// static default constructor. This will be called before any of the static members are accessed. static CodeAccessSecurityEngine() { #pragma warning disable 618 AssertPermission = new SecurityPermission(SecurityPermissionFlag.Assertion); #pragma warning restore 618 AssertPermissionToken = PermissionToken.GetToken(AssertPermission); }
internal static void CheckAssembly(RuntimeAssembly asm, CodeAccessPermission demand) { PermissionSet newGrant; PermissionSet newDenied; asm.GetGrantSet(out newGrant, out newDenied); CodeAccessSecurityEngine.CheckHelper(newGrant, newDenied, demand, PermissionToken.GetToken((IPermission)demand), RuntimeMethodHandleInternal.EmptyHandle, (object)asm, SecurityAction.Demand, true); }
internal static void CheckAssembly(RuntimeAssembly asm, CodeAccessPermission demand) { PermissionSet set; PermissionSet set2; asm.GetGrantSet(out set, out set2); CheckHelper(set, set2, demand, PermissionToken.GetToken(demand), RuntimeMethodHandleInternal.EmptyHandle, asm, SecurityAction.Demand, true); }
internal static void CheckAssembly(RuntimeAssembly asm, CodeAccessPermission demand) { PermissionSet grantedSet; PermissionSet refusedSet; asm.GetGrantSet(out grantedSet, out refusedSet); CodeAccessSecurityEngine.CheckHelper(grantedSet, refusedSet, demand, PermissionToken.GetToken(demand), RuntimeMethodHandleInternal.EmptyHandle, asm, SecurityAction.Demand, true); }
public PermissionList RemovePermissionList(Type type) { if (type == null) { return(null); } return(RemovePermissionList(PermissionToken.GetToken(type))); }
internal bool CheckDemandNoThrow(CodeAccessPermission demand) { PermissionToken permToken = (PermissionToken)null; if (demand != null) { permToken = PermissionToken.GetToken((IPermission)demand); } return(this.m_firstPermSetTriple.CheckDemandNoThrow(demand, permToken)); }
internal bool CheckDemandNoThrow(CodeAccessPermission demand) { PermissionToken permToken = null; if (demand != null) { permToken = PermissionToken.GetToken(demand); } return(CheckDemandNoThrow(demand, permToken)); }
internal static void CheckAssembly(Assembly asm, CodeAccessPermission demand) { BCLDebug.Assert(asm != null, "Must pass in a good assembly"); BCLDebug.Assert(demand != null, "Must pass in a good demand"); if (SecurityManager._IsSecurityOn()) { PermissionSet granted, refused; asm.nGetGrantSet(out granted, out refused); CheckHelper(granted, refused, demand, PermissionToken.GetToken(demand), RuntimeMethodHandle.EmptyHandle, asm, SecurityAction.Demand, true); } }
internal static void CheckAssembly(Assembly asm, CodeAccessPermission demand) { BCLDebug.Assert(asm != null, "Must pass in a good assembly"); BCLDebug.Assert(demand != null, "Must pass in a good demand"); PermissionSet granted, denied; asm.nGetGrantSet(out granted, out denied); CheckHelper(granted, denied, demand, PermissionToken.GetToken(demand)); }
[System.Security.SecurityCritical] // auto-generated internal static void CheckAssembly(RuntimeAssembly asm, CodeAccessPermission demand) { Contract.Assert(asm != null, "Must pass in a good assembly"); Contract.Assert(demand != null, "Must pass in a good demand"); PermissionSet granted, refused; asm.GetGrantSet(out granted, out refused); #pragma warning disable 618 CheckHelper(granted, refused, demand, PermissionToken.GetToken(demand), RuntimeMethodHandleInternal.EmptyHandle, asm, SecurityAction.Demand, true); #pragma warning restore 618 }
internal IPermission ToPermission(bool ignoreTypeLoadFailures) { IPermission permission = XMLUtil.CreatePermission(this, PermissionState.None, ignoreTypeLoadFailures); if (permission == null) { return(null); } permission.FromXml(this); PermissionToken.GetToken(permission); return(permission); }
internal virtual void CheckImmediate(CodeAccessPermission cap, ref StackCrawlMark stackMark) { if (PreCheck(cap, null, CHECK_CAP, ref stackMark, PermissionType.DefaultFlag) == true) { return; } Check(PermissionToken.GetToken(cap), cap, ref stackMark, ImmediateCheckCount, (cap is IUnrestrictedPermission) ? 1 : 0); }
public void AddPermission(CodeAccessPermission perm, int type) { //BCLDebug.Assert(type == MatchAssert || type == MatchDeny, "type == MatchAssert || type == MatchDeny"); // can't get token if perm is null if (perm == null) { return; } PermissionToken permToken = PermissionToken.GetToken(perm); PermissionList plist = GetListForToken(permToken, true); plist.AppendPermission(perm, type); }
[System.Security.SecurityCritical] // auto-generated internal bool CheckDemandNoThrow(CodeAccessPermission demand) { // AppDomain permissions - no asserts. So there should only be one triple to work with Contract.Assert(m_permSetTriples == null && m_firstPermSetTriple != null, "More than one PermissionSetTriple encountered in AD PermissionListSet"); PermissionToken permToken = null; if (demand != null) { permToken = PermissionToken.GetToken(demand); } return(m_firstPermSetTriple.CheckDemandNoThrow(demand, permToken)); }
// Token: 0x06001D34 RID: 7476 RVA: 0x00065338 File Offset: 0x00063538 public void FromXml(SecurityElement elRoot) { elRoot.Tag.Equals("PermissionToken"); string text = elRoot.Attribute("Name"); PermissionToken permissionToken; if (text != null) { permissionToken = PermissionToken.GetToken(text, true); } else { permissionToken = PermissionToken.FindTokenByIndex(int.Parse(elRoot.Attribute("Index"), CultureInfo.InvariantCulture)); } this.m_index = permissionToken.m_index; this.m_type = (PermissionTokenType)Enum.Parse(typeof(PermissionTokenType), elRoot.Attribute("Type")); this.m_strTypeName = permissionToken.m_strTypeName; }
internal IPermission ToPermission(bool ignoreTypeLoadFailures) { IPermission ip = XMLUtil.CreatePermission(this, PermissionState.None, ignoreTypeLoadFailures); if (ip == null) { return(null); } ip.FromXml(this); // Get the permission token here to ensure that the token // type is updated appropriately now that we've loaded the type. PermissionToken token = PermissionToken.GetToken(ip); BCLDebug.Assert((token.m_type & PermissionTokenType.DontKnow) == 0, "Token type not properly assigned"); return(ip); }
internal static void GetZoneAndOriginHelper(CompressedStack cs, PermissionSet grantSet, PermissionSet refusedSet, ArrayList zoneList, ArrayList originList) { if (cs != null) { cs.GetZoneAndOrigin(zoneList, originList, PermissionToken.GetToken(typeof(ZoneIdentityPermission)), PermissionToken.GetToken(typeof(UrlIdentityPermission))); return; } ZoneIdentityPermission zoneIdentityPermission = (ZoneIdentityPermission)grantSet.GetPermission(typeof(ZoneIdentityPermission)); UrlIdentityPermission urlIdentityPermission = (UrlIdentityPermission)grantSet.GetPermission(typeof(UrlIdentityPermission)); if (zoneIdentityPermission != null) { zoneList.Add(zoneIdentityPermission.SecurityZone); } if (urlIdentityPermission != null) { originList.Add(urlIdentityPermission.Url); } }
public bool CheckDemand(CodeAccessPermission demand) { Exception exception; PermissionToken permToken = null; if (demand != null) { permToken = PermissionToken.GetToken(demand); } bool cont = CheckDemandInternal(demand, permToken, true, out exception); if (exception != null) { throw exception; } return(cont); }
internal static void GetZoneAndOriginHelper(CompressedStack cs, PermissionSet grantSet, PermissionSet refusedSet, ArrayList zoneList, ArrayList originList) { if (cs != null) { cs.GetZoneAndOrigin(zoneList, originList, PermissionToken.GetToken(typeof(ZoneIdentityPermission)), PermissionToken.GetToken(typeof(UrlIdentityPermission))); } else { ZoneIdentityPermission identityPermission1 = (ZoneIdentityPermission)grantSet.GetPermission(typeof(ZoneIdentityPermission)); UrlIdentityPermission identityPermission2 = (UrlIdentityPermission)grantSet.GetPermission(typeof(UrlIdentityPermission)); if (identityPermission1 != null) { zoneList.Add((object)identityPermission1.SecurityZone); } if (identityPermission2 == null) { return; } originList.Add((object)identityPermission2.Url); } }
// This is a special version of Check that knows whats the permission being demanded. // We first check if we know the result from last time, if not do the regular thing // Looks similar to COMCodeAccessSecurityEngine::SpecialDemand in the EE internal virtual void Check(CodeAccessPermission cap, ref StackCrawlMark stackMark, PermissionType permType) { int timeStamp = 0; if (GetResult(permType, out timeStamp) == true) { return; } if (PreCheck(cap, null, CHECK_CAP, ref stackMark, permType) == true) { SetResult(permType, timeStamp); return; } Check(PermissionToken.GetToken(cap), cap, ref stackMark, DeepCheckCount, (cap is IUnrestrictedPermission) ? 1 : 0); }
// static default constructor. This will be called before any of the static members are accessed. static CodeAccessSecurityEngine() { AssertPermission = new SecurityPermission(SecurityPermissionFlag.Assertion); AssertPermissionToken = PermissionToken.GetToken(AssertPermission); }
internal static bool CheckHelper(PermissionSet grantedSet, PermissionSet refusedSet, CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandleInternal rmh, object assemblyOrString, SecurityAction action, bool throwException) { if (permToken == null) { permToken = PermissionToken.GetToken(demand); } if (grantedSet != null) { grantedSet.CheckDecoded(permToken.m_index); } if (refusedSet != null) { refusedSet.CheckDecoded(permToken.m_index); } bool flag = SecurityManager._SetThreadSecurity(false); try { if (grantedSet == null) { if (!throwException) { return(false); } CodeAccessSecurityEngine.ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand); } else if (!grantedSet.IsUnrestricted()) { CodeAccessPermission grant = (CodeAccessPermission)grantedSet.GetPermission(permToken); if (!demand.CheckDemand(grant)) { if (!throwException) { return(false); } CodeAccessSecurityEngine.ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand); } } if (refusedSet != null) { CodeAccessPermission codeAccessPermission = (CodeAccessPermission)refusedSet.GetPermission(permToken); if (codeAccessPermission != null && !codeAccessPermission.CheckDeny(demand)) { if (!throwException) { return(false); } CodeAccessSecurityEngine.ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand); } if (refusedSet.IsUnrestricted()) { if (!throwException) { return(false); } CodeAccessSecurityEngine.ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand); } } } catch (SecurityException) { throw; } catch (Exception) { if (!throwException) { return(false); } CodeAccessSecurityEngine.ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand); } finally { if (flag) { SecurityManager._SetThreadSecurity(true); } } return(true); }
public static PermissionToken GetToken(string typeStr) { return(PermissionToken.GetToken(typeStr, false)); }
public void FromXml(SecurityElement elRoot) { elRoot.Tag.Equals("PermissionToken"); string typeStr = elRoot.Attribute("Name"); PermissionToken permissionToken = typeStr == null?PermissionToken.FindTokenByIndex(int.Parse(elRoot.Attribute("Index"), (IFormatProvider)CultureInfo.InvariantCulture)) : PermissionToken.GetToken(typeStr, true); this.m_index = permissionToken.m_index; this.m_type = (PermissionTokenType)Enum.Parse(typeof(PermissionTokenType), elRoot.Attribute("Type")); this.m_strTypeName = permissionToken.m_strTypeName; }
public static bool IsTokenProperlyAssigned(IPermission perm, PermissionToken token) { PermissionToken token1 = PermissionToken.GetToken(perm); return(token1.m_index == token.m_index && token.m_type == token1.m_type && (!(perm.GetType().Module.Assembly == Assembly.GetExecutingAssembly()) || token1.m_index < 17)); }
internal CodeAccessSecurityEngine() { InitSecurityEngine(); AssertPermission = new SecurityPermission(SecurityPermissionFlag.Assertion); AssertPermissionToken = PermissionToken.GetToken(AssertPermission); }
private static void CheckHelper(PermissionSet grantedSet, PermissionSet deniedSet, CodeAccessPermission demand, PermissionToken permToken) { #if _DEBUG if (debug) { DEBUG_OUT("Granted: "); DEBUG_OUT(grantedSet.ToXml().ToString()); DEBUG_OUT("Denied: "); DEBUG_OUT(deniedSet != null ? deniedSet.ToXml().ToString() : "<null>"); DEBUG_OUT("Demanded: "); DEBUG_OUT(demand.ToString()); } #endif if (permToken == null) { permToken = PermissionToken.GetToken(demand); } // If PermissionSet is null, then module does not have Permissions... Fail check. try { if (grantedSet == null) { throw new SecurityException(Environment.GetResourceString("Security_GenericNoType")); } else if (!grantedSet.IsUnrestricted() || !(demand is IUnrestrictedPermission)) { // If we aren't unrestricted, there is a denied set, or our permission is not of the unrestricted // variety, we need to do the proper callback. BCLDebug.Assert(demand != null, "demand != null"); // Find the permission of matching type in the permission set. CodeAccessPermission grantedPerm = (CodeAccessPermission)grantedSet.GetPermission(permToken); // If there isn't a matching permission in the set and our demand is not a subset of null (i.e. empty) // then throw an exception. if (grantedPerm == null) { if (!demand.IsSubsetOf(null)) { throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString()); } else { return; } } // Call the check demand for our permission. grantedPerm.CheckDemand(demand); } // Make the sure the permission is not denied. if (deniedSet != null) { CodeAccessPermission deniedPerm = (CodeAccessPermission)deniedSet.GetPermission(permToken); if (deniedPerm != null) { if (deniedPerm.Intersect(demand) != null) { #if _DEBUG if (debug) { DEBUG_OUT("Permission found in denied set"); } #endif throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString()); } } if (deniedSet.IsUnrestricted() && (demand is IUnrestrictedPermission)) { throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString()); } } } catch (Exception e) { // Any exception besides a security exception in this code means that // a permission was unable to properly handle what we asked of it. // We will define this to mean that the demand failed. if (e is SecurityException) { throw e; } else { throw new SecurityException(String.Format(Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), demand.GetType(), demand.ToXml().ToString()); } } DEBUG_OUT("Check passed"); }
public PermissionList FindPermissionList(Type permClass) { BCLDebug.Assert(permClass != null, "permClass != null"); return(FindPermissionList(PermissionToken.GetToken(permClass))); }
[System.Security.SecurityCritical] // auto-generated #pragma warning disable 618 internal static bool CheckHelper(PermissionSet grantedSet, #pragma warning restore 618 PermissionSet refusedSet, CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandleInternal rmh, Object assemblyOrString, SecurityAction action, bool throwException) { // We should never get here with a null demand Contract.Assert(demand != null, "Should not reach here with a null demand"); #if _DEBUG && FEATURE_CAS_POLICY if (debug) { DEBUG_OUT("Granted: "); DEBUG_OUT(grantedSet.ToXml().ToString()); DEBUG_OUT("Refused: "); DEBUG_OUT(refusedSet != null ? refusedSet.ToXml().ToString() : "<null>"); DEBUG_OUT("Demanded: "); DEBUG_OUT(demand.ToString()); } #endif // _DEBUG && FEATURE_CAS_POLICY if (permToken == null) { permToken = PermissionToken.GetToken(demand); } if (grantedSet != null) { grantedSet.CheckDecoded(permToken.m_index); } if (refusedSet != null) { refusedSet.CheckDecoded(permToken.m_index); } // If PermissionSet is null, then module does not have Permissions... Fail check. bool bThreadSecurity = SecurityManager._SetThreadSecurity(false); try { if (grantedSet == null) { if (throwException) { ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand); } else { return(false); } } else if (!grantedSet.IsUnrestricted()) { // If we aren't unrestricted, there is a refused set, or our permission is not of the unrestricted // variety, we need to do the proper callback. Contract.Assert(demand != null, "demand != null"); // Find the permission of matching type in the permission set. CodeAccessPermission grantedPerm = (CodeAccessPermission)grantedSet.GetPermission(permToken); // Make sure the demand has been granted if (!demand.CheckDemand(grantedPerm)) { if (throwException) { ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand); } else { return(false); } } } // Make the sure the permission is not refused. if (refusedSet != null) { CodeAccessPermission refusedPerm = (CodeAccessPermission)refusedSet.GetPermission(permToken); if (refusedPerm != null) { if (!refusedPerm.CheckDeny(demand)) { #if _DEBUG if (debug) { DEBUG_OUT("Permission found in refused set"); } #endif if (throwException) { ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand); } else { return(false); } } } if (refusedSet.IsUnrestricted()) { if (throwException) { ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand); } else { return(false); } } } } catch (SecurityException) { throw; } catch (Exception) { // Any exception besides a security exception in this code means that // a permission was unable to properly handle what we asked of it. // We will define this to mean that the demand failed. if (throwException) { ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand); } else { return(false); } } finally { if (bThreadSecurity) { SecurityManager._SetThreadSecurity(true); } } DEBUG_OUT("Check passed"); return(true); }