* CodeAccessPermission.cs: Fixed Union to match 1.1/1.2 documentation.
Simplified ToString to match MS implementation. Added LAMESPEC to
Assert, Demand, Deny and PermitOnly as they aren't virtual.
* NamedPermissionSet.cs: Added internal constructor for PolicyLevel.
* PermissionSet.cs: Added internal constructor for PolicyLevel.
* SecurityManager.cs: Moved some stuff to PolicyLevel class (e.g. Load).
svn path=/trunk/mcs/; revision=21732
+2004-01-05 Sebastien Pouliot <spouliot@videotron.ca>
+
+ * CodeAccessPermission.cs: Fixed Union to match 1.1/1.2 documentation.
+ Simplified ToString to match MS implementation. Added LAMESPEC to
+ Assert, Demand, Deny and PermitOnly as they aren't virtual.
+ * NamedPermissionSet.cs: Added internal constructor for PolicyLevel.
+ * PermissionSet.cs: Added internal constructor for PolicyLevel.
+ * SecurityManager.cs: Moved some stuff to PolicyLevel class (e.g. Load).
+
2004-01-03 Sebastien Pouliot <spouliot@videotron.ca>
* SecurityManager.cs: Added some basic stuff to make some security unit
// Authors:
// Miguel de Icaza (miguel@ximian.com)
// Nick Drochak, ndrochak@gol.com
+// Sebastien Pouliot (spouliot@motus.com)
//
// (C) Ximian, Inc. http://www.ximian.com
// Copyright (C) 2001 Nick Drochak, All Rights Reserved
+// Portions (C) 2004 Motus Technologies Inc. (http://www.motus.com)
//
+using System.Globalization;
+using System.Security.Permissions;
using System.Text;
namespace System.Security {
protected CodeAccessPermission () {}
- [MonoTODO()]
- public void Assert () {}
+ // LAMESPEC: Documented as virtual
+ [MonoTODO("SecurityStackFrame not ready")]
+ public void Assert ()
+ {
+ // throw a SecurityException if Assertion is denied
+ new SecurityPermission (SecurityPermissionFlag.Assertion).Demand ();
+// SecurityStackFrame.Current.Assert = this;
+ }
public abstract IPermission Copy ();
- [MonoTODO()]
- public void Demand () {}
+ // LAMESPEC: Documented as virtual
+ [MonoTODO("MS contralize demands, but I think we should branch back into indivual permission classes.")]
+ public void Demand ()
+ {
+ IBuiltInPermission perm = (this as IBuiltInPermission);
+ if (perm == null)
+ throw new SecurityException (Locale.GetText ("Not a IBuiltInPermission and Demand isn't overridden"));
+
+ // TODO : Loop the stack
+ switch (perm.GetTokenIndex ()) {
+ case 0: // EnvironmentPermission
+ // TODO
+ break;
+ case 1: // FileDialogPermission
+ // TODO
+ break;
+ case 2: // FileIOPermission
+ // TODO
+ break;
+ case 3: // IsolatedStorageFilePermission
+ // TODO
+ break;
+ case 4: // ReflectionPermission
+ // TODO
+ break;
+ case 5: // RegistryPermission
+ // TODO
+ break;
+ case 6: // SecurityPermission
+ // TODO
+ break;
+ case 7: // UIPermission
+ // TODO
+ break;
+ case 8: // PrincipalPermission
+ // TODO
+ break;
+ case 9: // PublisherIdentityPermission
+ // TODO
+ break;
+ case 10: // SiteIdentityPermission
+ // TODO
+ break;
+ case 11: // StrongNameIdentityPermission
+ // TODO
+ break;
+ case 12: // UrlIdentityPermission
+ // TODO
+ break;
+ case 13: // ZoneIdentityPermission
+ // TODO
+ break;
+ default:
+ string message = String.Format (Locale.GetText ("Unknown IBuiltInPermission #{0}"), perm.GetTokenIndex ());
+ throw new SecurityException (message);
+ }
+ }
- [MonoTODO()]
- public void Deny () {}
+ // LAMESPEC: Documented as virtual
+ [MonoTODO("SecurityStackFrame not ready")]
+ public void Deny ()
+ {
+// SecurityStackFrame.Current.Deny = this;
+ }
public abstract void FromXml (SecurityElement elem);
public abstract bool IsSubsetOf (IPermission target);
- public override string ToString()
+ public override string ToString ()
{
SecurityElement elem = ToXml ();
- return elem == null ? null : elem.ToString ();
+ return elem.ToString ();
}
public abstract SecurityElement ToXml ();
- [MonoTODO("Incomplete")]
public virtual IPermission Union (IPermission other)
{
- if (!(other is System.Security.CodeAccessPermission))
- throw new System.ArgumentException(); // other is not of type System.Security.CodeAccessPermission.
if (null != other)
- throw new System.NotSupportedException(); // other is not null.
+ throw new System.NotSupportedException (); // other is not null.
return null;
}
- [MonoTODO()]
- public void PermitOnly () {}
+ // LAMESPEC: Documented as virtual
+ [MonoTODO("SecurityStackFrame not ready")]
+ public void PermitOnly ()
+ {
+// SecurityStackFrame.Current.PermitOnly = this;
+ }
- [MonoTODO()]
- public static void RevertAll () {}
+ [MonoTODO("SecurityStackFrame not ready")]
+ public static void RevertAll ()
+ {
+// SecurityStackFrame.Current.RevertAll ();
+ }
- [MonoTODO()]
- public static void RevertAssert () {}
+ [MonoTODO("SecurityStackFrame not ready")]
+ public static void RevertAssert ()
+ {
+// SecurityStackFrame.Current.RevertAssert ();
+ }
- [MonoTODO()]
- public static void RevertDeny () {}
+ [MonoTODO("SecurityStackFrame not ready")]
+ public static void RevertDeny ()
+ {
+// SecurityStackFrame.Current.RevertDeny ();
+ }
- [MonoTODO()]
- public static void RevertPermitOnly () {}
+ [MonoTODO("SecurityStackFrame not ready")]
+ public static void RevertPermitOnly ()
+ {
+// SecurityStackFrame.Current.RevertPermitOnly ();
+ }
// snippet moved from FileIOPermission (nickd) to be reused in all derived classes
internal SecurityElement Element (object o, int version)
public NamedPermissionSet (string name) : this (name, PermissionState.None) {}
+ // for PolicyLevel (to avoid validation duplication)
+ internal NamedPermissionSet (SecurityElement e) : base (e) {}
+
+ // properties
+
public string Description {
get { return description; }
set { description = value; }
public override void FromXml (SecurityElement e)
{
- FromXml (e, "System.Security.NamedPermissionSet");
+ FromXml (e, "NamedPermissionSet");
Name = (e.Attributes ["Name"] as string);
description = (e.Attributes ["Description"] as string);
if (description == null)
private PermissionState state;
private ArrayList list;
+ // constructors
+
public PermissionSet (PermissionState state)
{
if (!Enum.IsDefined(typeof(System.Security.Permissions.PermissionState), state))
}
}
+ // for PolicyLevel (to avoid validation duplication)
+ internal PermissionSet (SecurityElement e)
+ {
+ list = new ArrayList ();
+ FromXml (e);
+ }
+
+ // methods
+
public virtual IPermission AddPermission (IPermission perm)
{
if (perm == null)
throw new ArgumentNullException ("et");
if (et.Tag != "PermissionSet")
throw new ArgumentException ("not PermissionSet");
- if (!(et.Attributes ["class"] as string).StartsWith (className))
+ if (!(et.Attributes ["class"] as string).EndsWith (className))
throw new ArgumentException ("not " + className);
// version isn't checked
// if ((et.Attributes ["version"] as string) != "1")
public virtual void FromXml (SecurityElement et)
{
list.Clear ();
- FromXml (et, "System.Security.PermissionSet");
+ FromXml (et, "PermissionSet");
if (et.Children != null) {
foreach (SecurityElement se in et.Children) {
string className = (se.Attributes ["class"] as string);
//
using System.Collections;
+using System.Globalization;
using System.IO;
using System.Security.Permissions;
using System.Security.Policy;
+using Mono.Xml;
+
namespace System.Security {
+ // Note: Using [SecurityPermissionAttribute] would be cool but triggers an error
+ // as you can't reference a custom security attribute from it's own assembly (CS0647)
+
public sealed class SecurityManager {
private static bool checkExecutionRights;
private static bool securityEnabled;
- static private object _lockObject;
+ private static object _lockObject;
private static ArrayList _hierarchy;
static SecurityManager ()
return false;
}
- [MonoTODO()]
public static PolicyLevel LoadPolicyLevelFromFile (string path, PolicyLevelType type)
{
- if (path == null)
- throw new ArgumentNullException ("path");
- if (!File.Exists (path))
- throw new ArgumentException ("file do not exist");
// throw a SecurityException if we don't have ControlPolicy permission
new SecurityPermission (SecurityPermissionFlag.ControlPolicy).Demand ();
- // throw a SecurityException if we don't have Read, Write and PathDiscovery permissions
- FileIOPermissionAccess access = FileIOPermissionAccess.Read | FileIOPermissionAccess.Write | FileIOPermissionAccess.PathDiscovery;
- new FileIOPermission (access, path).Demand ();
- // TODO
- return null;
+ if (path == null)
+ throw new ArgumentNullException ("path");
+
+ PolicyLevel pl = null;
+ try {
+ pl = new PolicyLevel (type.ToString ());
+ pl.LoadFromFile (path);
+ }
+ catch (Exception e) {
+ throw new ArgumentException (Locale.GetText ("Invalid policy XML"), e);
+ }
+ return pl;
}
- [MonoTODO()]
public static PolicyLevel LoadPolicyLevelFromString (string str, PolicyLevelType type)
{
- if (null == str)
- throw new ArgumentNullException("str");
// throw a SecurityException if we don't have ControlPolicy permission
new SecurityPermission (SecurityPermissionFlag.ControlPolicy).Demand ();
- // TODO
- return null;
+ if (null == str)
+ throw new ArgumentNullException ("str");
+
+ PolicyLevel pl = null;
+ try {
+ pl = new PolicyLevel (type.ToString ());
+ pl.LoadFromString (str);
+ }
+ catch (Exception e) {
+ throw new ArgumentException (Locale.GetText ("Invalid policy XML"), e);
+ }
+ return pl;
}
- [MonoTODO("InitializePolicyHierarchy not implemented")]
+ [MonoTODO("InitializePolicyHierarchy isn't complete")]
public static IEnumerator PolicyHierarchy ()
{
// throw a SecurityException if we don't have ControlPolicy permission
new SecurityPermission (SecurityPermissionFlag.ControlPolicy).Demand ();
- if (_hierarchy == null) {
- lock (_lockObject) {
- InitializePolicyHierarchy ();
- }
- }
- return _hierarchy.GetEnumerator ();
+
+ return Hierarchy;
}
[MonoTODO()]
public static void SavePolicy ()
{
// throw a SecurityException if we don't have ControlPolicy permission
- // done by using PolicyHierarchy (no need to duplicate)
- IEnumerator e = PolicyHierarchy ();
+ new SecurityPermission (SecurityPermissionFlag.ControlPolicy).Demand ();
+
+ IEnumerator e = Hierarchy;
while (e.MoveNext ()) {
PolicyLevel level = (e.Current as PolicyLevel);
InternalSavePolicyLevel (level);
// internal stuff
+ internal static IEnumerator Hierarchy {
+ get {
+ if (_hierarchy == null) {
+ lock (_lockObject) {
+ InitializePolicyHierarchy ();
+ }
+ }
+ return _hierarchy.GetEnumerator ();
+ }
+ }
+
internal static void InternalSavePolicyLevel (PolicyLevel level)
{
// without the security checks (to avoid checks in loops)