- internal bool ProcessFrame (SecurityFrame frame)
- {
- // 1. CheckPermitOnly
- if (frame.PermitOnly != null) {
- // the demanded permission must be in one of the permitted...
- bool permit = frame.PermitOnly.IsUnrestricted ();
- if (!permit) {
- // check individual permissions
- foreach (IPermission p in frame.PermitOnly) {
- if (CheckPermitOnly (p as CodeAccessPermission)) {
- permit = true;
- break;
- }
- }
- }
- if (!permit) {
- // ...or else we throw
- ThrowSecurityException (this, "PermitOnly", frame, SecurityAction.Demand, null);
- }
- }
-
- // 2. CheckDeny
- if (frame.Deny != null) {
- // special case where everything is denied (i.e. no child to be processed)
- if (frame.Deny.IsUnrestricted ())
- ThrowSecurityException (this, "Deny", frame, SecurityAction.Demand, null);
- foreach (IPermission p in frame.Deny) {
- if (!CheckDeny (p as CodeAccessPermission))
- ThrowSecurityException (this, "Deny", frame, SecurityAction.Demand, p);
- }
- }
-
- // 3. CheckAssert
- if (frame.Assert != null) {
- if (frame.Assert.IsUnrestricted ())
- return true; // remove permission and continue stack walk
- foreach (IPermission p in frame.Assert) {
- if (CheckAssert (p as CodeAccessPermission)) {
- return true; // remove permission and continue stack walk
- }
- }
- }
-
- // continue the stack walk
- return false;
- }
-