projects / mono.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge pull request #463 from strawd/concurrent-requests
[mono.git] / mcs / class / corlib / System.Security.Policy / DefaultPolicies.cs
1 //
2 // System.Security.Policy.DefaultPolicies.cs
3 //
4 // Author:
5 //      Sebastien Pouliot  <sebastien@ximian.com>
6 //
7 // Copyright (C) 2005 Novell, Inc (http://www.novell.com)
8 //
9 // Permission is hereby granted, free of charge, to any person obtaining
10 // a copy of this software and associated documentation files (the
11 // "Software"), to deal in the Software without restriction, including
12 // without limitation the rights to use, copy, modify, merge, publish,
13 // distribute, sublicense, and/or sell copies of the Software, and to
14 // permit persons to whom the Software is furnished to do so, subject to
15 // the following conditions:
16 // 
17 // The above copyright notice and this permission notice shall be
18 // included in all copies or substantial portions of the Software.
19 // 
20 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
21 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
22 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
23 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
24 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
25 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
26 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
27 //
28
29 using System.Security.Permissions;
30
31 namespace System.Security.Policy {
32
33         /* NOTES
34          *
35          * [1]  Some permissions classes are defined _outside_ mscorlib.dll.
36          *      In this case we're using SecurityElement to construct the 
37          *      permissions manually.
38          *
39          */
40
41         internal static class DefaultPolicies {
42
43                 public static class ReservedNames {
44                         public const string FullTrust = "FullTrust";
45                         public const string LocalIntranet = "LocalIntranet";
46                         public const string Internet = "Internet";
47                         public const string SkipVerification = "SkipVerification";
48                         public const string Execution = "Execution";
49                         public const string Nothing = "Nothing";
50                         public const string Everything = "Everything";
51
52                         static public bool IsReserved (string name) 
53                         {
54                                 switch (name) {
55                                 case FullTrust:
56                                 case LocalIntranet:
57                                 case Internet:
58                                 case SkipVerification:
59                                 case Execution:
60                                 case Nothing:
61                                 case Everything:
62                                         return true;
63                                 default:
64                                         return false;
65                                 }
66                         }
67                 }
68
69                 public enum Key {
70                         Ecma,
71                         MsFinal,
72                 }
73
74                 private const string DnsPermissionClass = "System.Net.DnsPermission, " + Consts.AssemblySystem;
75                 private const string EventLogPermissionClass = "System.Diagnostics.EventLogPermission, " + Consts.AssemblySystem;
76                 private const string PrintingPermissionClass = "System.Drawing.Printing.PrintingPermission, " + Consts.AssemblySystem_Drawing;
77                 private const string SocketPermissionClass = "System.Net.SocketPermission, " + Consts.AssemblySystem;
78                 private const string WebPermissionClass = "System.Net.WebPermission, " + Consts.AssemblySystem;
79                 private const string PerformanceCounterPermissionClass = "System.Diagnostics.PerformanceCounterPermission, " + Consts.AssemblySystem;
80                 private const string DirectoryServicesPermissionClass = "System.DirectoryServices.DirectoryServicesPermission, " + Consts.AssemblySystem_DirectoryServices;
81                 private const string MessageQueuePermissionClass = "System.Messaging.MessageQueuePermission, " + Consts.AssemblySystem_Messaging;
82                 private const string ServiceControllerPermissionClass = "System.ServiceProcess.ServiceControllerPermission, " + Consts.AssemblySystem_ServiceProcess;
83                 private const string OleDbPermissionClass = "System.Data.OleDb.OleDbPermission, " + Consts.AssemblySystem_Data;
84                 private const string SqlClientPermissionClass = "System.Data.SqlClient.SqlClientPermission, " + Consts.AssemblySystem_Data;
85 //              private const string DataProtectionPermissionClass = "System.Security.Permissions.DataProtectionPermission, " + Consts.AssemblySystem_Security;
86 //              private const string StorePermissionClass = "System.Security.Permissions.StorePermission, " + Consts.AssemblySystem_Security;
87
88                 private static Version _fxVersion;
89                 private static byte[] _ecmaKey = new byte [16] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
90                 private static StrongNamePublicKeyBlob _ecma;
91                 private static byte[] _msFinalKey = new byte [160] { 
92                         0x00, 0x24, 0x00, 0x00, 0x04, 0x80, 0x00, 0x00, 0x94, 0x00, 0x00, 0x00, 0x06, 0x02, 0x00, 0x00,
93                         0x00, 0x24, 0x00, 0x00, 0x52, 0x53, 0x41, 0x31, 0x00, 0x04, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00,
94                         0x07, 0xD1, 0xFA, 0x57, 0xC4, 0xAE, 0xD9, 0xF0, 0xA3, 0x2E, 0x84, 0xAA, 0x0F, 0xAE, 0xFD, 0x0D, 
95                         0xE9, 0xE8, 0xFD, 0x6A, 0xEC, 0x8F, 0x87, 0xFB, 0x03, 0x76, 0x6C, 0x83, 0x4C, 0x99, 0x92, 0x1E, 
96                         0xB2, 0x3B, 0xE7, 0x9A, 0xD9, 0xD5, 0xDC, 0xC1, 0xDD, 0x9A, 0xD2, 0x36, 0x13, 0x21, 0x02, 0x90, 
97                         0x0B, 0x72, 0x3C, 0xF9, 0x80, 0x95, 0x7F, 0xC4, 0xE1, 0x77, 0x10, 0x8F, 0xC6, 0x07, 0x77, 0x4F, 
98                         0x29, 0xE8, 0x32, 0x0E, 0x92, 0xEA, 0x05, 0xEC, 0xE4, 0xE8, 0x21, 0xC0, 0xA5, 0xEF, 0xE8, 0xF1, 
99                         0x64, 0x5C, 0x4C, 0x0C, 0x93, 0xC1, 0xAB, 0x99, 0x28, 0x5D, 0x62, 0x2C, 0xAA, 0x65, 0x2C, 0x1D, 
100                         0xFA, 0xD6, 0x3D, 0x74, 0x5D, 0x6F, 0x2D, 0xE5, 0xF1, 0x7E, 0x5E, 0xAF, 0x0F, 0xC4, 0x96, 0x3D, 
101                         0x26, 0x1C, 0x8A, 0x12, 0x43, 0x65, 0x18, 0x20, 0x6D, 0xC0, 0x93, 0x34, 0x4D, 0x5A, 0xD2, 0x93 };
102                 private static StrongNamePublicKeyBlob _msFinal;
103
104                 private static NamedPermissionSet _fullTrust;
105                 private static NamedPermissionSet _localIntranet;
106                 private static NamedPermissionSet _internet;
107                 private static NamedPermissionSet _skipVerification;
108                 private static NamedPermissionSet _execution;
109                 private static NamedPermissionSet _nothing;
110                 private static NamedPermissionSet _everything;
111
112                 public static PermissionSet GetSpecialPermissionSet (string name)
113                 {
114                         if (name == null)
115                                 throw new ArgumentNullException ("name");
116
117                         switch (name) {
118                         case ReservedNames.FullTrust:
119                                 return FullTrust;
120                         case ReservedNames.LocalIntranet:
121                                 return LocalIntranet;
122                         case ReservedNames.Internet:
123                                 return Internet;
124                         case ReservedNames.SkipVerification:
125                                 return SkipVerification;
126                         case ReservedNames.Execution:
127                                 return Execution;
128                         case ReservedNames.Nothing:
129                                 return Nothing;
130                         case ReservedNames.Everything:
131                                 return Everything;
132                         default:
133                                 return null;
134                         }
135                 }
136
137                 public static PermissionSet FullTrust {
138                         get {
139                                 if (_fullTrust == null)
140                                         _fullTrust = BuildFullTrust ();
141                                 return _fullTrust;
142                         }
143                 }
144
145                 public static PermissionSet LocalIntranet {
146                         get {
147                                 if (_localIntranet == null)
148                                         _localIntranet = BuildLocalIntranet ();
149                                 return _localIntranet;
150                         }
151                 }
152
153                 public static PermissionSet Internet {
154                         get {
155                                 if (_internet == null)
156                                         _internet = BuildInternet ();
157                                 return _internet;
158                         }
159                 }
160
161                 public static PermissionSet SkipVerification {
162                         get {
163                                 if (_skipVerification == null)
164                                         _skipVerification = BuildSkipVerification ();
165                                 return _skipVerification;
166                         }
167                 }
168
169                 public static PermissionSet Execution {
170                         get {
171                                 if (_execution == null)
172                                         _execution = BuildExecution ();
173                                 return _execution;
174                         }
175                 }
176
177
178                 public static PermissionSet Nothing {
179                         get {
180                                 if (_nothing == null)
181                                         _nothing = BuildNothing ();
182                                 return _nothing;
183                         }
184                 }
185
186                 public static PermissionSet Everything {
187                         get {
188                                 if (_everything == null)
189                                         _everything = BuildEverything ();
190                                 return _everything;
191                         }
192                 }
193
194                 public static StrongNameMembershipCondition FullTrustMembership (string name, Key key)
195                 {
196                         StrongNamePublicKeyBlob snkb = null;
197
198                         switch (key) {
199                         case Key.Ecma:
200                                 if (_ecma == null) {
201                                         _ecma = new StrongNamePublicKeyBlob (_ecmaKey);
202                                 }
203                                 snkb = _ecma;
204                                 break;
205                         case Key.MsFinal:
206                                 if (_msFinal == null) {
207                                         _msFinal = new StrongNamePublicKeyBlob (_msFinalKey);
208                                 }
209                                 snkb = _msFinal;
210                                 break;
211                         }
212
213                         if (_fxVersion == null)
214                         {
215                                 _fxVersion = new Version (Consts.FxVersion);
216                         }
217
218                         return new StrongNameMembershipCondition (snkb, name, _fxVersion);
219                 }
220
221                 // internal stuff
222
223                 private static NamedPermissionSet BuildFullTrust ()
224                 {
225                         return new NamedPermissionSet (ReservedNames.FullTrust, PermissionState.Unrestricted);
226                 }
227
228                 private static NamedPermissionSet BuildLocalIntranet ()
229                 {
230                         NamedPermissionSet nps = new NamedPermissionSet (ReservedNames.LocalIntranet, PermissionState.None);
231
232                         nps.AddPermission (new EnvironmentPermission (EnvironmentPermissionAccess.Read, "USERNAME;USER"));
233
234                         nps.AddPermission (new FileDialogPermission (PermissionState.Unrestricted));
235
236                         IsolatedStorageFilePermission isfp = new IsolatedStorageFilePermission (PermissionState.None);
237                         isfp.UsageAllowed = IsolatedStorageContainment.AssemblyIsolationByUser;
238                         isfp.UserQuota = Int64.MaxValue;
239                         nps.AddPermission (isfp);
240
241                         nps.AddPermission (new ReflectionPermission (ReflectionPermissionFlag.ReflectionEmit));
242
243                         SecurityPermissionFlag spf = SecurityPermissionFlag.Execution | SecurityPermissionFlag.Assertion;
244                         nps.AddPermission (new SecurityPermission (spf));
245
246                         nps.AddPermission (new UIPermission (PermissionState.Unrestricted));
247
248                         // DnsPermission requires stuff outside corlib (System)
249                         nps.AddPermission (PermissionBuilder.Create (DnsPermissionClass, PermissionState.Unrestricted));
250
251                         // PrintingPermission requires stuff outside corlib (System.Drawing)
252                         nps.AddPermission (PermissionBuilder.Create (PrintingPermission ("SafePrinting")));
253                         return nps;
254                 }
255
256                 private static NamedPermissionSet BuildInternet ()
257                 {
258                         NamedPermissionSet nps = new NamedPermissionSet (ReservedNames.Internet, PermissionState.None);
259                         nps.AddPermission (new FileDialogPermission (FileDialogPermissionAccess.Open));
260
261                         IsolatedStorageFilePermission isfp = new IsolatedStorageFilePermission (PermissionState.None);
262                         isfp.UsageAllowed = IsolatedStorageContainment.DomainIsolationByUser;
263                         isfp.UserQuota = 512000;
264                         nps.AddPermission (isfp);
265
266                         nps.AddPermission (new SecurityPermission (SecurityPermissionFlag.Execution));
267
268                         nps.AddPermission (new UIPermission (UIPermissionWindow.SafeTopLevelWindows, UIPermissionClipboard.OwnClipboard));
269
270                         // PrintingPermission requires stuff outside corlib (System.Drawing)
271                         nps.AddPermission (PermissionBuilder.Create (PrintingPermission ("SafePrinting")));
272                         return nps;
273                 }
274
275                 private static NamedPermissionSet BuildSkipVerification ()
276                 {
277                         NamedPermissionSet nps = new NamedPermissionSet (ReservedNames.SkipVerification, PermissionState.None);
278                         nps.AddPermission (new SecurityPermission (SecurityPermissionFlag.SkipVerification));
279                         return nps;
280                 }
281
282                 private static NamedPermissionSet BuildExecution ()
283                 {
284                         NamedPermissionSet nps = new NamedPermissionSet (ReservedNames.Execution, PermissionState.None);
285                         nps.AddPermission (new SecurityPermission (SecurityPermissionFlag.Execution));
286                         return nps;
287                 }
288
289                 private static NamedPermissionSet BuildNothing ()
290                 {
291                         return new NamedPermissionSet (ReservedNames.Nothing, PermissionState.None);
292                 }
293
294                 private static NamedPermissionSet BuildEverything ()
295                 {
296                         NamedPermissionSet nps = new NamedPermissionSet (ReservedNames.Everything, PermissionState.None);
297
298                         nps.AddPermission (new EnvironmentPermission (PermissionState.Unrestricted));
299                         nps.AddPermission (new FileDialogPermission (PermissionState.Unrestricted));
300                         nps.AddPermission (new FileIOPermission (PermissionState.Unrestricted));
301                         nps.AddPermission (new IsolatedStorageFilePermission (PermissionState.Unrestricted));
302                         nps.AddPermission (new ReflectionPermission (PermissionState.Unrestricted));
303                         nps.AddPermission (new RegistryPermission (PermissionState.Unrestricted));
304                         nps.AddPermission (new KeyContainerPermission (PermissionState.Unrestricted));
305
306                         // not quite all in this case
307                         SecurityPermissionFlag spf = SecurityPermissionFlag.AllFlags;
308                         spf &= ~SecurityPermissionFlag.SkipVerification;
309                         nps.AddPermission (new SecurityPermission (spf));
310
311                         nps.AddPermission (new UIPermission (PermissionState.Unrestricted));
312
313                         // others requires stuff outside corlib
314                         nps.AddPermission (PermissionBuilder.Create (DnsPermissionClass, PermissionState.Unrestricted));
315                         nps.AddPermission (PermissionBuilder.Create (PrintingPermissionClass, PermissionState.Unrestricted));
316                         nps.AddPermission (PermissionBuilder.Create (EventLogPermissionClass, PermissionState.Unrestricted));
317
318                         nps.AddPermission (PermissionBuilder.Create (SocketPermissionClass, PermissionState.Unrestricted));
319                         nps.AddPermission (PermissionBuilder.Create (WebPermissionClass, PermissionState.Unrestricted));
320                         nps.AddPermission (PermissionBuilder.Create (PerformanceCounterPermissionClass, PermissionState.Unrestricted));
321                         nps.AddPermission (PermissionBuilder.Create (DirectoryServicesPermissionClass, PermissionState.Unrestricted));
322                         nps.AddPermission (PermissionBuilder.Create (MessageQueuePermissionClass, PermissionState.Unrestricted));
323                         nps.AddPermission (PermissionBuilder.Create (ServiceControllerPermissionClass, PermissionState.Unrestricted));
324                         nps.AddPermission (PermissionBuilder.Create (OleDbPermissionClass, PermissionState.Unrestricted));
325                         nps.AddPermission (PermissionBuilder.Create (SqlClientPermissionClass, PermissionState.Unrestricted));
326 //                      nps.AddPermission (PermissionBuilder.Create (DataProtectionPermissionClass, PermissionState.Unrestricted));
327 //                      nps.AddPermission (PermissionBuilder.Create (StorePermissionClass, PermissionState.Unrestricted));
328                         return nps;
329                 }
330
331                 private static SecurityElement PrintingPermission (string level)
332                 {
333                         SecurityElement se = new SecurityElement ("IPermission");
334                         se.AddAttribute ("class", PrintingPermissionClass);
335                         se.AddAttribute ("version", "1");
336                         se.AddAttribute ("Level", level);
337                         return se;
338                 }
339
340         }
341 }
my mono mirror. check out Moved to http://github.com/mono/mono