internal TokenBasedSet(TokenBasedSet tbSet) { this.m_initSize = 0x18; this.m_increment = 8; if (tbSet == null) { this.Reset(); } else { if (tbSet.m_cElt > 1) { object[] set = tbSet.m_Set; int length = set.Length; object[] destinationArray = new object[length]; Array.Copy(set, 0, destinationArray, 0, length); this.m_Set = destinationArray; } else { this.m_Obj = tbSet.m_Obj; } this.m_cElt = tbSet.m_cElt; this.m_maxIndex = tbSet.m_maxIndex; } }
public virtual bool IsSubsetOf(TokenBasedSet target) { if (target == null || target.FastIsEmpty()) { return(this.IsEmpty()); } else { int minIndex = this.m_maxIndex; // An initial sign that this class has a Permission that the // target doesn't have is if this has a greater Token index. if (minIndex > target.m_maxIndex) { return(false); } for (int i = 0; i <= minIndex; i++) { IPermission permThis = (IPermission)this.m_objSet[i]; IPermission permTarg = (IPermission)target.m_objSet[i]; if (permThis == null) { continue; } else if (!permThis.IsSubsetOf(permTarg)) { return(this.IsEmpty()); } } return(true); } }
internal TokenBasedSet(TokenBasedSet tbSet) { if (tbSet == null) { this.Reset(); } else { if (tbSet.m_cElt > 1) { object[] objArray1 = tbSet.m_Set; int length1 = objArray1.Length; object[] objArray2 = new object[length1]; int sourceIndex = 0; object[] objArray3 = objArray2; int destinationIndex = 0; int length2 = length1; Array.Copy((Array)objArray1, sourceIndex, (Array)objArray3, destinationIndex, length2); this.m_Set = objArray2; } else { this.m_Obj = tbSet.m_Obj; } this.m_cElt = tbSet.m_cElt; this.m_maxIndex = tbSet.m_maxIndex; } }
internal TokenBasedSet(TokenBasedSet tbSet) { if (tbSet == null) { Reset(); return; } if (tbSet.m_cElt > 1) { Object[] aObj = tbSet.m_Set; int aLen = aObj.Length; Object[] aNew = new Object[aLen]; System.Array.Copy(aObj, 0, aNew, 0, aLen); m_Set = aNew; } else { m_Obj = tbSet.m_Obj; } m_cElt = tbSet.m_cElt; m_maxIndex = tbSet.m_maxIndex; }
public virtual TokenBasedSet Intersect(TokenBasedSet other) { int size = (this.m_maxIndex < other.m_maxIndex) ? this.m_maxIndex : other.m_maxIndex; TokenBasedSet set = new TokenBasedSet(size < 0 ? 0 : size, this.m_increment); GenericIntersect(set, other); return(set); }
// Used to merge two distinct TokenBasedSets (used currently only in PermissionSet Deserialization) internal TokenBasedSet SpecialUnion(TokenBasedSet other) { // This gets called from PermissionSet.OnDeserialized and it's possible that the TokenBasedSets have // not been subjected to VTS callbacks yet OnDeserializedInternal(); TokenBasedSet unionSet = new TokenBasedSet(); int maxMax; if (other != null) { other.OnDeserializedInternal(); maxMax = this.GetMaxUsedIndex() > other.GetMaxUsedIndex() ? this.GetMaxUsedIndex() : other.GetMaxUsedIndex(); } else { maxMax = this.GetMaxUsedIndex(); } for (int i = 0; i <= maxMax; ++i) { Object thisObj = this.GetItem(i); IPermission thisPerm = thisObj as IPermission; Object otherObj = (other != null)?other.GetItem(i):null; IPermission otherPerm = otherObj as IPermission; if (thisObj == null && otherObj == null) { continue; } if (thisObj == null) { PermissionToken token = PermissionToken.GetToken(otherPerm); if (token == null) { throw new SerializationException(Environment.GetResourceString("Serialization_InsufficientState")); } unionSet.SetItem(token.m_index, otherPerm); } else if (otherObj == null) { PermissionToken token = PermissionToken.GetToken(thisPerm); if (token == null) { throw new SerializationException(Environment.GetResourceString("Serialization_InsufficientState")); } unionSet.SetItem(token.m_index, thisPerm); } else { Debug.Assert((thisObj == null || otherObj == null), "Permission cannot be in both TokenBasedSets"); } } return(unionSet); }
internal TokenBasedSet SpecialUnion(TokenBasedSet other) { int maxUsedIndex; this.OnDeserializedInternal(); TokenBasedSet set = new TokenBasedSet(); if (other != null) { other.OnDeserializedInternal(); maxUsedIndex = (this.GetMaxUsedIndex() > other.GetMaxUsedIndex()) ? this.GetMaxUsedIndex() : other.GetMaxUsedIndex(); } else { maxUsedIndex = this.GetMaxUsedIndex(); } for (int i = 0; i <= maxUsedIndex; i++) { object item = this.GetItem(i); IPermission perm = item as IPermission; ISecurityElementFactory factory = item as ISecurityElementFactory; object obj3 = (other != null) ? other.GetItem(i) : null; IPermission permission2 = obj3 as IPermission; ISecurityElementFactory factory2 = obj3 as ISecurityElementFactory; if ((item != null) || (obj3 != null)) { if (item == null) { if (factory2 != null) { permission2 = PermissionSet.CreatePerm(factory2, false); } PermissionToken token = PermissionToken.GetToken(permission2); if (token == null) { throw new SerializationException(Environment.GetResourceString("Serialization_InsufficientState")); } set.SetItem(token.m_index, permission2); } else if (obj3 == null) { if (factory != null) { perm = PermissionSet.CreatePerm(factory, false); } PermissionToken token2 = PermissionToken.GetToken(perm); if (token2 == null) { throw new SerializationException(Environment.GetResourceString("Serialization_InsufficientState")); } set.SetItem(token2.m_index, perm); } } } return(set); }
private void GenericIntersect(TokenBasedSet target, TokenBasedSet other) { // Note: Assumes target set is large enough and empty. int thisMaxIndex = this.m_maxIndex; int otherMaxIndex = other != null ? other.m_maxIndex : 0; int minMaxIndex = thisMaxIndex < otherMaxIndex ? thisMaxIndex : otherMaxIndex; // We want to save any exceptions that occur and throw them at the end. Exception savedException = null; for (int i = 0; i <= minMaxIndex; i++) { try { IPermission p1 = other != null ? (IPermission)other.m_objSet[i] : null; IPermission p2 = (IPermission)this.m_objSet[i]; if (p1 != null && p2 != null) { target.SetItem(i, p1.Intersect(p2)); } else { target.SetItem(i, null); } } catch (Exception e) { if (savedException == null) { savedException = e; } // Remove the permission from the intersection set target.SetItem(i, null); } } if (minMaxIndex == otherMaxIndex) { for (int i = otherMaxIndex + 1; i <= target.m_maxIndex; ++i) { target.RemoveItem(i); } } if (savedException != null) { throw savedException; } }
public TokenBasedSet(TokenBasedSet tbSet) { if (tbSet == null) { Reset(DefaultSize, DefaultIncrement); return; } m_objSet = new Object[tbSet.m_objSet.Length]; System.Array.Copy(tbSet.m_objSet, 0, m_objSet, 0, tbSet.m_objSet.Length); m_cElt = tbSet.m_cElt; m_initSize = tbSet.m_initSize; m_increment = tbSet.m_increment; m_maxIndex = tbSet.m_maxIndex; }
internal virtual void MergeDeniedSet(TokenBasedSet denied) { if (denied == null) { return; } int minMaxIndex; if (this.m_maxIndex < denied.m_maxIndex) { minMaxIndex = this.m_maxIndex; for (int i = this.m_maxIndex + 1; i <= denied.m_maxIndex; ++i) { denied.RemoveItem(i); } } else { minMaxIndex = denied.m_maxIndex; } IPermission p1; IPermission p2; for (int i = 0; i <= minMaxIndex; i++) { p1 = (IPermission)this.GetItem(i); p2 = (IPermission)denied.GetItem(i); if (p1 != null) { if (p2 != null && p1.IsSubsetOf(p2)) { // If the permission appears in both sets, we can remove it from both // (i.e. now it's not granted instead of being denied) this.RemoveItem(i); denied.RemoveItem(i); } } else if (p2 != null) { // If we tried to deny it and it wasn't granted, just remove it from the denied set. denied.RemoveItem(i); } } }
public virtual TokenBasedSet Union(TokenBasedSet other) { int size; if (other != null) { size = (this.m_maxIndex > other.m_maxIndex) ? this.m_maxIndex : other.m_maxIndex; } else { size = this.m_maxIndex; } TokenBasedSet set = new TokenBasedSet(size < 0 ? 0 : size, this.m_increment); this.GenericUnion(set, other, true); return(set); }
internal void SpecialSplit(ref TokenBasedSet unrestrictedPermSet, ref TokenBasedSet normalPermSet, bool ignoreTypeLoadFailures) { int maxIndex = GetMaxUsedIndex(); for (int i = GetStartingIndex(); i <= maxIndex; ++i) { Object obj = GetItem(i); if (obj != null) { IPermission perm = obj as IPermission; #if FEATURE_CAS_POLICY if (perm == null) { perm = PermissionSet.CreatePerm(obj, ignoreTypeLoadFailures); } #endif // FEATURE_CAS_POLICY PermissionToken token = PermissionToken.GetToken(perm); if (perm == null || token == null) { continue; } if (perm is IUnrestrictedPermission) { // Add to unrestrictedPermSet if (unrestrictedPermSet == null) { unrestrictedPermSet = new TokenBasedSet(); } unrestrictedPermSet.SetItem(token.m_index, perm); } else { // Add to normalPermSet if (normalPermSet == null) { normalPermSet = new TokenBasedSet(); } normalPermSet.SetItem(token.m_index, perm); } } } }
// Token: 0x06002B47 RID: 11079 RVA: 0x000A0FDC File Offset: 0x0009F1DC internal TokenBasedSet(TokenBasedSet tbSet) { if (tbSet == null) { this.Reset(); return; } if (tbSet.m_cElt > 1) { object[] set = tbSet.m_Set; int num = set.Length; object[] array = new object[num]; Array.Copy(set, 0, array, 0, num); this.m_Set = array; } else { this.m_Obj = tbSet.m_Obj; } this.m_cElt = tbSet.m_cElt; this.m_maxIndex = tbSet.m_maxIndex; }
// Token: 0x06002B52 RID: 11090 RVA: 0x000A147C File Offset: 0x0009F67C internal void SpecialSplit(ref TokenBasedSet unrestrictedPermSet, ref TokenBasedSet normalPermSet, bool ignoreTypeLoadFailures) { int maxUsedIndex = this.GetMaxUsedIndex(); for (int i = this.GetStartingIndex(); i <= maxUsedIndex; i++) { object item = this.GetItem(i); if (item != null) { IPermission permission = item as IPermission; if (permission == null) { permission = PermissionSet.CreatePerm(item, ignoreTypeLoadFailures); } PermissionToken token = PermissionToken.GetToken(permission); if (permission != null && token != null) { if (permission is IUnrestrictedPermission) { if (unrestrictedPermSet == null) { unrestrictedPermSet = new TokenBasedSet(); } unrestrictedPermSet.SetItem(token.m_index, permission); } else { if (normalPermSet == null) { normalPermSet = new TokenBasedSet(); } normalPermSet.SetItem(token.m_index, permission); } } } } }
internal void CheckSet() { if (this.m_permSet == null) this.m_permSet = new TokenBasedSet(); }
public PermissionSet(PermissionSet permSet) : this() { if (permSet == null) { Reset(); return; } m_Unrestricted = permSet.m_Unrestricted; m_CheckedForNonCas = permSet.m_CheckedForNonCas; m_ContainsCas = permSet.m_ContainsCas; m_ContainsNonCas = permSet.m_ContainsNonCas; m_ignoreTypeLoadFailures = permSet.m_ignoreTypeLoadFailures; if (permSet.m_permSet != null) { m_permSet = new TokenBasedSet(permSet.m_permSet); // now deep copy all permissions in set for (int i = m_permSet.GetStartingIndex(); i <= m_permSet.GetMaxUsedIndex(); i++) { Object obj = m_permSet.GetItem(i); IPermission perm = obj as IPermission; #if FEATURE_CAS_POLICY ISecurityElementFactory elem = obj as ISecurityElementFactory; #endif // FEATURE_CAS_POLICY if (perm != null) { m_permSet.SetItem(i, perm.Copy()); } #if FEATURE_CAS_POLICY else if (elem != null) { m_permSet.SetItem(i, elem.Copy()); } #endif // FEATURE_CAS_POLICY } } }
internal virtual void FromXml( SecurityElement et, bool allowInternalOnly, bool ignoreTypeLoadFailures ) { if (et == null) throw new ArgumentNullException("et"); if (!et.Tag.Equals(s_str_PermissionSet)) throw new ArgumentException(String.Format( null, Environment.GetResourceString( "Argument_InvalidXMLElement" ), "PermissionSet", this.GetType().FullName) ); Contract.EndContractBlock(); Reset(); m_ignoreTypeLoadFailures = ignoreTypeLoadFailures; m_allPermissionsDecoded = false; m_Unrestricted = XMLUtil.IsUnrestricted( et ); if (et.InternalChildren != null) { int childCount = et.InternalChildren.Count; for (int i = 0; i < childCount; ++i) { SecurityElement elem = (SecurityElement)et.Children[i]; if (IsPermissionTag( elem.Tag, allowInternalOnly )) { String className = elem.Attribute( "class" ); PermissionToken token; Object objectToInsert; if (className != null) { token = PermissionToken.GetToken( className ); if (token == null) { objectToInsert = CreatePerm( elem ); #if _DEBUG PermissionToken tokenDebug = PermissionToken.GetToken( (IPermission)objectToInsert ); Contract.Assert( tokenDebug != null && (tokenDebug.m_type & PermissionTokenType.BuiltIn) != 0, "This should only be called for built-ins" ); #endif if (objectToInsert != null) { Contract.Assert( objectToInsert.GetType().Module.Assembly == System.Reflection.Assembly.GetExecutingAssembly(), "PermissionToken.GetToken returned null for non-mscorlib permission" ); token = PermissionToken.GetToken( (IPermission)objectToInsert ); Contract.Assert( (token.m_type & PermissionTokenType.DontKnow) == 0, "We should always know the permission type when getting a token from an instance" ); } } else { objectToInsert = elem; } } else { IPermission ip = CreatePerm( elem ); if (ip == null) { token = null; objectToInsert = null; } else { token = PermissionToken.GetToken( ip ); Contract.Assert( PermissionToken.IsTokenProperlyAssigned( ip, token ), "PermissionToken was improperly assigned" ); objectToInsert = ip; } } if (token != null && objectToInsert != null) { if (m_permSet == null) m_permSet = new TokenBasedSet(); if (this.m_permSet.GetItem( token.m_index ) != null) { // If there is already something in that slot, let's union them // together. IPermission permInSlot; if (this.m_permSet.GetItem( token.m_index ) is IPermission) permInSlot = (IPermission)this.m_permSet.GetItem( token.m_index ); else permInSlot = CreatePerm( (SecurityElement)this.m_permSet.GetItem( token.m_index ) ); if (objectToInsert is IPermission) objectToInsert = ((IPermission)objectToInsert).Union( permInSlot ); else objectToInsert = CreatePerm( (SecurityElement)objectToInsert ).Union( permInSlot ); } if(m_Unrestricted && objectToInsert is IPermission) objectToInsert = null; this.m_permSet.SetItem( token.m_index, objectToInsert ); } } } } }
private void OnSerialized(StreamingContext context) { #if FEATURE_REMOTING if ((context.State & ~(StreamingContextStates.Clone|StreamingContextStates.CrossAppDomain)) != 0) { m_serializedPermissionSet = null; m_permSet = m_permSetSaved; m_permSetSaved = null; m_unrestrictedPermSet = null; m_normalPermSet = null; } #else // !FEATURE_REMOTING Contract.Assert(false, "PermissionSet does not support serialization on CoreCLR"); #endif // !FEATURE_REMOTING }
// Reinitializes all state in PermissionSet. public void Reset() { if (m_unrestrictedPermSet == null) m_unrestrictedPermSet = new TokenBasedSet( 12, 4 ); else m_unrestrictedPermSet.Reset(); if (m_normalPermSet == null) m_normalPermSet = new TokenBasedSet( 6, 4 ); else m_normalPermSet.Reset(); // By default, the PermissionListSet is unrestricted. Why? // At the start, having nothing on the stack should indicate success. // Once the first non-unrestricted grant is appended to the set, // then the PermissionListSet will become non-unrestricted. m_unrestricted = true; m_state = PermissionListSetState.None; }
internal virtual void FromXml(SecurityDocument doc, int position, bool allowInternalOnly) { if (doc == null) { throw new ArgumentNullException("doc"); } if (!doc.GetTagForElement(position).Equals("PermissionSet")) { throw new ArgumentException(string.Format(null, Environment.GetResourceString("Argument_InvalidXMLElement"), new object[] { "PermissionSet", base.GetType().FullName })); } this.Reset(); this.m_allPermissionsDecoded = false; Exception exception = null; string attributeForElement = doc.GetAttributeForElement(position, "Unrestricted"); if (attributeForElement != null) { this.m_Unrestricted = (attributeForElement.Equals("True") || attributeForElement.Equals("true")) || attributeForElement.Equals("TRUE"); } else { this.m_Unrestricted = false; } ArrayList childrenPositionForElement = doc.GetChildrenPositionForElement(position); int count = childrenPositionForElement.Count; for (int i = 0; i < count; i++) { int num3 = (int) childrenPositionForElement[i]; if (IsPermissionTag(doc.GetTagForElement(num3), allowInternalOnly)) { try { PermissionToken token; object obj2; string typeStr = doc.GetAttributeForElement(num3, "class"); if (typeStr != null) { token = PermissionToken.GetToken(typeStr); if (token == null) { obj2 = this.CreatePerm(doc.GetElement(num3, true)); if (obj2 != null) { token = PermissionToken.GetToken((IPermission) obj2); } } else { obj2 = ((ISecurityElementFactory) new SecurityDocumentElement(doc, num3)).CreateSecurityElement(); } } else { IPermission perm = this.CreatePerm(doc.GetElement(num3, true)); if (perm == null) { token = null; obj2 = null; } else { token = PermissionToken.GetToken(perm); obj2 = perm; } } if ((token != null) && (obj2 != null)) { if (this.m_permSet == null) { this.m_permSet = new TokenBasedSet(); } IPermission item = null; if (this.m_permSet.GetItem(token.m_index) != null) { if (this.m_permSet.GetItem(token.m_index) is IPermission) { item = (IPermission) this.m_permSet.GetItem(token.m_index); } else { item = this.CreatePerm(this.m_permSet.GetItem(token.m_index)); } } if (item != null) { if (obj2 is IPermission) { obj2 = item.Union((IPermission) obj2); } else { obj2 = item.Union(this.CreatePerm(obj2)); } } if (this.m_Unrestricted && (obj2 is IPermission)) { obj2 = null; } this.m_permSet.SetItem(token.m_index, obj2); } } catch (Exception exception2) { if (exception == null) { exception = exception2; } } } } if (exception != null) { throw exception; } }
public virtual void InplaceUnion(TokenBasedSet other) { GenericUnion(this, other, false); }
private void GenericUnion(TokenBasedSet target, TokenBasedSet other, bool needToCopy) { // Note: Assumes target set is large enough and empty. // Get the max indicies int thisMaxIndex = this.m_maxIndex; int otherMaxIndex = other != null ? other.m_maxIndex : 0; int minMaxUsedIndex; int maxMaxUsedIndex; TokenBasedSet biggerSet; // We want to save any exceptions that occur and throw them at the end. Exception savedException = null; if (thisMaxIndex < otherMaxIndex) { minMaxUsedIndex = thisMaxIndex; maxMaxUsedIndex = otherMaxIndex; biggerSet = other; } else { minMaxUsedIndex = otherMaxIndex; maxMaxUsedIndex = thisMaxIndex; biggerSet = this; } IPermission p1; IPermission p2; int i; for (i = 0; i <= minMaxUsedIndex; ++i) { try { p2 = other != null ? (IPermission)other.m_objSet[i] : null; p1 = (IPermission)this.m_objSet[i]; if (p2 != null) { // we only need to do something is the other set has something in this slot if (p1 == null) { // nothing in this set, so insert a copy. if (needToCopy) { target.SetItem(i, p2.Copy()); } else { target.SetItem(i, p2); } } else { // both have it, so replace this's with the union. target.SetItem(i, p1.Union(p2)); } } else if (needToCopy) { if (p1 != null) { target.SetItem(i, p1.Copy()); } else { target.SetItem(i, null); } } else { target.SetItem(i, p1); } } catch (Exception e) { if (savedException == null) { savedException = e; } } } for (i = minMaxUsedIndex + 1; i <= maxMaxUsedIndex; ++i) { try { if (needToCopy && biggerSet.m_objSet[i] != null) { target.SetItem(i, ((IPermission)biggerSet.m_objSet[i]).Copy()); } else { target.SetItem(i, biggerSet.m_objSet[i]); } } catch (Exception e) { if (savedException == null) { savedException = e; } } } if (savedException != null) { throw savedException; } }
internal void SpecialSplit(ref TokenBasedSet unrestrictedPermSet, ref TokenBasedSet normalPermSet, bool ignoreTypeLoadFailures) { int maxIndex = GetMaxUsedIndex(); for (int i = GetStartingIndex(); i <= maxIndex; ++i) { Object obj = GetItem( i ); if (obj != null) { IPermission perm = obj as IPermission; #if FEATURE_CAS_POLICY if (perm == null) perm = PermissionSet.CreatePerm(obj, ignoreTypeLoadFailures); #endif // FEATURE_CAS_POLICY PermissionToken token = PermissionToken.GetToken(perm); if (perm == null || token == null) continue; if (perm is IUnrestrictedPermission) { // Add to unrestrictedPermSet if (unrestrictedPermSet == null) unrestrictedPermSet = new TokenBasedSet(); unrestrictedPermSet.SetItem(token.m_index, perm); } else { // Add to normalPermSet if (normalPermSet == null) normalPermSet = new TokenBasedSet(); normalPermSet.SetItem(token.m_index, perm); } } } }
public TokenBasedSetEnumerator(TokenBasedSet tb) { Index = -1; Current = null; _tb = tb; }
public PermissionSet(PermissionSet permSet) : this() { if (permSet == null) { this.Reset(); } else { this.m_Unrestricted = permSet.m_Unrestricted; this.m_CheckedForNonCas = permSet.m_CheckedForNonCas; this.m_ContainsCas = permSet.m_ContainsCas; this.m_ContainsNonCas = permSet.m_ContainsNonCas; this.m_ignoreTypeLoadFailures = permSet.m_ignoreTypeLoadFailures; if (permSet.m_permSet != null) { this.m_permSet = new TokenBasedSet(permSet.m_permSet); for (int i = this.m_permSet.GetStartingIndex(); i <= this.m_permSet.GetMaxUsedIndex(); i++) { object item = this.m_permSet.GetItem(i); IPermission permission = item as IPermission; ISecurityElementFactory factory = item as ISecurityElementFactory; if (permission != null) { this.m_permSet.SetItem(i, permission.Copy()); } else if (factory != null) { this.m_permSet.SetItem(i, factory.Copy()); } } } } }
public bool CheckSetDemandInternal(PermissionSet permSet, out Exception exception, bool bNeedAlteredSet, out PermissionSet alteredSet) { alteredSet = null; BCLDebug.Assert(permSet != null, "permSet != null"); // If the compressed stack is not unrestricted and the demand is // then we just throw an exception. if (!this.m_unrestricted && permSet.IsUnrestricted()) { exception = new SecurityException(Environment.GetResourceString("Security_GenericNoType") ); return false; } TokenBasedSet normalAlteredSet = null; TokenBasedSet unrestrictedAlteredSet = null; // Check the "normal" permissions since we always know we have to check them. bool normalContinue = CheckTokenBasedSets( this.m_normalPermSet, permSet.m_normalPermSet, false, PermissionListSetState.None, out exception, bNeedAlteredSet, out normalAlteredSet ); if (exception != null) { return false; } bool unrestrictedContinue = CheckTokenBasedSets( this.m_unrestrictedPermSet, permSet.m_unrestrictedPermSet, m_unrestricted, m_state, out exception, bNeedAlteredSet, out unrestrictedAlteredSet ); if (exception != null) { return false; } if ((m_state & PermissionListSetState.UnrestrictedAssert) != 0) { // If we are unrestricted, we want to terminate the stack walk based // on us having an unrestricted assert. if (bNeedAlteredSet) unrestrictedAlteredSet = new TokenBasedSet( 1, 4 ); unrestrictedContinue = false; } if (normalContinue || unrestrictedContinue) { if (!bNeedAlteredSet) return true; // If we need to continue, let's build the altered set. We only // need to do this if 1) our original demand is not unrestricted // and 2) if we have altered token based sets. if (!permSet.IsUnrestricted()) { if (normalAlteredSet != null || unrestrictedAlteredSet != null) { alteredSet = new PermissionSet( false ); if (normalAlteredSet != null) alteredSet.m_normalPermSet = normalAlteredSet; else alteredSet.m_normalPermSet = CopyTokenBasedSet( permSet.m_normalPermSet ); if (unrestrictedAlteredSet != null) alteredSet.m_unrestrictedPermSet = unrestrictedAlteredSet; else alteredSet.m_unrestrictedPermSet = CopyTokenBasedSet( permSet.m_unrestrictedPermSet ); if (alteredSet.IsEmpty()) return false; } } return true; } else { return false; } }
internal virtual void FromXml(SecurityElement et, bool allowInternalOnly, bool ignoreTypeLoadFailures) { if (et == null) { throw new ArgumentNullException("et"); } if (!et.Tag.Equals("PermissionSet")) { throw new ArgumentException(string.Format(null, Environment.GetResourceString("Argument_InvalidXMLElement"), new object[] { "PermissionSet", base.GetType().FullName })); } this.Reset(); this.m_ignoreTypeLoadFailures = ignoreTypeLoadFailures; this.m_allPermissionsDecoded = false; this.m_Unrestricted = XMLUtil.IsUnrestricted(et); if (et.InternalChildren != null) { int count = et.InternalChildren.Count; for (int i = 0; i < count; i++) { SecurityElement element = (SecurityElement) et.Children[i]; if (IsPermissionTag(element.Tag, allowInternalOnly)) { PermissionToken token; object obj2; string typeStr = element.Attribute("class"); if (typeStr != null) { token = PermissionToken.GetToken(typeStr); if (token == null) { obj2 = this.CreatePerm(element); if (obj2 != null) { token = PermissionToken.GetToken((IPermission) obj2); } } else { obj2 = element; } } else { IPermission perm = this.CreatePerm(element); if (perm == null) { token = null; obj2 = null; } else { token = PermissionToken.GetToken(perm); obj2 = perm; } } if ((token != null) && (obj2 != null)) { if (this.m_permSet == null) { this.m_permSet = new TokenBasedSet(); } if (this.m_permSet.GetItem(token.m_index) != null) { IPermission item; if (this.m_permSet.GetItem(token.m_index) is IPermission) { item = (IPermission) this.m_permSet.GetItem(token.m_index); } else { item = this.CreatePerm((SecurityElement) this.m_permSet.GetItem(token.m_index)); } if (obj2 is IPermission) { obj2 = ((IPermission) obj2).Union(item); } else { obj2 = this.CreatePerm((SecurityElement) obj2).Union(item); } } if (this.m_Unrestricted && (obj2 is IPermission)) { obj2 = null; } this.m_permSet.SetItem(token.m_index, obj2); } } } } }
private void OnSerializing(StreamingContext ctx) { if ((ctx.State & ~(StreamingContextStates.Clone|StreamingContextStates.CrossAppDomain)) != 0) { m_serializedPermissionSet = ToString(); // For v2.x and beyond if (m_permSet != null) m_permSet.SpecialSplit(ref m_unrestrictedPermSet, ref m_normalPermSet, m_ignoreTypeLoadFailures); m_permSetSaved = m_permSet; m_permSet = null; } }
private void NormalizePermissionSet() { // This function guarantees that all the permissions are placed at // the proper index within the token based sets. This becomes necessary // since these indices are dynamically allocated based on usage order. PermissionSet permSetTemp = new PermissionSet(false); permSetTemp.m_Unrestricted = this.m_Unrestricted; // Move all the normal permissions to the new permission set if (this.m_permSet != null) { for (int i = m_permSet.GetStartingIndex(); i <= this.m_permSet.GetMaxUsedIndex(); ++i) { Object obj = this.m_permSet.GetItem(i); IPermission perm = obj as IPermission; #if FEATURE_CAS_POLICY ISecurityElementFactory elem = obj as ISecurityElementFactory; if (elem != null) perm = CreatePerm( elem ); #endif // FEATURE_CAS_POLICY if (perm != null) permSetTemp.SetPermission( perm ); } } this.m_permSet = permSetTemp.m_permSet; }
public TokenBasedSetEnumerator(TokenBasedSet set) { SetData(set); }
internal virtual void FromXml( SecurityDocument doc, int position, bool allowInternalOnly ) { if (doc == null) throw new ArgumentNullException("doc"); Contract.EndContractBlock(); if (!doc.GetTagForElement( position ).Equals(s_str_PermissionSet)) throw new ArgumentException(String.Format( null, Environment.GetResourceString( "Argument_InvalidXMLElement" ), "PermissionSet", this.GetType().FullName) ); Reset(); m_allPermissionsDecoded = false; Exception savedException = null; String strUnrestricted = doc.GetAttributeForElement( position, "Unrestricted" ); if (strUnrestricted != null) m_Unrestricted = strUnrestricted.Equals( "True" ) || strUnrestricted.Equals( "true" ) || strUnrestricted.Equals( "TRUE" ); else m_Unrestricted = false; ArrayList childrenIndices = doc.GetChildrenPositionForElement( position ); int childCount = childrenIndices.Count; for (int i = 0; i < childCount; ++i) { int childIndex = (int)childrenIndices[i]; if (IsPermissionTag( doc.GetTagForElement( childIndex ), allowInternalOnly )) { try { String className = doc.GetAttributeForElement( childIndex, "class" ); PermissionToken token; Object objectToInsert; if (className != null) { token = PermissionToken.GetToken( className ); if (token == null) { objectToInsert = CreatePerm( doc.GetElement( childIndex, true ) ); if (objectToInsert != null) { #if _DEBUG PermissionToken tokenDebug = PermissionToken.GetToken( (IPermission)objectToInsert ); Contract.Assert((tokenDebug != null), "PermissionToken.GetToken returned null "); Contract.Assert( (tokenDebug.m_type & PermissionTokenType.BuiltIn) != 0, "This should only be called for built-ins" ); #endif Contract.Assert( objectToInsert.GetType().Module.Assembly == System.Reflection.Assembly.GetExecutingAssembly(), "PermissionToken.GetToken returned null for non-mscorlib permission" ); token = PermissionToken.GetToken( (IPermission)objectToInsert ); Contract.Assert((token != null), "PermissionToken.GetToken returned null "); Contract.Assert( (token.m_type & PermissionTokenType.DontKnow) == 0, "We should always know the permission type when getting a token from an instance" ); } } else { objectToInsert = ((ISecurityElementFactory)new SecurityDocumentElement(doc, childIndex)).CreateSecurityElement(); } } else { IPermission ip = CreatePerm( doc.GetElement( childIndex, true ) ); if (ip == null) { token = null; objectToInsert = null; } else { token = PermissionToken.GetToken( ip ); Contract.Assert( PermissionToken.IsTokenProperlyAssigned( ip, token ), "PermissionToken was improperly assigned" ); objectToInsert = ip; } } if (token != null && objectToInsert != null) { if (m_permSet == null) m_permSet = new TokenBasedSet(); IPermission permInSlot = null; if (this.m_permSet.GetItem( token.m_index ) != null) { // If there is already something in that slot, let's union them // together. if (this.m_permSet.GetItem( token.m_index ) is IPermission) permInSlot = (IPermission)this.m_permSet.GetItem( token.m_index ); else permInSlot = CreatePerm( this.m_permSet.GetItem( token.m_index ) ); } if (permInSlot != null) { if (objectToInsert is IPermission) objectToInsert = permInSlot.Union((IPermission)objectToInsert); else objectToInsert = permInSlot.Union(CreatePerm( objectToInsert )); } if(m_Unrestricted && objectToInsert is IPermission) objectToInsert = null; this.m_permSet.SetItem( token.m_index, objectToInsert ); } } catch (Exception e) { #if _DEBUG if (debug) DEBUG_WRITE( "error while decoding permission set =\n" + e.ToString() ); #endif if (savedException == null) savedException = e; } } } if (savedException != null) throw savedException; }
protected void SetData(TokenBasedSet set) { m_set = set; m_currentIndex = -1; }
// Reinitializes all state in PermissionSet - DO NOT null-out m_serializedPermissionSet internal void Reset() { m_Unrestricted = false; m_allPermissionsDecoded = true; m_permSet = null; m_ignoreTypeLoadFailures = false; m_CheckedForNonCas = false; m_ContainsCas = false; m_ContainsNonCas = false; m_permSetSaved = null; }
public TokenBasedSetEnumerator(TokenBasedSet tb) { this.Index = -1; this.Current = null; this._tb = tb; }
// Make this internal soon. internal void SetUnrestricted(bool unrestricted) { m_Unrestricted = unrestricted; if (unrestricted) { // if this is to be an unrestricted permset, null the m_permSet member m_permSet = null; } }
private void AppendTokenBasedSets( TokenBasedSet thisSet, TokenBasedSet permSet, int type, bool unrestricted ) { int thisMaxIndex = thisSet.GetMaxUsedIndex(); int permMaxIndex = permSet == null ? 0 : permSet.GetMaxUsedIndex(); int maxIndex = thisMaxIndex > permMaxIndex ? thisMaxIndex : permMaxIndex; // Loop over the relevant indexes... for (int i = 0; i <= maxIndex; i++) { PermissionList plist = (PermissionList)thisSet.GetItem(i); CodeAccessPermission cap = permSet == null ? null : (CodeAccessPermission)permSet.GetItem(i); if (plist == null) { if (this.m_unrestricted) { switch (type) { case PermissionList.MatchChecked: case PermissionList.MatchPermitOnly: plist = new PermissionList(); plist.AppendPermission(cap, type); thisSet.SetItem( i, plist ); break; case PermissionList.MatchDeny: case PermissionList.MatchAssert: if (cap != null) { plist = new PermissionList(); plist.AppendPermission(cap, type); thisSet.SetItem( i, plist ); } break; default: throw new ArgumentException(Environment.GetResourceString( "Argument_InvalidPermissionListType" )); } } } else { // A list already exists. All lists should have at least // one element in them. // Normally, only append if the permission is not null. // However, if the type is Checked, then make sure the // list is terminated with a permission, null or not. switch (type) { case PermissionList.MatchChecked: case PermissionList.MatchPermitOnly: plist.AppendPermissionAndCompress(cap, type); break; case PermissionList.MatchDeny: case PermissionList.MatchAssert: if (cap != null) plist.AppendPermissionAndCompress(cap, type); break; default: throw new ArgumentException(Environment.GetResourceString( "Argument_InvalidPermissionListType" )); } } } }
// Used to merge two distinct TokenBasedSets (used currently only in PermissionSet Deserialization) internal TokenBasedSet SpecialUnion(TokenBasedSet other) { // This gets called from PermissionSet.OnDeserialized and it's possible that the TokenBasedSets have // not been subjected to VTS callbacks yet OnDeserializedInternal(); TokenBasedSet unionSet = new TokenBasedSet(); int maxMax; if (other != null) { other.OnDeserializedInternal(); maxMax = this.GetMaxUsedIndex() > other.GetMaxUsedIndex() ? this.GetMaxUsedIndex() : other.GetMaxUsedIndex(); } else maxMax = this.GetMaxUsedIndex(); for (int i = 0; i <= maxMax; ++i) { Object thisObj = this.GetItem( i ); IPermission thisPerm = thisObj as IPermission; #if FEATURE_CAS_POLICY ISecurityElementFactory thisElem = thisObj as ISecurityElementFactory; #endif // FEATURE_CAS_POLICY Object otherObj = (other != null)?other.GetItem( i ):null; IPermission otherPerm = otherObj as IPermission; #if FEATURE_CAS_POLICY ISecurityElementFactory otherElem = otherObj as ISecurityElementFactory; #endif // FEATURE_CAS_POLICY if (thisObj == null && otherObj == null) continue; if (thisObj == null) { #if FEATURE_CAS_POLICY if (otherElem != null) { otherPerm = PermissionSet.CreatePerm(otherElem, false); } #endif // FEATURE_CAS_POLICY PermissionToken token = PermissionToken.GetToken(otherPerm); if (token == null) { throw new SerializationException(Environment.GetResourceString("Serialization_InsufficientState")); } unionSet.SetItem(token.m_index, otherPerm); } else if (otherObj == null) { #if FEATURE_CAS_POLICY if (thisElem != null) { thisPerm = PermissionSet.CreatePerm(thisElem, false); } #endif // FEATURE_CAS_POLICY PermissionToken token = PermissionToken.GetToken(thisPerm); if (token == null) { throw new SerializationException(Environment.GetResourceString("Serialization_InsufficientState")); } unionSet.SetItem( token.m_index, thisPerm); } else { Contract.Assert( (thisObj == null || otherObj == null), "Permission cannot be in both TokenBasedSets" ); } } return unionSet; }
private static void CheckTokenBasedSetHelper( bool ignoreGrants, TokenBasedSet grants, TokenBasedSet denied, TokenBasedSet demands ) { if (demands == null) return; TokenBasedSetEnumerator enumerator = (TokenBasedSetEnumerator)demands.GetEnum(); while (enumerator.MoveNext()) { CodeAccessPermission demand = (CodeAccessPermission)enumerator.Current; int index = enumerator.GetCurrentIndex(); if (demand != null) { try { // Check to make sure the permission was granted, unless we are supposed // to ignore grants. if (!ignoreGrants) { CodeAccessPermission grant = grants != null ? (CodeAccessPermission)grants.GetItem(index) : null; if (grant != null) { grant.CheckDemand(demand); } else { if (!demand.IsSubsetOf( null )) throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString()); } } // Check to make sure our permission was not denied. if (denied != null) { CodeAccessPermission deny = (CodeAccessPermission)denied.GetItem(index); if (deny != null && deny.Intersect(demand) != null) throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString()); } } catch (Exception e) { // Any exception besides a security exception in this code means that // a permission was unable to properly handle what we asked of it. // We will define this to mean that the demand failed. if (e is SecurityException) throw e; else throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString()); } } } }
public PermissionListSet(PermissionListSet permListSet) { if (permListSet == null) { Reset(); return; } m_unrestrictedPermSet = new TokenBasedSet(permListSet.m_unrestrictedPermSet); // Now deep copy all permission lists in set. // Note that this DOES deep copy permissions in the list. for (int i = 0; i <= m_unrestrictedPermSet.GetMaxUsedIndex(); i++) { PermissionList plist = (PermissionList)m_unrestrictedPermSet.GetItem(i); if (plist != null) { m_unrestrictedPermSet.SetItem(i, plist.Copy()); } } m_normalPermSet = new TokenBasedSet(permListSet.m_normalPermSet); // Now deep copy all permission lists in set. // Note that this DOES deep copy permissions in the list. for (int i = 0; i <= m_normalPermSet.GetMaxUsedIndex(); i++) { PermissionList plist = (PermissionList)m_normalPermSet.GetItem(i); if (plist != null) { m_normalPermSet.SetItem(i, plist.Copy()); } } m_unrestricted = permListSet.m_unrestricted; m_state = permListSet.m_state; }
internal void InplaceUnion( PermissionSet other ) { // Unions the "other" PermissionSet into this one. It can be optimized to do less copies than // need be done by the traditional union (and we don't have to create a new PermissionSet). if (this == other) return; // Quick out conditions, union doesn't change this PermissionSet if (other == null || other.FastIsEmpty()) return; m_CheckedForNonCas = false; this.m_Unrestricted = this.m_Unrestricted || other.m_Unrestricted; if (this.m_Unrestricted) { // if the result of Union is unrestricted permset, null the m_permSet member this.m_permSet = null; return; } // If we reach here, result of Union is not unrestricted // We have to union "normal" permission no matter what now. int maxMax = -1; if (other.m_permSet != null) { maxMax = other.m_permSet.GetMaxUsedIndex(); this.CheckSet(); } // Save exceptions until the end Exception savedException = null; for (int i = 0; i <= maxMax; ++i) { Object thisObj = this.m_permSet.GetItem( i ); IPermission thisPerm = thisObj as IPermission; #if FEATURE_CAS_POLICY ISecurityElementFactory thisElem = thisObj as ISecurityElementFactory; #endif // FEATURE_CAS_POLICY Object otherObj = other.m_permSet.GetItem( i ); IPermission otherPerm = otherObj as IPermission; #if FEATURE_CAS_POLICY ISecurityElementFactory otherElem = otherObj as ISecurityElementFactory; #endif // FEATURE_CAS_POLICY if (thisObj == null && otherObj == null) continue; #if FEATURE_CAS_POLICY if (thisElem != null && otherElem != null) { if (thisElem.GetTag().Equals( s_str_PermissionUnion ) || thisElem.GetTag().Equals( s_str_PermissionUnrestrictedUnion )) { Contract.Assert( thisElem is SecurityElement, "SecurityElement expected" ); SafeChildAdd( (SecurityElement)thisElem, otherElem, true ); } else { SecurityElement newElem; if (this.IsUnrestricted() || other.IsUnrestricted()) newElem = new SecurityElement( s_str_PermissionUnrestrictedUnion ); else newElem = new SecurityElement( s_str_PermissionUnion ); newElem.AddAttribute( "class", thisElem.Attribute( "class" ) ); SafeChildAdd( newElem, thisElem, false ); SafeChildAdd( newElem, otherElem, true ); this.m_permSet.SetItem( i, newElem ); } } else #endif // FEATURE_CAS_POLICY if (thisObj == null) { #if FEATURE_CAS_POLICY if (otherElem != null) { this.m_permSet.SetItem( i, otherElem.Copy() ); } else #endif // FEATURE_CAS_POLICY if (otherPerm != null) { PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i ); if (((token.m_type & PermissionTokenType.IUnrestricted) == 0) || !this.m_Unrestricted) { this.m_permSet.SetItem( i, otherPerm.Copy() ); } } } else if (otherObj == null) { continue; } else { #if FEATURE_CAS_POLICY if (thisElem != null) thisPerm = this.CreatePermission(thisElem, i); if (otherElem != null) otherPerm = other.CreatePermission(otherElem, i); #endif // FEATURE_CAS_POLICY try { IPermission unionPerm; if(thisPerm == null) unionPerm = otherPerm; else if(otherPerm == null) unionPerm = thisPerm; else unionPerm = thisPerm.Union( otherPerm ); this.m_permSet.SetItem( i, unionPerm ); } catch (Exception e) { if (savedException == null) savedException = e; } } } if (savedException != null) throw savedException; }
private static bool CheckTokenBasedSets( TokenBasedSet thisSet, TokenBasedSet permSet, bool unrestricted, PermissionListSetState state, out Exception exception, bool bNeedAlteredSet, out TokenBasedSet alteredSet ) { alteredSet = null; // If the set is empty, there is no reason to walk the // stack. if (permSet == null || permSet.IsEmpty()) { if (bNeedAlteredSet) alteredSet = new TokenBasedSet( 1, 4 ); exception = null; return false; } int permMaxIndex = permSet.GetMaxUsedIndex(); // Make a quick check to see if permSet definitely contains permissions that this set doesn't if (permMaxIndex > thisSet.GetMaxUsedIndex()) { // The only way we don't want to throw an exception is // if we are unrestricted. Then, if we don't want to throw // an exception we may want to terminate the stack walk // based on an unrestricted assert. if (unrestricted) { if (((state & PermissionListSetState.UnrestrictedAssert) != 0)) { if (bNeedAlteredSet) alteredSet = new TokenBasedSet( 1, 4 ); exception = null; return false; } else { exception = null; return true; } } else { exception = new SecurityException(Environment.GetResourceString("Security_GenericNoType") ); return false; } } bool continueStackWalk = false; // We know that checking to <permMaxIndex> is sufficient because of above check for (int i = 0; i <= permMaxIndex; i++) { Object obj = permSet.GetItem(i); if (obj != null) { CodeAccessPermission cap = (CodeAccessPermission)obj; PermissionList permList = (PermissionList)thisSet.GetItem(i); if (permList != null) { bool tempContinue = permList.CheckDemandInternal(cap, out exception); if (exception != null) return false; if (tempContinue) { // If we are supposed to continue the stack walk but there is an unrestricted // deny, then we should fail. if (((state & PermissionListSetState.UnrestrictedDeny) != 0) && (cap is IUnrestrictedPermission)) { exception = new SecurityException(String.Format( Environment.GetResourceString("Security_Generic"), cap.GetType().AssemblyQualifiedName ) ); return false; } continueStackWalk = true; } else if (((state & PermissionListSetState.UnrestrictedAssert) == 0) && (cap is IUnrestrictedPermission)) { // We only want to build the altered set if we don't have an // unrestricted assert because we know if we have an unrestricted // assert and we don't throw an exception that the stackwalk should // include no unrestricted permissions. if (bNeedAlteredSet) { if (alteredSet == null) alteredSet = CopyTokenBasedSet( permSet ); alteredSet.SetItem( i, null ); } } } else { if (!unrestricted) { exception = new SecurityException(String.Format( Environment.GetResourceString("Security_Generic"), cap.GetType().AssemblyQualifiedName ) ); return false; } } } } exception = null; return continueStackWalk; }
private void OnDeserialized(StreamingContext ctx) { if (m_serializedPermissionSet != null) { // Whidbey non X-AD case FromXml(SecurityElement.FromString(m_serializedPermissionSet)); } else if (m_normalPermSet != null) { // Everett non X-AD case m_permSet = m_normalPermSet.SpecialUnion(m_unrestrictedPermSet); } else if (m_unrestrictedPermSet != null) { // Everett non X-AD case m_permSet = m_unrestrictedPermSet.SpecialUnion(m_normalPermSet); } m_serializedPermissionSet = null; m_normalPermSet = null; m_unrestrictedPermSet = null; }
public static TokenBasedSet CopyTokenBasedSet( TokenBasedSet set ) { if (set == null || set.GetCount() == 0) return null; int maxIndex = set.GetMaxUsedIndex(); TokenBasedSet copySet = new TokenBasedSet( maxIndex + 1, 4 ); for (int i = 0; i <= maxIndex; ++i) { Object obj = set.GetItem( i ); if (obj == null) copySet.SetItem( i, null ); else if (obj is IPermission) copySet.SetItem( i, ((IPermission)obj).Copy() ); else if (obj is PermissionList) copySet.SetItem( i, ((PermissionList)obj).Copy() ); else { BCLDebug.Assert( false, "CopyTokenBasedSet can only be used for IPermission and PermissionList based TokenBasedSets" ); copySet.SetItem( i, obj ); } } return copySet; }
public virtual void InplaceIntersect(TokenBasedSet other) { GenericIntersect(this, other); }
private void AppendStackHelper( TokenBasedSet thisSet, TokenBasedSet permSet, bool unrestrictedThisSet, bool unrestrictedPermSet, bool unrestricted ) { int maxThis = thisSet.GetMaxUsedIndex(); int maxPerm = permSet.GetMaxUsedIndex(); int maxIndex = maxThis > maxPerm ? maxThis : maxPerm; for (int i = 0; i <= maxIndex; i++) { PermissionList plist = (PermissionList)thisSet.GetItem(i); PermissionList appendList = (PermissionList)permSet.GetItem(i); if (plist != null) { if (appendList != null) { // This call will not add the permission if the list is // empty, or if the last element is a normal check with // a null Permission. Let the method take care of it... plist.AppendStack(appendList.Copy()); } else { // Nothing on the compressed stack for this index, // so terminate current list. if (!unrestrictedPermSet) { thisSet.SetItem( i, plist.Copy() ); } } } else if (unrestrictedThisSet && appendList != null) { thisSet.SetItem(i, appendList.Copy()); } } }
// Used to merge two distinct TokenBasedSets (used currently only in PermissionSet Deserialization) internal TokenBasedSet SpecialUnion(TokenBasedSet other, ref bool canUnrestrictedOverride) { // This gets called from PermissionSet.OnDeserialized and it's possible that the TokenBasedSets have // not been subjected to VTS callbacks yet OnDeserializedInternal(); TokenBasedSet unionSet = new TokenBasedSet(); int maxMax; if (other != null) { other.OnDeserializedInternal(); maxMax = this.GetMaxUsedIndex() > other.GetMaxUsedIndex() ? this.GetMaxUsedIndex() : other.GetMaxUsedIndex(); } else { maxMax = this.GetMaxUsedIndex(); } for (int i = 0; i <= maxMax; ++i) { Object thisObj = this.GetItem(i); IPermission thisPerm = thisObj as IPermission; ISecurityElementFactory thisElem = thisObj as ISecurityElementFactory; Object otherObj = (other != null)?other.GetItem(i):null; IPermission otherPerm = otherObj as IPermission; ISecurityElementFactory otherElem = otherObj as ISecurityElementFactory; if (thisObj == null && otherObj == null) { continue; } if (thisObj == null) { if (otherElem != null) { otherPerm = PermissionSet.CreatePerm(otherElem, false); } PermissionToken token = PermissionToken.GetToken(otherPerm); if (token == null) { throw new SerializationException(Environment.GetResourceString("Serialization_InsufficientState")); } unionSet.SetItem(token.m_index, otherPerm); if (!CodeAccessPermission.CanUnrestrictedOverride(otherPerm)) { canUnrestrictedOverride = false; } } else if (otherObj == null) { if (thisElem != null) { thisPerm = PermissionSet.CreatePerm(thisElem, false); } PermissionToken token = PermissionToken.GetToken(thisPerm); if (token == null) { throw new SerializationException(Environment.GetResourceString("Serialization_InsufficientState")); } unionSet.SetItem(token.m_index, thisPerm); if (!CodeAccessPermission.CanUnrestrictedOverride(thisPerm)) { canUnrestrictedOverride = false; } } else { BCLDebug.Assert((thisObj == null || otherObj == null), "Permission cannot be in both TokenBasedSets"); } } return(unionSet); }