diff options
Diffstat (limited to 'src/mscorlib/src/System/Security/PermissionSetTriple.cs')
-rw-r--r-- | src/mscorlib/src/System/Security/PermissionSetTriple.cs | 270 |
1 files changed, 0 insertions, 270 deletions
diff --git a/src/mscorlib/src/System/Security/PermissionSetTriple.cs b/src/mscorlib/src/System/Security/PermissionSetTriple.cs deleted file mode 100644 index 56eb22996e..0000000000 --- a/src/mscorlib/src/System/Security/PermissionSetTriple.cs +++ /dev/null @@ -1,270 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -/*============================================================================= -** -** -** -** -** Purpose: Container class for holding an AppDomain's Grantset and Refused sets. -** Also used for CompressedStacks which brings in the third PermissionSet. -** Hence, the name PermissionSetTriple. -** -=============================================================================*/ - -namespace System.Security -{ - using IEnumerator = System.Collections.IEnumerator; - using System.Security; - using System.Security.Permissions; - using System.Runtime.InteropServices; - using System.Diagnostics; - using System.Diagnostics.Contracts; - - - [Serializable] - sealed internal class PermissionSetTriple - { - static private volatile PermissionToken s_zoneToken; - static private volatile PermissionToken s_urlToken; - internal PermissionSet AssertSet; - internal PermissionSet GrantSet; - internal PermissionSet RefusedSet; - internal PermissionSetTriple() - { - Reset(); - } - internal PermissionSetTriple(PermissionSetTriple triple) - { - this.AssertSet = triple.AssertSet; - this.GrantSet = triple.GrantSet; - this.RefusedSet = triple.RefusedSet; - } - internal void Reset() - { - AssertSet = null; - GrantSet = null; - RefusedSet = null; - } - internal bool IsEmpty() - { - return (AssertSet == null && GrantSet == null && RefusedSet == null); - } - - private PermissionToken ZoneToken - { - get - { - if (s_zoneToken == null) - s_zoneToken = PermissionToken.GetToken(typeof(ZoneIdentityPermission)); - return s_zoneToken; - } - } - private PermissionToken UrlToken - { - get - { - if (s_urlToken == null) - s_urlToken = PermissionToken.GetToken(typeof(UrlIdentityPermission)); - return s_urlToken; - } - } - internal bool Update(PermissionSetTriple psTriple, out PermissionSetTriple retTriple) - { - retTriple = null; - retTriple = UpdateAssert(psTriple.AssertSet); - // Special case: unrestricted assert. Note: dcs.Assert.IsUnrestricted => dcs.Grant.IsUnrestricted - if (psTriple.AssertSet != null && psTriple.AssertSet.IsUnrestricted()) - { - return true; // stop construction - } - UpdateGrant(psTriple.GrantSet); - UpdateRefused(psTriple.RefusedSet); - return false; - } - - internal PermissionSetTriple UpdateAssert(PermissionSet in_a) - { - PermissionSetTriple retTriple = null; - if (in_a != null) - { - Debug.Assert((!in_a.IsUnrestricted() || RefusedSet == null), "Cannot be unrestricted or refused must be null"); - // if we're already asserting in_a, nothing to do - if (in_a.IsSubsetOf(AssertSet)) - return null; - - PermissionSet retPs; - if (GrantSet != null) - retPs = in_a.Intersect(GrantSet); // Restrict the assert to what we've already been granted - else - { - GrantSet = new PermissionSet(true); - retPs = in_a.Copy(); // Currently unrestricted Grant: assert the whole assert set - } - bool bFailedToCompress = false; - // removes anything that is already in the refused set from the assert set - if (RefusedSet != null) - { - retPs = PermissionSet.RemoveRefusedPermissionSet(retPs, RefusedSet, out bFailedToCompress); - } - if (!bFailedToCompress) - bFailedToCompress = PermissionSet.IsIntersectingAssertedPermissions(retPs, AssertSet); - if (bFailedToCompress) - { - retTriple = new PermissionSetTriple(this); - this.Reset(); - this.GrantSet = retTriple.GrantSet.Copy(); - } - - if (AssertSet == null) - AssertSet = retPs; - else - AssertSet.InplaceUnion(retPs); - - } - return retTriple; - } - internal void UpdateGrant(PermissionSet in_g, out ZoneIdentityPermission z,out UrlIdentityPermission u) - { - z = null; - u = null; - if (in_g != null) - { - if (GrantSet == null) - GrantSet = in_g.Copy(); - else - GrantSet.InplaceIntersect(in_g); - - z = (ZoneIdentityPermission)in_g.GetPermission(ZoneToken); - u = (UrlIdentityPermission)in_g.GetPermission(UrlToken); - } - } - - internal void UpdateGrant(PermissionSet in_g) - { - if (in_g != null) - { - if (GrantSet == null) - GrantSet = in_g.Copy(); - else - GrantSet.InplaceIntersect(in_g); - } - } - internal void UpdateRefused(PermissionSet in_r) - { - if (in_r != null) - { - if (RefusedSet == null) - RefusedSet = in_r.Copy(); - else - RefusedSet.InplaceUnion(in_r); - } - } - - - static bool CheckAssert(PermissionSet pSet, CodeAccessPermission demand, PermissionToken permToken) - { - if (pSet != null) - { - pSet.CheckDecoded(demand, permToken); - - CodeAccessPermission perm = (CodeAccessPermission)pSet.GetPermission(demand); - - // If the assert set does contain the demanded permission, halt the stackwalk - - try - { - if (pSet.IsUnrestricted() || demand.CheckAssert(perm)) - { - return SecurityRuntime.StackHalt; - } - } - catch (ArgumentException) - { - } - } - return SecurityRuntime.StackContinue; - } - - static bool CheckAssert(PermissionSet assertPset, PermissionSet demandSet, out PermissionSet newDemandSet) - { - newDemandSet = null; - if (assertPset!= null) - { - assertPset.CheckDecoded(demandSet); - // If this frame asserts a superset of the demand set we're done - - if (demandSet.CheckAssertion(assertPset)) - return SecurityRuntime.StackHalt; - PermissionSet.RemoveAssertedPermissionSet(demandSet, assertPset, out newDemandSet); - } - return SecurityRuntime.StackContinue; - } - - - internal bool CheckDemand(CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandleInternal rmh) - { - if (CheckAssert(AssertSet, demand, permToken) == SecurityRuntime.StackHalt) - return SecurityRuntime.StackHalt; - -#pragma warning disable 618 - CodeAccessSecurityEngine.CheckHelper(GrantSet, RefusedSet, demand, permToken, rmh, null, SecurityAction.Demand, true); -#pragma warning restore 618 - - return SecurityRuntime.StackContinue; - } - internal bool CheckSetDemand(PermissionSet demandSet , out PermissionSet alteredDemandset, RuntimeMethodHandleInternal rmh) - { - alteredDemandset = null; - - if (CheckAssert(AssertSet, demandSet, out alteredDemandset) == SecurityRuntime.StackHalt) - return SecurityRuntime.StackHalt; - if (alteredDemandset != null) - demandSet = alteredDemandset; // note that this does not modify demandSet external to this function. -#pragma warning disable 618 - CodeAccessSecurityEngine.CheckSetHelper(GrantSet, RefusedSet, demandSet, rmh, null, SecurityAction.Demand, true); -#pragma warning restore 618 - - return SecurityRuntime.StackContinue; - - } - - internal bool CheckDemandNoThrow(CodeAccessPermission demand, PermissionToken permToken) - { - Debug.Assert(AssertSet == null, "AssertSet not null"); -#pragma warning disable 618 - return CodeAccessSecurityEngine.CheckHelper(GrantSet, RefusedSet, demand, permToken, RuntimeMethodHandleInternal.EmptyHandle, null, SecurityAction.Demand, false); -#pragma warning restore 618 - } - internal bool CheckSetDemandNoThrow(PermissionSet demandSet) - { - Debug.Assert(AssertSet == null, "AssertSet not null"); - -#pragma warning disable 618 - return CodeAccessSecurityEngine.CheckSetHelper(GrantSet, RefusedSet, demandSet, RuntimeMethodHandleInternal.EmptyHandle, null, SecurityAction.Demand, false); -#pragma warning restore 618 - } - /// <summary> - /// Check to see if the triple satisfies a demand for the permission represented by the flag. - /// </summary> - /// <remarks> - /// If the triple asserts for one of the bits in the flags, it is zeroed out. - /// </remarks> - /// <param name="flags">set of flags to check (See PermissionType)</param> - internal bool CheckFlags(ref int flags) - { - if (AssertSet != null) - { - // remove any permissions which were asserted for - int assertFlags = SecurityManager.GetSpecialFlags(AssertSet, null); - if ((flags & assertFlags) != 0) - flags = flags & ~assertFlags; - } - - return (SecurityManager.GetSpecialFlags(GrantSet, RefusedSet) & flags) == flags; - } - } -} - - |