projects / mono.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
2005-06-05 Peter Bartok <pbartok@novell.com>
[mono.git] / mcs / class / corlib / System.Security.Policy / DefaultPolicies.cs
1 //
2 // System.Security.Policy.DefaultPolicies.cs
3 //
4 // Author:
5 //      Sebastien Pouliot  <sebastien@ximian.com>
6 //
7 // Copyright (C) 2005 Novell, Inc (http://www.novell.com)
8 //
9 // Permission is hereby granted, free of charge, to any person obtaining
10 // a copy of this software and associated documentation files (the
11 // "Software"), to deal in the Software without restriction, including
12 // without limitation the rights to use, copy, modify, merge, publish,
13 // distribute, sublicense, and/or sell copies of the Software, and to
14 // permit persons to whom the Software is furnished to do so, subject to
15 // the following conditions:
16 // 
17 // The above copyright notice and this permission notice shall be
18 // included in all copies or substantial portions of the Software.
19 // 
20 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
21 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
22 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
23 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
24 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
25 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
26 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
27 //
28
29 using System.Security.Permissions;
30
31 namespace System.Security.Policy {
32
33         /* NOTES
34          *
35          * [1]  Some permissions classes are defined _outside_ mscorlib.dll.
36          *      In this case we're using SecurityElement to construct the 
37          *      permissions manually.
38          *
39          */
40
41 #if NET_2_0
42         internal static class DefaultPolicies {
43
44                 public static class ReservedNames {
45 #else
46         internal sealed class DefaultPolicies {
47
48                 public sealed class ReservedNames {
49
50                         internal ReservedNames ()
51                         {
52                         }
53 #endif
54                         public const string FullTrust = "FullTrust";
55                         public const string LocalIntranet = "LocalIntranet";
56                         public const string Internet = "Internet";
57                         public const string SkipVerification = "SkipVerification";
58                         public const string Execution = "Execution";
59                         public const string Nothing = "Nothing";
60                         public const string Everything = "Everything";
61
62                         static public bool IsReserved (string name) 
63                         {
64                                 switch (name) {
65                                 case FullTrust:
66                                 case LocalIntranet:
67                                 case Internet:
68                                 case SkipVerification:
69                                 case Execution:
70                                 case Nothing:
71                                 case Everything:
72                                         return true;
73                                 default:
74                                         return false;
75                                 }
76                         }
77                 }
78
79                 public enum Key {
80                         Ecma,
81                         MsFinal,
82                 }
83
84 #if NET_2_0
85                 private const string DnsPermissionClass = "System.Net.DnsPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089";
86                 private const string EventLogPermissionClass = "System.Diagnostics.EventLogPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089";
87                 private const string PrintingPermissionClass = "System.Drawing.Printing.PrintingPermission, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a";
88                 private const string SocketPermissionClass = "System.Net.SocketPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089";
89                 private const string WebPermissionClass = "System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089";
90                 private const string PerformanceCounterPermissionClass = "System.Diagnostics.PerformanceCounterPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089";
91                 private const string DirectoryServicesPermissionClass = "System.DirectoryServices.DirectoryServicesPermission, System.DirectoryServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a";
92                 private const string MessageQueuePermissionClass = "System.Messaging.MessageQueuePermission, System.Messaging, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a";
93                 private const string ServiceControllerPermissionClass = "System.ServiceProcess.ServiceControllerPermission, System.ServiceProcess, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a";
94                 private const string OleDbPermissionClass = "System.Data.OleDb.OleDbPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089";
95                 private const string SqlClientPermissionClass = "System.Data.SqlClient.SqlClientPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089";
96
97                 private const string DataProtectionPermissionClass = "System.Security.Permissions.DataProtectionPermission, System.Security, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a";
98                 private const string StorePermissionClass = "System.Security.Permissions.StorePermission, System.Security, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a";
99
100                 private static Version Runtime = new Version (2, 0, 0, 0);
101 #else
102                 private const string DnsPermissionClass = "System.Net.DnsPermission, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089";
103                 private const string EventLogPermissionClass = "System.Diagnostics.EventLogPermission, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089";
104                 private const string PrintingPermissionClass = "System.Drawing.Printing.PrintingPermission, System.Drawing, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a";
105                 private const string SocketPermissionClass = "System.Net.SocketPermission, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089";
106                 private const string WebPermissionClass = "System.Net.WebPermission, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089";
107                 private const string PerformanceCounterPermissionClass = "System.Diagnostics.PerformanceCounterPermission, System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089";
108                 private const string DirectoryServicesPermissionClass = "System.DirectoryServices.DirectoryServicesPermission, System.DirectoryServices, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a";
109                 private const string MessageQueuePermissionClass = "System.Messaging.MessageQueuePermission, System.Messaging, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a";
110                 private const string ServiceControllerPermissionClass = "System.ServiceProcess.ServiceControllerPermission, System.ServiceProcess, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a";
111                 private const string OleDbPermissionClass = "System.Data.OleDb.OleDbPermission, System.Data, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089";
112                 private const string SqlClientPermissionClass = "System.Data.SqlClient.SqlClientPermission, System.Data, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089";
113
114                 private static Version Runtime = new Version (1, 0, 5000, 0);
115 #endif
116                 private static byte[] _ecmaKey = new byte [16] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
117                 private static StrongNamePublicKeyBlob _ecma;
118                 private static byte[] _msFinalKey = new byte [160] { 
119                         0x00, 0x24, 0x00, 0x00, 0x04, 0x80, 0x00, 0x00, 0x94, 0x00, 0x00, 0x00, 0x06, 0x02, 0x00, 0x00,
120                         0x00, 0x24, 0x00, 0x00, 0x52, 0x53, 0x41, 0x31, 0x00, 0x04, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00,
121                         0x07, 0xD1, 0xFA, 0x57, 0xC4, 0xAE, 0xD9, 0xF0, 0xA3, 0x2E, 0x84, 0xAA, 0x0F, 0xAE, 0xFD, 0x0D, 
122                         0xE9, 0xE8, 0xFD, 0x6A, 0xEC, 0x8F, 0x87, 0xFB, 0x03, 0x76, 0x6C, 0x83, 0x4C, 0x99, 0x92, 0x1E, 
123                         0xB2, 0x3B, 0xE7, 0x9A, 0xD9, 0xD5, 0xDC, 0xC1, 0xDD, 0x9A, 0xD2, 0x36, 0x13, 0x21, 0x02, 0x90, 
124                         0x0B, 0x72, 0x3C, 0xF9, 0x80, 0x95, 0x7F, 0xC4, 0xE1, 0x77, 0x10, 0x8F, 0xC6, 0x07, 0x77, 0x4F, 
125                         0x29, 0xE8, 0x32, 0x0E, 0x92, 0xEA, 0x05, 0xEC, 0xE4, 0xE8, 0x21, 0xC0, 0xA5, 0xEF, 0xE8, 0xF1, 
126                         0x64, 0x5C, 0x4C, 0x0C, 0x93, 0xC1, 0xAB, 0x99, 0x28, 0x5D, 0x62, 0x2C, 0xAA, 0x65, 0x2C, 0x1D, 
127                         0xFA, 0xD6, 0x3D, 0x74, 0x5D, 0x6F, 0x2D, 0xE5, 0xF1, 0x7E, 0x5E, 0xAF, 0x0F, 0xC4, 0x96, 0x3D, 
128                         0x26, 0x1C, 0x8A, 0x12, 0x43, 0x65, 0x18, 0x20, 0x6D, 0xC0, 0x93, 0x34, 0x4D, 0x5A, 0xD2, 0x93 };
129                 private static StrongNamePublicKeyBlob _msFinal;
130
131                 private static NamedPermissionSet _fullTrust;
132                 private static NamedPermissionSet _localIntranet;
133                 private static NamedPermissionSet _internet;
134                 private static NamedPermissionSet _skipVerification;
135                 private static NamedPermissionSet _execution;
136                 private static NamedPermissionSet _nothing;
137                 private static NamedPermissionSet _everything;
138
139                 public static PermissionSet GetSpecialPermissionSet (string name)
140                 {
141                         if (name == null)
142                                 throw new ArgumentNullException ("name");
143
144                         switch (name) {
145                         case ReservedNames.FullTrust:
146                                 return FullTrust;
147                         case ReservedNames.LocalIntranet:
148                                 return LocalIntranet;
149                         case ReservedNames.Internet:
150                                 return Internet;
151                         case ReservedNames.SkipVerification:
152                                 return SkipVerification;
153                         case ReservedNames.Execution:
154                                 return Execution;
155                         case ReservedNames.Nothing:
156                                 return Nothing;
157                         case ReservedNames.Everything:
158                                 return Everything;
159                         default:
160                                 return null;
161                         }
162                 }
163
164                 public static PermissionSet FullTrust {
165                         get {
166                                 if (_fullTrust == null)
167                                         _fullTrust = BuildFullTrust ();
168                                 return _fullTrust;
169                         }
170                 }
171
172                 public static PermissionSet LocalIntranet {
173                         get {
174                                 if (_localIntranet == null)
175                                         _localIntranet = BuildLocalIntranet ();
176                                 return _localIntranet;
177                         }
178                 }
179
180                 public static PermissionSet Internet {
181                         get {
182                                 if (_internet == null)
183                                         _internet = BuildInternet ();
184                                 return _internet;
185                         }
186                 }
187
188                 public static PermissionSet SkipVerification {
189                         get {
190                                 if (_skipVerification == null)
191                                         _skipVerification = BuildSkipVerification ();
192                                 return _skipVerification;
193                         }
194                 }
195
196                 public static PermissionSet Execution {
197                         get {
198                                 if (_execution == null)
199                                         _execution = BuildExecution ();
200                                 return _execution;
201                         }
202                 }
203
204
205                 public static PermissionSet Nothing {
206                         get {
207                                 if (_nothing == null)
208                                         _nothing = BuildNothing ();
209                                 return _nothing;
210                         }
211                 }
212
213                 public static PermissionSet Everything {
214                         get {
215                                 if (_everything == null)
216                                         _everything = BuildEverything ();
217                                 return _everything;
218                         }
219                 }
220
221                 public static StrongNameMembershipCondition FullTrustMembership (string name, Key key)
222                 {
223                         StrongNamePublicKeyBlob snkb = null;
224                         switch (key) {
225                         case Key.Ecma:
226                                 if (_ecma == null) {
227                                         _ecma = new StrongNamePublicKeyBlob (_ecmaKey);
228                                 }
229                                 snkb = _ecma;
230                                 break;
231                         case Key.MsFinal:
232                                 if (_msFinal == null) {
233                                         _msFinal = new StrongNamePublicKeyBlob (_msFinalKey);
234                                 }
235                                 snkb = _msFinal;
236                                 break;
237                         }
238
239                         return new StrongNameMembershipCondition (snkb, name, Runtime);
240                 }
241
242                 // internal stuff
243
244                 private static NamedPermissionSet BuildFullTrust ()
245                 {
246                         return new NamedPermissionSet (ReservedNames.FullTrust, PermissionState.Unrestricted);
247                 }
248
249                 private static NamedPermissionSet BuildLocalIntranet ()
250                 {
251                         NamedPermissionSet nps = new NamedPermissionSet (ReservedNames.LocalIntranet, PermissionState.None);
252
253                         nps.AddPermission (new EnvironmentPermission (EnvironmentPermissionAccess.Read, "USERNAME;USER"));
254
255                         nps.AddPermission (new FileDialogPermission (PermissionState.Unrestricted));
256
257                         IsolatedStorageFilePermission isfp = new IsolatedStorageFilePermission (PermissionState.None);
258                         isfp.UsageAllowed = IsolatedStorageContainment.AssemblyIsolationByUser;
259                         isfp.UserQuota = Int64.MaxValue;
260                         nps.AddPermission (isfp);
261
262                         nps.AddPermission (new ReflectionPermission (ReflectionPermissionFlag.ReflectionEmit));
263
264                         SecurityPermissionFlag spf = SecurityPermissionFlag.Execution | SecurityPermissionFlag.Assertion;
265                         nps.AddPermission (new SecurityPermission (spf));
266
267                         nps.AddPermission (new UIPermission (PermissionState.Unrestricted));
268
269                         // DnsPermission requires stuff outside corlib (System)
270                         nps.AddPermission (PermissionBuilder.Create (DnsPermissionClass, PermissionState.Unrestricted));
271
272                         // PrintingPermission requires stuff outside corlib (System.Drawing)
273                         nps.AddPermission (PermissionBuilder.Create (PrintingPermission ("SafePrinting")));
274 #if !NET_2_0
275                         // EventLogPermission requires stuff outside corlib (System)
276                         nps.AddPermission (PermissionBuilder.Create (EventLogPermission (".", "Instrument")));
277 #endif
278                         return nps;
279                 }
280
281                 private static NamedPermissionSet BuildInternet ()
282                 {
283                         NamedPermissionSet nps = new NamedPermissionSet (ReservedNames.Internet, PermissionState.None);
284                         nps.AddPermission (new FileDialogPermission (FileDialogPermissionAccess.Open));
285
286                         IsolatedStorageFilePermission isfp = new IsolatedStorageFilePermission (PermissionState.None);
287                         isfp.UsageAllowed = IsolatedStorageContainment.DomainIsolationByUser;
288                         isfp.UserQuota = 10240;
289                         nps.AddPermission (isfp);
290
291                         nps.AddPermission (new SecurityPermission (SecurityPermissionFlag.Execution));
292
293                         nps.AddPermission (new UIPermission (UIPermissionWindow.SafeTopLevelWindows, UIPermissionClipboard.OwnClipboard));
294
295                         // PrintingPermission requires stuff outside corlib (System.Drawing)
296                         nps.AddPermission (PermissionBuilder.Create (PrintingPermission ("SafePrinting")));
297                         return nps;
298                 }
299
300                 private static NamedPermissionSet BuildSkipVerification ()
301                 {
302                         NamedPermissionSet nps = new NamedPermissionSet (ReservedNames.SkipVerification, PermissionState.None);
303                         nps.AddPermission (new SecurityPermission (SecurityPermissionFlag.SkipVerification));
304                         return nps;
305                 }
306
307                 private static NamedPermissionSet BuildExecution ()
308                 {
309                         NamedPermissionSet nps = new NamedPermissionSet (ReservedNames.Execution, PermissionState.None);
310                         nps.AddPermission (new SecurityPermission (SecurityPermissionFlag.Execution));
311                         return nps;
312                 }
313
314                 private static NamedPermissionSet BuildNothing ()
315                 {
316                         return new NamedPermissionSet (ReservedNames.Nothing, PermissionState.None);
317                 }
318
319                 private static NamedPermissionSet BuildEverything ()
320                 {
321                         NamedPermissionSet nps = new NamedPermissionSet (ReservedNames.Everything, PermissionState.None);
322
323                         nps.AddPermission (new EnvironmentPermission (PermissionState.Unrestricted));
324                         nps.AddPermission (new FileDialogPermission (PermissionState.Unrestricted));
325                         nps.AddPermission (new FileIOPermission (PermissionState.Unrestricted));
326                         nps.AddPermission (new IsolatedStorageFilePermission (PermissionState.Unrestricted));
327                         nps.AddPermission (new ReflectionPermission (PermissionState.Unrestricted));
328                         nps.AddPermission (new RegistryPermission (PermissionState.Unrestricted));
329 #if NET_2_0
330                         nps.AddPermission (new KeyContainerPermission (PermissionState.Unrestricted));
331 #endif
332
333                         // not quite all in this case
334                         SecurityPermissionFlag spf = SecurityPermissionFlag.AllFlags;
335                         spf &= ~SecurityPermissionFlag.SkipVerification;
336                         nps.AddPermission (new SecurityPermission (spf));
337
338                         nps.AddPermission (new UIPermission (PermissionState.Unrestricted));
339
340                         // others requires stuff outside corlib
341                         nps.AddPermission (PermissionBuilder.Create (DnsPermissionClass, PermissionState.Unrestricted));
342                         nps.AddPermission (PermissionBuilder.Create (PrintingPermissionClass, PermissionState.Unrestricted));
343                         nps.AddPermission (PermissionBuilder.Create (EventLogPermissionClass, PermissionState.Unrestricted));
344
345                         nps.AddPermission (PermissionBuilder.Create (SocketPermissionClass, PermissionState.Unrestricted));
346                         nps.AddPermission (PermissionBuilder.Create (WebPermissionClass, PermissionState.Unrestricted));
347                         nps.AddPermission (PermissionBuilder.Create (PerformanceCounterPermissionClass, PermissionState.Unrestricted));
348                         nps.AddPermission (PermissionBuilder.Create (DirectoryServicesPermissionClass, PermissionState.Unrestricted));
349                         nps.AddPermission (PermissionBuilder.Create (MessageQueuePermissionClass, PermissionState.Unrestricted));
350                         nps.AddPermission (PermissionBuilder.Create (ServiceControllerPermissionClass, PermissionState.Unrestricted));
351                         nps.AddPermission (PermissionBuilder.Create (OleDbPermissionClass, PermissionState.Unrestricted));
352                         nps.AddPermission (PermissionBuilder.Create (SqlClientPermissionClass, PermissionState.Unrestricted));
353 #if NET_2_0
354 //                      nps.AddPermission (PermissionBuilder.Create (DataProtectionPermissionClass, PermissionState.Unrestricted));
355 //                      nps.AddPermission (PermissionBuilder.Create (StorePermissionClass, PermissionState.Unrestricted));
356 #endif
357                         return nps;
358                 }
359
360                 private static SecurityElement PrintingPermission (string level)
361                 {
362                         SecurityElement se = new SecurityElement ("IPermission");
363                         se.AddAttribute ("class", PrintingPermissionClass);
364                         se.AddAttribute ("version", "1");
365                         se.AddAttribute ("Level", level);
366                         return se;
367                 }
368
369                 private static SecurityElement EventLogPermission (string name, string access)
370                 {
371                         SecurityElement se = new SecurityElement ("IPermission");
372                         se.AddAttribute ("class", EventLogPermissionClass);
373                         se.AddAttribute ("version", "1");
374
375                         SecurityElement child = new SecurityElement ("Machine");
376                         child.AddAttribute ("name", name);
377                         child.AddAttribute ("access", access);
378
379                         se.AddChild (child);
380                         return se;
381                 }
382         }
383 }
my mono mirror. check out Moved to http://github.com/mono/mono