/* calls from System.Delegate are also possible and allowed */
if (strcmp (ns, "System") == 0) {
const char *kname = m->klass->name;
- if ((*kname == 'D') && (strcmp (kname, "Delegate") == 0))
- return FALSE;
- if ((*kname == 'M') && (strcmp (kname, "MulticastDelegate")) == 0)
- return FALSE;
if ((*kname == 'A') && (strcmp (kname, "Activator") == 0))
return FALSE;
+
+ /* unlike most Invoke* cases InvokeMember is not inside System.Reflection[.Emit] but is SecuritySafeCritical */
+ if (((*kname == 'T') && (strcmp (kname, "Type") == 0)) ||
+ ((*kname == 'M') && (strcmp (kname, "MonoType")) == 0)) {
+
+ /* if calling InvokeMember then we can't stop the stackwalk here and need to look at the caller */
+ if (strcmp (m->name, "InvokeMember") == 0)
+ return FALSE;
+ }
+
+ /* the security check on the delegate is made at creation time, not at invoke time */
+ if (((*kname == 'D') && (strcmp (kname, "Delegate") == 0)) ||
+ ((*kname == 'M') && (strcmp (kname, "MulticastDelegate")) == 0)) {
+
+ /* if we're invoking then we can stop our stack walk */
+ if (strcmp (m->name, "DynamicInvoke") != 0)
+ return FALSE;
+ }
}
if (m == *dest) {
if (strcmp (method->klass->name, "MonoProperty") == 0) {
if ((strcmp (method->name, "GetterAdapterFrame") == 0) || strcmp (method->name, "StaticGetterAdapterFrame") == 0)
return TRUE;
- } else if (strcmp (method->klass->name, "EvenInfo") == 0) {
+ } else if (strcmp (method->klass->name, "EventInfo") == 0) {
if ((strcmp (method->name, "AddEventFrame") == 0) || strcmp (method->name, "StaticAddEventAdapterFrame") == 0)
return TRUE;
}
* Return TRUE if a delegate can be created on the specified method.
* CoreCLR also affect the binding, so throwOnBindFailure must be
* FALSE to let this function return (FALSE) normally, otherwise (if
- * throwOnBindFailure is TRUE) itwill throw an ArgumentException.
+ * throwOnBindFailure is TRUE) it will throw an ArgumentException.
*
* A MethodAccessException is thrown if the specified method is not
* visible from the caller point of view.
return NULL;
}
+/*
+ * mono_security_core_clr_can_access_internals
+ *
+ * Check if we allow [InternalsVisibleTo] to work between two images.
+ */
+gboolean
+mono_security_core_clr_can_access_internals (MonoImage *accessing, MonoImage* accessed)
+{
+ /* are we trying to access internals of a platform assembly ? if not this is acceptable */
+ if (!mono_security_core_clr_is_platform_image (accessed))
+ return TRUE;
+
+ /* we can't let everyone with the right name and public key token access the internals of platform code.
+ * (Silverlight can rely on the strongname signature of the assemblies, but Mono does not verify them)
+ * However platform code is fully trusted so it can access the internals of other platform code assemblies */
+ if (mono_security_core_clr_is_platform_image (accessing))
+ return TRUE;
+
+ /* catch-22: System.Xml needs access to mscorlib's internals (e.g. ArrayList) but is not considered platform code.
+ * Promoting it to platform code would create another issue since (both Mono/Moonlight or MS version of)
+ * System.Xml.Linq.dll (an SDK, not platform, assembly) needs access to System.Xml.dll internals (either ).
+ * The solution is to trust, even transparent code, in the plugin directory to access platform code internals */
+ return (strcmp (accessed->assembly->basedir, accessing->assembly->basedir) == 0);
+}
+
/*
* mono_security_core_clr_level_from_cinfo:
*
}
/*
- * mono_security_core_clr_class_level:
+ * mono_security_core_clr_class_level_no_platform_check:
*
- * Return the MonoSecurityCoreCLRLevel for the specified class.
+ * Return the MonoSecurityCoreCLRLevel for the specified class, without
+ * checking for platform code. This help us avoid multiple redundant
+ * checks, e.g.
+ * - a check for the method and one for the class;
+ * - a check for the class and outer class(es) ...
*/
-MonoSecurityCoreCLRLevel
-mono_security_core_clr_class_level (MonoClass *class)
+static MonoSecurityCoreCLRLevel
+mono_security_core_clr_class_level_no_platform_check (MonoClass *class)
{
- MonoCustomAttrInfo *cinfo;
MonoSecurityCoreCLRLevel level = MONO_SECURITY_CORE_CLR_TRANSPARENT;
-
- /* non-platform code is always Transparent - whatever the attributes says */
- if (!mono_security_core_clr_test && !mono_security_core_clr_is_platform_image (class->image))
- return level;
-
- cinfo = mono_custom_attrs_from_class (class);
+ MonoCustomAttrInfo *cinfo = mono_custom_attrs_from_class (class);
if (cinfo) {
level = mono_security_core_clr_level_from_cinfo (cinfo, class->image);
mono_custom_attrs_free (cinfo);
}
if (level == MONO_SECURITY_CORE_CLR_TRANSPARENT && class->nested_in)
- level = mono_security_core_clr_class_level (class->nested_in);
+ level = mono_security_core_clr_class_level_no_platform_check (class->nested_in);
return level;
}
+/*
+ * mono_security_core_clr_class_level:
+ *
+ * Return the MonoSecurityCoreCLRLevel for the specified class.
+ */
+MonoSecurityCoreCLRLevel
+mono_security_core_clr_class_level (MonoClass *class)
+{
+ /* non-platform code is always Transparent - whatever the attributes says */
+ if (!mono_security_core_clr_test && !mono_security_core_clr_is_platform_image (class->image))
+ return MONO_SECURITY_CORE_CLR_TRANSPARENT;
+
+ return mono_security_core_clr_class_level_no_platform_check (class);
+}
+
/*
* mono_security_core_clr_method_level:
*
/*
* default_platform_check:
*
- * Default platform check. Always return FALSE.
+ * Default platform check. Always TRUE for current corlib (minimum
+ * trust-able subset) otherwise return FALSE. Any real CoreCLR host
+ * should provide its own callback to define platform code (i.e.
+ * this default is meant for test only).
*/
static gboolean
default_platform_check (const char *image_name)
{
- return FALSE;
+ if (mono_defaults.corlib) {
+ return (strcmp (mono_defaults.corlib->name, image_name) == 0);
+ } else {
+ /* this can get called even before we load corlib (e.g. the EXE itself) */
+ const char *corlib = "mscorlib.dll";
+ int ilen = strlen (image_name);
+ int clen = strlen (corlib);
+ return ((ilen >= clen) && (strcmp ("mscorlib.dll", image_name + ilen - clen) == 0));
+ }
}
static MonoCoreClrPlatformCB platform_callback = default_platform_check;
projects / mono.git / blobdiff