summaryrefslogtreecommitdiff
path: root/src/vm/security.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/vm/security.h')
-rw-r--r--src/vm/security.h305
1 files changed, 43 insertions, 262 deletions
diff --git a/src/vm/security.h b/src/vm/security.h
index 7f42c4b10b..fa4840998e 100644
--- a/src/vm/security.h
+++ b/src/vm/security.h
@@ -3,23 +3,13 @@
// See the LICENSE file in the project root for more information.
//
-
-//
-
-
#ifndef __security_h__
#define __security_h__
-#include "securitypolicy.h"
-#include "securityattributes.h"
-#include "securitydeclarativecache.h"
-#include "securitydeclarative.h"
-#include "securitytransparentassembly.h"
-
-
-class IAssemblySecurityDescriptor;
-class IApplicationSecurityDescriptor;
-class IPEFileSecurityDescriptor;
+//
+// Stubbed out implementation of security subsystem
+// TODO: Eliminate this file
+//
enum SecurityStackWalkType
{
@@ -33,280 +23,71 @@ enum SecurityStackWalkType
SSWT_GET_ZONE_AND_URL = 8,
};
-// AssemblyLoadSecurity is used to describe to the loader security information to apply to an assembly at
-// load time. This includes information such as the assembly's evidence, as well as if we should resolve
-// policy on the assembly or push a grant set to its security descriptor.
-struct AssemblyLoadSecurity
-{
- OBJECTREF *m_pEvidence;
- OBJECTREF *m_pAdditionalEvidence;
- OBJECTREF *m_pGrantSet;
- OBJECTREF *m_pRefusedSet;
- DWORD m_dwSpecialFlags;
- bool m_fCheckLoadFromRemoteSource;
- bool m_fSuppressSecurityChecks;
- bool m_fPropagatingAnonymouslyHostedDynamicMethodGrant;
-
- inline AssemblyLoadSecurity();
-
- // Should the assembly have policy resolved on it, or should it use a pre-determined grant set
- inline bool ShouldResolvePolicy();
-};
+// special flags
+#define SECURITY_UNMANAGED_CODE 0
+#define SECURITY_SKIP_VER 1
+#define REFLECTION_TYPE_INFO 2
+#define SECURITY_ASSERT 3
+#define REFLECTION_MEMBER_ACCESS 4
+#define SECURITY_SERIALIZATION 5
+#define REFLECTION_RESTRICTED_MEMBER_ACCESS 6
+#define SECURITY_FULL_TRUST 7
+#define SECURITY_BINDING_REDIRECTS 8
// Ultimately this will become the only interface through
// which the VM will access security code.
namespace Security
{
- // ----------------------------------------
- // SecurityPolicy
- // ----------------------------------------
-
- // Init
- inline void Start();
- inline void Stop();
- inline void SaveCache();
-
- // Policy
-
- BOOL IsTransparencyEnforcementEnabled();
+ inline BOOL IsTransparencyEnforcementEnabled() { return false; }
- BOOL BypassSecurityChecksForProfiler(MethodDesc *pMD);
- inline BOOL CanCallUnmanagedCode(Module *pModule);
- inline BOOL CanAssert(Module *pModule);
- inline DECLSPEC_NORETURN void ThrowSecurityException(__in_z const char *szDemandClass, DWORD dwFlags);
+ inline BOOL CanCallUnmanagedCode(Module *pModule) { return true; }
#ifndef DACCESS_COMPILE
- inline BOOL CanTailCall(MethodDesc* pMD);
- inline BOOL CanHaveRVA(Assembly * pAssembly);
- inline BOOL CanAccessNonVerifiableExplicitField(MethodDesc* pMD);
- inline BOOL CanSkipVerification(MethodDesc * pMethod);
+ inline BOOL CanTailCall(MethodDesc* pMD) { return true; }
+ inline BOOL CanHaveRVA(Assembly * pAssembly) { return true; }
+ inline BOOL CanAccessNonVerifiableExplicitField(MethodDesc* pMD) { return true; }
+ inline BOOL CanSkipVerification(MethodDesc * pMethod) { return true; }
#endif
- inline BOOL CanSkipVerification(DomainAssembly * pAssembly);
- inline CorInfoCanSkipVerificationResult JITCanSkipVerification(DomainAssembly * pAssembly);
- inline CorInfoCanSkipVerificationResult JITCanSkipVerification(MethodDesc * pMD);
+ inline BOOL CanSkipVerification(DomainAssembly * pAssembly) { return true; }
// ----------------------------------------
// SecurityAttributes
// ----------------------------------------
- inline OBJECTREF CreatePermissionSet(BOOL fTrusted);
- inline void CopyByteArrayToEncoding(IN U1ARRAYREF* pArray, OUT PBYTE* pbData, OUT DWORD* cbData);
- inline void CopyEncodingToByteArray(IN PBYTE pbData, IN DWORD cbData, IN OBJECTREF* pArray);
+ void CopyByteArrayToEncoding(IN U1ARRAYREF* pArray, OUT PBYTE* pbData, OUT DWORD* cbData);
+ void CopyEncodingToByteArray(IN PBYTE pbData, IN DWORD cbData, IN OBJECTREF* pArray);
- // ----------------------------------------
- // SecurityDeclarative
- // ----------------------------------------
- inline HRESULT GetDeclarationFlags(IMDInternalImport *pInternalImport, mdToken token, DWORD* pdwFlags, DWORD* pdwNullFlags, BOOL* fHasSuppressUnmanagedCodeAccessAttr = NULL);
- inline void RetrieveLinktimeDemands(MethodDesc* pMD, OBJECTREF* pClassCas, OBJECTREF* pClassNonCas, OBJECTREF* pMethodCas, OBJECTREF* pMethodNonCas);
- inline void CheckLinkDemandAgainstAppDomain(MethodDesc *pMD) ;
-
- inline LinktimeCheckReason GetLinktimeCheckReason(MethodDesc *pMD,
- OBJECTREF *pClassCasDemands,
- OBJECTREF *pClassNonCasDemands,
- OBJECTREF *pMethodCasDemands,
- OBJECTREF *pMethodNonCasDemands);
-
- inline void LinktimeCheckMethod(Assembly *pCaller, MethodDesc *pCallee);
- inline void ClassInheritanceCheck(MethodTable *pClass, MethodTable *pParent);
- inline void MethodInheritanceCheck(MethodDesc *pMethod, MethodDesc *pParent);
- inline void GetPermissionInstance(OBJECTREF *perm, int index);
- inline void DoDeclarativeActions(MethodDesc *pMD, DeclActionInfo *pActions, LPVOID pSecObj, MethodSecurityDescriptor *pMSD = NULL);
-#ifndef DACCESS_COMPILE
- inline void CheckNonCasDemand(OBJECTREF *prefDemand);
-#endif // #ifndef DACCESS_COMPILE
- inline BOOL MethodIsVisibleOutsideItsAssembly(MethodDesc * pMD);
- inline BOOL MethodIsVisibleOutsideItsAssembly(DWORD dwMethodAttr, DWORD dwClassAttr, BOOL fIsGlobalClass);
-
- // ----------------------------------------
- // SecurityStackWalk
- // ----------------------------------------
-
- // other CAS Actions
- inline void Demand(SecurityStackWalkType eType, OBJECTREF demand) ;
- inline void DemandSet(SecurityStackWalkType eType, OBJECTREF demand) ;
- inline void DemandSet(SecurityStackWalkType eType, PsetCacheEntry *pPCE, DWORD dwAction) ;
- inline void SpecialDemand(SecurityStackWalkType eType, DWORD whatPermission) ;
-
- inline void InheritanceLinkDemandCheck(Assembly *pTargetAssembly, MethodDesc * pMDLinkDemand);
-
- inline void FullTrustInheritanceDemand(Assembly *pTargetAssembly);
- inline void FullTrustLinkDemand(Assembly *pTargetAssembly);
-
- // Compressed Stack
-
- // Misc - todo: put these in better categories
-
- inline BOOL AllDomainsOnStackFullyTrusted();
- IApplicationSecurityDescriptor* CreateApplicationSecurityDescriptor(AppDomain * pDomain);
- IAssemblySecurityDescriptor* CreateAssemblySecurityDescriptor(AppDomain *pDomain, DomainAssembly *pAssembly, LoaderAllocator *pLoaderAllocator);
- ISharedSecurityDescriptor* CreateSharedSecurityDescriptor(Assembly* pAssembly);
- void DeleteSharedSecurityDescriptor(ISharedSecurityDescriptor *descriptor);
- inline void SetDefaultAppDomainProperty(IApplicationSecurityDescriptor* pASD);
- inline void SetDefaultAppDomainEvidenceProperty(IApplicationSecurityDescriptor* pASD);
-
-
- // Checks for one of the special domain wide flags
- // such as if we are currently in a "fully trusted" environment
- // or if unmanaged code access is allowed at this time
- // Note: This is an inline method instead of a virtual method on IApplicationSecurityDescriptor
- // for stackwalk perf.
- inline BOOL CheckDomainWideSpecialFlag(IApplicationSecurityDescriptor *pASD, DWORD flags);
-
- inline BOOL IsResolved(Assembly *pAssembly);
-
- FORCEINLINE VOID IncrementSecurityPerfCounter() ;
- inline BOOL IsSpecialRunFrame(MethodDesc *pMeth) ;
- inline BOOL SkipAndFindFunctionInfo(INT32 i, MethodDesc** ppMD, OBJECTREF** ppOR, AppDomain **ppAppDomain = NULL);
- inline BOOL SkipAndFindFunctionInfo(StackCrawlMark* pSCM, MethodDesc** ppMD, OBJECTREF** ppOR, AppDomain **ppAppDomain = NULL);
+ inline void SpecialDemand(SecurityStackWalkType eType, DWORD whatPermission) { }
// Transparency checks
- inline BOOL IsMethodTransparent(MethodDesc * pMD);
- inline BOOL IsMethodCritical(MethodDesc * pMD);
- inline BOOL IsMethodSafeCritical(MethodDesc * pMD);
-
- inline BOOL IsTypeCritical(MethodTable *pMT);
- inline BOOL IsTypeSafeCritical(MethodTable *pMT);
- inline BOOL IsTypeTransparent(MethodTable * pMT);
- inline BOOL IsTypeAllTransparent(MethodTable * pMT);
-
- inline BOOL IsFieldTransparent(FieldDesc * pFD);
- inline BOOL IsFieldCritical(FieldDesc * pFD);
- inline BOOL IsFieldSafeCritical(FieldDesc * pFD);
+ inline BOOL IsMethodTransparent(MethodDesc * pMD) { return false; }
+ inline BOOL IsMethodCritical(MethodDesc * pMD) { return true; }
+ inline BOOL IsMethodSafeCritical(MethodDesc * pMD) { return false; }
- inline BOOL IsTokenTransparent(Module* pModule, mdToken token);
-
- inline void DoSecurityClassAccessChecks(MethodDesc *pCallerMD,
- const TypeHandle &calleeTH,
- CorInfoSecurityRuntimeChecks check);
+ inline BOOL IsTypeCritical(MethodTable *pMT) { return true; }
+ inline BOOL IsTypeSafeCritical(MethodTable *pMT) { return false; }
+ inline BOOL IsTypeTransparent(MethodTable * pMT) { return false; }
+ inline BOOL IsTypeAllTransparent(MethodTable * pMT) { return false; }
- inline CorInfoIsAccessAllowedResult RequiresTransparentAssemblyChecks(MethodDesc* pCaller,
- MethodDesc* pCallee,
- SecurityTransparencyError *pError);
- inline VOID EnforceTransparentAssemblyChecks(MethodDesc* pCallee, MethodDesc* pCaller);
- inline VOID EnforceTransparentDelegateChecks(MethodTable* pDelegateMT, MethodDesc* pCaller);
- inline VOID PerformTransparencyChecksForLoadByteArray(MethodDesc* pCallersMD, IAssemblySecurityDescriptor* pLoadedSecDesc);
+ inline BOOL IsFieldTransparent(FieldDesc * pFD) { return false; }
+ inline BOOL IsFieldCritical(FieldDesc * pFD) { return true; }
+ inline BOOL IsFieldSafeCritical(FieldDesc * pFD) { return false; }
- inline bool TypeRequiresTransparencyCheck(TypeHandle type, bool checkForLinkDemands = false);
+ inline BOOL IsTokenTransparent(Module* pModule, mdToken token) { return false; }
inline BOOL CheckCriticalAccess(AccessCheckContext* pContext,
MethodDesc* pOptionalTargetMethod = NULL,
FieldDesc* pOptionalTargetField = NULL,
- MethodTable * pOptionalTargetType = NULL);
-
- // declarative security
- inline HRESULT GetDeclaredPermissions(IN IMDInternalImport *pInternalImport, IN mdToken token, IN CorDeclSecurity action, OUT OBJECTREF *pDeclaredPermissions, OUT PsetCacheEntry **pPSCacheEntry = NULL) ;
-
- // security enforcement
- inline BOOL ContainsBuiltinCASPermsOnly(CORSEC_ATTRSET* pAttrSet);
-
-
- inline bool SecurityCalloutQuickCheck(MethodDesc *pCallerMD);
-
- inline bool CanShareAssembly(DomainAssembly *pAssembly);
-};
-
-class ISecurityDescriptor
-{
-public:
- VPTR_BASE_VTABLE_CLASS_AND_CTOR(ISecurityDescriptor)
-
- virtual ~ISecurityDescriptor() { LIMITED_METHOD_CONTRACT; }
-
- virtual BOOL IsFullyTrusted() = 0;
-
- virtual BOOL CanCallUnmanagedCode() const = 0;
-
-#ifndef DACCESS_COMPILE
- virtual DWORD GetSpecialFlags() const = 0;
-
- virtual AppDomain* GetDomain() const = 0;
-
- virtual void Resolve() = 0;
- virtual BOOL IsResolved() const = 0;
-
-
- virtual OBJECTREF GetGrantedPermissionSet(OBJECTREF* RefusedPermissions = NULL) = 0;
-#endif // !DACCESS_COMPILE
-};
-
-class IApplicationSecurityDescriptor : public ISecurityDescriptor
-{
-public:
- VPTR_ABSTRACT_VTABLE_CLASS_AND_CTOR(IApplicationSecurityDescriptor, ISecurityDescriptor)
-
-#ifndef DACCESS_COMPILE
-public:
- virtual BOOL IsHomogeneous() const = 0;
- virtual void SetHomogeneousFlag(BOOL fRuntimeSuppliedHomogenousGrantSet) = 0;
- virtual BOOL ContainsAnyRefusedPermissions() = 0;
-
- virtual BOOL IsDefaultAppDomain() const = 0;
- virtual BOOL IsDefaultAppDomainEvidence() = 0;
- virtual BOOL DomainMayContainPartialTrustCode() = 0;
-
- virtual BOOL CallHostSecurityManager() = 0;
- virtual void SetHostSecurityManagerFlags(DWORD dwFlags) = 0;
- virtual void SetPolicyLevelFlag() = 0;
-
- virtual void FinishInitialization() = 0;
- virtual BOOL IsInitializationInProgress() = 0;
-
- // Determine the security state that an AppDomain will arrive in if nothing changes during domain
- // initialization. (ie, get the input security state of the domain)
- virtual void PreResolve(BOOL *pfIsFullyTrusted, BOOL *pfIsHomogeneous) = 0;
-
- // Gets special domain wide flags that specify things
- // such as whether we are currently in a "fully trusted" environment
- // or if unmanaged code access is allowed at this time
- virtual DWORD GetDomainWideSpecialFlag() const = 0;
-
-
-#endif // !DACCESS_COMPILE
-};
-
-class IAssemblySecurityDescriptor : public ISecurityDescriptor
-{
-public:
- VPTR_ABSTRACT_VTABLE_CLASS_AND_CTOR(IAssemblySecurityDescriptor, ISecurityDescriptor)
-
-#ifndef DACCESS_COMPILE
- virtual SharedSecurityDescriptor *GetSharedSecDesc() = 0;
-
- virtual BOOL CanAssert() = 0;
- virtual BOOL HasUnrestrictedUIPermission() = 0;
- virtual BOOL IsAllCritical() = 0;
- virtual BOOL IsAllSafeCritical() = 0;
- virtual BOOL IsAllPublicAreaSafeCritical() = 0;
- virtual BOOL IsAllTransparent() = 0;
- virtual BOOL IsSystem() = 0;
- virtual BOOL AllowSkipVerificationInFullTrust() = 0;
-
- virtual void ResolvePolicy(ISharedSecurityDescriptor *pSharedDesc, BOOL fShouldSkipPolicyResolution) = 0;
-
-
- virtual void PropagatePermissionSet(OBJECTREF GrantedPermissionSet, OBJECTREF DeniedPermissionSet, DWORD dwSpecialFlags) = 0;
-
-
- // Check to make sure that security will allow this assembly to load. Throw an exception if the
- // assembly should be forbidden from loading for security related purposes
- virtual void CheckAllowAssemblyLoad() = 0;
-#endif // #ifndef DACCESS_COMPILE
+ MethodTable * pOptionalTargetType = NULL)
+ {
+ return true;
+ }
+
+ inline void CheckLinkDemandAgainstAppDomain(MethodDesc *pMD)
+ {
+ }
};
-class ISharedSecurityDescriptor
-{
-public:
- virtual void Resolve(IAssemblySecurityDescriptor *pSecDesc = NULL) = 0;
- virtual BOOL IsResolved() const = 0;
- virtual BOOL IsSystem() = 0;
- virtual Assembly* GetAssembly() = 0;
-};
-
-
-#include "security.inl"
-#include "securitydeclarative.inl"
-#include "securityattributes.inl"
-
#endif
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-05 23:20:23 +0000