internal static bool CheckSetHelper(PermissionSet grants, PermissionSet refused, PermissionSet demands, RuntimeMethodHandleInternal rmh, object assemblyOrString, SecurityAction action, bool throwException)
{
IPermission firstPermThatFailed = null;
if (grants != null)
{
grants.CheckDecoded(demands);
}
if (refused != null)
{
refused.CheckDecoded(demands);
}
bool flag = SecurityManager._SetThreadSecurity(false);
try
{
if (!demands.CheckDemand(grants, out firstPermThatFailed))
{
if (!throwException)
{
return(false);
}
ThrowSecurityException(assemblyOrString, grants, refused, rmh, action, demands, firstPermThatFailed);
}
if (!demands.CheckDeny(refused, out firstPermThatFailed))
{
if (throwException)
{
ThrowSecurityException(assemblyOrString, grants, refused, rmh, action, demands, firstPermThatFailed);
}
else
{
return(false);
}
}
}
catch (SecurityException)
{
throw;
}
catch (Exception)
{
if (throwException)
{
ThrowSecurityException(assemblyOrString, grants, refused, rmh, action, demands, firstPermThatFailed);
}
else
{
return(false);
}
}
finally
{
if (flag)
{
SecurityManager._SetThreadSecurity(true);
}
}
return(true);
}
[System.Security.SecurityCritical] // auto-generated
internal bool CheckSetDemand2(PermissionSet demandSet,
out PermissionSet alteredDemandSet,
RuntimeMethodHandleInternal rmh, bool fDeclarative)
{
PermissionSet permSet;
// In the common case we are not going to alter the demand set, so just to
// be safe we'll set it to null up front.
alteredDemandSet = null;
// There's some oddness in here to deal with exceptions. The general idea behind
// this is that we need some way of dealing with custom permissions that may not
// handle all possible scenarios of Union(), Intersect(), and IsSubsetOf() properly
// (they don't support it, throw null reference exceptions, etc.).
// An empty demand always succeeds.
if (demandSet == null || demandSet.IsEmpty())
{
return(SecurityRuntime.StackHalt);
}
if (GetPermitOnly(fDeclarative) != null)
{
GetPermitOnly(fDeclarative).CheckDecoded(demandSet);
}
if (GetDenials(fDeclarative) != null)
{
GetDenials(fDeclarative).CheckDecoded(demandSet);
}
if (GetAssertions(fDeclarative) != null)
{
GetAssertions(fDeclarative).CheckDecoded(demandSet);
}
bool bThreadSecurity = SecurityManager._SetThreadSecurity(false);
try
{
// In the case of permit only, we define an exception to be failure of the check
// and therefore we throw a security exception.
permSet = GetPermitOnly(fDeclarative);
if (permSet != null)
{
IPermission permFailed = null;
bool bNeedToThrow = true;
try
{
bNeedToThrow = !demandSet.CheckPermitOnly(permSet, out permFailed);
}
catch (ArgumentException)
{
}
if (bNeedToThrow)
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"), null, permSet, SecurityRuntime.GetMethodInfo(rmh), demandSet, permFailed);
}
}
// In the case of denial, we define an exception to be failure of the check
// and therefore we throw a security exception.
permSet = GetDenials(fDeclarative);
if (permSet != null)
{
IPermission permFailed = null;
bool bNeedToThrow = true;
try
{
bNeedToThrow = !demandSet.CheckDeny(permSet, out permFailed);
}
catch (ArgumentException)
{
}
if (bNeedToThrow)
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"), permSet, null, SecurityRuntime.GetMethodInfo(rmh), demandSet, permFailed);
}
}
// The assert case is more complex. Since asserts have the ability to "bleed through"
// (where part of a demand is handled by an assertion, but the rest is passed on to
// continue the stackwalk), we need to be more careful in handling the "failure" case.
// Therefore, if an exception is thrown in performing any operation, we make sure to keep
// that permission in the demand set thereby continuing the demand for that permission
// walking down the stack.
if (GetAssertAllPossible())
{
return(SecurityRuntime.StackHalt);
}
permSet = GetAssertions(fDeclarative);
if (permSet != null)
{
// If this frame asserts a superset of the demand set we're done
if (demandSet.CheckAssertion(permSet))
{
return(SecurityRuntime.StackHalt);
}
// Determine whether any of the demand set asserted. We do this by
// copying the demand set and removing anything in it that is asserted.
if (!permSet.IsUnrestricted())
{
PermissionSet.RemoveAssertedPermissionSet(demandSet, permSet, out alteredDemandSet);
}
}
}
finally
{
if (bThreadSecurity)
{
SecurityManager._SetThreadSecurity(true);
}
}
return(SecurityRuntime.StackContinue);
}
[System.Security.SecurityCritical] // auto-generated
#pragma warning disable 618
internal static bool CheckSetHelper(PermissionSet grants,
#pragma warning restore 618
PermissionSet refused,
PermissionSet demands,
RuntimeMethodHandleInternal rmh,
Object assemblyOrString,
SecurityAction action,
bool throwException)
{
Contract.Assert(demands != null, "Should not reach here with a null demand set");
#if _DEBUG && FEATURE_CAS_POLICY
if (debug)
{
DEBUG_OUT("Granted: ");
DEBUG_OUT(grants.ToXml().ToString());
DEBUG_OUT("Refused: ");
DEBUG_OUT(refused != null ? refused.ToXml().ToString() : "<null>");
DEBUG_OUT("Demanded: ");
DEBUG_OUT(demands!=null ? demands.ToXml().ToString() : "<null>");
}
#endif // _DEBUG && FEATURE_CAS_POLICY
IPermission permThatFailed = null;
if (grants != null)
grants.CheckDecoded(demands);
if (refused != null)
refused.CheckDecoded(demands);
bool bThreadSecurity = SecurityManager._SetThreadSecurity(false);
try
{
// Check grant set
if (!demands.CheckDemand(grants, out permThatFailed))
{
if (throwException)
ThrowSecurityException(assemblyOrString, grants, refused, rmh, action, demands, permThatFailed);
else
return false;
}
// Check refused set
if (!demands.CheckDeny(refused, out permThatFailed))
{
if (throwException)
ThrowSecurityException(assemblyOrString, grants, refused, rmh, action, demands, permThatFailed);
else
return false;
}
}
catch (SecurityException)
{
throw;
}
catch (Exception)
{
// Any exception besides a security exception in this code means that
// a permission was unable to properly handle what we asked of it.
// We will define this to mean that the demand failed.
if (throwException)
ThrowSecurityException(assemblyOrString, grants, refused, rmh, action, demands, permThatFailed);
else
return false;
}
finally
{
if (bThreadSecurity)
SecurityManager._SetThreadSecurity(true);
}
return true;
}
[System.Security.SecurityCritical] // auto-generated
internal bool CheckSetDemand2(PermissionSet demandSet,
out PermissionSet alteredDemandSet,
RuntimeMethodHandleInternal rmh, bool fDeclarative)
{
PermissionSet permSet;
// In the common case we are not going to alter the demand set, so just to
// be safe we'll set it to null up front.
alteredDemandSet = null;
// There's some oddness in here to deal with exceptions. The general idea behind
// this is that we need some way of dealing with custom permissions that may not
// handle all possible scenarios of Union(), Intersect(), and IsSubsetOf() properly
// (they don't support it, throw null reference exceptions, etc.).
// An empty demand always succeeds.
if (demandSet == null || demandSet.IsEmpty())
return SecurityRuntime.StackHalt;
if (GetPermitOnly(fDeclarative) != null)
GetPermitOnly(fDeclarative).CheckDecoded( demandSet );
if (GetDenials(fDeclarative) != null)
GetDenials(fDeclarative).CheckDecoded( demandSet );
if (GetAssertions(fDeclarative) != null)
GetAssertions(fDeclarative).CheckDecoded( demandSet );
bool bThreadSecurity = SecurityManager._SetThreadSecurity(false);
try
{
// In the case of permit only, we define an exception to be failure of the check
// and therefore we throw a security exception.
permSet = GetPermitOnly(fDeclarative);
if (permSet != null)
{
IPermission permFailed = null;
bool bNeedToThrow = true;
try
{
bNeedToThrow = !demandSet.CheckPermitOnly(permSet, out permFailed);
}
catch (ArgumentException)
{
}
if (bNeedToThrow)
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"), null, permSet, SecurityRuntime.GetMethodInfo(rmh), demandSet, permFailed);
}
// In the case of denial, we define an exception to be failure of the check
// and therefore we throw a security exception.
permSet = GetDenials(fDeclarative);
if (permSet != null)
{
IPermission permFailed = null;
bool bNeedToThrow = true;
try
{
bNeedToThrow = !demandSet.CheckDeny(permSet, out permFailed);
}
catch (ArgumentException)
{
}
if (bNeedToThrow)
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"), permSet, null, SecurityRuntime.GetMethodInfo(rmh), demandSet, permFailed);
}
// The assert case is more complex. Since asserts have the ability to "bleed through"
// (where part of a demand is handled by an assertion, but the rest is passed on to
// continue the stackwalk), we need to be more careful in handling the "failure" case.
// Therefore, if an exception is thrown in performing any operation, we make sure to keep
// that permission in the demand set thereby continuing the demand for that permission
// walking down the stack.
if (GetAssertAllPossible())
{
return SecurityRuntime.StackHalt;
}
permSet = GetAssertions(fDeclarative);
if (permSet != null)
{
// If this frame asserts a superset of the demand set we're done
if (demandSet.CheckAssertion( permSet ))
return SecurityRuntime.StackHalt;
// Determine whether any of the demand set asserted. We do this by
// copying the demand set and removing anything in it that is asserted.
if (!permSet.IsUnrestricted())
{
PermissionSet.RemoveAssertedPermissionSet(demandSet, permSet, out alteredDemandSet);
}
}
}
finally
{
if (bThreadSecurity)
SecurityManager._SetThreadSecurity(true);
}
return SecurityRuntime.StackContinue;
}
[System.Security.SecurityCritical] // auto-generated
#pragma warning disable 618
internal static bool CheckSetHelper(PermissionSet grants,
#pragma warning restore 618
PermissionSet refused,
PermissionSet demands,
RuntimeMethodHandleInternal rmh,
Object assemblyOrString,
SecurityAction action,
bool throwException)
{
Contract.Assert(demands != null, "Should not reach here with a null demand set");
#if _DEBUG && FEATURE_CAS_POLICY
if (debug)
{
DEBUG_OUT("Granted: ");
DEBUG_OUT(grants.ToXml().ToString());
DEBUG_OUT("Refused: ");
DEBUG_OUT(refused != null ? refused.ToXml().ToString() : "<null>");
DEBUG_OUT("Demanded: ");
DEBUG_OUT(demands != null ? demands.ToXml().ToString() : "<null>");
}
#endif // _DEBUG && FEATURE_CAS_POLICY
IPermission permThatFailed = null;
if (grants != null)
{
grants.CheckDecoded(demands);
}
if (refused != null)
{
refused.CheckDecoded(demands);
}
bool bThreadSecurity = SecurityManager._SetThreadSecurity(false);
try
{
// Check grant set
if (!demands.CheckDemand(grants, out permThatFailed))
{
if (throwException)
{
ThrowSecurityException(assemblyOrString, grants, refused, rmh, action, demands, permThatFailed);
}
else
{
return(false);
}
}
// Check refused set
if (!demands.CheckDeny(refused, out permThatFailed))
{
if (throwException)
{
ThrowSecurityException(assemblyOrString, grants, refused, rmh, action, demands, permThatFailed);
}
else
{
return(false);
}
}
}
catch (SecurityException)
{
throw;
}
catch (Exception)
{
// Any exception besides a security exception in this code means that
// a permission was unable to properly handle what we asked of it.
// We will define this to mean that the demand failed.
if (throwException)
{
ThrowSecurityException(assemblyOrString, grants, refused, rmh, action, demands, permThatFailed);
}
else
{
return(false);
}
}
finally
{
if (bThreadSecurity)
{
SecurityManager._SetThreadSecurity(true);
}
}
return(true);
}
internal bool CheckSetDemand2(PermissionSet demandSet, out PermissionSet alteredDemandSet, RuntimeMethodHandleInternal rmh, bool fDeclarative)
{
alteredDemandSet = null;
if ((demandSet == null) || demandSet.IsEmpty())
{
return(false);
}
if (this.GetPermitOnly(fDeclarative) != null)
{
this.GetPermitOnly(fDeclarative).CheckDecoded(demandSet);
}
if (this.GetDenials(fDeclarative) != null)
{
this.GetDenials(fDeclarative).CheckDecoded(demandSet);
}
if (this.GetAssertions(fDeclarative) != null)
{
this.GetAssertions(fDeclarative).CheckDecoded(demandSet);
}
bool flag = SecurityManager._SetThreadSecurity(false);
try
{
PermissionSet permitOnly = this.GetPermitOnly(fDeclarative);
if (permitOnly != null)
{
IPermission firstPermThatFailed = null;
bool flag2 = true;
try
{
flag2 = !demandSet.CheckPermitOnly(permitOnly, out firstPermThatFailed);
}
catch (ArgumentException)
{
}
if (flag2)
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"), null, permitOnly, SecurityRuntime.GetMethodInfo(rmh), demandSet, firstPermThatFailed);
}
}
permitOnly = this.GetDenials(fDeclarative);
if (permitOnly != null)
{
IPermission permission2 = null;
bool flag3 = true;
try
{
flag3 = !demandSet.CheckDeny(permitOnly, out permission2);
}
catch (ArgumentException)
{
}
if (flag3)
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"), permitOnly, null, SecurityRuntime.GetMethodInfo(rmh), demandSet, permission2);
}
}
if (this.GetAssertAllPossible())
{
return(false);
}
permitOnly = this.GetAssertions(fDeclarative);
if (permitOnly != null)
{
if (demandSet.CheckAssertion(permitOnly))
{
return(false);
}
if (!permitOnly.IsUnrestricted())
{
PermissionSet.RemoveAssertedPermissionSet(demandSet, permitOnly, out alteredDemandSet);
}
}
}
finally
{
if (flag)
{
SecurityManager._SetThreadSecurity(true);
}
}
return(true);
}
internal bool CheckSetDemand2(PermissionSet demandSet, out PermissionSet alteredDemandSet, RuntimeMethodHandleInternal rmh, bool fDeclarative)
{
alteredDemandSet = null;
if ((demandSet == null) || demandSet.IsEmpty())
{
return false;
}
if (this.GetPermitOnly(fDeclarative) != null)
{
this.GetPermitOnly(fDeclarative).CheckDecoded(demandSet);
}
if (this.GetDenials(fDeclarative) != null)
{
this.GetDenials(fDeclarative).CheckDecoded(demandSet);
}
if (this.GetAssertions(fDeclarative) != null)
{
this.GetAssertions(fDeclarative).CheckDecoded(demandSet);
}
bool flag = SecurityManager._SetThreadSecurity(false);
try
{
PermissionSet permitOnly = this.GetPermitOnly(fDeclarative);
if (permitOnly != null)
{
IPermission firstPermThatFailed = null;
bool flag2 = true;
try
{
flag2 = !demandSet.CheckPermitOnly(permitOnly, out firstPermThatFailed);
}
catch (ArgumentException)
{
}
if (flag2)
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"), null, permitOnly, SecurityRuntime.GetMethodInfo(rmh), demandSet, firstPermThatFailed);
}
}
permitOnly = this.GetDenials(fDeclarative);
if (permitOnly != null)
{
IPermission permission2 = null;
bool flag3 = true;
try
{
flag3 = !demandSet.CheckDeny(permitOnly, out permission2);
}
catch (ArgumentException)
{
}
if (flag3)
{
throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"), permitOnly, null, SecurityRuntime.GetMethodInfo(rmh), demandSet, permission2);
}
}
if (this.GetAssertAllPossible())
{
return false;
}
permitOnly = this.GetAssertions(fDeclarative);
if (permitOnly != null)
{
if (demandSet.CheckAssertion(permitOnly))
{
return false;
}
if (!permitOnly.IsUnrestricted())
{
PermissionSet.RemoveAssertedPermissionSet(demandSet, permitOnly, out alteredDemandSet);
}
}
}
finally
{
if (flag)
{
SecurityManager._SetThreadSecurity(true);
}
}
return true;
}
internal static bool CheckSetHelper(PermissionSet grants, PermissionSet refused, PermissionSet demands, RuntimeMethodHandleInternal rmh, object assemblyOrString, SecurityAction action, bool throwException)
{
IPermission firstPermThatFailed = null;
if (grants != null)
{
grants.CheckDecoded(demands);
}
if (refused != null)
{
refused.CheckDecoded(demands);
}
bool flag = SecurityManager._SetThreadSecurity(false);
try
{
if (!demands.CheckDemand(grants, out firstPermThatFailed))
{
if (!throwException)
{
return false;
}
ThrowSecurityException(assemblyOrString, grants, refused, rmh, action, demands, firstPermThatFailed);
}
if (!demands.CheckDeny(refused, out firstPermThatFailed))
{
if (throwException)
{
ThrowSecurityException(assemblyOrString, grants, refused, rmh, action, demands, firstPermThatFailed);
}
else
{
return false;
}
}
}
catch (SecurityException)
{
throw;
}
catch (Exception)
{
if (throwException)
{
ThrowSecurityException(assemblyOrString, grants, refused, rmh, action, demands, firstPermThatFailed);
}
else
{
return false;
}
}
finally
{
if (flag)
{
SecurityManager._SetThreadSecurity(true);
}
}
return true;
}
