[System.Security.SecurityCritical] // auto-generated internal bool CheckDemand2(CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandleInternal rmh, bool fDeclarative) { PermissionSet permSet; // If the demand is null, there is no need to continue Contract.Assert(demand != null && !demand.CheckDemand(null), "Empty demands should have been filtered out by this point"); // decode imperative if (GetPermitOnly(fDeclarative) != null) GetPermitOnly(fDeclarative).CheckDecoded(demand, permToken); if (GetDenials(fDeclarative) != null) GetDenials(fDeclarative).CheckDecoded(demand, permToken); if (GetAssertions(fDeclarative) != null) GetAssertions(fDeclarative).CheckDecoded(demand, permToken); // NOTE: See notes about exceptions and exception handling in FrameDescSetHelper bool bThreadSecurity = SecurityManager._SetThreadSecurity(false); // Check Reduction try { permSet = GetPermitOnly(fDeclarative); if (permSet != null) { CodeAccessPermission perm = (CodeAccessPermission)permSet.GetPermission(demand); // If the permit only set does not contain the demanded permission, throw a security exception if (perm == null) { if (!permSet.IsUnrestricted()) throw new SecurityException(String.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), null, permSet, SecurityRuntime.GetMethodInfo(rmh), demand, demand); } else { bool bNeedToThrow = true; try { bNeedToThrow = !demand.CheckPermitOnly(perm); } catch (ArgumentException) { } if (bNeedToThrow) throw new SecurityException(String.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), null, permSet, SecurityRuntime.GetMethodInfo(rmh), demand, demand); } } // Check Denials permSet = GetDenials(fDeclarative); if (permSet != null) { CodeAccessPermission perm = (CodeAccessPermission)permSet.GetPermission(demand); // If an unrestricted set was denied and the demand implements IUnrestricted if (permSet.IsUnrestricted()) throw new SecurityException(String.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), permSet, null, SecurityRuntime.GetMethodInfo(rmh), demand, demand); // If the deny set does contain the demanded permission, throw a security exception bool bNeedToThrow = true; try { bNeedToThrow = !demand.CheckDeny(perm); } catch (ArgumentException) { } if (bNeedToThrow) throw new SecurityException(String.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), permSet, null, SecurityRuntime.GetMethodInfo(rmh), demand, demand); } if (GetAssertAllPossible()) { return SecurityRuntime.StackHalt; } permSet = GetAssertions(fDeclarative); // Check Assertions if (permSet != null) { CodeAccessPermission perm = (CodeAccessPermission)permSet.GetPermission(demand); // If the assert set does contain the demanded permission, halt the stackwalk try { if (permSet.IsUnrestricted() || demand.CheckAssert(perm)) { return SecurityRuntime.StackHalt; } } catch (ArgumentException) { } } } finally { if (bThreadSecurity) SecurityManager._SetThreadSecurity(true); } return SecurityRuntime.StackContinue; }
[System.Security.SecurityCritical] // auto-generated internal bool CheckDemand2(CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandleInternal rmh, bool fDeclarative) { PermissionSet permSet; // If the demand is null, there is no need to continue Contract.Assert(demand != null && !demand.CheckDemand(null), "Empty demands should have been filtered out by this point"); // decode imperative if (GetPermitOnly(fDeclarative) != null) { GetPermitOnly(fDeclarative).CheckDecoded(demand, permToken); } if (GetDenials(fDeclarative) != null) { GetDenials(fDeclarative).CheckDecoded(demand, permToken); } if (GetAssertions(fDeclarative) != null) { GetAssertions(fDeclarative).CheckDecoded(demand, permToken); } // NOTE: See notes about exceptions and exception handling in FrameDescSetHelper bool bThreadSecurity = SecurityManager._SetThreadSecurity(false); // Check Reduction try { permSet = GetPermitOnly(fDeclarative); if (permSet != null) { CodeAccessPermission perm = (CodeAccessPermission)permSet.GetPermission(demand); // If the permit only set does not contain the demanded permission, throw a security exception if (perm == null) { if (!permSet.IsUnrestricted()) { throw new SecurityException(String.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), null, permSet, SecurityRuntime.GetMethodInfo(rmh), demand, demand); } } else { bool bNeedToThrow = true; try { bNeedToThrow = !demand.CheckPermitOnly(perm); } catch (ArgumentException) { } if (bNeedToThrow) { throw new SecurityException(String.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), null, permSet, SecurityRuntime.GetMethodInfo(rmh), demand, demand); } } } // Check Denials permSet = GetDenials(fDeclarative); if (permSet != null) { CodeAccessPermission perm = (CodeAccessPermission)permSet.GetPermission(demand); // If an unrestricted set was denied and the demand implements IUnrestricted if (permSet.IsUnrestricted()) { throw new SecurityException(String.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), permSet, null, SecurityRuntime.GetMethodInfo(rmh), demand, demand); } // If the deny set does contain the demanded permission, throw a security exception bool bNeedToThrow = true; try { bNeedToThrow = !demand.CheckDeny(perm); } catch (ArgumentException) { } if (bNeedToThrow) { throw new SecurityException(String.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), permSet, null, SecurityRuntime.GetMethodInfo(rmh), demand, demand); } } if (GetAssertAllPossible()) { return(SecurityRuntime.StackHalt); } permSet = GetAssertions(fDeclarative); // Check Assertions if (permSet != null) { CodeAccessPermission perm = (CodeAccessPermission)permSet.GetPermission(demand); // If the assert set does contain the demanded permission, halt the stackwalk try { if (permSet.IsUnrestricted() || demand.CheckAssert(perm)) { return(SecurityRuntime.StackHalt); } } catch (ArgumentException) { } } } finally { if (bThreadSecurity) { SecurityManager._SetThreadSecurity(true); } } return(SecurityRuntime.StackContinue); }
internal static bool CheckHelper(PermissionSet grantedSet, PermissionSet refusedSet, CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandleInternal rmh, object assemblyOrString, SecurityAction action, bool throwException) { if (permToken == null) { permToken = PermissionToken.GetToken(demand); } if (grantedSet != null) { grantedSet.CheckDecoded(permToken.m_index); } if (refusedSet != null) { refusedSet.CheckDecoded(permToken.m_index); } bool flag = SecurityManager._SetThreadSecurity(false); try { if (grantedSet == null) { if (!throwException) { return(false); } CodeAccessSecurityEngine.ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand); } else if (!grantedSet.IsUnrestricted()) { CodeAccessPermission grant = (CodeAccessPermission)grantedSet.GetPermission(permToken); if (!demand.CheckDemand(grant)) { if (!throwException) { return(false); } CodeAccessSecurityEngine.ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand); } } if (refusedSet != null) { CodeAccessPermission codeAccessPermission = (CodeAccessPermission)refusedSet.GetPermission(permToken); if (codeAccessPermission != null && !codeAccessPermission.CheckDeny(demand)) { if (!throwException) { return(false); } CodeAccessSecurityEngine.ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand); } if (refusedSet.IsUnrestricted()) { if (!throwException) { return(false); } CodeAccessSecurityEngine.ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand); } } } catch (SecurityException) { throw; } catch (Exception) { if (!throwException) { return(false); } CodeAccessSecurityEngine.ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand); } finally { if (flag) { SecurityManager._SetThreadSecurity(true); } } return(true); }
[System.Security.SecurityCritical] // auto-generated #pragma warning disable 618 internal static bool CheckHelper(PermissionSet grantedSet, #pragma warning restore 618 PermissionSet refusedSet, CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandleInternal rmh, Object assemblyOrString, SecurityAction action, bool throwException) { // We should never get here with a null demand Contract.Assert(demand != null, "Should not reach here with a null demand"); #if _DEBUG && FEATURE_CAS_POLICY if (debug) { DEBUG_OUT("Granted: "); DEBUG_OUT(grantedSet.ToXml().ToString()); DEBUG_OUT("Refused: "); DEBUG_OUT(refusedSet != null ? refusedSet.ToXml().ToString() : "<null>"); DEBUG_OUT("Demanded: "); DEBUG_OUT(demand.ToString()); } #endif // _DEBUG && FEATURE_CAS_POLICY if (permToken == null) { permToken = PermissionToken.GetToken(demand); } if (grantedSet != null) { grantedSet.CheckDecoded(permToken.m_index); } if (refusedSet != null) { refusedSet.CheckDecoded(permToken.m_index); } // If PermissionSet is null, then module does not have Permissions... Fail check. bool bThreadSecurity = SecurityManager._SetThreadSecurity(false); try { if (grantedSet == null) { if (throwException) { ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand); } else { return(false); } } else if (!grantedSet.IsUnrestricted()) { // If we aren't unrestricted, there is a refused set, or our permission is not of the unrestricted // variety, we need to do the proper callback. Contract.Assert(demand != null, "demand != null"); // Find the permission of matching type in the permission set. CodeAccessPermission grantedPerm = (CodeAccessPermission)grantedSet.GetPermission(permToken); // Make sure the demand has been granted if (!demand.CheckDemand(grantedPerm)) { if (throwException) { ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand); } else { return(false); } } } // Make the sure the permission is not refused. if (refusedSet != null) { CodeAccessPermission refusedPerm = (CodeAccessPermission)refusedSet.GetPermission(permToken); if (refusedPerm != null) { if (!refusedPerm.CheckDeny(demand)) { #if _DEBUG if (debug) { DEBUG_OUT("Permission found in refused set"); } #endif if (throwException) { ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand); } else { return(false); } } } if (refusedSet.IsUnrestricted()) { if (throwException) { ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand); } else { return(false); } } } } catch (SecurityException) { throw; } catch (Exception) { // Any exception besides a security exception in this code means that // a permission was unable to properly handle what we asked of it. // We will define this to mean that the demand failed. if (throwException) { ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand); } else { return(false); } } finally { if (bThreadSecurity) { SecurityManager._SetThreadSecurity(true); } } DEBUG_OUT("Check passed"); return(true); }
internal bool CheckDemand2(CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandleInternal rmh, bool fDeclarative) { if (this.GetPermitOnly(fDeclarative) != null) { this.GetPermitOnly(fDeclarative).CheckDecoded(demand, permToken); } if (this.GetDenials(fDeclarative) != null) { this.GetDenials(fDeclarative).CheckDecoded(demand, permToken); } if (this.GetAssertions(fDeclarative) != null) { this.GetAssertions(fDeclarative).CheckDecoded(demand, permToken); } bool flag = SecurityManager._SetThreadSecurity(false); try { PermissionSet permitOnly = this.GetPermitOnly(fDeclarative); if (permitOnly != null) { CodeAccessPermission permitted = (CodeAccessPermission)permitOnly.GetPermission(demand); if (permitted == null) { if (!permitOnly.IsUnrestricted()) { throw new SecurityException(string.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), new object[] { demand.GetType().AssemblyQualifiedName }), null, permitOnly, SecurityRuntime.GetMethodInfo(rmh), demand, demand); } } else { bool flag2 = true; try { flag2 = !demand.CheckPermitOnly(permitted); } catch (ArgumentException) { } if (flag2) { throw new SecurityException(string.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), new object[] { demand.GetType().AssemblyQualifiedName }), null, permitOnly, SecurityRuntime.GetMethodInfo(rmh), demand, demand); } } } permitOnly = this.GetDenials(fDeclarative); if (permitOnly != null) { CodeAccessPermission permission = (CodeAccessPermission)permitOnly.GetPermission(demand); if (permitOnly.IsUnrestricted()) { throw new SecurityException(string.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), new object[] { demand.GetType().AssemblyQualifiedName }), permitOnly, null, SecurityRuntime.GetMethodInfo(rmh), demand, demand); } bool flag3 = true; try { flag3 = !demand.CheckDeny(permission); } catch (ArgumentException) { } if (flag3) { throw new SecurityException(string.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), new object[] { demand.GetType().AssemblyQualifiedName }), permitOnly, null, SecurityRuntime.GetMethodInfo(rmh), demand, demand); } } if (this.GetAssertAllPossible()) { return(false); } permitOnly = this.GetAssertions(fDeclarative); if (permitOnly != null) { CodeAccessPermission asserted = (CodeAccessPermission)permitOnly.GetPermission(demand); try { if (permitOnly.IsUnrestricted() || demand.CheckAssert(asserted)) { return(false); } } catch (ArgumentException) { } } } finally { if (flag) { SecurityManager._SetThreadSecurity(true); } } return(true); }
internal bool CheckDemand2(CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandleInternal rmh, bool fDeclarative) { if (this.GetPermitOnly(fDeclarative) != null) { this.GetPermitOnly(fDeclarative).CheckDecoded(demand, permToken); } if (this.GetDenials(fDeclarative) != null) { this.GetDenials(fDeclarative).CheckDecoded(demand, permToken); } if (this.GetAssertions(fDeclarative) != null) { this.GetAssertions(fDeclarative).CheckDecoded(demand, permToken); } bool flag = SecurityManager._SetThreadSecurity(false); try { PermissionSet permitOnly = this.GetPermitOnly(fDeclarative); if (permitOnly != null) { CodeAccessPermission permitted = (CodeAccessPermission) permitOnly.GetPermission(demand); if (permitted == null) { if (!permitOnly.IsUnrestricted()) { throw new SecurityException(string.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), new object[] { demand.GetType().AssemblyQualifiedName }), null, permitOnly, SecurityRuntime.GetMethodInfo(rmh), demand, demand); } } else { bool flag2 = true; try { flag2 = !demand.CheckPermitOnly(permitted); } catch (ArgumentException) { } if (flag2) { throw new SecurityException(string.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), new object[] { demand.GetType().AssemblyQualifiedName }), null, permitOnly, SecurityRuntime.GetMethodInfo(rmh), demand, demand); } } } permitOnly = this.GetDenials(fDeclarative); if (permitOnly != null) { CodeAccessPermission permission = (CodeAccessPermission) permitOnly.GetPermission(demand); if (permitOnly.IsUnrestricted()) { throw new SecurityException(string.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), new object[] { demand.GetType().AssemblyQualifiedName }), permitOnly, null, SecurityRuntime.GetMethodInfo(rmh), demand, demand); } bool flag3 = true; try { flag3 = !demand.CheckDeny(permission); } catch (ArgumentException) { } if (flag3) { throw new SecurityException(string.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), new object[] { demand.GetType().AssemblyQualifiedName }), permitOnly, null, SecurityRuntime.GetMethodInfo(rmh), demand, demand); } } if (this.GetAssertAllPossible()) { return false; } permitOnly = this.GetAssertions(fDeclarative); if (permitOnly != null) { CodeAccessPermission asserted = (CodeAccessPermission) permitOnly.GetPermission(demand); try { if (permitOnly.IsUnrestricted() || demand.CheckAssert(asserted)) { return false; } } catch (ArgumentException) { } } } finally { if (flag) { SecurityManager._SetThreadSecurity(true); } } return true; }
internal bool CheckDemand2(CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandleInternal rmh, bool fDeclarative) { if (this.GetPermitOnly(fDeclarative) != null) { this.GetPermitOnly(fDeclarative).CheckDecoded(demand, permToken); } if (this.GetDenials(fDeclarative) != null) { this.GetDenials(fDeclarative).CheckDecoded(demand, permToken); } if (this.GetAssertions(fDeclarative) != null) { this.GetAssertions(fDeclarative).CheckDecoded(demand, permToken); } bool flag1 = SecurityManager._SetThreadSecurity(false); try { PermissionSet permitOnly = this.GetPermitOnly(fDeclarative); if (permitOnly != null) { CodeAccessPermission permitted = (CodeAccessPermission)permitOnly.GetPermission((IPermission)demand); if (permitted == null) { if (!permitOnly.IsUnrestricted()) { throw new SecurityException(string.Format((IFormatProvider)CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), (object)demand.GetType().AssemblyQualifiedName), (object)null, (object)permitOnly, SecurityRuntime.GetMethodInfo(rmh), (object)demand, (IPermission)demand); } } else { bool flag2 = true; try { flag2 = !demand.CheckPermitOnly(permitted); } catch (ArgumentException ex) { } if (flag2) { throw new SecurityException(string.Format((IFormatProvider)CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), (object)demand.GetType().AssemblyQualifiedName), (object)null, (object)permitOnly, SecurityRuntime.GetMethodInfo(rmh), (object)demand, (IPermission)demand); } } } PermissionSet denials = this.GetDenials(fDeclarative); if (denials != null) { CodeAccessPermission denied = (CodeAccessPermission)denials.GetPermission((IPermission)demand); if (denials.IsUnrestricted()) { throw new SecurityException(string.Format((IFormatProvider)CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), (object)demand.GetType().AssemblyQualifiedName), (object)denials, (object)null, SecurityRuntime.GetMethodInfo(rmh), (object)demand, (IPermission)demand); } bool flag2 = true; try { flag2 = !demand.CheckDeny(denied); } catch (ArgumentException ex) { } if (flag2) { throw new SecurityException(string.Format((IFormatProvider)CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), (object)demand.GetType().AssemblyQualifiedName), (object)denials, (object)null, SecurityRuntime.GetMethodInfo(rmh), (object)demand, (IPermission)demand); } } if (this.GetAssertAllPossible()) { return(false); } PermissionSet assertions = this.GetAssertions(fDeclarative); if (assertions != null) { CodeAccessPermission asserted = (CodeAccessPermission)assertions.GetPermission((IPermission)demand); try { if (!assertions.IsUnrestricted()) { if (!demand.CheckAssert(asserted)) { goto label_35; } } return(false); } catch (ArgumentException ex) { } } } finally { if (flag1) { SecurityManager._SetThreadSecurity(true); } } label_35: return(true); }