// Authors:
// Miguel de Icaza (miguel@ximian.com)
// Nick Drochak, ndrochak@gol.com
-// Sebastien Pouliot (spouliot@motus.com)
+// Sebastien Pouliot <sebastien@ximian.com>
//
// (C) Ximian, Inc. http://www.ximian.com
// Copyright (C) 2001 Nick Drochak, All Rights Reserved
// Portions (C) 2004 Motus Technologies Inc. (http://www.motus.com)
-//
-
-//
-// Copyright (C) 2004 Novell, Inc (http://www.novell.com)
-//
-// Permission is hereby granted, free of charge, to any person obtaining
-// a copy of this software and associated documentation files (the
-// "Software"), to deal in the Software without restriction, including
-// without limitation the rights to use, copy, modify, merge, publish,
-// distribute, sublicense, and/or sell copies of the Software, and to
-// permit persons to whom the Software is furnished to do so, subject to
-// the following conditions:
-//
-// The above copyright notice and this permission notice shall be
-// included in all copies or substantial portions of the Software.
-//
-// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-//
-
-//
-// Copyright (C) 2004 Novell, Inc (http://www.novell.com)
+// Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
+using System.Diagnostics;
using System.Globalization;
+using System.Reflection;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
using System.Security.Permissions;
-using System.Text;
+using System.Threading;
namespace System.Security {
[Serializable]
+ [SecurityPermission (SecurityAction.InheritanceDemand, ControlEvidence = true, ControlPolicy = true)]
+ [ComVisible (true)]
+ [MonoTODO ("CAS support is experimental (and unsupported).")]
public abstract class CodeAccessPermission : IPermission, ISecurityEncodable, IStackWalk {
- protected CodeAccessPermission () {}
- // LAMESPEC: Documented as virtual
- [MonoTODO("SecurityStackFrame not ready")]
+ protected CodeAccessPermission ()
+ {
+ }
+
+ [MonoTODO ("CAS support is experimental (and unsupported). Imperative mode is not implemented.")]
public void Assert ()
{
- // throw a SecurityException if Assertion is denied
- new SecurityPermission (SecurityPermissionFlag.Assertion).Demand ();
-// SecurityStackFrame.Current.Assert = this;
+ new PermissionSet (this).Assert ();
+ }
+
+ internal bool CheckAssert (CodeAccessPermission asserted)
+ {
+ if (asserted == null)
+ return false;
+ if (asserted.GetType () != this.GetType ())
+ return false;
+ return IsSubsetOf (asserted);
+ }
+
+ internal bool CheckDemand (CodeAccessPermission target)
+ {
+ if (target == null)
+ return false;
+ if (target.GetType () != this.GetType ())
+ return false;
+ return IsSubsetOf (target);
+ }
+
+ internal bool CheckDeny (CodeAccessPermission denied)
+ {
+ if (denied == null)
+ return true;
+ Type t = denied.GetType ();
+ if (t != this.GetType ())
+ return true;
+ IPermission inter = Intersect (denied);
+ if (inter == null)
+ return true;
+ // sadly that's not enough :( at this stage we must also check
+ // if an empty (PermissionState.None) is a subset of the denied
+ // (which is like a empty intersection looks like for flag based
+ // permissions, e.g. AspNetHostingPermission).
+ return denied.IsSubsetOf (PermissionBuilder.Create (t));
+ }
+
+ internal bool CheckPermitOnly (CodeAccessPermission target)
+ {
+ if (target == null)
+ return false;
+ if (target.GetType () != this.GetType ())
+ return false;
+ return IsSubsetOf (target);
}
public abstract IPermission Copy ();
- // LAMESPEC: Documented as virtual
- [MonoTODO("MS contralize demands, but I think we should branch back into indivual permission classes.")]
public void Demand ()
{
- IBuiltInPermission perm = (this as IBuiltInPermission);
- if (perm == null)
- return; // not sure about this :(
-
- // TODO : Loop the stack
- switch (perm.GetTokenIndex ()) {
- case 0: // EnvironmentPermission
- // TODO
- break;
- case 1: // FileDialogPermission
- // TODO
- break;
- case 2: // FileIOPermission
- // TODO
- break;
- case 3: // IsolatedStorageFilePermission
- // TODO
- break;
- case 4: // ReflectionPermission
- // TODO
- break;
- case 5: // RegistryPermission
- // TODO
- break;
- case 6: // SecurityPermission
- // TODO
- break;
- case 7: // UIPermission
- // TODO
- break;
- case 8: // PrincipalPermission
- // TODO
- break;
- case 9: // PublisherIdentityPermission
- // TODO
- break;
- case 10: // SiteIdentityPermission
- // TODO
- break;
- case 11: // StrongNameIdentityPermission
- // TODO
- break;
- case 12: // UrlIdentityPermission
- // TODO
- break;
- case 13: // ZoneIdentityPermission
- // TODO
- break;
- default:
- string message = String.Format (Locale.GetText ("Unknown IBuiltInPermission #{0}"), perm.GetTokenIndex ());
- throw new SecurityException (message);
- }
+ // note: here we're sure it's a CAS demand
+ if (!SecurityManager.SecurityEnabled)
+ return;
+
+ // skip frames until we get the caller (of our caller)
+ new PermissionSet (this).CasOnlyDemand (3);
}
- // LAMESPEC: Documented as virtual
- [MonoTODO("SecurityStackFrame not ready")]
+ [MonoTODO ("CAS support is experimental (and unsupported). Imperative mode is not implemented.")]
public void Deny ()
{
-// SecurityStackFrame.Current.Deny = this;
+ new PermissionSet (this).Deny ();
+ }
+
+ [ComVisible (false)]
+ public override bool Equals (object obj)
+ {
+ if (obj == null)
+ return false;
+ if (obj.GetType () != this.GetType ())
+ return false;
+ CodeAccessPermission cap = (obj as CodeAccessPermission);
+ return (IsSubsetOf (cap) && cap.IsSubsetOf (this));
}
public abstract void FromXml (SecurityElement elem);
+ [ComVisible (false)]
+ public override int GetHashCode ()
+ {
+ return base.GetHashCode ();
+ }
+
public abstract IPermission Intersect (IPermission target);
public abstract bool IsSubsetOf (IPermission target);
return null;
}
- // LAMESPEC: Documented as virtual
- [MonoTODO("SecurityStackFrame not ready")]
+ [MonoTODO ("CAS support is experimental (and unsupported). Imperative mode is not implemented.")]
public void PermitOnly ()
{
-// SecurityStackFrame.Current.PermitOnly = this;
+ new PermissionSet (this).PermitOnly ();
}
- [MonoTODO("SecurityStackFrame not ready")]
+ [MonoTODO ("CAS support is experimental (and unsupported). Imperative mode is not implemented.")]
public static void RevertAll ()
{
-// SecurityStackFrame.Current.RevertAll ();
+ if (!SecurityManager.SecurityEnabled)
+ return;
+
+ SecurityFrame sf = new SecurityFrame (1);
+ bool revert = false;
+ if ((sf.Assert != null) && !sf.Assert.DeclarativeSecurity) {
+ revert = true;
+ throw new NotSupportedException ("Currently only declarative Assert are supported.");
+ }
+ if ((sf.Deny != null) && !sf.Deny.DeclarativeSecurity) {
+ revert = true;
+ throw new NotSupportedException ("Currently only declarative Deny are supported.");
+ }
+ if ((sf.PermitOnly != null) && !sf.PermitOnly.DeclarativeSecurity) {
+ revert = true;
+ throw new NotSupportedException ("Currently only declarative PermitOnly are supported.");
+ }
+
+ if (!revert) {
+ string msg = Locale.GetText ("No stack modifiers are present on the current stack frame.");
+ // FIXME: we don't (yet) support imperative stack modifiers
+ msg += Environment.NewLine + "Currently only declarative stack modifiers are supported.";
+ throw new ExecutionEngineException (msg);
+ }
}
- [MonoTODO("SecurityStackFrame not ready")]
- public static void RevertAssert ()
+ [MonoTODO ("CAS support is experimental (and unsupported). Imperative mode is not implemented.")]
+ public static void RevertAssert ()
{
-// SecurityStackFrame.Current.RevertAssert ();
+ if (!SecurityManager.SecurityEnabled)
+ return;
+
+ SecurityFrame sf = new SecurityFrame (1);
+ if ((sf.Assert != null) && !sf.Assert.DeclarativeSecurity) {
+ throw new NotSupportedException ("Currently only declarative Assert are supported.");
+ } else {
+ // we can't revert declarative security (or an empty frame) imperatively
+ ThrowExecutionEngineException (SecurityAction.Assert);
+ }
}
- [MonoTODO("SecurityStackFrame not ready")]
+ [MonoTODO ("CAS support is experimental (and unsupported). Imperative mode is not implemented.")]
public static void RevertDeny ()
{
-// SecurityStackFrame.Current.RevertDeny ();
+ if (!SecurityManager.SecurityEnabled)
+ return;
+
+ SecurityFrame sf = new SecurityFrame (1);
+ if ((sf.Deny != null) && !sf.Deny.DeclarativeSecurity) {
+ throw new NotSupportedException ("Currently only declarative Deny are supported.");
+ } else {
+ // we can't revert declarative security (or an empty frame) imperatively
+ ThrowExecutionEngineException (SecurityAction.Deny);
+ }
}
- [MonoTODO("SecurityStackFrame not ready")]
- public static void RevertPermitOnly ()
+ [MonoTODO ("CAS support is experimental (and unsupported). Imperative mode is not implemented.")]
+ public static void RevertPermitOnly ()
{
-// SecurityStackFrame.Current.RevertPermitOnly ();
+ if (!SecurityManager.SecurityEnabled)
+ return;
+
+ SecurityFrame sf = new SecurityFrame (1);
+ if ((sf.PermitOnly != null) && sf.PermitOnly.DeclarativeSecurity) {
+ throw new NotSupportedException ("Currently only declarative PermitOnly are supported.");
+ } else {
+ // we can't revert declarative security (or an empty frame) imperatively
+ ThrowExecutionEngineException (SecurityAction.PermitOnly);
+ }
}
+ // Internal helpers methods
+
// snippet moved from FileIOPermission (nickd) to be reused in all derived classes
- internal SecurityElement Element (object o, int version)
+ internal SecurityElement Element (int version)
{
SecurityElement se = new SecurityElement ("IPermission");
Type type = this.GetType ();
- StringBuilder asmName = new StringBuilder (type.Assembly.ToString ());
- asmName.Replace ('\"', '\'');
- se.AddAttribute ("class", type.FullName + ", " + asmName);
+ se.AddAttribute ("class", type.FullName + ", " + type.Assembly.ToString ().Replace ('\"', '\''));
se.AddAttribute ("version", version.ToString ());
return se;
}
+
+ internal static PermissionState CheckPermissionState (PermissionState state, bool allowUnrestricted)
+ {
+ string msg;
+ switch (state) {
+ case PermissionState.None:
+ break;
+ case PermissionState.Unrestricted:
+ // unrestricted permissions are possible for identiy permissions
+ break;
+ default:
+ msg = String.Format (Locale.GetText ("Invalid enum {0}"), state);
+ throw new ArgumentException (msg, "state");
+ }
+ return state;
+ }
+
+ internal static int CheckSecurityElement (SecurityElement se, string parameterName, int minimumVersion, int maximumVersion)
+ {
+ if (se == null)
+ throw new ArgumentNullException (parameterName);
+
+ // Tag is case-sensitive
+ if (se.Tag != "IPermission") {
+ string msg = String.Format (Locale.GetText ("Invalid tag {0}"), se.Tag);
+ throw new ArgumentException (msg, parameterName);
+ }
+
+ // Note: we do not care about the class attribute at
+ // this stage (in fact we don't even if the class
+ // attribute is present or not). Anyway the object has
+ // already be created, with success, if we're loading it
+
+ // we assume minimum version if no version number is supplied
+ int version = minimumVersion;
+ string v = se.Attribute ("version");
+ if (v != null) {
+ try {
+ version = Int32.Parse (v);
+ }
+ catch (Exception e) {
+ string msg = Locale.GetText ("Couldn't parse version from '{0}'.");
+ msg = String.Format (msg, v);
+ throw new ArgumentException (msg, parameterName, e);
+ }
+ }
+
+ if ((version < minimumVersion) || (version > maximumVersion)) {
+ string msg = Locale.GetText ("Unknown version '{0}', expected versions between ['{1}','{2}'].");
+ msg = String.Format (msg, version, minimumVersion, maximumVersion);
+ throw new ArgumentException (msg, parameterName);
+ }
+ return version;
+ }
+
+ // must be called after CheckSecurityElement (i.e. se != null)
+ internal static bool IsUnrestricted (SecurityElement se)
+ {
+ string value = se.Attribute ("Unrestricted");
+ if (value == null)
+ return false;
+ return (String.Compare (value, Boolean.TrueString, true, CultureInfo.InvariantCulture) == 0);
+ }
+
+ internal bool ProcessFrame (SecurityFrame frame)
+ {
+ // 1. CheckPermitOnly
+ if (frame.PermitOnly != null) {
+ // the demanded permission must be in one of the permitted...
+ bool permit = frame.PermitOnly.IsUnrestricted ();
+ if (!permit) {
+ // check individual permissions
+ foreach (IPermission p in frame.PermitOnly) {
+ if (CheckPermitOnly (p as CodeAccessPermission)) {
+ permit = true;
+ break;
+ }
+ }
+ }
+ if (!permit) {
+ // ...or else we throw
+ ThrowSecurityException (this, "PermitOnly", frame, SecurityAction.Demand, null);
+ }
+ }
+
+ // 2. CheckDeny
+ if (frame.Deny != null) {
+ // special case where everything is denied (i.e. no child to be processed)
+ if (frame.Deny.IsUnrestricted ())
+ ThrowSecurityException (this, "Deny", frame, SecurityAction.Demand, null);
+ foreach (IPermission p in frame.Deny) {
+ if (!CheckDeny (p as CodeAccessPermission))
+ ThrowSecurityException (this, "Deny", frame, SecurityAction.Demand, p);
+ }
+ }
+
+ // 3. CheckAssert
+ if (frame.Assert != null) {
+ if (frame.Assert.IsUnrestricted ())
+ return true; // remove permission and continue stack walk
+ foreach (IPermission p in frame.Assert) {
+ if (CheckAssert (p as CodeAccessPermission)) {
+ return true; // remove permission and continue stack walk
+ }
+ }
+ }
+
+ // continue the stack walk
+ return false;
+ }
+
+ internal static void ThrowInvalidPermission (IPermission target, Type expected)
+ {
+ string msg = Locale.GetText ("Invalid permission type '{0}', expected type '{1}'.");
+ msg = String.Format (msg, target.GetType (), expected);
+ throw new ArgumentException (msg, "target");
+ }
+
+ internal static void ThrowExecutionEngineException (SecurityAction stackmod)
+ {
+ string msg = Locale.GetText ("No {0} modifier is present on the current stack frame.");
+ // FIXME: we don't (yet) support imperative stack modifiers
+ msg += Environment.NewLine + "Currently only declarative stack modifiers are supported.";
+ throw new ExecutionEngineException (String.Format (msg, stackmod));
+ }
+
+ internal static void ThrowSecurityException (object demanded, string message, SecurityFrame frame,
+ SecurityAction action, IPermission failed)
+ {
+#if NET_2_1
+ throw new SecurityException (message);
+#else
+ Assembly a = frame.Assembly;
+ throw new SecurityException (Locale.GetText (message),
+ a.UnprotectedGetName (), a.GrantedPermissionSet,
+ a.DeniedPermissionSet, frame.Method, action, demanded,
+ failed, a.UnprotectedGetEvidence ());
+#endif
+ }
}
}