2 // System.Security.CodeAccessPermission.cs
5 // Miguel de Icaza (miguel@ximian.com)
6 // Nick Drochak, ndrochak@gol.com
7 // Sebastien Pouliot <sebastien@ximian.com>
9 // (C) Ximian, Inc. http://www.ximian.com
10 // Copyright (C) 2001 Nick Drochak, All Rights Reserved
11 // Portions (C) 2004 Motus Technologies Inc. (http://www.motus.com)
12 // Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
14 // Permission is hereby granted, free of charge, to any person obtaining
15 // a copy of this software and associated documentation files (the
16 // "Software"), to deal in the Software without restriction, including
17 // without limitation the rights to use, copy, modify, merge, publish,
18 // distribute, sublicense, and/or sell copies of the Software, and to
19 // permit persons to whom the Software is furnished to do so, subject to
20 // the following conditions:
22 // The above copyright notice and this permission notice shall be
23 // included in all copies or substantial portions of the Software.
25 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
26 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
27 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
28 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
29 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
30 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
31 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
34 using System.Diagnostics;
35 using System.Globalization;
36 using System.Reflection;
37 using System.Runtime.CompilerServices;
38 using System.Runtime.InteropServices;
39 using System.Security.Permissions;
40 using System.Threading;
42 namespace System.Security {
45 [SecurityPermission (SecurityAction.InheritanceDemand, ControlEvidence = true, ControlPolicy = true)]
47 [MonoTODO ("CAS support is experimental (and unsupported).")]
48 public abstract class CodeAccessPermission : IPermission, ISecurityEncodable, IStackWalk {
51 protected CodeAccessPermission ()
55 [MonoTODO ("CAS support is experimental (and unsupported). Imperative mode is not implemented.")]
58 new PermissionSet (this).Assert ();
61 internal bool CheckAssert (CodeAccessPermission asserted)
65 if (asserted.GetType () != this.GetType ())
67 return IsSubsetOf (asserted);
70 internal bool CheckDemand (CodeAccessPermission target)
74 if (target.GetType () != this.GetType ())
76 return IsSubsetOf (target);
79 internal bool CheckDeny (CodeAccessPermission denied)
83 Type t = denied.GetType ();
84 if (t != this.GetType ())
86 IPermission inter = Intersect (denied);
89 // sadly that's not enough :( at this stage we must also check
90 // if an empty (PermissionState.None) is a subset of the denied
91 // (which is like a empty intersection looks like for flag based
92 // permissions, e.g. AspNetHostingPermission).
93 return denied.IsSubsetOf (PermissionBuilder.Create (t));
96 internal bool CheckPermitOnly (CodeAccessPermission target)
100 if (target.GetType () != this.GetType ())
102 return IsSubsetOf (target);
105 public abstract IPermission Copy ();
107 public void Demand ()
109 // note: here we're sure it's a CAS demand
110 if (!SecurityManager.SecurityEnabled)
113 // skip frames until we get the caller (of our caller)
114 new PermissionSet (this).CasOnlyDemand (3);
117 [MonoTODO ("CAS support is experimental (and unsupported). Imperative mode is not implemented.")]
120 new PermissionSet (this).Deny ();
124 public override bool Equals (object obj)
128 if (obj.GetType () != this.GetType ())
130 CodeAccessPermission cap = (obj as CodeAccessPermission);
131 return (IsSubsetOf (cap) && cap.IsSubsetOf (this));
134 public abstract void FromXml (SecurityElement elem);
137 public override int GetHashCode ()
139 return base.GetHashCode ();
142 public abstract IPermission Intersect (IPermission target);
144 public abstract bool IsSubsetOf (IPermission target);
146 public override string ToString ()
148 SecurityElement elem = ToXml ();
149 return elem.ToString ();
152 public abstract SecurityElement ToXml ();
154 public virtual IPermission Union (IPermission other)
157 throw new System.NotSupportedException (); // other is not null.
161 [MonoTODO ("CAS support is experimental (and unsupported). Imperative mode is not implemented.")]
162 public void PermitOnly ()
164 new PermissionSet (this).PermitOnly ();
167 [MonoTODO ("CAS support is experimental (and unsupported). Imperative mode is not implemented.")]
168 public static void RevertAll ()
170 if (!SecurityManager.SecurityEnabled)
173 SecurityFrame sf = new SecurityFrame (1);
175 if ((sf.Assert != null) && !sf.Assert.DeclarativeSecurity) {
177 throw new NotSupportedException ("Currently only declarative Assert are supported.");
179 if ((sf.Deny != null) && !sf.Deny.DeclarativeSecurity) {
181 throw new NotSupportedException ("Currently only declarative Deny are supported.");
183 if ((sf.PermitOnly != null) && !sf.PermitOnly.DeclarativeSecurity) {
185 throw new NotSupportedException ("Currently only declarative PermitOnly are supported.");
189 string msg = Locale.GetText ("No stack modifiers are present on the current stack frame.");
190 // FIXME: we don't (yet) support imperative stack modifiers
191 msg += Environment.NewLine + "Currently only declarative stack modifiers are supported.";
192 throw new ExecutionEngineException (msg);
196 [MonoTODO ("CAS support is experimental (and unsupported). Imperative mode is not implemented.")]
197 public static void RevertAssert ()
199 if (!SecurityManager.SecurityEnabled)
202 SecurityFrame sf = new SecurityFrame (1);
203 if ((sf.Assert != null) && !sf.Assert.DeclarativeSecurity) {
204 throw new NotSupportedException ("Currently only declarative Assert are supported.");
206 // we can't revert declarative security (or an empty frame) imperatively
207 ThrowExecutionEngineException (SecurityAction.Assert);
211 [MonoTODO ("CAS support is experimental (and unsupported). Imperative mode is not implemented.")]
212 public static void RevertDeny ()
214 if (!SecurityManager.SecurityEnabled)
217 SecurityFrame sf = new SecurityFrame (1);
218 if ((sf.Deny != null) && !sf.Deny.DeclarativeSecurity) {
219 throw new NotSupportedException ("Currently only declarative Deny are supported.");
221 // we can't revert declarative security (or an empty frame) imperatively
222 ThrowExecutionEngineException (SecurityAction.Deny);
226 [MonoTODO ("CAS support is experimental (and unsupported). Imperative mode is not implemented.")]
227 public static void RevertPermitOnly ()
229 if (!SecurityManager.SecurityEnabled)
232 SecurityFrame sf = new SecurityFrame (1);
233 if ((sf.PermitOnly != null) && sf.PermitOnly.DeclarativeSecurity) {
234 throw new NotSupportedException ("Currently only declarative PermitOnly are supported.");
236 // we can't revert declarative security (or an empty frame) imperatively
237 ThrowExecutionEngineException (SecurityAction.PermitOnly);
241 // Internal helpers methods
243 // snippet moved from FileIOPermission (nickd) to be reused in all derived classes
244 internal SecurityElement Element (int version)
246 SecurityElement se = new SecurityElement ("IPermission");
247 Type type = this.GetType ();
248 se.AddAttribute ("class", type.FullName + ", " + type.Assembly.ToString ().Replace ('\"', '\''));
249 se.AddAttribute ("version", version.ToString ());
253 internal static PermissionState CheckPermissionState (PermissionState state, bool allowUnrestricted)
257 case PermissionState.None:
259 case PermissionState.Unrestricted:
260 // unrestricted permissions are possible for identiy permissions
263 msg = String.Format (Locale.GetText ("Invalid enum {0}"), state);
264 throw new ArgumentException (msg, "state");
269 internal static int CheckSecurityElement (SecurityElement se, string parameterName, int minimumVersion, int maximumVersion)
272 throw new ArgumentNullException (parameterName);
274 // Tag is case-sensitive
275 if (se.Tag != "IPermission") {
276 string msg = String.Format (Locale.GetText ("Invalid tag {0}"), se.Tag);
277 throw new ArgumentException (msg, parameterName);
280 // Note: we do not care about the class attribute at
281 // this stage (in fact we don't even if the class
282 // attribute is present or not). Anyway the object has
283 // already be created, with success, if we're loading it
285 // we assume minimum version if no version number is supplied
286 int version = minimumVersion;
287 string v = se.Attribute ("version");
290 version = Int32.Parse (v);
292 catch (Exception e) {
293 string msg = Locale.GetText ("Couldn't parse version from '{0}'.");
294 msg = String.Format (msg, v);
295 throw new ArgumentException (msg, parameterName, e);
299 if ((version < minimumVersion) || (version > maximumVersion)) {
300 string msg = Locale.GetText ("Unknown version '{0}', expected versions between ['{1}','{2}'].");
301 msg = String.Format (msg, version, minimumVersion, maximumVersion);
302 throw new ArgumentException (msg, parameterName);
307 // must be called after CheckSecurityElement (i.e. se != null)
308 internal static bool IsUnrestricted (SecurityElement se)
310 string value = se.Attribute ("Unrestricted");
313 return (String.Compare (value, Boolean.TrueString, true, CultureInfo.InvariantCulture) == 0);
316 internal bool ProcessFrame (SecurityFrame frame)
318 // 1. CheckPermitOnly
319 if (frame.PermitOnly != null) {
320 // the demanded permission must be in one of the permitted...
321 bool permit = frame.PermitOnly.IsUnrestricted ();
323 // check individual permissions
324 foreach (IPermission p in frame.PermitOnly) {
325 if (CheckPermitOnly (p as CodeAccessPermission)) {
332 // ...or else we throw
333 ThrowSecurityException (this, "PermitOnly", frame, SecurityAction.Demand, null);
338 if (frame.Deny != null) {
339 // special case where everything is denied (i.e. no child to be processed)
340 if (frame.Deny.IsUnrestricted ())
341 ThrowSecurityException (this, "Deny", frame, SecurityAction.Demand, null);
342 foreach (IPermission p in frame.Deny) {
343 if (!CheckDeny (p as CodeAccessPermission))
344 ThrowSecurityException (this, "Deny", frame, SecurityAction.Demand, p);
349 if (frame.Assert != null) {
350 if (frame.Assert.IsUnrestricted ())
351 return true; // remove permission and continue stack walk
352 foreach (IPermission p in frame.Assert) {
353 if (CheckAssert (p as CodeAccessPermission)) {
354 return true; // remove permission and continue stack walk
359 // continue the stack walk
363 internal static void ThrowInvalidPermission (IPermission target, Type expected)
365 string msg = Locale.GetText ("Invalid permission type '{0}', expected type '{1}'.");
366 msg = String.Format (msg, target.GetType (), expected);
367 throw new ArgumentException (msg, "target");
370 internal static void ThrowExecutionEngineException (SecurityAction stackmod)
372 string msg = Locale.GetText ("No {0} modifier is present on the current stack frame.");
373 // FIXME: we don't (yet) support imperative stack modifiers
374 msg += Environment.NewLine + "Currently only declarative stack modifiers are supported.";
375 throw new ExecutionEngineException (String.Format (msg, stackmod));
378 internal static void ThrowSecurityException (object demanded, string message, SecurityFrame frame,
379 SecurityAction action, IPermission failed)
382 throw new SecurityException (message);
384 Assembly a = frame.Assembly;
385 throw new SecurityException (Locale.GetText (message),
386 a.UnprotectedGetName (), a.GrantedPermissionSet,
387 a.DeniedPermissionSet, frame.Method, action, demanded,
388 failed, a.UnprotectedGetEvidence ());
projects / mono.git / blob