3 // Copyright (c) Microsoft Corporation. All rights reserved.
6 // <OWNER>Microsoft</OWNER>
7 using System.Runtime.InteropServices;
9 namespace System.Security
11 // DynamicSecurityMethodAttribute:
12 // Indicates that calling the target method requires space for a security
13 // object to be allocated on the callers stack. This attribute is only ever
14 // set on certain security methods defined within mscorlib.
15 [AttributeUsage(AttributeTargets.Method, AllowMultiple = true, Inherited = false )]
16 sealed internal class DynamicSecurityMethodAttribute : System.Attribute
20 // SuppressUnmanagedCodeSecurityAttribute:
21 // Indicates that the target P/Invoke method(s) should skip the per-call
22 // security checked for unmanaged code permission.
23 [AttributeUsage(AttributeTargets.Method | AttributeTargets.Class | AttributeTargets.Interface | AttributeTargets.Delegate, AllowMultiple = true, Inherited = false )]
24 [System.Runtime.InteropServices.ComVisible(true)]
25 sealed public class SuppressUnmanagedCodeSecurityAttribute : System.Attribute
29 // UnverifiableCodeAttribute:
30 // Indicates that the target module contains unverifiable code.
31 [AttributeUsage(AttributeTargets.Module, AllowMultiple = true, Inherited = false )]
32 [System.Runtime.InteropServices.ComVisible(true)]
33 sealed public class UnverifiableCodeAttribute : System.Attribute
37 // AllowPartiallyTrustedCallersAttribute:
38 // Indicates that the Assembly is secure and can be used by untrusted
39 // and semitrusted clients
40 // For v.1, this is valid only on Assemblies, but could be expanded to
41 // include Module, Method, class
42 [AttributeUsage(AttributeTargets.Assembly, AllowMultiple = false, Inherited = false )]
43 [System.Runtime.InteropServices.ComVisible(true)]
44 sealed public class AllowPartiallyTrustedCallersAttribute : System.Attribute
46 private PartialTrustVisibilityLevel _visibilityLevel;
47 public AllowPartiallyTrustedCallersAttribute () { }
49 public PartialTrustVisibilityLevel PartialTrustVisibilityLevel
51 get { return _visibilityLevel; }
52 set { _visibilityLevel = value; }
56 public enum PartialTrustVisibilityLevel
58 VisibleToAllHosts = 0,
59 NotVisibleByDefault = 1
63 [Obsolete("SecurityCriticalScope is only used for .NET 2.0 transparency compatibility.")]
64 public enum SecurityCriticalScope
69 #endif // FEATURE_CORECLR
71 // SecurityCriticalAttribute
72 // Indicates that the decorated code or assembly performs security critical operations (e.g. Assert, "unsafe", LinkDemand, etc.)
73 // The attribute can be placed on most targets, except on arguments/return values.
74 [AttributeUsage(AttributeTargets.Assembly |
75 AttributeTargets.Class |
76 AttributeTargets.Struct |
77 AttributeTargets.Enum |
78 AttributeTargets.Constructor |
79 AttributeTargets.Method |
80 AttributeTargets.Field |
81 AttributeTargets.Interface |
82 AttributeTargets.Delegate,
83 AllowMultiple = false,
85 sealed public class SecurityCriticalAttribute : System.Attribute
87 #pragma warning disable 618 // We still use SecurityCriticalScope for v2 compat
89 #if !FEATURE_CORECLR && !MOBILE
90 private SecurityCriticalScope _val;
91 #endif // FEATURE_CORECLR
92 public SecurityCriticalAttribute () {}
94 #if !FEATURE_CORECLR && !MOBILE
95 public SecurityCriticalAttribute(SecurityCriticalScope scope)
100 [Obsolete("SecurityCriticalScope is only used for .NET 2.0 transparency compatibility.")]
101 public SecurityCriticalScope Scope {
106 #endif // FEATURE_CORECLR
108 #pragma warning restore 618
111 // SecurityTreatAsSafeAttribute:
112 // Indicates that the code may contain violations to the security critical rules (e.g. transitions from
113 // critical to non-public transparent, transparent to non-public critical, etc.), has been audited for
114 // security concerns and is considered security clean.
115 // At assembly-scope, all rule checks will be suppressed within the assembly and for calls made against the assembly.
116 // At type-scope, all rule checks will be suppressed for members within the type and for calls made against the type.
117 // At member level (e.g. field and method) the code will be treated as public - i.e. no rule checks for the members.
119 [AttributeUsage(AttributeTargets.Assembly |
120 AttributeTargets.Class |
121 AttributeTargets.Struct |
122 AttributeTargets.Enum |
123 AttributeTargets.Constructor |
124 AttributeTargets.Method |
125 AttributeTargets.Field |
126 AttributeTargets.Interface |
127 AttributeTargets.Delegate,
128 AllowMultiple = false,
130 [Obsolete("SecurityTreatAsSafe is only used for .NET 2.0 transparency compatibility. Please use the SecuritySafeCriticalAttribute instead.")]
131 sealed public class SecurityTreatAsSafeAttribute : System.Attribute
133 public SecurityTreatAsSafeAttribute () { }
136 // SecuritySafeCriticalAttribute:
137 // Indicates that the code may contain violations to the security critical rules (e.g. transitions from
138 // critical to non-public transparent, transparent to non-public critical, etc.), has been audited for
139 // security concerns and is considered security clean. Also indicates that the code is considered SecurityCritical.
140 // The effect of this attribute is as if the code was marked [SecurityCritical][SecurityTreatAsSafe].
141 // At assembly-scope, all rule checks will be suppressed within the assembly and for calls made against the assembly.
142 // At type-scope, all rule checks will be suppressed for members within the type and for calls made against the type.
143 // At member level (e.g. field and method) the code will be treated as public - i.e. no rule checks for the members.
145 [AttributeUsage(AttributeTargets.Class |
146 AttributeTargets.Struct |
147 AttributeTargets.Enum |
148 AttributeTargets.Constructor |
149 AttributeTargets.Method |
150 AttributeTargets.Field |
151 AttributeTargets.Interface |
152 AttributeTargets.Delegate,
153 AllowMultiple = false,
155 sealed public class SecuritySafeCriticalAttribute : System.Attribute
157 public SecuritySafeCriticalAttribute () { }
160 // SecurityTransparentAttribute:
161 // Indicates the assembly contains only transparent code.
162 // Security critical actions will be restricted or converted into less critical actions. For example,
163 // Assert will be restricted, SuppressUnmanagedCode, LinkDemand, unsafe, and unverifiable code will be converted
164 // into Full-Demands.
166 [AttributeUsage(AttributeTargets.Assembly, AllowMultiple = false, Inherited = false )]
167 sealed public class SecurityTransparentAttribute : System.Attribute
169 public SecurityTransparentAttribute () {}
173 public enum SecurityRuleSet : byte
176 Level1 = 1, // v2.0 transparency model
177 Level2 = 2, // v4.0 transparency model
180 // SecurityRulesAttribute
182 // Indicates which set of security rules an assembly was authored against, and therefore which set of
183 // rules the runtime should enforce on the assembly. For instance, an assembly marked with
184 // [SecurityRules(SecurityRuleSet.Level1)] will follow the v2.0 transparency rules, where transparent code
185 // can call a LinkDemand by converting it to a full demand, public critical methods are implicitly
186 // treat as safe, and the remainder of the v2.0 rules apply.
187 [AttributeUsage(AttributeTargets.Assembly, AllowMultiple = false)]
188 public sealed class SecurityRulesAttribute : Attribute
190 private SecurityRuleSet m_ruleSet;
191 private bool m_skipVerificationInFullTrust = false;
193 public SecurityRulesAttribute(SecurityRuleSet ruleSet)
198 // Should fully trusted transparent code skip IL verification
199 public bool SkipVerificationInFullTrust
201 get { return m_skipVerificationInFullTrust; }
202 set { m_skipVerificationInFullTrust = value; }
205 public SecurityRuleSet RuleSet
207 get { return m_ruleSet; }
210 #endif // !FEATURE_CORECLR