3 // Copyright (c) Microsoft Corporation. All rights reserved.
6 /*=============================================================================
8 ** Class: SecurityException
10 ** <OWNER>[....]</OWNER>
13 ** Purpose: Exception class for security
16 =============================================================================*/
18 namespace System.Security
20 using System.Security;
22 using System.Runtime.Serialization;
23 using System.Security.Permissions;
24 using System.Reflection;
26 using System.Security.Policy;
28 #if FEATURE_SERIALIZATION
29 using System.Runtime.Serialization.Formatters.Binary;
30 #endif // FEATURE_SERIALIZATION
31 using System.Globalization;
32 using System.Security.Util;
33 using System.Diagnostics.Contracts;
35 [System.Runtime.InteropServices.ComVisible(true)]
36 [Serializable] public class SecurityException : SystemException
38 #if FEATURE_CAS_POLICY
39 private String m_debugString; // NOTE: If you change the name of this field, you'll have to update SOS as well!
40 private SecurityAction m_action;
41 [NonSerialized] private Type m_typeOfPermissionThatFailed;
42 private String m_permissionThatFailed;
43 private String m_demanded;
44 private String m_granted;
45 private String m_refused;
46 private String m_denied;
47 private String m_permitOnly;
48 private AssemblyName m_assemblyName;
49 private byte[] m_serializedMethodInfo;
50 private String m_strMethodInfo;
51 private SecurityZone m_zone;
54 private const String ActionName = "Action";
55 private const String FirstPermissionThatFailedName = "FirstPermissionThatFailed";
56 private const String DemandedName = "Demanded";
57 private const String GrantedSetName = "GrantedSet";
58 private const String RefusedSetName = "RefusedSet";
59 private const String DeniedName = "Denied";
60 private const String PermitOnlyName = "PermitOnly";
61 private const String Assembly_Name = "Assembly";
62 private const String MethodName_Serialized = "Method";
63 private const String MethodName_String = "Method_String";
64 private const String ZoneName = "Zone";
65 private const String UrlName = "Url";
66 #endif // #if FEATURE_CAS_POLICY
68 [System.Security.SecuritySafeCritical] // auto-generated
69 internal static string GetResString(string sResourceName)
71 PermissionSet.s_fullTrust.Assert();
72 return Environment.GetResourceString(sResourceName);
75 [System.Security.SecurityCritical] // auto-generated
76 #pragma warning disable 618
77 internal static Exception MakeSecurityException(AssemblyName asmName, Evidence asmEvidence, PermissionSet granted, PermissionSet refused, RuntimeMethodHandleInternal rmh, SecurityAction action, Object demand, IPermission permThatFailed)
78 #pragma warning restore 618
80 #if FEATURE_CAS_POLICY
81 // See if we need to throw a HostProtectionException instead
82 HostProtectionPermission hostProtectionPerm = permThatFailed as HostProtectionPermission;
83 if(hostProtectionPerm != null)
84 return new HostProtectionException(GetResString("HostProtection_HostProtection"), HostProtectionPermission.protectedResources, hostProtectionPerm.Resources);
86 // Produce relevant strings
88 MethodInfo method = null;
91 if(granted == null && refused == null && demand == null)
93 message = GetResString("Security_NoAPTCA");
97 if(demand != null && demand is IPermission)
98 message = String.Format(CultureInfo.InvariantCulture, GetResString("Security_Generic"), demand.GetType().AssemblyQualifiedName );
99 else if (permThatFailed != null)
100 message = String.Format(CultureInfo.InvariantCulture, GetResString("Security_Generic"), permThatFailed.GetType().AssemblyQualifiedName);
102 message = GetResString("Security_GenericNoType");
105 method = SecurityRuntime.GetMethodInfo(rmh);
109 // Environment.GetResourceString will throw if we are ReadyForAbort (thread abort). (We shouldn't do a Contract.Assert in this case or it will lock up the thread.)
110 if(e is System.Threading.ThreadAbortException)
114 /* catch(System.Threading.ThreadAbortException)
116 // Environment.GetResourceString will throw if we are ReadyForAbort (thread abort). (We shouldn't do a BCLDebug.Assert in this case or it will lock up the thread.)
123 // make the exception object
124 return new SecurityException(message, asmName, granted, refused, method, action, demand, permThatFailed, asmEvidence);
126 return new SecurityException(GetResString("Arg_SecurityException"));
131 #if FEATURE_CAS_POLICY
132 private static byte[] ObjectToByteArray(Object obj)
136 MemoryStream stream = new MemoryStream();
137 BinaryFormatter formatter = new BinaryFormatter();
139 formatter.Serialize(stream, obj);
140 byte[] array = stream.ToArray();
142 } catch (NotSupportedException) {
143 // Serialization of certain methods is not supported (namely
144 // global methods, since they have no representation outside of
150 private static Object ByteArrayToObject(byte[] array)
152 if(array == null || array.Length == 0)
154 MemoryStream stream = new MemoryStream(array);
155 BinaryFormatter formatter = new BinaryFormatter();
156 Object obj = formatter.Deserialize(stream);
159 #endif // FEATURE_CAS_POLICY
161 public SecurityException()
162 : base(GetResString("Arg_SecurityException"))
164 SetErrorCode(System.__HResults.COR_E_SECURITY);
167 public SecurityException(String message)
170 // This is the constructor that gets called if you Assert but don't have permission to Assert. (So don't assert in here.)
171 SetErrorCode(System.__HResults.COR_E_SECURITY);
174 #if FEATURE_CAS_POLICY
175 [System.Security.SecuritySafeCritical] // auto-generated
176 public SecurityException(String message, Type type )
179 PermissionSet.s_fullTrust.Assert();
180 SetErrorCode(System.__HResults.COR_E_SECURITY);
181 m_typeOfPermissionThatFailed = type;
184 // *** Don't use this constructor internally ***
185 [System.Security.SecuritySafeCritical] // auto-generated
186 public SecurityException(String message, Type type, String state )
189 PermissionSet.s_fullTrust.Assert();
190 SetErrorCode(System.__HResults.COR_E_SECURITY);
191 m_typeOfPermissionThatFailed = type;
194 #endif //FEATURE_CAS_POLICY
196 public SecurityException(String message, Exception inner)
197 : base(message, inner)
199 SetErrorCode(System.__HResults.COR_E_SECURITY);
202 #if FEATURE_CAS_POLICY
203 // *** Don't use this constructor internally ***
204 [System.Security.SecurityCritical] // auto-generated
205 internal SecurityException( PermissionSet grantedSetObj, PermissionSet refusedSetObj )
206 : base(GetResString("Arg_SecurityException"))
208 PermissionSet.s_fullTrust.Assert();
209 SetErrorCode(System.__HResults.COR_E_SECURITY);
210 if (grantedSetObj != null)
211 m_granted = grantedSetObj.ToXml().ToString();
212 if (refusedSetObj != null)
213 m_refused = refusedSetObj.ToXml().ToString();
216 // *** Don't use this constructor internally ***
217 [System.Security.SecurityCritical] // auto-generated
218 internal SecurityException( String message, PermissionSet grantedSetObj, PermissionSet refusedSetObj )
221 PermissionSet.s_fullTrust.Assert();
222 SetErrorCode(System.__HResults.COR_E_SECURITY);
223 if (grantedSetObj != null)
224 m_granted = grantedSetObj.ToXml().ToString();
225 if (refusedSetObj != null)
226 m_refused = refusedSetObj.ToXml().ToString();
229 [System.Security.SecuritySafeCritical] // auto-generated
230 protected SecurityException(SerializationInfo info, StreamingContext context) : base (info, context)
233 throw new ArgumentNullException("info");
234 Contract.EndContractBlock();
238 m_action = (SecurityAction)info.GetValue(ActionName, typeof(SecurityAction));
239 m_permissionThatFailed = (String)info.GetValueNoThrow(FirstPermissionThatFailedName, typeof(String));
240 m_demanded = (String)info.GetValueNoThrow(DemandedName, typeof(String));
241 m_granted = (String)info.GetValueNoThrow(GrantedSetName, typeof(String));
242 m_refused = (String)info.GetValueNoThrow(RefusedSetName, typeof(String));
243 m_denied = (String)info.GetValueNoThrow(DeniedName, typeof(String));
244 m_permitOnly = (String)info.GetValueNoThrow(PermitOnlyName, typeof(String));
245 m_assemblyName = (AssemblyName)info.GetValueNoThrow(Assembly_Name, typeof(AssemblyName));
246 m_serializedMethodInfo = (byte[])info.GetValueNoThrow(MethodName_Serialized, typeof(byte[]));
247 m_strMethodInfo = (String)info.GetValueNoThrow(MethodName_String, typeof(String));
248 m_zone = (SecurityZone)info.GetValue(ZoneName, typeof(SecurityZone));
249 m_url = (String)info.GetValueNoThrow(UrlName, typeof(String));
254 m_permissionThatFailed = "";
260 m_assemblyName = null;
261 m_serializedMethodInfo = null;
262 m_strMethodInfo = null;
263 m_zone = SecurityZone.NoZone;
268 // ------------------------------------------
269 // | For failures due to insufficient grant |
270 // ------------------------------------------
271 [System.Security.SecuritySafeCritical] // auto-generated
272 public SecurityException(string message, AssemblyName assemblyName, PermissionSet grant, PermissionSet refused, MethodInfo method, SecurityAction action, Object demanded, IPermission permThatFailed, Evidence evidence)
275 PermissionSet.s_fullTrust.Assert();
276 SetErrorCode(System.__HResults.COR_E_SECURITY);
278 if(permThatFailed != null)
279 m_typeOfPermissionThatFailed = permThatFailed.GetType();
280 FirstPermissionThatFailed = permThatFailed;
282 m_granted = (grant == null ? "" : grant.ToXml().ToString());
283 m_refused = (refused == null ? "" : refused.ToXml().ToString());
286 m_assemblyName = assemblyName;
289 m_zone = SecurityZone.NoZone;
292 Url url = evidence.GetHostEvidence<Url>();
294 m_url = url.GetURLString().ToString();
295 Zone zone = evidence.GetHostEvidence<Zone>();
297 m_zone = zone.SecurityZone;
299 m_debugString = this.ToString(true, false);
302 // ------------------------------------------
303 // | For failures due to deny or PermitOnly |
304 // ------------------------------------------
305 [System.Security.SecuritySafeCritical] // auto-generated
306 public SecurityException(string message, Object deny, Object permitOnly, MethodInfo method, Object demanded, IPermission permThatFailed)
309 PermissionSet.s_fullTrust.Assert();
310 SetErrorCode(System.__HResults.COR_E_SECURITY);
311 Action = SecurityAction.Demand;
312 if(permThatFailed != null)
313 m_typeOfPermissionThatFailed = permThatFailed.GetType();
314 FirstPermissionThatFailed = permThatFailed;
318 DenySetInstance = deny;
319 PermitOnlySetInstance = permitOnly;
320 m_assemblyName = null;
322 m_zone = SecurityZone.NoZone;
324 m_debugString = this.ToString(true, false);
337 [System.Runtime.InteropServices.ComVisible(false)]
338 public SecurityAction Action
351 public Type PermissionType
353 [System.Security.SecuritySafeCritical] // auto-generated
356 if(m_typeOfPermissionThatFailed == null)
358 Object ob = XMLUtil.XmlStringToSecurityObject(m_permissionThatFailed);
360 ob = XMLUtil.XmlStringToSecurityObject(m_demanded);
362 m_typeOfPermissionThatFailed = ob.GetType();
364 return m_typeOfPermissionThatFailed;
369 m_typeOfPermissionThatFailed = value;
373 public IPermission FirstPermissionThatFailed
375 [System.Security.SecuritySafeCritical] // auto-generated
376 [SecurityPermissionAttribute( SecurityAction.Demand, Flags = SecurityPermissionFlag.ControlEvidence | SecurityPermissionFlag.ControlPolicy)]
379 return (IPermission)XMLUtil.XmlStringToSecurityObject(m_permissionThatFailed);
384 m_permissionThatFailed = XMLUtil.SecurityObjectToXmlString(value);
388 public String PermissionState
390 [System.Security.SecuritySafeCritical] // auto-generated
391 [SecurityPermissionAttribute( SecurityAction.Demand, Flags = SecurityPermissionFlag.ControlEvidence | SecurityPermissionFlag.ControlPolicy)]
403 [System.Runtime.InteropServices.ComVisible(false)]
404 public Object Demanded
406 [System.Security.SecuritySafeCritical] // auto-generated
407 [SecurityPermissionAttribute( SecurityAction.Demand, Flags = SecurityPermissionFlag.ControlEvidence | SecurityPermissionFlag.ControlPolicy)]
410 return XMLUtil.XmlStringToSecurityObject(m_demanded);
415 m_demanded = XMLUtil.SecurityObjectToXmlString(value);
419 public String GrantedSet
421 [System.Security.SecuritySafeCritical] // auto-generated
422 [SecurityPermissionAttribute( SecurityAction.Demand, Flags = SecurityPermissionFlag.ControlEvidence | SecurityPermissionFlag.ControlPolicy)]
434 public String RefusedSet
436 [System.Security.SecuritySafeCritical] // auto-generated
437 [SecurityPermissionAttribute( SecurityAction.Demand, Flags = SecurityPermissionFlag.ControlEvidence | SecurityPermissionFlag.ControlPolicy)]
449 [System.Runtime.InteropServices.ComVisible(false)]
450 public Object DenySetInstance
452 [System.Security.SecuritySafeCritical] // auto-generated
453 [SecurityPermissionAttribute( SecurityAction.Demand, Flags = SecurityPermissionFlag.ControlEvidence | SecurityPermissionFlag.ControlPolicy)]
456 return XMLUtil.XmlStringToSecurityObject(m_denied);
461 m_denied = XMLUtil.SecurityObjectToXmlString(value);
465 [System.Runtime.InteropServices.ComVisible(false)]
466 public Object PermitOnlySetInstance
468 [System.Security.SecuritySafeCritical] // auto-generated
469 [SecurityPermissionAttribute( SecurityAction.Demand, Flags = SecurityPermissionFlag.ControlEvidence | SecurityPermissionFlag.ControlPolicy)]
472 return XMLUtil.XmlStringToSecurityObject(m_permitOnly);
477 m_permitOnly = XMLUtil.SecurityObjectToXmlString(value);
481 [System.Runtime.InteropServices.ComVisible(false)]
482 public AssemblyName FailedAssemblyInfo
484 [System.Security.SecuritySafeCritical] // auto-generated
485 [SecurityPermissionAttribute( SecurityAction.Demand, Flags = SecurityPermissionFlag.ControlEvidence | SecurityPermissionFlag.ControlPolicy)]
488 return m_assemblyName;
493 m_assemblyName = value;
497 private MethodInfo getMethod()
499 return (MethodInfo)ByteArrayToObject(m_serializedMethodInfo);
502 [System.Runtime.InteropServices.ComVisible(false)]
503 public MethodInfo Method
505 [System.Security.SecuritySafeCritical] // auto-generated
506 [SecurityPermissionAttribute( SecurityAction.Demand, Flags = SecurityPermissionFlag.ControlEvidence | SecurityPermissionFlag.ControlPolicy)]
514 RuntimeMethodInfo m = value as RuntimeMethodInfo;
515 m_serializedMethodInfo = ObjectToByteArray(m);
518 m_strMethodInfo = m.ToString();
523 public SecurityZone Zone
538 [System.Security.SecuritySafeCritical] // auto-generated
539 [SecurityPermissionAttribute( SecurityAction.Demand, Flags = SecurityPermissionFlag.ControlEvidence | SecurityPermissionFlag.ControlPolicy)]
551 private void ToStringHelper(StringBuilder sb, String resourceString, Object attr)
555 String attrString = attr as String;
556 if (attrString == null)
557 attrString = attr.ToString();
558 if (attrString.Length == 0)
560 sb.Append(Environment.NewLine);
561 sb.Append(GetResString(resourceString));
562 sb.Append(Environment.NewLine);
563 sb.Append(attrString);
566 [System.Security.SecurityCritical] // auto-generated
567 private String ToString(bool includeSensitiveInfo, bool includeBaseInfo)
569 PermissionSet.s_fullTrust.Assert();
570 StringBuilder sb = new StringBuilder();
573 sb.Append(base.ToString());
575 ToStringHelper(sb, "Security_Action", Action);
576 ToStringHelper(sb, "Security_TypeFirstPermThatFailed", PermissionType);
577 if(includeSensitiveInfo)
579 ToStringHelper(sb, "Security_FirstPermThatFailed", m_permissionThatFailed);
580 ToStringHelper(sb, "Security_Demanded", m_demanded);
581 ToStringHelper(sb, "Security_GrantedSet", m_granted);
582 ToStringHelper(sb, "Security_RefusedSet", m_refused);
583 ToStringHelper(sb, "Security_Denied", m_denied);
584 ToStringHelper(sb, "Security_PermitOnly", m_permitOnly);
585 ToStringHelper(sb, "Security_Assembly", m_assemblyName);
586 ToStringHelper(sb, "Security_Method", m_strMethodInfo);
588 if(m_zone != SecurityZone.NoZone)
589 ToStringHelper(sb, "Security_Zone", m_zone);
590 if(includeSensitiveInfo)
591 ToStringHelper(sb, "Security_Url", m_url);
592 return sb.ToString();
594 #else // FEATURE_CAS_POLICY
595 internal SecurityException( PermissionSet grantedSetObj, PermissionSet refusedSetObj )
597 #pragma warning disable 618
598 internal SecurityException(string message, AssemblyName assemblyName, PermissionSet grant, PermissionSet refused, MethodInfo method, SecurityAction action, Object demanded, IPermission permThatFailed, Evidence evidence)
599 #pragma warning restore 618
602 internal SecurityException(string message, Object deny, Object permitOnly, MethodInfo method, Object demanded, IPermission permThatFailed)
605 public override String ToString()
607 return base.ToString();
610 #endif // FEATURE_CAS_POLICY
612 [System.Security.SecurityCritical] // auto-generated
613 private bool CanAccessSensitiveInfo()
618 #pragma warning disable 618
619 new SecurityPermission(SecurityPermissionFlag.ControlEvidence | SecurityPermissionFlag.ControlPolicy).Demand();
620 #pragma warning restore 618
623 catch(SecurityException)
628 #if FEATURE_CAS_POLICY
629 [System.Security.SecuritySafeCritical] // auto-generated
630 public override String ToString()
632 return ToString(CanAccessSensitiveInfo(), true);
634 #endif //FEATURE_CAS_POLICY
635 [System.Security.SecurityCritical] // auto-generated_required
636 public override void GetObjectData(SerializationInfo info, StreamingContext context)
639 throw new ArgumentNullException("info");
640 Contract.EndContractBlock();
642 base.GetObjectData( info, context );
643 #if FEATURE_CAS_POLICY
645 info.AddValue(ActionName, m_action, typeof(SecurityAction));
646 info.AddValue(FirstPermissionThatFailedName, m_permissionThatFailed, typeof(String));
647 info.AddValue(DemandedName, m_demanded, typeof(String));
648 info.AddValue(GrantedSetName, m_granted, typeof(String));
649 info.AddValue(RefusedSetName, m_refused, typeof(String));
650 info.AddValue(DeniedName, m_denied, typeof(String));
651 info.AddValue(PermitOnlyName, m_permitOnly, typeof(String));
652 info.AddValue(Assembly_Name, m_assemblyName, typeof(AssemblyName));
653 info.AddValue(MethodName_Serialized, m_serializedMethodInfo, typeof(byte[]));
654 info.AddValue(MethodName_String, m_strMethodInfo, typeof(String));
655 info.AddValue(ZoneName, m_zone, typeof(SecurityZone));
656 info.AddValue(UrlName, m_url, typeof(String));
657 #endif // FEATURE_CAS_POLICY