|
private GetAssertions ( bool fDeclarative ) : |
||
| fDeclarative | bool | |
| return | ||
private bool Update2(PermissionSetTriple currentTriple, FrameSecurityDescriptor fsd, bool fDeclarative)
{
PermissionSet denials = fsd.GetDenials(fDeclarative);
if (denials != null)
{
currentTriple.UpdateRefused(denials);
}
PermissionSet permitOnly = fsd.GetPermitOnly(fDeclarative);
if (permitOnly != null)
{
currentTriple.UpdateGrant(permitOnly);
}
if (fsd.GetAssertAllPossible())
{
if (currentTriple.GrantSet == null)
{
currentTriple.GrantSet = PermissionSet.s_fullTrust;
}
this.UpdateTripleListAndCreateNewTriple(currentTriple, this.m_permSetTriples);
currentTriple.GrantSet = PermissionSet.s_fullTrust;
currentTriple.UpdateAssert(fsd.GetAssertions(fDeclarative));
return(true);
}
PermissionSet assertions = fsd.GetAssertions(fDeclarative);
if (assertions != null)
{
if (assertions.IsUnrestricted())
{
if (currentTriple.GrantSet == null)
{
currentTriple.GrantSet = PermissionSet.s_fullTrust;
}
this.UpdateTripleListAndCreateNewTriple(currentTriple, this.m_permSetTriples);
currentTriple.GrantSet = PermissionSet.s_fullTrust;
currentTriple.UpdateAssert(assertions);
return(true);
}
PermissionSetTriple permissionSetTriple = currentTriple.UpdateAssert(assertions);
if (permissionSetTriple != null)
{
this.EnsureTriplesListCreated();
this.m_permSetTriples.Add((object)permissionSetTriple);
}
}
return(false);
}
//
// API for PermissionSets
//
public virtual void Assert(PermissionSet permSet, ref StackCrawlMark stackMark)
{
// Note: if the "AssertPermission" is not a permission that implements IUnrestrictedPermission
// you need to change the fourth parameter to a zero.
FrameSecurityDescriptor secObj = CodeAccessSecurityEngine.CheckNReturnSO(
CodeAccessSecurityEngine.AssertPermissionToken,
CodeAccessSecurityEngine.AssertPermission,
ref stackMark,
1,
1);
BCLDebug.Assert(secObj != null || !SecurityManager.SecurityEnabled, "Failure in SecurityRuntime.Assert() - secObj != null");
if (secObj == null)
{
if (SecurityManager.SecurityEnabled)
{
// Security: REQ_SQ flag is missing. Bad compiler ?
throw new ExecutionEngineException(Environment.GetResourceString("ExecutionEngine_MissingSecurityDescriptor"));
}
}
else
{
if (secObj.GetAssertions() != null)
{
throw new SecurityException(Environment.GetResourceString("Security_MustRevertOverride"));
}
secObj.SetAssert(permSet);
}
}
internal virtual void Assert(CodeAccessPermission cap, ref StackCrawlMark stackMark)
{
// Make sure the caller of assert has the permission to assert
//WARNING: The placement of the call here is just right to check
// the appropriate frame.
// Note: if the "AssertPermission" is not a permission that implements IUnrestrictedPermission
// you need to change the last parameter to a zero.
FrameSecurityDescriptor secObj = CheckNReturnSO(AssertPermissionToken,
AssertPermission,
ref stackMark,
1,
1);
if (secObj == null)
{
if (SecurityManager.SecurityEnabled)
{
// Security: REQ_SQ flag is missing. Bad compiler ?
// This can happen when you create delegates over functions that need the REQ_SQ
throw new ExecutionEngineException(Environment.GetResourceString("ExecutionEngine_MissingSecurityDescriptor"));
}
}
else
{
if (secObj.GetAssertions() != null)
{
throw new SecurityException(Environment.GetResourceString("Security_MustRevertOverride"));
}
secObj.SetAssert(cap);
}
}
static bool StackCompressWalkHelper(PermissionListSet compressedStack,
bool skipGrants,
PermissionSet grantedPerms,
PermissionSet deniedPerms,
FrameSecurityDescriptor frameInfo)
{
if (!skipGrants)
{
if (!compressedStack.AppendPermissions(grantedPerms,
PermissionList.MatchChecked))
{
return(false);
}
if (deniedPerms != null && !compressedStack.AppendPermissions(deniedPerms,
PermissionList.MatchDeny))
{
return(false);
}
}
if (frameInfo != null)
{
PermissionSet set = frameInfo.GetPermitOnly();
if (set != null)
{
if (!compressedStack.AppendPermissions(set, PermissionList.MatchPermitOnly))
{
return(false);
}
}
set = frameInfo.GetDenials();
if (set != null)
{
if (!compressedStack.AppendPermissions(set, PermissionList.MatchDeny))
{
return(false);
}
}
set = frameInfo.GetAssertions();
if (set != null)
{
if (!compressedStack.AppendPermissions(set, PermissionList.MatchAssert))
{
return(false);
}
}
}
return(true);
}
private bool Update2(PermissionSetTriple currentTriple, FrameSecurityDescriptor fsd, bool fDeclarative)
{
// Deny
PermissionSet deniedPset = fsd.GetDenials(fDeclarative);
if (deniedPset != null)
{
currentTriple.UpdateRefused(deniedPset);
}
// permit only
PermissionSet permitOnlyPset = fsd.GetPermitOnly(fDeclarative);
if (permitOnlyPset != null)
{
currentTriple.UpdateGrant(permitOnlyPset);
}
// Assert all possible
if (fsd.GetAssertAllPossible())
{
return(true); // halt the construction
}
// Assert
PermissionSet assertPset = fsd.GetAssertions(fDeclarative);
if (assertPset != null)
{
if (assertPset.IsUnrestricted())
{
return(true); // halt the construction
}
PermissionSetTriple retTriple = currentTriple.UpdateAssert(assertPset);
if (retTriple != null)
{
EnsureTriplesListCreated();
m_permSetTriples.Add(retTriple);
}
}
return(false);
}
[System.Security.SecurityCritical] // auto-generated
private bool Update2(PermissionSetTriple currentTriple, FrameSecurityDescriptor fsd, bool fDeclarative)
{
// Deny
PermissionSet deniedPset = fsd.GetDenials(fDeclarative);
if (deniedPset != null)
{
currentTriple.UpdateRefused(deniedPset);
}
// permit only
PermissionSet permitOnlyPset = fsd.GetPermitOnly(fDeclarative);
if (permitOnlyPset != null)
{
currentTriple.UpdateGrant(permitOnlyPset);
}
// Assert all possible
if (fsd.GetAssertAllPossible())
{
// If we have no grant set, it means that the only assembly we've seen on the stack so
// far is mscorlib. Since mscorlib will always be fully trusted, the grant set of the
// compressed stack is also FullTrust.
if (currentTriple.GrantSet == null)
currentTriple.GrantSet = PermissionSet.s_fullTrust;
return true; // halt the construction
}
// Assert
PermissionSet assertPset = fsd.GetAssertions(fDeclarative);
if (assertPset != null)
{
if (assertPset.IsUnrestricted())
{
// If we have no grant set, it means that the only assembly we've seen on the stack so
// far is mscorlib. Since mscorlib will always be fully trusted, the grant set of the
// compressed stack is also FullTrust.
if (currentTriple.GrantSet == null)
currentTriple.GrantSet = PermissionSet.s_fullTrust;
return true; // halt the construction
}
PermissionSetTriple retTriple = currentTriple.UpdateAssert(assertPset);
if (retTriple != null)
{
EnsureTriplesListCreated();
m_permSetTriples.Add(retTriple);
}
}
return false;
}
private static bool FrameDescSetHelper(FrameSecurityDescriptor secDesc,
PermissionSet demandSet,
out PermissionSet alteredDemandSet)
{
PermissionSet permSet;
// In the common case we are not going to alter the demand set, so just to
// be safe we'll set it to null up front.
// There's some oddness in here to deal with exceptions. The general idea behind
// this is that we need some way of dealing with custom permissions that may not
// handle all possible scenarios of Union(), Intersect(), and IsSubsetOf() properly
// (they don't support it, throw null reference exceptions, etc.).
alteredDemandSet = null;
// An empty demand always succeeds.
if (demandSet == null || demandSet.IsEmpty())
{
return(StackHalt);
}
// In the case of permit only, we define an exception to be failure of the check
// and therefore we throw a security exception.
try
{
permSet = secDesc.GetPermitOnly();
if (permSet != null)
{
if (!demandSet.IsSubsetOf(permSet))
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"));
}
}
}
catch (Exception)
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"));
}
// In the case of denial, we define an exception to be failure of the check
// and therefore we throw a security exception.
try
{
permSet = secDesc.GetDenials();
#if _DEBUG
if (debug)
{
DEBUG_OUT("Checking Denials");
DEBUG_OUT("denials set =\n" + permSet.ToXml().ToString());
DEBUG_OUT("demandSet =\n" + demandSet.ToXml().ToString());
}
#endif
if (permSet != null)
{
PermissionSet intersection = demandSet.Intersect(permSet);
if (intersection != null && !intersection.IsEmpty())
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"));
}
}
}
catch (Exception)
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"));
}
// The assert case is more complex. Since asserts have the ability to "bleed through"
// (where part of a demand is handled by an assertion, but the rest is passed on to
// continue the stackwalk), we need to be more careful in handling the "failure" case.
// Therefore, if an exception is thrown in performing any operation, we make sure to keep
// that permission in the demand set thereby continuing the demand for that permission
// walking down the stack.
if (secDesc.GetAssertAllPossible())
{
return(StackHalt);
}
permSet = secDesc.GetAssertions();
if (permSet != null)
{
// If this frame asserts a superset of the demand set we're done
try
{
if (demandSet.IsSubsetOf(permSet))
{
return(StackHalt);
}
}
catch (Exception)
{
}
// Determine whether any of the demand set asserted. We do this by
// copying the demand set and removing anything in it that is asserted.
if (!permSet.IsUnrestricted())
{
PermissionSetEnumerator enumerator = (PermissionSetEnumerator)demandSet.GetEnumerator();
while (enumerator.MoveNext())
{
IPermission perm
= (IPermission)enumerator.Current;
int i = enumerator.GetCurrentIndex();
if (perm != null)
{
bool unrestricted = perm is System.Security.Permissions.IUnrestrictedPermission;
IPermission assertPerm
= (IPermission)permSet.GetPermission(i, unrestricted);
bool removeFromAlteredDemand = false;
try
{
removeFromAlteredDemand = perm.IsSubsetOf(assertPerm);
}
catch (Exception)
{
}
if (removeFromAlteredDemand)
{
if (alteredDemandSet == null)
{
alteredDemandSet = demandSet.Copy();
}
alteredDemandSet.RemovePermission(i, unrestricted);
}
}
}
}
}
return(StackContinue);
}
// Returns true to continue, or false to halt
private static bool FrameDescHelper(FrameSecurityDescriptor secDesc,
IPermission demand,
PermissionToken permToken)
{
PermissionSet permSet;
// If the demand is null, there is no need to continue
if (demand == null || demand.IsSubsetOf(null))
{
return(StackHalt);
}
// NOTE: See notes about exceptions and exception handling in FrameDescSetHelper
// Check Reduction
try
{
permSet = secDesc.GetPermitOnly();
if (permSet != null)
{
IPermission perm = permSet.GetPermission(demand);
#if _DEBUG
if (debug)
{
DEBUG_OUT("Checking PermitOnly");
DEBUG_OUT("permit only set =\n" + permSet.ToXml().ToString());
DEBUG_OUT("demand =\n" + ((CodeAccessPermission)demand).ToXml().ToString());
}
#endif
// If the permit only set does not contain the demanded permission, throw a security exception
if (perm == null)
{
if (!(demand is IUnrestrictedPermission && permSet.IsUnrestricted()))
{
throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString());
}
}
else
{
if (!demand.IsSubsetOf(perm))
{
throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString());
}
}
}
}
catch (Exception)
{
throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString());
}
// Check Denials
try
{
permSet = secDesc.GetDenials();
if (permSet != null)
{
#if _DEBUG
if (debug)
{
DEBUG_OUT("Checking Denials");
DEBUG_OUT("denied set =\n" + permSet.ToXml().ToString());
}
#endif
IPermission perm = permSet.GetPermission(demand);
// If the deny set does contain the demanded permission, throw a security exception
if ((perm != null && perm.Intersect(demand) != null) || (demand is IUnrestrictedPermission && permSet.IsUnrestricted()))
{
throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString());
}
}
}
catch (Exception)
{
throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString());
}
if (secDesc.GetAssertAllPossible())
{
return(StackHalt);
}
try
{
permSet = secDesc.GetAssertions();
// Check Assertions
if (permSet != null)
{
#if _DEBUG
if (debug)
{
DEBUG_OUT("Checking Assertions");
}
#endif
IPermission perm = permSet.GetPermission(demand);
// If the assert set does contain the demanded permission, halt the stackwalk
if ((perm != null && (demand.IsSubsetOf(perm)) || (demand is IUnrestrictedPermission && permSet.IsUnrestricted())))
{
#if _DEBUG
if (debug)
{
DEBUG_OUT("Assert halting stackwalk");
}
#endif
return(StackHalt);
}
}
}
catch (Exception)
{
}
return(StackContinue);
}
static bool StackCompressWalkHelper(PermissionListSet compressedStack,
bool skipGrants,
PermissionSet grantedPerms,
PermissionSet deniedPerms,
FrameSecurityDescriptor frameInfo)
{
if (!skipGrants)
{
if (!compressedStack.AppendPermissions(grantedPerms,
PermissionList.MatchChecked))
return false;
if (deniedPerms != null && !compressedStack.AppendPermissions(deniedPerms,
PermissionList.MatchDeny))
return false;
}
if (frameInfo != null)
{
PermissionSet set = frameInfo.GetPermitOnly();
if (set != null)
{
if (!compressedStack.AppendPermissions( set, PermissionList.MatchPermitOnly ))
return false;
}
set = frameInfo.GetDenials();
if (set != null)
{
if (!compressedStack.AppendPermissions( set, PermissionList.MatchDeny ))
return false;
}
set = frameInfo.GetAssertions();
if (set != null)
{
if (!compressedStack.AppendPermissions( set, PermissionList.MatchAssert ))
return false;
}
}
return true;
}
private static bool FrameDescSetHelper(FrameSecurityDescriptor secDesc,
PermissionSet demandSet,
out PermissionSet alteredDemandSet)
{
PermissionSet permSet;
// In the common case we are not going to alter the demand set, so just to
// be safe we'll set it to null up front.
// There's some oddness in here to deal with exceptions. The general idea behind
// this is that we need some way of dealing with custom permissions that may not
// handle all possible scenarios of Union(), Intersect(), and IsSubsetOf() properly
// (they don't support it, throw null reference exceptions, etc.).
alteredDemandSet = null;
// An empty demand always succeeds.
if (demandSet == null || demandSet.IsEmpty())
return StackHalt;
// In the case of permit only, we define an exception to be failure of the check
// and therefore we throw a security exception.
try
{
permSet = secDesc.GetPermitOnly();
if (permSet != null)
{
if (!demandSet.IsSubsetOf(permSet))
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"));
}
}
}
catch (Exception)
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"));
}
// In the case of denial, we define an exception to be failure of the check
// and therefore we throw a security exception.
try
{
permSet = secDesc.GetDenials();
#if _DEBUG
if (debug)
{
DEBUG_OUT("Checking Denials");
DEBUG_OUT("denials set =\n" + permSet.ToXml().ToString() );
DEBUG_OUT("demandSet =\n" + demandSet.ToXml().ToString() );
}
#endif
if (permSet != null)
{
PermissionSet intersection = demandSet.Intersect(permSet);
if (intersection != null && !intersection.IsEmpty())
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"));
}
}
}
catch (Exception)
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"));
}
// The assert case is more complex. Since asserts have the ability to "bleed through"
// (where part of a demand is handled by an assertion, but the rest is passed on to
// continue the stackwalk), we need to be more careful in handling the "failure" case.
// Therefore, if an exception is thrown in performing any operation, we make sure to keep
// that permission in the demand set thereby continuing the demand for that permission
// walking down the stack.
if (secDesc.GetAssertAllPossible())
{
return StackHalt;
}
permSet = secDesc.GetAssertions();
if (permSet != null)
{
// If this frame asserts a superset of the demand set we're done
try
{
if (demandSet.IsSubsetOf( permSet ))
return StackHalt;
}
catch (Exception)
{
}
// Determine whether any of the demand set asserted. We do this by
// copying the demand set and removing anything in it that is asserted.
if (!permSet.IsUnrestricted())
{
PermissionSetEnumerator enumerator = (PermissionSetEnumerator)demandSet.GetEnumerator();
while (enumerator.MoveNext())
{
IPermission perm
= (IPermission)enumerator.Current;
int i = enumerator.GetCurrentIndex();
if (perm != null)
{
bool unrestricted = perm is System.Security.Permissions.IUnrestrictedPermission;
IPermission assertPerm
= (IPermission)permSet.GetPermission(i, unrestricted);
bool removeFromAlteredDemand = false;
try
{
removeFromAlteredDemand = perm.IsSubsetOf(assertPerm);
}
catch (Exception)
{
}
if (removeFromAlteredDemand)
{
if (alteredDemandSet == null)
alteredDemandSet = demandSet.Copy();
alteredDemandSet.RemovePermission(i, unrestricted);
}
}
}
}
}
return StackContinue;
}
private static bool FrameDescHelper(FrameSecurityDescriptor secDesc,
IPermission demand,
PermissionToken permToken)
{
PermissionSet permSet;
// If the demand is null, there is no need to continue
if (demand == null || demand.IsSubsetOf( null ))
return StackHalt;
// NOTE: See notes about exceptions and exception handling in FrameDescSetHelper
// Check Reduction
try
{
permSet = secDesc.GetPermitOnly();
if (permSet != null)
{
IPermission perm = permSet.GetPermission(demand);
#if _DEBUG
if (debug)
{
DEBUG_OUT("Checking PermitOnly");
DEBUG_OUT("permit only set =\n" + permSet.ToXml().ToString() );
DEBUG_OUT("demand =\n" + ((CodeAccessPermission)demand).ToXml().ToString() );
}
#endif
// If the permit only set does not contain the demanded permission, throw a security exception
if (perm == null)
{
if(!(demand is IUnrestrictedPermission && permSet.IsUnrestricted()))
throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString());
}
else
{
if (!demand.IsSubsetOf( perm ))
throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString());
}
}
}
catch (Exception)
{
throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString());
}
// Check Denials
try
{
permSet = secDesc.GetDenials();
if (permSet != null)
{
#if _DEBUG
if (debug)
{
DEBUG_OUT("Checking Denials");
DEBUG_OUT("denied set =\n" + permSet.ToXml().ToString() );
}
#endif
IPermission perm = permSet.GetPermission(demand);
// If the deny set does contain the demanded permission, throw a security exception
if ((perm != null && perm.Intersect( demand ) != null) || (demand is IUnrestrictedPermission && permSet.IsUnrestricted()))
throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString());
}
}
catch (Exception)
{
throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString());
}
if (secDesc.GetAssertAllPossible())
{
return StackHalt;
}
try
{
permSet = secDesc.GetAssertions();
// Check Assertions
if (permSet != null)
{
#if _DEBUG
if (debug)
DEBUG_OUT("Checking Assertions");
#endif
IPermission perm = permSet.GetPermission(demand);
// If the assert set does contain the demanded permission, halt the stackwalk
if ((perm != null && (demand.IsSubsetOf( perm )) || (demand is IUnrestrictedPermission && permSet.IsUnrestricted())))
{
#if _DEBUG
if (debug)
DEBUG_OUT("Assert halting stackwalk");
#endif
return StackHalt;
}
}
}
catch (Exception)
{
}
return StackContinue;
}
[System.Security.SecurityCritical] // auto-generated
private bool Update2(PermissionSetTriple currentTriple, FrameSecurityDescriptor fsd, bool fDeclarative)
{
// Deny
PermissionSet deniedPset = fsd.GetDenials(fDeclarative);
if (deniedPset != null)
{
currentTriple.UpdateRefused(deniedPset);
}
// permit only
PermissionSet permitOnlyPset = fsd.GetPermitOnly(fDeclarative);
if (permitOnlyPset != null)
{
currentTriple.UpdateGrant(permitOnlyPset);
}
// Assert all possible
if (fsd.GetAssertAllPossible())
{
// If we have no grant set, it means that the only assembly we've seen on the stack so
// far is mscorlib. Since mscorlib will always be fully trusted, the grant set of the
// compressed stack is also FullTrust.
if (currentTriple.GrantSet == null)
{
currentTriple.GrantSet = PermissionSet.s_fullTrust;
}
UpdateTripleListAndCreateNewTriple(currentTriple, m_permSetTriples);
currentTriple.GrantSet = PermissionSet.s_fullTrust;
currentTriple.UpdateAssert(fsd.GetAssertions(fDeclarative));
return(true);
}
// Assert
PermissionSet assertPset = fsd.GetAssertions(fDeclarative);
if (assertPset != null)
{
if (assertPset.IsUnrestricted())
{
// If we have no grant set, it means that the only assembly we've seen on the stack so
// far is mscorlib. Since mscorlib will always be fully trusted, the grant set of the
// compressed stack is also FullTrust.
if (currentTriple.GrantSet == null)
{
currentTriple.GrantSet = PermissionSet.s_fullTrust;
}
UpdateTripleListAndCreateNewTriple(currentTriple, m_permSetTriples);
currentTriple.GrantSet = PermissionSet.s_fullTrust;
currentTriple.UpdateAssert(assertPset);
return(true);
}
PermissionSetTriple retTriple = currentTriple.UpdateAssert(assertPset);
if (retTriple != null)
{
EnsureTriplesListCreated();
m_permSetTriples.Add(retTriple);
}
}
return(false);
}
private bool Update2(PermissionSetTriple currentTriple, FrameSecurityDescriptor fsd, bool fDeclarative)
{
PermissionSet denials = fsd.GetDenials(fDeclarative);
if (denials != null)
{
currentTriple.UpdateRefused(denials);
}
PermissionSet permitOnly = fsd.GetPermitOnly(fDeclarative);
if (permitOnly != null)
{
currentTriple.UpdateGrant(permitOnly);
}
if (fsd.GetAssertAllPossible())
{
if (currentTriple.GrantSet == null)
{
currentTriple.GrantSet = PermissionSet.s_fullTrust;
}
return true;
}
PermissionSet assertions = fsd.GetAssertions(fDeclarative);
if (assertions != null)
{
if (assertions.IsUnrestricted())
{
if (currentTriple.GrantSet == null)
{
currentTriple.GrantSet = PermissionSet.s_fullTrust;
}
return true;
}
PermissionSetTriple triple = currentTriple.UpdateAssert(assertions);
if (triple != null)
{
this.EnsureTriplesListCreated();
this.m_permSetTriples.Add(triple);
}
}
return false;
}
private bool Update2(PermissionSetTriple currentTriple, FrameSecurityDescriptor fsd, bool fDeclarative)
{
// Deny
PermissionSet deniedPset = fsd.GetDenials(fDeclarative);
if (deniedPset != null)
{
currentTriple.UpdateRefused(deniedPset);
}
// permit only
PermissionSet permitOnlyPset = fsd.GetPermitOnly(fDeclarative);
if (permitOnlyPset != null)
{
currentTriple.UpdateGrant(permitOnlyPset);
}
// Assert all possible
if (fsd.GetAssertAllPossible())
return true; // halt the construction
// Assert
PermissionSet assertPset = fsd.GetAssertions(fDeclarative);
if (assertPset != null)
{
if (assertPset.IsUnrestricted())
return true; // halt the construction
PermissionSetTriple retTriple = currentTriple.UpdateAssert(assertPset);
if (retTriple != null)
{
EnsureTriplesListCreated();
m_permSetTriples.Add(retTriple);
}
}
return false;
}