diff options
Diffstat (limited to 'src/mscorlib/src/System/Security')
6 files changed, 21 insertions, 504 deletions
diff --git a/src/mscorlib/src/System/Security/Attributes.cs b/src/mscorlib/src/System/Security/Attributes.cs deleted file mode 100644 index f67a9f0ad1..0000000000 --- a/src/mscorlib/src/System/Security/Attributes.cs +++ /dev/null @@ -1,199 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -using System.Runtime.InteropServices; - -namespace System.Security -{ - // DynamicSecurityMethodAttribute: - // Indicates that calling the target method requires space for a security - // object to be allocated on the callers stack. This attribute is only ever - // set on certain security methods defined within mscorlib. - [AttributeUsage(AttributeTargets.Method, AllowMultiple = true, Inherited = false )] - sealed internal class DynamicSecurityMethodAttribute : System.Attribute - { - } - - // SuppressUnmanagedCodeSecurityAttribute: - // Indicates that the target P/Invoke method(s) should skip the per-call - // security checked for unmanaged code permission. - [AttributeUsage(AttributeTargets.Method | AttributeTargets.Class | AttributeTargets.Interface | AttributeTargets.Delegate, AllowMultiple = true, Inherited = false )] - sealed public class SuppressUnmanagedCodeSecurityAttribute : System.Attribute - { - } - - // UnverifiableCodeAttribute: - // Indicates that the target module contains unverifiable code. - [AttributeUsage(AttributeTargets.Module, AllowMultiple = true, Inherited = false )] - sealed public class UnverifiableCodeAttribute : System.Attribute - { - } - - // AllowPartiallyTrustedCallersAttribute: - // Indicates that the Assembly is secure and can be used by untrusted - // and semitrusted clients - // For v.1, this is valid only on Assemblies, but could be expanded to - // include Module, Method, class - [AttributeUsage(AttributeTargets.Assembly, AllowMultiple = false, Inherited = false )] - sealed public class AllowPartiallyTrustedCallersAttribute : System.Attribute - { - private PartialTrustVisibilityLevel _visibilityLevel; - public AllowPartiallyTrustedCallersAttribute () { } - - public PartialTrustVisibilityLevel PartialTrustVisibilityLevel - { - get { return _visibilityLevel; } - set { _visibilityLevel = value; } - } - } - - public enum PartialTrustVisibilityLevel - { - VisibleToAllHosts = 0, - NotVisibleByDefault = 1 - } - - [Obsolete("SecurityCriticalScope is only used for .NET 2.0 transparency compatibility.")] - public enum SecurityCriticalScope - { - Explicit = 0, - Everything = 0x1 - } - - // SecurityCriticalAttribute - // Indicates that the decorated code or assembly performs security critical operations (e.g. Assert, "unsafe", LinkDemand, etc.) - // The attribute can be placed on most targets, except on arguments/return values. - [AttributeUsage(AttributeTargets.Assembly | - AttributeTargets.Class | - AttributeTargets.Struct | - AttributeTargets.Enum | - AttributeTargets.Constructor | - AttributeTargets.Method | - AttributeTargets.Field | - AttributeTargets.Interface | - AttributeTargets.Delegate, - AllowMultiple = false, - Inherited = false )] - sealed public class SecurityCriticalAttribute : System.Attribute - { -#pragma warning disable 618 // We still use SecurityCriticalScope for v2 compat - - private SecurityCriticalScope _val; - - public SecurityCriticalAttribute () {} - - public SecurityCriticalAttribute(SecurityCriticalScope scope) - { - _val = scope; - } - - [Obsolete("SecurityCriticalScope is only used for .NET 2.0 transparency compatibility.")] - public SecurityCriticalScope Scope { - get { - return _val; - } - } - -#pragma warning restore 618 - } - - // SecurityTreatAsSafeAttribute: - // Indicates that the code may contain violations to the security critical rules (e.g. transitions from - // critical to non-public transparent, transparent to non-public critical, etc.), has been audited for - // security concerns and is considered security clean. - // At assembly-scope, all rule checks will be suppressed within the assembly and for calls made against the assembly. - // At type-scope, all rule checks will be suppressed for members within the type and for calls made against the type. - // At member level (e.g. field and method) the code will be treated as public - i.e. no rule checks for the members. - - [AttributeUsage(AttributeTargets.Assembly | - AttributeTargets.Class | - AttributeTargets.Struct | - AttributeTargets.Enum | - AttributeTargets.Constructor | - AttributeTargets.Method | - AttributeTargets.Field | - AttributeTargets.Interface | - AttributeTargets.Delegate, - AllowMultiple = false, - Inherited = false )] - [Obsolete("SecurityTreatAsSafe is only used for .NET 2.0 transparency compatibility. Please use the SecuritySafeCriticalAttribute instead.")] - sealed public class SecurityTreatAsSafeAttribute : System.Attribute - { - public SecurityTreatAsSafeAttribute () { } - } - - // SecuritySafeCriticalAttribute: - // Indicates that the code may contain violations to the security critical rules (e.g. transitions from - // critical to non-public transparent, transparent to non-public critical, etc.), has been audited for - // security concerns and is considered security clean. Also indicates that the code is considered SecurityCritical. - // The effect of this attribute is as if the code was marked [SecurityCritical][SecurityTreatAsSafe]. - // At assembly-scope, all rule checks will be suppressed within the assembly and for calls made against the assembly. - // At type-scope, all rule checks will be suppressed for members within the type and for calls made against the type. - // At member level (e.g. field and method) the code will be treated as public - i.e. no rule checks for the members. - - [AttributeUsage(AttributeTargets.Class | - AttributeTargets.Struct | - AttributeTargets.Enum | - AttributeTargets.Constructor | - AttributeTargets.Method | - AttributeTargets.Field | - AttributeTargets.Interface | - AttributeTargets.Delegate, - AllowMultiple = false, - Inherited = false )] - sealed public class SecuritySafeCriticalAttribute : System.Attribute - { - public SecuritySafeCriticalAttribute () { } - } - - // SecurityTransparentAttribute: - // Indicates the assembly contains only transparent code. - // Security critical actions will be restricted or converted into less critical actions. For example, - // Assert will be restricted, SuppressUnmanagedCode, LinkDemand, unsafe, and unverifiable code will be converted - // into Full-Demands. - - [AttributeUsage(AttributeTargets.Assembly, AllowMultiple = false, Inherited = false )] - sealed public class SecurityTransparentAttribute : System.Attribute - { - public SecurityTransparentAttribute () {} - } - - public enum SecurityRuleSet : byte - { - None = 0, - Level1 = 1, // v2.0 transparency model - Level2 = 2, // v4.0 transparency model - } - - // SecurityRulesAttribute - // - // Indicates which set of security rules an assembly was authored against, and therefore which set of - // rules the runtime should enforce on the assembly. For instance, an assembly marked with - // [SecurityRules(SecurityRuleSet.Level1)] will follow the v2.0 transparency rules, where transparent code - // can call a LinkDemand by converting it to a full demand, public critical methods are implicitly - // treat as safe, and the remainder of the v2.0 rules apply. - [AttributeUsage(AttributeTargets.Assembly, AllowMultiple = false)] - public sealed class SecurityRulesAttribute : Attribute - { - private SecurityRuleSet m_ruleSet; - private bool m_skipVerificationInFullTrust = false; - - public SecurityRulesAttribute(SecurityRuleSet ruleSet) - { - m_ruleSet = ruleSet; - } - - // Should fully trusted transparent code skip IL verification - public bool SkipVerificationInFullTrust - { - get { return m_skipVerificationInFullTrust; } - set { m_skipVerificationInFullTrust = value; } - } - - public SecurityRuleSet RuleSet - { - get { return m_ruleSet; } - } - } -} diff --git a/src/mscorlib/src/System/Security/DynamicSecurityMethodAttribute.cs b/src/mscorlib/src/System/Security/DynamicSecurityMethodAttribute.cs new file mode 100644 index 0000000000..83be902a2c --- /dev/null +++ b/src/mscorlib/src/System/Security/DynamicSecurityMethodAttribute.cs @@ -0,0 +1,21 @@ +// Licensed to the .NET Foundation under one or more agreements. +// The .NET Foundation licenses this file to you under the MIT license. +// See the LICENSE file in the project root for more information. + +using System.Runtime.InteropServices; + +namespace System.Security +{ + // DynamicSecurityMethodAttribute: + // All methods that use StackCrawlMark should be marked with this attribute. This attribute + // disables inlining of the calling method to allow stackwalking to find the exact caller. + // + // This attribute used to indicate that the target method requires space for a security object + // to be allocated on the callers stack. It is not used for this purpose anymore because of security + // stackwalks are not ever done in CoreCLR. + [AttributeUsage(AttributeTargets.Method | AttributeTargets.Constructor, AllowMultiple = true, Inherited = false)] + internal sealed class DynamicSecurityMethodAttribute : Attribute + { + public DynamicSecurityMethodAttribute() { } + } +} diff --git a/src/mscorlib/src/System/Security/SecurityException.cs b/src/mscorlib/src/System/Security/SecurityException.cs deleted file mode 100644 index 8811be82ff..0000000000 --- a/src/mscorlib/src/System/Security/SecurityException.cs +++ /dev/null @@ -1,110 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -/*============================================================================= -** -** -** -** -** -** Purpose: Exception class for security -** -** -=============================================================================*/ - -namespace System.Security -{ - using System.Security; - using System; - using System.Runtime.Serialization; - using System.Reflection; - using System.Text; - using System.Security.Policy; - using System.IO; - using System.Globalization; - using System.Diagnostics.Contracts; - - [Serializable] - public class SecurityException : SystemException - { - internal static string GetResString(string sResourceName) - { - return Environment.GetResourceString(sResourceName); - } - -#pragma warning disable 618 - internal static Exception MakeSecurityException(AssemblyName asmName, Evidence asmEvidence, RuntimeMethodHandleInternal rmh, Object demand) -#pragma warning restore 618 - { - return new SecurityException(GetResString("Arg_SecurityException")); - } - - public SecurityException() - : base(GetResString("Arg_SecurityException")) - { - SetErrorCode(System.__HResults.COR_E_SECURITY); - } - - public SecurityException(String message) - : base(message) - { - // This is the constructor that gets called if you Assert but don't have permission to Assert. (So don't assert in here.) - SetErrorCode(System.__HResults.COR_E_SECURITY); - } - - public SecurityException(String message, Exception inner) - : base(message, inner) - { - SetErrorCode(System.__HResults.COR_E_SECURITY); - } - - protected SecurityException(SerializationInfo info, StreamingContext context) : base(info, context) - { - if (info == null) - throw new ArgumentNullException(nameof(info)); - Contract.EndContractBlock(); - } - - public override String ToString() - { - return base.ToString(); - } - - public override void GetObjectData(SerializationInfo info, StreamingContext context) - { - if (info == null) - throw new ArgumentNullException(nameof(info)); - Contract.EndContractBlock(); - - base.GetObjectData(info, context); - } - - // Stubs for surface area compatibility only - public SecurityException(String message, Type type) - : base(message) - { - SetErrorCode(System.__HResults.COR_E_SECURITY); - PermissionType = type; - } - - public SecurityException(string message, System.Type type, string state) - : base(message) - { - SetErrorCode(System.__HResults.COR_E_SECURITY); - PermissionType = type; - PermissionState = state; - } - - public object Demanded { get; set; } - public object DenySetInstance { get; set; } - public System.Reflection.AssemblyName FailedAssemblyInfo { get; set; } - public string GrantedSet { get; set; } - public System.Reflection.MethodInfo Method { get; set; } - public string PermissionState { get; set; } - public System.Type PermissionType { get; set; } - public object PermitOnlySetInstance { get; set; } - public string RefusedSet { get; set; } - public string Url { get; set; } - } -} diff --git a/src/mscorlib/src/System/Security/SecurityState.cs b/src/mscorlib/src/System/Security/SecurityState.cs deleted file mode 100644 index 55dcce07c0..0000000000 --- a/src/mscorlib/src/System/Security/SecurityState.cs +++ /dev/null @@ -1,25 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. -using System; -using System.Security; - -namespace System.Security -{ - public abstract class SecurityState - { - protected SecurityState(){} - - public bool IsStateAvailable() - { - AppDomainManager domainManager = AppDomainManager.CurrentAppDomainManager; - - // CheckSecuritySettings only when appdomainManager is present. So if there is no - // appDomain Manager return true as by default coreclr runs in fulltrust. - return domainManager != null ? domainManager.CheckSecuritySettings(this) : true; - } - // override this function and throw the appropriate - public abstract void EnsureState(); - } - -} diff --git a/src/mscorlib/src/System/Security/Util/URLString.cs b/src/mscorlib/src/System/Security/Util/URLString.cs deleted file mode 100644 index 4ec353876a..0000000000 --- a/src/mscorlib/src/System/Security/Util/URLString.cs +++ /dev/null @@ -1,138 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -// URLString -// -// -// Implementation of membership condition for zones -// - -namespace System.Security.Util { - - using System; - using System.Collections; - using System.Collections.Generic; - using System.Runtime.CompilerServices; - using System.Runtime.InteropServices; - using System.Runtime.Versioning; - using System.Runtime.Serialization; - using System.Globalization; - using System.Text; - using System.IO; - using System.Diagnostics.Contracts; - - internal static class URLString - { - internal static string PreProcessForExtendedPathRemoval(bool checkPathLength, string url, bool isFileUrl) - { - bool isUncShare = false; - return PreProcessForExtendedPathRemoval(checkPathLength: checkPathLength, url: url, isFileUrl: isFileUrl, isUncShare: ref isUncShare); - } - - // Keeping this signature to avoid reflection breaks - private static string PreProcessForExtendedPathRemoval(string url, bool isFileUrl, ref bool isUncShare) - { - return PreProcessForExtendedPathRemoval(checkPathLength: true, url: url, isFileUrl: isFileUrl, isUncShare: ref isUncShare); - } - - private static string PreProcessForExtendedPathRemoval(bool checkPathLength, string url, bool isFileUrl, ref bool isUncShare) - { - // This is the modified URL that we will return - StringBuilder modifiedUrl = new StringBuilder(url); - - // ITEM 1 - remove extended path characters. - { - // Keep track of where we are in both the comparison and altered strings. - int curCmpIdx = 0; - int curModIdx = 0; - - // If all the '\' have already been converted to '/', just check for //?/ or //./ - if ((url.Length - curCmpIdx) >= 4 && - (String.Compare(url, curCmpIdx, "//?/", 0, 4, StringComparison.OrdinalIgnoreCase) == 0 || - String.Compare(url, curCmpIdx, "//./", 0, 4, StringComparison.OrdinalIgnoreCase) == 0)) - { - modifiedUrl.Remove(curModIdx, 4); - curCmpIdx += 4; - } - else - { - if (isFileUrl) - { - // We need to handle an indefinite number of leading front slashes for file URLs since we could - // get something like: - // file://\\?\ - // file:/\\?\ - // file:\\?\ - // etc... - while (url[curCmpIdx] == '/') - { - curCmpIdx++; - curModIdx++; - } - } - - // Remove the extended path characters - if ((url.Length - curCmpIdx) >= 4 && - (String.Compare(url, curCmpIdx, "\\\\?\\", 0, 4, StringComparison.OrdinalIgnoreCase) == 0 || - String.Compare(url, curCmpIdx, "\\\\?/", 0, 4, StringComparison.OrdinalIgnoreCase) == 0 || - String.Compare(url, curCmpIdx, "\\\\.\\", 0, 4, StringComparison.OrdinalIgnoreCase) == 0 || - String.Compare(url, curCmpIdx, "\\\\./", 0, 4, StringComparison.OrdinalIgnoreCase) == 0)) - { - modifiedUrl.Remove(curModIdx, 4); - curCmpIdx += 4; - } - } - } - - // ITEM 2 - convert all slashes to forward slashes, and strip leading slashes. - if (isFileUrl) - { - int slashCount = 0; - bool seenFirstBackslash = false; - - while (slashCount < modifiedUrl.Length && (modifiedUrl[slashCount] == '/' || modifiedUrl[slashCount] == '\\')) - { - // Look for sets of consecutive backslashes. We can't just look for these at the start - // of the string, since file:// might come first. Instead, once we see the first \, look - // for a second one following it. - if (!seenFirstBackslash && modifiedUrl[slashCount] == '\\') - { - seenFirstBackslash = true; - if (slashCount + 1 < modifiedUrl.Length && modifiedUrl[slashCount + 1] == '\\') - isUncShare = true; - } - - slashCount++; - } - - modifiedUrl.Remove(0, slashCount); - modifiedUrl.Replace('\\', '/'); - } - - // ITEM 3 - If the path is greater than or equal (due to terminating NULL in windows) MAX_PATH, we throw. - if (checkPathLength) - { - // This needs to be a separate method to avoid hitting the static constructor on AppContextSwitches - CheckPathTooLong(modifiedUrl); - } - - // Create the result string from the StringBuilder - return modifiedUrl.ToString(); - } - - [MethodImpl(MethodImplOptions.NoInlining)] - private static void CheckPathTooLong(StringBuilder path) - { - if (path.Length >= ( -#if PLATFORM_UNIX - Interop.Sys.MaxPath)) -#else - PathInternal.MaxLongPath)) -#endif - { - throw new PathTooLongException(Environment.GetResourceString("IO.PathTooLong")); - } - } - } -} diff --git a/src/mscorlib/src/System/Security/VerificationException.cs b/src/mscorlib/src/System/Security/VerificationException.cs deleted file mode 100644 index 5defbd6603..0000000000 --- a/src/mscorlib/src/System/Security/VerificationException.cs +++ /dev/null @@ -1,32 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -// - -namespace System.Security { - using System.Security; - using System; - using System.Runtime.Serialization; - - [Serializable] - public class VerificationException : SystemException { - public VerificationException() - : base(Environment.GetResourceString("Verification_Exception")) { - SetErrorCode(__HResults.COR_E_VERIFICATION); - } - - public VerificationException(String message) - : base(message) { - SetErrorCode(__HResults.COR_E_VERIFICATION); - } - - public VerificationException(String message, Exception innerException) - : base(message, innerException) { - SetErrorCode(__HResults.COR_E_VERIFICATION); - } - - protected VerificationException(SerializationInfo info, StreamingContext context) : base(info, context) { - } - } -} |