diff options
Diffstat (limited to 'src/vm/security.inl')
-rw-r--r-- | src/vm/security.inl | 219 |
1 files changed, 0 insertions, 219 deletions
diff --git a/src/vm/security.inl b/src/vm/security.inl index fe11589787..f2d7d7d683 100644 --- a/src/vm/security.inl +++ b/src/vm/security.inl @@ -25,59 +25,10 @@ inline void Security::Stop() WRAPPER_NO_CONTRACT; SecurityPolicy::Stop(); } -#ifdef FEATURE_CAS_POLICY -inline void Security::SaveCache() -{ - WRAPPER_NO_CONTRACT; - SecurityPolicy::SaveCache(); -} -#endif // ---------------------------------------- // SecurityPolicy // ---------------------------------------- -#ifdef FEATURE_CAS_POLICY - -//--------------------------------------------------------------------------------------- -// -// Determine if the entire process is running with CAS policy enabled for legacy -// compatibility. If this value is false, the CLR does not apply any security policy. -// Instead, it defers to a host if one is present or grants assemblies full trust. -// - -inline bool Security::IsProcessWideLegacyCasPolicyEnabled() -{ - LIMITED_METHOD_CONTRACT; - - // APPX precludes the use of legacy CAS policy - if (AppX::IsAppXProcess()) - { - return false; - } - - return CLRConfig::GetConfigValue(CLRConfig::EXTERNAL_Security_LegacyCasPolicy) || - CLRConfig::GetConfigValue(CLRConfig::EXTERNAL_Security_NetFx40LegacySecurityPolicy); -} - -//--------------------------------------------------------------------------------------- -// -// In pre-v4 versions of the CLR, doing a LoadFrom for a file in a remote location would -// implicitly sandbox that assembly. If CAS policy is disabled, then these applications -// will suddenly be granting full trust to assemblies they expected to be sandboxed. In -// order to prevent this, these LoadFroms are disabled unless the application has explcitly -// configured itself to allow them. -// -// This method returns the a value that indicates if the application has indicated that it -// is safe to LoadFrom remote locations and that the CLR should not block these loads. -// - -inline bool Security::CanLoadFromRemoteSources() -{ - WRAPPER_NO_CONTRACT; - return !!CLRConfig::GetConfigValue(CLRConfig::EXTERNAL_Security_LoadFromRemoteSources); -} - -#endif // FEATURE_CAS_POLICY inline BOOL Security::CanCallUnmanagedCode(Module *pModule) { @@ -173,17 +124,11 @@ inline LinktimeCheckReason Security::GetLinktimeCheckReason(MethodDesc *pMD, inline void Security::CheckLinkDemandAgainstAppDomain(MethodDesc *pMD) { WRAPPER_NO_CONTRACT; -#ifdef FEATURE_CAS_POLICY - SecurityDeclarative::CheckLinkDemandAgainstAppDomain(pMD); -#endif } inline void Security::LinktimeCheckMethod(Assembly *pCaller, MethodDesc *pCallee) { WRAPPER_NO_CONTRACT; -#ifdef FEATURE_CAS_POLICY - SecurityDeclarative::LinktimeCheckMethod(pCaller, pCallee); -#endif } inline void Security::ClassInheritanceCheck(MethodTable *pClass, MethodTable *pParent) @@ -201,18 +146,12 @@ inline void Security::MethodInheritanceCheck(MethodDesc *pMethod, MethodDesc *pP inline void Security::DoDeclarativeActions(MethodDesc *pMD, DeclActionInfo *pActions, LPVOID pSecObj, MethodSecurityDescriptor *pMSD) { WRAPPER_NO_CONTRACT; -#ifdef FEATURE_CAS_POLICY - SecurityDeclarative::DoDeclarativeActions(pMD, pActions, pSecObj, pMSD); -#endif } #ifndef DACCESS_COMPILE inline void Security::CheckNonCasDemand(OBJECTREF *prefDemand) { WRAPPER_NO_CONTRACT; -#ifdef FEATURE_CAS_POLICY - SecurityDeclarative::CheckNonCasDemand(prefDemand); -#endif } #endif // #ifndef DACCESS_COMPILE @@ -236,18 +175,8 @@ inline BOOL Security::MethodIsVisibleOutsideItsAssembly(DWORD dwMethodAttr, DWOR inline void Security::Demand(SecurityStackWalkType eType, OBJECTREF demand) { WRAPPER_NO_CONTRACT; -#ifdef FEATURE_CAS_POLICY - SecurityStackWalk::Demand(eType, demand); -#endif } -#ifdef FEATURE_CAS_POLICY -inline void Security::DemandGrantSet(IAssemblySecurityDescriptor *psdAssembly) -{ - WRAPPER_NO_CONTRACT; - SecurityStackWalk::DemandGrantSet(static_cast<AssemblySecurityDescriptor*>(psdAssembly)); -} -#endif // FEATURE_CAS_POLICY inline void Security::DemandSet(SecurityStackWalkType eType, OBJECTREF demand) { @@ -258,82 +187,34 @@ inline void Security::DemandSet(SecurityStackWalkType eType, OBJECTREF demand) MODE_COOPERATIVE; } CONTRACTL_END; -#ifdef FEATURE_CAS_POLICY - SecurityStackWalk::DemandSet(eType, demand); -#endif } inline void Security::DemandSet(SecurityStackWalkType eType, PsetCacheEntry *pPCE, DWORD dwAction) { WRAPPER_NO_CONTRACT; -#ifdef FEATURE_CAS_POLICY - SecurityStackWalk::DemandSet(eType, pPCE, dwAction); -#endif } -#ifdef FEATURE_CAS_POLICY -inline void Security::ReflectionTargetDemand(DWORD dwPermission, IAssemblySecurityDescriptor *psdTarget) -{ - WRAPPER_NO_CONTRACT; - SecurityStackWalk::ReflectionTargetDemand(dwPermission, static_cast<AssemblySecurityDescriptor*>(psdTarget)); -} - -inline void Security::ReflectionTargetDemand(DWORD dwPermission, - IAssemblySecurityDescriptor *psdTarget, - DynamicResolver * pAccessContext) -{ - WRAPPER_NO_CONTRACT; - SecurityStackWalk::ReflectionTargetDemand(dwPermission, static_cast<AssemblySecurityDescriptor*>(psdTarget), pAccessContext); -} -#endif // FEATURE_CAS_POLICY inline void Security::SpecialDemand(SecurityStackWalkType eType, DWORD whatPermission) { WRAPPER_NO_CONTRACT; -#ifdef FEATURE_CAS_POLICY - SecurityStackWalk::SpecialDemand(eType, whatPermission); -#endif } inline void Security::InheritanceLinkDemandCheck(Assembly *pTargetAssembly, MethodDesc * pMDLinkDemand) { WRAPPER_NO_CONTRACT; -#ifdef FEATURE_CAS_POLICY - SecurityDeclarative::InheritanceLinkDemandCheck(pTargetAssembly, pMDLinkDemand); -#endif } inline void Security::FullTrustInheritanceDemand(Assembly *pTargetAssembly) { WRAPPER_NO_CONTRACT; -#ifdef FEATURE_CAS_POLICY - SecurityDeclarative::FullTrustInheritanceDemand(pTargetAssembly); -#endif } inline void Security::FullTrustLinkDemand(Assembly *pTargetAssembly) { WRAPPER_NO_CONTRACT; -#ifdef FEATURE_CAS_POLICY - SecurityDeclarative::FullTrustLinkDemand(pTargetAssembly); -#endif -} - -#ifdef FEATURE_COMPRESSEDSTACK -// Compressed Stack - -inline COMPRESSEDSTACKREF Security::GetCSFromContextTransitionFrame(Frame *pFrame) -{ - WRAPPER_NO_CONTRACT; - return SecurityStackWalk::GetCSFromContextTransitionFrame(pFrame); } -inline BOOL Security::IsContextTransitionFrameWithCS(Frame *pFrame) -{ - WRAPPER_NO_CONTRACT; - return SecurityStackWalk::IsContextTransitionFrameWithCS(pFrame); -} -#endif // #ifdef FEATURE_COMPRESSEDSTACK // Misc - todo: put these in better categories FORCEINLINE VOID Security::IncrementSecurityPerfCounter() @@ -538,43 +419,8 @@ inline BOOL Security::CanSkipVerification(MethodDesc * pMD) } CONTRACTL_END; -#ifdef FEATURE_CORECLR // Always skip verification on CoreCLR return TRUE; -#else - - // Special case the System.Object..ctor: - // System.Object..ctor is not verifiable according to current verifier rules (that require to call the base - // class ctor). But since we want System.Object..ctor() to be marked transparent, it cannot be unverifiable - // (v4 security rules prohibit transparent code from being unverifiable) - -#ifndef DACCESS_COMPILE - if (g_pObjectCtorMD == pMD) - return TRUE; -#endif - - // In AppX, all dynamic code (dynamic assemblies and dynamic methods) should be verified.. - if (AppX::IsAppXProcess() && !AppX::IsAppXDesignMode()) - { - if (pMD->IsLCGMethod() || pMD->GetAssembly()->IsDynamic()) - return FALSE; - } - - BOOL fCanSkipVerification = Security::CanSkipVerification(pMD->GetAssembly()->GetDomainAssembly()); - if (fCanSkipVerification) - { - // check for transparency - if (SecurityTransparent::IsMethodTransparent(pMD)) - { - ModuleSecurityDescriptor *pModuleSecDesc = ModuleSecurityDescriptor::GetModuleSecurityDescriptor(pMD->GetAssembly()); - if (!pModuleSecDesc->CanTransparentCodeSkipVerification()) - { - return FALSE; - } - } - } - return fCanSkipVerification; -#endif // !FEATURE_CORECLR } #endif //!DACCESS_COMPILE @@ -603,38 +449,6 @@ inline BOOL Security::ContainsBuiltinCASPermsOnly(CORSEC_ATTRSET* pAttrSet) return SecurityAttributes::ContainsBuiltinCASPermsOnly(pAttrSet); } -#ifdef FEATURE_APTCA -inline BOOL Security::IsUntrustedCallerCheckNeeded(MethodDesc *pCalleeMD, Assembly *pCallerAssem) -{ - WRAPPER_NO_CONTRACT; - return SecurityDeclarative::IsUntrustedCallerCheckNeeded(pCalleeMD, pCallerAssem); -} - -inline void Security::DoUntrustedCallerChecks(Assembly *pCaller, MethodDesc *pCalee, BOOL fFullStackWalk) -{ - WRAPPER_NO_CONTRACT; - SecurityDeclarative::DoUntrustedCallerChecks(pCaller, pCalee, fFullStackWalk); -} - -inline bool Security::NativeImageHasValidAptcaDependencies(PEImage *pNativeImage, DomainAssembly *pDomainAssembly) -{ - WRAPPER_NO_CONTRACT; - return ::NativeImageHasValidAptcaDependencies(pNativeImage, pDomainAssembly); -} - -inline SString Security::GetAptcaKillBitAccessExceptionContext(Assembly *pTargetAssembly) -{ - WRAPPER_NO_CONTRACT; - return ::GetAptcaKillBitAccessExceptionContext(pTargetAssembly); -} - -inline SString Security::GetConditionalAptcaAccessExceptionContext(Assembly *pTargetAssembly) -{ - WRAPPER_NO_CONTRACT; - return ::GetConditionalAptcaAccessExceptionContext(pTargetAssembly); -} - -#endif // FEATURE_APTCA inline bool Security::SecurityCalloutQuickCheck(MethodDesc *pCallerMD) { @@ -646,12 +460,6 @@ inline bool Security::CanShareAssembly(DomainAssembly *pAssembly) { WRAPPER_NO_CONTRACT; -#ifdef FEATURE_APTCA - if (!DomainCanShareAptcaAssembly(pAssembly)) - { - return false; - } -#endif // FEATURE_APTCA return true; } @@ -674,34 +482,7 @@ FORCEINLINE BOOL SecurityStackWalk::HasFlagsOrFullyTrustedIgnoreMode (DWORD flag } CONTRACTL_END; -#ifndef FEATURE_CAS_POLICY return TRUE; -#else - // either the desired flag (often 0) or fully trusted will do - flags |= (1<<SECURITY_FULL_TRUST); - - // in order for us to use the threadwide state it has to be the case that there have been no - // overrides since the evaluation (e.g. no denies) We keep the state up-to-date by updating - // it whenever a new AppDomainStackEntry is pushed on the AppDomainStack attached to the thread. - // When we evaluate the demand, we always intersect the current thread state with the AppDomain - // wide flags, which are updated anytime a new Assembly is loaded into that domain. - // - // note if the flag is clear we still might be able to satisfy the demand if we do the full - // stackwalk. - // - // this code is very perf sensitive, do not make changes here without running - // a lot of interop and declarative security benchmarks - // - // it's important that we be able to do these checks without having to touch objects - // other than the thread itself -- that's where a big part of the speed comes from - // L1 cache misses are at a premium on this code path -- never mind L2... - // main memory is right out :) - - Thread* pThread = GetThread(); - return ((pThread->GetOverridesCount() == 0) && - pThread->CheckThreadWideSpecialFlag(flags) && - static_cast<ApplicationSecurityDescriptor*>(pThread->GetDomain()->GetSecurityDescriptor())->CheckDomainWideSpecialFlag(flags)); -#endif } // Returns true if everyone is fully trusted or has the indicated flags AND we're not in legacy CAS mode |