+2009-11-18 Sebastien Pouliot <sebastien@ximian.com>
+
+ * class.c (can_access_internals): Allow CoreCLR to participate in
+ allowing (or not) [InternalsVisibleTo] between assemblies.
+ * security-core-clr.c|h: Make sure that only trusted code (a
+ superset of platform code) can access the internals of platform
+ code.
Mon Nov 16 16:28:11 CET 2009 Paolo Molaro <lupus@ximian.com>
return TRUE;
if (!accessed || !accessing)
return FALSE;
+
+ /* extra safety under CoreCLR - the runtime does not verify the strongname signatures
+ * anywhere so untrusted friends are not safe to access platform's code internals */
+ if (mono_security_get_mode () == MONO_SECURITY_MODE_CORE_CLR) {
+ if (!mono_security_core_clr_can_access_internals (accessing->image, accessed->image))
+ return FALSE;
+ }
+
mono_assembly_load_friends (accessed);
for (tmp = accessed->friend_assembly_names; tmp; tmp = tmp->next) {
MonoAssemblyName *friend = tmp->data;
return NULL;
}
+/*
+ * mono_security_core_clr_can_access_internals
+ *
+ * Check if we allow [InternalsVisibleTo] to work between two images.
+ */
+gboolean
+mono_security_core_clr_can_access_internals (MonoImage *accessing, MonoImage* accessed)
+{
+ /* are we trying to access internals of a platform assembly ? if not this is acceptable */
+ if (!mono_security_core_clr_is_platform_image (accessed))
+ return TRUE;
+
+ /* we can't let everyone with the right name and public key token access the internals of platform code.
+ * (Silverlight can rely on the strongname signature of the assemblies, but Mono does not verify them)
+ * However platform code is fully trusted so it can access the internals of other platform code assemblies */
+ if (mono_security_core_clr_is_platform_image (accessing))
+ return TRUE;
+
+ /* catch-22: System.Xml needs access to mscorlib's internals (e.g. ArrayList) but is not considered platform code.
+ * Promoting it to platform code would create another issue since (both Mono/Moonlight or MS version of)
+ * System.Xml.Linq.dll (an SDK, not platform, assembly) needs access to System.Xml.dll internals (either ).
+ * The solution is to trust, even transparent code, in the plugin directory to access platform code internals */
+ return (strcmp (accessed->assembly->basedir, accessing->assembly->basedir) == 0);
+}
+
/*
* mono_security_core_clr_level_from_cinfo:
*
extern gboolean mono_security_core_clr_ensure_delegate_creation (MonoMethod *method, gboolean throwOnBindFailure) MONO_INTERNAL;
extern MonoException* mono_security_core_clr_ensure_dynamic_method_resolved_object (gpointer ref, MonoClass *handle_class) MONO_INTERNAL;
+extern gboolean mono_security_core_clr_can_access_internals (MonoImage *accessing, MonoImage* accessed) MONO_INTERNAL;
+
extern MonoSecurityCoreCLRLevel mono_security_core_clr_class_level (MonoClass *class) MONO_INTERNAL;
extern MonoSecurityCoreCLRLevel mono_security_core_clr_method_level (MonoMethod *method, gboolean with_class_level) MONO_INTERNAL;