}
frame->method = mono_method_get_object (domain, jinfo->method, NULL);
+ frame->domain = domain->domain;
/* stack modifiers on methods have priority on (i.e. replaces) modifiers on class */
* @domain The current application domain
* @caller The method calling
* @callee The called method
- * return value: TRUE if a security violation is detection, FALSE otherwise.
+ * return value: TRUE if a security violation is detected, FALSE otherwise.
*
* If callee's assembly is strongnamed and doesn't have an
* [AllowPartiallyTrustedCallers] attribute then we must enforce a LinkDemand
secman = mono_security_manager_get_methods ();
if (secman && cinfo) {
/* look for AllowPartiallyTrustedCallersAttribute */
- result = mono_custom_attrs_has_attr (cinfo, secman->aptc);
+ result = mono_custom_attrs_has_attr (cinfo, secman->allowpartiallytrustedcallers);
}
MONO_SECMAN_FLAG_SET_VALUE (assembly->aptc, result);
}
return FALSE;
/* E - the caller's assembly must have full trust permissions */
+ assembly = mono_image_get_assembly (caller->klass->image);
if (mono_declsec_is_assembly_fulltrust (domain, assembly))
return FALSE;
* @domain The current application domain
* @caller The method calling
* @native The native method called
- * return value: TRUE if a security violation is detection, FALSE otherwise.
+ * return value: TRUE if a security violation is detected, FALSE otherwise.
*
* Executing Platform Invokes (P/Invoke) is a is a restricted operation.
* The security policy must allow (SecurityPermissionFlag.UnmanagedCode)
if (MONO_SECMAN_FLAG_INIT (assembly->fulltrust) && MONO_SECMAN_FLAG_GET_VALUE (assembly->fulltrust)) {
/* FullTrust includes UnmanagedCode permission */
MONO_SECMAN_FLAG_SET_VALUE (assembly->unmanaged, TRUE);
+ return FALSE;
} else {
MonoReflectionAssembly *refass = (MonoReflectionAssembly*) mono_assembly_get_object (domain, assembly);
MonoSecurityManager* secman = mono_security_manager_get_methods ();
* @domain The current application domain
* @caller The method calling
* @icall The internal call method
- * return value: TRUE if a security violation is detection, FALSE otherwise.
+ * return value: TRUE if a security violation is detected, FALSE otherwise.
*
* We can't trust the icall flags/iflags as it comes from the assembly
* that we may want to restrict and we do not have the public/restricted
mono_declsec_linkdemand (MonoDomain *domain, MonoMethod *caller, MonoMethod *callee)
{
guint32 violation = MONO_JIT_SECURITY_OK;
- /* first, the special (implied) linkdemand */
+
+ /* short-circuit corlib as it is fully trusted (within itself)
+ * and because this cause major recursion headaches */
+ if ((caller->klass->image == mono_defaults.corlib) && (callee->klass->image == mono_defaults.corlib))
+ return violation;
+
+ /* next, the special (implied) linkdemand */
if (callee->iflags & METHOD_IMPL_ATTRIBUTE_INTERNAL_CALL) {
/* restrict internal calls into the runtime */
projects / mono.git / blobdiff