示例#1
0
        internal static Exception MakeSecurityException(AssemblyName asmName, Evidence asmEvidence, PermissionSet granted, PermissionSet refused, RuntimeMethodHandleInternal rmh, SecurityAction action, object demand, IPermission permThatFailed)
        {
            HostProtectionPermission protectionPermission = permThatFailed as HostProtectionPermission;

            if (protectionPermission != null)
            {
                return((Exception) new HostProtectionException(SecurityException.GetResString("HostProtection_HostProtection"), HostProtectionPermission.protectedResources, protectionPermission.Resources));
            }
            string     message = "";
            MethodInfo method  = (MethodInfo)null;

            try
            {
                message = granted != null || refused != null || demand != null ? (demand == null || !(demand is IPermission) ? (permThatFailed == null ? SecurityException.GetResString("Security_GenericNoType") : string.Format((IFormatProvider)CultureInfo.InvariantCulture, SecurityException.GetResString("Security_Generic"), (object)permThatFailed.GetType().AssemblyQualifiedName)) : string.Format((IFormatProvider)CultureInfo.InvariantCulture, SecurityException.GetResString("Security_Generic"), (object)demand.GetType().AssemblyQualifiedName)) : SecurityException.GetResString("Security_NoAPTCA");
                method  = SecurityRuntime.GetMethodInfo(rmh);
            }
            catch (Exception ex)
            {
                if (ex is ThreadAbortException)
                {
                    throw;
                }
            }
            return((Exception) new SecurityException(message, asmName, granted, refused, method, action, demand, permThatFailed, asmEvidence));
        }
        static private void DoInitSecurity()
        {
            s_ftPermSet = new PermissionSet(true);

            isr   = new SecurityRuntime();
            icase = new CodeAccessSecurityEngine();
        }
        [System.Security.SecurityCritical]  // auto-generated
        internal static void Deny(CodeAccessPermission cap, ref StackCrawlMark stackMark)
        {
#if FEATURE_CAS_POLICY
            // Deny is only valid in legacy mode
            if (!AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled)
            {
                throw new NotSupportedException(Environment.GetResourceString("NotSupported_CasDeny"));
            }
#endif // FEATURE_CAS_POLICY

            FrameSecurityDescriptor secObj =
                SecurityRuntime.GetSecurityObjectForFrame(ref stackMark, true);
            if (secObj == null)
            {
                // Security: REQ_SQ flag is missing. Bad compiler ?
                // This can happen when you create delegates over functions that need the REQ_SQ
                System.Environment.FailFast(Environment.GetResourceString("ExecutionEngine_MissingSecurityDescriptor"));
            }
            else
            {
                if (secObj.HasImperativeDenials())
                {
                    throw new SecurityException(Environment.GetResourceString("Security_MustRevertOverride"));
                }

                secObj.SetDeny(cap);
            }
        }
        [System.Security.SecurityCritical]  // auto-generated
        internal static void Deny(PermissionSet permSet, ref StackCrawlMark stackMark)
        {
#if FEATURE_CAS_POLICY
            // Deny is only valid in legacy mode
            if (!AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled)
            {
                throw new NotSupportedException(Environment.GetResourceString("NotSupported_CasDeny"));
            }
#endif // FEATURE_CAS_POLICY

            FrameSecurityDescriptor secObj =
                SecurityRuntime.GetSecurityObjectForFrame(ref stackMark, true);

            Contract.Assert(secObj != null, "Failure in SecurityRuntime.Deny() - secObj != null");
            if (secObj == null)
            {
                // Security: REQ_SQ flag is missing. Bad compiler ?
                System.Environment.FailFast(Environment.GetResourceString("ExecutionEngine_MissingSecurityDescriptor"));
            }
            else
            {
                if (secObj.HasImperativeDenials())
                {
                    throw new SecurityException(Environment.GetResourceString("Security_MustRevertOverride"));
                }

                secObj.SetDeny(permSet);
            }
        }
示例#5
0
        internal static Exception MakeSecurityException(AssemblyName asmName, Evidence asmEvidence, PermissionSet granted, PermissionSet refused, RuntimeMethodHandle rmh, SecurityAction action, Object demand, IPermission permThatFailed)
        {
            // See if we need to throw a HostProtectionException instead
            HostProtectionPermission hostProtectionPerm = permThatFailed as HostProtectionPermission;

            if (hostProtectionPerm != null)
            {
                return(new HostProtectionException(GetResString("HostProtection_HostProtection"), HostProtectionPermission.protectedResources, hostProtectionPerm.Resources));
            }

            // Produce relevant strings
            String     message = "";
            MethodInfo method  = null;

            try
            {
                if (granted == null && refused == null && demand == null)
                {
                    message = GetResString("Security_NoAPTCA");
                }
                else
                {
                    if (demand != null && demand is IPermission)
                    {
                        message = String.Format(CultureInfo.InvariantCulture, GetResString("Security_Generic"), demand.GetType().AssemblyQualifiedName);
                    }
                    else if (permThatFailed != null)
                    {
                        message = String.Format(CultureInfo.InvariantCulture, GetResString("Security_Generic"), permThatFailed.GetType().AssemblyQualifiedName);
                    }
                    else
                    {
                        message = GetResString("Security_GenericNoType");
                    }
                }

                method = SecurityRuntime.GetMethodInfo(rmh);
            }
            catch (Exception e)
            {
                // Environment.GetResourceString will throw if we are ReadyForAbort (thread abort).  (We shouldn't do a BCLDebug.Assert in this case or it will lock up the thread.)
                if (e is System.Threading.ThreadAbortException)
                {
                    throw;
                }
            }

/*            catch(System.Threading.ThreadAbortException)
 *          {
 *              // Environment.GetResourceString will throw if we are ReadyForAbort (thread abort).  (We shouldn't do a BCLDebug.Assert in this case or it will lock up the thread.)
 *              throw;
 *          }
 *          catch
 *          {
 *          }
 */
            // make the exception object
            return(new SecurityException(message, asmName, granted, refused, method, action, demand, permThatFailed, asmEvidence));
        }
示例#6
0
        /// <include file='doc\CodeAccessPermission.uex' path='docs/doc[@for="CodeAccessPermission.RevertPermitOnly"]/*' />
        public static void RevertPermitOnly()
        {
            SecurityRuntime isr = SecurityManager.GetSecurityRuntime();

            if (isr != null)
            {
                StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller;
                isr.RevertPermitOnly(ref stackMark);
            }
        }
示例#7
0
        internal static void RevertAssertAllPossible()
        {
            SecurityRuntime isr = SecurityManager.GetSecurityRuntime();

            if (isr != null)
            {
                StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller;
                isr.RevertAssertAllPossible(ref stackMark);
            }
        }
示例#8
0
        internal static void RevertAll(ref StackCrawlMark stackMark)
        {
            FrameSecurityDescriptor securityObjectForFrame = SecurityRuntime.GetSecurityObjectForFrame(ref stackMark, false);

            if (securityObjectForFrame == null)
            {
                throw new InvalidOperationException(Environment.GetResourceString("ExecutionEngine_MissingSecurityDescriptor"));
            }
            securityObjectForFrame.RevertAll();
        }
示例#9
0
        [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable
        static internal void Assert(bool allPossible)
        {
            //    The intent of the method is to be an internal mscorlib helper that easily asserts for all possible permissions
            //    without having to new a PermissionSet.
            //    The security annotation fxcop rule that flags all methods with an Assert() has logic
            //    which checks for methods named Assert in types that implement IPermission or IStackWalk.
            Debug.Assert(new StackFrame().GetMethod().Name.Equals("Assert"), "This method needs to be named Assert");

            StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller;

            SecurityRuntime.AssertAllPossible(ref stackMark);
        }
示例#10
0
        internal static void AssertAllPossible(ref StackCrawlMark stackMark)
        {
            FrameSecurityDescriptor securityObjectForFrame = SecurityRuntime.GetSecurityObjectForFrame(ref stackMark, true);

            if (securityObjectForFrame == null)
            {
                Environment.FailFast(Environment.GetResourceString("ExecutionEngine_MissingSecurityDescriptor"));
                return;
            }
            if (securityObjectForFrame.GetAssertAllPossible())
            {
                throw new SecurityException(Environment.GetResourceString("Security_MustRevertOverride"));
            }
            securityObjectForFrame.SetAssertAllPossible();
        }
示例#11
0
        internal static void PermitOnly(PermissionSet permSet, ref StackCrawlMark stackMark)
        {
            FrameSecurityDescriptor securityObjectForFrame = SecurityRuntime.GetSecurityObjectForFrame(ref stackMark, true);

            if (securityObjectForFrame == null)
            {
                Environment.FailFast(Environment.GetResourceString("ExecutionEngine_MissingSecurityDescriptor"));
                return;
            }
            if (securityObjectForFrame.HasImperativeRestrictions())
            {
                throw new SecurityException(Environment.GetResourceString("Security_MustRevertOverride"));
            }
            securityObjectForFrame.SetPermitOnly(permSet);
        }
示例#12
0
        internal static void Deny(PermissionSet permSet, ref StackCrawlMark stackMark)
        {
            if (!AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled)
            {
                throw new NotSupportedException(Environment.GetResourceString("NotSupported_CasDeny"));
            }
            FrameSecurityDescriptor securityObjectForFrame = SecurityRuntime.GetSecurityObjectForFrame(ref stackMark, true);

            if (securityObjectForFrame == null)
            {
                Environment.FailFast(Environment.GetResourceString("ExecutionEngine_MissingSecurityDescriptor"));
                return;
            }
            if (securityObjectForFrame.HasImperativeDenials())
            {
                throw new SecurityException(Environment.GetResourceString("Security_MustRevertOverride"));
            }
            securityObjectForFrame.SetDeny(permSet);
        }
        [System.Security.SecurityCritical]  // auto-generated
        internal static void PermitOnly(PermissionSet permSet, ref StackCrawlMark stackMark)
        {
            FrameSecurityDescriptor secObj =
                SecurityRuntime.GetSecurityObjectForFrame(ref stackMark, true);

            Contract.Assert(secObj != null, "Failure in SecurityRuntime.PermitOnly() - secObj != null");
            if (secObj == null)
            {
                // Security: REQ_SQ flag is missing. Bad compiler ?
                System.Environment.FailFast(Environment.GetResourceString("ExecutionEngine_MissingSecurityDescriptor"));
            }
            else
            {
                if (secObj.HasImperativeRestrictions())
                {
                    throw new SecurityException(Environment.GetResourceString("Security_MustRevertOverride"));
                }

                secObj.SetPermitOnly(permSet);
            }
        }
        [System.Security.SecurityCritical]  // auto-generated
        internal static void PermitOnly(CodeAccessPermission cap, ref StackCrawlMark stackMark)
        {
            FrameSecurityDescriptor secObj =
                SecurityRuntime.GetSecurityObjectForFrame(ref stackMark, true);

            if (secObj == null)
            {
                // Security: REQ_SQ flag is missing. Bad compiler ?
                // This can happen when you create delegates over functions that need the REQ_SQ
                System.Environment.FailFast(Environment.GetResourceString("ExecutionEngine_MissingSecurityDescriptor"));
            }
            else
            {
                if (secObj.HasImperativeRestrictions())
                {
                    throw new SecurityException(Environment.GetResourceString("Security_MustRevertOverride"));
                }

                secObj.SetPermitOnly(cap);
            }
        }
示例#15
0
        internal static Exception MakeSecurityException(AssemblyName asmName, Evidence asmEvidence, PermissionSet granted, PermissionSet refused, RuntimeMethodHandleInternal rmh, SecurityAction action, object demand, IPermission permThatFailed)
        {
            HostProtectionPermission permission = permThatFailed as HostProtectionPermission;

            if (permission != null)
            {
                return(new HostProtectionException(GetResString("HostProtection_HostProtection"), HostProtectionPermission.protectedResources, permission.Resources));
            }
            string     message = "";
            MethodInfo method  = null;

            try
            {
                if (((granted == null) && (refused == null)) && (demand == null))
                {
                    message = GetResString("Security_NoAPTCA");
                }
                else if ((demand != null) && (demand is IPermission))
                {
                    message = string.Format(CultureInfo.InvariantCulture, GetResString("Security_Generic"), new object[] { demand.GetType().AssemblyQualifiedName });
                }
                else if (permThatFailed != null)
                {
                    message = string.Format(CultureInfo.InvariantCulture, GetResString("Security_Generic"), new object[] { permThatFailed.GetType().AssemblyQualifiedName });
                }
                else
                {
                    message = GetResString("Security_GenericNoType");
                }
                method = SecurityRuntime.GetMethodInfo(rmh);
            }
            catch (Exception exception)
            {
                if (exception is ThreadAbortException)
                {
                    throw;
                }
            }
            return(new SecurityException(message, asmName, granted, refused, method, action, demand, permThatFailed, asmEvidence));
        }
示例#16
0
        [System.Security.SecurityCritical]  // auto-generated
        internal static void AssertAllPossible(ref StackCrawlMark stackMark)
        {
#if FEATURE_CAS_POLICY
            FrameSecurityDescriptor secObj =
                SecurityRuntime.GetSecurityObjectForFrame(ref stackMark, true);

            Contract.Assert(secObj != null, "Failure in SecurityRuntime.AssertAllPossible() - secObj != null");
            if (secObj == null)
            {
                // Security: REQ_SQ flag is missing. Bad compiler ?
                System.Environment.FailFast(Environment.GetResourceString("ExecutionEngine_MissingSecurityDescriptor"));
            }
            else
            {
                if (secObj.GetAssertAllPossible())
                {
                    throw new SecurityException(Environment.GetResourceString("Security_MustRevertOverride"));
                }

                secObj.SetAssertAllPossible();
            }
#endif // FEATURE_CAS_POLICY
        }
        public virtual void PermitOnly(PermissionSet permSet, ref StackCrawlMark stackMark)
        {
            FrameSecurityDescriptor secObj =
                SecurityRuntime.GetSecurityObjectForFrame(ref stackMark, true);

            BCLDebug.Assert(secObj != null || !SecurityManager.SecurityEnabled, "Failure in SecurityRuntime.PermitOnly() - secObj != null");
            if (secObj == null)
            {
                if (SecurityManager.SecurityEnabled)
                {
                    // Security: REQ_SQ flag is missing. Bad compiler ?
                    throw new ExecutionEngineException(Environment.GetResourceString("ExecutionEngine_MissingSecurityDescriptor"));
                }
            }
            else
            {
                if (secObj.GetPermitOnly() != null)
                {
                    throw new SecurityException(Environment.GetResourceString("Security_MustRevertOverride"));
                }

                secObj.SetPermitOnly(permSet);
            }
        }
        internal virtual void Deny(CodeAccessPermission cap, ref StackCrawlMark stackMark)
        {
            FrameSecurityDescriptor secObj =
                SecurityRuntime.GetSecurityObjectForFrame(ref stackMark, true);

            BCLDebug.Assert(secObj != null || !SecurityManager.SecurityEnabled, "Failure in CodeAccessSecurityEngine.Deny() - secObj != null");
            if (secObj == null)
            {
                if (SecurityManager.SecurityEnabled)
                {
                    // Security: REQ_SQ flag is missing. Bad compiler ?
                    throw new ExecutionEngineException(Environment.GetResourceString("ExecutionEngine_MissingSecurityDescriptor"));
                }
            }
            else
            {
                if (secObj.GetDenials() != null)
                {
                    throw new SecurityException(Environment.GetResourceString("Security_MustRevertOverride"));
                }

                secObj.SetDeny(cap);
            }            BCLDebug.Assert(secObj != null, "Failure in CodeAccessSecurityEngine.Deny() - secObj != null");
        }
        internal static void Deny(PermissionSet permSet, ref StackCrawlMark stackMark)
        {
            FrameSecurityDescriptor secObj =
                SecurityRuntime.GetSecurityObjectForFrame(ref stackMark, true);

            BCLDebug.Assert(secObj != null || !SecurityManager._IsSecurityOn(), "Failure in SecurityRuntime.Deny() - secObj != null");
            if (secObj == null)
            {
                if (SecurityManager._IsSecurityOn())
                {
                    // Security: REQ_SQ flag is missing. Bad compiler ?
                    throw new ExecutionEngineException(Environment.GetResourceString("ExecutionEngine_MissingSecurityDescriptor"));
                }
            }
            else
            {
                if (secObj.HasImperativeDenials())
                {
                    throw new SecurityException(Environment.GetResourceString("Security_MustRevertOverride"));
                }

                secObj.SetDeny(permSet);
            }
        }
        internal virtual void PermitOnly(CodeAccessPermission cap, ref StackCrawlMark stackMark)
        {
            FrameSecurityDescriptor secObj =
                SecurityRuntime.GetSecurityObjectForFrame(ref stackMark, true);

            if (secObj == null)
            {
                if (SecurityManager.SecurityEnabled)
                {
                    // Security: REQ_SQ flag is missing. Bad compiler ?
                    // This can happen when you create delegates over functions that need the REQ_SQ
                    throw new ExecutionEngineException(Environment.GetResourceString("ExecutionEngine_MissingSecurityDescriptor"));
                }
            }
            else
            {
                if (secObj.GetPermitOnly() != null)
                {
                    throw new SecurityException(Environment.GetResourceString("Security_MustRevertOverride"));
                }

                secObj.SetPermitOnly(cap);
            }
        }
        [System.Security.SecurityCritical]  // auto-generated
        internal bool CheckSetDemand2(PermissionSet demandSet,
                                      out PermissionSet alteredDemandSet,
                                      RuntimeMethodHandleInternal rmh, bool fDeclarative)
        {
            PermissionSet permSet;

            // In the common case we are not going to alter the demand set, so just to
            // be safe we'll set it to null up front.
            alteredDemandSet = null;

            // There's some oddness in here to deal with exceptions.  The general idea behind
            // this is that we need some way of dealing with custom permissions that may not
            // handle all possible scenarios of Union(), Intersect(), and IsSubsetOf() properly
            // (they don't support it, throw null reference exceptions, etc.).

            // An empty demand always succeeds.
            if (demandSet == null || demandSet.IsEmpty())
            {
                return(SecurityRuntime.StackHalt);
            }

            if (GetPermitOnly(fDeclarative) != null)
            {
                GetPermitOnly(fDeclarative).CheckDecoded(demandSet);
            }
            if (GetDenials(fDeclarative) != null)
            {
                GetDenials(fDeclarative).CheckDecoded(demandSet);
            }
            if (GetAssertions(fDeclarative) != null)
            {
                GetAssertions(fDeclarative).CheckDecoded(demandSet);
            }


            bool bThreadSecurity = SecurityManager._SetThreadSecurity(false);

            try
            {
                // In the case of permit only, we define an exception to be failure of the check
                // and therefore we throw a security exception.

                permSet = GetPermitOnly(fDeclarative);
                if (permSet != null)
                {
                    IPermission permFailed   = null;
                    bool        bNeedToThrow = true;

                    try
                    {
                        bNeedToThrow = !demandSet.CheckPermitOnly(permSet, out permFailed);
                    }
                    catch (ArgumentException)
                    {
                    }
                    if (bNeedToThrow)
                    {
                        throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"), null, permSet, SecurityRuntime.GetMethodInfo(rmh), demandSet, permFailed);
                    }
                }

                // In the case of denial, we define an exception to be failure of the check
                // and therefore we throw a security exception.

                permSet = GetDenials(fDeclarative);


                if (permSet != null)
                {
                    IPermission permFailed = null;

                    bool bNeedToThrow = true;

                    try
                    {
                        bNeedToThrow = !demandSet.CheckDeny(permSet, out permFailed);
                    }
                    catch (ArgumentException)
                    {
                    }

                    if (bNeedToThrow)
                    {
                        throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"), permSet, null, SecurityRuntime.GetMethodInfo(rmh), demandSet, permFailed);
                    }
                }

                // The assert case is more complex.  Since asserts have the ability to "bleed through"
                // (where part of a demand is handled by an assertion, but the rest is passed on to
                // continue the stackwalk), we need to be more careful in handling the "failure" case.
                // Therefore, if an exception is thrown in performing any operation, we make sure to keep
                // that permission in the demand set thereby continuing the demand for that permission
                // walking down the stack.

                if (GetAssertAllPossible())
                {
                    return(SecurityRuntime.StackHalt);
                }

                permSet = GetAssertions(fDeclarative);
                if (permSet != null)
                {
                    // If this frame asserts a superset of the demand set we're done

                    if (demandSet.CheckAssertion(permSet))
                    {
                        return(SecurityRuntime.StackHalt);
                    }

                    // Determine whether any of the demand set asserted.  We do this by
                    // copying the demand set and removing anything in it that is asserted.

                    if (!permSet.IsUnrestricted())
                    {
                        PermissionSet.RemoveAssertedPermissionSet(demandSet, permSet, out alteredDemandSet);
                    }
                }
            }
            finally
            {
                if (bThreadSecurity)
                {
                    SecurityManager._SetThreadSecurity(true);
                }
            }

            return(SecurityRuntime.StackContinue);
        }
        [System.Security.SecurityCritical]  // auto-generated
        internal bool CheckDemand2(CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandleInternal rmh, bool fDeclarative)
        {
            PermissionSet permSet;

            // If the demand is null, there is no need to continue
            Contract.Assert(demand != null && !demand.CheckDemand(null), "Empty demands should have been filtered out by this point");

            // decode imperative
            if (GetPermitOnly(fDeclarative) != null)
            {
                GetPermitOnly(fDeclarative).CheckDecoded(demand, permToken);
            }

            if (GetDenials(fDeclarative) != null)
            {
                GetDenials(fDeclarative).CheckDecoded(demand, permToken);
            }

            if (GetAssertions(fDeclarative) != null)
            {
                GetAssertions(fDeclarative).CheckDecoded(demand, permToken);
            }

            // NOTE: See notes about exceptions and exception handling in FrameDescSetHelper

            bool bThreadSecurity = SecurityManager._SetThreadSecurity(false);

            // Check Reduction

            try
            {
                permSet = GetPermitOnly(fDeclarative);
                if (permSet != null)
                {
                    CodeAccessPermission perm = (CodeAccessPermission)permSet.GetPermission(demand);

                    // If the permit only set does not contain the demanded permission, throw a security exception
                    if (perm == null)
                    {
                        if (!permSet.IsUnrestricted())
                        {
                            throw new SecurityException(String.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), null, permSet, SecurityRuntime.GetMethodInfo(rmh), demand, demand);
                        }
                    }
                    else
                    {
                        bool bNeedToThrow = true;

                        try
                        {
                            bNeedToThrow = !demand.CheckPermitOnly(perm);
                        }
                        catch (ArgumentException)
                        {
                        }

                        if (bNeedToThrow)
                        {
                            throw new SecurityException(String.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), null, permSet, SecurityRuntime.GetMethodInfo(rmh), demand, demand);
                        }
                    }
                }

                // Check Denials

                permSet = GetDenials(fDeclarative);
                if (permSet != null)
                {
                    CodeAccessPermission perm = (CodeAccessPermission)permSet.GetPermission(demand);

                    // If an unrestricted set was denied and the demand implements IUnrestricted
                    if (permSet.IsUnrestricted())
                    {
                        throw new SecurityException(String.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), permSet, null, SecurityRuntime.GetMethodInfo(rmh), demand, demand);
                    }

                    // If the deny set does contain the demanded permission, throw a security exception
                    bool bNeedToThrow = true;
                    try
                    {
                        bNeedToThrow = !demand.CheckDeny(perm);
                    }
                    catch (ArgumentException)
                    {
                    }
                    if (bNeedToThrow)
                    {
                        throw new SecurityException(String.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), permSet, null, SecurityRuntime.GetMethodInfo(rmh), demand, demand);
                    }
                }

                if (GetAssertAllPossible())
                {
                    return(SecurityRuntime.StackHalt);
                }

                permSet = GetAssertions(fDeclarative);
                // Check Assertions
                if (permSet != null)
                {
                    CodeAccessPermission perm = (CodeAccessPermission)permSet.GetPermission(demand);

                    // If the assert set does contain the demanded permission, halt the stackwalk

                    try
                    {
                        if (permSet.IsUnrestricted() || demand.CheckAssert(perm))
                        {
                            return(SecurityRuntime.StackHalt);
                        }
                    }
                    catch (ArgumentException)
                    {
                    }
                }
            }
            finally
            {
                if (bThreadSecurity)
                {
                    SecurityManager._SetThreadSecurity(true);
                }
            }

            return(SecurityRuntime.StackContinue);
        }
示例#23
0
 static private void DoInitSecurity()
 {
     s_ftPermSet = new PermissionSet(true);
     
     isr = new SecurityRuntime();
     icase = new CodeAccessSecurityEngine();
 }
        internal bool CheckDemand2(CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandleInternal rmh, bool fDeclarative)
        {
            if (this.GetPermitOnly(fDeclarative) != null)
            {
                this.GetPermitOnly(fDeclarative).CheckDecoded(demand, permToken);
            }
            if (this.GetDenials(fDeclarative) != null)
            {
                this.GetDenials(fDeclarative).CheckDecoded(demand, permToken);
            }
            if (this.GetAssertions(fDeclarative) != null)
            {
                this.GetAssertions(fDeclarative).CheckDecoded(demand, permToken);
            }
            bool flag1 = SecurityManager._SetThreadSecurity(false);

            try
            {
                PermissionSet permitOnly = this.GetPermitOnly(fDeclarative);
                if (permitOnly != null)
                {
                    CodeAccessPermission permitted = (CodeAccessPermission)permitOnly.GetPermission((IPermission)demand);
                    if (permitted == null)
                    {
                        if (!permitOnly.IsUnrestricted())
                        {
                            throw new SecurityException(string.Format((IFormatProvider)CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), (object)demand.GetType().AssemblyQualifiedName), (object)null, (object)permitOnly, SecurityRuntime.GetMethodInfo(rmh), (object)demand, (IPermission)demand);
                        }
                    }
                    else
                    {
                        bool flag2 = true;
                        try
                        {
                            flag2 = !demand.CheckPermitOnly(permitted);
                        }
                        catch (ArgumentException ex)
                        {
                        }
                        if (flag2)
                        {
                            throw new SecurityException(string.Format((IFormatProvider)CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), (object)demand.GetType().AssemblyQualifiedName), (object)null, (object)permitOnly, SecurityRuntime.GetMethodInfo(rmh), (object)demand, (IPermission)demand);
                        }
                    }
                }
                PermissionSet denials = this.GetDenials(fDeclarative);
                if (denials != null)
                {
                    CodeAccessPermission denied = (CodeAccessPermission)denials.GetPermission((IPermission)demand);
                    if (denials.IsUnrestricted())
                    {
                        throw new SecurityException(string.Format((IFormatProvider)CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), (object)demand.GetType().AssemblyQualifiedName), (object)denials, (object)null, SecurityRuntime.GetMethodInfo(rmh), (object)demand, (IPermission)demand);
                    }
                    bool flag2 = true;
                    try
                    {
                        flag2 = !demand.CheckDeny(denied);
                    }
                    catch (ArgumentException ex)
                    {
                    }
                    if (flag2)
                    {
                        throw new SecurityException(string.Format((IFormatProvider)CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), (object)demand.GetType().AssemblyQualifiedName), (object)denials, (object)null, SecurityRuntime.GetMethodInfo(rmh), (object)demand, (IPermission)demand);
                    }
                }
                if (this.GetAssertAllPossible())
                {
                    return(false);
                }
                PermissionSet assertions = this.GetAssertions(fDeclarative);
                if (assertions != null)
                {
                    CodeAccessPermission asserted = (CodeAccessPermission)assertions.GetPermission((IPermission)demand);
                    try
                    {
                        if (!assertions.IsUnrestricted())
                        {
                            if (!demand.CheckAssert(asserted))
                            {
                                goto label_35;
                            }
                        }
                        return(false);
                    }
                    catch (ArgumentException ex)
                    {
                    }
                }
            }
            finally
            {
                if (flag1)
                {
                    SecurityManager._SetThreadSecurity(true);
                }
            }
label_35:
            return(true);
        }
        static internal void AssertAllPossible()
        {
            StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller;

            SecurityRuntime.AssertAllPossible(ref stackMark);
        }
        public static void RevertAll()
        {
            StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller;

            SecurityRuntime.RevertAll(ref stackMark);
        }
示例#27
0
        internal bool CheckSetDemand2(PermissionSet demandSet, out PermissionSet alteredDemandSet, RuntimeMethodHandleInternal rmh, bool fDeclarative)
        {
            alteredDemandSet = null;
            if ((demandSet == null) || demandSet.IsEmpty())
            {
                return(false);
            }
            if (this.GetPermitOnly(fDeclarative) != null)
            {
                this.GetPermitOnly(fDeclarative).CheckDecoded(demandSet);
            }
            if (this.GetDenials(fDeclarative) != null)
            {
                this.GetDenials(fDeclarative).CheckDecoded(demandSet);
            }
            if (this.GetAssertions(fDeclarative) != null)
            {
                this.GetAssertions(fDeclarative).CheckDecoded(demandSet);
            }
            bool flag = SecurityManager._SetThreadSecurity(false);

            try
            {
                PermissionSet permitOnly = this.GetPermitOnly(fDeclarative);
                if (permitOnly != null)
                {
                    IPermission firstPermThatFailed = null;
                    bool        flag2 = true;
                    try
                    {
                        flag2 = !demandSet.CheckPermitOnly(permitOnly, out firstPermThatFailed);
                    }
                    catch (ArgumentException)
                    {
                    }
                    if (flag2)
                    {
                        throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"), null, permitOnly, SecurityRuntime.GetMethodInfo(rmh), demandSet, firstPermThatFailed);
                    }
                }
                permitOnly = this.GetDenials(fDeclarative);
                if (permitOnly != null)
                {
                    IPermission permission2 = null;
                    bool        flag3       = true;
                    try
                    {
                        flag3 = !demandSet.CheckDeny(permitOnly, out permission2);
                    }
                    catch (ArgumentException)
                    {
                    }
                    if (flag3)
                    {
                        throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"), permitOnly, null, SecurityRuntime.GetMethodInfo(rmh), demandSet, permission2);
                    }
                }
                if (this.GetAssertAllPossible())
                {
                    return(false);
                }
                permitOnly = this.GetAssertions(fDeclarative);
                if (permitOnly != null)
                {
                    if (demandSet.CheckAssertion(permitOnly))
                    {
                        return(false);
                    }
                    if (!permitOnly.IsUnrestricted())
                    {
                        PermissionSet.RemoveAssertedPermissionSet(demandSet, permitOnly, out alteredDemandSet);
                    }
                }
            }
            finally
            {
                if (flag)
                {
                    SecurityManager._SetThreadSecurity(true);
                }
            }
            return(true);
        }
示例#28
0
        internal bool CheckDemand2(CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandleInternal rmh, bool fDeclarative)
        {
            if (this.GetPermitOnly(fDeclarative) != null)
            {
                this.GetPermitOnly(fDeclarative).CheckDecoded(demand, permToken);
            }
            if (this.GetDenials(fDeclarative) != null)
            {
                this.GetDenials(fDeclarative).CheckDecoded(demand, permToken);
            }
            if (this.GetAssertions(fDeclarative) != null)
            {
                this.GetAssertions(fDeclarative).CheckDecoded(demand, permToken);
            }
            bool flag = SecurityManager._SetThreadSecurity(false);

            try
            {
                PermissionSet permitOnly = this.GetPermitOnly(fDeclarative);
                if (permitOnly != null)
                {
                    CodeAccessPermission permitted = (CodeAccessPermission)permitOnly.GetPermission(demand);
                    if (permitted == null)
                    {
                        if (!permitOnly.IsUnrestricted())
                        {
                            throw new SecurityException(string.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), new object[] { demand.GetType().AssemblyQualifiedName }), null, permitOnly, SecurityRuntime.GetMethodInfo(rmh), demand, demand);
                        }
                    }
                    else
                    {
                        bool flag2 = true;
                        try
                        {
                            flag2 = !demand.CheckPermitOnly(permitted);
                        }
                        catch (ArgumentException)
                        {
                        }
                        if (flag2)
                        {
                            throw new SecurityException(string.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), new object[] { demand.GetType().AssemblyQualifiedName }), null, permitOnly, SecurityRuntime.GetMethodInfo(rmh), demand, demand);
                        }
                    }
                }
                permitOnly = this.GetDenials(fDeclarative);
                if (permitOnly != null)
                {
                    CodeAccessPermission permission = (CodeAccessPermission)permitOnly.GetPermission(demand);
                    if (permitOnly.IsUnrestricted())
                    {
                        throw new SecurityException(string.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), new object[] { demand.GetType().AssemblyQualifiedName }), permitOnly, null, SecurityRuntime.GetMethodInfo(rmh), demand, demand);
                    }
                    bool flag3 = true;
                    try
                    {
                        flag3 = !demand.CheckDeny(permission);
                    }
                    catch (ArgumentException)
                    {
                    }
                    if (flag3)
                    {
                        throw new SecurityException(string.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), new object[] { demand.GetType().AssemblyQualifiedName }), permitOnly, null, SecurityRuntime.GetMethodInfo(rmh), demand, demand);
                    }
                }
                if (this.GetAssertAllPossible())
                {
                    return(false);
                }
                permitOnly = this.GetAssertions(fDeclarative);
                if (permitOnly != null)
                {
                    CodeAccessPermission asserted = (CodeAccessPermission)permitOnly.GetPermission(demand);
                    try
                    {
                        if (permitOnly.IsUnrestricted() || demand.CheckAssert(asserted))
                        {
                            return(false);
                        }
                    }
                    catch (ArgumentException)
                    {
                    }
                }
            }
            finally
            {
                if (flag)
                {
                    SecurityManager._SetThreadSecurity(true);
                }
            }
            return(true);
        }
示例#29
0
        internal static void Assert(bool allPossible)
        {
            StackCrawlMark lookForMyCaller = StackCrawlMark.LookForMyCaller;

            SecurityRuntime.AssertAllPossible(ref lookForMyCaller);
        }
示例#30
0
        public static void RevertPermitOnly()
        {
            StackCrawlMark lookForMyCaller = StackCrawlMark.LookForMyCaller;

            SecurityRuntime.RevertPermitOnly(ref lookForMyCaller);
        }
示例#31
0
        public static void RevertAssert()
        {
            StackCrawlMark lookForMyCaller = StackCrawlMark.LookForMyCaller;

            SecurityRuntime.RevertAssert(ref lookForMyCaller);
        }