// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
+#if !MOONLIGHT
+
using System.Collections;
+using System.Diagnostics;
using System.Globalization;
using System.IO;
using System.Reflection;
public RuntimeDeclSecurityEntry choice;
}
-#if NET_2_0
[ComVisible (true)]
public static class SecurityManager {
-#else
- public sealed class SecurityManager {
-
- private SecurityManager ()
- {
- }
-#endif
private static object _lockObject;
private static ArrayList _hierarchy;
private static IPermission _unmanagedCode;
set;
}
+ [Obsolete ("The security manager cannot be turned off on MS runtime")]
extern public static bool SecurityEnabled {
[MethodImplAttribute (MethodImplOptions.InternalCall)]
get;
set;
}
+ internal static bool CheckElevatedPermissions ()
+ {
+ return true; // always true outside Moonlight
+ }
+
+ [Conditional ("MOONLIGHT")]
+ internal static void EnsureElevatedPermissions ()
+ {
+ // do nothing outside of Moonlight
+ }
+
// methods
-#if NET_1_1
// NOTE: This method doesn't show in the class library status page because
// it cannot be "found" with the StrongNameIdentityPermission for ECMA key.
// But it's there!
- [MonoTODO ("works for fulltrust (empty), documentation doesn't really make sense, type wise")]
+ // FIXME works for fulltrust (empty), documentation doesn't really make sense, type wise
+ [MonoTODO ("CAS support is experimental (and unsupported). This method only works in FullTrust.")]
[StrongNameIdentityPermission (SecurityAction.LinkDemand, PublicKey = "0x00000000000000000400000000000000")]
public static void GetZoneAndOrigin (out ArrayList zone, out ArrayList origin)
{
zone = new ArrayList ();
origin = new ArrayList ();
}
-#endif
public static bool IsGranted (IPermission perm)
{
// - Not affected by overrides (like Assert, Deny and PermitOnly)
// - calls IsSubsetOf even for non CAS permissions
// (i.e. it does call Demand so any code there won't be executed)
-#if NET_2_0
// with 2.0 identity permission are unrestrictable
return IsGranted (Assembly.GetCallingAssembly (), perm);
-#else
- if (perm is IUnrestrictedPermission)
- return IsGranted (Assembly.GetCallingAssembly (), perm);
- else
- return IsGrantedRestricted (Assembly.GetCallingAssembly (), perm);
-#endif
}
-#if !NET_2_0
- // only for permissions that do not implement IUnrestrictedPermission
- internal static bool IsGrantedRestricted (Assembly a, IPermission perm)
+ // note: in 2.0 *all* permissions (including identity permissions) support unrestricted
+ internal static bool IsGranted (Assembly a, IPermission perm)
{
- PermissionSet granted = a.GrantedPermissionSet;\r
- if (granted != null) {\r
+ PermissionSet granted = a.GrantedPermissionSet;
+ if ((granted != null) && !granted.IsUnrestricted ()) {
CodeAccessPermission grant = (CodeAccessPermission) granted.GetPermission (perm.GetType ());
if (!perm.IsSubsetOf (grant)) {
return false;
}
PermissionSet denied = a.DeniedPermissionSet;
- if (denied != null) {\r
+ if ((denied != null) && !denied.IsEmpty ()) {
+ if (denied.IsUnrestricted ())
+ return false;
CodeAccessPermission refuse = (CodeAccessPermission) a.DeniedPermissionSet.GetPermission (perm.GetType ());
if ((refuse != null) && perm.IsSubsetOf (refuse))
return false;
}
return true;
}
-#endif
- // note: in 2.0 *all* permissions (including identity permissions) support unrestricted
- internal static bool IsGranted (Assembly a, IPermission perm)
- {
- PermissionSet granted = a.GrantedPermissionSet;\r
- if ((granted != null) && !granted.IsUnrestricted ()) {\r
- CodeAccessPermission grant = (CodeAccessPermission) granted.GetPermission (perm.GetType ());\r
- if (!perm.IsSubsetOf (grant)) {\r
- return false;\r
- }\r
- }\r
-\r
- PermissionSet denied = a.DeniedPermissionSet;\r
- if ((denied != null) && !denied.IsEmpty ()) {\r
- if (denied.IsUnrestricted ())\r
- return false;\r
- CodeAccessPermission refuse = (CodeAccessPermission) a.DeniedPermissionSet.GetPermission (perm.GetType ());\r
- if ((refuse != null) && perm.IsSubsetOf (refuse))\r
- return false;\r
- }\r
- return true;\r
- }
internal static IPermission CheckPermissionSet (Assembly a, PermissionSet ps, bool noncas)
{
foreach (IPermission p in ps) {
// note: this may contains non CAS permissions
if ((!noncas) && (p is CodeAccessPermission)) {
-#if NET_2_0
if (!IsGranted (a, p))
return p;
-#else
- if (p is IUnrestrictedPermission) {
- if (!IsGranted (a, p))
- return p;
- } else {
- if (!IsGrantedRestricted (a, p))
- return p;
- }
-#endif
} else {
// but non-CAS will throw on failure...
try {
PermissionSet granted = ad.GrantedPermissionSet;
if (granted == null)
return null;
- if ((ad.GrantedPermissionSet.Count == 0) && ad.GrantedPermissionSet.IsUnrestricted ())
+ if (granted.IsUnrestricted ())
return null;
+ if (ps.IsUnrestricted ())
+ return new SecurityPermission (SecurityPermissionFlag.NoFlags);
foreach (IPermission p in ps) {
if (p is CodeAccessPermission) {
return ps;
}
-#if NET_2_0
[MonoTODO ("(2.0) more tests are needed")]
public static PermissionSet ResolvePolicy (Evidence[] evidences)
{
ResolveIdentityPermissions (ps, evidence);
return ps;
}
-#endif
static private SecurityPermission _execution = new SecurityPermission (SecurityPermissionFlag.Execution);
internal static void ResolveIdentityPermissions (PermissionSet ps, Evidence evidence)
{
-#if NET_2_0
// in 2.0 identity permissions can now be unrestricted
if (ps.IsUnrestricted ())
return;
-#endif
+
// Only host evidence are used for policy resolution
IEnumerator ee = evidence.GetHostEnumerator ();
while (ee.MoveNext ()) {
throw new SecurityException (Locale.GetText ("Unknown metadata format."));
}
}
-#if NET_2_0
- internal static PermissionSetCollection DecodeCollection (IntPtr permissions, int length)
- {
- // Permission sets from the runtime (declarative security) can be cached
- // for performance as they can never change (i.e. they are read-only).
-
- if (_declsecCache == null) {
- lock (_lockObject) {
- if (_declsecCache == null) {
- _declsecCache = new Hashtable ();
- }
- }
- }
-
- PermissionSetCollection psc = null;
- lock (_lockObject) {
- object key = (object) (int) permissions;
- psc = (PermissionSetCollection) _declsecCache [key];
- if (psc == null) {
- // create permissionset and add it to the cache
- byte[] data = new byte [length];
- Marshal.Copy (permissions, data, 0, length);
- psc = DecodeCollection (data);
- _declsecCache.Add (key, psc);
- }
- }
- return psc;
- }
-
- internal static PermissionSetCollection DecodeCollection (byte[] encodedPermissions)
- {
- if ((encodedPermissions == null) || (encodedPermissions.Length < 1))
- throw new SecurityException ("Invalid metadata format.");
-
- switch (encodedPermissions [0]) {
- case 60:
- // Fx 1.0/1.1 declarative security permissions metadata is in Unicode-encoded XML
- throw new SecurityException (Locale.GetText ("1.0 metadata format doesn't support collections."));
- case 0x2E:
- // Fx 2.0 are encoded "somewhat, but not enough, like" custom attributes
- // note: we still support the older format!
- return PermissionSetCollection.CreateFromBinaryFormat (encodedPermissions);
- default:
- throw new SecurityException (Locale.GetText ("Unknown metadata format."));
- }
- }
-#endif
private static IPermission UnmanagedCode {
get {
// a single stack walk (not up to 4).
if (ps != null)
ps.Demand ();
-#if NET_2_0
- // Process LinkDemandChoice (2.0)
- if (klass.choice.size > 0) {
- PermissionSetCollection psc = DecodeCollection (klass.choice.blob, klass.choice.size);
- psc.DemandChoice ();
- }
- if (method.choice.size > 0) {
- PermissionSetCollection psc = DecodeCollection (method.choice.blob, method.choice.size);
- psc.DemandChoice ();
- }
-#endif
}
internal unsafe static bool ReflectedLinkDemandQuery (MethodBase mb)
return LinkDemand (mb.ReflectedType.Assembly, &klass, &method);
}
- // internal - get called at JIT time
-
- private static void DemandUnmanaged ()
- {
- UnmanagedCode.Demand ();
- }
-
private unsafe static bool LinkDemand (Assembly a, RuntimeDeclSecurityActions *klass, RuntimeDeclSecurityActions *method)
{
try {
ps = Decode (method->noncas.blob, method->noncas.size);
result = (SecurityManager.CheckPermissionSet (a, ps, true) == null);
}
-#if NET_2_0
- // success if one of the permission is granted
- if (result && (klass->choice.size > 0)) {
- PermissionSetCollection psc = DecodeCollection (klass->choice.blob, klass->choice.size);
- if (psc.Count > 0) {
- result = false;
- foreach (PermissionSet pset in psc) {
- if (SecurityManager.CheckPermissionSet (a, pset, false) == null) {
- result = true;
- break;
- }
- }
- }
- }
- if (result && (method->choice.size > 0)) {
- PermissionSetCollection psc = DecodeCollection (method->choice.blob, method->choice.size);
- if (psc.Count > 0) {
- result = false;
- foreach (PermissionSet pset in psc) {
- if (SecurityManager.CheckPermissionSet (a, pset, false) == null) {
- result = true;
- break;
- }
- }
- }
- }
-#endif
return result;
}
catch (SecurityException) {
}
}
+#pragma warning disable 169
private static bool LinkDemandFullTrust (Assembly a)
{
// FullTrust is immutable (and means Unrestricted)
}
// we try to provide as much details as possible to help debugging
- private static void LinkDemandSecurityException (int securityViolation, Assembly a, MethodInfo method)
+ private static void LinkDemandSecurityException (int securityViolation, IntPtr methodHandle)
{
+ RuntimeMethodHandle runtimeHandle = new RuntimeMethodHandle (methodHandle);
+ MethodInfo method = (MethodInfo)(MethodBase.GetMethodFromHandle (runtimeHandle));
+ Assembly a = method.DeclaringType.Assembly;
+
string message = null;
AssemblyName an = null;
PermissionSet granted = null;
break;
}
- throw new SecurityException (message, an, granted, refused, method, SecurityAction.LinkDemand, null, null, null);
+ throw new SecurityException (message, an, granted, refused, method, SecurityAction.InheritanceDemand, null, null, null);
+ }
+
+ // called by the runtime when CoreCLR is enabled
+
+ private static void ThrowException (Exception ex)
+ {
+ throw ex;
}
// internal - get called by the class loader
// Called when
// - class inheritance
// - method overrides
- private unsafe static bool InheritanceDemand (Assembly a, RuntimeDeclSecurityActions *actions)
+ private unsafe static bool InheritanceDemand (AppDomain ad, Assembly a, RuntimeDeclSecurityActions *actions)
{
try {
PermissionSet ps = null;
if (actions->cas.size > 0) {
ps = Decode (actions->cas.blob, actions->cas.size);
result = (SecurityManager.CheckPermissionSet (a, ps, false) == null);
+ if (result) {
+ // also check appdomain
+ result = (SecurityManager.CheckPermissionSet (ad, ps) == null);
+ }
}
if (actions->noncas.size > 0) {
ps = Decode (actions->noncas.blob, actions->noncas.size);
result = (SecurityManager.CheckPermissionSet (a, ps, true) == null);
- }
-#if NET_2_0
- // success if one of the permission is granted
- if (result && (actions->choice.size > 0)) {
- PermissionSetCollection psc = DecodeCollection (actions->choice.blob, actions->choice.size);
- if (psc.Count > 0) {
- result = false;
- foreach (PermissionSet pset in psc) {
- if (SecurityManager.CheckPermissionSet (a, pset, false) == null) {
- result = true;
- break;
- }
- }
+ if (result) {
+ // also check appdomain
+ result = (SecurityManager.CheckPermissionSet (ad, ps) == null);
}
}
-#endif
return result;
}
catch (SecurityException) {
}
}
+ // internal - get called at JIT time
+
+ private static void DemandUnmanaged ()
+ {
+ UnmanagedCode.Demand ();
+ }
// internal - get called by JIT generated code
private static void InternalDemandChoice (IntPtr permissions, int length)
{
-#if NET_2_0
- PermissionSetCollection psc = DecodeCollection (permissions, length);
- psc.DemandChoice ();
-#else
- throw new SecurityException ("SecurityAction.DemandChoice is only possible in 2.0");
-#endif
+ throw new SecurityException ("SecurityAction.DemandChoice was removed from 2.0");
}
+#pragma warning restore 169
}
}
+
+#endif
+
projects / mono.git / blobdiff