diff options
Diffstat (limited to 'src/mscorlib/src/System/Security/Policy/PolicyStatement.cs')
-rw-r--r-- | src/mscorlib/src/System/Security/Policy/PolicyStatement.cs | 302 |
1 files changed, 4 insertions, 298 deletions
diff --git a/src/mscorlib/src/System/Security/Policy/PolicyStatement.cs b/src/mscorlib/src/System/Security/Policy/PolicyStatement.cs index 72c07d1246..9b58ece9f1 100644 --- a/src/mscorlib/src/System/Security/Policy/PolicyStatement.cs +++ b/src/mscorlib/src/System/Security/Policy/PolicyStatement.cs @@ -35,14 +35,6 @@ namespace System.Security.Policy { // The PermissionSet associated with this policy internal PermissionSet m_permSet; -#if FEATURE_CAS_POLICY - // Evidence which was not verified but which was required to generate this policy statement. - // This is not serialized, since once we serialize we lose the ability to verify the evidence, - // meaning that restoring this state is meaningless. - [NonSerialized] - private List<IDelayEvaluatedEvidence> m_dependentEvidence; -#endif - // The bitfield of inheritance properties associated with this policy internal PolicyStatementAttribute m_attributes; @@ -144,20 +136,13 @@ namespace System.Security.Policy { } } } - + public PolicyStatement Copy() { - PolicyStatement copy = new PolicyStatement(m_permSet, Attributes, true); // The PolicyStatement .ctor will copy the permission set -#if FEATURE_CAS_POLICY - if (HasDependentEvidence) - { - copy.m_dependentEvidence = new List<IDelayEvaluatedEvidence>(m_dependentEvidence); - } -#endif - - return copy; + // The PolicyStatement .ctor will copy the permission set + return new PolicyStatement(m_permSet, Attributes, true); } - + public String AttributeString { get @@ -199,44 +184,6 @@ namespace System.Security.Policy { return (flag & (int)m_attributes) != 0; } -#if FEATURE_CAS_POLICY - /// <summary> - /// Gets all of the delay evaluated evidence which needs to be verified before this policy can - /// be used. - /// </summary> - internal IEnumerable<IDelayEvaluatedEvidence> DependentEvidence - { - get - { - BCLDebug.Assert(HasDependentEvidence, "HasDependentEvidence"); - return m_dependentEvidence.AsReadOnly(); - } - } - - /// <summary> - /// Determine if this policy dependent upon the evaluation of any delay evaluated evidence - /// </summary> - internal bool HasDependentEvidence - { - get { return m_dependentEvidence != null && m_dependentEvidence.Count > 0; } - } - - /// <summary> - /// Add evidence which this policy statement is depending upon being verified to be valid. - /// </summary> - internal void AddDependentEvidence(IDelayEvaluatedEvidence dependentEvidence) - { - BCLDebug.Assert(dependentEvidence != null, "dependentEvidence != null"); - - if (m_dependentEvidence == null) - { - m_dependentEvidence = new List<IDelayEvaluatedEvidence>(); - } - - m_dependentEvidence.Add(dependentEvidence); - } -#endif - /// <summary> /// Union a child policy statement into this policy statement /// </summary> @@ -249,27 +196,6 @@ namespace System.Security.Policy { throw new PolicyException(Environment.GetResourceString( "Policy_MultipleExclusive" )); } -#if FEATURE_CAS_POLICY - // If our code group generated a grant set based upon unverified evidence, or it generated a grant - // set strictly less than that of a child group based upon unverified evidence, we need to keep - // track of any unverified evidence our child group has. - if (childPolicy.HasDependentEvidence) - { - bool childEvidenceNeedsVerification = m_permSet.IsSubsetOf(childPolicy.GetPermissionSetNoCopy()) && - !childPolicy.GetPermissionSetNoCopy().IsSubsetOf(m_permSet); - - if (HasDependentEvidence || childEvidenceNeedsVerification) - { - if (m_dependentEvidence == null) - { - m_dependentEvidence = new List<IDelayEvaluatedEvidence>(); - } - - m_dependentEvidence.AddRange(childPolicy.DependentEvidence); - } - } -#endif - // We need to merge together our grant set and attributes. The result of this merge is // dependent upon if we're merging a child marked exclusive or not. If the child is not // exclusive, we need to union in its grant set and or in its attributes. However, if the child @@ -287,226 +213,6 @@ namespace System.Security.Policy { } } -#if FEATURE_CAS_POLICY - - public SecurityElement ToXml() - { - return ToXml( null ); - } - - public void FromXml( SecurityElement et ) - { - FromXml( et, null ); - } - - public SecurityElement ToXml( PolicyLevel level ) - { - return ToXml( level, false ); - } - - internal SecurityElement ToXml( PolicyLevel level, bool useInternal ) - { - SecurityElement e = new SecurityElement( "PolicyStatement" ); - e.AddAttribute( "version", "1" ); - if (m_attributes != PolicyStatementAttribute.Nothing) - e.AddAttribute( "Attributes", XMLUtil.BitFieldEnumToString( typeof( PolicyStatementAttribute ), m_attributes ) ); - - lock (this) - { - if (m_permSet != null) - { - if (m_permSet is NamedPermissionSet) - { - // If the named permission set exists in the parent level of this - // policy struct, then just save the name of the permission set. - // Otherwise, serialize it like normal. - - NamedPermissionSet namedPermSet = (NamedPermissionSet)m_permSet; - if (level != null && level.GetNamedPermissionSet( namedPermSet.Name ) != null) - { - e.AddAttribute( "PermissionSetName", namedPermSet.Name ); - } - else - { - if (useInternal) - e.AddChild( namedPermSet.InternalToXml() ); - else - e.AddChild( namedPermSet.ToXml() ); - } - } - else - { - if (useInternal) - e.AddChild( m_permSet.InternalToXml() ); - else - e.AddChild( m_permSet.ToXml() ); - } - } - } - - return e; - } - - [System.Security.SecuritySafeCritical] // auto-generated - public void FromXml( SecurityElement et, PolicyLevel level ) - { - FromXml( et, level, false ); - } - - [System.Security.SecurityCritical] // auto-generated - internal void FromXml( SecurityElement et, PolicyLevel level, bool allowInternalOnly ) - { - if (et == null) - throw new ArgumentNullException( "et" ); - - if (!et.Tag.Equals( "PolicyStatement" )) - throw new ArgumentException( String.Format( CultureInfo.CurrentCulture, Environment.GetResourceString( "Argument_InvalidXMLElement" ), "PolicyStatement", this.GetType().FullName ) ); - Contract.EndContractBlock(); - - m_attributes = (PolicyStatementAttribute) 0; - - String strAttributes = et.Attribute( "Attributes" ); - - if (strAttributes != null) - m_attributes = (PolicyStatementAttribute)Enum.Parse( typeof( PolicyStatementAttribute ), strAttributes ); - - lock (this) - { - m_permSet = null; - - if (level != null) - { - String permSetName = et.Attribute( "PermissionSetName" ); - - if (permSetName != null) - { - m_permSet = level.GetNamedPermissionSetInternal( permSetName ); - - if (m_permSet == null) - m_permSet = new PermissionSet( PermissionState.None ); - } - } - - - if (m_permSet == null) - { - // There is no provided level, it is not a named permission set, or - // the named permission set doesn't exist in the provided level, - // so just create the class through reflection and decode normally. - - SecurityElement e = et.SearchForChildByTag( "PermissionSet" ); - - if (e != null) - { - String className = e.Attribute( "class" ); - - if (className != null && (className.Equals( "NamedPermissionSet" ) || - className.Equals( "System.Security.NamedPermissionSet" ))) - m_permSet = new NamedPermissionSet( "DefaultName", PermissionState.None ); - else - m_permSet = new PermissionSet( PermissionState.None ); - - try - { - m_permSet.FromXml( e, allowInternalOnly, true ); - } - catch - { - // ignore any exceptions from the decode process. - // Note: we go ahead and use the permission set anyway. This should be safe since - // the decode process should never give permission beyond what a proper decode would have - // given. - } - } - else - { - throw new ArgumentException( Environment.GetResourceString( "Argument_InvalidXML" ) ); - } - } - - if (m_permSet == null) - m_permSet = new PermissionSet( PermissionState.None ); - } - } - - - [System.Security.SecurityCritical] // auto-generated - internal void FromXml( SecurityDocument doc, int position, PolicyLevel level, bool allowInternalOnly ) - { - if (doc == null) - throw new ArgumentNullException( "doc" ); - Contract.EndContractBlock(); - - if (!doc.GetTagForElement( position ).Equals( "PolicyStatement" )) - throw new ArgumentException( String.Format( CultureInfo.CurrentCulture, Environment.GetResourceString( "Argument_InvalidXMLElement" ), "PolicyStatement", this.GetType().FullName ) ); - - m_attributes = (PolicyStatementAttribute) 0; - - String strAttributes = doc.GetAttributeForElement( position, "Attributes" ); - - if (strAttributes != null) - m_attributes = (PolicyStatementAttribute)Enum.Parse( typeof( PolicyStatementAttribute ), strAttributes ); - - lock (this) - { - m_permSet = null; - - if (level != null) - { - String permSetName = doc.GetAttributeForElement( position, "PermissionSetName" ); - - if (permSetName != null) - { - m_permSet = level.GetNamedPermissionSetInternal( permSetName ); - - if (m_permSet == null) - m_permSet = new PermissionSet( PermissionState.None ); - } - } - - - if (m_permSet == null) - { - // There is no provided level, it is not a named permission set, or - // the named permission set doesn't exist in the provided level, - // so just create the class through reflection and decode normally. - - ArrayList childPositions = doc.GetChildrenPositionForElement( position ); - int positionPermissionSet = -1; - - for (int i = 0; i < childPositions.Count; ++i) - { - if (doc.GetTagForElement( (int)childPositions[i] ).Equals( "PermissionSet" )) - { - positionPermissionSet = (int)childPositions[i]; - } - } - - if (positionPermissionSet != -1) - { - String className = doc.GetAttributeForElement( positionPermissionSet, "class" ); - - if (className != null && (className.Equals( "NamedPermissionSet" ) || - className.Equals( "System.Security.NamedPermissionSet" ))) - m_permSet = new NamedPermissionSet( "DefaultName", PermissionState.None ); - else - m_permSet = new PermissionSet( PermissionState.None ); - - m_permSet.FromXml( doc, positionPermissionSet, allowInternalOnly ); - } - else - { - throw new ArgumentException( Environment.GetResourceString( "Argument_InvalidXML" ) ); - } - } - - if (m_permSet == null) - m_permSet = new PermissionSet( PermissionState.None ); - } - } -#endif // FEATURE_CAS_POLICY - - [System.Runtime.InteropServices.ComVisible(false)] public override bool Equals( Object obj ) { |