* Author:
* Sebastien Pouliot <sebastien@ximian.com>
*
- * Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
+ * Copyright 2005-2009 Novell, Inc (http://www.novell.com)
*/
#include "security-manager.h"
-
-/* Internal stuff */
-
-static MonoSecurityManager secman;
+static MonoSecurityMode mono_security_mode = MONO_SECURITY_MODE_NONE;
static MonoBoolean mono_security_manager_activated = FALSE;
static MonoBoolean mono_security_manager_enabled = TRUE;
static MonoBoolean mono_security_manager_execution = TRUE;
+void
+mono_security_set_mode (MonoSecurityMode mode)
+{
+ mono_security_mode = mode;
+}
+
+MonoSecurityMode
+mono_security_get_mode (void)
+{
+ return mono_security_mode;
+}
+
+/*
+ * Note: The security manager is activate once when executing the Mono. This
+ * is not meant to be a turn on/off runtime switch.
+ */
+void
+mono_activate_security_manager (void)
+{
+ mono_security_manager_activated = TRUE;
+}
+
+gboolean
+mono_is_security_manager_active (void)
+{
+ return mono_security_manager_activated;
+}
+
+#ifndef DISABLE_SECURITY
-/* Public stuff */
+static MonoSecurityManager secman;
MonoSecurityManager*
mono_security_manager_get_methods (void)
g_assert (secman.demandunmanaged);
secman.inheritancedemand = mono_class_get_method_from_name (secman.securitymanager,
- "InheritanceDemand", 2);
+ "InheritanceDemand", 3);
g_assert (secman.inheritancedemand);
secman.inheritsecurityexception = mono_class_get_method_from_name (secman.securitymanager,
g_assert (secman.linkdemandfulltrust);
secman.linkdemandsecurityexception = mono_class_get_method_from_name (secman.securitymanager,
- "LinkDemandSecurityException", 3);
+ "LinkDemandSecurityException", 2);
g_assert (secman.linkdemandsecurityexception);
secman.allowpartiallytrustedcallers = mono_class_from_name (mono_defaults.corlib, "System.Security",
MonoAssembly *assembly = mono_image_get_assembly (klass->image);
MonoReflectionAssembly *refass = mono_assembly_get_object (domain, assembly);
MonoObject *res;
- gpointer args [2];
+ gpointer args [3];
- args [0] = refass;
- args [1] = demands;
+ args [0] = domain->domain;
+ args [1] = refass;
+ args [2] = demands;
res = mono_runtime_invoke (secman->inheritancedemand, NULL, args, NULL);
return (*(MonoBoolean *) mono_object_unbox (res));
if (klass->exception_type != 0)
return;
+ /* short-circuit corlib as it is fully trusted (within itself)
+ * and because this cause major recursion headaches */
+ if ((klass->image == mono_defaults.corlib) && (parent->image == mono_defaults.corlib))
+ return;
+
/* Check if there are an InheritanceDemand on the parent class */
if (mono_declsec_get_inheritdemands_class (parent, &demands)) {
/* If so check the demands on the klass (inheritor) */
if (!mono_secman_inheritance_check (klass, &demands)) {
/* Keep flags in MonoClass to be able to throw a SecurityException later (if required) */
- klass->exception_type = MONO_EXCEPTION_SECURITY_INHERITANCEDEMAND;
- klass->exception_data = NULL;
+ mono_class_set_failure (klass, MONO_EXCEPTION_SECURITY_INHERITANCEDEMAND, NULL);
}
}
}
if (override->klass->exception_type != 0)
return;
+ /* short-circuit corlib as it is fully trusted (within itself)
+ * and because this cause major recursion headaches */
+ if ((override->klass->image == mono_defaults.corlib) && (base->klass->image == mono_defaults.corlib))
+ return;
+
/* Check if there are an InheritanceDemand on the base (virtual) method */
if (mono_declsec_get_inheritdemands_method (base, &demands)) {
/* If so check the demands on the overriding method */
if (!mono_secman_inheritance_check (override->klass, &demands)) {
/* Keep flags in MonoClass to be able to throw a SecurityException later (if required) */
- override->klass->exception_type = MONO_EXCEPTION_SECURITY_INHERITANCEDEMAND;
- override->klass->exception_data = base;
+ mono_class_set_failure (override->klass, MONO_EXCEPTION_SECURITY_INHERITANCEDEMAND, base);
}
}
}
+#else
+
+MonoSecurityManager*
+mono_security_manager_get_methods (void)
+{
+ return NULL;
+}
-/*
- * Note: The security manager is activate once when executing the Mono. This
- * is not meant to be a turn on/off runtime switch.
- */
void
-mono_activate_security_manager (void)
+mono_secman_inheritancedemand_class (MonoClass *klass, MonoClass *parent)
{
- mono_security_manager_activated = TRUE;
}
-gboolean
-mono_is_security_manager_active (void)
+void
+mono_secman_inheritancedemand_method (MonoMethod *override, MonoMethod *base)
{
- return mono_security_manager_activated;
}
+#endif /* DISABLE_SECURITY */
+
/*
* @publickey An encoded (with header) public key
* @size The length of the public key
return TRUE;
}
+/*
+ * Context propagation is required when:
+ * (a) the security manager is active (1.x and later)
+ * (b) other contexts needs to be propagated (2.x and later)
+ *
+ * returns NULL if no context propagation is required, else the returns the
+ * MonoMethod to call to Capture the ExecutionContext.
+ */
+MonoMethod*
+mono_get_context_capture_method (void)
+{
+ static MonoMethod *method = NULL;
+
+ if (!mono_security_manager_activated) {
+ if (mono_image_get_assembly (mono_defaults.corlib)->aname.major < 2)
+ return NULL;
+ }
+
+ /* older corlib revisions won't have the class (nor the method) */
+ if (mono_defaults.executioncontext_class && !method) {
+ mono_class_init (mono_defaults.executioncontext_class);
+ method = mono_class_get_method_from_name (mono_defaults.executioncontext_class, "Capture", 0);
+ }
+
+ return method;
+}
+
+
/* System.Security icalls */
MonoBoolean
ves_icall_System_Security_SecurityManager_get_SecurityEnabled (void)
{
- if (!mono_security_manager_activated)
- return FALSE;
+ if (!mono_security_manager_activated) {
+ /* SecurityManager is internal for Moonlight and SecurityEnabled is used to know if CoreCLR is active
+ * (e.g. plugin executing in the browser) or not (e.g. smcs compiling source code with corlib 2.1)
+ */
+ return (mono_security_get_mode () == MONO_SECURITY_MODE_CORE_CLR);
+ }
return mono_security_manager_enabled;
}
{
MonoMethod *method = m->method;
/* we want the original as the wrapper is "free" of the security informations */
- if (method->wrapper_type == MONO_WRAPPER_MANAGED_TO_NATIVE) {
+ if (method->wrapper_type == MONO_WRAPPER_MANAGED_TO_NATIVE || method->wrapper_type == MONO_WRAPPER_MANAGED_TO_MANAGED) {
method = mono_marshal_method_from_wrapper (method);
}