diff options
Diffstat (limited to 'src/mscorlib/src/System/Security/PermissionSet.cs')
-rw-r--r-- | src/mscorlib/src/System/Security/PermissionSet.cs | 1100 |
1 files changed, 32 insertions, 1068 deletions
diff --git a/src/mscorlib/src/System/Security/PermissionSet.cs b/src/mscorlib/src/System/Security/PermissionSet.cs index e36f0752ad..11ca02a81e 100644 --- a/src/mscorlib/src/System/Security/PermissionSet.cs +++ b/src/mscorlib/src/System/Security/PermissionSet.cs @@ -21,6 +21,7 @@ namespace System.Security { using System.Text; using System.Globalization; using System.Runtime.Versioning; + using System.Diagnostics; using System.Diagnostics.Contracts; [Serializable] @@ -36,9 +37,6 @@ namespace System.Security { #if FEATURE_SERIALIZATION [Serializable] #endif -#if !FEATURE_CORECLR - [StrongNameIdentityPermissionAttribute(SecurityAction.InheritanceDemand, Name = "mscorlib", PublicKey = "0x" + AssemblyRef.EcmaPublicKeyFull)] -#endif [System.Runtime.InteropServices.ComVisible(true)] public class PermissionSet : ISecurityEncodable, ICollection, IStackWalk #if FEATURE_SERIALIZATION @@ -114,71 +112,13 @@ namespace System.Security { internal static readonly PermissionSet s_fullTrust = new PermissionSet( true ); -#if FEATURE_REMOTING - [OnDeserializing] - private void OnDeserializing(StreamingContext ctx) - { - Reset(); - } - - [OnDeserialized] - private void OnDeserialized(StreamingContext ctx) - { - if (m_serializedPermissionSet != null) - { - // Whidbey non X-AD case - FromXml(SecurityElement.FromString(m_serializedPermissionSet)); - } - else if (m_normalPermSet != null) - { - // Everett non X-AD case - m_permSet = m_normalPermSet.SpecialUnion(m_unrestrictedPermSet); - } - else if (m_unrestrictedPermSet != null) - { - // Everett non X-AD case - m_permSet = m_unrestrictedPermSet.SpecialUnion(m_normalPermSet); - } - - m_serializedPermissionSet = null; - m_normalPermSet = null; - m_unrestrictedPermSet = null; - - } - - [OnSerializing] - private void OnSerializing(StreamingContext ctx) - { - - if ((ctx.State & ~(StreamingContextStates.Clone|StreamingContextStates.CrossAppDomain)) != 0) - { - m_serializedPermissionSet = ToString(); // For v2.x and beyond - if (m_permSet != null) - m_permSet.SpecialSplit(ref m_unrestrictedPermSet, ref m_normalPermSet, m_ignoreTypeLoadFailures); - m_permSetSaved = m_permSet; - m_permSet = null; - } - } -#endif // !FEATURE_REMOTING - -#if FEATURE_REMOTING || _DEBUG +#if _DEBUG [OnSerialized] private void OnSerialized(StreamingContext context) { -#if FEATURE_REMOTING - if ((context.State & ~(StreamingContextStates.Clone|StreamingContextStates.CrossAppDomain)) != 0) - { - m_serializedPermissionSet = null; - m_permSet = m_permSetSaved; - m_permSetSaved = null; - m_unrestrictedPermSet = null; - m_normalPermSet = null; - } -#else // !FEATURE_REMOTING - Contract.Assert(false, "PermissionSet does not support serialization on CoreCLR"); -#endif // !FEATURE_REMOTING + Debug.Assert(false, "PermissionSet does not support serialization on CoreCLR"); } -#endif // FEATURE_REMOTING || _DEBUG +#endif // _DEBUG internal PermissionSet() { @@ -233,19 +173,11 @@ namespace System.Security { { Object obj = m_permSet.GetItem(i); IPermission perm = obj as IPermission; -#if FEATURE_CAS_POLICY - ISecurityElementFactory elem = obj as ISecurityElementFactory; -#endif // FEATURE_CAS_POLICY + if (perm != null) { m_permSet.SetItem(i, perm.Copy()); } -#if FEATURE_CAS_POLICY - else if (elem != null) - { - m_permSet.SetItem(i, elem.Copy()); - } -#endif // FEATURE_CAS_POLICY } } } @@ -253,7 +185,7 @@ namespace System.Security { public virtual void CopyTo(Array array, int index) { if (array == null) - throw new ArgumentNullException( "array" ); + throw new ArgumentNullException( nameof(array) ); Contract.EndContractBlock(); PermissionSetEnumeratorInternal enumerator = new PermissionSetEnumeratorInternal(this); @@ -365,19 +297,7 @@ namespace System.Security { Object obj = m_permSet.GetItem( index ); if (obj == null) return null; - IPermission perm = obj as IPermission; - if (perm != null) - return perm; -#if FEATURE_CAS_POLICY - perm = CreatePermission(obj, index); -#endif // FEATURE_CAS_POLICY - if (perm == null) - return null; - Contract.Assert( PermissionToken.IsTokenProperlyAssigned( perm, PermissionToken.GetToken( perm ) ), - "PermissionToken was improperly assigned" ); - Contract.Assert( PermissionToken.GetToken( perm ).m_index == index, - "Assigning permission to incorrect index in tokenbasedset" ); - return perm; + return obj as IPermission; } internal IPermission GetPermission(PermissionToken permToken) @@ -396,21 +316,6 @@ namespace System.Security { return GetPermission(PermissionToken.GetToken( perm )); } -#if FEATURE_CAS_POLICY - public IPermission GetPermission(Type permClass) - { - return GetPermissionImpl(permClass); - } - - protected virtual IPermission GetPermissionImpl(Type permClass) - { - if (permClass == null) - return null; - - return GetPermission(PermissionToken.FindToken(permClass)); - } -#endif // FEATURE_CAS_POLICY - public IPermission SetPermission(IPermission perm) { return SetPermissionImpl(perm); @@ -494,29 +399,6 @@ namespace System.Security { return (IPermission)m_permSet.RemoveItem( index ); // this cast is safe because the call to GetPermission will guarantee it is an IPermission } -#if FEATURE_CAS_POLICY - public IPermission RemovePermission(Type permClass) - { - return RemovePermissionImpl(permClass); - } - - protected virtual IPermission RemovePermissionImpl(Type permClass) - { - if (permClass == null) - { - return null; - } - - PermissionToken permToken = PermissionToken.FindToken(permClass); - if (permToken == null) - { - return null; - } - - return RemovePermission(permToken.m_index); - } -#endif // FEATURE_CAS_POLICY - // Make this internal soon. internal void SetUnrestricted(bool unrestricted) { @@ -527,12 +409,12 @@ namespace System.Security { m_permSet = null; } } - + public bool IsUnrestricted() { return m_Unrestricted; } - + internal enum IsSubsetOfType { Normal, @@ -580,7 +462,7 @@ namespace System.Security { IPermission targetPerm = target.GetPermission(i); #if _DEBUG PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i ); - Contract.Assert(targetPerm == null || (token.m_type & PermissionTokenType.DontKnow) == 0, "Token not properly initialized"); + Debug.Assert(targetPerm == null || (token.m_type & PermissionTokenType.DontKnow) == 0, "Token not properly initialized"); #endif if (target.m_Unrestricted) @@ -692,7 +574,7 @@ namespace System.Security { internal void CheckDecoded( CodeAccessPermission demandedPerm, PermissionToken tokenDemandedPerm ) { - Contract.Assert( demandedPerm != null, "Expected non-null value" ); + Debug.Assert( demandedPerm != null, "Expected non-null value" ); if (this.m_allPermissionsDecoded || this.m_permSet == null) return; @@ -700,7 +582,7 @@ namespace System.Security { if (tokenDemandedPerm == null) tokenDemandedPerm = PermissionToken.GetToken( demandedPerm ); - Contract.Assert( tokenDemandedPerm != null, "Unable to find token for demanded permission" ); + Debug.Assert( tokenDemandedPerm != null, "Unable to find token for demanded permission" ); CheckDecoded( tokenDemandedPerm.m_index ); } @@ -715,7 +597,7 @@ namespace System.Security { internal void CheckDecoded(PermissionSet demandedSet) { - Contract.Assert(demandedSet != null, "Expected non-null value"); + Debug.Assert(demandedSet != null, "Expected non-null value"); if (this.m_allPermissionsDecoded || this.m_permSet == null) return; @@ -728,37 +610,6 @@ namespace System.Security { } } -#if FEATURE_CAS_POLICY - static internal void SafeChildAdd( SecurityElement parent, ISecurityElementFactory child, bool copy ) - { - if (child == parent) - return; - if (child.GetTag().Equals( "IPermission" ) || child.GetTag().Equals( "Permission" )) - { - parent.AddChild( child ); - } - else if (parent.Tag.Equals( child.GetTag() )) - { - Contract.Assert( child is SecurityElement, "SecurityElement expected" ); - SecurityElement elChild = (SecurityElement)child; - Contract.Assert( elChild.InternalChildren != null, - "Non-permission elements should have children" ); - - for (int i = 0; i < elChild.InternalChildren.Count; ++i) - { - ISecurityElementFactory current = (ISecurityElementFactory)elChild.InternalChildren[i]; - Contract.Assert( !current.GetTag().Equals( parent.Tag ), - "Illegal to insert a like-typed element" ); - parent.AddChildNoDuplicates( current ); - } - } - else - { - parent.AddChild( (ISecurityElementFactory)(copy ? child.Copy() : child) ); - } - } -#endif // FEATURE_CAS_POLICY - internal void InplaceIntersect( PermissionSet other ) { Exception savedException = null; @@ -796,81 +647,24 @@ namespace System.Security { { Object thisObj = this.m_permSet.GetItem( i ); IPermission thisPerm = thisObj as IPermission; -#if FEATURE_CAS_POLICY - ISecurityElementFactory thisElem = thisObj as ISecurityElementFactory; -#endif // FEATURE_CAS_POLICY Object otherObj = other.m_permSet.GetItem( i ); IPermission otherPerm = otherObj as IPermission; -#if FEATURE_CAS_POLICY - ISecurityElementFactory otherElem = otherObj as ISecurityElementFactory; -#endif // FEATURE_CAS_POLICY if (thisObj == null && otherObj == null) continue; -#if FEATURE_CAS_POLICY - if (thisElem != null && otherElem != null) - { - // If we already have an intersection node, just add another child - if (thisElem.GetTag().Equals( s_str_PermissionIntersection ) || - thisElem.GetTag().Equals( s_str_PermissionUnrestrictedIntersection )) - { - Contract.Assert( thisElem is SecurityElement, "SecurityElement expected" ); - SafeChildAdd( (SecurityElement)thisElem, otherElem, true ); - } - // If either set is unrestricted, intersect the nodes unrestricted - else - { - bool copyOther = true; - if (this.IsUnrestricted()) - { - SecurityElement newElemUU = new SecurityElement( s_str_PermissionUnrestrictedUnion ); - newElemUU.AddAttribute( "class", thisElem.Attribute( "class" ) ); - SafeChildAdd( newElemUU, thisElem, false ); - thisElem = newElemUU; - } - if (other.IsUnrestricted()) - { - SecurityElement newElemUU = new SecurityElement( s_str_PermissionUnrestrictedUnion ); - newElemUU.AddAttribute( "class", otherElem.Attribute( "class" ) ); - SafeChildAdd( newElemUU, otherElem, true ); - otherElem = newElemUU; - copyOther = false; - } - - SecurityElement newElem = new SecurityElement( s_str_PermissionIntersection ); - newElem.AddAttribute( "class", thisElem.Attribute( "class" ) ); - - SafeChildAdd( newElem, thisElem, false ); - SafeChildAdd( newElem, otherElem, copyOther ); - this.m_permSet.SetItem( i, newElem ); - } - } - else -#endif // FEATURE_CAS_POLICY if (thisObj == null) { // There is no object in <this>, so intersection is empty except for IUnrestrictedPermissions if (this.IsUnrestricted()) { -#if FEATURE_CAS_POLICY - if (otherElem != null) - { - SecurityElement newElem = new SecurityElement( s_str_PermissionUnrestrictedIntersection ); - newElem.AddAttribute( "class", otherElem.Attribute( "class" ) ); - SafeChildAdd( newElem, otherElem, true ); - this.m_permSet.SetItem( i, newElem ); - Contract.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" ); - } - else -#endif // FEATURE_CAS_POLICY { PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i ); if ((token.m_type & PermissionTokenType.IUnrestricted) != 0) { this.m_permSet.SetItem( i, otherPerm.Copy() ); - Contract.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" ); + Debug.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" ); } } } @@ -879,16 +673,6 @@ namespace System.Security { { if (other.IsUnrestricted()) { -#if FEATURE_CAS_POLICY - if (thisElem != null) - { - SecurityElement newElem = new SecurityElement( s_str_PermissionUnrestrictedIntersection ); - newElem.AddAttribute( "class", thisElem.Attribute( "class" ) ); - SafeChildAdd( newElem, thisElem, false ); - this.m_permSet.SetItem( i, newElem ); - } - else -#endif // FEATURE_CAS_POLICY { PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i ); if ((token.m_type & PermissionTokenType.IUnrestricted) == 0) @@ -902,13 +686,6 @@ namespace System.Security { } else { -#if FEATURE_CAS_POLICY - if (thisElem != null) - thisPerm = this.CreatePermission(thisElem, i); - if (otherElem != null) - otherPerm = other.CreatePermission(otherElem, i); -#endif // FEATURE_CAS_POLICY - try { IPermission intersectPerm; @@ -968,71 +745,23 @@ namespace System.Security { { Object thisObj = this.m_permSet.GetItem( i ); IPermission thisPerm = thisObj as IPermission; -#if FEATURE_CAS_POLICY - ISecurityElementFactory thisElem = thisObj as ISecurityElementFactory; -#endif // FEATURE_CAS_POLICY - Object otherObj = other.m_permSet.GetItem( i ); IPermission otherPerm = otherObj as IPermission; -#if FEATURE_CAS_POLICY - ISecurityElementFactory otherElem = otherObj as ISecurityElementFactory; -#endif // FEATURE_CAS_POLICY if (thisObj == null && otherObj == null) continue; -#if FEATURE_CAS_POLICY - if (thisElem != null && otherElem != null) - { - bool copyOther = true; - bool copyThis = true; - SecurityElement newElem = new SecurityElement( s_str_PermissionIntersection ); - newElem.AddAttribute( "class", otherElem.Attribute( "class" ) ); - if (this.IsUnrestricted()) - { - SecurityElement newElemUU = new SecurityElement( s_str_PermissionUnrestrictedUnion ); - newElemUU.AddAttribute( "class", thisElem.Attribute( "class" ) ); - SafeChildAdd( newElemUU, thisElem, true ); - copyThis = false; - thisElem = newElemUU; - } - if (other.IsUnrestricted()) - { - SecurityElement newElemUU = new SecurityElement( s_str_PermissionUnrestrictedUnion ); - newElemUU.AddAttribute( "class", otherElem.Attribute( "class" ) ); - SafeChildAdd( newElemUU, otherElem, true ); - copyOther = false; - otherElem = newElemUU; - } - - SafeChildAdd( newElem, otherElem, copyOther ); - SafeChildAdd( newElem, thisElem, copyThis ); - pset.m_permSet.SetItem( i, newElem ); - } - else -#endif // FEATURE_CAS_POLICY if (thisObj == null) { if (this.m_Unrestricted) { -#if FEATURE_CAS_POLICY - if (otherElem != null) - { - SecurityElement newElem = new SecurityElement( s_str_PermissionUnrestrictedIntersection ); - newElem.AddAttribute( "class", otherElem.Attribute( "class" ) ); - SafeChildAdd( newElem, otherElem, true ); - pset.m_permSet.SetItem( i, newElem ); - Contract.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" ); - } - else -#endif // FEATURE_CAS_POLICY if (otherPerm != null) { PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i ); if ((token.m_type & PermissionTokenType.IUnrestricted) != 0) { pset.m_permSet.SetItem( i, otherPerm.Copy() ); - Contract.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" ); + Debug.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" ); } } } @@ -1041,37 +770,19 @@ namespace System.Security { { if (other.m_Unrestricted) { -#if FEATURE_CAS_POLICY - if (thisElem != null) - { - SecurityElement newElem = new SecurityElement( s_str_PermissionUnrestrictedIntersection ); - newElem.AddAttribute( "class", thisElem.Attribute( "class" ) ); - SafeChildAdd( newElem, thisElem, true ); - pset.m_permSet.SetItem( i, newElem ); - Contract.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" ); - } - else -#endif // FEATURE_CAS_POLICY if (thisPerm != null) { PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i ); if ((token.m_type & PermissionTokenType.IUnrestricted) != 0) { pset.m_permSet.SetItem( i, thisPerm.Copy() ); - Contract.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" ); + Debug.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" ); } } } } else { -#if FEATURE_CAS_POLICY - if (thisElem != null) - thisPerm = this.CreatePermission(thisElem, i); - if (otherElem != null) - otherPerm = other.CreatePermission(otherElem, i); -#endif // FEATURE_CAS_POLICY - IPermission intersectPerm; if (thisPerm == null) intersectPerm = otherPerm; @@ -1080,7 +791,7 @@ namespace System.Security { else intersectPerm = thisPerm.Intersect( otherPerm ); pset.m_permSet.SetItem( i, intersectPerm ); - Contract.Assert( intersectPerm == null || PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" ); + Debug.Assert( intersectPerm == null || PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" ); } } @@ -1102,13 +813,9 @@ namespace System.Security { // Quick out conditions, union doesn't change this PermissionSet if (other == null || other.FastIsEmpty()) return; - - - m_CheckedForNonCas = false; - + m_CheckedForNonCas = false; - this.m_Unrestricted = this.m_Unrestricted || other.m_Unrestricted; if (this.m_Unrestricted) @@ -1124,7 +831,7 @@ namespace System.Security { int maxMax = -1; if (other.m_permSet != null) { - maxMax = other.m_permSet.GetMaxUsedIndex(); + maxMax = other.m_permSet.GetMaxUsedIndex(); this.CheckSet(); } // Save exceptions until the end @@ -1134,52 +841,15 @@ namespace System.Security { { Object thisObj = this.m_permSet.GetItem( i ); IPermission thisPerm = thisObj as IPermission; -#if FEATURE_CAS_POLICY - ISecurityElementFactory thisElem = thisObj as ISecurityElementFactory; -#endif // FEATURE_CAS_POLICY Object otherObj = other.m_permSet.GetItem( i ); IPermission otherPerm = otherObj as IPermission; -#if FEATURE_CAS_POLICY - ISecurityElementFactory otherElem = otherObj as ISecurityElementFactory; -#endif // FEATURE_CAS_POLICY if (thisObj == null && otherObj == null) continue; -#if FEATURE_CAS_POLICY - if (thisElem != null && otherElem != null) - { - if (thisElem.GetTag().Equals( s_str_PermissionUnion ) || - thisElem.GetTag().Equals( s_str_PermissionUnrestrictedUnion )) - { - Contract.Assert( thisElem is SecurityElement, "SecurityElement expected" ); - SafeChildAdd( (SecurityElement)thisElem, otherElem, true ); - } - else - { - SecurityElement newElem; - if (this.IsUnrestricted() || other.IsUnrestricted()) - newElem = new SecurityElement( s_str_PermissionUnrestrictedUnion ); - else - newElem = new SecurityElement( s_str_PermissionUnion ); - newElem.AddAttribute( "class", thisElem.Attribute( "class" ) ); - SafeChildAdd( newElem, thisElem, false ); - SafeChildAdd( newElem, otherElem, true ); - this.m_permSet.SetItem( i, newElem ); - } - } - else -#endif // FEATURE_CAS_POLICY if (thisObj == null) { -#if FEATURE_CAS_POLICY - if (otherElem != null) - { - this.m_permSet.SetItem( i, otherElem.Copy() ); - } - else -#endif // FEATURE_CAS_POLICY if (otherPerm != null) { PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i ); @@ -1195,13 +865,6 @@ namespace System.Security { } else { -#if FEATURE_CAS_POLICY - if (thisElem != null) - thisPerm = this.CreatePermission(thisElem, i); - if (otherElem != null) - otherPerm = other.CreatePermission(otherElem, i); -#endif // FEATURE_CAS_POLICY - try { IPermission unionPerm; @@ -1260,82 +923,39 @@ namespace System.Security { { Object thisObj = this.m_permSet.GetItem( i ); IPermission thisPerm = thisObj as IPermission; -#if FEATURE_CAS_POLICY - ISecurityElementFactory thisElem = thisObj as ISecurityElementFactory; -#endif // FEATURE_CAS_POLICY Object otherObj = other.m_permSet.GetItem( i ); IPermission otherPerm = otherObj as IPermission; -#if FEATURE_CAS_POLICY - ISecurityElementFactory otherElem = otherObj as ISecurityElementFactory; -#endif // FEATURE_CAS_POLICY if (thisObj == null && otherObj == null) continue; -#if FEATURE_CAS_POLICY - if (thisElem != null && otherElem != null) - { - SecurityElement newElem; - if (this.IsUnrestricted() || other.IsUnrestricted()) - newElem = new SecurityElement( s_str_PermissionUnrestrictedUnion ); - else - newElem = new SecurityElement( s_str_PermissionUnion ); - newElem.AddAttribute( "class", thisElem.Attribute( "class" ) ); - SafeChildAdd( newElem, thisElem, true ); - SafeChildAdd( newElem, otherElem, true ); - pset.m_permSet.SetItem( i, newElem ); - } - else -#endif // FEATURE_CAS_POLICY if (thisObj == null) { -#if FEATURE_CAS_POLICY - if (otherElem != null) - { - pset.m_permSet.SetItem( i, otherElem.Copy() ); - Contract.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" ); - } - else -#endif // FEATURE_CAS_POLICY if (otherPerm != null) { PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i ); if (((token.m_type & PermissionTokenType.IUnrestricted) == 0) || !pset.m_Unrestricted) { pset.m_permSet.SetItem( i, otherPerm.Copy() ); - Contract.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" ); + Debug.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" ); } } } else if (otherObj == null) { -#if FEATURE_CAS_POLICY - if (thisElem != null) - { - pset.m_permSet.SetItem( i, thisElem.Copy() ); - } - else -#endif // FEATURE_CAS_POLICY if (thisPerm != null) { PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i ); if (((token.m_type & PermissionTokenType.IUnrestricted) == 0) || !pset.m_Unrestricted) { pset.m_permSet.SetItem( i, thisPerm.Copy() ); - Contract.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" ); + Debug.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" ); } } } else { -#if FEATURE_CAS_POLICY - if (thisElem != null) - thisPerm = this.CreatePermission(thisElem, i); - if (otherElem != null) - otherPerm = other.CreatePermission(otherElem, i); -#endif // FEATURE_CAS_POLICY - IPermission unionPerm; if(thisPerm == null) unionPerm = otherPerm; @@ -1344,10 +964,10 @@ namespace System.Security { else unionPerm = thisPerm.Union( otherPerm ); pset.m_permSet.SetItem( i, unionPerm ); - Contract.Assert( unionPerm == null || PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" ); + Debug.Assert( unionPerm == null || PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" ); } } - + return pset; } @@ -1492,7 +1112,6 @@ namespace System.Security { // Mark this method as requiring a security object on the caller's frame // so the caller won't be inlined (which would mess up stack crawling). - [System.Security.SecuritySafeCritical] // auto-generated [DynamicSecurityMethodAttribute()] [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable public void Demand() @@ -1513,7 +1132,6 @@ namespace System.Security { } } - [System.Security.SecurityCritical] // auto-generated internal void DemandNonCAS() { ContainsNonCodeAccessPermissions(); @@ -1536,7 +1154,6 @@ namespace System.Security { // Metadata for this method should be flaged with REQ_SQ so that // EE can allocate space on the stack frame for FrameSecurityDescriptor - [System.Security.SecuritySafeCritical] // auto-generated [DynamicSecurityMethodAttribute()] [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable public void Assert() @@ -1548,7 +1165,6 @@ namespace System.Security { // Metadata for this method should be flaged with REQ_SQ so that // EE can allocate space on the stack frame for FrameSecurityDescriptor - [System.Security.SecuritySafeCritical] // auto-generated [DynamicSecurityMethodAttribute()] [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable [Obsolete("Deny is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")] @@ -1561,7 +1177,6 @@ namespace System.Security { // Metadata for this method should be flaged with REQ_SQ so that // EE can allocate space on the stack frame for FrameSecurityDescriptor - [System.Security.SecuritySafeCritical] // auto-generated [DynamicSecurityMethodAttribute()] [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable public void PermitOnly() @@ -1588,21 +1203,7 @@ namespace System.Security { { // Explicitly make a new PermissionSet, rather than copying, since we may have a // ReadOnlyPermissionSet which cannot have identity permissions removed from it in a true copy. - PermissionSet copy = new PermissionSet(this); - - // There's no easy way to distinguish an identity permission from any other CodeAccessPermission, - // so remove them directly. -#if FEATURE_CAS_POLICY - copy.RemovePermission(typeof(GacIdentityPermission)); -#if FEATURE_X509 - copy.RemovePermission(typeof(PublisherIdentityPermission)); -#endif - copy.RemovePermission(typeof(StrongNameIdentityPermission)); - copy.RemovePermission(typeof(UrlIdentityPermission)); - copy.RemovePermission(typeof(ZoneIdentityPermission)); -#endif // FEATURE_CAS_POLICY - - return copy; + return new PermissionSet(this); } public IEnumerator GetEnumerator() @@ -1620,13 +1221,6 @@ namespace System.Security { return new PermissionSetEnumeratorInternal(this); } -#if FEATURE_CAS_POLICY - public override String ToString() - { - return ToXml().ToString(); - } -#endif // FEATURE_CAS_POLICY - private void NormalizePermissionSet() { // This function guarantees that all the permissions are placed at @@ -1645,12 +1239,6 @@ namespace System.Security { { Object obj = this.m_permSet.GetItem(i); IPermission perm = obj as IPermission; -#if FEATURE_CAS_POLICY - ISecurityElementFactory elem = obj as ISecurityElementFactory; - - if (elem != null) - perm = CreatePerm( elem ); -#endif // FEATURE_CAS_POLICY if (perm != null) permSetTemp.SetPermission( perm ); } @@ -1659,29 +1247,6 @@ namespace System.Security { this.m_permSet = permSetTemp.m_permSet; } -#if FEATURE_CAS_POLICY - private bool DecodeXml(byte[] data, HostProtectionResource fullTrustOnlyResources, HostProtectionResource inaccessibleResources ) - { - if (data != null && data.Length > 0) - { - FromXml( new Parser( data, Tokenizer.ByteTokenEncoding.UnicodeTokens ).GetTopElement() ); - } - - FilterHostProtectionPermissions(fullTrustOnlyResources, inaccessibleResources); - - // We call this method from unmanaged to code a set we are going to use declaratively. In - // this case, all the lazy evaluation for partial policy resolution is wasted since we'll - // need to decode all of these shortly to make the demand for whatever. Therefore, we - // pay that price now so that we can calculate whether all the permissions in the set - // implement the IUnrestrictedPermission interface (the common case) for use in some - // unmanaged optimizations. - - DecodeAllPermissions(); - - return true; - } -#endif // FEATURE_CAS_POLICY - private void DecodeAllPermissions() { if (m_permSet == null) @@ -1710,11 +1275,7 @@ namespace System.Security { HostProtectionPermission newHpp = (HostProtectionPermission)hpp.Intersect(new HostProtectionPermission(fullTrustOnly)); if (newHpp == null) { -#if FEATURE_CAS_POLICY - RemovePermission(typeof(HostProtectionPermission)); -#else // !FEATURE_CAS_POLICY RemovePermission(HostProtectionPermission.GetTokenIndex()); -#endif // FEATURE_CAS_POLICY } else if (newHpp.Resources != hpp.Resources) { @@ -1722,539 +1283,8 @@ namespace System.Security { } } -#if FEATURE_CAS_POLICY - public virtual void FromXml( SecurityElement et ) - { - FromXml( et, false, false ); - } - - internal static bool IsPermissionTag( String tag, bool allowInternalOnly ) - { - if (tag.Equals( s_str_Permission ) || - tag.Equals( s_str_IPermission )) - { - return true; - } - - if (allowInternalOnly && - (tag.Equals( s_str_PermissionUnion ) || - tag.Equals( s_str_PermissionIntersection ) || - tag.Equals( s_str_PermissionUnrestrictedIntersection ) || - tag.Equals( s_str_PermissionUnrestrictedUnion))) - { - return true; - } - - return false; - } - - internal virtual void FromXml( SecurityElement et, bool allowInternalOnly, bool ignoreTypeLoadFailures ) - { - if (et == null) - throw new ArgumentNullException("et"); - - if (!et.Tag.Equals(s_str_PermissionSet)) - throw new ArgumentException(String.Format( null, Environment.GetResourceString( "Argument_InvalidXMLElement" ), "PermissionSet", this.GetType().FullName) ); - Contract.EndContractBlock(); - - Reset(); - m_ignoreTypeLoadFailures = ignoreTypeLoadFailures; - m_allPermissionsDecoded = false; - m_Unrestricted = XMLUtil.IsUnrestricted( et ); - - if (et.InternalChildren != null) - { - int childCount = et.InternalChildren.Count; - for (int i = 0; i < childCount; ++i) - { - SecurityElement elem = (SecurityElement)et.Children[i]; - - if (IsPermissionTag( elem.Tag, allowInternalOnly )) - { - String className = elem.Attribute( "class" ); - - PermissionToken token; - Object objectToInsert; - - if (className != null) - { - token = PermissionToken.GetToken( className ); - if (token == null) - { - objectToInsert = CreatePerm( elem ); -#if _DEBUG - PermissionToken tokenDebug = PermissionToken.GetToken( (IPermission)objectToInsert ); - Contract.Assert( tokenDebug != null && (tokenDebug.m_type & PermissionTokenType.BuiltIn) != 0, "This should only be called for built-ins" ); -#endif - if (objectToInsert != null) - { - Contract.Assert( objectToInsert.GetType().Module.Assembly == System.Reflection.Assembly.GetExecutingAssembly(), - "PermissionToken.GetToken returned null for non-mscorlib permission" ); - token = PermissionToken.GetToken( (IPermission)objectToInsert ); - Contract.Assert( (token.m_type & PermissionTokenType.DontKnow) == 0, "We should always know the permission type when getting a token from an instance" ); - } - } - else - { - objectToInsert = elem; - } - } - else - { - IPermission ip = CreatePerm( elem ); - if (ip == null) - { - token = null; - objectToInsert = null; - } - else - { - token = PermissionToken.GetToken( ip ); - Contract.Assert( PermissionToken.IsTokenProperlyAssigned( ip, token ), - "PermissionToken was improperly assigned" ); - objectToInsert = ip; - } - } - - if (token != null && objectToInsert != null) - { - if (m_permSet == null) - m_permSet = new TokenBasedSet(); - - if (this.m_permSet.GetItem( token.m_index ) != null) - { - // If there is already something in that slot, let's union them - // together. - - IPermission permInSlot; - - if (this.m_permSet.GetItem( token.m_index ) is IPermission) - permInSlot = (IPermission)this.m_permSet.GetItem( token.m_index ); - else - permInSlot = CreatePerm( (SecurityElement)this.m_permSet.GetItem( token.m_index ) ); - - if (objectToInsert is IPermission) - objectToInsert = ((IPermission)objectToInsert).Union( permInSlot ); - else - objectToInsert = CreatePerm( (SecurityElement)objectToInsert ).Union( permInSlot ); - } - - if(m_Unrestricted && objectToInsert is IPermission) - objectToInsert = null; - - this.m_permSet.SetItem( token.m_index, objectToInsert ); - } - } - } - } - } - - internal virtual void FromXml( SecurityDocument doc, int position, bool allowInternalOnly ) - { - if (doc == null) - throw new ArgumentNullException("doc"); - Contract.EndContractBlock(); - - if (!doc.GetTagForElement( position ).Equals(s_str_PermissionSet)) - throw new ArgumentException(String.Format( null, Environment.GetResourceString( "Argument_InvalidXMLElement" ), "PermissionSet", this.GetType().FullName) ); - - Reset(); - m_allPermissionsDecoded = false; - Exception savedException = null; - String strUnrestricted = doc.GetAttributeForElement( position, "Unrestricted" ); - if (strUnrestricted != null) - m_Unrestricted = strUnrestricted.Equals( "True" ) || strUnrestricted.Equals( "true" ) || strUnrestricted.Equals( "TRUE" ); - else - m_Unrestricted = false; - - ArrayList childrenIndices = doc.GetChildrenPositionForElement( position ); - int childCount = childrenIndices.Count; - for (int i = 0; i < childCount; ++i) - { - int childIndex = (int)childrenIndices[i]; - if (IsPermissionTag( doc.GetTagForElement( childIndex ), allowInternalOnly )) - { - try - { - String className = doc.GetAttributeForElement( childIndex, "class" ); - - PermissionToken token; - Object objectToInsert; - - if (className != null) - { - token = PermissionToken.GetToken( className ); - if (token == null) - { - objectToInsert = CreatePerm( doc.GetElement( childIndex, true ) ); - - if (objectToInsert != null) - { -#if _DEBUG - PermissionToken tokenDebug = PermissionToken.GetToken( (IPermission)objectToInsert ); - Contract.Assert((tokenDebug != null), "PermissionToken.GetToken returned null "); - Contract.Assert( (tokenDebug.m_type & PermissionTokenType.BuiltIn) != 0, "This should only be called for built-ins" ); -#endif - Contract.Assert( objectToInsert.GetType().Module.Assembly == System.Reflection.Assembly.GetExecutingAssembly(), - "PermissionToken.GetToken returned null for non-mscorlib permission" ); - token = PermissionToken.GetToken( (IPermission)objectToInsert ); - Contract.Assert((token != null), "PermissionToken.GetToken returned null "); - Contract.Assert( (token.m_type & PermissionTokenType.DontKnow) == 0, "We should always know the permission type when getting a token from an instance" ); - } - } - else - { - objectToInsert = ((ISecurityElementFactory)new SecurityDocumentElement(doc, childIndex)).CreateSecurityElement(); - } - } - else - { - IPermission ip = CreatePerm( doc.GetElement( childIndex, true ) ); - if (ip == null) - { - token = null; - objectToInsert = null; - } - else - { - token = PermissionToken.GetToken( ip ); - Contract.Assert( PermissionToken.IsTokenProperlyAssigned( ip, token ), - "PermissionToken was improperly assigned" ); - objectToInsert = ip; - } - } - - if (token != null && objectToInsert != null) - { - if (m_permSet == null) - m_permSet = new TokenBasedSet(); - - IPermission permInSlot = null; - if (this.m_permSet.GetItem( token.m_index ) != null) - { - // If there is already something in that slot, let's union them - // together. - - if (this.m_permSet.GetItem( token.m_index ) is IPermission) - permInSlot = (IPermission)this.m_permSet.GetItem( token.m_index ); - else - permInSlot = CreatePerm( this.m_permSet.GetItem( token.m_index ) ); - } - - if (permInSlot != null) - { - if (objectToInsert is IPermission) - objectToInsert = permInSlot.Union((IPermission)objectToInsert); - else - objectToInsert = permInSlot.Union(CreatePerm( objectToInsert )); - } - - if(m_Unrestricted && objectToInsert is IPermission) - objectToInsert = null; - - this.m_permSet.SetItem( token.m_index, objectToInsert ); - } - } - catch (Exception e) - { -#if _DEBUG - if (debug) - DEBUG_WRITE( "error while decoding permission set =\n" + e.ToString() ); -#endif - if (savedException == null) - savedException = e; - - } - } - } - - if (savedException != null) - throw savedException; - - } - - private IPermission CreatePerm(Object obj) - { - return CreatePerm(obj, m_ignoreTypeLoadFailures); - } - - internal static IPermission CreatePerm(Object obj, bool ignoreTypeLoadFailures) - { - SecurityElement el = obj as SecurityElement; - ISecurityElementFactory isf = obj as ISecurityElementFactory; - if (el == null && isf != null) - { - el = isf.CreateSecurityElement(); - } - - IEnumerator enumerator; - IPermission finalPerm = null; - - switch (el.Tag) - { - case s_str_PermissionUnion: - enumerator = el.Children.GetEnumerator(); - while (enumerator.MoveNext()) - { - IPermission tempPerm = CreatePerm( (SecurityElement)enumerator.Current, ignoreTypeLoadFailures); - - if (finalPerm != null) - finalPerm = finalPerm.Union( tempPerm ); - else - finalPerm = tempPerm; - } - break; - - case s_str_PermissionIntersection: - enumerator = el.Children.GetEnumerator(); - while (enumerator.MoveNext()) - { - IPermission tempPerm = CreatePerm( (SecurityElement)enumerator.Current, ignoreTypeLoadFailures); - - if (finalPerm != null) - finalPerm = finalPerm.Intersect( tempPerm ); - else - finalPerm = tempPerm; - - if (finalPerm == null) - return null; - } - break; - - case s_str_PermissionUnrestrictedUnion: - enumerator = el.Children.GetEnumerator(); - bool first = true; - while (enumerator.MoveNext()) - { - IPermission tempPerm = CreatePerm( (SecurityElement)enumerator.Current, ignoreTypeLoadFailures ); - - if (tempPerm == null) - continue; - - PermissionToken token = PermissionToken.GetToken( tempPerm ); - - Contract.Assert( (token.m_type & PermissionTokenType.DontKnow) == 0, "We should know the permission type already" ); - - if ((token.m_type & PermissionTokenType.IUnrestricted) != 0) - { - finalPerm = XMLUtil.CreatePermission( GetPermissionElement((SecurityElement)enumerator.Current), PermissionState.Unrestricted, ignoreTypeLoadFailures ); - first = false; - break; - } - else - { - Contract.Assert( tempPerm != null, "We should only come here if we have a real permission" ); - if (first) - finalPerm = tempPerm; - else - finalPerm = tempPerm.Union( finalPerm ); - first = false; - } - } - break; - - case s_str_PermissionUnrestrictedIntersection: - enumerator = el.Children.GetEnumerator(); - while (enumerator.MoveNext()) - { - IPermission tempPerm = CreatePerm( (SecurityElement)enumerator.Current, ignoreTypeLoadFailures ); - - if (tempPerm == null) - return null; - - PermissionToken token = PermissionToken.GetToken( tempPerm ); - - Contract.Assert( (token.m_type & PermissionTokenType.DontKnow) == 0, "We should know the permission type already" ); - - if ((token.m_type & PermissionTokenType.IUnrestricted) != 0) - { - if (finalPerm != null) - finalPerm = tempPerm.Intersect( finalPerm ); - else - finalPerm = tempPerm; - } - else - { - finalPerm = null; - } - - if (finalPerm == null) - return null; - } - break; - - case "IPermission": - case "Permission": - finalPerm = el.ToPermission(ignoreTypeLoadFailures); - break; - - default: - Contract.Assert( false, "Unrecognized case found during permission creation" ); - break; - } - - return finalPerm; - } - - internal IPermission CreatePermission(Object obj, int index) - { - IPermission perm = CreatePerm(obj); - if(perm == null) - return null; - - // See if the PermissionSet.m_Unrestricted flag covers this permission - if(m_Unrestricted) - perm = null; - - // Store the decoded result - CheckSet(); - m_permSet.SetItem(index, perm); - - // Do some consistency checks - Contract.Assert(perm == null || PermissionToken.IsTokenProperlyAssigned( perm, PermissionToken.GetToken( perm ) ), "PermissionToken was improperly assigned"); - if (perm != null) - { - PermissionToken permToken = PermissionToken.GetToken(perm); - if (permToken != null && permToken.m_index != index) - throw new ArgumentException( Environment.GetResourceString( "Argument_UnableToGeneratePermissionSet")); - } - - - return perm; - } - - private static SecurityElement GetPermissionElement( SecurityElement el ) - { - switch (el.Tag) - { - case "IPermission": - case "Permission": - return el; - } - IEnumerator enumerator = el.Children.GetEnumerator(); - if (enumerator.MoveNext()) - return GetPermissionElement((SecurityElement)enumerator.Current); - Contract.Assert( false, "No Permission or IPermission tag found" ); - return null; - } - - internal static SecurityElement CreateEmptyPermissionSetXml() - { - - SecurityElement elTrunk = new SecurityElement("PermissionSet"); - elTrunk.AddAttribute( "class", "System.Security.PermissionSet" ); - - elTrunk.AddAttribute( "version", "1" ); - return elTrunk; - - } - // internal helper which takes in the hardcoded permission name to avoid lookup at runtime - // can be called from classes that derive from PermissionSet - internal SecurityElement ToXml(String permName) - { - SecurityElement elTrunk = new SecurityElement("PermissionSet"); - elTrunk.AddAttribute( "class", permName ); - - elTrunk.AddAttribute( "version", "1" ); - - PermissionSetEnumeratorInternal enumerator = new PermissionSetEnumeratorInternal(this); - - if (m_Unrestricted) - { - elTrunk.AddAttribute(s_str_Unrestricted, "true" ); - } - - while (enumerator.MoveNext()) - { - IPermission perm = (IPermission)enumerator.Current; - - if (!m_Unrestricted) - elTrunk.AddChild( perm.ToXml() ); - } - return elTrunk; - } - - internal SecurityElement InternalToXml() - { - SecurityElement elTrunk = new SecurityElement("PermissionSet"); - elTrunk.AddAttribute( "class", this.GetType().FullName); - elTrunk.AddAttribute( "version", "1" ); - - if (m_Unrestricted) - { - elTrunk.AddAttribute(s_str_Unrestricted, "true" ); - } - - if (this.m_permSet != null) - { - int maxIndex = this.m_permSet.GetMaxUsedIndex(); - - for (int i = m_permSet.GetStartingIndex(); i <= maxIndex; ++i) - { - Object obj = this.m_permSet.GetItem( i ); - if (obj != null) - { - if (obj is IPermission) - { - if (!m_Unrestricted) - elTrunk.AddChild( ((IPermission)obj).ToXml() ); - } - else - { - elTrunk.AddChild( (SecurityElement)obj ); - } - } - - } - } - return elTrunk ; - } - - public virtual SecurityElement ToXml() - { - // If you hit this assert then most likely you are trying to change the name of this class. - // This is ok as long as you change the hard coded string above and change the assert below. - Contract.Assert( this.GetType().FullName.Equals( "System.Security.PermissionSet" ), "Class name changed! Was: System.Security.PermissionSet Should be:" + this.GetType().FullName); - - return ToXml("System.Security.PermissionSet"); - } -#endif // FEATURE_CAS_POLICY - -#if FEATURE_CAS_POLICY && FEATURE_SERIALIZATION - internal - byte[] EncodeXml() - { - MemoryStream ms = new MemoryStream(); - BinaryWriter writer = new BinaryWriter( ms, Encoding.Unicode ); - writer.Write( this.ToXml().ToString() ); - writer.Flush(); - - // The BinaryWriter is going to place - // two bytes indicating a Unicode stream. - // We want to chop those off before returning - // the bytes out. - - ms.Position = 2; - int countBytes = (int)ms.Length - 2; - byte[] retval = new byte[countBytes]; - ms.Read( retval, 0, retval.Length ); - return retval; - } - - /// <internalonly/> - [Obsolete("This method is obsolete and shoud no longer be used.")] - public static byte[] ConvertPermissionSet(String inFormat, byte[] inData, String outFormat) - { - // Since this method has shipped and is public, we cannot remove it without being a breaking change - throw new NotImplementedException(); - } -#endif - // Determines whether the permission set contains any non-code access // security permissions. - #if FEATURE_CORECLR - [System.Security.SecurityCritical] // auto-generated - #endif public bool ContainsNonCodeAccessPermissions() { if (m_CheckedForNonCas) @@ -2324,59 +1354,11 @@ namespace System.Security { return pset; } -#if FEATURE_CAS_POLICY - private const String s_str_PermissionSet = "PermissionSet"; - private const String s_str_Permission = "Permission"; - private const String s_str_IPermission = "IPermission"; - private const String s_str_Unrestricted = "Unrestricted"; - private const String s_str_PermissionUnion = "PermissionUnion"; - private const String s_str_PermissionIntersection = "PermissionIntersection"; - private const String s_str_PermissionUnrestrictedUnion = "PermissionUnrestrictedUnion"; - private const String s_str_PermissionUnrestrictedIntersection = "PermissionUnrestrictedIntersection"; - - // This method supports v1.x security attrbutes only - we'll require legacy CAS policy mode - // to be enabled for that to work. -#pragma warning disable 618 - // Internal routine used to setup a special security context - // for creating and manipulated security custom attributes - // that we use when the Runtime is hosted. - [System.Security.SecurityCritical] // auto-generated - private static void SetupSecurity() - { - PolicyLevel level = PolicyLevel.CreateAppDomainLevel(); - - CodeGroup rootGroup = new UnionCodeGroup( new AllMembershipCondition(), level.GetNamedPermissionSet( "Execution" ) ); - - StrongNamePublicKeyBlob microsoftBlob = new StrongNamePublicKeyBlob( AssemblyRef.MicrosoftPublicKeyFull ); - CodeGroup microsoftGroup = new UnionCodeGroup( new StrongNameMembershipCondition( microsoftBlob, null, null ), level.GetNamedPermissionSet( "FullTrust" ) ); - - StrongNamePublicKeyBlob ecmaBlob = new StrongNamePublicKeyBlob( AssemblyRef.EcmaPublicKeyFull ); - CodeGroup ecmaGroup = new UnionCodeGroup( new StrongNameMembershipCondition( ecmaBlob, null, null ), level.GetNamedPermissionSet( "FullTrust" ) ); - - CodeGroup gacGroup = new UnionCodeGroup( new GacMembershipCondition(), level.GetNamedPermissionSet( "FullTrust" ) ); - - rootGroup.AddChild( microsoftGroup ); - rootGroup.AddChild( ecmaGroup ); - rootGroup.AddChild( gacGroup ); - - level.RootCodeGroup = rootGroup; - - try - { - AppDomain.CurrentDomain.SetAppDomainPolicy( level ); - } - catch (PolicyException) - { - } - } -#endif -#pragma warning restore 618 - // Internal routine used by CreateSerialized to add a permission to the set private static void MergePermission(IPermission perm, bool separateCasFromNonCas, ref PermissionSet casPset, ref PermissionSet nonCasPset) { - Contract.Assert(casPset == null || !casPset.IsReadOnly); - Contract.Assert(nonCasPset == null || !nonCasPset.IsReadOnly); + Debug.Assert(casPset == null || !casPset.IsReadOnly); + Debug.Assert(nonCasPset == null || !nonCasPset.IsReadOnly); if (perm == null) return; @@ -2402,9 +1384,6 @@ namespace System.Security { } // Converts an array of SecurityAttributes to a PermissionSet - #if FEATURE_CORECLR - [System.Security.SecurityCritical] // auto-generated - #endif private static byte[] CreateSerialized(Object[] attrs, bool serialize, ref byte[] nonCasBlob, @@ -2422,7 +1401,7 @@ namespace System.Security { for (int i = 0; i < attrs.Length; i++) { #pragma warning disable 618 - Contract.Assert(i == 0 || ((SecurityAttribute)attrs[i]).m_action == ((SecurityAttribute)attrs[i - 1]).m_action, "Mixed SecurityActions"); + Debug.Assert(i == 0 || ((SecurityAttribute)attrs[i]).m_action == ((SecurityAttribute)attrs[i - 1]).m_action, "Mixed SecurityActions"); #pragma warning restore 618 if (attrs[i] is PermissionSetAttribute) { @@ -2451,7 +1430,7 @@ namespace System.Security { MergePermission(perm, serialize, ref casPset, ref nonCasPset); } } - Contract.Assert(serialize || nonCasPset == null, "We shouldn't separate nonCAS permissions unless fSerialize is true"); + Debug.Assert(serialize || nonCasPset == null, "We shouldn't separate nonCAS permissions unless fSerialize is true"); // // Filter HostProtection permission. In the VM, some optimizations are done based upon these @@ -2475,22 +1454,8 @@ namespace System.Security { nonCasPset = null; } - // Serialize the set(s). - byte[] casBlob = null; - nonCasBlob = null; -#if FEATURE_CAS_POLICY - if(serialize) - { - if(casPset != null) - casBlob = casPset.EncodeXml(); - if(nonCasPset != null) - nonCasBlob = nonCasPset.EncodeXml(); - } -#else // FEATURE_CAS_POLICY - Contract.Assert(!serialize, "Cannot serialize permission sets on CoreCLR"); -#endif // FEATURE_CAS_POLICY - - return casBlob; + Debug.Assert(!serialize, "Cannot serialize permission sets on CoreCLR"); + return null; } #if FEATURE_SERIALIZATION @@ -2502,7 +1467,6 @@ namespace System.Security { } #endif - [System.Security.SecuritySafeCritical] // auto-generated [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable public static void RevertAssert() { @@ -2512,7 +1476,7 @@ namespace System.Security { internal static PermissionSet RemoveRefusedPermissionSet(PermissionSet assertSet, PermissionSet refusedSet, out bool bFailedToCompress) { - Contract.Assert((assertSet == null || !assertSet.IsUnrestricted()), "Cannot be unrestricted here"); + Debug.Assert((assertSet == null || !assertSet.IsUnrestricted()), "Cannot be unrestricted here"); PermissionSet retPs = null; bFailedToCompress = false; if (assertSet == null) @@ -2568,7 +1532,7 @@ namespace System.Security { internal static void RemoveAssertedPermissionSet(PermissionSet demandSet, PermissionSet assertSet, out PermissionSet alteredDemandSet) { - Contract.Assert(!assertSet.IsUnrestricted(), "Cannot call this function if assertSet is unrestricted"); + Debug.Assert(!assertSet.IsUnrestricted(), "Cannot call this function if assertSet is unrestricted"); alteredDemandSet = null; PermissionSetEnumeratorInternal enumerator = new PermissionSetEnumeratorInternal(demandSet); |