예제 #1
0
        // Returns a permission set containing only CAS-permissions. If possible
        // this is just the input set, otherwise a new set is allocated.
        private PermissionSet GetCasOnlySet()
        {
            if (!m_ContainsNonCas)
                return this;

            if (IsUnrestricted())
                return this;

            PermissionSet pset = new PermissionSet(false);

            PermissionSetEnumeratorInternal enumerator = new PermissionSetEnumeratorInternal(this);

            while (enumerator.MoveNext())
            {
                IPermission perm = (IPermission)enumerator.Current;

                if (perm is CodeAccessPermission)
                    pset.AddPermission(perm);
            }

            pset.m_CheckedForNonCas = true;
            pset.m_ContainsCas = !pset.IsEmpty();
            pset.m_ContainsNonCas = false;

            return pset;
        }
예제 #2
0
        [System.Security.SecurityCritical] // auto-generated
        #endif
        private static byte[] CreateSerialized(Object[] attrs,
                                               bool serialize,
                                               ref byte[] nonCasBlob,
                                               out PermissionSet casPset,
                                               HostProtectionResource fullTrustOnlyResources,
                                               bool allowEmptyPermissionSets)
        {
            // Create two new (empty) sets.
            casPset = null;
            PermissionSet nonCasPset = null;

            // Most security attributes generate a single permission. The
            // PermissionSetAttribute class generates an entire permission set we
            // need to merge, however.
            for (int i = 0; i < attrs.Length; i++)
            {
#pragma warning disable 618
                Contract.Assert(i == 0 || ((SecurityAttribute)attrs[i]).m_action == ((SecurityAttribute)attrs[i - 1]).m_action, "Mixed SecurityActions");
#pragma warning restore 618
                if (attrs[i] is PermissionSetAttribute)
                {
                    PermissionSet pset = ((PermissionSetAttribute)attrs[i]).CreatePermissionSet();
                    if (pset == null)
                        throw new ArgumentException( Environment.GetResourceString( "Argument_UnableToGeneratePermissionSet" ) );

                    PermissionSetEnumeratorInternal enumerator = new PermissionSetEnumeratorInternal(pset);

                    while (enumerator.MoveNext())
                    {
                        IPermission perm = (IPermission)enumerator.Current;
                        MergePermission(perm, serialize, ref casPset, ref nonCasPset);
                    }

                    if(casPset == null)
                        casPset = new PermissionSet(false);
                    if (pset.IsUnrestricted())
                        casPset.SetUnrestricted(true);
                }
                else
                {
#pragma warning disable 618
                    IPermission perm = ((SecurityAttribute)attrs[i]).CreatePermission();
#pragma warning restore 618
                    MergePermission(perm, serialize, ref casPset, ref nonCasPset);
                }
            }
            Contract.Assert(serialize || nonCasPset == null, "We shouldn't separate nonCAS permissions unless fSerialize is true");

            //
            // Filter HostProtection permission.  In the VM, some optimizations are done based upon these
            // declarative permission sets being NULL if they do not exist.  When filtering the permission
            // set if we end up with an empty set, we can the permission set NULL rather than returning the
            // empty set in order to enable those optimizations.
            //
            
            if(casPset != null)
            {
                casPset.FilterHostProtectionPermissions(fullTrustOnlyResources, HostProtectionResource.None);
                casPset.ContainsNonCodeAccessPermissions(); // make sure all declarative PermissionSets are checked for non-CAS so we can just check the flag from native code
                if (allowEmptyPermissionSets && casPset.IsEmpty())
                    casPset = null;
            }
            if(nonCasPset != null)
            {
                nonCasPset.FilterHostProtectionPermissions(fullTrustOnlyResources, HostProtectionResource.None);
                nonCasPset.ContainsNonCodeAccessPermissions(); // make sure all declarative PermissionSets are checked for non-CAS so we can just check the flag from native code
                if (allowEmptyPermissionSets && nonCasPset.IsEmpty())
                    nonCasPset = null;
            }

            // Serialize the set(s).
            byte[] casBlob = null;
            nonCasBlob = null;
#if FEATURE_CAS_POLICY
            if(serialize)
            {
                if(casPset != null)
                    casBlob = casPset.EncodeXml();
                if(nonCasPset != null)
                    nonCasBlob = nonCasPset.EncodeXml();
            }
#else // FEATURE_CAS_POLICY
            Contract.Assert(!serialize, "Cannot serialize permission sets on CoreCLR");
#endif // FEATURE_CAS_POLICY

            return casBlob;
        }
 public bool IsEmpty()
 {
     if (this.m_Unrestricted)
     {
         return false;
     }
     if ((this.m_permSet != null) && !this.m_permSet.FastIsEmpty())
     {
         PermissionSetEnumeratorInternal internal2 = new PermissionSetEnumeratorInternal(this);
         while (internal2.MoveNext())
         {
             IPermission current = (IPermission) internal2.Current;
             if (!current.IsSubsetOf(null))
             {
                 return false;
             }
         }
     }
     return true;
 }
예제 #4
0
        [System.Security.SecurityCritical] // auto-generated
        #endif
        public bool ContainsNonCodeAccessPermissions()
        {
            if (m_CheckedForNonCas)
                return m_ContainsNonCas;

            lock (this)
            {
                if (m_CheckedForNonCas)
                    return m_ContainsNonCas;

                m_ContainsCas = false;
                m_ContainsNonCas = false;

                if (IsUnrestricted())
                    m_ContainsCas = true;

                if (this.m_permSet != null)
                {
                    PermissionSetEnumeratorInternal enumerator = new PermissionSetEnumeratorInternal(this);

                    while (enumerator.MoveNext() && (!m_ContainsCas || !m_ContainsNonCas))
                    {
                        IPermission perm = enumerator.Current as IPermission;

                        if (perm != null)
                        {
                            if (perm is CodeAccessPermission)
                                m_ContainsCas = true;
                            else
                                m_ContainsNonCas = true;
                        }
                    }
                }

                m_CheckedForNonCas = true;
            }

            return m_ContainsNonCas;
        }
예제 #5
0
        public bool IsEmpty()
        {
            if (m_Unrestricted)
                return false;

            if (m_permSet == null || m_permSet.FastIsEmpty())
                return true;

            PermissionSetEnumeratorInternal enumerator = new PermissionSetEnumeratorInternal(this);

            while (enumerator.MoveNext())
            {
                IPermission perm = (IPermission)enumerator.Current;

                if (!perm.IsSubsetOf( null ))
                {
                    return false;
                }
            }

            return true;
        }
 internal PermissionSetEnumerator(PermissionSet permSet)
 {
     this.enm = new PermissionSetEnumeratorInternal(permSet);
 }
 public bool ContainsNonCodeAccessPermissions()
 {
     if (!this.m_CheckedForNonCas)
     {
         lock (this)
         {
             if (this.m_CheckedForNonCas)
             {
                 return this.m_ContainsNonCas;
             }
             this.m_ContainsCas = false;
             this.m_ContainsNonCas = false;
             if (this.IsUnrestricted())
             {
                 this.m_ContainsCas = true;
             }
             if (this.m_permSet != null)
             {
                 PermissionSetEnumeratorInternal internal2 = new PermissionSetEnumeratorInternal(this);
                 while (internal2.MoveNext() && (!this.m_ContainsCas || !this.m_ContainsNonCas))
                 {
                     IPermission current = internal2.Current as IPermission;
                     if (current != null)
                     {
                         if (current is CodeAccessPermission)
                         {
                             this.m_ContainsCas = true;
                         }
                         else
                         {
                             this.m_ContainsNonCas = true;
                         }
                     }
                 }
             }
             this.m_CheckedForNonCas = true;
         }
     }
     return this.m_ContainsNonCas;
 }
예제 #8
0
 internal static void RemoveAssertedPermissionSet(PermissionSet demandSet, PermissionSet assertSet, out PermissionSet alteredDemandSet)
 {
     Contract.Assert(!assertSet.IsUnrestricted(), "Cannot call this function if assertSet is unrestricted");
     alteredDemandSet = null;
     
     PermissionSetEnumeratorInternal enumerator = new PermissionSetEnumeratorInternal(demandSet);
     while (enumerator.MoveNext())
     {
         CodeAccessPermission demandDerm = (CodeAccessPermission)enumerator.Current;
         int i = enumerator.GetCurrentIndex();
         if (demandDerm != null)
         {
             CodeAccessPermission assertPerm
                 = (CodeAccessPermission)assertSet.GetPermission(i);
             try
             {
                 if (demandDerm.CheckAssert(assertPerm))
                 {
                     if (alteredDemandSet == null)
                         alteredDemandSet = demandSet.Copy();
     
                     alteredDemandSet.RemovePermission(i);
                 }
             }
             catch (ArgumentException)
             {
             }
         }
     }
     return;
 }
 internal bool CheckDeny(PermissionSet deniedSet, out IPermission firstPermThatFailed)
 {
     firstPermThatFailed = null;
     if (((deniedSet != null) && !deniedSet.FastIsEmpty()) && !this.FastIsEmpty())
     {
         if (this.m_Unrestricted && deniedSet.m_Unrestricted)
         {
             return false;
         }
         PermissionSetEnumeratorInternal internal2 = new PermissionSetEnumeratorInternal(this);
         while (internal2.MoveNext())
         {
             CodeAccessPermission current = internal2.Current as CodeAccessPermission;
             if ((current != null) && !current.IsSubsetOf(null))
             {
                 if (deniedSet.m_Unrestricted)
                 {
                     firstPermThatFailed = current;
                     return false;
                 }
                 CodeAccessPermission permission = (CodeAccessPermission) deniedSet.GetPermission(internal2.GetCurrentIndex());
                 if (!current.CheckDeny(permission))
                 {
                     firstPermThatFailed = current;
                     return false;
                 }
             }
         }
         if (this.m_Unrestricted)
         {
             PermissionSetEnumeratorInternal internal3 = new PermissionSetEnumeratorInternal(deniedSet);
             while (internal3.MoveNext())
             {
                 if (internal3.Current is IPermission)
                 {
                     return false;
                 }
             }
         }
     }
     return true;
 }
 internal SecurityElement ToXml(string permName)
 {
     SecurityElement element = new SecurityElement("PermissionSet");
     element.AddAttribute("class", permName);
     element.AddAttribute("version", "1");
     PermissionSetEnumeratorInternal internal2 = new PermissionSetEnumeratorInternal(this);
     if (this.m_Unrestricted)
     {
         element.AddAttribute("Unrestricted", "true");
     }
     while (internal2.MoveNext())
     {
         IPermission current = (IPermission) internal2.Current;
         if (!this.m_Unrestricted)
         {
             element.AddChild(current.ToXml());
         }
     }
     return element;
 }
 internal static PermissionSet RemoveRefusedPermissionSet(PermissionSet assertSet, PermissionSet refusedSet, out bool bFailedToCompress)
 {
     PermissionSet set = null;
     bFailedToCompress = false;
     if (assertSet == null)
     {
         return null;
     }
     if (refusedSet != null)
     {
         if (refusedSet.IsUnrestricted())
         {
             return null;
         }
         PermissionSetEnumeratorInternal internal2 = new PermissionSetEnumeratorInternal(refusedSet);
         while (internal2.MoveNext())
         {
             CodeAccessPermission current = (CodeAccessPermission) internal2.Current;
             int currentIndex = internal2.GetCurrentIndex();
             if (current != null)
             {
                 CodeAccessPermission permission = (CodeAccessPermission) assertSet.GetPermission(currentIndex);
                 try
                 {
                     if (current.Intersect(permission) == null)
                     {
                         continue;
                     }
                     if (current.Equals(permission))
                     {
                         if (set == null)
                         {
                             set = assertSet.Copy();
                         }
                         set.RemovePermission(currentIndex);
                         continue;
                     }
                     bFailedToCompress = true;
                     return assertSet;
                 }
                 catch (ArgumentException)
                 {
                     if (set == null)
                     {
                         set = assertSet.Copy();
                     }
                     set.RemovePermission(currentIndex);
                     continue;
                 }
             }
         }
     }
     if (set != null)
     {
         return set;
     }
     return assertSet;
 }
 internal static void RemoveAssertedPermissionSet(PermissionSet demandSet, PermissionSet assertSet, out PermissionSet alteredDemandSet)
 {
     alteredDemandSet = null;
     PermissionSetEnumeratorInternal internal2 = new PermissionSetEnumeratorInternal(demandSet);
     while (internal2.MoveNext())
     {
         CodeAccessPermission current = (CodeAccessPermission) internal2.Current;
         int currentIndex = internal2.GetCurrentIndex();
         if (current != null)
         {
             CodeAccessPermission permission = (CodeAccessPermission) assertSet.GetPermission(currentIndex);
             try
             {
                 if (current.CheckAssert(permission))
                 {
                     if (alteredDemandSet == null)
                     {
                         alteredDemandSet = demandSet.Copy();
                     }
                     alteredDemandSet.RemovePermission(currentIndex);
                 }
                 continue;
             }
             catch (ArgumentException)
             {
                 continue;
             }
         }
     }
 }
 internal static bool IsIntersectingAssertedPermissions(PermissionSet assertSet1, PermissionSet assertSet2)
 {
     bool flag = false;
     if ((assertSet1 != null) && (assertSet2 != null))
     {
         PermissionSetEnumeratorInternal internal2 = new PermissionSetEnumeratorInternal(assertSet2);
         while (internal2.MoveNext())
         {
             CodeAccessPermission current = (CodeAccessPermission) internal2.Current;
             int currentIndex = internal2.GetCurrentIndex();
             if (current != null)
             {
                 CodeAccessPermission permission = (CodeAccessPermission) assertSet1.GetPermission(currentIndex);
                 try
                 {
                     if ((permission != null) && !permission.Equals(current))
                     {
                         flag = true;
                     }
                     continue;
                 }
                 catch (ArgumentException)
                 {
                     flag = true;
                     continue;
                 }
             }
         }
     }
     return flag;
 }
예제 #14
0
 public virtual void CopyTo(Array array, int index)
 {
     if (array == null)
         throw new ArgumentNullException( "array" );
     Contract.EndContractBlock();
 
     PermissionSetEnumeratorInternal enumerator = new PermissionSetEnumeratorInternal(this);
     
     while (enumerator.MoveNext())
     {
         array.SetValue(enumerator.Current , index++ );
     }
 }
 public virtual void CopyTo(Array array, int index)
 {
     if (array == null)
     {
         throw new ArgumentNullException("array");
     }
     PermissionSetEnumeratorInternal internal2 = new PermissionSetEnumeratorInternal(this);
     while (internal2.MoveNext())
     {
         array.SetValue(internal2.Current, index++);
     }
 }
예제 #16
0
        internal static PermissionSet RemoveRefusedPermissionSet(PermissionSet assertSet, PermissionSet refusedSet, out bool bFailedToCompress)
        {
            Contract.Assert((assertSet == null || !assertSet.IsUnrestricted()), "Cannot be unrestricted here");
            PermissionSet retPs = null;
            bFailedToCompress = false;
            if (assertSet == null)
                return null;
            if (refusedSet != null)
            {
                if (refusedSet.IsUnrestricted())
                    return null; // we're refusing everything...cannot assert anything now.

                PermissionSetEnumeratorInternal enumerator = new PermissionSetEnumeratorInternal(refusedSet);
                while (enumerator.MoveNext())
                {
                    CodeAccessPermission refusedPerm = (CodeAccessPermission)enumerator.Current;
                    int i = enumerator.GetCurrentIndex();
                    if (refusedPerm != null)
                    {
                        CodeAccessPermission perm
                            = (CodeAccessPermission)assertSet.GetPermission(i);
                        try
                        {
                            if (refusedPerm.Intersect(perm) != null)
                            {
                                if (refusedPerm.Equals(perm))
                                {
                                    if (retPs == null)
                                        retPs = assertSet.Copy();
                
                                    retPs.RemovePermission(i);
                                }
                                else
                                {
                                    // Asserting a permission, part of which is already denied/refused
                                    // cannot compress this assert
                                    bFailedToCompress = true;
                                    return assertSet;
                                }
                            }
                        }
                        catch (ArgumentException)
                        {
                            // Any exception during removing a refused set from assert set => we play it safe and not assert that perm
                            if (retPs == null)
                                retPs = assertSet.Copy();
                            retPs.RemovePermission(i);
                        }
                    }
                }
            }
            if (retPs != null)
                return retPs;
            return assertSet;
        }  
 private static byte[] CreateSerialized(object[] attrs, bool serialize, ref byte[] nonCasBlob, out PermissionSet casPset, HostProtectionResource fullTrustOnlyResources, bool allowEmptyPermissionSets)
 {
     casPset = null;
     PermissionSet nonCasPset = null;
     for (int i = 0; i < attrs.Length; i++)
     {
         if (attrs[i] is PermissionSetAttribute)
         {
             PermissionSet permSet = ((PermissionSetAttribute) attrs[i]).CreatePermissionSet();
             if (permSet == null)
             {
                 throw new ArgumentException(Environment.GetResourceString("Argument_UnableToGeneratePermissionSet"));
             }
             PermissionSetEnumeratorInternal internal2 = new PermissionSetEnumeratorInternal(permSet);
             while (internal2.MoveNext())
             {
                 IPermission current = (IPermission) internal2.Current;
                 MergePermission(current, serialize, ref casPset, ref nonCasPset);
             }
             if (casPset == null)
             {
                 casPset = new PermissionSet(false);
             }
             if (permSet.IsUnrestricted())
             {
                 casPset.SetUnrestricted(true);
             }
         }
         else
         {
             MergePermission(((SecurityAttribute) attrs[i]).CreatePermission(), serialize, ref casPset, ref nonCasPset);
         }
     }
     if (casPset != null)
     {
         casPset.FilterHostProtectionPermissions(fullTrustOnlyResources, HostProtectionResource.None);
         casPset.ContainsNonCodeAccessPermissions();
         if (allowEmptyPermissionSets && casPset.IsEmpty())
         {
             casPset = null;
         }
     }
     if (nonCasPset != null)
     {
         nonCasPset.FilterHostProtectionPermissions(fullTrustOnlyResources, HostProtectionResource.None);
         nonCasPset.ContainsNonCodeAccessPermissions();
         if (allowEmptyPermissionSets && nonCasPset.IsEmpty())
         {
             nonCasPset = null;
         }
     }
     byte[] buffer = null;
     nonCasBlob = null;
     if (serialize)
     {
         if (casPset != null)
         {
             buffer = casPset.EncodeXml();
         }
         if (nonCasPset != null)
         {
             nonCasBlob = nonCasPset.EncodeXml();
         }
     }
     return buffer;
 }
예제 #18
0
 internal static bool IsIntersectingAssertedPermissions(PermissionSet assertSet1, PermissionSet assertSet2)
 {
     bool isIntersecting = false;
     if (assertSet1 != null && assertSet2 != null)
     {
         PermissionSetEnumeratorInternal enumerator = new PermissionSetEnumeratorInternal(assertSet2);
         while (enumerator.MoveNext())
         {
             CodeAccessPermission perm2 = (CodeAccessPermission)enumerator.Current;
             int i = enumerator.GetCurrentIndex();
             if (perm2 != null)
             {
                 CodeAccessPermission perm1
                     = (CodeAccessPermission)assertSet1.GetPermission(i);
                 try
                 {
                     if (perm1 != null && !perm1.Equals(perm2))
                     {
                         isIntersecting = true; // Same type of permission, but with different flags or something - cannot union them
                     }
                 }
                 catch (ArgumentException)
                 {
                     isIntersecting = true; //assume worst case
                 }
             }
         }
     }
     return isIntersecting;
     
 }
 private PermissionSet GetCasOnlySet()
 {
     if (!this.m_ContainsNonCas)
     {
         return this;
     }
     if (this.IsUnrestricted())
     {
         return this;
     }
     PermissionSet set = new PermissionSet(false);
     PermissionSetEnumeratorInternal internal2 = new PermissionSetEnumeratorInternal(this);
     while (internal2.MoveNext())
     {
         IPermission current = (IPermission) internal2.Current;
         if (current is CodeAccessPermission)
         {
             set.AddPermission(current);
         }
     }
     set.m_CheckedForNonCas = true;
     set.m_ContainsCas = !set.IsEmpty();
     set.m_ContainsNonCas = false;
     return set;
 }
예제 #20
0
        internal bool CheckDeny(PermissionSet deniedSet, out IPermission firstPermThatFailed)
        {
            firstPermThatFailed = null;
            if (deniedSet == null || deniedSet.FastIsEmpty() || this.FastIsEmpty())
                return true;

            if(this.m_Unrestricted && deniedSet.m_Unrestricted)
                return false;

            CodeAccessPermission permThis, permThat;
            PermissionSetEnumeratorInternal enumThis = new PermissionSetEnumeratorInternal(this);

            while (enumThis.MoveNext())
            {
                permThis = enumThis.Current as CodeAccessPermission;
                if(permThis == null || permThis.IsSubsetOf(null))
                    continue; // ignore non-CAS permissions in the grant set.
                if (deniedSet.m_Unrestricted)
                {
                    firstPermThatFailed = permThis;
                    return false;
                }
                permThat = (CodeAccessPermission)deniedSet.GetPermission(enumThis.GetCurrentIndex());
                if (!permThis.CheckDeny(permThat))
                {
                    firstPermThatFailed = permThis;
                    return false;
                }
            }
            if(this.m_Unrestricted)
            {
                PermissionSetEnumeratorInternal enumThat = new PermissionSetEnumeratorInternal(deniedSet);
                while (enumThat.MoveNext())
                {
                    if(enumThat.Current is IPermission)
                        return false;
                }
            }
            return true;
        }
예제 #21
0
        // internal helper which takes in the hardcoded permission name to avoid lookup at runtime
        // can be called from classes that derive from PermissionSet
        internal SecurityElement ToXml(String permName)
        {
            SecurityElement elTrunk = new SecurityElement("PermissionSet");
            elTrunk.AddAttribute( "class", permName );

            elTrunk.AddAttribute( "version", "1" );
        
            PermissionSetEnumeratorInternal enumerator = new PermissionSetEnumeratorInternal(this);
    
            if (m_Unrestricted)
            {
                elTrunk.AddAttribute(s_str_Unrestricted, "true" );
            }
   
            while (enumerator.MoveNext())
            {
                IPermission perm = (IPermission)enumerator.Current;

                if (!m_Unrestricted)
                    elTrunk.AddChild( perm.ToXml() );
            }
            return elTrunk;
        }
예제 #22
0
 internal PermissionSetEnumerator(PermissionSet permSet)
 {
     this.enm = new PermissionSetEnumeratorInternal(permSet);
 }
        private static byte[] CreateSerialized(Object[] attrs, bool serialize, ref byte[] nonCasBlob, out PermissionSet casPset, HostProtectionResource fullTrustOnlyResources)
        {
            // Create two new (empty) sets.
            casPset = null;
            PermissionSet nonCasPset = null;

            // Most security attributes generate a single permission. The
            // PermissionSetAttribute class generates an entire permission set we
            // need to merge, however.
            for (int i = 0; i < attrs.Length; i++)
            {
                BCLDebug.Assert(i == 0 || ((SecurityAttribute)attrs[i]).m_action == ((SecurityAttribute)attrs[i - 1]).m_action, "Mixed SecurityActions");
                if (attrs[i] is PermissionSetAttribute)
                {
                    PermissionSet pset = ((PermissionSetAttribute)attrs[i]).CreatePermissionSet();
                    if (pset == null)
                        throw new ArgumentException( Environment.GetResourceString( "Argument_UnableToGeneratePermissionSet" ) );

                    PermissionSetEnumeratorInternal enumerator = new PermissionSetEnumeratorInternal(pset);

                    while (enumerator.MoveNext())
                    {
                        IPermission perm = (IPermission)enumerator.Current;
                        MergePermission(perm, serialize, ref casPset, ref nonCasPset);
                    }

                    if(casPset == null)
                        casPset = new PermissionSet(false);
                    if (pset.IsUnrestricted())
                        casPset.SetUnrestricted(true);
                }
                else
                {
                    IPermission perm = ((SecurityAttribute)attrs[i]).CreatePermission();
                    MergePermission(perm, serialize, ref casPset, ref nonCasPset);
                }
            }
            BCLDebug.Assert(serialize || nonCasPset == null, "We shouldn't separate nonCAS permissions unless fSerialize is true");

            // Filter HostProtection permission
            if(casPset != null)
            {
                casPset.FilterHostProtectionPermissions(fullTrustOnlyResources, HostProtectionResource.None);
                casPset.ContainsNonCodeAccessPermissions(); // make sure all declarative PermissionSets are checked for non-CAS so we can just check the flag from native code
            }
            if(nonCasPset != null)
            {
                nonCasPset.FilterHostProtectionPermissions(fullTrustOnlyResources, HostProtectionResource.None);
                nonCasPset.ContainsNonCodeAccessPermissions(); // make sure all declarative PermissionSets are checked for non-CAS so we can just check the flag from native code
            }

            // Serialize the set(s).
            byte[] casBlob = null;
            nonCasBlob = null;
            if(serialize)
            {
                if(casPset != null)
                    casBlob = casPset.EncodeXml();
                if(nonCasPset != null)
                    nonCasBlob = nonCasPset.EncodeXml();
            }
            return casBlob;
        }