summaryrefslogtreecommitdiff
path: root/src/mscorlib/src/System/Security/SecurityManager.cs
diff options
context:
space:
mode:
authorJiyoung Yun <jy910.yun@samsung.com>2016-12-27 16:46:08 +0900
committerJiyoung Yun <jy910.yun@samsung.com>2016-12-27 16:46:08 +0900
commitdb20f3f1bb8595633a7e16c8900fd401a453a6b5 (patch)
treee5435159cd1bf0519276363a6fe1663d1721bed3 /src/mscorlib/src/System/Security/SecurityManager.cs
parent4b4aad7217d3292650e77eec2cf4c198ea9c3b4b (diff)
downloadcoreclr-db20f3f1bb8595633a7e16c8900fd401a453a6b5.tar.gz
coreclr-db20f3f1bb8595633a7e16c8900fd401a453a6b5.tar.bz2
coreclr-db20f3f1bb8595633a7e16c8900fd401a453a6b5.zip
Imported Upstream version 1.0.0.9127upstream/1.0.0.9127
Diffstat (limited to 'src/mscorlib/src/System/Security/SecurityManager.cs')
-rw-r--r--src/mscorlib/src/System/Security/SecurityManager.cs524
1 files changed, 5 insertions, 519 deletions
diff --git a/src/mscorlib/src/System/Security/SecurityManager.cs b/src/mscorlib/src/System/Security/SecurityManager.cs
index 5c46dfcbfc..933fe0be3d 100644
--- a/src/mscorlib/src/System/Security/SecurityManager.cs
+++ b/src/mscorlib/src/System/Security/SecurityManager.cs
@@ -2,32 +2,17 @@
// The .NET Foundation licenses this file to you under the MIT license.
// See the LICENSE file in the project root for more information.
-//
-
-//
//
// The SecurityManager class provides a general purpose API for interacting
// with the security system.
//
-namespace System.Security {
+namespace System.Security
+{
using System;
- using System.Security.Util;
- using System.Security.Policy;
using System.Security.Permissions;
- using System.Collections;
using System.Runtime.InteropServices;
using System.Runtime.CompilerServices;
-#if FEATURE_CLICKONCE
- using System.Runtime.Hosting;
-#endif // FEATURE_CLICKONCE
- using System.Text;
- using System.Threading;
- using System.Reflection;
- using System.IO;
- using System.Globalization;
- using System.Runtime.Versioning;
- using System.Diagnostics.Contracts;
[Serializable]
[System.Runtime.InteropServices.ComVisible(true)]
@@ -40,504 +25,8 @@ namespace System.Security {
}
[System.Runtime.InteropServices.ComVisible(true)]
- static public class SecurityManager {
-#if FEATURE_CAS_POLICY
- private static volatile SecurityPermission executionSecurityPermission = null;
-
- private static PolicyManager polmgr = new PolicyManager();
- internal static PolicyManager PolicyManager {
- get {
- return polmgr;
- }
- }
-
- //
- // Public APIs
- //
- [System.Security.SecuritySafeCritical] // auto-generated
- [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable
- [Obsolete("IsGranted is obsolete and will be removed in a future release of the .NET Framework. Please use the PermissionSet property of either AppDomain or Assembly instead.")]
- public static bool IsGranted( IPermission perm )
- {
- if (perm == null)
- return true;
-
- PermissionSet granted = null, denied = null;
- StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller;
- GetGrantedPermissions( JitHelpers.GetObjectHandleOnStack(ref granted),
- JitHelpers.GetObjectHandleOnStack(ref denied),
- JitHelpers.GetStackCrawlMarkHandle(ref stackMark) );
- return granted.Contains( perm ) && (denied == null || !denied.Contains( perm ));
- }
-
- // Get a sandbox permission set that the CLR considers safe to grant an application with the given
- // evidence. Note that this API is not a policy API, but rather a host helper API so that a host can
- // determine if an application's requested permission set is reasonable. This is esentially just a
- // hard coded mapping of Zone -> Sandbox and is not configurable in any way.
- public static PermissionSet GetStandardSandbox(Evidence evidence)
- {
- if (evidence == null)
- throw new ArgumentNullException("evidence");
- Contract.EndContractBlock();
-
- //
- // The top-level switch for grant set is based upon Zone
- // MyComputer -> FullTrust
- // Intranet -> LocalIntranet
- // Trusted -> Internet
- // Internet -> Internet
- // All else -> Nothing
- //
- // Both the Internet and LocalIntranet zones can have permission set extensions applied to them
- // if there is Activation.
- //
-
- Zone zone = evidence.GetHostEvidence<Zone>();
- if (zone == null)
- {
- return new PermissionSet(PermissionState.None);
- }
-#if FEATURE_CAS_POLICY
- else if (zone.SecurityZone == SecurityZone.MyComputer)
- {
- return new PermissionSet(PermissionState.Unrestricted);
- }
- else if (zone.SecurityZone == SecurityZone.Intranet)
- {
- PermissionSet intranetGrantSet = BuiltInPermissionSets.LocalIntranet;
-
- // We also need to add in same site web and file IO permission
- PolicyStatement webPolicy =
- new NetCodeGroup(new AllMembershipCondition()).Resolve(evidence);
- PolicyStatement filePolicy =
- new FileCodeGroup(new AllMembershipCondition(), FileIOPermissionAccess.Read | FileIOPermissionAccess.PathDiscovery).Resolve(evidence);
-
- if (webPolicy != null)
- {
- intranetGrantSet.InplaceUnion(webPolicy.PermissionSet);
- }
- if (filePolicy != null)
- {
- intranetGrantSet.InplaceUnion(filePolicy.PermissionSet);
- }
-
- return intranetGrantSet;
- }
- else if (zone.SecurityZone == SecurityZone.Internet ||
- zone.SecurityZone == SecurityZone.Trusted)
- {
- PermissionSet internetGrantSet = BuiltInPermissionSets.Internet;
-
- // We also need to add in same site web permission
- PolicyStatement webPolicy =
- new NetCodeGroup(new AllMembershipCondition()).Resolve(evidence);
-
- if (webPolicy != null)
- {
- internetGrantSet.InplaceUnion(webPolicy.PermissionSet);
- }
-
- return internetGrantSet;
- }
-#endif // FEATURE_CAS_POLICY
- else
- {
- return new PermissionSet(PermissionState.None);
- }
- }
-
- /// <internalonly/>
- [System.Security.SecurityCritical] // auto-generated_required
- [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable
- static public void GetZoneAndOrigin( out ArrayList zone, out ArrayList origin )
- {
- StackCrawlMark mark = StackCrawlMark.LookForMyCaller;
- CodeAccessSecurityEngine.GetZoneAndOrigin( ref mark, out zone, out origin );
- }
- [System.Security.SecuritySafeCritical] // auto-generated
- [SecurityPermissionAttribute( SecurityAction.Demand, Flags = SecurityPermissionFlag.ControlPolicy )]
- [Obsolete("This method is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")]
- static public PolicyLevel LoadPolicyLevelFromFile(string path, PolicyLevelType type)
- {
- if (path == null)
- throw new ArgumentNullException( "path" );
- Contract.EndContractBlock();
-
- if (!AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled)
- {
- throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyExplicit"));
- }
-
- // We need to retain V1.x compatibility by throwing the same exception type.
- if (!File.InternalExists(path))
- throw new ArgumentException( Environment.GetResourceString("Argument_PolicyFileDoesNotExist"));
-
- String fullPath = Path.GetFullPath( path );
-
- FileIOPermission perm = new FileIOPermission( PermissionState.None );
- perm.AddPathList( FileIOPermissionAccess.Read, fullPath );
- perm.AddPathList( FileIOPermissionAccess.Write, fullPath );
- perm.Demand();
-
- using (FileStream stream = new FileStream(path, FileMode.Open, FileAccess.Read)) {
- using (StreamReader reader = new StreamReader(stream)) {
- return LoadPolicyLevelFromStringHelper(reader.ReadToEnd(), path, type);
- }
- }
- }
-
- [System.Security.SecuritySafeCritical] // auto-generated
- [SecurityPermissionAttribute( SecurityAction.Demand, Flags = SecurityPermissionFlag.ControlPolicy )]
- [Obsolete("This method is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")]
- static public PolicyLevel LoadPolicyLevelFromString(string str, PolicyLevelType type)
- {
- return LoadPolicyLevelFromStringHelper(str, null, type);
- }
-
- private static PolicyLevel LoadPolicyLevelFromStringHelper (string str, string path, PolicyLevelType type)
- {
- if (str == null)
- throw new ArgumentNullException( "str" );
- Contract.EndContractBlock();
-
- PolicyLevel level = new PolicyLevel(type, path);
-
- Parser parser = new Parser( str );
- SecurityElement elRoot = parser.GetTopElement();
- if (elRoot == null)
- throw new ArgumentException( String.Format( CultureInfo.CurrentCulture, Environment.GetResourceString( "Policy_BadXml" ), "configuration" ) );
-
- SecurityElement elMscorlib = elRoot.SearchForChildByTag( "mscorlib" );
- if (elMscorlib == null)
- throw new ArgumentException( String.Format( CultureInfo.CurrentCulture, Environment.GetResourceString( "Policy_BadXml" ), "mscorlib" ) );
-
- SecurityElement elSecurity = elMscorlib.SearchForChildByTag( "security" );
- if (elSecurity == null)
- throw new ArgumentException( String.Format( CultureInfo.CurrentCulture, Environment.GetResourceString( "Policy_BadXml" ), "security" ) );
-
- SecurityElement elPolicy = elSecurity.SearchForChildByTag( "policy" );
- if (elPolicy == null)
- throw new ArgumentException( String.Format( CultureInfo.CurrentCulture, Environment.GetResourceString( "Policy_BadXml" ), "policy" ) );
-
- SecurityElement elPolicyLevel = elPolicy.SearchForChildByTag( "PolicyLevel" );
- if (elPolicyLevel != null)
- level.FromXml( elPolicyLevel );
- else
- throw new ArgumentException( String.Format( CultureInfo.CurrentCulture, Environment.GetResourceString( "Policy_BadXml" ), "PolicyLevel" ) );
-
- return level;
- }
-
- [System.Security.SecuritySafeCritical] // auto-generated
- [SecurityPermissionAttribute( SecurityAction.Demand, Flags = SecurityPermissionFlag.ControlPolicy )]
- [Obsolete("This method is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")]
- static public void SavePolicyLevel( PolicyLevel level )
- {
- if (!AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled)
- {
- throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyExplicit"));
- }
-
- PolicyManager.EncodeLevel( level );
- }
-
- [System.Security.SecuritySafeCritical] // auto-generated
- [Obsolete("This method is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")]
- static public PermissionSet ResolvePolicy(Evidence evidence,
- PermissionSet reqdPset,
- PermissionSet optPset,
- PermissionSet denyPset,
- out PermissionSet denied)
- {
- if (!AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled)
- {
- throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyExplicit"));
- }
-
- return ResolvePolicy(evidence, reqdPset, optPset, denyPset, out denied, true);
- }
-
- [System.Security.SecuritySafeCritical] // auto-generated
- [Obsolete("This method is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")]
- static public PermissionSet ResolvePolicy(Evidence evidence)
- {
- if (!AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled)
- {
- throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyExplicit"));
- }
-
- // If we aren't passed any evidence, just make an empty object
- if (evidence == null)
- {
- evidence = new Evidence();
- }
-
- return polmgr.Resolve(evidence);
- }
-
- [Obsolete("This method is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")]
- static public PermissionSet ResolvePolicy( Evidence[] evidences )
- {
- if (!AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled)
- {
- throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyExplicit"));
- }
-
- if (evidences == null || evidences.Length == 0)
- evidences = new Evidence[] { null };
-
- PermissionSet retval = ResolvePolicy( evidences[0] );
- if (retval == null)
- return null;
-
- for (int i = 1; i < evidences.Length; ++i)
- {
- retval = retval.Intersect( ResolvePolicy( evidences[i] ) );
- if (retval == null || retval.IsEmpty())
- return retval;
- }
-
- return retval;
- }
-
-#if FEATURE_CAS_POLICY
- // Determine if the current thread would require a security context capture if the security state of
- // the thread needs to be re-created at a later point in time. This can be used, for instance, if
- // sensitive data is being obtained after security demands succeed, and that data is to be cached.
- // If there is an Assert up the stack, then we wouldn't want to cache the data without capturing the
- // corresponding security context to go along with it - otherwise we risk leaking data obtained
- // under an assert to code which may no longer be running with that assert in place.
- //
- // A return value of false indicates that the CLR guarantees all of the following conditions are true:
- // 1. No partial trust AppDomains are on the stack
- // 2. No partial trust assemblies are on the stack
- // 3. There are no currently active PermitOnly or Deny modifiers on the stack
- //
- // A return value of true means only that the CLR cannot guarantee that all of the conditions are
- // true, and not that one of the conditions really is false.
- //
- // IMPORTANT: The above means is only reliable in the false return case. If we say that the thread
- // does not require a context capture, then that answer is guaranteed to be correct. However, we may
- // say that the thread does require a capture when it does not actually strictly need to capture the
- // state. This is fine, as being overly conservative when capturing context will not lead to
- // security holes; being overly agresssive in avoding the capture could lead to holes however.
- //
- // This API is SecurityCritical because its main use is to optimize away unnecessary security
- // context captures, which means that the code using it is security sensitive and needs to be audited.
- [SecurityCritical]
- public static bool CurrentThreadRequiresSecurityContextCapture()
- {
- // If we know that the thread is not made up of entirely full trust code, and that there are no
- // security stack modifiers on the thread, then there is no need to capture a security context.
- return !CodeAccessSecurityEngine.QuickCheckForAllDemands();
- }
-#endif // FEATURE_CAS_POLICY
-
- //
- // This method resolves the policy for the specified evidence, but it
- // ignores the AppDomain level even when one is available in the current policy.
- //
-
- [System.Security.SecuritySafeCritical] // auto-generated
- [Obsolete("This method is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")]
- public static PermissionSet ResolveSystemPolicy (Evidence evidence)
- {
- if (!AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled)
- {
- throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyExplicit"));
- }
-
- if (PolicyManager.IsGacAssembly(evidence))
- {
- return new PermissionSet(PermissionState.Unrestricted);
- }
-
- return polmgr.CodeGroupResolve(evidence, true);
- }
-
- [System.Security.SecuritySafeCritical] // auto-generated
- [Obsolete("This method is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")]
- static public IEnumerator ResolvePolicyGroups(Evidence evidence)
- {
- if (!AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled)
- {
- throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyExplicit"));
- }
-
- return polmgr.ResolveCodeGroups(evidence);
- }
-
- [System.Security.SecuritySafeCritical] // auto-generated
- [Obsolete("This method is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")]
- public static IEnumerator PolicyHierarchy()
- {
- if (!AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled)
- {
- throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyExplicit"));
- }
-
- return polmgr.PolicyHierarchy();
- }
-
- [System.Security.SecuritySafeCritical] // auto-generated
- [SecurityPermissionAttribute( SecurityAction.Demand, Flags = SecurityPermissionFlag.ControlPolicy )]
- [Obsolete("This method is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")]
- public static void SavePolicy()
- {
- if (!AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled)
- {
- throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyExplicit"));
- }
-
- polmgr.Save();
- }
-
-
- [System.Security.SecurityCritical] // auto-generated
- private static PermissionSet ResolveCasPolicy(Evidence evidence,
- PermissionSet reqdPset,
- PermissionSet optPset,
- PermissionSet denyPset,
- out PermissionSet denied,
- out int securitySpecialFlags,
- bool checkExecutionPermission)
- {
- Contract.Assert(AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled);
-
- CodeAccessPermission.Assert(true);
-
- PermissionSet granted = ResolvePolicy(evidence,
- reqdPset,
- optPset,
- denyPset,
- out denied,
- checkExecutionPermission);
-
- securitySpecialFlags = SecurityManager.GetSpecialFlags(granted, denied);
- return granted;
- }
-
- [System.Security.SecurityCritical] // auto-generated
- static private PermissionSet ResolvePolicy(Evidence evidence,
- PermissionSet reqdPset,
- PermissionSet optPset,
- PermissionSet denyPset,
- out PermissionSet denied,
- bool checkExecutionPermission)
- {
- Contract.Assert(AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled);
-
- if (executionSecurityPermission == null)
- executionSecurityPermission = new SecurityPermission(SecurityPermissionFlag.Execution);
-
- PermissionSet requested = null;
- PermissionSet optional;
- PermissionSet allowed;
-
- Exception savedException = null;
-
- // We don't want to recurse back into here as a result of a
- // stackwalk during resolution. So simply assert full trust (this
- // implies that custom permissions cannot use any permissions that
- // don't implement IUnrestrictedPermission.
- // PermissionSet.s_fullTrust.Assert();
-
- // The requested set is the union of the minimal request and the
- // optional request. Minimal request defaults to empty, optional
- // is "AllPossible" (includes any permission that can be defined)
- // which is symbolized by null.
- optional = optPset;
-
- if (reqdPset == null)
- requested = optional;
- else
- // If optional is null, the requested set becomes null/"AllPossible".
- requested = optional == null ? null : reqdPset.Union(optional);
-
- // Make sure that the right to execute is requested (if this feature is
- // enabled).
-
- if (requested != null && !requested.IsUnrestricted())
- requested.AddPermission( executionSecurityPermission );
-
- // If we aren't passed any evidence, just make an empty object
- if (evidence == null)
- {
- evidence = new Evidence();
- }
-
- allowed = polmgr.Resolve(evidence);
- // Intersect the grant with the RequestOptional
- if (requested != null)
- allowed.InplaceIntersect(requested);
-
- // Check that we were granted the right to execute.
- if (checkExecutionPermission)
- {
- if (!allowed.Contains(executionSecurityPermission) ||
- (denyPset != null && denyPset.Contains(executionSecurityPermission)))
- {
- throw new PolicyException(Environment.GetResourceString("Policy_NoExecutionPermission"),
- System.__HResults.CORSEC_E_NO_EXEC_PERM,
- savedException);
- }
- }
-
- // Check that we were granted at least the minimal set we asked for. Do
- // this before pruning away any overlap with the refused set so that
- // users have the flexability of defining minimal permissions that are
- // only expressable as set differences (e.g. allow access to "C:\" but
- // disallow "C:\Windows").
- if (reqdPset != null && !reqdPset.IsSubsetOf(allowed))
- {
- BCLDebug.Assert(AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled, "Evaluating assembly level declarative security without legacy CAS policy enabled");
- throw new PolicyException(Environment.GetResourceString( "Policy_NoRequiredPermission" ),
- System.__HResults.CORSEC_E_MIN_GRANT_FAIL,
- savedException );
- }
-
- // Remove any granted permissions that are safe subsets of some denied
- // permission. The remaining denied permissions (if any) are returned
- // along with the modified grant set for use in checks.
- if (denyPset != null)
- {
- BCLDebug.Assert(AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled, "Evaluating assembly level declarative security without legacy CAS policy enabled");
- denied = denyPset.Copy();
- allowed.MergeDeniedSet(denied);
- if (denied.IsEmpty())
- denied = null;
- }
- else
- denied = null;
-
- allowed.IgnoreTypeLoadFailures = true;
-
- return allowed;
- }
-
- [Obsolete("Because execution permission checks can no longer be turned off, the CheckExecutionRights property no longer has any effect.")]
- static public bool CheckExecutionRights
- {
- get { return true; }
-
- set
- {
- // The setter for this property is a no-op since execution checking can no longer be turned off
- }
- }
-
- [Obsolete("Because security can no longer be turned off, the SecurityEnabled property no longer has any effect.")]
- public static bool SecurityEnabled
- {
- get { return true; }
-
- set
- {
- // The setter for this property is a no-op since security cannot be turned off
- }
- }
-#endif // #if FEATURE_CAS_POLICY
-
+ static public class SecurityManager
+ {
private static int[][] s_BuiltInPermissionIndexMap = {
new int[] { BuiltInPermissionIndex.EnvironmentPermissionIndex, (int) PermissionType.EnvironmentPermission },
new int[] { BuiltInPermissionIndex.FileDialogPermissionIndex, (int) PermissionType.FileDialogPermission },
@@ -653,17 +142,14 @@ namespace System.Security {
return flags;
}
#pragma warning restore 618
-
- [System.Security.SecurityCritical] // auto-generated
+
[DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode)]
[SuppressUnmanagedCodeSecurity]
internal static extern bool IsSameType(String strLeft, String strRight);
- [System.Security.SecurityCritical] // auto-generated
[MethodImplAttribute(MethodImplOptions.InternalCall)]
internal static extern bool _SetThreadSecurity(bool bThreadSecurity);
- [System.Security.SecurityCritical] // auto-generated
[DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode)]
[SuppressUnmanagedCodeSecurity]
internal static extern void GetGrantedPermissions(ObjectHandleOnStack retGranted, ObjectHandleOnStack retDenied, StackCrawlMarkHandle stackMark);
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-16 18:00:45 +0000