//------------------------------------------------------
//
// PRIVATE AND PROTECTED MODIFIERS
//
//------------------------------------------------------
private void SetUnrestricted(bool unrestricted)
{
if (unrestricted)
{
m_flags = SecurityPermissionFlag.AllFlags;
}
}
// SecurityPermission
//
public SecurityPermission(SecurityPermissionFlag flag)
{
VerifyAccess(flag);
SetUnrestricted(false);
m_flags = flag;
}
void VerifyAccess(SecurityPermissionFlag type)
{
if ((type & ~SecurityPermissionFlag.AllFlags) != 0)
{
throw new ArgumentException(String.Format(CultureInfo.CurrentCulture, Environment.GetResourceString("Arg_EnumIllegalVal"), (int)type));
}
}
public void Flags_SecurityPermissionFlags_Bad()
{
SecurityPermissionFlag spf = (SecurityPermissionFlag)(SecurityPermissionFlag.AllFlags + 1);
SecurityPermission sp = new SecurityPermission(PermissionState.None);
sp.Flags = spf;
}
public static void LocalIntranet()
{
PermissionSet ps = CreatePermissionSet("LocalIntranet");
ps.AddPermission(new EnvironmentPermission(EnvironmentPermissionAccess.Read, "USERNAME;USER"));
ps.AddPermission(new FileDialogPermission(PermissionState.Unrestricted));
IsolatedStorageFilePermission isfp = new IsolatedStorageFilePermission(PermissionState.None);
isfp.UsageAllowed = IsolatedStorageContainment.AssemblyIsolationByUser;
isfp.UserQuota = Int64.MaxValue;
ps.AddPermission(isfp);
ps.AddPermission(new ReflectionPermission(ReflectionPermissionFlag.ReflectionEmit));
SecurityPermissionFlag spf = SecurityPermissionFlag.Execution | SecurityPermissionFlag.Assertion;
ps.AddPermission(new SecurityPermission(spf));
ps.AddPermission(new UIPermission(PermissionState.Unrestricted));
ps.AddPermission(new DnsPermission(PermissionState.Unrestricted));
ps.AddPermission(new PrintingPermission(PrintingPermissionLevel.DefaultPrinting));
ps.AddPermission(new EventLogPermission(EventLogPermissionAccess.Instrument, "."));
Save("intranet.xml", ps);
}
public override IPermission Intersect(IPermission target)
{
if (target == null)
{
return(null);
}
if (!base.VerifyType(target))
{
throw new ArgumentException(Environment.GetResourceString("Argument_WrongType", new object[] { base.GetType().FullName }));
}
SecurityPermission permission = (SecurityPermission)target;
SecurityPermissionFlag noFlags = SecurityPermissionFlag.NoFlags;
if (permission.IsUnrestricted())
{
if (this.IsUnrestricted())
{
return(new SecurityPermission(PermissionState.Unrestricted));
}
noFlags = this.m_flags;
}
else if (this.IsUnrestricted())
{
noFlags = permission.m_flags;
}
else
{
noFlags = this.m_flags & permission.m_flags;
}
if (noFlags == SecurityPermissionFlag.NoFlags)
{
return(null);
}
return(new SecurityPermission(noFlags));
}
public override void FromXml(SecurityElement esd)
{
// General validation in CodeAccessPermission
CheckSecurityElement(esd, "esd", version, version);
// Note: we do not (yet) care about the return value
// as we only accept version 1 (min/max values)
if (IsUnrestricted(esd))
{
flags = SecurityPermissionFlag.AllFlags;
}
else
{
string f = esd.Attribute("Flags");
if (f == null)
{
flags = SecurityPermissionFlag.NoFlags;
}
else
{
flags = (SecurityPermissionFlag)Enum.Parse(
typeof(SecurityPermissionFlag), f);
}
}
}
private void VerifyAccess(SecurityPermissionFlag type)
{
if ((type & ~SecurityPermissionFlag.AllFlags) != SecurityPermissionFlag.NoFlags)
{
throw new ArgumentException(Environment.GetResourceString("Arg_EnumIllegalVal", (object)type));
}
}
// constructors
public SecurityPermission (PermissionState state)
{
if (CheckPermissionState (state, true) == PermissionState.Unrestricted)
flags = SecurityPermissionFlag.AllFlags;
else
flags = SecurityPermissionFlag.NoFlags;
}
// SecurityPermission
//
public SecurityPermission(SecurityPermissionFlag flag)
{
VerifyAccess(flag);
SetUnrestricted(false);
m_flags = flag;
}
protected void SetupCompilerParams()
{
var p = new CompilerParameters();
p.ReferencedAssemblies.AddRange(CommonAssemblies);
p.CompilerOptions = "";
p.GenerateExecutable = false;
p.GenerateInMemory = true;
p.IncludeDebugInformation = true;
PolicyLevel policyLevel = PolicyLevel.CreateAppDomainLevel();
PermissionSet perms = new PermissionSet(PermissionState.None);
const SecurityPermissionFlag permissionFlags = SecurityPermissionFlag.ControlThread | SecurityPermissionFlag.RemotingConfiguration |
SecurityPermissionFlag.SerializationFormatter | SecurityPermissionFlag.SkipVerification |
SecurityPermissionFlag.UnmanagedCode | SecurityPermissionFlag.Execution;
perms.AddPermission(new SecurityPermission(permissionFlags));
perms.AddPermission(new ReflectionPermission(ReflectionPermissionFlag.AllFlags));
PolicyStatement policy = new PolicyStatement(perms, PolicyStatementAttribute.Exclusive);
CodeGroup group = new UnionCodeGroup(new AllMembershipCondition(), policy);
policyLevel.RootCodeGroup = group;
AppDomain.CurrentDomain.SetAppDomainPolicy(policyLevel);
// All that work, and now we finally set the value =)
compilerParams = p;
}
// Convert an XML value into a permissions value.
public override void FromXml(SecurityElement esd)
{
String value;
if(esd == null)
{
throw new ArgumentNullException("esd");
}
if(esd.Attribute("version") != "1")
{
throw new ArgumentException(_("Arg_PermissionVersion"));
}
value = esd.Attribute("Unrestricted");
if(value != null && Boolean.Parse(value))
{
state = PermissionState.Unrestricted;
}
else
{
state = PermissionState.None;
}
value = esd.Attribute("Flags");
if(value != null)
{
flags = (SecurityPermissionFlag)
Enum.Parse(typeof(SecurityPermissionFlag), value);
}
else
{
flags = SecurityPermissionFlag.NoFlags;
}
}
/// <summary>Creates and returns a permission that is the intersection of the current permission and the specified permission.</summary>
/// <returns>A new permission object that represents the intersection of the current permission and the specified permission. This new permission is null if the intersection is empty.</returns>
/// <param name="target">A permission to intersect with the current permission. It must be of the same type as the current permission. </param>
/// <exception cref="T:System.ArgumentException">The <paramref name="target" /> parameter is not null and is not of the same type as the current permission. </exception>
public override IPermission Intersect(IPermission target)
{
SecurityPermission securityPermission = this.Cast(target);
if (securityPermission == null)
{
return(null);
}
if (this.IsEmpty() || securityPermission.IsEmpty())
{
return(null);
}
if (this.IsUnrestricted() && securityPermission.IsUnrestricted())
{
return(new SecurityPermission(PermissionState.Unrestricted));
}
if (this.IsUnrestricted())
{
return(securityPermission.Copy());
}
if (securityPermission.IsUnrestricted())
{
return(this.Copy());
}
SecurityPermissionFlag securityPermissionFlag = this.flags & securityPermission.flags;
if (securityPermissionFlag == SecurityPermissionFlag.NoFlags)
{
return(null);
}
return(new SecurityPermission(securityPermissionFlag));
}
// Convert an XML value into a permissions value.
public override void FromXml(SecurityElement esd)
{
String value;
if (esd == null)
{
throw new ArgumentNullException("esd");
}
if (esd.Attribute("version") != "1")
{
throw new ArgumentException(_("Arg_PermissionVersion"));
}
value = esd.Attribute("Unrestricted");
if (value != null && Boolean.Parse(value))
{
state = PermissionState.Unrestricted;
}
else
{
state = PermissionState.None;
}
value = esd.Attribute("Flags");
if (value != null)
{
flags = (SecurityPermissionFlag)
Enum.Parse(typeof(SecurityPermissionFlag), value);
}
else
{
flags = SecurityPermissionFlag.NoFlags;
}
}
private static NamedPermissionSet BuildLocalIntranet()
{
NamedPermissionSet nps = new NamedPermissionSet(ReservedNames.LocalIntranet, PermissionState.None);
nps.AddPermission(new EnvironmentPermission(EnvironmentPermissionAccess.Read, "USERNAME;USER"));
nps.AddPermission(new FileDialogPermission(PermissionState.Unrestricted));
IsolatedStorageFilePermission isfp = new IsolatedStorageFilePermission(PermissionState.None);
isfp.UsageAllowed = IsolatedStorageContainment.AssemblyIsolationByUser;
isfp.UserQuota = Int64.MaxValue;
nps.AddPermission(isfp);
nps.AddPermission(new ReflectionPermission(ReflectionPermissionFlag.ReflectionEmit));
SecurityPermissionFlag spf = SecurityPermissionFlag.Execution | SecurityPermissionFlag.Assertion;
nps.AddPermission(new SecurityPermission(spf));
nps.AddPermission(new UIPermission(PermissionState.Unrestricted));
// DnsPermission requires stuff outside corlib (System)
nps.AddPermission(PermissionBuilder.Create(DnsPermissionClass, PermissionState.Unrestricted));
// PrintingPermission requires stuff outside corlib (System.Drawing)
nps.AddPermission(PermissionBuilder.Create(PrintingPermission("SafePrinting")));
return(nps);
}
internal static void DemandHostSecurityPermissions(ServiceEndpoint endpoint)
{
SecurityPermissionFlag flags = SecurityPermissionFlag.Execution;
PermissionSet securitySet = new PermissionSet(PermissionState.None);
if (endpoint.Binding is NetNamedPipeBinding)
{
NetNamedPipeBinding ipcBinding = endpoint.Binding as NetNamedPipeBinding;
if (ipcBinding.Security.Mode == NetNamedPipeSecurityMode.Transport)
{
flags |= SecurityPermissionFlag.ControlEvidence | SecurityPermissionFlag.ControlPolicy;
}
}
if (SecurityEnabled(endpoint) && IsAnonymous(endpoint) == false)
{
flags |= SecurityPermissionFlag.ControlPrincipal;
}
if (endpoint.Binding is NetTcpBinding)
{
NetTcpBinding tcpBinding = endpoint.Binding as NetTcpBinding;
if (tcpBinding.ReliableSession.Enabled)
{
flags |= SecurityPermissionFlag.ControlPolicy;
}
}
IPermission securityPermission = new SecurityPermission(flags);
securityPermission.Demand();
}
private static NamedPermissionSet BuildEverything()
{
NamedPermissionSet namedPermissionSet = new NamedPermissionSet("Everything", PermissionState.None);
namedPermissionSet.AddPermission(new EnvironmentPermission(PermissionState.Unrestricted));
namedPermissionSet.AddPermission(new FileDialogPermission(PermissionState.Unrestricted));
namedPermissionSet.AddPermission(new FileIOPermission(PermissionState.Unrestricted));
namedPermissionSet.AddPermission(new IsolatedStorageFilePermission(PermissionState.Unrestricted));
namedPermissionSet.AddPermission(new ReflectionPermission(PermissionState.Unrestricted));
namedPermissionSet.AddPermission(new RegistryPermission(PermissionState.Unrestricted));
namedPermissionSet.AddPermission(new KeyContainerPermission(PermissionState.Unrestricted));
SecurityPermissionFlag securityPermissionFlag = SecurityPermissionFlag.AllFlags;
securityPermissionFlag &= ~SecurityPermissionFlag.SkipVerification;
namedPermissionSet.AddPermission(new SecurityPermission(securityPermissionFlag));
namedPermissionSet.AddPermission(new UIPermission(PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Net.DnsPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Drawing.Printing.PrintingPermission, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Diagnostics.EventLogPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Net.SocketPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Diagnostics.PerformanceCounterPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.DirectoryServices.DirectoryServicesPermission, System.DirectoryServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Messaging.MessageQueuePermission, System.Messaging, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.ServiceProcess.ServiceControllerPermission, System.ServiceProcess, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Data.OleDb.OleDbPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Data.SqlClient.SqlClientPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089", PermissionState.Unrestricted));
return(namedPermissionSet);
}
// SecurityPermission
//
#pragma warning disable 618
public SecurityPermission(SecurityPermissionFlag flag)
#pragma warning restore 618
{
VerifyAccess(flag);
SetUnrestricted(false);
m_flags = flag;
}
// SecurityPermission
//
#pragma warning disable 618
public SecurityPermission(SecurityPermissionFlag flag)
#pragma warning restore 618
{
VerifyAccess(flag);
SetUnrestricted(false);
m_flags = flag;
}
private void SetUnrestricted(bool unrestricted)
{
if (!unrestricted)
{
return;
}
this.m_flags = SecurityPermissionFlag.AllFlags;
}
//------------------------------------------------------
//
// PRIVATE AND PROTECTED MODIFIERS
//
//------------------------------------------------------
private void SetUnrestricted(bool unrestricted)
{
if (unrestricted)
{
#pragma warning disable 618
m_flags = SecurityPermissionFlag.AllFlags;
#pragma warning restore 618
}
}
// Token: 0x0600261F RID: 9759 RVA: 0x00089865 File Offset: 0x00087A65
private void VerifyAccess(SecurityPermissionFlag type)
{
if ((type & ~(SecurityPermissionFlag.Assertion | SecurityPermissionFlag.UnmanagedCode | SecurityPermissionFlag.SkipVerification | SecurityPermissionFlag.Execution | SecurityPermissionFlag.ControlThread | SecurityPermissionFlag.ControlEvidence | SecurityPermissionFlag.ControlPolicy | SecurityPermissionFlag.SerializationFormatter | SecurityPermissionFlag.ControlDomainPolicy | SecurityPermissionFlag.ControlPrincipal | SecurityPermissionFlag.ControlAppDomain | SecurityPermissionFlag.RemotingConfiguration | SecurityPermissionFlag.Infrastructure | SecurityPermissionFlag.BindingRedirects)) != SecurityPermissionFlag.NoFlags)
{
throw new ArgumentException(Environment.GetResourceString("Arg_EnumIllegalVal", new object[]
{
(int)type
}));
}
}
void VerifySingleFlag(SecurityPermissionFlag type)
{
// This little piece of magic checks to make sure EXACTLY ONE bit is set.
// Note: The result of X & (X-1) is the equivalent of zeroing the least significant
// set bit (i.e. if X = 0x0F10, than X & (X-1) = 0x0F00).
if (type == (SecurityPermissionFlag)0 || ((int)type & ((int)type - 1)) != 0)
{
throw new ArgumentException(Environment.GetResourceString("Arg_EnumNotSingleFlag"));
}
}
/// <summary>
/// 创建并返回一个权限,该权限是当前权限和指定权限的交集。(替代 CodeAccessPermission.Intersect(IPermission)。)
/// </summary>
/// <param name="target">目标对象</param>
/// <returns></returns>
public override IPermission Intersect(IPermission target)
{
if (target == null)//如果目标对象为空,则返回为空
{
return(null);
}
else if (!VerifyType(target))//如果格式不正确,则抛出Argument_WrongType的参数异常
{
throw new
ArgumentException(
Environment.GetResourceString("Argument_WrongType", this.GetType().FullName)
);
}
SecurityPermission operand = (SecurityPermission)target;//将目标接口转化为SecurityPermission操作对象
#pragma warning disable 618
SecurityPermissionFlag isectFlags = SecurityPermissionFlag.NoFlags;//声明一个嵌入无安全性访问标志
#pragma warning restore 618
if (operand.IsUnrestricted()) //如果操作对象权限是无权限限制等级
{
if (this.IsUnrestricted()) //如果本对象也为无权限限制等级,则返回一个无权限限制SecurityPermission对象
{
return(new SecurityPermission(PermissionState.Unrestricted));
}
else
#pragma warning disable 618
{
isectFlags = (SecurityPermissionFlag)this.m_flags;//将本对象标志赋值为嵌入标志
}
#pragma warning restore 618
}
else if (this.IsUnrestricted())//如果本对象是无权限限制等级,则将操作对象标志赋值给嵌入标志
{
#pragma warning disable 618
isectFlags = (SecurityPermissionFlag)operand.m_flags;
#pragma warning restore 618
}
else
{
#pragma warning disable 618
isectFlags = (SecurityPermissionFlag)m_flags & (SecurityPermissionFlag)operand.m_flags;//返回本对象与目标对象的交集
#pragma warning restore 618
}
if (isectFlags == 0)
{
return(null);
}
else
{
return(new SecurityPermission(isectFlags));
}
}
public override IPermission Intersect(IPermission target)
{
if (target == null)
{
return(null);
}
else if (!VerifyType(target))
{
throw new
ArgumentException(
Environment.GetResourceString("Argument_WrongType", this.GetType().FullName)
);
}
SecurityPermission operand = (SecurityPermission)target;
#pragma warning disable 618
SecurityPermissionFlag isectFlags = SecurityPermissionFlag.NoFlags;
#pragma warning restore 618
if (operand.IsUnrestricted())
{
if (this.IsUnrestricted())
{
return(new SecurityPermission(PermissionState.Unrestricted));
}
else
#pragma warning disable 618
{
isectFlags = (SecurityPermissionFlag)this.m_flags;
}
#pragma warning restore 618
}
else if (this.IsUnrestricted())
{
#pragma warning disable 618
isectFlags = (SecurityPermissionFlag)operand.m_flags;
#pragma warning restore 618
}
else
{
#pragma warning disable 618
isectFlags = (SecurityPermissionFlag)m_flags & (SecurityPermissionFlag)operand.m_flags;
#pragma warning restore 618
}
if (isectFlags == 0)
{
return(null);
}
else
{
return(new SecurityPermission(isectFlags));
}
}
#pragma warning disable 618
void VerifyAccess(SecurityPermissionFlag type)
#pragma warning restore 618
{
#pragma warning disable 618
if ((type & ~SecurityPermissionFlag.AllFlags) != 0)
#pragma warning restore 618
{
throw new ArgumentException(Environment.GetResourceString("Arg_EnumIllegalVal", (int)type));
}
Contract.EndContractBlock();
}
void setFlag(SecurityPermissionFlag nFlag, bool fAllow)
{
if (fAllow)
{
m_flags = m_flags | nFlag;
}
else
{
m_flags = m_flags & ~nFlag;
}
}
// constructors
public SecurityPermission(PermissionState state)
{
if (CheckPermissionState(state, true) == PermissionState.Unrestricted)
{
flags = SecurityPermissionFlag.AllFlags;
}
else
{
flags = SecurityPermissionFlag.NoFlags;
}
}
/// <summary>Initializes a new instance of the <see cref="T:System.Security.Permissions.SecurityPermission" /> class with either restricted or unrestricted permission as specified.</summary>
/// <param name="state">One of the <see cref="T:System.Security.Permissions.PermissionState" /> values. </param>
/// <exception cref="T:System.ArgumentException">The <paramref name="state" /> parameter is not a valid value of <see cref="T:System.Security.Permissions.PermissionState" />. </exception>
public SecurityPermission(PermissionState state)
{
if (CodeAccessPermission.CheckPermissionState(state, true) == PermissionState.Unrestricted)
{
this.flags = SecurityPermissionFlag.AllFlags;
}
else
{
this.flags = SecurityPermissionFlag.NoFlags;
}
}
private static bool GetDomainPermission(SecurityPermissionFlag flag)
{
try {
var permissionSet = new PermissionSet(PermissionState.None);
permissionSet.AddPermission(new SecurityPermission(flag));
return(permissionSet.IsSubsetOf(AppDomain.CurrentDomain.PermissionSet));
}
catch {
return(false);
}
}
public void GetStandardPermissionSetEverythingPermissionSetTest()
{
PermissionSet everything = PermissionSetFactory.GetStandardPermissionSet(StandardPermissionSet.Everything);
// Everything should neither be empty nor full trust
Assert.IsFalse(everything.IsUnrestricted());
Assert.IsFalse(everything.IsEmpty());
// Each permission in Everything should be unrestricted, except for SecurityPermission
foreach (IPermission permission in everything)
{
IUnrestrictedPermission unrestricted = permission as IUnrestrictedPermission;
SecurityPermission securityPermission = permission as SecurityPermission;
if (securityPermission != null)
{
SecurityPermissionFlag everythingFlags = SecurityPermissionFlag.Assertion |
SecurityPermissionFlag.BindingRedirects |
SecurityPermissionFlag.ControlAppDomain |
SecurityPermissionFlag.ControlDomainPolicy |
SecurityPermissionFlag.ControlEvidence |
SecurityPermissionFlag.ControlPolicy |
SecurityPermissionFlag.ControlPrincipal |
SecurityPermissionFlag.ControlThread |
SecurityPermissionFlag.Execution |
SecurityPermissionFlag.Infrastructure |
SecurityPermissionFlag.RemotingConfiguration |
SecurityPermissionFlag.SerializationFormatter |
SecurityPermissionFlag.UnmanagedCode;
Assert.AreEqual(everythingFlags, securityPermission.Flags);
}
else if (unrestricted != null)
{
Assert.IsTrue(unrestricted.IsUnrestricted());
}
}
// Everything should be a superset of Internet and LocalIntranet
PermissionSet internet = PermissionSetFactory.GetStandardPermissionSet(StandardPermissionSet.Internet);
Assert.IsTrue(internet.IsSubsetOf(everything));
Assert.IsFalse(everything.IsSubsetOf(internet));
PermissionSet localIntranet = PermissionSetFactory.GetStandardPermissionSet(StandardPermissionSet.LocalIntranet);
Assert.IsTrue(localIntranet.IsSubsetOf(everything));
Assert.IsFalse(everything.IsSubsetOf(localIntranet));
}
#pragma warning disable 618
private static int MapToSpecialFlags(SecurityPermissionFlag securityPermissionFlags, ReflectionPermissionFlag reflectionPermissionFlags)
{
#pragma warning restore 618
int flags = 0;
#pragma warning disable 618
if ((securityPermissionFlags & SecurityPermissionFlag.UnmanagedCode) == SecurityPermissionFlag.UnmanagedCode)
#pragma warning restore 618
{
flags |= (1 << (int)PermissionType.SecurityUnmngdCodeAccess);
}
if ((securityPermissionFlags & SecurityPermissionFlag.SkipVerification) == SecurityPermissionFlag.SkipVerification)
{
flags |= (1 << (int)PermissionType.SecuritySkipVerification);
}
if ((securityPermissionFlags & SecurityPermissionFlag.Assertion) == SecurityPermissionFlag.Assertion)
{
flags |= (1 << (int)PermissionType.SecurityAssert);
}
if ((securityPermissionFlags & SecurityPermissionFlag.SerializationFormatter) == SecurityPermissionFlag.SerializationFormatter)
{
flags |= (1 << (int)PermissionType.SecuritySerialization);
}
if ((securityPermissionFlags & SecurityPermissionFlag.BindingRedirects) == SecurityPermissionFlag.BindingRedirects)
{
flags |= (1 << (int)PermissionType.SecurityBindingRedirects);
}
if ((securityPermissionFlags & SecurityPermissionFlag.ControlEvidence) == SecurityPermissionFlag.ControlEvidence)
{
flags |= (1 << (int)PermissionType.SecurityControlEvidence);
}
if ((securityPermissionFlags & SecurityPermissionFlag.ControlPrincipal) == SecurityPermissionFlag.ControlPrincipal)
{
flags |= (1 << (int)PermissionType.SecurityControlPrincipal);
}
if ((reflectionPermissionFlags & ReflectionPermissionFlag.RestrictedMemberAccess) == ReflectionPermissionFlag.RestrictedMemberAccess)
{
flags |= (1 << (int)PermissionType.ReflectionRestrictedMemberAccess);
}
if ((reflectionPermissionFlags & ReflectionPermissionFlag.MemberAccess) == ReflectionPermissionFlag.MemberAccess)
{
flags |= (1 << (int)PermissionType.ReflectionMemberAccess);
}
return(flags);
}
public override IPermission Intersect(IPermission target)
{
if (target == null)
{
return(null);
}
else if (!VerifyType(target))
{
throw new
ArgumentException(
String.Format(CultureInfo.CurrentCulture, Environment.GetResourceString("Argument_WrongType"), this.GetType().FullName)
);
}
SecurityPermission operand = (SecurityPermission)target;
SecurityPermissionFlag isectFlags = SecurityPermissionFlag.NoFlags;
if (operand.IsUnrestricted())
{
if (this.IsUnrestricted())
{
return(new SecurityPermission(PermissionState.Unrestricted));
}
else
{
isectFlags = (SecurityPermissionFlag)this.m_flags;
}
}
else if (this.IsUnrestricted())
{
isectFlags = (SecurityPermissionFlag)operand.m_flags;
}
else
{
isectFlags = (SecurityPermissionFlag)m_flags & (SecurityPermissionFlag)operand.m_flags;
}
if (isectFlags == 0)
{
return(null);
}
else
{
return(new SecurityPermission(isectFlags));
}
}
internal static void DemandClientSecurityPermissions <T>(ClientBase <T> proxy) where T : class
{
SecurityPermissionFlag flags = SecurityPermissionFlag.Execution;
PermissionSet securitySet = new PermissionSet(PermissionState.None);
if (proxy.Endpoint.Binding is NetNamedPipeBinding)
{
NetNamedPipeBinding ipcBinding = proxy.Endpoint.Binding as NetNamedPipeBinding;
if (ipcBinding.Security.Mode == NetNamedPipeSecurityMode.Transport)
{
flags |= SecurityPermissionFlag.ControlEvidence | SecurityPermissionFlag.ControlPolicy;
}
}
//Non-default Windows creds
if (proxy.ClientCredentials.Windows.ClientCredential.UserName != String.Empty || proxy.ClientCredentials.UserName.UserName != null)
{
if (WindowsSecurityEnabled(proxy.Endpoint))
{
flags |= SecurityPermissionFlag.ControlPrincipal;
}
}
if (proxy.Endpoint.Binding is NetTcpBinding)
{
NetTcpBinding tcpBinding = proxy.Endpoint.Binding as NetTcpBinding;
if (tcpBinding.ReliableSession.Enabled)
{
flags |= SecurityPermissionFlag.ControlPolicy;
}
if (proxy is DuplexClientBase <T> )
{
flags |= SecurityPermissionFlag.ControlPolicy | SecurityPermissionFlag.ControlEvidence;
}
}
if (MessageSecurityEnabled(proxy.Endpoint))
{
if (ValidatesCertificates(proxy.Endpoint) == false && ScopesCertificate(proxy.Endpoint) == false && WindowsSecurityEnabled(proxy.Endpoint) == false)
{
flags |= SecurityPermissionFlag.ControlPolicy | SecurityPermissionFlag.ControlEvidence;
}
}
IPermission securityPermission = new SecurityPermission(flags);
securityPermission.Demand();
}
public override void FromXml(SecurityElement esd)
{
CodeAccessPermission.ValidateElement(esd, this);
if (XMLUtil.IsUnrestricted(esd))
{
this.m_flags = SecurityPermissionFlag.AllFlags;
}
else
{
this.Reset();
this.SetUnrestricted(false);
string str = esd.Attribute("Flags");
if (str != null)
{
this.m_flags = (SecurityPermissionFlag) Enum.Parse(typeof(SecurityPermissionFlag), str);
}
}
}
private void AssertUnrestricted (SecurityPermissionFlag flag)
{
AssertSecurity (flag);
}
//------------------------------------------------------
//
// PRIVATE AND PROTECTED MODIFIERS
//
//------------------------------------------------------
private void SetUnrestricted(bool unrestricted)
{
if (unrestricted)
{
#pragma warning disable 618
m_flags = SecurityPermissionFlag.AllFlags;
#pragma warning restore 618
}
}
void VerifyAccess(SecurityPermissionFlag type)
{
if ((type & ~SecurityPermissionFlag.AllFlags) != 0)
throw new ArgumentException(String.Format(CultureInfo.CurrentCulture, Environment.GetResourceString("Arg_EnumIllegalVal"), (int)type));
}
void VerifyAccess(SecurityPermissionFlag type)
{
if ((type & ~SecurityPermissionFlag.AllFlags) != 0)
throw new ArgumentException(Environment.GetResourceString("Arg_EnumIllegalVal", (int)type));
Contract.EndContractBlock();
}
public SecurityPermissionAttribute (SecurityAction action) : base(action)
{
m_Flags = SecurityPermissionFlag.NoFlags;
}
private void AssertRemotingConfiguration (SecurityPermissionFlag flag)
{
AssertSecurity (flag);
}
private void AssertBoth (SecurityPermissionFlag flag)
{
AssertSecurity (flag);
}
public SecurityPermission(SecurityPermissionFlag flag)
{
}
public SecurityPermission (SecurityPermissionFlag flag) {
return default(SecurityPermission);
}
private void VerifyAccess(SecurityPermissionFlag type)
{
if ((type & ~SecurityPermissionFlag.AllFlags) != SecurityPermissionFlag.NoFlags)
{
throw new ArgumentException(Environment.GetResourceString("Arg_EnumIllegalVal", new object[] { (int) type }));
}
}
//------------------------------------------------------
//
// PRIVATE AND PROTECTED MODIFIERS
//
//------------------------------------------------------
private void SetUnrestricted(bool unrestricted)
{
if (unrestricted)
{
m_flags = SecurityPermissionFlag.AllFlags;
}
}
public SecurityPermission(SecurityPermissionFlag flags)
{
this.flags = flags;
}
public override void FromXml(SecurityElement esd)
{
CodeAccessPermission.ValidateElement( esd, this );
if (XMLUtil.IsUnrestricted( esd ))
{
m_flags = SecurityPermissionFlag.AllFlags;
return;
}
Reset () ;
SetUnrestricted (false) ;
String flags = esd.Attribute( "Flags" );
if (flags != null)
m_flags = (SecurityPermissionFlag)Enum.Parse( typeof( SecurityPermissionFlag ), flags );
}
private static int MapToSpecialFlags(SecurityPermissionFlag securityPermissionFlags, ReflectionPermissionFlag reflectionPermissionFlags)
{
int num = 0;
if ((securityPermissionFlags & SecurityPermissionFlag.UnmanagedCode) == SecurityPermissionFlag.UnmanagedCode)
{
num |= 1;
}
if ((securityPermissionFlags & SecurityPermissionFlag.SkipVerification) == SecurityPermissionFlag.SkipVerification)
{
num |= 2;
}
if ((securityPermissionFlags & SecurityPermissionFlag.Assertion) == SecurityPermissionFlag.Assertion)
{
num |= 8;
}
if ((securityPermissionFlags & SecurityPermissionFlag.SerializationFormatter) == SecurityPermissionFlag.SerializationFormatter)
{
num |= 0x20;
}
if ((securityPermissionFlags & SecurityPermissionFlag.BindingRedirects) == SecurityPermissionFlag.BindingRedirects)
{
num |= 0x100;
}
if ((securityPermissionFlags & SecurityPermissionFlag.ControlEvidence) == SecurityPermissionFlag.ControlEvidence)
{
num |= 0x10000;
}
if ((securityPermissionFlags & SecurityPermissionFlag.ControlPrincipal) == SecurityPermissionFlag.ControlPrincipal)
{
num |= 0x20000;
}
if ((reflectionPermissionFlags & ReflectionPermissionFlag.RestrictedMemberAccess) == ReflectionPermissionFlag.RestrictedMemberAccess)
{
num |= 0x40;
}
if ((reflectionPermissionFlags & ReflectionPermissionFlag.MemberAccess) == ReflectionPermissionFlag.MemberAccess)
{
num |= 0x10;
}
return num;
}
public SecurityPermission (SecurityPermissionFlag flag)
{
// reuse validation by the Flags property
Flags = flag;
}
#pragma warning disable 618
void VerifyAccess(SecurityPermissionFlag type)
#pragma warning restore 618
{
#pragma warning disable 618
if ((type & ~SecurityPermissionFlag.AllFlags) != 0)
#pragma warning restore 618
throw new ArgumentException(Environment.GetResourceString("Arg_EnumIllegalVal", (int)type));
Contract.EndContractBlock();
}
void setFlag(SecurityPermissionFlag nFlag, bool fAllow)
{
if (fAllow)
{
m_flags = m_flags | nFlag;
}
else
{
m_flags = m_flags & ~nFlag;
}
}
private void Reset()
{
#pragma warning disable 618
m_flags = SecurityPermissionFlag.NoFlags;
#pragma warning restore 618
}
private void AssertSecurity (SecurityPermissionFlag flag)
{
bool unmanaged = ((flag & SecurityPermissionFlag.UnmanagedCode) != 0);
bool remoting = ((flag & SecurityPermissionFlag.RemotingConfiguration) != 0);
if (unmanaged && remoting)
DemandBoth ();
else if (unmanaged)
DemandUnmanagedCode ();
else if (remoting)
DemandRemotingConfiguration ();
else
Assert.Fail ("Invalid demand");
}
private void AssertUnmanagedCode (SecurityPermissionFlag flag)
{
AssertSecurity (flag);
}
private void Assert_RemotingConfiguration_UnmanagedCode (SecurityPermissionFlag flag)
{
AssertUnmanagedCode (flag);
}
#pragma warning disable 618
private static int MapToSpecialFlags (SecurityPermissionFlag securityPermissionFlags, ReflectionPermissionFlag reflectionPermissionFlags) {
#pragma warning restore 618
int flags = 0;
#pragma warning disable 618
if ((securityPermissionFlags & SecurityPermissionFlag.UnmanagedCode) == SecurityPermissionFlag.UnmanagedCode)
#pragma warning restore 618
flags |= (1 << (int) PermissionType.SecurityUnmngdCodeAccess);
if ((securityPermissionFlags & SecurityPermissionFlag.SkipVerification) == SecurityPermissionFlag.SkipVerification)
flags |= (1 << (int) PermissionType.SecuritySkipVerification);
if ((securityPermissionFlags & SecurityPermissionFlag.Assertion) == SecurityPermissionFlag.Assertion)
flags |= (1 << (int) PermissionType.SecurityAssert);
if ((securityPermissionFlags & SecurityPermissionFlag.SerializationFormatter) == SecurityPermissionFlag.SerializationFormatter)
flags |= (1 << (int) PermissionType.SecuritySerialization);
if ((securityPermissionFlags & SecurityPermissionFlag.BindingRedirects) == SecurityPermissionFlag.BindingRedirects)
flags |= (1 << (int) PermissionType.SecurityBindingRedirects);
if ((securityPermissionFlags & SecurityPermissionFlag.ControlEvidence) == SecurityPermissionFlag.ControlEvidence)
flags |= (1 << (int) PermissionType.SecurityControlEvidence);
if ((securityPermissionFlags & SecurityPermissionFlag.ControlPrincipal) == SecurityPermissionFlag.ControlPrincipal)
flags |= (1 << (int) PermissionType.SecurityControlPrincipal);
if ((reflectionPermissionFlags & ReflectionPermissionFlag.RestrictedMemberAccess) == ReflectionPermissionFlag.RestrictedMemberAccess)
flags |= (1 << (int)PermissionType.ReflectionRestrictedMemberAccess);
if ((reflectionPermissionFlags & ReflectionPermissionFlag.MemberAccess) == ReflectionPermissionFlag.MemberAccess)
flags |= (1 << (int) PermissionType.ReflectionMemberAccess);
return flags;
}
public override void FromXml (SecurityElement esd)
{
// General validation in CodeAccessPermission
CheckSecurityElement (esd, "esd", version, version);
// Note: we do not (yet) care about the return value
// as we only accept version 1 (min/max values)
if (IsUnrestricted (esd)) {
flags = SecurityPermissionFlag.AllFlags;
}
else {
string f = esd.Attribute ("Flags");
if (f == null) {
flags = SecurityPermissionFlag.NoFlags;
}
else {
flags = (SecurityPermissionFlag) Enum.Parse (
typeof (SecurityPermissionFlag), f);
}
}
}
// CreateSecurity creates a SecurityPermission object.
public bool CreateSecurity(out SecurityPermission SecurityPerm, out SecurityPermissionFlag Security)
{
if(reflectionIndex >= mySecurity.Length)
{
SecurityPerm = new SecurityPermission(PermissionState.None);
Security=SecurityPermissionFlag.NoFlags;
reflectionIndex++;
return false;
}
Security = mySecurity[reflectionIndex++];
try
{
SecurityPerm = new SecurityPermission(Security);
return true;
}
catch(Exception e)
{
Console.WriteLine("Cannot create SecurityPermission: " + Security +" "+e);
SecurityPerm = new SecurityPermission(PermissionState.None);
Security=SecurityPermissionFlag.NoFlags;
return true;
}
}
private void Reset()
{
m_flags = SecurityPermissionFlag.NoFlags;
}