
{
bRet = m_firstPermSetTriple.CheckDemand(demand, permToken, rmh);
}
return SecurityRuntime.StackHalt; // CS demand check always terminates the stackwalk
}
internal PermissionToken GetToken(Type cls, IPermission perm)
{
BCLDebug.Assert(cls != null, "Must pass in valid type");
IntPtr typePtr = cls.TypeHandle.Value;
object tok = m_handleTable[typePtr];
if (tok == null)
{
String typeStr = cls.AssemblyQualifiedName;
tok = m_tokenTable != null ? m_tokenTable[typeStr] : null; // Assumes asynchronous lookups are safe
if (tok == null)
{
lock (this)
{
if (m_tokenTable != null)
{
tok = m_tokenTable[typeStr]; // Make sure it wasn't just added
}
else
{
m_tokenTable = new Hashtable(m_size, 1.0f, new PermissionTokenKeyComparer(CultureInfo.InvariantCulture));
}
if (tok == null)
{
if (perm != null)
{
if (CodeAccessPermission.CanUnrestrictedOverride(perm))
{
tok = new PermissionToken(m_index++, PermissionTokenType.IUnrestricted, typeStr);
}
else
{
tok = new PermissionToken(m_index++, PermissionTokenType.Normal, typeStr);
}
}
else
{
if (cls.GetInterface(s_unrestrictedPermissionInferfaceName) != null)
{
tok = new PermissionToken(m_index++, PermissionTokenType.IUnrestricted, typeStr);
}
else
{
tok = new PermissionToken(m_index++, PermissionTokenType.Normal, typeStr);
}
}
m_tokenTable.Add(typeStr, tok);
m_indexTable.Add(m_index - 1, tok);
PermissionToken.s_tokenSet.SetItem(((PermissionToken)tok).m_index, tok);
}
if (!m_handleTable.Contains(typePtr))
{
m_handleTable.Add(typePtr, tok);
}
}
}
else
{
lock (this)
{
if (!m_handleTable.Contains(typePtr))
{
m_handleTable.Add(typePtr, tok);
}
}
}
}
if ((((PermissionToken)tok).m_type & PermissionTokenType.DontKnow) != 0)
{
if (perm != null)
{
BCLDebug.Assert(!(perm is IBuiltInPermission), "This should not be called for built-ins");
if (CodeAccessPermission.CanUnrestrictedOverride(perm))
{
((PermissionToken)tok).m_type = PermissionTokenType.IUnrestricted;
}
else
{
((PermissionToken)tok).m_type = PermissionTokenType.Normal;
}
((PermissionToken)tok).m_strTypeName = perm.GetType().AssemblyQualifiedName;
}
else
{
BCLDebug.Assert(cls.GetInterface("System.Security.Permissions.IBuiltInPermission") == null, "This shoudl not be called for built-ins");
if (cls.GetInterface(s_unrestrictedPermissionInferfaceName) != null)
{
((PermissionToken)tok).m_type = PermissionTokenType.IUnrestricted;
}
else
{
((PermissionToken)tok).m_type = PermissionTokenType.Normal;
}
((PermissionToken)tok).m_strTypeName = cls.AssemblyQualifiedName;
}
}
return((PermissionToken)tok);
}
internal static bool CheckHelper(PermissionSet grantedSet, PermissionSet refusedSet, CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandleInternal rmh, object assemblyOrString, SecurityAction action, bool throwException)
{
if (permToken == null)
{
permToken = PermissionToken.GetToken(demand);
}
if (grantedSet != null)
{
grantedSet.CheckDecoded(permToken.m_index);
}
if (refusedSet != null)
{
refusedSet.CheckDecoded(permToken.m_index);
}
bool flag = SecurityManager._SetThreadSecurity(false);
try
{
if (grantedSet == null)
{
if (!throwException)
{
return(false);
}
ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
}
else if (!grantedSet.IsUnrestricted())
{
CodeAccessPermission grant = (CodeAccessPermission)grantedSet.GetPermission(permToken);
if (!demand.CheckDemand(grant))
{
if (throwException)
{
ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
}
else
{
return(false);
}
}
}
if (refusedSet != null)
{
CodeAccessPermission permission = (CodeAccessPermission)refusedSet.GetPermission(permToken);
if ((permission != null) && !permission.CheckDeny(demand))
{
if (!throwException)
{
return(false);
}
ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
}
if (refusedSet.IsUnrestricted())
{
if (throwException)
{
ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
}
else
{
return(false);
}
}
}
}
catch (SecurityException)
{
throw;
}
catch (Exception)
{
if (throwException)
{
ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
}
else
{
return(false);
}
}
finally
{
if (flag)
{
SecurityManager._SetThreadSecurity(true);
}
}
return(true);
}
[System.Security.SecurityCritical] // auto-generated
#pragma warning disable 618
internal static bool CheckHelper(PermissionSet grantedSet,
#pragma warning restore 618
PermissionSet refusedSet,
CodeAccessPermission demand,
PermissionToken permToken,
RuntimeMethodHandleInternal rmh,
Object assemblyOrString,
SecurityAction action,
bool throwException)
{
// We should never get here with a null demand
Contract.Assert(demand != null, "Should not reach here with a null demand");
#if _DEBUG && FEATURE_CAS_POLICY
if (debug)
{
DEBUG_OUT("Granted: ");
DEBUG_OUT(grantedSet.ToXml().ToString());
DEBUG_OUT("Refused: ");
DEBUG_OUT(refusedSet != null ? refusedSet.ToXml().ToString() : "<null>");
DEBUG_OUT("Demanded: ");
DEBUG_OUT(demand.ToString());
}
#endif // _DEBUG && FEATURE_CAS_POLICY
if (permToken == null)
{
permToken = PermissionToken.GetToken(demand);
}
if (grantedSet != null)
{
grantedSet.CheckDecoded(permToken.m_index);
}
if (refusedSet != null)
{
refusedSet.CheckDecoded(permToken.m_index);
}
// If PermissionSet is null, then module does not have Permissions... Fail check.
bool bThreadSecurity = SecurityManager._SetThreadSecurity(false);
try
{
if (grantedSet == null)
{
if (throwException)
{
ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
}
else
{
return(false);
}
}
else if (!grantedSet.IsUnrestricted())
{
// If we aren't unrestricted, there is a refused set, or our permission is not of the unrestricted
// variety, we need to do the proper callback.
Contract.Assert(demand != null, "demand != null");
// Find the permission of matching type in the permission set.
CodeAccessPermission grantedPerm =
(CodeAccessPermission)grantedSet.GetPermission(permToken);
// Make sure the demand has been granted
if (!demand.CheckDemand(grantedPerm))
{
if (throwException)
{
ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
}
else
{
return(false);
}
}
}
// Make the sure the permission is not refused.
if (refusedSet != null)
{
CodeAccessPermission refusedPerm =
(CodeAccessPermission)refusedSet.GetPermission(permToken);
if (refusedPerm != null)
{
if (!refusedPerm.CheckDeny(demand))
{
#if _DEBUG
if (debug)
{
DEBUG_OUT("Permission found in refused set");
}
#endif
if (throwException)
{
ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
}
else
{
return(false);
}
}
}
if (refusedSet.IsUnrestricted())
{
if (throwException)
{
ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
}
else
{
return(false);
}
}
}
}
catch (SecurityException)
{
throw;
}
catch (Exception)
{
// Any exception besides a security exception in this code means that
// a permission was unable to properly handle what we asked of it.
// We will define this to mean that the demand failed.
if (throwException)
{
ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
}
else
{
return(false);
}
}
finally
{
if (bThreadSecurity)
{
SecurityManager._SetThreadSecurity(true);
}
}
DEBUG_OUT("Check passed");
return(true);
}
internal bool CheckDemand2(CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandleInternal rmh, bool fDeclarative)
{
PermissionSet permSet;
// If the demand is null, there is no need to continue
Debug.Assert(demand != null && !demand.CheckDemand(null), "Empty demands should have been filtered out by this point");
// decode imperative
if (GetPermitOnly(fDeclarative) != null)
{
GetPermitOnly(fDeclarative).CheckDecoded(demand, permToken);
}
if (GetDenials(fDeclarative) != null)
{
GetDenials(fDeclarative).CheckDecoded(demand, permToken);
}
if (GetAssertions(fDeclarative) != null)
{
GetAssertions(fDeclarative).CheckDecoded(demand, permToken);
}
// NOTE: See notes about exceptions and exception handling in FrameDescSetHelper
bool bThreadSecurity = SecurityManager._SetThreadSecurity(false);
// Check Reduction
try
{
permSet = GetPermitOnly(fDeclarative);
if (permSet != null)
{
CodeAccessPermission perm = (CodeAccessPermission)permSet.GetPermission(demand);
// If the permit only set does not contain the demanded permission, throw a security exception
if (perm == null)
{
if (!permSet.IsUnrestricted())
{
throw new SecurityException(String.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), null, permSet, SecurityRuntime.GetMethodInfo(rmh), demand, demand);
}
}
else
{
bool bNeedToThrow = true;
try
{
bNeedToThrow = !demand.CheckPermitOnly(perm);
}
catch (ArgumentException)
{
}
if (bNeedToThrow)
{
throw new SecurityException(String.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), null, permSet, SecurityRuntime.GetMethodInfo(rmh), demand, demand);
}
}
}
// Check Denials
permSet = GetDenials(fDeclarative);
if (permSet != null)
{
CodeAccessPermission perm = (CodeAccessPermission)permSet.GetPermission(demand);
// If an unrestricted set was denied and the demand implements IUnrestricted
if (permSet.IsUnrestricted())
{
throw new SecurityException(String.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), permSet, null, SecurityRuntime.GetMethodInfo(rmh), demand, demand);
}
// If the deny set does contain the demanded permission, throw a security exception
bool bNeedToThrow = true;
try
{
bNeedToThrow = !demand.CheckDeny(perm);
}
catch (ArgumentException)
{
}
if (bNeedToThrow)
{
throw new SecurityException(String.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), permSet, null, SecurityRuntime.GetMethodInfo(rmh), demand, demand);
}
}
if (GetAssertAllPossible())
{
return(SecurityRuntime.StackHalt);
}
permSet = GetAssertions(fDeclarative);
// Check Assertions
if (permSet != null)
{
CodeAccessPermission perm = (CodeAccessPermission)permSet.GetPermission(demand);
// If the assert set does contain the demanded permission, halt the stackwalk
try
{
if (permSet.IsUnrestricted() || demand.CheckAssert(perm))
{
return(SecurityRuntime.StackHalt);
}
}
catch (ArgumentException)
{
}
}
}
finally
{
if (bThreadSecurity)
{
SecurityManager._SetThreadSecurity(true);
}
}
return(SecurityRuntime.StackContinue);
}
internal bool CheckAssert(CodeAccessPermission asserted)
{
return(this.IsSubsetOf(asserted));
}
internal bool CheckDemandInternal(CodeAccessPermission demand, out Exception exception)
{
BCLDebug.Assert(m_head != null, "m_head != null");
for (PListNode pnext = m_head; pnext != null; pnext = pnext.next)
{
if (pnext.perm == null)
{
// If this is a grant set or a permit only, then we should fail since null indicates the empty permission.
if (pnext.type == MatchChecked || pnext.type == MatchPermitOnly)
{
BCLDebug.Assert(!demand.IsSubsetOf(null), "By the time we get here, demands that are subsets of null should have been terminated");
exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName));
return(false);
}
// If this is a deny, then we should fail since null indicates the unrestricted permission.
if (pnext.type == MatchDeny)
{
exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName));
return(false);
}
// If this is an assert, then we should return success and terminate the stack walk since
// null indicates the unrestricted permission.
if (pnext.type == MatchAssert)
{
exception = null;
return(false);
}
// If this is anything else, then we should act confused.
// This case is unexpected.
BCLDebug.Assert(false, "This case should never happen");
exception = new InvalidOperationException(Environment.GetResourceString("InvalidOperation_InvalidState"));
return(false);
}
CodeAccessPermission cap = pnext.perm;
switch (pnext.type)
{
case MatchChecked:
case MatchPermitOnly:
if (!demand.IsSubsetOf(cap))
{
exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName));
return(false);
}
break;
case MatchAssert:
if (demand.IsSubsetOf(cap))
{
exception = null;
return(false);
}
break;
case MatchDeny:
if (demand.Intersect(cap) != null)
{
exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName));
return(false);
}
break;
default:
// Illegal entry
exception = new InvalidOperationException(Environment.GetResourceString("InvalidOperation_InvalidState"));
return(false);
}
}
exception = null;
return(true);
}
internal bool CheckDemand(CodeAccessPermission grant)
{
return(this.IsSubsetOf(grant));
}
[System.Security.SecurityCritical] // auto-generated
#endif
#pragma warning disable 618
internal static void CheckHelper(Object notUsed,
#pragma warning restore 618
PermissionSet grantedSet,
PermissionSet refusedSet,
CodeAccessPermission demand,
PermissionToken permToken,
RuntimeMethodHandleInternal rmh,
RuntimeAssembly asm,
SecurityAction action)
{
// To reduce the amount of ifdef-code-churn, a dummy arg is used for the first parameter - instead of a CompressedStack object,
// we use a System.Object that should always be null. If we tried to change the signature of the function, there will need to be
// corresponding changes in VM (metasig.h, mscorlib.h, securitystackwalk.cpp, number of elements in the arg array, etc.)
Contract.Assert(notUsed == null, "Should not reach here with a non-null first arg which is the CompressedStack");
CheckHelper(grantedSet, refusedSet, demand, permToken, rmh, (Object)asm, action, true);
}
internal bool CheckPermitOnly(CodeAccessPermission permitted)
{
return(this.IsSubsetOf(permitted));
}
[System.Security.SecurityCritical] // auto-generated
internal static void CheckAssembly(RuntimeAssembly asm, CodeAccessPermission demand )
{
Contract.Assert( asm != null, "Must pass in a good assembly" );
Contract.Assert( demand != null, "Must pass in a good demand" );
PermissionSet granted, refused;
asm.GetGrantSet( out granted, out refused );
#pragma warning disable 618
CheckHelper( granted, refused, demand, PermissionToken.GetToken(demand), RuntimeMethodHandleInternal.EmptyHandle, asm, SecurityAction.Demand, true );
#pragma warning restore 618
}
public PermissionSet(PermissionState state) : this()
{
this.state = CodeAccessPermission.CheckPermissionState(state, true);
}
internal static extern FrameSecurityDescriptor CheckNReturnSO(PermissionToken permToken,
CodeAccessPermission demand,
ref StackCrawlMark stackMark,
int create );
private static void CheckTokenBasedSetHelper(bool ignoreGrants,
TokenBasedSet grants,
TokenBasedSet denied,
TokenBasedSet demands)
{
if (demands == null)
{
return;
}
TokenBasedSetEnumerator enumerator = (TokenBasedSetEnumerator)demands.GetEnum();
while (enumerator.MoveNext())
{
CodeAccessPermission demand = (CodeAccessPermission)enumerator.Current;
int index = enumerator.GetCurrentIndex();
if (demand != null)
{
try
{
// Check to make sure the permission was granted, unless we are supposed
// to ignore grants.
if (!ignoreGrants)
{
CodeAccessPermission grant
= grants != null ? (CodeAccessPermission)grants.GetItem(index) : null;
if (grant != null)
{
grant.CheckDemand(demand);
}
else
{
if (!demand.IsSubsetOf(null))
{
throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString());
}
}
}
// Check to make sure our permission was not denied.
if (denied != null)
{
CodeAccessPermission deny
= (CodeAccessPermission)denied.GetItem(index);
if (deny != null && deny.Intersect(demand) != null)
{
throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString());
}
}
}
catch (Exception e)
{
// Any exception besides a security exception in this code means that
// a permission was unable to properly handle what we asked of it.
// We will define this to mean that the demand failed.
if (e is SecurityException)
{
throw e;
}
else
{
throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString());
}
}
}
}
}
[System.Security.SecurityCritical] // auto-generated
internal static void Deny(CodeAccessPermission cap, ref StackCrawlMark stackMark)
{
#if FEATURE_CAS_POLICY
// Deny is only valid in legacy mode
if (!AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled)
{
throw new NotSupportedException(Environment.GetResourceString("NotSupported_CasDeny"));
}
#endif // FEATURE_CAS_POLICY
FrameSecurityDescriptor secObj =
SecurityRuntime.GetSecurityObjectForFrame(ref stackMark, true);
if (secObj == null)
{
// Security: REQ_SQ flag is missing. Bad compiler ?
// This can happen when you create delegates over functions that need the REQ_SQ
System.Environment.FailFast(Environment.GetResourceString("ExecutionEngine_MissingSecurityDescriptor"));
}
else
{
if (secObj.HasImperativeDenials())
throw new SecurityException( Environment.GetResourceString( "Security_MustRevertOverride" ) );
secObj.SetDeny(cap);
}
}
internal bool CheckDemand(CodeAccessPermission grant)
{
Contract.Assert(grant == null || grant.GetType().Equals(this.GetType()), "CheckDemand not defined for permissions of different type");
return(IsSubsetOf(grant));
}
internal bool CheckDemandInternal(CodeAccessPermission demand, PermissionToken permToken, out Exception exception)
{
BCLDebug.Assert(demand != null, "demand != null");
BCLDebug.Assert(permToken != null, "permToken != null");
// First, find if there is a permission list of this type.
PermissionList permList = FindPermissionList(permToken);
if (permList != null)
{
// If so, check against it to determine our action.
bool cont = permList.CheckDemandInternal(demand, out exception);
// We don't record modifiers for the unrestricted permission set in the
// individual lists. Therefore, permList.CheckDemandInternal may say
// that we have to continue the stackwalk, but we know better.
if (cont && permToken.m_isUnrestricted)
{
if ((m_state & PermissionListSetState.UnrestrictedDeny) != 0)
{
exception = new SecurityException(String.Format( Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName ) );
return false;
}
else
{
cont = cont && ((m_state & PermissionListSetState.UnrestrictedAssert) == 0);
}
}
return cont;
}
#if _DEBUG
// Let's check to make sure we always pass demands for empty permissions.
else if (demand.IsSubsetOf( null ))
{
BCLDebug.Assert( false, "We should pick of empty demands before this point" );
exception = null;
return true;
}
#endif
// If the permission is not unrestricted, the lack of a permission list
// denotes that no frame on the stack granted this permission, and therefore
// we pass back the failure condition.
else if (!permToken.m_isUnrestricted)
{
exception = new SecurityException(String.Format( Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName ) );
return false;
}
// If this permission list set is not unrestricted and there is no unrestricted assert
// then the lack of a permission list denotes that no frame on the stack granted
// this permission, and therefore we pass back the failure condition. If there is
// an unrestricted assert, then we pass back success and terminate the stack walk.
else if (!this.IsUnrestricted())
{
exception = new SecurityException(String.Format( Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName ) );
return false;
}
// If we made it all the way through, that means that we are in the unrestricted
// state and that this permission is encompassed in that. If we have an unrestricted
// assert, we are done with the state walk (return false), otherwise keep going.
exception = null;
return (m_state & PermissionListSetState.UnrestrictedAssert) == 0;
}
internal bool CheckAssert(CodeAccessPermission asserted)
{
Contract.Assert(asserted == null || asserted.GetType().Equals(this.GetType()), "CheckPermitOnly not defined for permissions of different type");
return(IsSubsetOf(asserted));
}
internal bool CheckDemand(CodeAccessPermission demand, PermissionToken permToken)
{
Exception exception;
bool cont = CheckDemandInternal( demand, permToken, out exception );
if (exception != null)
{
throw exception;
}
return cont;
}
internal static void CheckHelper(CompressedStack cs, PermissionSet grantedSet, PermissionSet refusedSet, CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandleInternal rmh, RuntimeAssembly asm, SecurityAction action)
{
if (cs != null)
{
cs.CheckDemand(demand, permToken, rmh);
}
else
{
CheckHelper(grantedSet, refusedSet, demand, permToken, rmh, asm, action, true);
}
}
internal bool CheckDemandNoThrow(CodeAccessPermission demand, PermissionToken permToken)
{
Exception exception;
CheckDemandInternal( demand, permToken, out exception );
return (exception == null);
}
internal static extern FrameSecurityDescriptor CheckNReturnSO(PermissionToken permToken, CodeAccessPermission demand, ref StackCrawlMark stackMark, int create);
[System.Security.SecurityCritical] // auto-generated
internal bool CheckDemandNoThrow(CodeAccessPermission demand)
{
// AppDomain permissions - no asserts. So there should only be one triple to work with
Contract.Assert(m_permSetTriples == null && m_firstPermSetTriple != null, "More than one PermissionSetTriple encountered in AD PermissionListSet");
PermissionToken permToken = null;
if (demand != null)
permToken = PermissionToken.GetToken(demand);
return m_firstPermSetTriple.CheckDemandNoThrow(demand, permToken);
}
internal static void Check(CodeAccessPermission cap, ref StackCrawlMark stackMark)
{
Check(cap, ref stackMark, false);
}
static public void RevertAssert()
{
CodeAccessPermission.RevertAssert();
}
// true - Check passes
// false - Check may fail, do a stackwalk
// It may look like we dont need three arguments here, but this is being done to
// avoid "is instance of" checks and casting
private bool PreCheck(CodeAccessPermission permObj,
PermissionSet permSetObj,
int capOrSet,
ref StackCrawlMark stackMark,
PermissionType permType)
{
//return false;
int status = 0;
PermissionListSet psl;
if (capOrSet == CHECK_CAP)
{
psl = GetDomainPermissionListSet(out status, permObj, capOrSet, permType);
}
else
{
psl = GetDomainPermissionListSet(out status, permSetObj, capOrSet, permType);
}
if (status == NEED_UPDATED_PLS)
{
psl = UpdateDomainPermissionListSet(out status);
}
if (status == DEMAND_PASSES || status == SECURITY_OFF)
{
return(true);
}
if (status == FULLY_TRUSTED)
{
if (capOrSet == CHECK_CAP)
{
if (permObj is IUnrestrictedPermission)
{
return(true);
}
}
else
{
if (permSetObj.CanUnrestrictedOverride() == 1)
{
return(true);
}
}
}
if (status == CONTINUE || status == FULLY_TRUSTED)
{
if (capOrSet == CHECK_CAP)
{
return(psl.CheckDemandNoThrow(permObj));
}
else
{
return(psl.CheckSetDemandNoThrow(permSetObj));
}
}
if (status == PLS_IS_BUSY)
{
return(false);
}
if (status == BELOW_THRESHOLD)
{
return(false);
}
if (status == MULTIPLE_DOMAINS)
{
return(false);
}
if (status == OVERRIDES_FOUND)
{
UpdateOverridesCount(ref stackMark);
return(false);
}
if (status == NEED_STACKWALK)
{
return(false);
}
BCLDebug.Assert(false, "Unexpected status from GetDomainPermissionListSet");
return(false);
}