diff options
author | Jan Kotas <jkotas@microsoft.com> | 2017-02-06 06:53:42 -0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-02-06 06:53:42 -0800 |
commit | 5c47caa806e6907df81e7a96864984df4d0f38cd (patch) | |
tree | e3437edcb63f42f98c93eb425b4e7a750eda73df /src/vm/appdomainnative.cpp | |
parent | 0b064eef415468f50e7360256e42737d247eb677 (diff) | |
download | coreclr-5c47caa806e6907df81e7a96864984df4d0f38cd.tar.gz coreclr-5c47caa806e6907df81e7a96864984df4d0f38cd.tar.bz2 coreclr-5c47caa806e6907df81e7a96864984df4d0f38cd.zip |
CAS Security cleanup (#9355)
Diffstat (limited to 'src/vm/appdomainnative.cpp')
-rw-r--r-- | src/vm/appdomainnative.cpp | 193 |
1 files changed, 0 insertions, 193 deletions
diff --git a/src/vm/appdomainnative.cpp b/src/vm/appdomainnative.cpp index a96c643537..85c828f9ca 100644 --- a/src/vm/appdomainnative.cpp +++ b/src/vm/appdomainnative.cpp @@ -518,199 +518,6 @@ FCIMPL3(void, AppDomainNative::UpdateContextProperty, LPVOID fusionContext, Stri FCIMPLEND #endif // FEATURE_FUSION -/* static */ -INT32 AppDomainNative::ExecuteAssemblyHelper(Assembly* pAssembly, - BOOL bCreatedConsole, - PTRARRAYREF *pStringArgs) -{ - STATIC_CONTRACT_THROWS; - - struct Param - { - Assembly* pAssembly; - PTRARRAYREF *pStringArgs; - INT32 iRetVal; - } param; - param.pAssembly = pAssembly; - param.pStringArgs = pStringArgs; - param.iRetVal = 0; - - EE_TRY_FOR_FINALLY(Param *, pParam, ¶m) - { - pParam->iRetVal = pParam->pAssembly->ExecuteMainMethod(pParam->pStringArgs, FALSE /* waitForOtherThreads */); - } - EE_FINALLY - { -#ifndef FEATURE_PAL - if(bCreatedConsole) - FreeConsole(); -#endif // !FEATURE_PAL - } - EE_END_FINALLY - - return param.iRetVal; -} - -static void UpgradeLinkTimeCheckToLateBoundDemand(MethodDesc* pMeth) -{ - CONTRACTL - { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - } - CONTRACTL_END; - - BOOL isEveryoneFullyTrusted = FALSE; - - struct _gc - { - OBJECTREF refClassNonCasDemands; - OBJECTREF refClassCasDemands; - OBJECTREF refMethodNonCasDemands; - OBJECTREF refMethodCasDemands; - OBJECTREF refThrowable; - } gc; - ZeroMemory(&gc, sizeof(gc)); - - GCPROTECT_BEGIN(gc); - - isEveryoneFullyTrusted = Security::AllDomainsOnStackFullyTrusted(); - - // If all assemblies in the domain are fully trusted then we are not - // going to do any security checks anyway.. - if (isEveryoneFullyTrusted) - { - goto Exit1; - } - - - if (pMeth->RequiresLinktimeCheck()) - { - // Fetch link demand sets from all the places in metadata where we might - // find them (class and method). These might be split into CAS and non-CAS - // sets as well. - Security::RetrieveLinktimeDemands(pMeth, - &gc.refClassCasDemands, - &gc.refClassNonCasDemands, - &gc.refMethodCasDemands, - &gc.refMethodNonCasDemands); - - if (gc.refClassCasDemands == NULL && gc.refClassNonCasDemands == NULL && - gc.refMethodCasDemands == NULL && gc.refMethodNonCasDemands == NULL && - isEveryoneFullyTrusted) - { - // All code access security demands will pass anyway. - goto Exit1; - } - - // The following logic turns link demands on the target method into full - // stack walks in order to close security holes in poorly written - // reflection users. - -#ifdef FEATURE_APTCA - if (Security::IsUntrustedCallerCheckNeeded(pMeth) ) - { - // Check for untrusted caller - // It is possible that wrappers like VBHelper libraries that are - // fully trusted, make calls to public methods that do not have - // safe for Untrusted caller custom attribute set. - // Like all other link demand that gets transformed to a full stack - // walk for reflection, calls to public methods also gets - // converted to full stack walk - - // NOTE: this will always do the APTCA check, regardless of method caller - Security::DoUntrustedCallerChecks(NULL, pMeth, TRUE); - } -#endif - - // CAS Link Demands - if (gc.refClassCasDemands != NULL) - Security::DemandSet(SSWT_LATEBOUND_LINKDEMAND, gc.refClassCasDemands); - - if (gc.refMethodCasDemands != NULL) - Security::DemandSet(SSWT_LATEBOUND_LINKDEMAND, gc.refMethodCasDemands); - - // Non-CAS demands are not applied against a grant - // set, they're standalone. - if (gc.refClassNonCasDemands != NULL) - Security::CheckNonCasDemand(&gc.refClassNonCasDemands); - - if (gc.refMethodNonCasDemands != NULL) - Security::CheckNonCasDemand(&gc.refMethodNonCasDemands); - } - -Exit1:; - GCPROTECT_END(); -} - -FCIMPL3(INT32, AppDomainNative::ExecuteAssembly, AppDomainBaseObject* refThisUNSAFE, - AssemblyBaseObject* assemblyNameUNSAFE, PTRArray* stringArgsUNSAFE) -{ - FCALL_CONTRACT; - - INT32 iRetVal = 0; - - struct _gc - { - APPDOMAINREF refThis; - ASSEMBLYREF assemblyName; - PTRARRAYREF stringArgs; - } gc; - - gc.refThis = (APPDOMAINREF) refThisUNSAFE; - gc.assemblyName = (ASSEMBLYREF) assemblyNameUNSAFE; - gc.stringArgs = (PTRARRAYREF) stringArgsUNSAFE; - - HELPER_METHOD_FRAME_BEGIN_RET_PROTECT(gc); - - AppDomain* pDomain = ValidateArg(gc.refThis); - - if (gc.assemblyName == NULL) - COMPlusThrow(kArgumentNullException, W("ArgumentNull_Generic")); - - if((BaseDomain*) pDomain == SystemDomain::System()) - COMPlusThrow(kUnauthorizedAccessException, W("UnauthorizedAccess_SystemDomain")); - - Assembly* pAssembly = (Assembly*) gc.assemblyName->GetAssembly(); - - if (!pDomain->m_pRootAssembly) - pDomain->m_pRootAssembly = pAssembly; - - MethodDesc *pEntryPointMethod; - { - pEntryPointMethod = pAssembly->GetEntryPoint(); - if (pEntryPointMethod) - { - UpgradeLinkTimeCheckToLateBoundDemand(pEntryPointMethod); - } - } - - BOOL bCreatedConsole = FALSE; - -#ifndef FEATURE_PAL - if (pAssembly->GetManifestFile()->GetSubsystem() == IMAGE_SUBSYSTEM_WINDOWS_CUI) - { - { - GCX_COOP(); - Security::CheckBeforeAllocConsole(pDomain, pAssembly); - } - bCreatedConsole = AllocConsole(); - StackSString codebase; - pAssembly->GetManifestFile()->GetCodeBase(codebase); - SetConsoleTitle(codebase); - } -#endif // !FEATURE_PAL - - // This helper will call FreeConsole() - iRetVal = ExecuteAssemblyHelper(pAssembly, bCreatedConsole, &gc.stringArgs); - - HELPER_METHOD_FRAME_END(); - - return iRetVal; -} -FCIMPLEND - #ifdef FEATURE_VERSIONING FCIMPL1(void, AppDomainNative::CreateContext, |