diff options
author | Jiyoung Yun <jy910.yun@samsung.com> | 2016-11-23 19:09:09 +0900 |
---|---|---|
committer | Jiyoung Yun <jy910.yun@samsung.com> | 2016-11-23 19:09:09 +0900 |
commit | 4b4aad7217d3292650e77eec2cf4c198ea9c3b4b (patch) | |
tree | 98110734c91668dfdbb126fcc0e15ddbd93738ca /src/vm/security.cpp | |
parent | fa45f57ed55137c75ac870356a1b8f76c84b229c (diff) | |
download | coreclr-4b4aad7217d3292650e77eec2cf4c198ea9c3b4b.tar.gz coreclr-4b4aad7217d3292650e77eec2cf4c198ea9c3b4b.tar.bz2 coreclr-4b4aad7217d3292650e77eec2cf4c198ea9c3b4b.zip |
Imported Upstream version 1.1.0upstream/1.1.0
Diffstat (limited to 'src/vm/security.cpp')
-rw-r--r-- | src/vm/security.cpp | 102 |
1 files changed, 102 insertions, 0 deletions
diff --git a/src/vm/security.cpp b/src/vm/security.cpp new file mode 100644 index 0000000000..95c16bf5cd --- /dev/null +++ b/src/vm/security.cpp @@ -0,0 +1,102 @@ +// Licensed to the .NET Foundation under one or more agreements. +// The .NET Foundation licenses this file to you under the MIT license. +// See the LICENSE file in the project root for more information. +// + +// + + +#include "common.h" + +#include "security.h" +#include "securitydescriptor.h" +#include "securitydescriptorappdomain.h" +#include "securitydescriptorassembly.h" + +IApplicationSecurityDescriptor * Security::CreateApplicationSecurityDescriptor(AppDomain * pDomain) +{ + WRAPPER_NO_CONTRACT; + + return static_cast<IApplicationSecurityDescriptor*>(new ApplicationSecurityDescriptor(pDomain)); +} + +IAssemblySecurityDescriptor* Security::CreateAssemblySecurityDescriptor(AppDomain *pDomain, DomainAssembly *pAssembly, LoaderAllocator *pLoaderAllocator) +{ + WRAPPER_NO_CONTRACT; + + return static_cast<IAssemblySecurityDescriptor*>(new AssemblySecurityDescriptor(pDomain, pAssembly, pLoaderAllocator)); +} + +ISharedSecurityDescriptor* Security::CreateSharedSecurityDescriptor(Assembly* pAssembly) +{ + WRAPPER_NO_CONTRACT; + + return static_cast<ISharedSecurityDescriptor*>(new SharedSecurityDescriptor(pAssembly)); +} + +void Security::DeleteSharedSecurityDescriptor(ISharedSecurityDescriptor *descriptor) +{ + WRAPPER_NO_CONTRACT; + + delete static_cast<SharedSecurityDescriptor *>(descriptor); +} + +#ifndef FEATURE_CORECLR +IPEFileSecurityDescriptor* Security::CreatePEFileSecurityDescriptor(AppDomain* pDomain, PEFile *pPEFile) +{ + WRAPPER_NO_CONTRACT; + + return static_cast<IPEFileSecurityDescriptor*>(new PEFileSecurityDescriptor(pDomain, pPEFile)); +} +#endif + +BOOL Security::IsTransparencyEnforcementEnabled() +{ + LIMITED_METHOD_CONTRACT; + +#ifdef FEATURE_CORECLR + // No transparency enforcement in .NET Core + return FALSE; +#else + +#ifdef _DEBUG + if (g_pConfig->DisableTransparencyEnforcement()) + return FALSE; +#endif + + return TRUE; +#endif // FEATURE_CORECLR +} + +//--------------------------------------------------------------------------------------- +// +// Determine if security checks should be bypassed for a method because the method is +// being used by a profiler. +// +// Profilers often do things like inject unverifiable IL or P/Invoke which won't be allowed +// if they're working with a transparent method. This hook allows those checks to be +// suppressed if we're currently profiling. +// +// Arguments: +// pMD - Method we're checking to see if security checks may be bypassed for +// + +BOOL Security::BypassSecurityChecksForProfiler(MethodDesc *pMD) +{ + CONTRACTL + { + NOTHROW; + GC_NOTRIGGER; + MODE_ANY; + PRECONDITION(CheckPointer(pMD)); + } + CONTRACTL_END; + +#if defined(PROFILING_SUPPORTED) && !defined(CROSSGEN_COMPILE) + return CORProfilerPresent() && + CORProfilerBypassSecurityChecks() && + pMD->GetAssembly()->GetSecurityDescriptor()->IsFullyTrusted(); +#else + return FALSE; +#endif +} |