1 //------------------------------------------------------------
2 // Copyright (c) Microsoft Corporation. All rights reserved.
3 //------------------------------------------------------------
5 namespace System.Runtime
8 using System.Security.Permissions;
9 using System.Runtime.CompilerServices;
10 using System.Reflection;
12 static class PartialTrustHelpers
14 [Fx.Tag.SecurityNote(Critical = "used in a security-sensitive decision")]
18 [Fx.Tag.SecurityNote(Critical = "used in a security-sensitive decision")]
20 static volatile bool checkedForFullTrust;
21 [Fx.Tag.SecurityNote(Critical = "used in a security-sensitive decision")]
23 static bool inFullTrust;
25 internal static bool ShouldFlowSecurityContext
27 [Fx.Tag.SecurityNote(Critical = "used in a security-sensitive decision")]
31 return SecurityManager.CurrentThreadRequiresSecurityContextCapture();
35 [Fx.Tag.SecurityNote(Critical = "used in a security-sensitive decision")]
37 internal static bool IsInFullTrust()
40 if (!SecurityManager.CurrentThreadRequiresSecurityContextCapture())
50 catch (SecurityException)
58 #if FEATURE_COMPRESSEDSTACK
59 [Fx.Tag.SecurityNote(Critical = "Captures security context with identity flow suppressed, " +
60 "this requires satisfying a LinkDemand for infrastructure.")]
62 internal static SecurityContext CaptureSecurityContextNoIdentityFlow()
64 // capture the security context but never flow windows identity
65 if (SecurityContext.IsWindowsIdentityFlowSuppressed())
67 return SecurityContext.Capture();
71 using (SecurityContext.SuppressFlowWindowsIdentity())
73 return SecurityContext.Capture();
78 [Fx.Tag.SecurityNote(Critical = "used in a security-sensitive decision")]
80 internal static bool IsTypeAptca(Type type)
82 Assembly assembly = type.Assembly;
83 return IsAssemblyAptca(assembly) || !IsAssemblySigned(assembly);
86 [SecuritySafeCritical]
87 [PermissionSet(SecurityAction.Demand, Unrestricted = true)]
88 [MethodImpl(MethodImplOptions.NoInlining)]
89 internal static void DemandForFullTrust()
93 [Fx.Tag.SecurityNote(Critical = "used in a security-sensitive decision")]
95 static bool IsAssemblyAptca(Assembly assembly)
99 aptca = typeof(AllowPartiallyTrustedCallersAttribute);
101 return assembly.GetCustomAttributes(aptca, false).Length > 0;
104 [Fx.Tag.SecurityNote(Critical = "used in a security-sensitive decision")]
106 [FileIOPermission(SecurityAction.Assert, Unrestricted = true)]
107 static bool IsAssemblySigned(Assembly assembly)
109 byte[] publicKeyToken = assembly.GetName().GetPublicKeyToken();
110 return publicKeyToken != null & publicKeyToken.Length > 0;
113 [Fx.Tag.SecurityNote(Critical = "used in a security-sensitive decision")]
115 internal static bool CheckAppDomainPermissions(PermissionSet permissions)
118 return AppDomain.CurrentDomain.IsHomogenous &&
119 permissions.IsSubsetOf(AppDomain.CurrentDomain.PermissionSet);
125 [Fx.Tag.SecurityNote(Critical = "used in a security-sensitive decision")]
127 internal static bool HasEtwPermissions()
130 //Currently unrestricted permissions are required to create Etw provider.
131 PermissionSet permissions = new PermissionSet(PermissionState.Unrestricted);
132 return CheckAppDomainPermissions(permissions);
138 internal static bool AppDomainFullyTrusted
140 [Fx.Tag.SecurityNote(Critical = "used in a security-sensitive decision",
141 Safe = "Does not leak critical resources")]
142 [SecuritySafeCritical]
146 if (!checkedForFullTrust)
148 inFullTrust = AppDomain.CurrentDomain.IsFullyTrusted;
149 checkedForFullTrust = true;