3 // Copyright (c) Microsoft Corporation. All rights reserved.
6 // <OWNER>Microsoft</OWNER>
9 namespace System.Security {
11 using System.Globalization;
12 using System.Threading;
13 using System.Reflection;
14 using System.Collections;
15 using System.Runtime.CompilerServices;
16 using System.Security.Permissions;
17 using System.Runtime.Versioning;
18 using System.Diagnostics.Contracts;
20 internal class SecurityRuntime
22 private SecurityRuntime(){}
24 // Returns the security object for the caller of the method containing
25 // 'stackMark' on its frame.
27 // THE RETURNED OBJECT IS THE LIVE RUNTIME OBJECT. BE CAREFUL WITH IT!
29 // Internal only, do not doc.
31 [System.Security.SecurityCritical] // auto-generated
32 [ResourceExposure(ResourceScope.None)]
33 [MethodImplAttribute(MethodImplOptions.InternalCall)]
34 internal static extern
35 FrameSecurityDescriptor GetSecurityObjectForFrame(ref StackCrawlMark stackMark,
38 // Constants used to return status to native
39 internal const bool StackContinue = true;
40 internal const bool StackHalt = false;
42 // this method is a big perf hit, so don't call unnecessarily
43 [System.Security.SecurityCritical] // auto-generated
44 internal static MethodInfo GetMethodInfo(RuntimeMethodHandleInternal rmh)
46 if (rmh.IsNullHandle())
53 // Assert here because reflection will check grants and if we fail the check,
54 // there will be an infinite recursion that overflows the stack.
55 PermissionSet.s_fullTrust.Assert();
56 return (System.RuntimeType.GetMethodBase(RuntimeMethodHandle.GetDeclaringType(rmh), rmh) as MethodInfo);
66 [System.Security.SecurityCritical] // auto-generated
67 private static bool FrameDescSetHelper(FrameSecurityDescriptor secDesc,
68 PermissionSet demandSet,
69 out PermissionSet alteredDemandSet,
70 RuntimeMethodHandleInternal rmh)
72 return secDesc.CheckSetDemand(demandSet, out alteredDemandSet, rmh);
75 [System.Security.SecurityCritical] // auto-generated
76 private static bool FrameDescHelper(FrameSecurityDescriptor secDesc,
78 PermissionToken permToken,
79 RuntimeMethodHandleInternal rmh)
81 return secDesc.CheckDemand((CodeAccessPermission) demandIn, permToken, rmh);
84 #if FEATURE_COMPRESSEDSTACK
85 [System.Security.SecurityCritical]
86 private static bool CheckDynamicMethodSetHelper(System.Reflection.Emit.DynamicResolver dynamicResolver,
87 PermissionSet demandSet,
88 out PermissionSet alteredDemandSet,
89 RuntimeMethodHandleInternal rmh)
91 System.Threading.CompressedStack creationStack = dynamicResolver.GetSecurityContext();
95 result = creationStack.CheckSetDemandWithModificationNoHalt(demandSet, out alteredDemandSet, rmh);
97 catch (SecurityException ex)
99 throw new SecurityException(Environment.GetResourceString("Security_AnonymouslyHostedDynamicMethodCheckFailed"), ex);
105 [System.Security.SecurityCritical]
106 private static bool CheckDynamicMethodHelper(System.Reflection.Emit.DynamicResolver dynamicResolver,
107 IPermission demandIn,
108 PermissionToken permToken,
109 RuntimeMethodHandleInternal rmh)
111 System.Threading.CompressedStack creationStack = dynamicResolver.GetSecurityContext();
115 result = creationStack.CheckDemandNoHalt((CodeAccessPermission)demandIn, permToken, rmh);
117 catch (SecurityException ex)
119 throw new SecurityException(Environment.GetResourceString("Security_AnonymouslyHostedDynamicMethodCheckFailed"), ex);
123 #endif // FEATURE_COMPRESSEDSTACK
126 // API for PermissionSets
129 [System.Security.SecurityCritical] // auto-generated
130 internal static void Assert(PermissionSet permSet, ref StackCrawlMark stackMark)
132 // Note: if the "AssertPermission" is not a permission that implements IUnrestrictedPermission
133 // you need to change the fourth parameter to a zero.
134 FrameSecurityDescriptor secObj = CodeAccessSecurityEngine.CheckNReturnSO(
135 CodeAccessSecurityEngine.AssertPermissionToken,
136 CodeAccessSecurityEngine.AssertPermission,
140 Contract.Assert(secObj != null,"Failure in SecurityRuntime.Assert() - secObj != null");
143 // Security: REQ_SQ flag is missing. Bad compiler ?
144 System.Environment.FailFast(Environment.GetResourceString("ExecutionEngine_MissingSecurityDescriptor"));
148 if (secObj.HasImperativeAsserts())
149 throw new SecurityException( Environment.GetResourceString( "Security_MustRevertOverride" ) );
151 secObj.SetAssert(permSet);
155 [System.Security.SecurityCritical] // auto-generated
156 internal static void AssertAllPossible(ref StackCrawlMark stackMark)
158 FrameSecurityDescriptor secObj =
159 SecurityRuntime.GetSecurityObjectForFrame(ref stackMark, true);
161 Contract.Assert(secObj != null, "Failure in SecurityRuntime.AssertAllPossible() - secObj != null");
164 // Security: REQ_SQ flag is missing. Bad compiler ?
165 System.Environment.FailFast(Environment.GetResourceString("ExecutionEngine_MissingSecurityDescriptor"));
169 if (secObj.GetAssertAllPossible())
170 throw new SecurityException( Environment.GetResourceString( "Security_MustRevertOverride" ) );
172 secObj.SetAssertAllPossible();
176 [System.Security.SecurityCritical] // auto-generated
177 internal static void Deny(PermissionSet permSet, ref StackCrawlMark stackMark)
179 #if FEATURE_CAS_POLICY
180 // Deny is only valid in legacy mode
181 if (!AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled)
183 throw new NotSupportedException(Environment.GetResourceString("NotSupported_CasDeny"));
185 #endif // FEATURE_CAS_POLICY
187 FrameSecurityDescriptor secObj =
188 SecurityRuntime.GetSecurityObjectForFrame(ref stackMark, true);
190 Contract.Assert(secObj != null, "Failure in SecurityRuntime.Deny() - secObj != null");
193 // Security: REQ_SQ flag is missing. Bad compiler ?
194 System.Environment.FailFast(Environment.GetResourceString("ExecutionEngine_MissingSecurityDescriptor"));
198 if (secObj.HasImperativeDenials())
199 throw new SecurityException( Environment.GetResourceString( "Security_MustRevertOverride" ) );
201 secObj.SetDeny(permSet);
205 [System.Security.SecurityCritical] // auto-generated
206 internal static void PermitOnly(PermissionSet permSet, ref StackCrawlMark stackMark)
208 FrameSecurityDescriptor secObj =
209 SecurityRuntime.GetSecurityObjectForFrame(ref stackMark, true);
211 Contract.Assert(secObj != null, "Failure in SecurityRuntime.PermitOnly() - secObj != null");
214 // Security: REQ_SQ flag is missing. Bad compiler ?
215 System.Environment.FailFast(Environment.GetResourceString("ExecutionEngine_MissingSecurityDescriptor"));
219 if (secObj.HasImperativeRestrictions())
220 throw new SecurityException( Environment.GetResourceString( "Security_MustRevertOverride" ) );
222 secObj.SetPermitOnly(permSet);
230 [System.Security.SecurityCritical] // auto-generated
231 internal static void RevertAssert(ref StackCrawlMark stackMark)
233 FrameSecurityDescriptor secObj = GetSecurityObjectForFrame(ref stackMark, false);
236 secObj.RevertAssert();
240 throw new InvalidOperationException(Environment.GetResourceString("ExecutionEngine_MissingSecurityDescriptor"));
244 [System.Security.SecurityCritical] // auto-generated
245 internal static void RevertDeny(ref StackCrawlMark stackMark)
247 FrameSecurityDescriptor secObj = GetSecurityObjectForFrame(ref stackMark, false);
254 throw new InvalidOperationException(Environment.GetResourceString("ExecutionEngine_MissingSecurityDescriptor"));
258 [System.Security.SecurityCritical] // auto-generated
259 internal static void RevertPermitOnly(ref StackCrawlMark stackMark)
261 FrameSecurityDescriptor secObj = GetSecurityObjectForFrame(ref stackMark, false);
264 secObj.RevertPermitOnly();
268 throw new InvalidOperationException(Environment.GetResourceString("ExecutionEngine_MissingSecurityDescriptor"));
272 [System.Security.SecurityCritical] // auto-generated
273 internal static void RevertAll(ref StackCrawlMark stackMark)
275 FrameSecurityDescriptor secObj = GetSecurityObjectForFrame(ref stackMark, false);
282 throw new InvalidOperationException(Environment.GetResourceString("ExecutionEngine_MissingSecurityDescriptor"));