diff options
Diffstat (limited to 'src/mscorlib/src/System/Security/Permissions/FileIOPermission.cs')
-rw-r--r-- | src/mscorlib/src/System/Security/Permissions/FileIOPermission.cs | 304 |
1 files changed, 21 insertions, 283 deletions
diff --git a/src/mscorlib/src/System/Security/Permissions/FileIOPermission.cs b/src/mscorlib/src/System/Security/Permissions/FileIOPermission.cs index b4d4141f82..34b9f1ef80 100644 --- a/src/mscorlib/src/System/Security/Permissions/FileIOPermission.cs +++ b/src/mscorlib/src/System/Security/Permissions/FileIOPermission.cs @@ -2,13 +2,11 @@ // The .NET Foundation licenses this file to you under the MIT license. // See the LICENSE file in the project root for more information. -namespace System.Security.Permissions { +namespace System.Security.Permissions +{ using System; using System.Runtime.CompilerServices; using System.Runtime.InteropServices; -#if FEATURE_CAS_POLICY - using SecurityElement = System.Security.SecurityElement; -#endif // FEATURE_CAS_POLICY using System.Security.AccessControl; using System.Security.Util; using System.IO; @@ -16,11 +14,12 @@ namespace System.Security.Permissions { using System.Globalization; using System.Runtime.Serialization; using System.Runtime.Versioning; + using System.Diagnostics; using System.Diagnostics.Contracts; -[Serializable] + [Serializable] [Flags] -[System.Runtime.InteropServices.ComVisible(true)] + [System.Runtime.InteropServices.ComVisible(true)] public enum FileIOPermissionAccess { NoAccess = 0x00, @@ -30,9 +29,8 @@ namespace System.Security.Permissions { PathDiscovery = 0x08, AllAccess = 0x0F, } - - -[System.Runtime.InteropServices.ComVisible(true)] + + [System.Runtime.InteropServices.ComVisible(true)] [Serializable] sealed public class FileIOPermission : CodeAccessPermission, IUnrestrictedPermission, IBuiltInPermission { @@ -62,7 +60,6 @@ namespace System.Security.Permissions { } } - [System.Security.SecuritySafeCritical] // auto-generated public FileIOPermission( FileIOPermissionAccess access, String path ) { VerifyAccess( access ); @@ -71,7 +68,6 @@ namespace System.Security.Permissions { AddPathList( access, pathList, false, true, false ); } - [System.Security.SecuritySafeCritical] // auto-generated public FileIOPermission( FileIOPermissionAccess access, String[] pathList ) { VerifyAccess( access ); @@ -79,24 +75,6 @@ namespace System.Security.Permissions { AddPathList( access, pathList, false, true, false ); } -#if FEATURE_MACL - [System.Security.SecuritySafeCritical] // auto-generated - public FileIOPermission( FileIOPermissionAccess access, AccessControlActions control, String path ) - { - VerifyAccess( access ); - - String[] pathList = new String[] { path }; - AddPathList( access, control, pathList, false, true, false ); - } - - [System.Security.SecuritySafeCritical] // auto-generated - public FileIOPermission( FileIOPermissionAccess access, AccessControlActions control, String[] pathList ) - : this( access, control, pathList, true, true ) - { - } -#endif - - [System.Security.SecurityCritical] // auto-generated internal FileIOPermission( FileIOPermissionAccess access, String[] pathList, bool checkForDuplicates, bool needFullPath ) { VerifyAccess( access ); @@ -104,16 +82,6 @@ namespace System.Security.Permissions { AddPathList( access, pathList, checkForDuplicates, needFullPath, true ); } -#if FEATURE_MACL - [System.Security.SecurityCritical] // auto-generated - internal FileIOPermission( FileIOPermissionAccess access, AccessControlActions control, String[] pathList, bool checkForDuplicates, bool needFullPath ) - { - VerifyAccess( access ); - - AddPathList( access, control, pathList, checkForDuplicates, needFullPath, true ); - } -#endif - public void SetPathList( FileIOPermissionAccess access, String path ) { String[] pathList; @@ -135,7 +103,6 @@ namespace System.Security.Permissions { SetPathList( access, AccessControlActions.None, pathList, checkForDuplicates ); } - [System.Security.SecuritySafeCritical] // auto-generated internal void SetPathList( FileIOPermissionAccess access, AccessControlActions control, String[] pathList, bool checkForDuplicates ) { VerifyAccess( access ); @@ -152,26 +119,13 @@ namespace System.Security.Permissions { if ((access & FileIOPermissionAccess.PathDiscovery) != 0) m_pathDiscovery = null; -#if FEATURE_MACL - if ((control & AccessControlActions.View) != 0) - m_viewAcl = null; - - if ((control & AccessControlActions.Change) != 0) - m_changeAcl = null; -#else m_viewAcl = null; m_changeAcl = null; -#endif - m_unrestricted = false; -#if FEATURE_MACL - AddPathList( access, control, pathList, checkForDuplicates, true, true ); -#else + AddPathList( access, pathList, checkForDuplicates, true, true ); -#endif } - [System.Security.SecuritySafeCritical] // auto-generated public void AddPathList( FileIOPermissionAccess access, String path ) { String[] pathList; @@ -182,19 +136,16 @@ namespace System.Security.Permissions { AddPathList( access, pathList, false, true, false ); } - [System.Security.SecuritySafeCritical] // auto-generated public void AddPathList( FileIOPermissionAccess access, String[] pathList ) { AddPathList( access, pathList, true, true, true ); } - [System.Security.SecurityCritical] // auto-generated internal void AddPathList( FileIOPermissionAccess access, String[] pathListOrig, bool checkForDuplicates, bool needFullPath, bool copyPathList ) { AddPathList( access, AccessControlActions.None, pathListOrig, checkForDuplicates, needFullPath, copyPathList ); } - [System.Security.SecurityCritical] // auto-generated internal void AddPathList(FileIOPermissionAccess access, AccessControlActions control, String[] pathListOrig, bool checkForDuplicates, bool needFullPath, bool copyPathList) { if (pathListOrig == null) @@ -267,29 +218,8 @@ namespace System.Security.Permissions { } m_pathDiscovery.AddExpressions( pathArrayList, checkForDuplicates); } - -#if FEATURE_MACL - if ((control & AccessControlActions.View) != 0) - { - if (m_viewAcl == null) - { - m_viewAcl = new FileIOAccess(); - } - m_viewAcl.AddExpressions( pathArrayList, checkForDuplicates); - } - - if ((control & AccessControlActions.Change) != 0) - { - if (m_changeAcl == null) - { - m_changeAcl = new FileIOAccess(); - } - m_changeAcl.AddExpressions( pathArrayList, checkForDuplicates); - } -#endif } - - [SecuritySafeCritical] + public String[] GetPathList( FileIOPermissionAccess access ) { VerifyAccess( access ); @@ -335,7 +265,6 @@ namespace System.Security.Permissions { return null; } - public FileIOPermissionAccess AllLocalFiles { @@ -558,7 +487,7 @@ namespace System.Security.Permissions { throw new ArgumentException(Environment.GetResourceString("Argument_InvalidPathChars")); if (!onlyCheckExtras) - Path.CheckInvalidPathChars(str[i]); + PathInternal.CheckInvalidPathChars(str[i]); } #else // There are no "extras" on Unix @@ -567,7 +496,7 @@ namespace System.Security.Permissions { for (int i = 0; i < str.Length; ++i) { - Path.CheckInvalidPathChars(str[i]); + PathInternal.CheckInvalidPathChars(str[i]); } #endif } @@ -785,123 +714,6 @@ namespace System.Security.Permissions { } return copy; } - -#if FEATURE_CAS_POLICY - public override SecurityElement ToXml() - { - SecurityElement esd = CodeAccessPermission.CreatePermissionElement( this, "System.Security.Permissions.FileIOPermission" ); - if (!IsUnrestricted()) - { - if (this.m_read != null && !this.m_read.IsEmpty()) - { - esd.AddAttribute( "Read", SecurityElement.Escape( m_read.ToString() ) ); - } - if (this.m_write != null && !this.m_write.IsEmpty()) - { - esd.AddAttribute( "Write", SecurityElement.Escape( m_write.ToString() ) ); - } - if (this.m_append != null && !this.m_append.IsEmpty()) - { - esd.AddAttribute( "Append", SecurityElement.Escape( m_append.ToString() ) ); - } - if (this.m_pathDiscovery != null && !this.m_pathDiscovery.IsEmpty()) - { - esd.AddAttribute( "PathDiscovery", SecurityElement.Escape( m_pathDiscovery.ToString() ) ); - } - if (this.m_viewAcl != null && !this.m_viewAcl.IsEmpty()) - { - esd.AddAttribute( "ViewAcl", SecurityElement.Escape( m_viewAcl.ToString() ) ); - } - if (this.m_changeAcl != null && !this.m_changeAcl.IsEmpty()) - { - esd.AddAttribute( "ChangeAcl", SecurityElement.Escape( m_changeAcl.ToString() ) ); - } - - } - else - { - esd.AddAttribute( "Unrestricted", "true" ); - } - return esd; - } - - [System.Security.SecuritySafeCritical] // auto-generated - public override void FromXml(SecurityElement esd) - { - CodeAccessPermission.ValidateElement( esd, this ); - String et; - - if (XMLUtil.IsUnrestricted(esd)) - { - m_unrestricted = true; - return; - } - - - m_unrestricted = false; - - et = esd.Attribute( "Read" ); - if (et != null) - { - m_read = new FileIOAccess( et ); - } - else - { - m_read = null; - } - - et = esd.Attribute( "Write" ); - if (et != null) - { - m_write = new FileIOAccess( et ); - } - else - { - m_write = null; - } - - et = esd.Attribute( "Append" ); - if (et != null) - { - m_append = new FileIOAccess( et ); - } - else - { - m_append = null; - } - - et = esd.Attribute( "PathDiscovery" ); - if (et != null) - { - m_pathDiscovery = new FileIOAccess( et ); - m_pathDiscovery.PathDiscovery = true; - } - else - { - m_pathDiscovery = null; - } - - et = esd.Attribute( "ViewAcl" ); - if (et != null) - { - m_viewAcl = new FileIOAccess( et ); - } - else - { - m_viewAcl = null; - } - - et = esd.Attribute( "ChangeAcl" ); - if (et != null) - { - m_changeAcl = new FileIOAccess( et ); - } - else - { - m_changeAcl = null; - } - } -#endif // FEATURE_CAS_POLICY /// <internalonly/> int IBuiltInPermission.GetTokenIndex() @@ -993,19 +805,9 @@ namespace System.Security.Permissions { /// /// IMPORTANT: This method should only be used after calling GetFullPath on the path to verify /// </summary> - [System.Security.SecuritySafeCritical] internal static void QuickDemand(FileIOPermissionAccess access, string fullPath, bool checkForDuplicates = false, bool needFullPath = false) { -#if FEATURE_CAS_POLICY - if (!CodeAccessSecurityEngine.QuickCheckForAllDemands()) - { - new FileIOPermission(access, new string[] { fullPath }, checkForDuplicates, needFullPath).Demand(); - } - else -#endif - { - EmulateFileIOPermissionChecks(fullPath); - } + EmulateFileIOPermissionChecks(fullPath); } /// <summary> @@ -1018,67 +820,19 @@ namespace System.Security.Permissions { /// IMPORTANT: This method should only be used after calling GetFullPath on the path to verify /// /// </summary> - [System.Security.SecuritySafeCritical] internal static void QuickDemand(FileIOPermissionAccess access, string[] fullPathList, bool checkForDuplicates = false, bool needFullPath = true) { -#if FEATURE_CAS_POLICY - if (!CodeAccessSecurityEngine.QuickCheckForAllDemands()) - { - new FileIOPermission(access, fullPathList, checkForDuplicates, needFullPath).Demand(); - } - else -#endif + foreach (string fullPath in fullPathList) { - foreach (string fullPath in fullPathList) - { - EmulateFileIOPermissionChecks(fullPath); - } + EmulateFileIOPermissionChecks(fullPath); } } - [System.Security.SecuritySafeCritical] internal static void QuickDemand(PermissionState state) { // Should be a no-op without CAS -#if FEATURE_CAS_POLICY - if (!CodeAccessSecurityEngine.QuickCheckForAllDemands()) - { - new FileIOPermission(state).Demand(); - } -#endif - } - -#if FEATURE_MACL - [System.Security.SecuritySafeCritical] - internal static void QuickDemand(FileIOPermissionAccess access, AccessControlActions control, string fullPath, bool checkForDuplicates = false, bool needFullPath = true) - { - if (!CodeAccessSecurityEngine.QuickCheckForAllDemands()) - { - new FileIOPermission(access, control, new string[] { fullPath }, checkForDuplicates, needFullPath).Demand(); - } - else - { - EmulateFileIOPermissionChecks(fullPath); - } } - [System.Security.SecuritySafeCritical] - internal static void QuickDemand(FileIOPermissionAccess access, AccessControlActions control, string[] fullPathList, bool checkForDuplicates = true, bool needFullPath = true) - { - if (!CodeAccessSecurityEngine.QuickCheckForAllDemands()) - { - new FileIOPermission(access, control, fullPathList, checkForDuplicates, needFullPath).Demand(); - } - else - { - foreach (string fullPath in fullPathList) - { - EmulateFileIOPermissionChecks(fullPath); - } - } - } -#endif - /// <summary> /// Perform the additional path checks that would normally happen when creating a FileIOPermission object. /// </summary> @@ -1088,18 +842,10 @@ namespace System.Security.Permissions { // Callers should have already made checks for invalid path format via normalization. This method will only make the // additional checks needed to throw the same exceptions that would normally throw when using FileIOPermission. // These checks are done via CheckIllegalCharacters() and StringExpressionSet in AddPathList() above. - // - // We have to check the beginning as some paths may be passed in as path + @"\.", which will be normalized away. - BCLDebug.Assert( - fullPath.StartsWith(Path.NormalizePath(fullPath, fullCheck: false), StringComparison.OrdinalIgnoreCase), - string.Format("path isn't normalized: {0}", fullPath)); +#if !PLATFORM_UNIX // Checking for colon / invalid characters on device paths blocks legitimate access to objects such as named pipes. - if ( -#if FEATURE_PATHCOMPAT - AppContextSwitches.UseLegacyPathHandling || -#endif - !PathInternal.IsDevice(fullPath)) + if (!PathInternal.IsDevice(fullPath)) { // GetFullPath already checks normal invalid path characters. We need to just check additional (wildcard) characters here. // (By calling the standard helper we can allow extended paths \\?\ through when the support is enabled.) @@ -1113,6 +859,7 @@ namespace System.Security.Permissions { throw new NotSupportedException(Environment.GetResourceString("Argument_PathFormatNotSupported")); } } +#endif // !PLATFORM_UNIX } } @@ -1149,7 +896,6 @@ namespace System.Security.Permissions { m_pathDiscovery = pathDiscovery; } - [System.Security.SecurityCritical] // auto-generated public FileIOAccess( String value ) { if (value == null) @@ -1204,7 +950,6 @@ namespace System.Security.Permissions { m_pathDiscovery = operand.m_pathDiscovery; } - [System.Security.SecurityCritical] // auto-generated public void AddExpressions(ArrayList values, bool checkForDuplicates) { m_allFiles = false; @@ -1255,7 +1000,6 @@ namespace System.Security.Permissions { return new FileIOAccess( this ); } - [System.Security.SecuritySafeCritical] // auto-generated public FileIOAccess Union( FileIOAccess operand ) { if (operand == null) @@ -1263,7 +1007,7 @@ namespace System.Security.Permissions { return this.IsEmpty() ? null : this.Copy(); } - Contract.Assert( this.m_pathDiscovery == operand.m_pathDiscovery, "Path discovery settings must match" ); + Debug.Assert( this.m_pathDiscovery == operand.m_pathDiscovery, "Path discovery settings must match" ); if (this.m_allFiles || operand.m_allFiles) { @@ -1273,7 +1017,6 @@ namespace System.Security.Permissions { return new FileIOAccess( this.m_set.Union( operand.m_set ), false, this.m_allLocalFiles || operand.m_allLocalFiles, this.m_pathDiscovery ); } - [System.Security.SecuritySafeCritical] // auto-generated public FileIOAccess Intersect( FileIOAccess operand ) { if (operand == null) @@ -1281,7 +1024,7 @@ namespace System.Security.Permissions { return null; } - Contract.Assert( this.m_pathDiscovery == operand.m_pathDiscovery, "Path discovery settings must match" ); + Debug.Assert( this.m_pathDiscovery == operand.m_pathDiscovery, "Path discovery settings must match" ); if (this.m_allFiles) { @@ -1343,7 +1086,6 @@ namespace System.Security.Permissions { return new FileIOAccess( intersectionSet, false, this.m_allLocalFiles && operand.m_allLocalFiles, this.m_pathDiscovery ); } - [System.Security.SecuritySafeCritical] // auto-generated public bool IsSubsetOf( FileIOAccess operand ) { if (operand == null) @@ -1356,7 +1098,7 @@ namespace System.Security.Permissions { return true; } - Contract.Assert( this.m_pathDiscovery == operand.m_pathDiscovery, "Path discovery settings must match" ); + Debug.Assert( this.m_pathDiscovery == operand.m_pathDiscovery, "Path discovery settings must match" ); if (!((m_pathDiscovery && this.m_set.IsSubsetOfPathDiscovery( operand.m_set )) || this.m_set.IsSubsetOf( operand.m_set ))) { @@ -1400,7 +1142,6 @@ namespace System.Security.Permissions { } } - [SecuritySafeCritical] public override String ToString() { // SafeCritical: all string expression sets are constructed with the throwOnRelative bit set, so @@ -1429,7 +1170,6 @@ namespace System.Security.Permissions { } } - [SecuritySafeCritical] public String[] ToStringArray() { // SafeCritical: all string expression sets are constructed with the throwOnRelative bit set, so @@ -1437,18 +1177,16 @@ namespace System.Security.Permissions { return m_set.UnsafeToStringArray(); } - [System.Security.SecurityCritical] // auto-generated [DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode)] [SuppressUnmanagedCodeSecurity] internal static extern bool IsLocalDrive(String path); - [System.Security.SecuritySafeCritical] // auto-generated public override bool Equals(Object obj) { FileIOAccess operand = obj as FileIOAccess; if(operand == null) return (IsEmpty() && obj == null); - Contract.Assert( this.m_pathDiscovery == operand.m_pathDiscovery, "Path discovery settings must match" ); + Debug.Assert( this.m_pathDiscovery == operand.m_pathDiscovery, "Path discovery settings must match" ); if(m_pathDiscovery) { if(this.m_allFiles && operand.m_allFiles) |