| public abstract Intersect ( IPermission target ) : IPermission | ||
| target | IPermission | |
| Результат | IPermission | |
internal bool CheckDemandInternal(CodeAccessPermission demand, out Exception exception)
{
BCLDebug.Assert(m_head != null, "m_head != null");
for (PListNode pnext = m_head; pnext != null; pnext = pnext.next)
{
if (pnext.perm == null)
{
// If this is a grant set or a permit only, then we should fail since null indicates the empty permission.
if (pnext.type == MatchChecked || pnext.type == MatchPermitOnly)
{
BCLDebug.Assert(!demand.IsSubsetOf(null), "By the time we get here, demands that are subsets of null should have been terminated");
exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName));
return(false);
}
// If this is a deny, then we should fail since null indicates the unrestricted permission.
if (pnext.type == MatchDeny)
{
exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName));
return(false);
}
// If this is an assert, then we should return success and terminate the stack walk since
// null indicates the unrestricted permission.
if (pnext.type == MatchAssert)
{
exception = null;
return(false);
}
// If this is anything else, then we should act confused.
// This case is unexpected.
BCLDebug.Assert(false, "This case should never happen");
exception = new InvalidOperationException(Environment.GetResourceString("InvalidOperation_InvalidState"));
return(false);
}
CodeAccessPermission cap = pnext.perm;
switch (pnext.type)
{
case MatchChecked:
case MatchPermitOnly:
if (!demand.IsSubsetOf(cap))
{
exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName));
return(false);
}
break;
case MatchAssert:
if (demand.IsSubsetOf(cap))
{
exception = null;
return(false);
}
break;
case MatchDeny:
if (demand.Intersect(cap) != null)
{
exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName));
return(false);
}
break;
default:
// Illegal entry
exception = new InvalidOperationException(Environment.GetResourceString("InvalidOperation_InvalidState"));
return(false);
}
}
exception = null;
return(true);
}
private static void CheckHelper(PermissionSet grantedSet,
PermissionSet deniedSet,
CodeAccessPermission demand,
PermissionToken permToken)
{
#if _DEBUG
if (debug)
{
DEBUG_OUT("Granted: ");
DEBUG_OUT(grantedSet.ToXml().ToString());
DEBUG_OUT("Denied: ");
DEBUG_OUT(deniedSet != null ? deniedSet.ToXml().ToString() : "<null>");
DEBUG_OUT("Demanded: ");
DEBUG_OUT(demand.ToString());
}
#endif
if (permToken == null)
{
permToken = PermissionToken.GetToken(demand);
}
// If PermissionSet is null, then module does not have Permissions... Fail check.
try
{
if (grantedSet == null)
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"));
}
else if (!grantedSet.IsUnrestricted() || !(demand is IUnrestrictedPermission))
{
// If we aren't unrestricted, there is a denied set, or our permission is not of the unrestricted
// variety, we need to do the proper callback.
BCLDebug.Assert(demand != null, "demand != null");
// Find the permission of matching type in the permission set.
CodeAccessPermission grantedPerm =
(CodeAccessPermission)grantedSet.GetPermission(permToken);
// If there isn't a matching permission in the set and our demand is not a subset of null (i.e. empty)
// then throw an exception.
if (grantedPerm == null)
{
if (!demand.IsSubsetOf(null))
{
throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString());
}
else
{
return;
}
}
// Call the check demand for our permission.
grantedPerm.CheckDemand(demand);
}
// Make the sure the permission is not denied.
if (deniedSet != null)
{
CodeAccessPermission deniedPerm =
(CodeAccessPermission)deniedSet.GetPermission(permToken);
if (deniedPerm != null)
{
if (deniedPerm.Intersect(demand) != null)
{
#if _DEBUG
if (debug)
{
DEBUG_OUT("Permission found in denied set");
}
#endif
throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString());
}
}
if (deniedSet.IsUnrestricted() && (demand is IUnrestrictedPermission))
{
throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString());
}
}
}
catch (Exception e)
{
// Any exception besides a security exception in this code means that
// a permission was unable to properly handle what we asked of it.
// We will define this to mean that the demand failed.
if (e is SecurityException)
{
throw e;
}
else
{
throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString());
}
}
DEBUG_OUT("Check passed");
}
internal bool CheckDemandInternal(CodeAccessPermission demand, out Exception exception)
{
BCLDebug.Assert(m_head != null,"m_head != null");
for (PListNode pnext = m_head; pnext != null; pnext = pnext.next)
{
if (pnext.perm == null)
{
// If this is a grant set or a permit only, then we should fail since null indicates the empty permission.
if (pnext.type == MatchChecked || pnext.type == MatchPermitOnly)
{
BCLDebug.Assert( !demand.IsSubsetOf( null ), "By the time we get here, demands that are subsets of null should have been terminated" );
exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName));
return false;
}
// If this is a deny, then we should fail since null indicates the unrestricted permission.
if (pnext.type == MatchDeny)
{
exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName));
return false;
}
// If this is an assert, then we should return success and terminate the stack walk since
// null indicates the unrestricted permission.
if (pnext.type == MatchAssert)
{
exception = null;
return false;
}
// If this is anything else, then we should act confused.
// This case is unexpected.
BCLDebug.Assert( false, "This case should never happen" );
exception = new InvalidOperationException( Environment.GetResourceString( "InvalidOperation_InvalidState" ) );
return false;
}
CodeAccessPermission cap = pnext.perm;
switch (pnext.type)
{
case MatchChecked:
case MatchPermitOnly:
if (!demand.IsSubsetOf(cap))
{
exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName));
return false;
}
break;
case MatchAssert:
if (demand.IsSubsetOf(cap))
{
exception = null;
return false;
}
break;
case MatchDeny:
if (demand.Intersect(cap) != null)
{
exception = new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName));
return false;
}
break;
default:
// Illegal entry
exception = new InvalidOperationException( Environment.GetResourceString( "InvalidOperation_InvalidState" ) );
return false;
}
}
exception = null;
return true;
}
private static void CheckTokenBasedSetHelper(bool ignoreGrants,
TokenBasedSet grants,
TokenBasedSet denied,
TokenBasedSet demands)
{
if (demands == null)
{
return;
}
TokenBasedSetEnumerator enumerator = (TokenBasedSetEnumerator)demands.GetEnum();
while (enumerator.MoveNext())
{
CodeAccessPermission demand = (CodeAccessPermission)enumerator.Current;
int index = enumerator.GetCurrentIndex();
if (demand != null)
{
try
{
// Check to make sure the permission was granted, unless we are supposed
// to ignore grants.
if (!ignoreGrants)
{
CodeAccessPermission grant
= grants != null ? (CodeAccessPermission)grants.GetItem(index) : null;
if (grant != null)
{
grant.CheckDemand(demand);
}
else
{
if (!demand.IsSubsetOf(null))
{
throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString());
}
}
}
// Check to make sure our permission was not denied.
if (denied != null)
{
CodeAccessPermission deny
= (CodeAccessPermission)denied.GetItem(index);
if (deny != null && deny.Intersect(demand) != null)
{
throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString());
}
}
}
catch (Exception e)
{
// Any exception besides a security exception in this code means that
// a permission was unable to properly handle what we asked of it.
// We will define this to mean that the demand failed.
if (e is SecurityException)
{
throw e;
}
else
{
throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString());
}
}
}
}
}
