[System.Security.SecurityCritical] // auto-generated private void CheckPermission(RegistryInternalCheck check, string item, bool subKeyWritable, RegistryKeyPermissionCheck subKeyCheck) { bool demand = false; RegistryPermissionAccess access = RegistryPermissionAccess.NoAccess; string path = null; #if !FEATURE_CORECLR if (CodeAccessSecurityEngine.QuickCheckForAllDemands()) { return; // full trust fast path } #endif // !FEATURE_CORECLR switch (check) { // // Read/Write/Create SubKey Permission // case RegistryInternalCheck.CheckSubKeyReadPermission: if (remoteKey) { CheckUnmanagedCodePermission(); } else { BCLDebug.Assert(checkMode == RegistryKeyPermissionCheck.Default, "Should be called from a key opened under default mode only!"); BCLDebug.Assert(subKeyWritable == false, "subKeyWritable should be false (unused)"); BCLDebug.Assert(subKeyCheck == RegistryKeyPermissionCheck.Default, "subKeyCheck should be Default (unused)"); demand = true; GetSubKeyReadPermission(item, out access, out path); } break; case RegistryInternalCheck.CheckSubKeyWritePermission: if (remoteKey) { CheckUnmanagedCodePermission(); } else { BCLDebug.Assert(checkMode != RegistryKeyPermissionCheck.ReadSubTree, "We shouldn't allow creating sub key under read-only key!"); BCLDebug.Assert(subKeyWritable == false, "subKeyWritable should be false (unused)"); BCLDebug.Assert(subKeyCheck == RegistryKeyPermissionCheck.Default, "subKeyCheck should be Default (unused)"); if( checkMode == RegistryKeyPermissionCheck.Default) { demand = true; GetSubKeyWritePermission(item, out access, out path); } } break; case RegistryInternalCheck.CheckSubKeyCreatePermission: if (remoteKey) { CheckUnmanagedCodePermission(); } else { BCLDebug.Assert(checkMode != RegistryKeyPermissionCheck.ReadSubTree, "We shouldn't allow creating sub key under read-only key!"); BCLDebug.Assert(subKeyWritable == false, "subKeyWritable should be false (unused)"); BCLDebug.Assert(subKeyCheck == RegistryKeyPermissionCheck.Default, "subKeyCheck should be Default (unused)"); if( checkMode == RegistryKeyPermissionCheck.Default) { demand = true; GetSubKeyCreatePermission(item, out access, out path); } } break; // // Read/Write/ReadWrite SubTree Permission // case RegistryInternalCheck.CheckSubTreeReadPermission: if (remoteKey) { CheckUnmanagedCodePermission(); } else { BCLDebug.Assert(subKeyWritable == false, "subKeyWritable should be false (unused)"); BCLDebug.Assert(subKeyCheck == RegistryKeyPermissionCheck.Default, "subKeyCheck should be Default (unused)"); if( checkMode == RegistryKeyPermissionCheck.Default) { demand = true; GetSubTreeReadPermission(item, out access, out path); } } break; case RegistryInternalCheck.CheckSubTreeWritePermission: if (remoteKey) { CheckUnmanagedCodePermission(); } else { BCLDebug.Assert(checkMode != RegistryKeyPermissionCheck.ReadSubTree, "We shouldn't allow writing value to read-only key!"); BCLDebug.Assert(subKeyWritable == false, "subKeyWritable should be false (unused)"); BCLDebug.Assert(subKeyCheck == RegistryKeyPermissionCheck.Default, "subKeyCheck should be Default (unused)"); if( checkMode == RegistryKeyPermissionCheck.Default) { demand = true; GetSubTreeWritePermission(item, out access, out path); } } break; case RegistryInternalCheck.CheckSubTreeReadWritePermission: if (remoteKey) { CheckUnmanagedCodePermission(); } else { BCLDebug.Assert(subKeyWritable == false, "subKeyWritable should be false (unused)"); BCLDebug.Assert(subKeyCheck == RegistryKeyPermissionCheck.Default, "subKeyCheck should be Default (unused)"); // If we want to open a subkey of a read-only key as writeable, we need to do the check. demand = true; GetSubTreeReadWritePermission(item, out access, out path); } break; // // Read/Write/Create Value Permission // case RegistryInternalCheck.CheckValueReadPermission: ///*** no remoteKey check ***/// BCLDebug.Assert(subKeyWritable == false, "subKeyWritable should be false (unused)"); BCLDebug.Assert(subKeyCheck == RegistryKeyPermissionCheck.Default, "subKeyCheck should be Default (unused)"); if( checkMode == RegistryKeyPermissionCheck.Default) { // only need to check for default mode (dynamice check) demand = true; GetValueReadPermission(item, out access, out path); } break; case RegistryInternalCheck.CheckValueWritePermission: if (remoteKey) { CheckUnmanagedCodePermission(); } else { BCLDebug.Assert(checkMode != RegistryKeyPermissionCheck.ReadSubTree, "We shouldn't allow writing value to read-only key!"); BCLDebug.Assert(subKeyWritable == false, "subKeyWritable should be false (unused)"); BCLDebug.Assert(subKeyCheck == RegistryKeyPermissionCheck.Default, "subKeyCheck should be Default (unused)"); // skip the security check if the key is opened under write mode if( checkMode == RegistryKeyPermissionCheck.Default) { demand = true; GetValueWritePermission(item, out access, out path); } } break; case RegistryInternalCheck.CheckValueCreatePermission: if (remoteKey) { CheckUnmanagedCodePermission(); } else { BCLDebug.Assert(checkMode != RegistryKeyPermissionCheck.ReadSubTree, "We shouldn't allow creating value under read-only key!"); BCLDebug.Assert(subKeyWritable == false, "subKeyWritable should be false (unused)"); BCLDebug.Assert(subKeyCheck == RegistryKeyPermissionCheck.Default, "subKeyCheck should be Default (unused)"); // skip the security check if the key is opened under write mode if( checkMode == RegistryKeyPermissionCheck.Default) { demand = true; GetValueCreatePermission(item, out access, out path); } } break; // // CheckKeyReadPermission // case RegistryInternalCheck.CheckKeyReadPermission: ///*** no remoteKey check ***/// if( checkMode == RegistryKeyPermissionCheck.Default) { BCLDebug.Assert(item == null, "CheckKeyReadPermission should never have a non-null item parameter!"); BCLDebug.Assert(subKeyWritable == false, "subKeyWritable should be false (unused)"); BCLDebug.Assert(subKeyCheck == RegistryKeyPermissionCheck.Default, "subKeyCheck should be Default (unused)"); // only need to check for default mode (dynamice check) demand = true; GetKeyReadPermission(out access, out path); } break; // // CheckSubTreePermission // case RegistryInternalCheck.CheckSubTreePermission: BCLDebug.Assert(subKeyWritable == false, "subKeyWritable should be false (unused)"); if( subKeyCheck == RegistryKeyPermissionCheck.ReadSubTree) { if( checkMode == RegistryKeyPermissionCheck.Default) { if( remoteKey) { CheckUnmanagedCodePermission(); } else { demand = true; GetSubTreeReadPermission(item, out access, out path); } } } else if(subKeyCheck == RegistryKeyPermissionCheck.ReadWriteSubTree) { if( checkMode != RegistryKeyPermissionCheck.ReadWriteSubTree) { if( remoteKey) { CheckUnmanagedCodePermission(); } else { demand = true; GetSubTreeReadWritePermission(item, out access, out path); } } } break; // // CheckOpenSubKeyWithWritablePermission uses the 'subKeyWritable' parameter // case RegistryInternalCheck.CheckOpenSubKeyWithWritablePermission: BCLDebug.Assert(subKeyCheck == RegistryKeyPermissionCheck.Default, "subKeyCheck should be Default (unused)"); // If the parent key is not opened under default mode, we have access already. // If the parent key is opened under default mode, we need to check for permission. if(checkMode == RegistryKeyPermissionCheck.Default) { if( remoteKey) { CheckUnmanagedCodePermission(); } else { demand = true; GetSubKeyReadPermission(item, out access, out path); } break; } if( subKeyWritable && (checkMode == RegistryKeyPermissionCheck.ReadSubTree)) { if( remoteKey) { CheckUnmanagedCodePermission(); } else { demand = true; GetSubTreeReadWritePermission(item, out access, out path); } break; } break; // // CheckOpenSubKeyPermission uses the 'subKeyCheck' parameter // case RegistryInternalCheck.CheckOpenSubKeyPermission: BCLDebug.Assert(subKeyWritable == false, "subKeyWritable should be false (unused)"); if(subKeyCheck == RegistryKeyPermissionCheck.Default) { if( checkMode == RegistryKeyPermissionCheck.Default) { if(remoteKey) { CheckUnmanagedCodePermission(); } else { demand = true; GetSubKeyReadPermission(item, out access, out path); } } } break; default: BCLDebug.Assert(false, "CheckPermission default switch case should never be hit!"); break; } if (demand) { new RegistryPermission(access, path).Demand(); } }
private void CheckPermission(RegistryInternalCheck check, string item, bool subKeyWritable, RegistryKeyPermissionCheck subKeyCheck) { bool flag = false; RegistryPermissionAccess noAccess = RegistryPermissionAccess.NoAccess; string path = null; if (!CodeAccessSecurityEngine.QuickCheckForAllDemands()) { switch (check) { case RegistryInternalCheck.CheckSubKeyWritePermission: if (!this.remoteKey) { if (this.checkMode == RegistryKeyPermissionCheck.Default) { flag = true; this.GetSubKeyWritePermission(item, out noAccess, out path); } break; } CheckUnmanagedCodePermission(); break; case RegistryInternalCheck.CheckSubKeyReadPermission: if (!this.remoteKey) { flag = true; this.GetSubKeyReadPermission(item, out noAccess, out path); break; } CheckUnmanagedCodePermission(); break; case RegistryInternalCheck.CheckSubKeyCreatePermission: if (!this.remoteKey) { if (this.checkMode == RegistryKeyPermissionCheck.Default) { flag = true; this.GetSubKeyCreatePermission(item, out noAccess, out path); } break; } CheckUnmanagedCodePermission(); break; case RegistryInternalCheck.CheckSubTreeReadPermission: if (!this.remoteKey) { if (this.checkMode == RegistryKeyPermissionCheck.Default) { flag = true; this.GetSubTreeReadPermission(item, out noAccess, out path); } break; } CheckUnmanagedCodePermission(); break; case RegistryInternalCheck.CheckSubTreeWritePermission: if (!this.remoteKey) { if (this.checkMode == RegistryKeyPermissionCheck.Default) { flag = true; this.GetSubTreeWritePermission(item, out noAccess, out path); } break; } CheckUnmanagedCodePermission(); break; case RegistryInternalCheck.CheckSubTreeReadWritePermission: if (!this.remoteKey) { flag = true; this.GetSubTreeReadWritePermission(item, out noAccess, out path); break; } CheckUnmanagedCodePermission(); break; case RegistryInternalCheck.CheckValueWritePermission: if (!this.remoteKey) { if (this.checkMode == RegistryKeyPermissionCheck.Default) { flag = true; this.GetValueWritePermission(item, out noAccess, out path); } break; } CheckUnmanagedCodePermission(); break; case RegistryInternalCheck.CheckValueCreatePermission: if (!this.remoteKey) { if (this.checkMode == RegistryKeyPermissionCheck.Default) { flag = true; this.GetValueCreatePermission(item, out noAccess, out path); } break; } CheckUnmanagedCodePermission(); break; case RegistryInternalCheck.CheckValueReadPermission: if (this.checkMode == RegistryKeyPermissionCheck.Default) { flag = true; this.GetValueReadPermission(item, out noAccess, out path); } break; case RegistryInternalCheck.CheckKeyReadPermission: if (this.checkMode == RegistryKeyPermissionCheck.Default) { flag = true; this.GetKeyReadPermission(out noAccess, out path); } break; case RegistryInternalCheck.CheckSubTreePermission: if (subKeyCheck != RegistryKeyPermissionCheck.ReadSubTree) { if ((subKeyCheck == RegistryKeyPermissionCheck.ReadWriteSubTree) && (this.checkMode != RegistryKeyPermissionCheck.ReadWriteSubTree)) { if (this.remoteKey) { CheckUnmanagedCodePermission(); } else { flag = true; this.GetSubTreeReadWritePermission(item, out noAccess, out path); } } break; } if (this.checkMode == RegistryKeyPermissionCheck.Default) { if (!this.remoteKey) { flag = true; this.GetSubTreeReadPermission(item, out noAccess, out path); break; } CheckUnmanagedCodePermission(); } break; case RegistryInternalCheck.CheckOpenSubKeyWithWritablePermission: if (this.checkMode != RegistryKeyPermissionCheck.Default) { if (subKeyWritable && (this.checkMode == RegistryKeyPermissionCheck.ReadSubTree)) { if (this.remoteKey) { CheckUnmanagedCodePermission(); } else { flag = true; this.GetSubTreeReadWritePermission(item, out noAccess, out path); } } break; } if (!this.remoteKey) { flag = true; this.GetSubKeyReadPermission(item, out noAccess, out path); break; } CheckUnmanagedCodePermission(); break; case RegistryInternalCheck.CheckOpenSubKeyPermission: if ((subKeyCheck == RegistryKeyPermissionCheck.Default) && (this.checkMode == RegistryKeyPermissionCheck.Default)) { if (!this.remoteKey) { flag = true; this.GetSubKeyReadPermission(item, out noAccess, out path); break; } CheckUnmanagedCodePermission(); } break; } if (flag) { new RegistryPermission(noAccess, path).Demand(); } } }
private void CheckPermission(RegistryInternalCheck check, string item, bool subKeyWritable, RegistryKeyPermissionCheck subKeyCheck) { // TODO: Cleanup }
private void CheckPermission(RegistryInternalCheck check, string item, bool subKeyWritable, RegistryKeyPermissionCheck subKeyCheck) { bool demand = false; RegistryPermissionAccess access = RegistryPermissionAccess.NoAccess; string path = null; switch (check) { // // Read/Write/Create SubKey Permission // case RegistryInternalCheck.CheckSubKeyReadPermission: if (_remoteKey) { CheckUnmanagedCodePermission(); } else { Debug.Assert(_checkMode == RegistryKeyPermissionCheck.Default, "Should be called from a key opened under default mode only!"); Debug.Assert(subKeyWritable == false, "subKeyWritable should be false (unused)"); Debug.Assert(subKeyCheck == RegistryKeyPermissionCheck.Default, "subKeyCheck should be Default (unused)"); demand = true; GetSubKeyReadPermission(item, out access, out path); } break; case RegistryInternalCheck.CheckSubKeyWritePermission: if (_remoteKey) { CheckUnmanagedCodePermission(); } else { Debug.Assert(_checkMode != RegistryKeyPermissionCheck.ReadSubTree, "We shouldn't allow creating sub key under read-only key!"); Debug.Assert(subKeyWritable == false, "subKeyWritable should be false (unused)"); Debug.Assert(subKeyCheck == RegistryKeyPermissionCheck.Default, "subKeyCheck should be Default (unused)"); if (_checkMode == RegistryKeyPermissionCheck.Default) { demand = true; GetSubKeyWritePermission(item, out access, out path); } } break; case RegistryInternalCheck.CheckSubKeyCreatePermission: if (_remoteKey) { CheckUnmanagedCodePermission(); } else { Debug.Assert(_checkMode != RegistryKeyPermissionCheck.ReadSubTree, "We shouldn't allow creating sub key under read-only key!"); Debug.Assert(subKeyWritable == false, "subKeyWritable should be false (unused)"); Debug.Assert(subKeyCheck == RegistryKeyPermissionCheck.Default, "subKeyCheck should be Default (unused)"); if (_checkMode == RegistryKeyPermissionCheck.Default) { demand = true; GetSubKeyCreatePermission(item, out access, out path); } } break; // // Read/Write/ReadWrite SubTree Permission // case RegistryInternalCheck.CheckSubTreeReadPermission: if (_remoteKey) { CheckUnmanagedCodePermission(); } else { Debug.Assert(subKeyWritable == false, "subKeyWritable should be false (unused)"); Debug.Assert(subKeyCheck == RegistryKeyPermissionCheck.Default, "subKeyCheck should be Default (unused)"); if (_checkMode == RegistryKeyPermissionCheck.Default) { demand = true; GetSubTreeReadPermission(item, out access, out path); } } break; case RegistryInternalCheck.CheckSubTreeWritePermission: if (_remoteKey) { CheckUnmanagedCodePermission(); } else { Debug.Assert(_checkMode != RegistryKeyPermissionCheck.ReadSubTree, "We shouldn't allow writing value to read-only key!"); Debug.Assert(subKeyWritable == false, "subKeyWritable should be false (unused)"); Debug.Assert(subKeyCheck == RegistryKeyPermissionCheck.Default, "subKeyCheck should be Default (unused)"); if (_checkMode == RegistryKeyPermissionCheck.Default) { demand = true; GetSubTreeWritePermission(item, out access, out path); } } break; case RegistryInternalCheck.CheckSubTreeReadWritePermission: if (_remoteKey) { CheckUnmanagedCodePermission(); } else { Debug.Assert(subKeyWritable == false, "subKeyWritable should be false (unused)"); Debug.Assert(subKeyCheck == RegistryKeyPermissionCheck.Default, "subKeyCheck should be Default (unused)"); // If we want to open a subkey of a read-only key as writeable, we need to do the check. demand = true; GetSubTreeReadWritePermission(item, out access, out path); } break; // // Read/Write/Create Value Permission // case RegistryInternalCheck.CheckValueReadPermission: ///*** no remoteKey check ***/// Debug.Assert(subKeyWritable == false, "subKeyWritable should be false (unused)"); Debug.Assert(subKeyCheck == RegistryKeyPermissionCheck.Default, "subKeyCheck should be Default (unused)"); if (_checkMode == RegistryKeyPermissionCheck.Default) { // only need to check for default mode (dynamice check) demand = true; GetValueReadPermission(item, out access, out path); } break; case RegistryInternalCheck.CheckValueWritePermission: if (_remoteKey) { CheckUnmanagedCodePermission(); } else { Debug.Assert(_checkMode != RegistryKeyPermissionCheck.ReadSubTree, "We shouldn't allow writing value to read-only key!"); Debug.Assert(subKeyWritable == false, "subKeyWritable should be false (unused)"); Debug.Assert(subKeyCheck == RegistryKeyPermissionCheck.Default, "subKeyCheck should be Default (unused)"); // skip the security check if the key is opened under write mode if (_checkMode == RegistryKeyPermissionCheck.Default) { demand = true; GetValueWritePermission(item, out access, out path); } } break; case RegistryInternalCheck.CheckValueCreatePermission: if (_remoteKey) { CheckUnmanagedCodePermission(); } else { Debug.Assert(_checkMode != RegistryKeyPermissionCheck.ReadSubTree, "We shouldn't allow creating value under read-only key!"); Debug.Assert(subKeyWritable == false, "subKeyWritable should be false (unused)"); Debug.Assert(subKeyCheck == RegistryKeyPermissionCheck.Default, "subKeyCheck should be Default (unused)"); // skip the security check if the key is opened under write mode if (_checkMode == RegistryKeyPermissionCheck.Default) { demand = true; GetValueCreatePermission(item, out access, out path); } } break; // // CheckKeyReadPermission // case RegistryInternalCheck.CheckKeyReadPermission: ///*** no remoteKey check ***/// if (_checkMode == RegistryKeyPermissionCheck.Default) { Debug.Assert(item == null, "CheckKeyReadPermission should never have a non-null item parameter!"); Debug.Assert(subKeyWritable == false, "subKeyWritable should be false (unused)"); Debug.Assert(subKeyCheck == RegistryKeyPermissionCheck.Default, "subKeyCheck should be Default (unused)"); // only need to check for default mode (dynamice check) demand = true; GetKeyReadPermission(out access, out path); } break; // // CheckSubTreePermission // case RegistryInternalCheck.CheckSubTreePermission: Debug.Assert(subKeyWritable == false, "subKeyWritable should be false (unused)"); if (subKeyCheck == RegistryKeyPermissionCheck.ReadSubTree) { if (_checkMode == RegistryKeyPermissionCheck.Default) { if (_remoteKey) { CheckUnmanagedCodePermission(); } else { demand = true; GetSubTreeReadPermission(item, out access, out path); } } } else if (subKeyCheck == RegistryKeyPermissionCheck.ReadWriteSubTree) { if (_checkMode != RegistryKeyPermissionCheck.ReadWriteSubTree) { if (_remoteKey) { CheckUnmanagedCodePermission(); } else { demand = true; GetSubTreeReadWritePermission(item, out access, out path); } } } break; // // CheckOpenSubKeyWithWritablePermission uses the 'subKeyWritable' parameter // case RegistryInternalCheck.CheckOpenSubKeyWithWritablePermission: Debug.Assert(subKeyCheck == RegistryKeyPermissionCheck.Default, "subKeyCheck should be Default (unused)"); // If the parent key is not opened under default mode, we have access already. // If the parent key is opened under default mode, we need to check for permission. if (_checkMode == RegistryKeyPermissionCheck.Default) { if (_remoteKey) { CheckUnmanagedCodePermission(); } else { demand = true; GetSubKeyReadPermission(item, out access, out path); } break; } if (subKeyWritable && (_checkMode == RegistryKeyPermissionCheck.ReadSubTree)) { if (_remoteKey) { CheckUnmanagedCodePermission(); } else { demand = true; GetSubTreeReadWritePermission(item, out access, out path); } break; } break; // // CheckOpenSubKeyPermission uses the 'subKeyCheck' parameter // case RegistryInternalCheck.CheckOpenSubKeyPermission: Debug.Assert(subKeyWritable == false, "subKeyWritable should be false (unused)"); if (subKeyCheck == RegistryKeyPermissionCheck.Default) { if (_checkMode == RegistryKeyPermissionCheck.Default) { if (_remoteKey) { CheckUnmanagedCodePermission(); } else { demand = true; GetSubKeyReadPermission(item, out access, out path); } } } break; default: Debug.Fail("CheckPermission default switch case should never be hit!"); break; } if (demand) { new RegistryPermission(access, path).Demand(); } }