mcs/class/referencesource/System.ServiceModel.Internals/System/Runtime/PartialTrustHelpers.cs

   1 //------------------------------------------------------------
   2 // Copyright (c) Microsoft Corporation.  All rights reserved.
   3 //------------------------------------------------------------
   4
   5 namespace System.Runtime
   6 {
   7     using System.Security;
   8     using System.Security.Permissions;
   9     using System.Runtime.CompilerServices;
  10     using System.Reflection;
  11
  12     static class PartialTrustHelpers
  13     {
  14         [Fx.Tag.SecurityNote(Critical = "used in a security-sensitive decision")]
  15         [SecurityCritical]
  16         static Type aptca;
  17
  18         [Fx.Tag.SecurityNote(Critical = "used in a security-sensitive decision")]
  19         [SecurityCritical]
  20         static volatile bool checkedForFullTrust;
  21         [Fx.Tag.SecurityNote(Critical = "used in a security-sensitive decision")]
  22         [SecurityCritical]
  23         static bool inFullTrust;
  24
  25         internal static bool ShouldFlowSecurityContext
  26         {
  27             [Fx.Tag.SecurityNote(Critical = "used in a security-sensitive decision")]
  28             [SecurityCritical]
  29             get
  30             {
  31                 return SecurityManager.CurrentThreadRequiresSecurityContextCapture();
  32             }
  33         }
  34
  35         [Fx.Tag.SecurityNote(Critical = "used in a security-sensitive decision")]
  36         [SecurityCritical]
  37         internal static bool IsInFullTrust()
  38         {
  39 #if FEATURE_MONO_CAS
  40             if (!SecurityManager.CurrentThreadRequiresSecurityContextCapture())
  41             {
  42                 return true;
  43             }
  44
  45             try
  46             {
  47                 DemandForFullTrust();
  48                 return true;
  49             }
  50             catch (SecurityException)
  51             {
  52                 return false;
  53             }
  54 #else
  55             return true;
  56 #endif
  57         }
  58 #if FEATURE_COMPRESSEDSTACK
  59         [Fx.Tag.SecurityNote(Critical = "Captures security context with identity flow suppressed, " +
  60             "this requires satisfying a LinkDemand for infrastructure.")]
  61         [SecurityCritical]
  62         internal static SecurityContext CaptureSecurityContextNoIdentityFlow()
  63         {
  64             // capture the security context but never flow windows identity
  65             if (SecurityContext.IsWindowsIdentityFlowSuppressed())
  66             {
  67                 return SecurityContext.Capture();
  68             }
  69             else
  70             {
  71                 using (SecurityContext.SuppressFlowWindowsIdentity())
  72                 {
  73                     return SecurityContext.Capture();
  74                 }
  75             }
  76         }
  77 #endif
  78         [Fx.Tag.SecurityNote(Critical = "used in a security-sensitive decision")]
  79         [SecurityCritical]
  80         internal static bool IsTypeAptca(Type type)
  81         {
  82             Assembly assembly = type.Assembly;
  83             return IsAssemblyAptca(assembly) || !IsAssemblySigned(assembly);
  84         }
  85
  86         [SecuritySafeCritical]
  87         [PermissionSet(SecurityAction.Demand, Unrestricted = true)]
  88         [MethodImpl(MethodImplOptions.NoInlining)]
  89         internal static void DemandForFullTrust()
  90         {
  91         }
  92
  93         [Fx.Tag.SecurityNote(Critical = "used in a security-sensitive decision")]
  94         [SecurityCritical]
  95         static bool IsAssemblyAptca(Assembly assembly)
  96         {
  97             if (aptca == null)
  98             {
  99                 aptca = typeof(AllowPartiallyTrustedCallersAttribute);
 100             }
 101             return assembly.GetCustomAttributes(aptca, false).Length > 0;
 102         }
 103
 104         [Fx.Tag.SecurityNote(Critical = "used in a security-sensitive decision")]
 105         [SecurityCritical]
 106         [FileIOPermission(SecurityAction.Assert, Unrestricted = true)]
 107         static bool IsAssemblySigned(Assembly assembly)
 108         {
 109             byte[] publicKeyToken = assembly.GetName().GetPublicKeyToken();
 110             return publicKeyToken != null & publicKeyToken.Length > 0;
 111         }
 112
 113         [Fx.Tag.SecurityNote(Critical = "used in a security-sensitive decision")]
 114         [SecurityCritical]
 115         internal static bool CheckAppDomainPermissions(PermissionSet permissions)
 116         {
 117 #if FEATURE_MONO_CAS
 118             return AppDomain.CurrentDomain.IsHomogenous &&
 119                    permissions.IsSubsetOf(AppDomain.CurrentDomain.PermissionSet);
 120 #else
 121             return true;
 122 #endif
 123         }
 124
 125         [Fx.Tag.SecurityNote(Critical = "used in a security-sensitive decision")]
 126         [SecurityCritical]
 127         internal static bool HasEtwPermissions()
 128         {
 129 #if FEATURE_MONO_CAS
 130             //Currently unrestricted permissions are required to create Etw provider.
 131             PermissionSet permissions = new PermissionSet(PermissionState.Unrestricted);
 132             return CheckAppDomainPermissions(permissions);
 133 #else
 134             return true;
 135 #endif
 136         }
 137
 138         internal static bool AppDomainFullyTrusted
 139         {
 140             [Fx.Tag.SecurityNote(Critical = "used in a security-sensitive decision",
 141                 Safe = "Does not leak critical resources")]
 142             [SecuritySafeCritical]
 143             get
 144             {
 145 #if FEATURE_MONO_CAS
 146                 if (!checkedForFullTrust)
 147                 {
 148                     inFullTrust = AppDomain.CurrentDomain.IsFullyTrusted;
 149                     checkedForFullTrust = true;
 150                 }
 151
 152                 return inFullTrust;
 153 #else
 154                 return true;
 155 #endif
 156             }
 157         }
 158     }
 159 }