X-Git-Url: http://wien.tomnetworks.com/gitweb/?a=blobdiff_plain;f=mono%2Fmetadata%2Fsecurity-manager.c;h=0dfb927bc29eeae095980873a14a68a4990dc9e3;hb=e7d19721c601da32575571c7621d4d28e564cf4b;hp=fb263c45ac6b992113fb3a8e4d8252c4f51b9436;hpb=3d693eeb90339833968d66c3dc9fde2fa3ba2cef;p=mono.git diff --git a/mono/metadata/security-manager.c b/mono/metadata/security-manager.c index fb263c45ac6..0dfb927bc29 100644 --- a/mono/metadata/security-manager.c +++ b/mono/metadata/security-manager.c @@ -4,21 +4,33 @@ * Author: * Sebastien Pouliot * - * Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com) + * Copyright 2005-2009 Novell, Inc (http://www.novell.com) + * Licensed under the MIT license. See LICENSE file in the project root for full license information. */ #include "security-manager.h" +/* Class lazy loading functions */ +static GENERATE_GET_CLASS_WITH_CACHE (security_manager, System.Security, SecurityManager) +static GENERATE_TRY_GET_CLASS_WITH_CACHE (execution_context, System.Threading, ExecutionContext) -/* Internal stuff */ +static MonoSecurityMode mono_security_mode = MONO_SECURITY_MODE_NONE; -static MonoSecurityManager secman; -static MonoBoolean mono_security_manager_activated = FALSE; -static MonoBoolean mono_security_manager_enabled = TRUE; -static MonoBoolean mono_security_manager_execution = TRUE; +void +mono_security_set_mode (MonoSecurityMode mode) +{ + mono_security_mode = mode; +} +MonoSecurityMode +mono_security_get_mode (void) +{ + return mono_security_mode; +} + +#ifndef DISABLE_SECURITY -/* Public stuff */ +static MonoSecurityManager secman; MonoSecurityManager* mono_security_manager_get_methods (void) @@ -28,143 +40,22 @@ mono_security_manager_get_methods (void) return &secman; /* Initialize */ - secman.securitymanager = mono_class_from_name (mono_defaults.corlib, - "System.Security", "SecurityManager"); - g_assert (secman.securitymanager); + secman.securitymanager = mono_class_get_security_manager_class (); if (!secman.securitymanager->inited) mono_class_init (secman.securitymanager); - - secman.demand = mono_class_get_method_from_name (secman.securitymanager, - "InternalDemand", 2); - g_assert (secman.demand); - - secman.demandchoice = mono_class_get_method_from_name (secman.securitymanager, - "InternalDemandChoice", 2); - g_assert (secman.demandchoice); - - secman.demandunmanaged = mono_class_get_method_from_name (secman.securitymanager, - "DemandUnmanaged", 0); - g_assert (secman.demandunmanaged); - - secman.inheritancedemand = mono_class_get_method_from_name (secman.securitymanager, - "InheritanceDemand", 3); - g_assert (secman.inheritancedemand); - - secman.inheritsecurityexception = mono_class_get_method_from_name (secman.securitymanager, - "InheritanceDemandSecurityException", 4); - g_assert (secman.inheritsecurityexception); - - secman.linkdemand = mono_class_get_method_from_name (secman.securitymanager, - "LinkDemand", 3); - g_assert (secman.linkdemand); - - secman.linkdemandunmanaged = mono_class_get_method_from_name (secman.securitymanager, - "LinkDemandUnmanaged", 1); - g_assert (secman.linkdemandunmanaged); - - secman.linkdemandfulltrust = mono_class_get_method_from_name (secman.securitymanager, - "LinkDemandFullTrust", 1); - g_assert (secman.linkdemandfulltrust); - - secman.linkdemandsecurityexception = mono_class_get_method_from_name (secman.securitymanager, - "LinkDemandSecurityException", 3); - g_assert (secman.linkdemandsecurityexception); - - secman.allowpartiallytrustedcallers = mono_class_from_name (mono_defaults.corlib, "System.Security", - "AllowPartiallyTrustedCallersAttribute"); - g_assert (secman.allowpartiallytrustedcallers); - - secman.suppressunmanagedcodesecurity = mono_class_from_name (mono_defaults.corlib, "System.Security", - "SuppressUnmanagedCodeSecurityAttribute"); - g_assert (secman.suppressunmanagedcodesecurity); return &secman; } -static gboolean -mono_secman_inheritance_check (MonoClass *klass, MonoDeclSecurityActions *demands) -{ - MonoSecurityManager* secman = mono_security_manager_get_methods (); - MonoDomain *domain = mono_domain_get (); - MonoAssembly *assembly = mono_image_get_assembly (klass->image); - MonoReflectionAssembly *refass = mono_assembly_get_object (domain, assembly); - MonoObject *res; - gpointer args [3]; - - args [0] = domain->domain; - args [1] = refass; - args [2] = demands; - - res = mono_runtime_invoke (secman->inheritancedemand, NULL, args, NULL); - return (*(MonoBoolean *) mono_object_unbox (res)); -} - -void -mono_secman_inheritancedemand_class (MonoClass *klass, MonoClass *parent) -{ - MonoDeclSecurityActions demands; - - /* don't hide previous results -and- don't calc everything for nothing */ - if (klass->exception_type != 0) - return; - - /* short-circuit corlib as it is fully trusted (within itself) - * and because this cause major recursion headaches */ - if ((klass->image == mono_defaults.corlib) && (parent->image == mono_defaults.corlib)) - return; - - /* Check if there are an InheritanceDemand on the parent class */ - if (mono_declsec_get_inheritdemands_class (parent, &demands)) { - /* If so check the demands on the klass (inheritor) */ - if (!mono_secman_inheritance_check (klass, &demands)) { - /* Keep flags in MonoClass to be able to throw a SecurityException later (if required) */ - klass->exception_type = MONO_EXCEPTION_SECURITY_INHERITANCEDEMAND; - klass->exception_data = NULL; - } - } -} - -void -mono_secman_inheritancedemand_method (MonoMethod *override, MonoMethod *base) -{ - MonoDeclSecurityActions demands; - - /* don't hide previous results -and- don't calc everything for nothing */ - if (override->klass->exception_type != 0) - return; - - /* short-circuit corlib as it is fully trusted (within itself) - * and because this cause major recursion headaches */ - if ((override->klass->image == mono_defaults.corlib) && (base->klass->image == mono_defaults.corlib)) - return; - - /* Check if there are an InheritanceDemand on the base (virtual) method */ - if (mono_declsec_get_inheritdemands_method (base, &demands)) { - /* If so check the demands on the overriding method */ - if (!mono_secman_inheritance_check (override->klass, &demands)) { - /* Keep flags in MonoClass to be able to throw a SecurityException later (if required) */ - override->klass->exception_type = MONO_EXCEPTION_SECURITY_INHERITANCEDEMAND; - override->klass->exception_data = base; - } - } -} - +#else -/* - * Note: The security manager is activate once when executing the Mono. This - * is not meant to be a turn on/off runtime switch. - */ -void -mono_activate_security_manager (void) +MonoSecurityManager* +mono_security_manager_get_methods (void) { - mono_security_manager_activated = TRUE; + return NULL; } -gboolean -mono_is_security_manager_active (void) -{ - return mono_security_manager_activated; -} +#endif /* DISABLE_SECURITY */ /* * @publickey An encoded (with header) public key @@ -203,15 +94,14 @@ mono_get_context_capture_method (void) { static MonoMethod *method = NULL; - if (!mono_security_manager_activated) { - if (mono_image_get_assembly (mono_defaults.corlib)->aname.major < 2) - return NULL; - } + if (mono_image_get_assembly (mono_defaults.corlib)->aname.major < 2) + return NULL; /* older corlib revisions won't have the class (nor the method) */ - if (mono_defaults.executioncontext_class && !method) { - mono_class_init (mono_defaults.executioncontext_class); - method = mono_class_get_method_from_name (mono_defaults.executioncontext_class, "Capture", 0); + MonoClass *execution_context = mono_class_try_get_execution_context_class (); + if (execution_context && !method) { + mono_class_init (execution_context); + method = mono_class_get_method_from_name (execution_context, "Capture", 0); } return method; @@ -223,55 +113,13 @@ mono_get_context_capture_method (void) MonoBoolean ves_icall_System_Security_SecurityManager_get_SecurityEnabled (void) { - if (!mono_security_manager_activated) - return FALSE; - return mono_security_manager_enabled; + /* SecurityManager is internal for Moonlight and SecurityEnabled is used to know if CoreCLR is active + * (e.g. plugin executing in the browser) or not (e.g. smcs compiling source code with corlib 2.1) + */ + return (mono_security_get_mode () == MONO_SECURITY_MODE_CORE_CLR); } void ves_icall_System_Security_SecurityManager_set_SecurityEnabled (MonoBoolean value) { - /* value can be changed only if the security manager is activated */ - if (mono_security_manager_activated) { - mono_security_manager_enabled = value; - } -} - -MonoBoolean -ves_icall_System_Security_SecurityManager_get_CheckExecutionRights (void) -{ - if (!mono_security_manager_activated) - return FALSE; - return mono_security_manager_execution; -} - -void -ves_icall_System_Security_SecurityManager_set_CheckExecutionRights (MonoBoolean value) -{ - /* value can be changed only id the security manager is activated */ - if (mono_security_manager_activated) { - mono_security_manager_execution = value; - } -} - -MonoBoolean -ves_icall_System_Security_SecurityManager_GetLinkDemandSecurity (MonoReflectionMethod *m, MonoDeclSecurityActions *kactions, MonoDeclSecurityActions *mactions) -{ - MonoMethod *method = m->method; - /* we want the original as the wrapper is "free" of the security informations */ - if (method->wrapper_type == MONO_WRAPPER_MANAGED_TO_NATIVE || method->wrapper_type == MONO_WRAPPER_MANAGED_TO_MANAGED) { - method = mono_marshal_method_from_wrapper (method); - } - - mono_class_init (method->klass); - - /* if either the method or it's class has security (any type) */ - if ((method->flags & METHOD_ATTRIBUTE_HAS_SECURITY) || (method->klass->flags & TYPE_ATTRIBUTE_HAS_SECURITY)) { - memset (kactions, 0, sizeof (MonoDeclSecurityActions)); - memset (mactions, 0, sizeof (MonoDeclSecurityActions)); - - /* get any linkdemand (either on the method or it's class) */ - return mono_declsec_get_linkdemands (method, kactions, mactions); - } - return FALSE; }