internal static bool CanUnrestrictedOverride(IPermission ip) { if (CodeAccessSecurityEngine.DoesFullTrustMeanFullTrust()) { return(true); } if (ip is IUnrestrictedPermission) { return(true); } return(false); }
//-----------------------------------------------------------+ // R E V E R T //-----------------------------------------------------------+ internal void RevertAssert() { if (m_assertions != null) { m_assertions = null; DecrementAssertCount(); } if (m_DeclarativeAssertions != null) { m_AssertFT = (CodeAccessSecurityEngine.DoesFullTrustMeanFullTrust() && m_DeclarativeAssertions.IsUnrestricted());; } else { m_AssertFT = false; } }
internal PermissionSet CodeGroupResolve(Evidence evidence, bool systemPolicy) { PermissionSet grant = null; PolicyStatement policy; PolicyLevel currentLevel = null; IEnumerator levelEnumerator = PolicyLevels.GetEnumerator(); char[] serializedEvidence = MakeEvidenceArray(evidence, false); int count = evidence.Count; bool legacyIgnoreSystemPolicy = (AppDomain.CurrentDomain.GetData("IgnoreSystemPolicy") != null); bool testApplicationLevels = false; while (levelEnumerator.MoveNext()) { currentLevel = (PolicyLevel)levelEnumerator.Current; if (systemPolicy) { if (currentLevel.Type == PolicyLevelType.AppDomain) { continue; } } else if (legacyIgnoreSystemPolicy && currentLevel.Type != PolicyLevelType.AppDomain) { continue; } policy = currentLevel.Resolve(evidence, count, serializedEvidence); // If the grant is "AllPossible", the intersection is just the other permission set. // Otherwise, do an inplace intersection (since we know we can alter the grant set since // it is a copy of the first policy statement's permission set). if (grant == null) { grant = policy.PermissionSet; } else { grant.InplaceIntersect(policy.GetPermissionSetNoCopy()); } if (grant == null || grant.FastIsEmpty()) { break; } else if ((policy.Attributes & PolicyStatementAttribute.LevelFinal) == PolicyStatementAttribute.LevelFinal) { if (currentLevel.Type != PolicyLevelType.AppDomain) { testApplicationLevels = true; } break; } } if (grant != null && testApplicationLevels) { PolicyLevel appDomainLevel = null; for (int i = PolicyLevels.Count - 1; i >= 0; --i) { currentLevel = (PolicyLevel)PolicyLevels[i]; if (currentLevel.Type == PolicyLevelType.AppDomain) { appDomainLevel = currentLevel; break; } } if (appDomainLevel != null) { policy = appDomainLevel.Resolve(evidence, count, serializedEvidence); grant.InplaceIntersect(policy.GetPermissionSetNoCopy()); } } if (grant == null) { grant = new PermissionSet(PermissionState.None); } // Each piece of evidence can possibly create an identity permission that we // need to add to our grant set. Therefore, for all pieces of evidence that // implement the IIdentityPermissionFactory interface, ask it for its // adjoining identity permission and add it to the grant. if (!CodeAccessSecurityEngine.DoesFullTrustMeanFullTrust() || !grant.IsUnrestricted()) { IEnumerator enumerator = evidence.GetHostEnumerator(); while (enumerator.MoveNext()) { Object obj = enumerator.Current; IIdentityPermissionFactory factory = obj as IIdentityPermissionFactory; if (factory != null) { IPermission perm = factory.CreateIdentityPermission(evidence); if (perm != null) { grant.AddPermission(perm); } } } } grant.IgnoreTypeLoadFailures = true; return(grant); }
internal PermissionToken BuiltInGetToken(int index, IPermission perm, Type cls) { PermissionToken token = m_builtIn[index]; if (token == null) { lock (this) { token = m_builtIn[index]; if (token == null) { PermissionTokenType permType = PermissionTokenType.DontKnow; if (perm != null) { if (CodeAccessSecurityEngine.DoesFullTrustMeanFullTrust() || perm is IUnrestrictedPermission) { permType = PermissionTokenType.IUnrestricted; } else { permType = PermissionTokenType.Normal; } } else if (cls != null) { if (CodeAccessSecurityEngine.DoesFullTrustMeanFullTrust() || cls.GetInterface("System.Security.Permissions.IUnrestrictedPermission") != null) { permType = PermissionTokenType.IUnrestricted; } else { permType = PermissionTokenType.Normal; } } token = new PermissionToken(index, permType | PermissionTokenType.BuiltIn, null); m_builtIn[index] = token; PermissionToken.s_tokenSet.SetItem(token.m_index, token); } } } if ((token.m_type & PermissionTokenType.DontKnow) != 0) { token.m_type = PermissionTokenType.BuiltIn; if (perm != null) { if (CodeAccessSecurityEngine.DoesFullTrustMeanFullTrust() || perm is IUnrestrictedPermission) { token.m_type |= PermissionTokenType.IUnrestricted; } else { token.m_type |= PermissionTokenType.Normal; } } else if (cls != null) { if (CodeAccessSecurityEngine.DoesFullTrustMeanFullTrust() || cls.GetInterface("System.Security.Permissions.IUnrestrictedPermission") != null) { token.m_type |= PermissionTokenType.IUnrestricted; } else { token.m_type |= PermissionTokenType.Normal; } } else { token.m_type |= PermissionTokenType.DontKnow; } } return(token); }
internal void SetAssert(PermissionSet permSet) { m_assertions = permSet.Copy(); m_AssertFT = m_AssertFT || (CodeAccessSecurityEngine.DoesFullTrustMeanFullTrust() && m_assertions.IsUnrestricted()); IncrementAssertCount(); }