diff options
author | Jan Kotas <jkotas@microsoft.com> | 2015-03-21 15:40:51 -0700 |
---|---|---|
committer | Jan Kotas <jkotas@microsoft.com> | 2015-03-21 15:40:51 -0700 |
commit | 725d6a91fffdf4603c8a9c74e15cbc83ebf0e3d6 (patch) | |
tree | fcb60d394c01d951c870c9c9b6bb2a1ad9250314 /src/vm/clsload.cpp | |
parent | 4b3c47ac23abc7526204eaf001c2e9564eb6ab75 (diff) | |
download | coreclr-725d6a91fffdf4603c8a9c74e15cbc83ebf0e3d6.tar.gz coreclr-725d6a91fffdf4603c8a9c74e15cbc83ebf0e3d6.tar.bz2 coreclr-725d6a91fffdf4603c8a9c74e15cbc83ebf0e3d6.zip |
Add host flag to disable transparency checks in CoreCLR
A lot of security transparency annotations in corefx is missing or inconsistent. People keep running into MethodAccessExceptions because of that. It is not easy (nor cheap) to fix the annotations to make them consistent, and they are not actually required for any of the .NET Core scenarios.
This change is introducing a hosting flag to disable security transparency checks on CoreCLR, and adds this flag to all .NET Core hosts. The .NET Core hosts outside of the CoreCLR tree (e.g. ASP.NET 5) will need this flag added as well.
[tfs-changeset: 1437325]
Diffstat (limited to 'src/vm/clsload.cpp')
-rw-r--r-- | src/vm/clsload.cpp | 16 |
1 files changed, 5 insertions, 11 deletions
diff --git a/src/vm/clsload.cpp b/src/vm/clsload.cpp index 8d5fae5c2d..f80041cf38 100644 --- a/src/vm/clsload.cpp +++ b/src/vm/clsload.cpp @@ -5,12 +5,6 @@ // // File: clsload.cpp // - - - -// - -// // ============================================================================ #include "common.h" @@ -4880,7 +4874,7 @@ BOOL AccessCheckOptions::DemandMemberAccess(AccessCheckContext *pContext, Method _ASSERTE(GetAppDomain()->GetSecurityDescriptor()->IsFullyTrusted() || m_accessCheckType == kRestrictedMemberAccess); - if (visibilityCheck) + if (visibilityCheck && Security::IsTransparencyEnforcementEnabled()) { // In CoreCLR RMA means visibility checks always succeed if the target is user code. if ((m_accessCheckType == kRestrictedMemberAccess || m_accessCheckType == kRestrictedMemberAccessNoTransparency) && @@ -5530,6 +5524,9 @@ static BOOL CheckTransparentAccessToCriticalCode( } CONTRACTL_END; + if (!Security::IsTransparencyEnforcementEnabled()) + return TRUE; + // At most one of these should be non-NULL _ASSERTE(1 >= ((pOptionalTargetMethod ? 1 : 0) + (pOptionalTargetField ? 1 : 0) + @@ -5561,11 +5558,8 @@ static BOOL CheckTransparentAccessToCriticalCode( { SecurityTransparent::LogTransparencyError(pContext->GetCallerMethod(), "Transparent code accessing a critical type, method, or field", pOptionalTargetMethod); } - if (!g_pConfig->DisableTransparencyEnforcement()) #endif // _DEBUG - { - return accessCheckOptions.DemandMemberAccessOrFail(pContext, pTargetMT, FALSE /*visibilityCheck*/); - } + return accessCheckOptions.DemandMemberAccessOrFail(pContext, pTargetMT, FALSE /*visibilityCheck*/); } return TRUE; |