+2005-06-01 Sebastien Pouliot <sebastien@ximian.com>
+
+ * PermissionBuilder.cs: Removed unification stuff. This is done at a
+ lower level.
+ * SecurityManager.cs: Split loading PolicyLevel in two phases. The
+ PolicyHierarchy is now available after phase 1 which ensures we can
+ load permission from outside corlib.
+
2005-05-28 Sebastien Pouliot <sebastien@ximian.com>
* HostSecurityManager.cs: Added check for ActivationArguments in
internal static IPermission CreatePermission (string fullname, SecurityElement se)
{
- Type classType = GetUnifiedType (fullname);
+ Type classType = Type.GetType (fullname);
if (classType == null) {
string msg = Locale.GetText ("Can't create an instance of permission class {0}.");
#if NET_2_0
#endif
}
+ // note: unification is handled in lower levels
+ // http://blogs.msdn.com/shawnfa/archive/2004/08/05/209320.aspx
IPermission p = (IPermission) Activator.CreateInstance (classType, psNone);
p.FromXml (se);
return p;
}
-
- // http://blogs.msdn.com/shawnfa/archive/2004/08/05/209320.aspx
- static internal Type GetUnifiedType (string fullname)
- {
- // ensure that permission signed with ECMA or MS "final" key gets unified
- if (fullname.EndsWith (", PublicKeyToken=b03f5f7f11d50a3a") ||
- fullname.EndsWith (", PublicKeyToken=b77a5c561934e089")) {
- // public key token match, check versions
-#if NET_2_0
- if (fullname.IndexOf (", Version=2.0.0.0, ") < 0)
- fullname = Unify (fullname, "2.0.0.0");
-#else
- if (fullname.IndexOf (", Version=1.0.5000.0, ") < 0)
- fullname = Unify (fullname, "1.0.5000.0");
-#endif
- }
-
- return Type.GetType (fullname);
- }
-
- static internal string Unify (string fullname, string version)
- {
- int vs = fullname.IndexOf (", Version=");
- int ve = fullname.IndexOf (",", vs + 10);
- return fullname.Substring (0, vs + 10) + version + fullname.Substring (ve);
- }
}
}
try {
pl = new PolicyLevel (type.ToString (), type);
pl.LoadFromFile (path);
+ pl.Initialize ();
}
catch (Exception e) {
throw new ArgumentException (Locale.GetText ("Invalid policy XML"), e);
// note: use InternalGetFolderPath to avoid recursive policy initialization
string userPolicyPath = Path.Combine (Environment.InternalGetFolderPath (Environment.SpecialFolder.ApplicationData), "mono");
- ArrayList al = new ArrayList ();
- al.Add (new PolicyLevel ("Enterprise", PolicyLevelType.Enterprise,
- Path.Combine (machinePolicyPath, "enterprisesec.config")));
-
- al.Add (new PolicyLevel ("Machine", PolicyLevelType.Machine,
- Path.Combine (machinePolicyPath, "security.config")));
+ PolicyLevel enterprise = new PolicyLevel ("Enterprise", PolicyLevelType.Enterprise);
+ PolicyLevel machine = new PolicyLevel ("Machine", PolicyLevelType.Machine);
+ PolicyLevel user = new PolicyLevel ("User", PolicyLevelType.User);
- al.Add (new PolicyLevel ("User", PolicyLevelType.User,
- Path.Combine (userPolicyPath, "security.config")));
+ enterprise.LoadFromFile (Path.Combine (machinePolicyPath, "enterprisesec.config"));
+ machine.LoadFromFile (Path.Combine (machinePolicyPath, "security.config"));
+ user.LoadFromFile (Path.Combine (userPolicyPath, "security.config"));
+ ArrayList al = new ArrayList ();
+ al.Add (enterprise);
+ al.Add (machine);
+ al.Add (user);
+ // setting _hierarchy here allows for loading assemblies containing permissions
+ // FIXME: we still need to enforce the FullTrust list
_hierarchy = ArrayList.Synchronized (al);
+
+ // part II - creating the permission sets
+ enterprise.Initialize ();
+ machine.Initialize ();
+ user.Initialize ();
}
internal static bool ResolvePolicyLevel (ref PermissionSet ps, PolicyLevel pl, Evidence evidence)