[System.Security.SecurityCritical] // auto-generated
internal PolicyStatement Resolve (Evidence evidence, int count, byte[] serializedEvidence) {
if (evidence == null)
throw new ArgumentNullException("evidence");
Contract.EndContractBlock();
PolicyStatement policy = null;
if (serializedEvidence != null)
policy = CheckCache(count, serializedEvidence);
if (policy == null) {
CheckLoaded();
bool allConst;
bool isFullTrust = m_fullTrustAssemblies != null && IsFullTrustAssembly(m_fullTrustAssemblies, evidence);
if (isFullTrust) {
policy = new PolicyStatement(new PermissionSet(true), PolicyStatementAttribute.Nothing);
allConst = true;
}
else {
ArrayList list = GenericResolve(evidence, out allConst);
policy = new PolicyStatement();
// This will set the permission set to the empty set.
policy.PermissionSet = null;
IEnumerator enumerator = list.GetEnumerator();
while (enumerator.MoveNext()) {
PolicyStatement ps = ((CodeGroupStackFrame)enumerator.Current).policy;
if (ps != null) {
policy.GetPermissionSetNoCopy().InplaceUnion(ps.GetPermissionSetNoCopy());
policy.Attributes |= ps.Attributes;
// If we find a policy statement that's dependent upon unverified evidence, we
// need to mark that as used so that the VM can potentially force verification on
// the evidence.
if (ps.HasDependentEvidence) {
foreach (IDelayEvaluatedEvidence delayEvidence in ps.DependentEvidence) {
delayEvidence.MarkUsed();
}
}
}
}
}
if (allConst) {
// We want to store in the cache the evidence that was touched during policy evaluation
// rather than the input serialized evidence, since that evidence is optimized for the
// standard policy and is not all-inclusive. We need to make sure that any evidence
// used to determine the grant set is added to the cache key.
Cache(count, evidence.RawSerialize(), policy);
}
}
return policy;
}
internal PermissionSet CodeGroupResolve (Evidence evidence, bool systemPolicy) {
Contract.Assert(AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled);
PermissionSet grant = null;
PolicyStatement policy;
PolicyLevel currentLevel = null;
IEnumerator levelEnumerator = PolicyLevels.GetEnumerator();
// We're optimized for standard policy, where the only evidence that is generally evaluated are
// Zone, StrongName and Url. Since all of these are relatively inexpensive, we'll force them to
// generate, then use that as a key into the cache.
evidence.GetHostEvidence<Zone>();
evidence.GetHostEvidence<StrongName>();
evidence.GetHostEvidence<Url>();
byte[] serializedEvidence = evidence.RawSerialize();
int count = evidence.RawCount;
bool legacyIgnoreSystemPolicy = (AppDomain.CurrentDomain.GetData("IgnoreSystemPolicy") != null);
bool testApplicationLevels = false;
while (levelEnumerator.MoveNext())
{
currentLevel = (PolicyLevel)levelEnumerator.Current;
if (systemPolicy) {
if (currentLevel.Type == PolicyLevelType.AppDomain)
continue;
} else if (legacyIgnoreSystemPolicy && currentLevel.Type != PolicyLevelType.AppDomain)
continue;
policy = currentLevel.Resolve(evidence, count, serializedEvidence);
// If the grant is "AllPossible", the intersection is just the other permission set.
// Otherwise, do an inplace intersection (since we know we can alter the grant set since
// it is a copy of the first policy statement's permission set).
if (grant == null)
grant = policy.PermissionSet;
else
grant.InplaceIntersect(policy.GetPermissionSetNoCopy());
if (grant == null || grant.FastIsEmpty())
{
break;
}
else if ((policy.Attributes & PolicyStatementAttribute.LevelFinal) == PolicyStatementAttribute.LevelFinal)
{
if (currentLevel.Type != PolicyLevelType.AppDomain)
{
testApplicationLevels = true;
}
break;
}
}
if (grant != null && testApplicationLevels)
{
PolicyLevel appDomainLevel = null;
for (int i = PolicyLevels.Count - 1; i >= 0; --i)
{
currentLevel = (PolicyLevel) PolicyLevels[i];
if (currentLevel.Type == PolicyLevelType.AppDomain)
{
appDomainLevel = currentLevel;
break;
}
}
if (appDomainLevel != null)
{
policy = appDomainLevel.Resolve(evidence, count, serializedEvidence);
grant.InplaceIntersect(policy.GetPermissionSetNoCopy());
}
}
if (grant == null)
grant = new PermissionSet(PermissionState.None);
// Each piece of evidence can possibly create an identity permission that we
// need to add to our grant set. Therefore, for all pieces of evidence that
// implement the IIdentityPermissionFactory interface, ask it for its
// adjoining identity permission and add it to the grant.
if (!grant.IsUnrestricted())
{
IEnumerator enumerator = evidence.GetHostEnumerator();
while (enumerator.MoveNext())
{
Object obj = enumerator.Current;
IIdentityPermissionFactory factory = obj as IIdentityPermissionFactory;
if (factory != null)
{
IPermission perm = factory.CreateIdentityPermission( evidence );
if (perm != null)
grant.AddPermission( perm );
}
}
}
grant.IgnoreTypeLoadFailures = true;
return grant;
}
internal PolicyStatement Resolve(Evidence evidence, int count, byte[] serializedEvidence)
{
if (evidence == null)
{
throw new ArgumentNullException("evidence");
}
PolicyStatement policy = null;
if (serializedEvidence != null)
{
policy = this.CheckCache(count, serializedEvidence);
}
if (policy == null)
{
bool flag;
this.CheckLoaded();
if ((this.m_fullTrustAssemblies != null) && IsFullTrustAssembly(this.m_fullTrustAssemblies, evidence))
{
policy = new PolicyStatement(new PermissionSet(true), PolicyStatementAttribute.Nothing);
flag = true;
}
else
{
ArrayList list = this.GenericResolve(evidence, out flag);
policy = new PolicyStatement {
PermissionSet = null
};
IEnumerator enumerator = list.GetEnumerator();
while (enumerator.MoveNext())
{
PolicyStatement statement2 = ((CodeGroupStackFrame) enumerator.Current).policy;
if (statement2 != null)
{
policy.GetPermissionSetNoCopy().InplaceUnion(statement2.GetPermissionSetNoCopy());
policy.Attributes |= statement2.Attributes;
if (statement2.HasDependentEvidence)
{
foreach (IDelayEvaluatedEvidence evidence2 in statement2.DependentEvidence)
{
evidence2.MarkUsed();
}
}
}
}
}
if (flag)
{
this.Cache(count, evidence.RawSerialize(), policy);
}
}
return policy;
}
internal PermissionSet CodeGroupResolve(Evidence evidence, bool systemPolicy)
{
PermissionSet permissionSet = null;
PolicyLevel current = null;
IEnumerator enumerator = this.PolicyLevels.GetEnumerator();
evidence.GetHostEvidence<Zone>();
evidence.GetHostEvidence<StrongName>();
evidence.GetHostEvidence<Url>();
byte[] serializedEvidence = evidence.RawSerialize();
int rawCount = evidence.RawCount;
bool flag = AppDomain.CurrentDomain.GetData("IgnoreSystemPolicy") != null;
bool flag2 = false;
while (enumerator.MoveNext())
{
PolicyStatement statement;
current = (PolicyLevel) enumerator.Current;
if (systemPolicy)
{
if (current.Type != PolicyLevelType.AppDomain)
{
goto Label_0078;
}
continue;
}
if (flag && (current.Type != PolicyLevelType.AppDomain))
{
continue;
}
Label_0078:
statement = current.Resolve(evidence, rawCount, serializedEvidence);
if (permissionSet == null)
{
permissionSet = statement.PermissionSet;
}
else
{
permissionSet.InplaceIntersect(statement.GetPermissionSetNoCopy());
}
if ((permissionSet == null) || permissionSet.FastIsEmpty())
{
break;
}
if ((statement.Attributes & PolicyStatementAttribute.LevelFinal) == PolicyStatementAttribute.LevelFinal)
{
if (current.Type != PolicyLevelType.AppDomain)
{
flag2 = true;
}
break;
}
}
if ((permissionSet != null) && flag2)
{
PolicyLevel level2 = null;
for (int i = this.PolicyLevels.Count - 1; i >= 0; i--)
{
current = (PolicyLevel) this.PolicyLevels[i];
if (current.Type == PolicyLevelType.AppDomain)
{
level2 = current;
break;
}
}
if (level2 != null)
{
permissionSet.InplaceIntersect(level2.Resolve(evidence, rawCount, serializedEvidence).GetPermissionSetNoCopy());
}
}
if (permissionSet == null)
{
permissionSet = new PermissionSet(PermissionState.None);
}
if (!permissionSet.IsUnrestricted())
{
IEnumerator hostEnumerator = evidence.GetHostEnumerator();
while (hostEnumerator.MoveNext())
{
object obj2 = hostEnumerator.Current;
IIdentityPermissionFactory factory = obj2 as IIdentityPermissionFactory;
if (factory != null)
{
IPermission perm = factory.CreateIdentityPermission(evidence);
if (perm != null)
{
permissionSet.AddPermission(perm);
}
}
}
}
permissionSet.IgnoreTypeLoadFailures = true;
return permissionSet;
}
