[System.Security.SecurityCritical] // auto-generated #pragma warning disable 618 internal static bool CheckHelper(PermissionSet grantedSet, #pragma warning restore 618 PermissionSet refusedSet, CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandleInternal rmh, Object assemblyOrString, SecurityAction action, bool throwException) { // We should never get here with a null demand Contract.Assert(demand != null, "Should not reach here with a null demand"); #if _DEBUG && FEATURE_CAS_POLICY if (debug) { DEBUG_OUT("Granted: "); DEBUG_OUT(grantedSet.ToXml().ToString()); DEBUG_OUT("Refused: "); DEBUG_OUT(refusedSet != null ? refusedSet.ToXml().ToString() : "<null>"); DEBUG_OUT("Demanded: "); DEBUG_OUT(demand.ToString()); } #endif // _DEBUG && FEATURE_CAS_POLICY if (permToken == null) permToken = PermissionToken.GetToken(demand); if (grantedSet != null) grantedSet.CheckDecoded(permToken.m_index); if (refusedSet != null) refusedSet.CheckDecoded(permToken.m_index); // If PermissionSet is null, then module does not have Permissions... Fail check. bool bThreadSecurity = SecurityManager._SetThreadSecurity(false); try { if (grantedSet == null) { if (throwException) ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand); else return false; } else if (!grantedSet.IsUnrestricted()) { // If we aren't unrestricted, there is a refused set, or our permission is not of the unrestricted // variety, we need to do the proper callback. Contract.Assert(demand != null,"demand != null"); // Find the permission of matching type in the permission set. CodeAccessPermission grantedPerm = (CodeAccessPermission)grantedSet.GetPermission(permToken); // Make sure the demand has been granted if (!demand.CheckDemand( grantedPerm )) { if (throwException) ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand); else return false; } } // Make the sure the permission is not refused. if (refusedSet != null) { CodeAccessPermission refusedPerm = (CodeAccessPermission)refusedSet.GetPermission(permToken); if (refusedPerm != null) { if (!refusedPerm.CheckDeny(demand)) { #if _DEBUG if (debug) DEBUG_OUT( "Permission found in refused set" ); #endif if (throwException) ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand); else return false; } } if (refusedSet.IsUnrestricted()) { if (throwException) ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand); else return false; } } } catch (SecurityException) { throw; } catch (Exception) { // Any exception besides a security exception in this code means that // a permission was unable to properly handle what we asked of it. // We will define this to mean that the demand failed. if (throwException) ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand); else return false; } finally { if (bThreadSecurity) SecurityManager._SetThreadSecurity(true); } DEBUG_OUT( "Check passed" ); return true; }
[System.Security.SecurityCritical] // auto-generated internal bool CheckDemand2(CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandleInternal rmh, bool fDeclarative) { PermissionSet permSet; // If the demand is null, there is no need to continue Contract.Assert(demand != null && !demand.CheckDemand(null), "Empty demands should have been filtered out by this point"); // decode imperative if (GetPermitOnly(fDeclarative) != null) GetPermitOnly(fDeclarative).CheckDecoded(demand, permToken); if (GetDenials(fDeclarative) != null) GetDenials(fDeclarative).CheckDecoded(demand, permToken); if (GetAssertions(fDeclarative) != null) GetAssertions(fDeclarative).CheckDecoded(demand, permToken); // NOTE: See notes about exceptions and exception handling in FrameDescSetHelper bool bThreadSecurity = SecurityManager._SetThreadSecurity(false); // Check Reduction try { permSet = GetPermitOnly(fDeclarative); if (permSet != null) { CodeAccessPermission perm = (CodeAccessPermission)permSet.GetPermission(demand); // If the permit only set does not contain the demanded permission, throw a security exception if (perm == null) { if (!permSet.IsUnrestricted()) throw new SecurityException(String.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), null, permSet, SecurityRuntime.GetMethodInfo(rmh), demand, demand); } else { bool bNeedToThrow = true; try { bNeedToThrow = !demand.CheckPermitOnly(perm); } catch (ArgumentException) { } if (bNeedToThrow) throw new SecurityException(String.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), null, permSet, SecurityRuntime.GetMethodInfo(rmh), demand, demand); } } // Check Denials permSet = GetDenials(fDeclarative); if (permSet != null) { CodeAccessPermission perm = (CodeAccessPermission)permSet.GetPermission(demand); // If an unrestricted set was denied and the demand implements IUnrestricted if (permSet.IsUnrestricted()) throw new SecurityException(String.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), permSet, null, SecurityRuntime.GetMethodInfo(rmh), demand, demand); // If the deny set does contain the demanded permission, throw a security exception bool bNeedToThrow = true; try { bNeedToThrow = !demand.CheckDeny(perm); } catch (ArgumentException) { } if (bNeedToThrow) throw new SecurityException(String.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), permSet, null, SecurityRuntime.GetMethodInfo(rmh), demand, demand); } if (GetAssertAllPossible()) { return SecurityRuntime.StackHalt; } permSet = GetAssertions(fDeclarative); // Check Assertions if (permSet != null) { CodeAccessPermission perm = (CodeAccessPermission)permSet.GetPermission(demand); // If the assert set does contain the demanded permission, halt the stackwalk try { if (permSet.IsUnrestricted() || demand.CheckAssert(perm)) { return SecurityRuntime.StackHalt; } } catch (ArgumentException) { } } } finally { if (bThreadSecurity) SecurityManager._SetThreadSecurity(true); } return SecurityRuntime.StackContinue; }
internal bool CheckDemand2(CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandleInternal rmh, bool fDeclarative) { PermissionSet permSet; // If the demand is null, there is no need to continue Debug.Assert(demand != null && !demand.CheckDemand(null), "Empty demands should have been filtered out by this point"); // decode imperative if (GetPermitOnly(fDeclarative) != null) { GetPermitOnly(fDeclarative).CheckDecoded(demand, permToken); } if (GetDenials(fDeclarative) != null) { GetDenials(fDeclarative).CheckDecoded(demand, permToken); } if (GetAssertions(fDeclarative) != null) { GetAssertions(fDeclarative).CheckDecoded(demand, permToken); } // NOTE: See notes about exceptions and exception handling in FrameDescSetHelper bool bThreadSecurity = SecurityManager._SetThreadSecurity(false); // Check Reduction try { permSet = GetPermitOnly(fDeclarative); if (permSet != null) { CodeAccessPermission perm = (CodeAccessPermission)permSet.GetPermission(demand); // If the permit only set does not contain the demanded permission, throw a security exception if (perm == null) { if (!permSet.IsUnrestricted()) { throw new SecurityException(String.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), null, permSet, SecurityRuntime.GetMethodInfo(rmh), demand, demand); } } else { bool bNeedToThrow = true; try { bNeedToThrow = !demand.CheckPermitOnly(perm); } catch (ArgumentException) { } if (bNeedToThrow) { throw new SecurityException(String.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), null, permSet, SecurityRuntime.GetMethodInfo(rmh), demand, demand); } } } // Check Denials permSet = GetDenials(fDeclarative); if (permSet != null) { CodeAccessPermission perm = (CodeAccessPermission)permSet.GetPermission(demand); // If an unrestricted set was denied and the demand implements IUnrestricted if (permSet.IsUnrestricted()) { throw new SecurityException(String.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), permSet, null, SecurityRuntime.GetMethodInfo(rmh), demand, demand); } // If the deny set does contain the demanded permission, throw a security exception bool bNeedToThrow = true; try { bNeedToThrow = !demand.CheckDeny(perm); } catch (ArgumentException) { } if (bNeedToThrow) { throw new SecurityException(String.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), permSet, null, SecurityRuntime.GetMethodInfo(rmh), demand, demand); } } if (GetAssertAllPossible()) { return(SecurityRuntime.StackHalt); } permSet = GetAssertions(fDeclarative); // Check Assertions if (permSet != null) { CodeAccessPermission perm = (CodeAccessPermission)permSet.GetPermission(demand); // If the assert set does contain the demanded permission, halt the stackwalk try { if (permSet.IsUnrestricted() || demand.CheckAssert(perm)) { return(SecurityRuntime.StackHalt); } } catch (ArgumentException) { } } } finally { if (bThreadSecurity) { SecurityManager._SetThreadSecurity(true); } } return(SecurityRuntime.StackContinue); }
internal static bool CheckHelper(PermissionSet grantedSet, PermissionSet refusedSet, CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandleInternal rmh, object assemblyOrString, SecurityAction action, bool throwException) { if (permToken == null) { permToken = PermissionToken.GetToken(demand); } if (grantedSet != null) { grantedSet.CheckDecoded(permToken.m_index); } if (refusedSet != null) { refusedSet.CheckDecoded(permToken.m_index); } bool flag = SecurityManager._SetThreadSecurity(false); try { if (grantedSet == null) { if (!throwException) { return false; } ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand); } else if (!grantedSet.IsUnrestricted()) { CodeAccessPermission grant = (CodeAccessPermission) grantedSet.GetPermission(permToken); if (!demand.CheckDemand(grant)) { if (throwException) { ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand); } else { return false; } } } if (refusedSet != null) { CodeAccessPermission permission = (CodeAccessPermission) refusedSet.GetPermission(permToken); if ((permission != null) && !permission.CheckDeny(demand)) { if (!throwException) { return false; } ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand); } if (refusedSet.IsUnrestricted()) { if (throwException) { ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand); } else { return false; } } } } catch (SecurityException) { throw; } catch (Exception) { if (throwException) { ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand); } else { return false; } } finally { if (flag) { SecurityManager._SetThreadSecurity(true); } } return true; }
[System.Security.SecurityCritical] // auto-generated #pragma warning disable 618 internal static bool CheckHelper(PermissionSet grantedSet, PermissionSet refusedSet, CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandleInternal rmh, Object assemblyOrString, SecurityAction action, bool throwException) #pragma warning restore 618 { // We should never get here with a null demand Contract.Assert(demand != null, "Should not reach here with a null demand"); if (permToken == null) { permToken = PermissionToken.GetToken(demand); } if (grantedSet != null) { grantedSet.CheckDecoded(permToken.m_index); } if (refusedSet != null) { refusedSet.CheckDecoded(permToken.m_index); } // If PermissionSet is null, then module does not have Permissions... Fail check. bool bThreadSecurity = SecurityManager._SetThreadSecurity(false); try { if (grantedSet == null) { if (throwException) { ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand); } else { return(false); } } else if (!grantedSet.IsUnrestricted()) { // If we aren't unrestricted, there is a refused set, or our permission is not of the unrestricted // variety, we need to do the proper callback. Contract.Assert(demand != null, "demand != null"); // Find the permission of matching type in the permission set. CodeAccessPermission grantedPerm = (CodeAccessPermission)grantedSet.GetPermission(permToken); // Make sure the demand has been granted if (!demand.CheckDemand(grantedPerm)) { if (throwException) { ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand); } else { return(false); } } } // Make the sure the permission is not refused. if (refusedSet != null) { CodeAccessPermission refusedPerm = (CodeAccessPermission)refusedSet.GetPermission(permToken); if (refusedPerm != null) { if (!refusedPerm.CheckDeny(demand)) { #if _DEBUG if (debug) { DEBUG_OUT("Permission found in refused set"); } #endif if (throwException) { ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand); } else { return(false); } } } if (refusedSet.IsUnrestricted()) { if (throwException) { ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand); } else { return(false); } } } } catch (SecurityException) { throw; } catch (Exception) { // Any exception besides a security exception in this code means that // a permission was unable to properly handle what we asked of it. // We will define this to mean that the demand failed. if (throwException) { ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand); } else { return(false); } } finally { if (bThreadSecurity) { SecurityManager._SetThreadSecurity(true); } } DEBUG_OUT("Check passed"); return(true); }