+2005-01-09 Sebastien Pouliot <sebastien@ximian.com>
+
+ * CodeAccessPermission.cs: CheckAssert, CheckDemand, CheckDeny and
+ CheckPermitOnly are no more publicly avaiable in Fx 2.0 and have been
+ changed to internal for all profiles. Updated comments to reflect the
+ (better) documentation available with 2.0.
+ * HostSecurityManager.cs: Updated to Dec CTP specs. There is missing
+ documentation (and/or classes) to implement completly the
+ DetermineApplicationTrust method at this point.
+ * PermissionSetCollection.cs: Completed implementation.
+ * PermissionSet.cs: Fix the case where Assert, Deny and PermitOnly
+ must be ignored for non-CAS permissions.
+ * SecurityManager.cs: Refactored resolve methods to implements
+ ResolveSystemPolicy (a resolve without the AppDomain policy level).
+ Added a default implementation for GetZoneAndOrigin (empty ArrayList)
+ which seems to be right (at least) for FullTrust.
+
2005-01-08 Sebastien Pouliot <sebastien@ximian.com>
* AllowPartiallyTrustedCallersAttribute.cs: Cleanup;
// (C) Ximian, Inc. http://www.ximian.com
// Copyright (C) 2001 Nick Drochak, All Rights Reserved
// Portions (C) 2004 Motus Technologies Inc. (http://www.motus.com)
-// Copyright (C) 2004 Novell, Inc (http://www.novell.com)
+// Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
{
}
- // LAMESPEC: Documented as virtual
[MonoTODO ("Imperative mode isn't supported")]
public void Assert ()
{
new PermissionSet (this).Assert ();
}
-#if NET_2_0
- public virtual
-#else
- internal
-#endif
- bool CheckAssert (CodeAccessPermission asserted)
+ internal bool CheckAssert (CodeAccessPermission asserted)
{
if (asserted == null)
return false;
return IsSubsetOf (asserted);
}
-#if NET_2_0
- public virtual
-#else
- internal
-#endif
- bool CheckDemand (CodeAccessPermission target)
+ internal bool CheckDemand (CodeAccessPermission target)
{
if (target == null)
return false;
return IsSubsetOf (target);
}
-#if NET_2_0
- public virtual
-#else
- internal
-#endif
- bool CheckDeny (CodeAccessPermission denied)
+ internal bool CheckDeny (CodeAccessPermission denied)
{
if (denied == null)
return true;
return (Intersect (denied) == null);
}
-#if NET_2_0
- public
-#else
- internal
-#endif
- virtual bool CheckPermitOnly (CodeAccessPermission target)
+ internal bool CheckPermitOnly (CodeAccessPermission target)
{
if (target == null)
return false;
public abstract IPermission Copy ();
- // LAMESPEC: Documented as virtual
- [MonoTODO ("Assert, Deny and PermitOnly aren't yet supported")]
+ [MonoTODO ("Imperative Assert, Deny and PermitOnly aren't yet supported")]
public void Demand ()
{
// note: here we're sure it's a CAS demand
new PermissionSet (this).CasOnlyDemand (2);
}
- // LAMESPEC: Documented as virtual
[MonoTODO ("Imperative mode isn't supported")]
public void Deny ()
{
return null;
}
- // LAMESPEC: Documented as virtual
[MonoTODO ("Imperative mode isn't supported")]
public void PermitOnly ()
{
// Author:
// Sebastien Pouliot <sebastien@ximian.com>
//
-// Copyright (C) 2004 Novell, Inc (http://www.novell.com)
+// Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
#if NET_2_0
-using System;
using System.Reflection;
using System.Security.Policy;
get { return HostSecurityManagerFlags.AllFlags; }
}
- public virtual PermissionSet RefusedSet {
- // always return null - may be overriden
- get { return null; }
+ [MonoTODO ("incomplete - docs talks about a System.Runtime.Hosting in corlib but it's not there (yet?)")]
+ public virtual bool DetermineApplicationTrust (Evidence applicationEvidence, Evidence activatorEvidence, TrustManagerContext context)
+ {
+ if (applicationEvidence == null)
+ throw new ArgumentNullException ("applicationEvidence");
+ // TODO extract the ActivationContext from the ActivationArguments (inside the applicationEvidence)
+ ActivationContext ac = null;
+ return ApplicationSecurityManager.DetermineApplicationTrust (ac, context);
}
- public virtual bool DetermineApplicationTrust (ActivationContext activationContext, TrustManagerContext context)
+ public virtual Evidence ProvideAppDomainEvidence (Evidence inputEvidence)
{
- if (activationContext == null)
- throw new ArgumentNullException ("activationContext");
- return true;
+ // no changes - may be overriden
+ return inputEvidence;
}
- public virtual Evidence ProvideAssemblyEvidence (Assembly loadedAssembly, Evidence evidence)
+ public virtual Evidence ProvideAssemblyEvidence (Assembly loadedAssembly, Evidence inputEvidence)
{
// no changes - may be overriden
- return evidence;
+ return inputEvidence;
+ }
+
+ public virtual PermissionSet ResolvePolicy (Evidence evidence)
+ {
+ if (evidence == null)
+ throw new NullReferenceException ("evidence");
+ return SecurityManager.ResolvePolicy (evidence);
}
}
}
//
// (C) Nick Drochak
// Portions (C) 2003, 2004 Motus Technologies Inc. (http://www.motus.com)
-// Copyright (C) 2004 Novell, Inc (http://www.novell.com)
+// Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
{
new SecurityPermission (SecurityPermissionFlag.Assertion).Demand ();
+ int count = this.Count;
+
// we (current frame) must have the permission to assert it to others
// otherwise we don't assert (but we don't throw an exception)
foreach (IPermission p in list) {
if (!SecurityManager.IsGranted (p)) {
return;
}
- }
+ } else
+ count--;
}
- throw new NotSupportedException ("Currently only declarative Assert are supported.");
+ // note: we must ignore the stack modifiers for the non-CAS permissions
+ if (count > 0)
+ throw new NotSupportedException ("Currently only declarative Assert are supported.");
}
internal void Clear ()
[MonoTODO ("Imperative mode isn't supported")]
public virtual void Deny ()
{
- throw new NotSupportedException ("Currently only declarative Deny are supported.");
+ foreach (IPermission p in list) {
+ // note: we ignore non-CAS permissions
+ if (p is IStackWalk) {
+ throw new NotSupportedException ("Currently only declarative Deny are supported.");
+ }
+ }
}
[MonoTODO ("adjust class version with current runtime - unification")]
[MonoTODO ("Imperative mode isn't supported")]
public virtual void PermitOnly ()
{
- throw new NotSupportedException ("Currently only declarative Deny are supported.");
+ foreach (IPermission p in list) {
+ // note: we ignore non-CAS permissions
+ if (p is IStackWalk) {
+ throw new NotSupportedException ("Currently only declarative Deny are supported.");
+ }
+ }
}
public bool ContainsNonCodeAccessPermissions ()
// Authors
// Sebastien Pouliot <sebastien@ximian.com>
//
-// Copyright (C) 2004 Novell, Inc (http://www.novell.com)
+// Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
#if NET_2_0
-using System;
using System.Collections;
using System.Security.Permissions;
[Serializable]
public sealed class PermissionSetCollection : ICollection, IEnumerable {
+ private static string tagName = "PermissionSetCollection";
private IList _list;
public PermissionSetCollection ()
_list.Add (permSet);
}
- [MonoTODO ("check if permission are copied (or just referenced)")]
public PermissionSetCollection Copy ()
{
PermissionSetCollection psc = new PermissionSetCollection ();
foreach (PermissionSet ps in _list) {
- psc._list.Add (ps);
+ psc._list.Add (ps.Copy ());
}
return psc;
}
throw new NotSupportedException ();
}
- [MonoTODO]
public void Demand ()
{
// check all collection in a single stack walk
+ PermissionSet superset = new PermissionSet (PermissionState.None);
+ foreach (PermissionSet ps in _list) {
+ foreach (IPermission p in ps) {
+ superset.AddPermission (p);
+ }
+ }
+ superset.Demand ();
}
- [MonoTODO]
public void FromXml (SecurityElement el)
{
if (el == null)
throw new ArgumentNullException ("el");
- // TODO
+ if (el.Tag != tagName) {
+ string msg = String.Format ("Invalid tag {0} expected {1}", el.Tag, tagName);
+ throw new ArgumentException (msg, "el");
+ }
+ _list.Clear ();
+ if (el.Children != null) {
+ foreach (SecurityElement child in el.Children) {
+ PermissionSet ps = new PermissionSet (PermissionState.None);
+ ps.FromXml (child);
+ _list.Add (ps);
+ }
+ }
}
public IEnumerator GetEnumerator ()
return ToXml ().ToString ();
}
- [MonoTODO ("verify syntax")]
public SecurityElement ToXml ()
{
- SecurityElement se = new SecurityElement ("PermissionSetCollection");
+ SecurityElement se = new SecurityElement (tagName);
foreach (PermissionSet ps in _list) {
se.AddChild (ps.ToXml ());
}
[StrongNameIdentityPermission (SecurityAction.LinkDemand, PublicKey = "0x00000000000000000400000000000000")]
public static void GetZoneAndOrigin (out ArrayList zone, out ArrayList origin)
{
- zone = null;
- origin = null;
+ zone = new ArrayList ();
+ origin = new ArrayList ();
}
#endif
public static PermissionSet ResolvePolicy (Evidence evidence)
{
+ PermissionSet ps = new PermissionSet (PermissionState.None);
+
// no evidence, no permission
if (evidence == null)
- return new PermissionSet (PermissionState.None);
+ return ps;
- PermissionSet ps = null;
// Note: can't call PolicyHierarchy since ControlPolicy isn't required to resolve policies
IEnumerator ple = Hierarchy;
while (ple.MoveNext ()) {
PolicyLevel pl = (PolicyLevel) ple.Current;
- PolicyStatement pst = pl.Resolve (evidence);
- if (pst != null) {
- if (ps == null)
- ps = pst.PermissionSet; // for first time only
- else
- ps = ps.Intersect (pst.PermissionSet);
-
- // some permissions returns null, other returns an empty set
- // sadly we must adjust for every variations :(
- if (ps == null)
- ps = new PermissionSet (PermissionState.None);
-
- if ((pst.Attributes & PolicyStatementAttribute.LevelFinal) == PolicyStatementAttribute.LevelFinal)
- break;
- }
- }
-
- // Only host evidence are used for policy resolution
- IEnumerator ee = evidence.GetHostEnumerator ();
- while (ee.MoveNext ()) {
- IIdentityPermissionFactory ipf = (ee.Current as IIdentityPermissionFactory);
- if (ipf != null) {
- IPermission p = ipf.CreateIdentityPermission (evidence);
- ps.AddPermission (p);
- }
+ if (ResolvePolicyLevel (ps, pl, evidence))
+ break; // i.e. PolicyStatementAttribute.LevelFinal
}
+ ResolveIdentityPermissions (ps, evidence);
return ps;
}
}
return ps;
}
+
+ public static PermissionSet ResolveSystemPolicy (Evidence evidence)
+ {
+ PermissionSet ps = new PermissionSet (PermissionState.None);
+
+ // no evidence, no permission
+ if (evidence == null)
+ return ps;
+
+ // Note: can't call PolicyHierarchy since ControlPolicy isn't required to resolve policies
+ IEnumerator ple = Hierarchy;
+ while (ple.MoveNext ()) {
+ PolicyLevel pl = (PolicyLevel) ple.Current;
+ if (pl.Type == PolicyLevelType.AppDomain)
+ break;
+ if (ResolvePolicyLevel (ps, pl, evidence))
+ break; // i.e. PolicyStatementAttribute.LevelFinal
+ }
+
+ ResolveIdentityPermissions (ps, evidence);
+ return ps;
+ }
#endif
static private SecurityPermission _execution = new SecurityPermission (SecurityPermissionFlag.Execution);
_hierarchy = ArrayList.Synchronized (al);
}
+ internal static bool ResolvePolicyLevel (PermissionSet ps, PolicyLevel pl, Evidence evidence)
+ {
+ PolicyStatement pst = pl.Resolve (evidence);
+ if (pst != null) {
+ ps = ps.Intersect (pst.PermissionSet);
+ if ((pst.Attributes & PolicyStatementAttribute.LevelFinal) == PolicyStatementAttribute.LevelFinal)
+ return true;
+ }
+ return false;
+ }
+
+ // TODO: this changes in 2.0 as identity permissions can now be unrestricted
+ internal static void ResolveIdentityPermissions (PermissionSet ps, Evidence evidence)
+ {
+ // Only host evidence are used for policy resolution
+ IEnumerator ee = evidence.GetHostEnumerator ();
+ while (ee.MoveNext ()) {
+ IIdentityPermissionFactory ipf = (ee.Current as IIdentityPermissionFactory);
+ if (ipf != null) {
+ IPermission p = ipf.CreateIdentityPermission (evidence);
+ ps.AddPermission (p);
+ }
+ }
+ }
+
internal static PermissionSet Decode (IntPtr permissions, int length)
{
// Permission sets from the runtime (declarative security) can be cached