|
public static GetToken ( IPermission perm ) : |
||
| perm | IPermission | |
| 리턴 | ||
// static default constructor. This will be called before any of the static members are accessed.
static CodeAccessSecurityEngine()
{
#pragma warning disable 618
AssertPermission = new SecurityPermission(SecurityPermissionFlag.Assertion);
#pragma warning restore 618
AssertPermissionToken = PermissionToken.GetToken(AssertPermission);
}
internal static void CheckAssembly(RuntimeAssembly asm, CodeAccessPermission demand)
{
PermissionSet newGrant;
PermissionSet newDenied;
asm.GetGrantSet(out newGrant, out newDenied);
CodeAccessSecurityEngine.CheckHelper(newGrant, newDenied, demand, PermissionToken.GetToken((IPermission)demand), RuntimeMethodHandleInternal.EmptyHandle, (object)asm, SecurityAction.Demand, true);
}
internal static void CheckAssembly(RuntimeAssembly asm, CodeAccessPermission demand)
{
PermissionSet set;
PermissionSet set2;
asm.GetGrantSet(out set, out set2);
CheckHelper(set, set2, demand, PermissionToken.GetToken(demand), RuntimeMethodHandleInternal.EmptyHandle, asm, SecurityAction.Demand, true);
}
internal static void CheckAssembly(RuntimeAssembly asm, CodeAccessPermission demand)
{
PermissionSet grantedSet;
PermissionSet refusedSet;
asm.GetGrantSet(out grantedSet, out refusedSet);
CodeAccessSecurityEngine.CheckHelper(grantedSet, refusedSet, demand, PermissionToken.GetToken(demand), RuntimeMethodHandleInternal.EmptyHandle, asm, SecurityAction.Demand, true);
}
public PermissionList RemovePermissionList(Type type)
{
if (type == null)
{
return(null);
}
return(RemovePermissionList(PermissionToken.GetToken(type)));
}
internal bool CheckDemandNoThrow(CodeAccessPermission demand)
{
PermissionToken permToken = (PermissionToken)null;
if (demand != null)
{
permToken = PermissionToken.GetToken((IPermission)demand);
}
return(this.m_firstPermSetTriple.CheckDemandNoThrow(demand, permToken));
}
internal bool CheckDemandNoThrow(CodeAccessPermission demand)
{
PermissionToken permToken = null;
if (demand != null)
{
permToken = PermissionToken.GetToken(demand);
}
return(CheckDemandNoThrow(demand, permToken));
}
internal static void CheckAssembly(Assembly asm, CodeAccessPermission demand)
{
BCLDebug.Assert(asm != null, "Must pass in a good assembly");
BCLDebug.Assert(demand != null, "Must pass in a good demand");
if (SecurityManager._IsSecurityOn())
{
PermissionSet granted, refused;
asm.nGetGrantSet(out granted, out refused);
CheckHelper(granted, refused, demand, PermissionToken.GetToken(demand), RuntimeMethodHandle.EmptyHandle, asm, SecurityAction.Demand, true);
}
}
internal static void CheckAssembly(Assembly asm, CodeAccessPermission demand)
{
BCLDebug.Assert(asm != null, "Must pass in a good assembly");
BCLDebug.Assert(demand != null, "Must pass in a good demand");
PermissionSet granted, denied;
asm.nGetGrantSet(out granted, out denied);
CheckHelper(granted, denied, demand, PermissionToken.GetToken(demand));
}
[System.Security.SecurityCritical] // auto-generated
internal static void CheckAssembly(RuntimeAssembly asm, CodeAccessPermission demand)
{
Contract.Assert(asm != null, "Must pass in a good assembly");
Contract.Assert(demand != null, "Must pass in a good demand");
PermissionSet granted, refused;
asm.GetGrantSet(out granted, out refused);
#pragma warning disable 618
CheckHelper(granted, refused, demand, PermissionToken.GetToken(demand), RuntimeMethodHandleInternal.EmptyHandle, asm, SecurityAction.Demand, true);
#pragma warning restore 618
}
internal IPermission ToPermission(bool ignoreTypeLoadFailures)
{
IPermission permission = XMLUtil.CreatePermission(this, PermissionState.None, ignoreTypeLoadFailures);
if (permission == null)
{
return(null);
}
permission.FromXml(this);
PermissionToken.GetToken(permission);
return(permission);
}
internal virtual void CheckImmediate(CodeAccessPermission cap, ref StackCrawlMark stackMark)
{
if (PreCheck(cap, null, CHECK_CAP, ref stackMark, PermissionType.DefaultFlag) == true)
{
return;
}
Check(PermissionToken.GetToken(cap),
cap,
ref stackMark,
ImmediateCheckCount,
(cap is IUnrestrictedPermission) ? 1 : 0);
}
public void AddPermission(CodeAccessPermission perm, int type)
{
//BCLDebug.Assert(type == MatchAssert || type == MatchDeny, "type == MatchAssert || type == MatchDeny");
// can't get token if perm is null
if (perm == null)
{
return;
}
PermissionToken permToken = PermissionToken.GetToken(perm);
PermissionList plist = GetListForToken(permToken, true);
plist.AppendPermission(perm, type);
}
[System.Security.SecurityCritical] // auto-generated
internal bool CheckDemandNoThrow(CodeAccessPermission demand)
{
// AppDomain permissions - no asserts. So there should only be one triple to work with
Contract.Assert(m_permSetTriples == null && m_firstPermSetTriple != null, "More than one PermissionSetTriple encountered in AD PermissionListSet");
PermissionToken permToken = null;
if (demand != null)
{
permToken = PermissionToken.GetToken(demand);
}
return(m_firstPermSetTriple.CheckDemandNoThrow(demand, permToken));
}
// Token: 0x06001D34 RID: 7476 RVA: 0x00065338 File Offset: 0x00063538
public void FromXml(SecurityElement elRoot)
{
elRoot.Tag.Equals("PermissionToken");
string text = elRoot.Attribute("Name");
PermissionToken permissionToken;
if (text != null)
{
permissionToken = PermissionToken.GetToken(text, true);
}
else
{
permissionToken = PermissionToken.FindTokenByIndex(int.Parse(elRoot.Attribute("Index"), CultureInfo.InvariantCulture));
}
this.m_index = permissionToken.m_index;
this.m_type = (PermissionTokenType)Enum.Parse(typeof(PermissionTokenType), elRoot.Attribute("Type"));
this.m_strTypeName = permissionToken.m_strTypeName;
}
internal IPermission ToPermission(bool ignoreTypeLoadFailures)
{
IPermission ip = XMLUtil.CreatePermission(this, PermissionState.None, ignoreTypeLoadFailures);
if (ip == null)
{
return(null);
}
ip.FromXml(this);
// Get the permission token here to ensure that the token
// type is updated appropriately now that we've loaded the type.
PermissionToken token = PermissionToken.GetToken(ip);
BCLDebug.Assert((token.m_type & PermissionTokenType.DontKnow) == 0, "Token type not properly assigned");
return(ip);
}
internal static void GetZoneAndOriginHelper(CompressedStack cs, PermissionSet grantSet, PermissionSet refusedSet, ArrayList zoneList, ArrayList originList)
{
if (cs != null)
{
cs.GetZoneAndOrigin(zoneList, originList, PermissionToken.GetToken(typeof(ZoneIdentityPermission)), PermissionToken.GetToken(typeof(UrlIdentityPermission)));
return;
}
ZoneIdentityPermission zoneIdentityPermission = (ZoneIdentityPermission)grantSet.GetPermission(typeof(ZoneIdentityPermission));
UrlIdentityPermission urlIdentityPermission = (UrlIdentityPermission)grantSet.GetPermission(typeof(UrlIdentityPermission));
if (zoneIdentityPermission != null)
{
zoneList.Add(zoneIdentityPermission.SecurityZone);
}
if (urlIdentityPermission != null)
{
originList.Add(urlIdentityPermission.Url);
}
}
public bool CheckDemand(CodeAccessPermission demand)
{
Exception exception;
PermissionToken permToken = null;
if (demand != null)
{
permToken = PermissionToken.GetToken(demand);
}
bool cont = CheckDemandInternal(demand, permToken, true, out exception);
if (exception != null)
{
throw exception;
}
return(cont);
}
internal static void GetZoneAndOriginHelper(CompressedStack cs, PermissionSet grantSet, PermissionSet refusedSet, ArrayList zoneList, ArrayList originList)
{
if (cs != null)
{
cs.GetZoneAndOrigin(zoneList, originList, PermissionToken.GetToken(typeof(ZoneIdentityPermission)), PermissionToken.GetToken(typeof(UrlIdentityPermission)));
}
else
{
ZoneIdentityPermission identityPermission1 = (ZoneIdentityPermission)grantSet.GetPermission(typeof(ZoneIdentityPermission));
UrlIdentityPermission identityPermission2 = (UrlIdentityPermission)grantSet.GetPermission(typeof(UrlIdentityPermission));
if (identityPermission1 != null)
{
zoneList.Add((object)identityPermission1.SecurityZone);
}
if (identityPermission2 == null)
{
return;
}
originList.Add((object)identityPermission2.Url);
}
}
// This is a special version of Check that knows whats the permission being demanded.
// We first check if we know the result from last time, if not do the regular thing
// Looks similar to COMCodeAccessSecurityEngine::SpecialDemand in the EE
internal virtual void Check(CodeAccessPermission cap, ref StackCrawlMark stackMark, PermissionType permType)
{
int timeStamp = 0;
if (GetResult(permType, out timeStamp) == true)
{
return;
}
if (PreCheck(cap, null, CHECK_CAP, ref stackMark, permType) == true)
{
SetResult(permType, timeStamp);
return;
}
Check(PermissionToken.GetToken(cap),
cap,
ref stackMark,
DeepCheckCount,
(cap is IUnrestrictedPermission) ? 1 : 0);
}
// static default constructor. This will be called before any of the static members are accessed.
static CodeAccessSecurityEngine()
{
AssertPermission = new SecurityPermission(SecurityPermissionFlag.Assertion);
AssertPermissionToken = PermissionToken.GetToken(AssertPermission);
}
internal static bool CheckHelper(PermissionSet grantedSet, PermissionSet refusedSet, CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandleInternal rmh, object assemblyOrString, SecurityAction action, bool throwException)
{
if (permToken == null)
{
permToken = PermissionToken.GetToken(demand);
}
if (grantedSet != null)
{
grantedSet.CheckDecoded(permToken.m_index);
}
if (refusedSet != null)
{
refusedSet.CheckDecoded(permToken.m_index);
}
bool flag = SecurityManager._SetThreadSecurity(false);
try
{
if (grantedSet == null)
{
if (!throwException)
{
return(false);
}
CodeAccessSecurityEngine.ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
}
else if (!grantedSet.IsUnrestricted())
{
CodeAccessPermission grant = (CodeAccessPermission)grantedSet.GetPermission(permToken);
if (!demand.CheckDemand(grant))
{
if (!throwException)
{
return(false);
}
CodeAccessSecurityEngine.ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
}
}
if (refusedSet != null)
{
CodeAccessPermission codeAccessPermission = (CodeAccessPermission)refusedSet.GetPermission(permToken);
if (codeAccessPermission != null && !codeAccessPermission.CheckDeny(demand))
{
if (!throwException)
{
return(false);
}
CodeAccessSecurityEngine.ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
}
if (refusedSet.IsUnrestricted())
{
if (!throwException)
{
return(false);
}
CodeAccessSecurityEngine.ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
}
}
}
catch (SecurityException)
{
throw;
}
catch (Exception)
{
if (!throwException)
{
return(false);
}
CodeAccessSecurityEngine.ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
}
finally
{
if (flag)
{
SecurityManager._SetThreadSecurity(true);
}
}
return(true);
}
public static PermissionToken GetToken(string typeStr)
{
return(PermissionToken.GetToken(typeStr, false));
}
public void FromXml(SecurityElement elRoot)
{
elRoot.Tag.Equals("PermissionToken");
string typeStr = elRoot.Attribute("Name");
PermissionToken permissionToken = typeStr == null?PermissionToken.FindTokenByIndex(int.Parse(elRoot.Attribute("Index"), (IFormatProvider)CultureInfo.InvariantCulture)) : PermissionToken.GetToken(typeStr, true);
this.m_index = permissionToken.m_index;
this.m_type = (PermissionTokenType)Enum.Parse(typeof(PermissionTokenType), elRoot.Attribute("Type"));
this.m_strTypeName = permissionToken.m_strTypeName;
}
public static bool IsTokenProperlyAssigned(IPermission perm, PermissionToken token)
{
PermissionToken token1 = PermissionToken.GetToken(perm);
return(token1.m_index == token.m_index && token.m_type == token1.m_type && (!(perm.GetType().Module.Assembly == Assembly.GetExecutingAssembly()) || token1.m_index < 17));
}
internal CodeAccessSecurityEngine()
{
InitSecurityEngine();
AssertPermission = new SecurityPermission(SecurityPermissionFlag.Assertion);
AssertPermissionToken = PermissionToken.GetToken(AssertPermission);
}
private static void CheckHelper(PermissionSet grantedSet,
PermissionSet deniedSet,
CodeAccessPermission demand,
PermissionToken permToken)
{
#if _DEBUG
if (debug)
{
DEBUG_OUT("Granted: ");
DEBUG_OUT(grantedSet.ToXml().ToString());
DEBUG_OUT("Denied: ");
DEBUG_OUT(deniedSet != null ? deniedSet.ToXml().ToString() : "<null>");
DEBUG_OUT("Demanded: ");
DEBUG_OUT(demand.ToString());
}
#endif
if (permToken == null)
{
permToken = PermissionToken.GetToken(demand);
}
// If PermissionSet is null, then module does not have Permissions... Fail check.
try
{
if (grantedSet == null)
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"));
}
else if (!grantedSet.IsUnrestricted() || !(demand is IUnrestrictedPermission))
{
// If we aren't unrestricted, there is a denied set, or our permission is not of the unrestricted
// variety, we need to do the proper callback.
BCLDebug.Assert(demand != null, "demand != null");
// Find the permission of matching type in the permission set.
CodeAccessPermission grantedPerm =
(CodeAccessPermission)grantedSet.GetPermission(permToken);
// If there isn't a matching permission in the set and our demand is not a subset of null (i.e. empty)
// then throw an exception.
if (grantedPerm == null)
{
if (!demand.IsSubsetOf(null))
{
throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString());
}
else
{
return;
}
}
// Call the check demand for our permission.
grantedPerm.CheckDemand(demand);
}
// Make the sure the permission is not denied.
if (deniedSet != null)
{
CodeAccessPermission deniedPerm =
(CodeAccessPermission)deniedSet.GetPermission(permToken);
if (deniedPerm != null)
{
if (deniedPerm.Intersect(demand) != null)
{
#if _DEBUG
if (debug)
{
DEBUG_OUT("Permission found in denied set");
}
#endif
throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString());
}
}
if (deniedSet.IsUnrestricted() && (demand is IUnrestrictedPermission))
{
throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString());
}
}
}
catch (Exception e)
{
// Any exception besides a security exception in this code means that
// a permission was unable to properly handle what we asked of it.
// We will define this to mean that the demand failed.
if (e is SecurityException)
{
throw e;
}
else
{
throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString());
}
}
DEBUG_OUT("Check passed");
}
public PermissionList FindPermissionList(Type permClass)
{
BCLDebug.Assert(permClass != null, "permClass != null");
return(FindPermissionList(PermissionToken.GetToken(permClass)));
}
[System.Security.SecurityCritical] // auto-generated
#pragma warning disable 618
internal static bool CheckHelper(PermissionSet grantedSet,
#pragma warning restore 618
PermissionSet refusedSet,
CodeAccessPermission demand,
PermissionToken permToken,
RuntimeMethodHandleInternal rmh,
Object assemblyOrString,
SecurityAction action,
bool throwException)
{
// We should never get here with a null demand
Contract.Assert(demand != null, "Should not reach here with a null demand");
#if _DEBUG && FEATURE_CAS_POLICY
if (debug)
{
DEBUG_OUT("Granted: ");
DEBUG_OUT(grantedSet.ToXml().ToString());
DEBUG_OUT("Refused: ");
DEBUG_OUT(refusedSet != null ? refusedSet.ToXml().ToString() : "<null>");
DEBUG_OUT("Demanded: ");
DEBUG_OUT(demand.ToString());
}
#endif // _DEBUG && FEATURE_CAS_POLICY
if (permToken == null)
{
permToken = PermissionToken.GetToken(demand);
}
if (grantedSet != null)
{
grantedSet.CheckDecoded(permToken.m_index);
}
if (refusedSet != null)
{
refusedSet.CheckDecoded(permToken.m_index);
}
// If PermissionSet is null, then module does not have Permissions... Fail check.
bool bThreadSecurity = SecurityManager._SetThreadSecurity(false);
try
{
if (grantedSet == null)
{
if (throwException)
{
ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
}
else
{
return(false);
}
}
else if (!grantedSet.IsUnrestricted())
{
// If we aren't unrestricted, there is a refused set, or our permission is not of the unrestricted
// variety, we need to do the proper callback.
Contract.Assert(demand != null, "demand != null");
// Find the permission of matching type in the permission set.
CodeAccessPermission grantedPerm =
(CodeAccessPermission)grantedSet.GetPermission(permToken);
// Make sure the demand has been granted
if (!demand.CheckDemand(grantedPerm))
{
if (throwException)
{
ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
}
else
{
return(false);
}
}
}
// Make the sure the permission is not refused.
if (refusedSet != null)
{
CodeAccessPermission refusedPerm =
(CodeAccessPermission)refusedSet.GetPermission(permToken);
if (refusedPerm != null)
{
if (!refusedPerm.CheckDeny(demand))
{
#if _DEBUG
if (debug)
{
DEBUG_OUT("Permission found in refused set");
}
#endif
if (throwException)
{
ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
}
else
{
return(false);
}
}
}
if (refusedSet.IsUnrestricted())
{
if (throwException)
{
ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
}
else
{
return(false);
}
}
}
}
catch (SecurityException)
{
throw;
}
catch (Exception)
{
// Any exception besides a security exception in this code means that
// a permission was unable to properly handle what we asked of it.
// We will define this to mean that the demand failed.
if (throwException)
{
ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
}
else
{
return(false);
}
}
finally
{
if (bThreadSecurity)
{
SecurityManager._SetThreadSecurity(true);
}
}
DEBUG_OUT("Check passed");
return(true);
}
