diff options
| author | danmosemsft <danmose@microsoft.com> | 2017-02-10 16:07:45 -0800 |
|---|---|---|
| committer | danmosemsft <danmose@microsoft.com> | 2017-02-10 21:36:03 -0800 |
| commit | 6302d7a50884c6cf239e74bad85988be7403fe72 (patch) | |
| tree | cad87e67d0555107867ffd98030f66b5ef53ad70 | |
| parent | 751771a8976f909af772e35c167bd7e3ffbe44c8 (diff) | |
| download | coreclr-6302d7a50884c6cf239e74bad85988be7403fe72.tar.gz coreclr-6302d7a50884c6cf239e74bad85988be7403fe72.tar.bz2 coreclr-6302d7a50884c6cf239e74bad85988be7403fe72.zip | |
Remove always undefined FEATURE_APTCA
35 files changed, 3 insertions, 648 deletions
diff --git a/src/debug/daccess/nidump.cpp b/src/debug/daccess/nidump.cpp index 7a2a62f3ad..91dff84008 100644 --- a/src/debug/daccess/nidump.cpp +++ b/src/debug/daccess/nidump.cpp @@ -621,10 +621,6 @@ const NativeImageDumper::EnumMnemonics s_CorCompileDependencyInfoFlags[] = { #define CMDI_ENTRY(f) NativeImageDumper::EnumMnemonics(CORCOMPILE_DEPENDENCY_ ## f, W(#f)) -#ifdef FEATURE_APTCA - CMDI_ENTRY(IS_APTCA), - CMDI_ENTRY(IS_CAPTCA), -#endif //FEATURE_APTCA #undef CMDI_ENTRY }; @@ -3741,9 +3737,6 @@ const NativeImageDumper::EnumMnemonics s_MSDFlags[] = { #define MSD_ENTRY(f) NativeImageDumper::EnumMnemonics(ModuleSecurityDescriptorFlags_ ## f, W(#f)) MSD_ENTRY(IsComputed), -#ifdef FEATURE_APTCA - MSD_ENTRY(IsAPTCA), -#endif // FEATURE_APTCA MSD_ENTRY(IsAllCritical), MSD_ENTRY(IsAllTransparent), MSD_ENTRY(IsTreatAsSafe), diff --git a/src/dlls/mscorrc/mscorrc.rc b/src/dlls/mscorrc/mscorrc.rc index 138db55b66..5385327a1f 100644 --- a/src/dlls/mscorrc/mscorrc.rc +++ b/src/dlls/mscorrc/mscorrc.rc @@ -1591,10 +1591,6 @@ STRINGTABLE DISCARDABLE BEGIN IDS_ACCESS_EXCEPTION_CONTEXT_LEVEL2_APTCA "Assembly '%1' is marked with the AllowPartiallyTrustedCallersAttribute, and uses the level 2 security transparency model. Level 2 transparency causes all methods in AllowPartiallyTrustedCallers assemblies to become security transparent by default, which may be the cause of this exception." IDS_ACCESS_EXCEPTION_CONTEXT_PT_TRANSPARENT "Assembly '%1' is partially trusted, which causes the CLR to make it entirely security transparent regardless of any transparency annotations in the assembly itself. In order to access security critical code, this assembly must be fully trusted." -#ifdef FEATURE_APTCA - IDS_ACCESS_EXCEPTION_CONTEXT_APTCA_KILLBIT "Assembly '%1' has had an APTCA killbit set for it, which prevents it from being used by partial trust or security transparent code." - IDS_ACCESS_EXCEPTION_CONTEXT_CONDITIONAL_APTCA "Assembly '%1' is a conditionally APTCA assembly which is not enabled in the current AppDomain. To enable this assembly to be used by partial trust or security transparent code, please add assembly name '%2' to the the PartialTrustVisibleAssemblies list when creating the AppDomain." -#endif // FEATURE_APTCA END // These strings are generated from within the EE for streams diff --git a/src/inc/corcompile.h b/src/inc/corcompile.h index 9cd072008a..6b1fdb775a 100644 --- a/src/inc/corcompile.h +++ b/src/inc/corcompile.h @@ -897,10 +897,6 @@ struct CORCOMPILE_VERSION_INFO #ifndef FEATURE_CORECLR enum CorCompileDependencyInfo { -#ifdef FEATURE_APTCA - CORCOMPILE_DEPENDENCY_IS_APTCA = 0x1, - CORCOMPILE_DEPENDENCY_IS_CAPTCA = 0x2, -#endif //FEATURE_APTCA CORCOMPILE_DEPENDENCY_PEKIND_MASK = 0xff00, CORCOMPILE_DEPENDENCY_PEKIND_SHIFT = 8, @@ -919,10 +915,6 @@ struct CORCOMPILE_DEPENDENCY CORCOMPILE_NGEN_SIGNATURE signNativeImage; // INVALID_NGEN_SIGNATURE if this a soft-bound dependency -#ifdef FEATURE_APTCA - // Win32 version info for tracking dependency references to strong-named assemblies with APTCA - ULARGE_INTEGER uliFileVersion; // OS file version ~ NOT assembly version -#endif //FEATURE_APTCA #ifndef FEATURE_CORECLR CorCompileDependencyInfo dependencyInfo; //Flags about the dependency diff --git a/src/vm/appdomainnative.cpp b/src/vm/appdomainnative.cpp index 3935cb5b54..9266849be4 100644 --- a/src/vm/appdomainnative.cpp +++ b/src/vm/appdomainnative.cpp @@ -902,25 +902,6 @@ BOOL QCALLTYPE AppDomainNative::IsLegacyCasPolicyEnabled(QCall::AppDomainHandle #endif // FEATURE_CAS_POLICY -#ifdef FEATURE_APTCA - -// static -void QCALLTYPE AppDomainNative::SetCanonicalConditionalAptcaList(QCall::AppDomainHandle adhTarget, - LPCWSTR wszCanonicalConditionalAptcaList) -{ - QCALL_CONTRACT; - - BEGIN_QCALL; - - IApplicationSecurityDescriptor *pAppSecDesc = adhTarget->GetSecurityDescriptor(); - - GCX_COOP(); - pAppSecDesc->SetCanonicalConditionalAptcaList(wszCanonicalConditionalAptcaList); - - END_QCALL; -} - -#endif // FEATURE_APTCA FCIMPL1(Object*, AppDomainNative::GetFriendlyName, AppDomainBaseObject* refThisUNSAFE) { diff --git a/src/vm/appdomainnative.hpp b/src/vm/appdomainnative.hpp index cb0c364cfa..dff84345ea 100644 --- a/src/vm/appdomainnative.hpp +++ b/src/vm/appdomainnative.hpp @@ -129,11 +129,6 @@ public: BOOL QCALLTYPE IsLegacyCasPolicyEnabled(QCall::AppDomainHandle adhTarget); #endif // FEATURE_CAS_POLICY -#ifdef FEATURE_APTCA - static - void QCALLTYPE SetCanonicalConditionalAptcaList(QCall::AppDomainHandle adhTarget, - LPCWSTR wszCanonicalConditionalAptcaList); -#endif // FEATURE_APTCA #ifdef FEATURE_APPDOMAINMANAGER_INITOPTIONS static diff --git a/src/vm/aptca.h b/src/vm/aptca.h index 3d590a093a..5825eb7a9e 100644 --- a/src/vm/aptca.h +++ b/src/vm/aptca.h @@ -37,9 +37,7 @@ #ifndef __APTCA_H__ #define __APTCA_H__ -#ifndef FEATURE_APTCA #error FEATURE_APTCA is required for this file -#endif // FEATURE_APTCA #include "securitymeta.h" diff --git a/src/vm/assembly.cpp b/src/vm/assembly.cpp index 08792c92f4..eb4c2e5083 100644 --- a/src/vm/assembly.cpp +++ b/src/vm/assembly.cpp @@ -991,14 +991,6 @@ Assembly *Assembly::CreateDynamic(AppDomain *pDomain, CreateDynamicAssemblyArgs if (args->flags & kTreatAsSafeAssembly) tokenFlags |= TokenSecurityDescriptorFlags_TreatAsSafe; -#ifdef FEATURE_APTCA - if (args->aptcaBlob != NULL) - { - tokenFlags |= ParseAptcaAttribute(args->aptcaBlob->GetDirectPointerToNonObjectElements(), - args->aptcaBlob->GetNumComponents()); - } - -#endif // FEATURE_APTCA #ifndef FEATURE_CORECLR // Use the security rules given to us if the emitting code has selected a specific one. Otherwise, diff --git a/src/vm/assembly.hpp b/src/vm/assembly.hpp index 54bb03de96..7466903663 100644 --- a/src/vm/assembly.hpp +++ b/src/vm/assembly.hpp @@ -291,7 +291,7 @@ public: BOOL GetModuleZapFile(LPCWSTR name, SString &path); -#if defined(FEATURE_APTCA) || defined(FEATURE_CORESYSTEM) +#if defined(FEATURE_CORESYSTEM) BOOL AllowUntrustedCaller(); #endif // defined(FEATURE_APTCA) || defined(FEATURE_CORESYSTEM) diff --git a/src/vm/clsload.cpp b/src/vm/clsload.cpp index fe74bf8a6f..fd7644ce98 100644 --- a/src/vm/clsload.cpp +++ b/src/vm/clsload.cpp @@ -5369,21 +5369,6 @@ void GetAccessExceptionAdditionalContextForSecurity(Assembly *pAccessingAssembly } #endif // FEATURE_CORECLR -#if defined(FEATURE_APTCA) && !defined(CROSSGEN_COMPILE) - // If the target assembly is conditionally APTCA, then it may needed to have been enabled in the domain - SString conditionalAptcaContext = Security::GetConditionalAptcaAccessExceptionContext(pTargetAssembly); - if (!conditionalAptcaContext.IsEmpty()) - { - pContextInformation->Append(conditionalAptcaContext); - } - - // If the target assembly is APTCA killbitted, then indicate that as well - SString aptcaKillBitContext = Security::GetAptcaKillBitAccessExceptionContext(pTargetAssembly); - if (!aptcaKillBitContext.IsEmpty()) - { - pContextInformation->Append(aptcaKillBitContext); - } -#endif // FEATURE_APTCA && !CROSSGEN_COMPILE } // Generate additional context about the root cause of an access exception which may help in debugging it (for diff --git a/src/vm/compile.cpp b/src/vm/compile.cpp index 87107151eb..724dd315be 100644 --- a/src/vm/compile.cpp +++ b/src/vm/compile.cpp @@ -7374,9 +7374,6 @@ HRESULT CompilationDomain::AddDependencyEntry(PEAssembly *pFile, pDependency->dwAssemblyDef = def; pDependency->signNativeImage = INVALID_NGEN_SIGNATURE; -#ifdef FEATURE_APTCA - pDependency->dependencyInfo = CorCompileDependencyInfo(0); -#endif //FEATURE_APTCA if (pFile) { @@ -7384,47 +7381,10 @@ HRESULT CompilationDomain::AddDependencyEntry(PEAssembly *pFile, // Note that this can trigger an assembly load (of mscorlib) pAssembly->GetOptimizedIdentitySignature(&pDependency->signAssemblyDef); -#if defined(FEATURE_APTCA) || !defined(FEATURE_CORECLR) +#if !defined(FEATURE_CORECLR) ReleaseHolder<IMDInternalImport> pAssemblyMD(pFile->GetMDImportWithRef()); #endif -#ifdef FEATURE_APTCA - // determine if there's an APTCA reference, before we retrieve the target file version (for killbit) - TokenSecurityDescriptorFlags assemblySecurityAttributes = - TokenSecurityDescriptor::ReadSecurityAttributes(pAssemblyMD, TokenFromRid(1, mdtAssembly)); - - pFile->AddRef(); - - BOOL fIsAptca = assemblySecurityAttributes & (TokenSecurityDescriptorFlags_APTCA - | TokenSecurityDescriptorFlags_ConditionalAPTCA); - if (fIsAptca) - { - // get the file path - LPCWSTR pwszPath = pFile->GetPath().GetUnicode(); - if (pwszPath == NULL) - { - return E_FAIL; - } - // retrieve the file version based on the file path (using Watson OS wrapper) - if (FAILED(GetFileVersion(pwszPath, &pDependency->uliFileVersion))) - // ignore failures (e.g. platform doesn't support file version, or version info missing - - { - fIsAptca = FALSE; - } - } - if (fIsAptca) - { - pDependency->dependencyInfo = CorCompileDependencyInfo(pDependency->dependencyInfo - | CORCOMPILE_DEPENDENCY_IS_APTCA); - } - - if (assemblySecurityAttributes & TokenSecurityDescriptorFlags_ConditionalAPTCA) - { - pDependency->dependencyInfo = CorCompileDependencyInfo(pDependency->dependencyInfo - | CORCOMPILE_DEPENDENCY_IS_CAPTCA); - } -#endif //FEATURE_APTCA #ifdef FEATURE_CORECLR // hardbinding // diff --git a/src/vm/corhost.cpp b/src/vm/corhost.cpp index 369d6fcfd7..e00482168d 100644 --- a/src/vm/corhost.cpp +++ b/src/vm/corhost.cpp @@ -5542,92 +5542,6 @@ public: static CCLRAppDomainResourceMonitor s_Arm; #endif //FEATURE_APPDOMAIN_RESOURCE_MONITORING -#ifdef FEATURE_APTCA -class CLRDomainManager : public ICLRDomainManager -{ -public: - virtual HRESULT STDMETHODCALLTYPE SetAppDomainManagerType(__in LPCWSTR wszAppDomainManagerAssembly, - __in LPCWSTR wszAppDomainManagerType, - EInitializeNewDomainFlags dwInitializeDomainFlags) - { - CONTRACTL - { - NOTHROW; - GC_NOTRIGGER; - ENTRY_POINT; - } - CONTRACTL_END; - - HRESULT hr = S_OK; - BEGIN_ENTRYPOINT_NOTHROW; - - hr = CorHost2::SetAppDomainManagerType(wszAppDomainManagerAssembly, - wszAppDomainManagerType, - dwInitializeDomainFlags); - END_ENTRYPOINT_NOTHROW; - return hr; - } - - virtual HRESULT STDMETHODCALLTYPE SetPropertiesForDefaultAppDomain(DWORD nProperties, - __in_ecount(nProperties) LPCWSTR *pwszPropertyNames, - __in_ecount(nProperties) LPCWSTR *pwszPropertyValues) - { - CONTRACTL - { - NOTHROW; - GC_NOTRIGGER; - } - CONTRACTL_END; - - HRESULT hr = S_OK; - BEGIN_ENTRYPOINT_NOTHROW; - - hr = CorHost2::SetPropertiesForDefaultAppDomain(nProperties, pwszPropertyNames, pwszPropertyValues); - - END_ENTRYPOINT_NOTHROW; - return hr; - } - - virtual ULONG STDMETHODCALLTYPE AddRef() - { - LIMITED_METHOD_CONTRACT; - return 1; - } - - virtual ULONG STDMETHODCALLTYPE Release() - { - LIMITED_METHOD_CONTRACT; - return 1; - } - - virtual HRESULT STDMETHODCALLTYPE QueryInterface(__in REFIID riid, __out LPVOID *ppvObject) - { - LIMITED_METHOD_CONTRACT; - - if (ppvObject == NULL) - return E_POINTER; - - *ppvObject = NULL; - - if (riid == IID_ICLRDomainManager) - { - *ppvObject = this; - } - else if (riid == IID_IUnknown) - { - *ppvObject = static_cast<IUnknown *>(this); - } - - if (*ppvObject == NULL) - return E_NOINTERFACE; - - AddRef(); - return S_OK; - } -}; - -static CLRDomainManager s_CLRDomainManager; -#endif // FEATURE_APTCA BOOL g_CLRPolicyRequested = FALSE; @@ -5724,13 +5638,6 @@ public: return S_OK; } #endif //FEATURE_APPDOMAIN_RESOURCE_MONITORING -#ifdef FEATURE_APTCA - else if (riid == IID_ICLRDomainManager) - { - *ppObject = &s_CLRDomainManager; - return S_OK; - } -#endif // FEATURE_APTCA else return (E_NOINTERFACE); } diff --git a/src/vm/domainfile.cpp b/src/vm/domainfile.cpp index 9a3b902e1c..6842accba1 100644 --- a/src/vm/domainfile.cpp +++ b/src/vm/domainfile.cpp @@ -3537,12 +3537,6 @@ BOOL DomainAssembly::CheckZapSecurity(PEImage *pNativeImage) return TRUE; #else -#ifdef FEATURE_APTCA - if (!Security::NativeImageHasValidAptcaDependencies(pNativeImage, this)) - { - return FALSE; - } -#endif // !FEATURE_APTCA GCX_COOP(); diff --git a/src/vm/ecalllist.h b/src/vm/ecalllist.h index a5031f3e8b..587f6f9132 100644 --- a/src/vm/ecalllist.h +++ b/src/vm/ecalllist.h @@ -704,9 +704,6 @@ FCFuncStart(gAppDomainFuncs) FCFuncElement("nIsDefaultAppDomainForEvidence", AppDomainNative::IsDefaultAppDomainForEvidence) FCFuncElement("nGetAssemblies", AppDomainNative::GetAssemblies) #endif -#ifdef FEATURE_APTCA - QCFuncElement("SetCanonicalConditionalAptcaList", AppDomainNative::SetCanonicalConditionalAptcaList) -#endif // FEATURE_ATPCA QCFuncElement("SetSecurityHomogeneousFlag", AppDomainNative::SetSecurityHomogeneousFlag) QCFuncElement("SetupDomainSecurity", AppDomainNative::SetupDomainSecurity) FCFuncElement("nSetupFriendlyName", AppDomainNative::SetupFriendlyName) @@ -839,9 +836,6 @@ FCFuncStart(gAssemblyFuncs) FCFuncElement("IsReflectionOnly", AssemblyNative::IsReflectionOnly) FCFuncElement("GetManifestModule", AssemblyHandle::GetManifestModule) FCFuncElement("GetToken", AssemblyHandle::GetToken) -#ifdef FEATURE_APTCA - FCFuncElement("AptcaCheck", AssemblyHandle::AptcaCheck) -#endif // FEATURE_APTCA FCFuncEnd() #ifdef FEATURE_CORECLR diff --git a/src/vm/invokeutil.cpp b/src/vm/invokeutil.cpp index 42e5a86249..f53c8fe546 100644 --- a/src/vm/invokeutil.cpp +++ b/src/vm/invokeutil.cpp @@ -1610,25 +1610,6 @@ void InvokeUtil::CanAccessMethod(MethodDesc* pMeth, // stack walks in order to close security holes in poorly written // reflection users. -#ifdef FEATURE_APTCA - if (Security::IsUntrustedCallerCheckNeeded(pMeth)) - { - if (pSCtx->GetCallerMT()) - { - // Check for untrusted caller - // It is possible that wrappers like VBHelper libraries that are - // fully trusted, make calls to public methods that do not have - // safe for Untrusted caller custom attribute set. - // Like all other link demand that gets transformed to a full stack - // walk for reflection, calls to public methods also gets - // converted to full stack walk - - Security::DoUntrustedCallerChecks( - pSCtx->GetCallerMT()->GetAssembly(), pMeth, - TRUE); - } - } -#endif // FEATURE_APTCA struct _gc { diff --git a/src/vm/metasig.h b/src/vm/metasig.h index 5df7038360..d4443e9c47 100644 --- a/src/vm/metasig.h +++ b/src/vm/metasig.h @@ -564,9 +564,6 @@ DEFINE_METASIG_T(SM(Str_Evidence_AppDomainSetup_RetAppDomain, s C(EVIDENCE) C(AP DEFINE_METASIG_T(SM(Str_Evidence_Str_Str_Bool_RetAppDomain, s C(EVIDENCE) s s F, C(APP_DOMAIN))) DEFINE_METASIG_T(SM(Str_RetAppDomain, s, C(APP_DOMAIN))) DEFINE_METASIG_T(SM(Str_AppDomainSetup_Evidence_Evidence_IntPtr_Str_ArrStr_ArrStr_RetObj, s C(APPDOMAIN_SETUP) C(EVIDENCE) C(EVIDENCE) I s a(s) a(s), j)) -#ifdef FEATURE_APTCA -DEFINE_METASIG(IM(PtrChar_Int_PtrByte_Int_RetBool, P(u) i P(b) i, F)) -#endif //FEATURE_APTCA #ifdef FEATURE_COMINTEROP // System.AppDomain.OnReflectionOnlyNamespaceResolveEvent DEFINE_METASIG_T(IM(Assembly_Str_RetArrAssembly, C(ASSEMBLY) s, a(C(ASSEMBLY)))) diff --git a/src/vm/object.h b/src/vm/object.h index cb117898a1..f45cdbd9dd 100644 --- a/src/vm/object.h +++ b/src/vm/object.h @@ -2402,9 +2402,6 @@ class AppDomainBaseObject : public MarshalByRefObjectBaseObject OBJECTREF m_pProcessExitEventHandler; // Delegate for 'process exit' event. Only used in Default appdomain. OBJECTREF m_pDomainUnloadEventHandler; // Delegate for 'about to unload domain' event OBJECTREF m_pUnhandledExceptionEventHandler; // Delegate for 'unhandled exception' event -#ifdef FEATURE_APTCA - OBJECTREF m_aptcaVisibleAssemblies; // array of conditional APTCA assembly names that should be APTCA visible -#endif OBJECTREF m_compatFlags; @@ -2461,13 +2458,6 @@ class AppDomainBaseObject : public MarshalByRefObjectBaseObject return !!m_bIsFastFullTrustDomain; } -#ifdef FEATURE_APTCA - OBJECTREF GetPartialTrustVisibleAssemblies() - { - LIMITED_METHOD_CONTRACT - return m_aptcaVisibleAssemblies; - } -#endif // FEATURE_APTCA // Ref needs to be a PTRARRAYREF void SetPolicies(OBJECTREF ref) @@ -2565,9 +2555,6 @@ class AppDomainSetupObject : public Object I1ARRAYREF m_ConfigurationBytes; STRINGREF m_AppDomainManagerAssembly; STRINGREF m_AppDomainManagerType; -#if FEATURE_APTCA - PTRARRAYREF m_AptcaVisibleAssemblies; -#endif OBJECTREF m_CompatFlags; STRINGREF m_TargetFrameworkName; #ifndef FEATURE_CORECLR diff --git a/src/vm/peimage.cpp b/src/vm/peimage.cpp index 583c5e3144..09b4176e22 100644 --- a/src/vm/peimage.cpp +++ b/src/vm/peimage.cpp @@ -1444,9 +1444,6 @@ PEImage::PEImage(): m_dwPEKind(0), m_dwMachine(0), m_fCachedKindAndMachine(FALSE) -#ifdef FEATURE_APTCA - , m_fMayBeConditionalAptca(TRUE) -#endif // FEATURE_APTCA #ifdef FEATURE_LAZY_COW_PAGES ,m_bAllocatedLazyCOWPages(FALSE) #endif // FEATURE_LAZY_COW_PAGES diff --git a/src/vm/peimage.h b/src/vm/peimage.h index 12a4dd763e..a7fe50e1e4 100644 --- a/src/vm/peimage.h +++ b/src/vm/peimage.h @@ -463,9 +463,6 @@ private: DWORD m_dwMachine; BOOL m_fCachedKindAndMachine; -#ifdef FEATURE_APTCA - BOOL m_fMayBeConditionalAptca; -#endif // FEATURE_APTCA #ifdef FEATURE_FUSION PEFingerprint *m_pILFingerprint; // has to be the real type (as opposed to an interface) so we can delete it @@ -478,10 +475,6 @@ public: PEKIND GetFusionProcessorArchitecture(); #endif -#ifdef FEATURE_APTCA - inline BOOL MayBeConditionalAptca(); - inline void SetIsNotConditionalAptca(); -#endif // FEATURE_APTCA }; FORCEINLINE void PEImageRelease(PEImage *i) diff --git a/src/vm/peimage.inl b/src/vm/peimage.inl index 2f4d7d4f31..4d913ea02b 100644 --- a/src/vm/peimage.inl +++ b/src/vm/peimage.inl @@ -873,19 +873,6 @@ inline void PEImage::GetPEKindAndMachine(DWORD* pdwKind, DWORD* pdwMachine) *pdwMachine = m_dwMachine; } -#ifdef FEATURE_APTCA -inline BOOL PEImage::MayBeConditionalAptca() -{ - LIMITED_METHOD_CONTRACT; - return m_fMayBeConditionalAptca; -} - -inline void PEImage::SetIsNotConditionalAptca() -{ - LIMITED_METHOD_CONTRACT; - m_fMayBeConditionalAptca = FALSE; -} -#endif // FEATURE_APTCA #ifndef FEATURE_CORECLR inline BOOL PEImage::IsReportedToUsageLog() diff --git a/src/vm/runtimehandles.cpp b/src/vm/runtimehandles.cpp index 68ad24c8f6..65aeb45f97 100644 --- a/src/vm/runtimehandles.cpp +++ b/src/vm/runtimehandles.cpp @@ -3263,36 +3263,6 @@ FCIMPL1(INT32, AssemblyHandle::GetToken, AssemblyBaseObject* pAssemblyUNSAFE) { } FCIMPLEND -#ifdef FEATURE_APTCA -FCIMPL2(FC_BOOL_RET, AssemblyHandle::AptcaCheck, AssemblyBaseObject* pTargetAssemblyUNSAFE, AssemblyBaseObject* pSourceAssemblyUNSAFE) -{ - FCALL_CONTRACT; - - ASSEMBLYREF refTargetAssembly = (ASSEMBLYREF)ObjectToOBJECTREF(pTargetAssemblyUNSAFE); - ASSEMBLYREF refSourceAssembly = (ASSEMBLYREF)ObjectToOBJECTREF(pSourceAssemblyUNSAFE); - - if ((refTargetAssembly == NULL) || (refSourceAssembly == NULL)) - FCThrowRes(kArgumentNullException, W("Arg_InvalidHandle")); - - DomainAssembly *pTargetAssembly = refTargetAssembly->GetDomainAssembly(); - DomainAssembly *pSourceAssembly = refSourceAssembly->GetDomainAssembly(); - - if (pTargetAssembly == pSourceAssembly) - FC_RETURN_BOOL(TRUE); - - BOOL bResult = TRUE; - - HELPER_METHOD_FRAME_BEGIN_RET_2(refSourceAssembly, refTargetAssembly); - { - bResult = ( pTargetAssembly->GetAssembly()->AllowUntrustedCaller() || // target assembly allows untrusted callers unconditionally - pSourceAssembly->GetSecurityDescriptor()->IsFullyTrusted()); - } - HELPER_METHOD_FRAME_END(); - - FC_RETURN_BOOL(bResult); -} -FCIMPLEND -#endif // FEATURE_APTCA void QCALLTYPE ModuleHandle::GetPEKind(QCall::ModuleHandle pModule, DWORD* pdwPEKind, DWORD* pdwMachine) { diff --git a/src/vm/runtimehandles.h b/src/vm/runtimehandles.h index afe1902359..e203bd02ba 100644 --- a/src/vm/runtimehandles.h +++ b/src/vm/runtimehandles.h @@ -462,9 +462,6 @@ public: static FCDECL1(ReflectModuleBaseObject*, GetManifestModule, AssemblyBaseObject *pAssemblyUNSAFE); static FCDECL1(INT32, GetToken, AssemblyBaseObject *pAssemblyUNSAFE); -#ifdef FEATURE_APTCA - static FCDECL2(FC_BOOL_RET, AptcaCheck, AssemblyBaseObject *pTargetAssemblyUNSAFE, AssemblyBaseObject *pSourceAssemblyUNSAFE); -#endif // FEATURE_APTCA }; class SignatureNative; diff --git a/src/vm/security.h b/src/vm/security.h index 3f3cb38c09..9b87d98f28 100644 --- a/src/vm/security.h +++ b/src/vm/security.h @@ -16,9 +16,6 @@ #include "securitydeclarative.h" #include "securitytransparentassembly.h" -#ifdef FEATURE_APTCA -#include "aptca.h" -#endif class IAssemblySecurityDescriptor; class IApplicationSecurityDescriptor; @@ -224,15 +221,6 @@ namespace Security // security enforcement inline BOOL ContainsBuiltinCASPermsOnly(CORSEC_ATTRSET* pAttrSet); -#ifdef FEATURE_APTCA - inline BOOL IsUntrustedCallerCheckNeeded(MethodDesc *pCalleeMD, Assembly *pCallerAssem = NULL) ; - inline void DoUntrustedCallerChecks(Assembly *pCaller, MethodDesc *pCalee, BOOL fFullStackWalk) ; - - inline bool NativeImageHasValidAptcaDependencies(PEImage *pNativeImage, DomainAssembly *pDomainAssembly); - - inline SString GetAptcaKillBitAccessExceptionContext(Assembly *pTargetAssembly); - inline SString GetConditionalAptcaAccessExceptionContext(Assembly *pTargetAssembly); -#endif // FEATURE_APTCA inline bool SecurityCalloutQuickCheck(MethodDesc *pCallerMD); @@ -305,10 +293,6 @@ public: virtual BOOL AllowsLoadsFromRemoteSources() = 0; #endif // FEATURE_CAS_POLICY -#ifdef FEATURE_APTCA - virtual ConditionalAptcaCache *GetConditionalAptcaCache() = 0; - virtual void SetCanonicalConditionalAptcaList(LPCWSTR wszCanonicalConditionalAptcaList) = 0; -#endif // FEATURE_APTCA #endif // !DACCESS_COMPILE }; diff --git a/src/vm/security.inl b/src/vm/security.inl index fe11589787..aa8c57087b 100644 --- a/src/vm/security.inl +++ b/src/vm/security.inl @@ -603,38 +603,6 @@ inline BOOL Security::ContainsBuiltinCASPermsOnly(CORSEC_ATTRSET* pAttrSet) return SecurityAttributes::ContainsBuiltinCASPermsOnly(pAttrSet); } -#ifdef FEATURE_APTCA -inline BOOL Security::IsUntrustedCallerCheckNeeded(MethodDesc *pCalleeMD, Assembly *pCallerAssem) -{ - WRAPPER_NO_CONTRACT; - return SecurityDeclarative::IsUntrustedCallerCheckNeeded(pCalleeMD, pCallerAssem); -} - -inline void Security::DoUntrustedCallerChecks(Assembly *pCaller, MethodDesc *pCalee, BOOL fFullStackWalk) -{ - WRAPPER_NO_CONTRACT; - SecurityDeclarative::DoUntrustedCallerChecks(pCaller, pCalee, fFullStackWalk); -} - -inline bool Security::NativeImageHasValidAptcaDependencies(PEImage *pNativeImage, DomainAssembly *pDomainAssembly) -{ - WRAPPER_NO_CONTRACT; - return ::NativeImageHasValidAptcaDependencies(pNativeImage, pDomainAssembly); -} - -inline SString Security::GetAptcaKillBitAccessExceptionContext(Assembly *pTargetAssembly) -{ - WRAPPER_NO_CONTRACT; - return ::GetAptcaKillBitAccessExceptionContext(pTargetAssembly); -} - -inline SString Security::GetConditionalAptcaAccessExceptionContext(Assembly *pTargetAssembly) -{ - WRAPPER_NO_CONTRACT; - return ::GetConditionalAptcaAccessExceptionContext(pTargetAssembly); -} - -#endif // FEATURE_APTCA inline bool Security::SecurityCalloutQuickCheck(MethodDesc *pCallerMD) { @@ -646,12 +614,6 @@ inline bool Security::CanShareAssembly(DomainAssembly *pAssembly) { WRAPPER_NO_CONTRACT; -#ifdef FEATURE_APTCA - if (!DomainCanShareAptcaAssembly(pAssembly)) - { - return false; - } -#endif // FEATURE_APTCA return true; } diff --git a/src/vm/securitydeclarative.cpp b/src/vm/securitydeclarative.cpp index 10abd5500b..0cff572d42 100644 --- a/src/vm/securitydeclarative.cpp +++ b/src/vm/securitydeclarative.cpp @@ -605,35 +605,6 @@ void SecurityDeclarative::MethodInheritanceCheck(MethodDesc *pMethod, MethodDesc // //----------------------------------------------------------------------------- -#ifdef FEATURE_APTCA -void DECLSPEC_NORETURN SecurityDeclarative::ThrowAPTCAException(Assembly *pCaller, MethodDesc *pCallee) -{ - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - INJECT_FAULT(COMPlusThrowOM();); - } CONTRACTL_END; - - MethodDescCallSite throwSecurityException(METHOD__SECURITY_ENGINE__THROW_SECURITY_EXCEPTION); - - OBJECTREF callerObj = NULL; - if (pCaller != NULL && pCaller->GetDomain() == GetAppDomain()) - callerObj = pCaller->GetExposedObject(); - - ARG_SLOT args[7]; - args[0] = ObjToArgSlot(callerObj); - args[1] = ObjToArgSlot(NULL); - args[2] = ObjToArgSlot(NULL); - args[3] = PtrToArgSlot(pCallee); - args[4] = (ARG_SLOT)dclLinktimeCheck; - args[5] = ObjToArgSlot(NULL); - args[6] = ObjToArgSlot(NULL); - throwSecurityException.Call(args); - - UNREACHABLE(); -} -#endif // FEATURE_APTCA #ifdef FEATURE_CAS_POLICY void DECLSPEC_NORETURN SecurityDeclarative::ThrowHPException(EApiCategories protectedCategories, EApiCategories demandedCategories) @@ -667,113 +638,8 @@ void DECLSPEC_NORETURN SecurityDeclarative::ThrowHPException(EApiCategories prot } #endif // FEATURE_CAS_POLICY -#ifdef FEATURE_APTCA -BOOL SecurityDeclarative::IsUntrustedCallerCheckNeeded(MethodDesc *pCalleeMD, Assembly *pCallerAssem) -{ - CONTRACTL - { - THROWS; - GC_TRIGGERS; - MODE_ANY; - } - CONTRACTL_END; - - Assembly *pCalleeAssembly = pCalleeMD->GetAssembly(); - _ASSERTE(pCalleeAssembly != NULL); - - // ATPCA is only enforced for cross-assembly calls, so if the target is not accessable from outside - // the assembly, or if the caller and callee are both within the same assembly, we do not need to - // do any APTCA checks - if (pCallerAssem == pCalleeAssembly) - { - return FALSE; - } - - if (!MethodIsVisibleOutsideItsAssembly(pCalleeMD)) - { - return FALSE; - } - - // If the target assembly allows untrusted callers unconditionally, then the call should be allowed - if (pCalleeAssembly->AllowUntrustedCaller()) - { - return FALSE; - } - - // Otherwise, we need to ensure the caller is fully trusted - return TRUE; -} -#endif // FEATURE_APTCA - - -#ifdef FEATURE_APTCA -// Do a fulltrust check on the caller if the callee is fully trusted and -// callee did not enable AllowUntrustedCallerChecks -/*static*/ -void SecurityDeclarative::DoUntrustedCallerChecks( - Assembly *pCaller, MethodDesc *pCallee, - BOOL fFullStackWalk) -{ - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - INJECT_FAULT(COMPlusThrowOM();); - } CONTRACTL_END; - - BOOL fRet = TRUE; - -#ifdef _DEBUG - if (!g_pConfig->Do_AllowUntrustedCaller_Checks()) - return; -#endif - - if (!IsUntrustedCallerCheckNeeded(pCallee, pCaller)) - return; - // Expensive calls after this point, this could end up resolving policy - - if (fFullStackWalk) - { - // It is possible that wrappers like VBHelper libraries that are - // fully trusted, make calls to public methods that do not have - // safe for Untrusted caller custom attribute set. - // Like all other link demand that gets transformed to a full stack - // walk for reflection, calls to public methods also gets - // converted to full stack walk - - OBJECTREF permSet = NULL; - GCPROTECT_BEGIN(permSet); - - GetPermissionInstance(&permSet, SECURITY_FULL_TRUST); - EX_TRY - { - SecurityStackWalk::DemandSet(SSWT_LATEBOUND_LINKDEMAND, permSet); - } - EX_CATCH - { - fRet = FALSE; - } - EX_END_CATCH(RethrowTerminalExceptions); - - GCPROTECT_END(); - } - else - { - _ASSERTE(pCaller); - - // Link Demand only, no full stack walk here - if (!pCaller->GetSecurityDescriptor()->IsFullyTrusted()) - fRet = FALSE; - } - - if (!fRet) - { - ThrowAPTCAException(pCaller, pCallee); - } -} -#endif // FEATURE_APTCA // Retrieve all linktime demands sets for a method. This includes both CAS and // non-CAS sets for LDs at the class and the method level, so we could get up to @@ -1135,12 +1001,6 @@ void SecurityDeclarative::CheckLinkDemandAgainstAppDomain(MethodDesc *pMD) GCPROTECT_BEGIN(gc); -#ifdef FEATURE_APTCA - // Do a fulltrust check on the caller if the callee did not enable - // AllowUntrustedCallerChecks. Pass a NULL caller assembly: - // DoUntrustedCallerChecks needs to be able to cope with this. - SecurityDeclarative::DoUntrustedCallerChecks(NULL, pMD, TRUE); -#endif // FEATURE_APTCA // Fetch link demand sets from all the places in metadata where we might // find them (class and method). These might be split into CAS and non-CAS diff --git a/src/vm/securitydeclarative.h b/src/vm/securitydeclarative.h index 151d094e97..f2b6b1fecd 100644 --- a/src/vm/securitydeclarative.h +++ b/src/vm/securitydeclarative.h @@ -126,20 +126,6 @@ namespace SecurityDeclarative inline BOOL FullTrustCheckForLinkOrInheritanceDemand(Assembly *pAssembly); -#ifdef FEATURE_APTCA - // Returns TRUE if an APTCA check is necessary - // Callers: - // CanAccess - BOOL IsUntrustedCallerCheckNeeded(MethodDesc *pCalleeMD, Assembly *pCallerAssem = NULL); - - // Perform the APTCA check - // Callers: - // CanAccess - // Security::CheckLinkDemandAgainstAppDomain - void DoUntrustedCallerChecks( - Assembly *pCaller, MethodDesc *pCalee, - BOOL fFullStackWalk); -#endif // FEATURE_APTCA #ifndef DACCESS_COMPILE // Calls PermissionSet.Demand @@ -166,12 +152,6 @@ namespace SecurityDeclarative inline BOOL ClassIsVisibleOutsideItsAssembly(DWORD dwClassAttr, BOOL fIsGlobalClass); -#ifdef FEATURE_APTCA - // Returns an instance of a SecurityException with the message "This method doesn't allow partially trusted callers" - // Callers: - // DoUntrustedCallerChecks - void DECLSPEC_NORETURN ThrowAPTCAException(Assembly *pCaller, MethodDesc *pCallee); -#endif // FEATURE_APTCA #ifdef FEATURE_CAS_POLICY void DECLSPEC_NORETURN ThrowHPException(EApiCategories protectedCategories, EApiCategories demandedCategories); #endif // FEATURE_CAS_POLICY diff --git a/src/vm/securitydescriptorappdomain.cpp b/src/vm/securitydescriptorappdomain.cpp index fecb6a5d3f..a09276bf20 100644 --- a/src/vm/securitydescriptorappdomain.cpp +++ b/src/vm/securitydescriptorappdomain.cpp @@ -355,19 +355,6 @@ BOOL ApplicationSecurityDescriptor::DomainMayContainPartialTrustCode() return !m_fHomogeneous || !IsFullyTrusted(); } -#ifdef FEATURE_APTCA -ConditionalAptcaCache *ApplicationSecurityDescriptor::GetConditionalAptcaCache() -{ - LIMITED_METHOD_CONTRACT; - return m_pConditionalAptcaCache; -} - -void ApplicationSecurityDescriptor::SetCanonicalConditionalAptcaList(LPCWSTR wszCanonicalConditionalAptcaList) -{ - WRAPPER_NO_CONTRACT; - return this->GetConditionalAptcaCache()->SetCanonicalConditionalAptcaList(wszCanonicalConditionalAptcaList); -} -#endif // FEATURE_APTCA #endif // !DACCESS_COMPILE diff --git a/src/vm/securitydescriptorappdomain.h b/src/vm/securitydescriptorappdomain.h index ff5bbda616..b3f862b69d 100644 --- a/src/vm/securitydescriptorappdomain.h +++ b/src/vm/securitydescriptorappdomain.h @@ -86,9 +86,6 @@ private: BOOL m_fPreResolutionFullTrust; // Was the domain pre-resolved to be full trust BOOL m_fPreResolutionHomogeneous; // Was the domain pre-resolved to be homogenous -#ifdef FEATURE_APTCA - ConditionalAptcaCache* m_pConditionalAptcaCache; // Cache of known conditional APTCA assemblies in this domain -#endif // FEATURE_APTCA #ifndef DACCESS_COMPILE public: @@ -100,9 +97,6 @@ public: //-------------------- // Destructor //-------------------- -#ifdef FEATURE_APTCA // The destructor only deletes the ConditionalAptcaCache - inline ~ApplicationSecurityDescriptor(); -#endif // FEATURE_APTCA public: // Indicates whether the initialization phase is in progress. @@ -174,10 +168,6 @@ public: BOOL QuickIsFullyTrusted(); -#ifdef FEATURE_APTCA - virtual ConditionalAptcaCache *GetConditionalAptcaCache(); - virtual void SetCanonicalConditionalAptcaList(LPCWSTR wszCanonicalConditionalAptcaList); -#endif // FEATURE_APTCA #endif // #ifndef DACCESS_COMPILE }; diff --git a/src/vm/securitydescriptorappdomain.inl b/src/vm/securitydescriptorappdomain.inl index fdb8b3faef..13fccf3b79 100644 --- a/src/vm/securitydescriptorappdomain.inl +++ b/src/vm/securitydescriptorappdomain.inl @@ -29,9 +29,6 @@ inline ApplicationSecurityDescriptor::ApplicationSecurityDescriptor(AppDomain *p m_fIsPreResolved(FALSE), m_fPreResolutionFullTrust(FALSE), m_fPreResolutionHomogeneous(FALSE) -#ifdef FEATURE_APTCA - ,m_pConditionalAptcaCache(new ConditionalAptcaCache(pAppDomain)) -#endif // FEATURE_APTCA { CONTRACTL { @@ -45,20 +42,6 @@ inline ApplicationSecurityDescriptor::ApplicationSecurityDescriptor(AppDomain *p return; } -#ifdef FEATURE_APTCA -inline ApplicationSecurityDescriptor::~ApplicationSecurityDescriptor() -{ - CONTRACTL - { - NOTHROW; - MODE_ANY; - GC_TRIGGERS; - } - CONTRACTL_END; - - delete m_pConditionalAptcaCache; -} -#endif // FEATURE_APTCA inline void ApplicationSecurityDescriptor::ResetInitializationInProgress() { diff --git a/src/vm/securitydescriptorassembly.h b/src/vm/securitydescriptorassembly.h index 4ba65eb11d..1db30bb13e 100644 --- a/src/vm/securitydescriptorassembly.h +++ b/src/vm/securitydescriptorassembly.h @@ -141,12 +141,6 @@ private: inline void SetSignatureLoaded(); #endif -#ifdef FEATURE_APTCA - // If you think you need to call this method, you're probably wrong. We shouldn't be making any - // security enforcement decisions based upon this result -- it's strictly for ensuring that we load - // conditional APTCA assemblies correctly. - inline BOOL IsConditionalAptca(); -#endif // FEATURE_APTCA #endif // #ifndef DACCESS_COMPILE }; diff --git a/src/vm/securitydescriptorassembly.inl b/src/vm/securitydescriptorassembly.inl index 44b49a32c9..b923100b0a 100644 --- a/src/vm/securitydescriptorassembly.inl +++ b/src/vm/securitydescriptorassembly.inl @@ -57,16 +57,6 @@ inline void AssemblySecurityDescriptor::SetSignatureLoaded() #endif // FEATURE_CAS_POLICY -#ifdef FEATURE_APTCA - -inline BOOL AssemblySecurityDescriptor::IsConditionalAptca() -{ - WRAPPER_NO_CONTRACT; - ModuleSecurityDescriptor *pMSD = ModuleSecurityDescriptor::GetModuleSecurityDescriptor(m_pAssem->GetAssembly()); - return (pMSD->GetTokenFlags() & TokenSecurityDescriptorFlags_ConditionalAPTCA) == TokenSecurityDescriptorFlags_ConditionalAPTCA; -} - -#endif // FEATURE_APTCA #endif // !DACCESS_COMPILE diff --git a/src/vm/securitymeta.cpp b/src/vm/securitymeta.cpp index cc2f10a477..3101416bae 100644 --- a/src/vm/securitymeta.cpp +++ b/src/vm/securitymeta.cpp @@ -1583,12 +1583,6 @@ void ModuleSecurityDescriptor::VerifyDataComputed() // choosing. TokenSecurityDescriptorFlags tokenFlags = GetTokenFlags(); -#ifdef FEATURE_APTCA - // We need to post-process the APTCA bits on the token security descriptor to handle: - // 1. Conditional APTCA assemblies, which should appear as either APTCA-enabled or APTCA-disabled - // 2. APTCA killbitted assemblies, which should appear as APTCA-disabled - tokenFlags = ProcessAssemblyAptcaFlags(pAssembly->GetDomainAssembly(), tokenFlags); -#endif // FEATURE_APTCA #ifndef FEATURE_CORECLR // Make sure we understand the security rule set being asked for @@ -1691,14 +1685,6 @@ void ModuleSecurityDescriptor::VerifyDataComputed() } } -#ifdef FEATURE_APTCA - // If the security model implies that unsigned assemblies are APTCA, then check to see if we're unsigned - // and set the APTCA bit. - if (pTransparencyBehavior->DoesUnsignedImplyAPTCA() && !pAssembly->IsStrongNamed()) - { - moduleFlags |= ModuleSecurityDescriptorFlags_IsAPTCA; - } -#endif // FEATURE_APTCA #ifdef _DEBUG // If we're being forced to generate native code for this assembly which can be used in a partial trust diff --git a/src/vm/securitymeta.h b/src/vm/securitymeta.h index dae8f733e9..d2e3743cbe 100644 --- a/src/vm/securitymeta.h +++ b/src/vm/securitymeta.h @@ -158,10 +158,6 @@ inline SecurityRuleSet GetSecurityRuleSet(TokenSecurityDescriptorFlags flags); // Encode a security rule set into token flags - this reverses GetSecurityRuleSet inline TokenSecurityDescriptorFlags EncodeSecurityRuleSet(SecurityRuleSet ruleSet); -#ifdef FEATURE_APTCA -TokenSecurityDescriptorFlags ParseAptcaAttribute(const BYTE *pbAptcaBlob, - DWORD cbAptcaBlob); -#endif // FEATURE_APTCA TokenSecurityDescriptorFlags ParseSecurityRulesAttribute(const BYTE *pbSecurityRulesBlob, DWORD cbSecurityRulesBlob); @@ -575,9 +571,6 @@ inline ModuleSecurityDescriptorFlags operator&=(ModuleSecurityDescriptorFlags& l inline ModuleSecurityDescriptorFlags operator~(ModuleSecurityDescriptorFlags flags); -#ifdef FEATURE_APTCA -BOOL CheckAssemblyHasBeenKillBitted(LPASSEMBLYNAME pAssemblyName, ULARGE_INTEGER uliFileVersion); -#endif // Module security descriptor, this class contains static security information about the module // this information will get persisted in the NGen image diff --git a/src/vm/securitymeta.inl b/src/vm/securitymeta.inl index adb6faa5ac..6eb488d78c 100644 --- a/src/vm/securitymeta.inl +++ b/src/vm/securitymeta.inl @@ -1112,7 +1112,7 @@ inline BOOL ModuleSecurityDescriptor::CanTransparentCodeSkipVerification() #endif // !FEATURE_CORECLR -#if defined(FEATURE_APTCA) || defined(FEATURE_CORESYSTEM) +#if defined(FEATURE_CORESYSTEM) inline BOOL ModuleSecurityDescriptor::IsAPTCA() { WRAPPER_NO_CONTRACT; diff --git a/src/vm/securitystackwalk.h b/src/vm/securitystackwalk.h index aa6c1c1e6a..a4ee28afdf 100644 --- a/src/vm/securitystackwalk.h +++ b/src/vm/securitystackwalk.h @@ -169,9 +169,6 @@ public: // Callers: // CanAccess (ReflectionInvocation) // ReflectionSerialization::GetSafeUninitializedObject -#ifdef FEATURE_APTCA - // SecurityDeclarative::DoUntrustedCallerChecks -#endif // FEATURE_APTCA static void DemandSet(SecurityStackWalkType eType, OBJECTREF demand); // Native version of PermissionSet.Demand() that delays instantiating the PermissionSet object diff --git a/src/vm/securitytransparentassembly.cpp b/src/vm/securitytransparentassembly.cpp index 3f3bef6479..f798df159f 100644 --- a/src/vm/securitytransparentassembly.cpp +++ b/src/vm/securitytransparentassembly.cpp @@ -812,44 +812,6 @@ static void ConvertLinkDemandToFullDemand(MethodDesc* pCallerMD, MethodDesc* pCa &gc.refMethodCasDemands, &gc.refMethodNonCasDemands); -#ifdef FEATURE_APTCA - BOOL fCallerIsAPTCA = pCallerMD->GetAssembly()->AllowUntrustedCaller(); - - if ((linktimeCheckReason & LinktimeCheckReason_AptcaCheck)) - { - if (fCallerIsAPTCA && - Security::IsUntrustedCallerCheckNeeded(pCalleeMD, pCallerMD->GetAssembly())) - { -#ifdef _DEBUG - if (g_pConfig->LogTransparencyErrors()) - { - SecurityTransparent::LogTransparencyError(pCallerMD, "Transparent method calling an APTCA protected assembly", pCalleeMD); - } - if (!g_pConfig->DisableTransparencyEnforcement()) -#endif // _DEBUG - { - // Depending on the transparency model, we need to either fail the attempt to call a method - // protected with the APTCA link demand, or conver it to a full demand. Note that we need to - // upgrade to a full demand if either the caller of callee are in v2 mode, the APTCA check is - // conceptually a link demand, and for link demands we do the conversion if either assembly is - // using the v2 rules. - if (pCallerMD->GetAssembly()->GetSecurityTransparencyBehavior()->CanTransparentCodeCallLinkDemandMethods() || - pCalleeMD->GetAssembly()->GetSecurityTransparencyBehavior()->CanTransparentCodeCallLinkDemandMethods()) - { - OBJECTREF permSet = NULL; - GCPROTECT_BEGIN(permSet); - Security::GetPermissionInstance(&permSet, SECURITY_FULL_TRUST); - Security::DemandSet(SSWT_LATEBOUND_LINKDEMAND, permSet); - GCPROTECT_END(); - } - else - { - ::ThrowMethodAccessException(pCallerMD, pCalleeMD, FALSE, IDS_E_TRANSPARENT_CALL_LINKDEMAND); - } - } - } - } -#endif // FEATURE_APTCA // The following logic turns link demands on the target method into full stack walks @@ -905,15 +867,6 @@ static void ConvertLinkDemandToFullDemand(MethodDesc* pCallerMD, MethodDesc* pCa if (pCallerMD->GetAssembly()->GetSecurityTransparencyBehavior()->CanTransparentCodeCallUnmanagedCode()) { -#ifdef FEATURE_APTCA - if (fCallerIsAPTCA) - { - // if the caller assembly is APTCA, then only inject this demand, for NON-APTCA we will allow - // calls to native code - // NOTE: the JIT would have already performed the LinkDemand for this anyways - Security::SpecialDemand(SSWT_LATEBOUND_LINKDEMAND, SECURITY_UNMANAGED_CODE); - } -#endif // FEATURE_APTCA } else { |