internal static Exception MakeSecurityException(AssemblyName asmName, Evidence asmEvidence, PermissionSet granted, PermissionSet refused, RuntimeMethodHandleInternal rmh, SecurityAction action, object demand, IPermission permThatFailed) { HostProtectionPermission protectionPermission = permThatFailed as HostProtectionPermission; if (protectionPermission != null) { return((Exception) new HostProtectionException(SecurityException.GetResString("HostProtection_HostProtection"), HostProtectionPermission.protectedResources, protectionPermission.Resources)); } string message = ""; MethodInfo method = (MethodInfo)null; try { message = granted != null || refused != null || demand != null ? (demand == null || !(demand is IPermission) ? (permThatFailed == null ? SecurityException.GetResString("Security_GenericNoType") : string.Format((IFormatProvider)CultureInfo.InvariantCulture, SecurityException.GetResString("Security_Generic"), (object)permThatFailed.GetType().AssemblyQualifiedName)) : string.Format((IFormatProvider)CultureInfo.InvariantCulture, SecurityException.GetResString("Security_Generic"), (object)demand.GetType().AssemblyQualifiedName)) : SecurityException.GetResString("Security_NoAPTCA"); method = SecurityRuntime.GetMethodInfo(rmh); } catch (Exception ex) { if (ex is ThreadAbortException) { throw; } } return((Exception) new SecurityException(message, asmName, granted, refused, method, action, demand, permThatFailed, asmEvidence)); }
internal static Exception MakeSecurityException(AssemblyName asmName, Evidence asmEvidence, PermissionSet granted, PermissionSet refused, RuntimeMethodHandle rmh, SecurityAction action, Object demand, IPermission permThatFailed) { // See if we need to throw a HostProtectionException instead HostProtectionPermission hostProtectionPerm = permThatFailed as HostProtectionPermission; if (hostProtectionPerm != null) { return(new HostProtectionException(GetResString("HostProtection_HostProtection"), HostProtectionPermission.protectedResources, hostProtectionPerm.Resources)); } // Produce relevant strings String message = ""; MethodInfo method = null; try { if (granted == null && refused == null && demand == null) { message = GetResString("Security_NoAPTCA"); } else { if (demand != null && demand is IPermission) { message = String.Format(CultureInfo.InvariantCulture, GetResString("Security_Generic"), demand.GetType().AssemblyQualifiedName); } else if (permThatFailed != null) { message = String.Format(CultureInfo.InvariantCulture, GetResString("Security_Generic"), permThatFailed.GetType().AssemblyQualifiedName); } else { message = GetResString("Security_GenericNoType"); } } method = SecurityRuntime.GetMethodInfo(rmh); } catch (Exception e) { // Environment.GetResourceString will throw if we are ReadyForAbort (thread abort). (We shouldn't do a BCLDebug.Assert in this case or it will lock up the thread.) if (e is System.Threading.ThreadAbortException) { throw; } } /* catch(System.Threading.ThreadAbortException) * { * // Environment.GetResourceString will throw if we are ReadyForAbort (thread abort). (We shouldn't do a BCLDebug.Assert in this case or it will lock up the thread.) * throw; * } * catch * { * } */ // make the exception object return(new SecurityException(message, asmName, granted, refused, method, action, demand, permThatFailed, asmEvidence)); }
internal static Exception MakeSecurityException(AssemblyName asmName, Evidence asmEvidence, PermissionSet granted, PermissionSet refused, RuntimeMethodHandleInternal rmh, SecurityAction action, object demand, IPermission permThatFailed) { HostProtectionPermission permission = permThatFailed as HostProtectionPermission; if (permission != null) { return(new HostProtectionException(GetResString("HostProtection_HostProtection"), HostProtectionPermission.protectedResources, permission.Resources)); } string message = ""; MethodInfo method = null; try { if (((granted == null) && (refused == null)) && (demand == null)) { message = GetResString("Security_NoAPTCA"); } else if ((demand != null) && (demand is IPermission)) { message = string.Format(CultureInfo.InvariantCulture, GetResString("Security_Generic"), new object[] { demand.GetType().AssemblyQualifiedName }); } else if (permThatFailed != null) { message = string.Format(CultureInfo.InvariantCulture, GetResString("Security_Generic"), new object[] { permThatFailed.GetType().AssemblyQualifiedName }); } else { message = GetResString("Security_GenericNoType"); } method = SecurityRuntime.GetMethodInfo(rmh); } catch (Exception exception) { if (exception is ThreadAbortException) { throw; } } return(new SecurityException(message, asmName, granted, refused, method, action, demand, permThatFailed, asmEvidence)); }
[System.Security.SecurityCritical] // auto-generated internal bool CheckSetDemand2(PermissionSet demandSet, out PermissionSet alteredDemandSet, RuntimeMethodHandleInternal rmh, bool fDeclarative) { PermissionSet permSet; // In the common case we are not going to alter the demand set, so just to // be safe we'll set it to null up front. alteredDemandSet = null; // There's some oddness in here to deal with exceptions. The general idea behind // this is that we need some way of dealing with custom permissions that may not // handle all possible scenarios of Union(), Intersect(), and IsSubsetOf() properly // (they don't support it, throw null reference exceptions, etc.). // An empty demand always succeeds. if (demandSet == null || demandSet.IsEmpty()) { return(SecurityRuntime.StackHalt); } if (GetPermitOnly(fDeclarative) != null) { GetPermitOnly(fDeclarative).CheckDecoded(demandSet); } if (GetDenials(fDeclarative) != null) { GetDenials(fDeclarative).CheckDecoded(demandSet); } if (GetAssertions(fDeclarative) != null) { GetAssertions(fDeclarative).CheckDecoded(demandSet); } bool bThreadSecurity = SecurityManager._SetThreadSecurity(false); try { // In the case of permit only, we define an exception to be failure of the check // and therefore we throw a security exception. permSet = GetPermitOnly(fDeclarative); if (permSet != null) { IPermission permFailed = null; bool bNeedToThrow = true; try { bNeedToThrow = !demandSet.CheckPermitOnly(permSet, out permFailed); } catch (ArgumentException) { } if (bNeedToThrow) { throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"), null, permSet, SecurityRuntime.GetMethodInfo(rmh), demandSet, permFailed); } } // In the case of denial, we define an exception to be failure of the check // and therefore we throw a security exception. permSet = GetDenials(fDeclarative); if (permSet != null) { IPermission permFailed = null; bool bNeedToThrow = true; try { bNeedToThrow = !demandSet.CheckDeny(permSet, out permFailed); } catch (ArgumentException) { } if (bNeedToThrow) { throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"), permSet, null, SecurityRuntime.GetMethodInfo(rmh), demandSet, permFailed); } } // The assert case is more complex. Since asserts have the ability to "bleed through" // (where part of a demand is handled by an assertion, but the rest is passed on to // continue the stackwalk), we need to be more careful in handling the "failure" case. // Therefore, if an exception is thrown in performing any operation, we make sure to keep // that permission in the demand set thereby continuing the demand for that permission // walking down the stack. if (GetAssertAllPossible()) { return(SecurityRuntime.StackHalt); } permSet = GetAssertions(fDeclarative); if (permSet != null) { // If this frame asserts a superset of the demand set we're done if (demandSet.CheckAssertion(permSet)) { return(SecurityRuntime.StackHalt); } // Determine whether any of the demand set asserted. We do this by // copying the demand set and removing anything in it that is asserted. if (!permSet.IsUnrestricted()) { PermissionSet.RemoveAssertedPermissionSet(demandSet, permSet, out alteredDemandSet); } } } finally { if (bThreadSecurity) { SecurityManager._SetThreadSecurity(true); } } return(SecurityRuntime.StackContinue); }
[System.Security.SecurityCritical] // auto-generated internal bool CheckDemand2(CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandleInternal rmh, bool fDeclarative) { PermissionSet permSet; // If the demand is null, there is no need to continue Contract.Assert(demand != null && !demand.CheckDemand(null), "Empty demands should have been filtered out by this point"); // decode imperative if (GetPermitOnly(fDeclarative) != null) { GetPermitOnly(fDeclarative).CheckDecoded(demand, permToken); } if (GetDenials(fDeclarative) != null) { GetDenials(fDeclarative).CheckDecoded(demand, permToken); } if (GetAssertions(fDeclarative) != null) { GetAssertions(fDeclarative).CheckDecoded(demand, permToken); } // NOTE: See notes about exceptions and exception handling in FrameDescSetHelper bool bThreadSecurity = SecurityManager._SetThreadSecurity(false); // Check Reduction try { permSet = GetPermitOnly(fDeclarative); if (permSet != null) { CodeAccessPermission perm = (CodeAccessPermission)permSet.GetPermission(demand); // If the permit only set does not contain the demanded permission, throw a security exception if (perm == null) { if (!permSet.IsUnrestricted()) { throw new SecurityException(String.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), null, permSet, SecurityRuntime.GetMethodInfo(rmh), demand, demand); } } else { bool bNeedToThrow = true; try { bNeedToThrow = !demand.CheckPermitOnly(perm); } catch (ArgumentException) { } if (bNeedToThrow) { throw new SecurityException(String.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), null, permSet, SecurityRuntime.GetMethodInfo(rmh), demand, demand); } } } // Check Denials permSet = GetDenials(fDeclarative); if (permSet != null) { CodeAccessPermission perm = (CodeAccessPermission)permSet.GetPermission(demand); // If an unrestricted set was denied and the demand implements IUnrestricted if (permSet.IsUnrestricted()) { throw new SecurityException(String.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), permSet, null, SecurityRuntime.GetMethodInfo(rmh), demand, demand); } // If the deny set does contain the demanded permission, throw a security exception bool bNeedToThrow = true; try { bNeedToThrow = !demand.CheckDeny(perm); } catch (ArgumentException) { } if (bNeedToThrow) { throw new SecurityException(String.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), permSet, null, SecurityRuntime.GetMethodInfo(rmh), demand, demand); } } if (GetAssertAllPossible()) { return(SecurityRuntime.StackHalt); } permSet = GetAssertions(fDeclarative); // Check Assertions if (permSet != null) { CodeAccessPermission perm = (CodeAccessPermission)permSet.GetPermission(demand); // If the assert set does contain the demanded permission, halt the stackwalk try { if (permSet.IsUnrestricted() || demand.CheckAssert(perm)) { return(SecurityRuntime.StackHalt); } } catch (ArgumentException) { } } } finally { if (bThreadSecurity) { SecurityManager._SetThreadSecurity(true); } } return(SecurityRuntime.StackContinue); }
internal bool CheckDemand2(CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandleInternal rmh, bool fDeclarative) { if (this.GetPermitOnly(fDeclarative) != null) { this.GetPermitOnly(fDeclarative).CheckDecoded(demand, permToken); } if (this.GetDenials(fDeclarative) != null) { this.GetDenials(fDeclarative).CheckDecoded(demand, permToken); } if (this.GetAssertions(fDeclarative) != null) { this.GetAssertions(fDeclarative).CheckDecoded(demand, permToken); } bool flag = SecurityManager._SetThreadSecurity(false); try { PermissionSet permitOnly = this.GetPermitOnly(fDeclarative); if (permitOnly != null) { CodeAccessPermission permitted = (CodeAccessPermission)permitOnly.GetPermission(demand); if (permitted == null) { if (!permitOnly.IsUnrestricted()) { throw new SecurityException(string.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), new object[] { demand.GetType().AssemblyQualifiedName }), null, permitOnly, SecurityRuntime.GetMethodInfo(rmh), demand, demand); } } else { bool flag2 = true; try { flag2 = !demand.CheckPermitOnly(permitted); } catch (ArgumentException) { } if (flag2) { throw new SecurityException(string.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), new object[] { demand.GetType().AssemblyQualifiedName }), null, permitOnly, SecurityRuntime.GetMethodInfo(rmh), demand, demand); } } } permitOnly = this.GetDenials(fDeclarative); if (permitOnly != null) { CodeAccessPermission permission = (CodeAccessPermission)permitOnly.GetPermission(demand); if (permitOnly.IsUnrestricted()) { throw new SecurityException(string.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), new object[] { demand.GetType().AssemblyQualifiedName }), permitOnly, null, SecurityRuntime.GetMethodInfo(rmh), demand, demand); } bool flag3 = true; try { flag3 = !demand.CheckDeny(permission); } catch (ArgumentException) { } if (flag3) { throw new SecurityException(string.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), new object[] { demand.GetType().AssemblyQualifiedName }), permitOnly, null, SecurityRuntime.GetMethodInfo(rmh), demand, demand); } } if (this.GetAssertAllPossible()) { return(false); } permitOnly = this.GetAssertions(fDeclarative); if (permitOnly != null) { CodeAccessPermission asserted = (CodeAccessPermission)permitOnly.GetPermission(demand); try { if (permitOnly.IsUnrestricted() || demand.CheckAssert(asserted)) { return(false); } } catch (ArgumentException) { } } } finally { if (flag) { SecurityManager._SetThreadSecurity(true); } } return(true); }
internal bool CheckSetDemand2(PermissionSet demandSet, out PermissionSet alteredDemandSet, RuntimeMethodHandleInternal rmh, bool fDeclarative) { alteredDemandSet = null; if ((demandSet == null) || demandSet.IsEmpty()) { return(false); } if (this.GetPermitOnly(fDeclarative) != null) { this.GetPermitOnly(fDeclarative).CheckDecoded(demandSet); } if (this.GetDenials(fDeclarative) != null) { this.GetDenials(fDeclarative).CheckDecoded(demandSet); } if (this.GetAssertions(fDeclarative) != null) { this.GetAssertions(fDeclarative).CheckDecoded(demandSet); } bool flag = SecurityManager._SetThreadSecurity(false); try { PermissionSet permitOnly = this.GetPermitOnly(fDeclarative); if (permitOnly != null) { IPermission firstPermThatFailed = null; bool flag2 = true; try { flag2 = !demandSet.CheckPermitOnly(permitOnly, out firstPermThatFailed); } catch (ArgumentException) { } if (flag2) { throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"), null, permitOnly, SecurityRuntime.GetMethodInfo(rmh), demandSet, firstPermThatFailed); } } permitOnly = this.GetDenials(fDeclarative); if (permitOnly != null) { IPermission permission2 = null; bool flag3 = true; try { flag3 = !demandSet.CheckDeny(permitOnly, out permission2); } catch (ArgumentException) { } if (flag3) { throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"), permitOnly, null, SecurityRuntime.GetMethodInfo(rmh), demandSet, permission2); } } if (this.GetAssertAllPossible()) { return(false); } permitOnly = this.GetAssertions(fDeclarative); if (permitOnly != null) { if (demandSet.CheckAssertion(permitOnly)) { return(false); } if (!permitOnly.IsUnrestricted()) { PermissionSet.RemoveAssertedPermissionSet(demandSet, permitOnly, out alteredDemandSet); } } } finally { if (flag) { SecurityManager._SetThreadSecurity(true); } } return(true); }
internal bool CheckDemand2(CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandleInternal rmh, bool fDeclarative) { if (this.GetPermitOnly(fDeclarative) != null) { this.GetPermitOnly(fDeclarative).CheckDecoded(demand, permToken); } if (this.GetDenials(fDeclarative) != null) { this.GetDenials(fDeclarative).CheckDecoded(demand, permToken); } if (this.GetAssertions(fDeclarative) != null) { this.GetAssertions(fDeclarative).CheckDecoded(demand, permToken); } bool flag1 = SecurityManager._SetThreadSecurity(false); try { PermissionSet permitOnly = this.GetPermitOnly(fDeclarative); if (permitOnly != null) { CodeAccessPermission permitted = (CodeAccessPermission)permitOnly.GetPermission((IPermission)demand); if (permitted == null) { if (!permitOnly.IsUnrestricted()) { throw new SecurityException(string.Format((IFormatProvider)CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), (object)demand.GetType().AssemblyQualifiedName), (object)null, (object)permitOnly, SecurityRuntime.GetMethodInfo(rmh), (object)demand, (IPermission)demand); } } else { bool flag2 = true; try { flag2 = !demand.CheckPermitOnly(permitted); } catch (ArgumentException ex) { } if (flag2) { throw new SecurityException(string.Format((IFormatProvider)CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), (object)demand.GetType().AssemblyQualifiedName), (object)null, (object)permitOnly, SecurityRuntime.GetMethodInfo(rmh), (object)demand, (IPermission)demand); } } } PermissionSet denials = this.GetDenials(fDeclarative); if (denials != null) { CodeAccessPermission denied = (CodeAccessPermission)denials.GetPermission((IPermission)demand); if (denials.IsUnrestricted()) { throw new SecurityException(string.Format((IFormatProvider)CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), (object)demand.GetType().AssemblyQualifiedName), (object)denials, (object)null, SecurityRuntime.GetMethodInfo(rmh), (object)demand, (IPermission)demand); } bool flag2 = true; try { flag2 = !demand.CheckDeny(denied); } catch (ArgumentException ex) { } if (flag2) { throw new SecurityException(string.Format((IFormatProvider)CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), (object)demand.GetType().AssemblyQualifiedName), (object)denials, (object)null, SecurityRuntime.GetMethodInfo(rmh), (object)demand, (IPermission)demand); } } if (this.GetAssertAllPossible()) { return(false); } PermissionSet assertions = this.GetAssertions(fDeclarative); if (assertions != null) { CodeAccessPermission asserted = (CodeAccessPermission)assertions.GetPermission((IPermission)demand); try { if (!assertions.IsUnrestricted()) { if (!demand.CheckAssert(asserted)) { goto label_35; } } return(false); } catch (ArgumentException ex) { } } } finally { if (flag1) { SecurityManager._SetThreadSecurity(true); } } label_35: return(true); }