diff options
Diffstat (limited to 'src/vm/securitydeclarative.h')
-rw-r--r-- | src/vm/securitydeclarative.h | 198 |
1 files changed, 198 insertions, 0 deletions
diff --git a/src/vm/securitydeclarative.h b/src/vm/securitydeclarative.h new file mode 100644 index 0000000000..625e6840b9 --- /dev/null +++ b/src/vm/securitydeclarative.h @@ -0,0 +1,198 @@ +// Licensed to the .NET Foundation under one or more agreements. +// The .NET Foundation licenses this file to you under the MIT license. +// See the LICENSE file in the project root for more information. +// + +// + + +#ifndef __SECURITYDECLARATIVE_H__ +#define __SECURITYDECLARATIVE_H__ + +class SecurityStackWalk; +class MethodSecurityDescriptor; +class TokenSecurityDescriptor; +struct TokenDeclActionInfo; +class TypeSecurityDescriptor; +class PsetCacheEntry; + +// Reasons why a method may have been flagged as requiring a LinkDemand +enum LinktimeCheckReason +{ + LinktimeCheckReason_None = 0x00000000, // The method does not require a LinkDemand + LinktimeCheckReason_CasDemand = 0x00000001, // The method has CAS LinkDemands + LinktimeCheckReason_NonCasDemand = 0x00000002, // The method has non-CAS LinkDemands + LinktimeCheckReason_AptcaCheck = 0x00000004, // The method is a member of a non-APTCA assembly that requires its caller to be trusted + LinktimeCheckReason_NativeCodeCall = 0x00000008 // The method may represent a call to native code +}; + +struct DeclActionInfo +{ + DWORD dwDeclAction; // This'll tell InvokeDeclarativeSecurity whats the action needed + PsetCacheEntry *pPCE; // The cached permissionset on which to demand/assert/deny/blah + DeclActionInfo *pNext; // Next declarative action needed on this method, if any. + + static DeclActionInfo *Init(MethodDesc *pMD, DWORD dwAction, PsetCacheEntry *pPCE); +}; + +inline LinktimeCheckReason operator|(LinktimeCheckReason lhs, LinktimeCheckReason rhs); +inline LinktimeCheckReason operator|=(LinktimeCheckReason &lhs, LinktimeCheckReason rhs); +inline LinktimeCheckReason operator&(LinktimeCheckReason lhs, LinktimeCheckReason rhs); +inline LinktimeCheckReason operator&=(LinktimeCheckReason &lhs, LinktimeCheckReason rhs); + +namespace SecurityDeclarative +{ + // Returns an instance of a well-known permission. (It caches them, so each permission is created only once.) + void _GetSharedPermissionInstance(OBJECTREF *perm, int index); + + // Perform the declarative actions + // Callers: + // DoDeclarativeSecurity + void DoDeclarativeActions(MethodDesc *pMD, DeclActionInfo *pActions, LPVOID pSecObj, MethodSecurityDescriptor *pMSD = NULL); + void DoDeclarativeStackModifiers(MethodDesc *pMeth, AppDomain* pAppDomain, LPVOID pSecObj); + void DoDeclarativeStackModifiersInternal(MethodDesc *pMeth, LPVOID pSecObj); + void EnsureAssertAllowed(MethodDesc *pMeth, MethodSecurityDescriptor* pMSD); // throws exception if assert is not allowed for MethodDesc + // Determine which declarative SecurityActions are used on this type and return a + // DWORD of flags to represent the results + // Callers: + // MethodTableBuilder::CreateClass + // MethodTableBuilder::EnumerateClassMembers + // MethodDesc::GetSecurityFlags + HRESULT GetDeclarationFlags(IMDInternalImport *pInternalImport, mdToken token, DWORD* pdwFlags, DWORD* pdwNullFlags, BOOL* fHasSuppressUnmanagedCodeAccessAttr = NULL); + + // Query the metadata to get all LinkDemands on this method (and it's class) + // Callers: + // CanAccess (ReflectionInvocation) + // ReflectionInvocation::GetSpecialSecurityFlags + // RuntimeMethodHandle::InvokeMethod_Internal + // Security::CheckLinkDemandAgainstAppDomain + void RetrieveLinktimeDemands(MethodDesc* pMD, + OBJECTREF* pClassCas, + OBJECTREF* pClassNonCas, + OBJECTREF* pMethodCas, + OBJECTREF* pMethodNonCas); + + // Determine why the method is marked as requiring a linktime check, optionally returning the declared + // CAS link demands on the method itself. + LinktimeCheckReason GetLinktimeCheckReason(MethodDesc *pMD, + OBJECTREF *pClassCasDemands, + OBJECTREF *pClassNonCasDemands, + OBJECTREF *pMethodCasDemands, + OBJECTREF *pMethodNonCasDemands); + + // Used by interop to simulate the effect of link demands when the caller is + // in fact script constrained by an appdomain setup by IE. + // Callers: + // DispatchInfo::InvokeMember + // COMToCLRWorkerBody (COMToCLRCall) + void CheckLinkDemandAgainstAppDomain(MethodDesc *pMD); + + // Perform a LinkDemand + // Callers: + // COMCustomAttribute::CreateCAObject + // CheckMethodAccess + // InvokeUtil::CheckLinktimeDemand + // CEEInfo::findMethod + // RuntimeMethodHandle::InvokeMethod_Internal + void LinktimeCheckMethod(Assembly *pCaller, MethodDesc *pCallee); + + // Perform inheritance link demand + // Called by: + // MethodTableBuilder::ConvertLinkDemandToInheritanceDemand + void InheritanceLinkDemandCheck(Assembly *pTargetAssembly, MethodDesc * pMDLinkDemand); + + // Perform an InheritanceDemand against the target assembly + void InheritanceDemand(Assembly *pTargetAssembly, OBJECTREF refDemand); + + // Perform a FullTrust InheritanceDemand against the target assembly + void FullTrustInheritanceDemand(Assembly *pTargetAssembly); + + // Perform a FullTrust LinkDemand against the target assembly + void FullTrustLinkDemand(Assembly *pTargetAssembly); + + // Do InheritanceDemands on the type + // Called by: + // MethodTableBuilder::VerifyInheritanceSecurity + void ClassInheritanceCheck(MethodTable *pClass, MethodTable *pParent); + + // Do InheritanceDemands on the Method + // Callers: + // MethodTableBuilder::VerifyInheritanceSecurity + void MethodInheritanceCheck(MethodDesc *pMethod, MethodDesc *pParent); + + // Returns a managed instance of a well-known PermissionSet + // Callers: + // COMCodeAccessSecurityEngine::SpecialDemand + // ReflectionSerialization::GetSafeUninitializedObject + inline void GetPermissionInstance(OBJECTREF *perm, int index); + + inline BOOL FullTrustCheckForLinkOrInheritanceDemand(Assembly *pAssembly); + + +#ifdef FEATURE_APTCA + // Returns TRUE if an APTCA check is necessary + // Callers: + // CanAccess + BOOL IsUntrustedCallerCheckNeeded(MethodDesc *pCalleeMD, Assembly *pCallerAssem = NULL); + + // Perform the APTCA check + // Callers: + // CanAccess + // Security::CheckLinkDemandAgainstAppDomain + void DoUntrustedCallerChecks( + Assembly *pCaller, MethodDesc *pCalee, + BOOL fFullStackWalk); +#endif // FEATURE_APTCA + +#ifndef DACCESS_COMPILE + // Calls PermissionSet.Demand + // Callers: + // CanAccess (ReflectionInvocation) + // Security::CheckLinkDemandAgainstAppDomain + void CheckNonCasDemand(OBJECTREF *prefDemand); +#endif // #ifndef DACCESS_COMPILE + + // Returns TRUE if the method is visible outside its assembly + // Callers: + // MethodTableBuilder::SetSecurityFlagsOnMethod + inline BOOL MethodIsVisibleOutsideItsAssembly(MethodDesc * pMD); + inline BOOL MethodIsVisibleOutsideItsAssembly(DWORD dwMethodAttr, DWORD dwClassAttr, BOOL fIsGlobalClass); + + BOOL TokenMightHaveDeclarations(IMDInternalImport *pInternalImport, mdToken token, CorDeclSecurity action); + DeclActionInfo *DetectDeclActions(MethodDesc *pMeth, DWORD dwDeclFlags); + void DetectDeclActionsOnToken(mdToken tk, DWORD dwDeclFlags, PsetCacheEntry** pSets, IMDInternalImport *pInternalImport); + void InvokeLinktimeChecks(Assembly *pCaller, + Module *pModule, + mdToken token); + + inline BOOL MethodIsVisibleOutsideItsAssembly(DWORD dwMethodAttr); + + inline BOOL ClassIsVisibleOutsideItsAssembly(DWORD dwClassAttr, BOOL fIsGlobalClass); + +#ifdef FEATURE_APTCA + // Returns an instance of a SecurityException with the message "This method doesn't allow partially trusted callers" + // Callers: + // DoUntrustedCallerChecks + void DECLSPEC_NORETURN ThrowAPTCAException(Assembly *pCaller, MethodDesc *pCallee); +#endif // FEATURE_APTCA +#ifdef FEATURE_CAS_POLICY + void DECLSPEC_NORETURN ThrowHPException(EApiCategories protectedCategories, EApiCategories demandedCategories); +#endif // FEATURE_CAS_POLICY + + // Add a declarative action and PermissionSet index to the linked list + void AddDeclAction(CorDeclSecurity action, PsetCacheEntry *pClassPCE, PsetCacheEntry *pMethodPCE, DeclActionInfo** ppActionList, MethodDesc *pMeth); + + // Helper for DoDeclarativeActions + void InvokeDeclarativeActions(MethodDesc *pMeth, DeclActionInfo *pActions, MethodSecurityDescriptor *pMSD); + void InvokeDeclarativeStackModifiers (MethodDesc *pMeth, DeclActionInfo *pActions, OBJECTREF * pSecObj); + + bool BlobMightContainNonCasPermission(PBYTE pbPerm, ULONG cbPerm, DWORD dwAction, bool* pHostProtectionOnly); + +// Delayed Declarative Security processing +#ifndef DACCESS_COMPILE + inline void DoDeclarativeSecurityAtStackWalk(MethodDesc* pFunc, AppDomain* pAppDomain, OBJECTREF* pFrameObjectSlot); +#endif +} + +#endif // __SECURITYDECLARATIVE_H__ + |