diff options
Diffstat (limited to 'src/vm/securitydescriptorappdomain.cpp')
-rw-r--r-- | src/vm/securitydescriptorappdomain.cpp | 219 |
1 files changed, 0 insertions, 219 deletions
diff --git a/src/vm/securitydescriptorappdomain.cpp b/src/vm/securitydescriptorappdomain.cpp deleted file mode 100644 index 173b4c83e1..0000000000 --- a/src/vm/securitydescriptorappdomain.cpp +++ /dev/null @@ -1,219 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. -// - -// - - -#include "common.h" -#include "security.h" -#include "callhelpers.h" - -#ifndef DACCESS_COMPILE - -void ApplicationSecurityDescriptor::Resolve() -{ - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - INJECT_FAULT(COMPlusThrowOM();); - SO_TOLERANT; - } CONTRACTL_END; - - if (IsResolved()) - return; - - SetGrantedPermissionSet(NULL, NULL, 0xFFFFFFFF); -} - -#ifndef CROSSGEN_COMPILE -//--------------------------------------------------------------------------------------- -// -// Determine the security state of an AppDomain before the domain is fully configured. -// This method is used to detect the input configuration of a domain - specifically, if it -// is homogenous and fully trusted before domain setup is completed. -// -// Note that this state may not reflect the final state of the AppDomain when it is -// configured, since components like the AppDomainManager can modify these bits during execution. -// - -void ApplicationSecurityDescriptor::PreResolve(BOOL *pfIsFullyTrusted, BOOL *pfIsHomogeneous) -{ - CONTRACTL - { - GC_TRIGGERS; - THROWS; - MODE_ANY; - PRECONDITION(CheckPointer(pfIsFullyTrusted)); - PRECONDITION(CheckPointer(pfIsHomogeneous)); - PRECONDITION(IsInitializationInProgress()); // We shouldn't be looking at the pre-resolved state if we've already done real resolution - } - CONTRACTL_END; - - if (m_fIsPreResolved) - { - *pfIsFullyTrusted = m_fPreResolutionFullTrust; - *pfIsHomogeneous = m_fPreResolutionHomogeneous; - return; - } - - GCX_COOP(); - - // On CoreCLR all domains are partial trust homogenous - m_fPreResolutionFullTrust = FALSE; - m_fPreResolutionHomogeneous = TRUE; - - *pfIsFullyTrusted = m_fPreResolutionFullTrust; - *pfIsHomogeneous = m_fPreResolutionHomogeneous; - m_fIsPreResolved = TRUE; -} -#endif // CROSSGEN_COMPILE - - -// -// PLS (PermissionListSet) optimization Implementation -// The idea of the PLS optimization is to maintain the intersection -// of the grant sets of all assemblies loaded into the AppDomain (plus -// the grant set of the AppDomain itself) and the union of all denied -// sets. When a demand is evaluated, we first check the permission -// that is being demanded against the combined grant and denied set -// and if that check succeeds, then we know the demand is satisfied -// in the AppDomain without having to perform an entire stack walk. -// - -// Creates the PermissionListSet which holds the AppDomain level intersection of -// granted and denied permission sets of all assemblies in the domain and updates -// the granted and denied set with those of the AppDomain. -void ApplicationSecurityDescriptor::InitializePLS() -{ - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - PRECONDITION(IsResolved()); - INJECT_FAULT(COMPlusThrowOM();); - } CONTRACTL_END; - - m_dwDomainWideSpecialFlags = m_dwSpecialFlags; -} - -// Whenever a new assembly is added to the domain, we need to update the PermissionListSet -void ApplicationSecurityDescriptor::AddNewSecDescToPLS(AssemblySecurityDescriptor *pNewSecDescriptor) -{ - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - PRECONDITION(pNewSecDescriptor->IsResolved()); - INJECT_FAULT(COMPlusThrowOM();); - } CONTRACTL_END; - - // - // If the assembly is fully trusted, this should be a no-op as the PLS is unaffected. - // Note it's Ok to call this method before the AppDomain is fully initialized (and so - // before the PLS is created for the AppDomain) because we enforce that all assemblies - // loaded during that phase are fully trusted. - // - - if (!pNewSecDescriptor->IsFullyTrusted()) { - - LONG dwNewDomainWideSpecialFlags = 0; - LONG dwOldDomainWideSpecialFlags = 0; - do { - dwOldDomainWideSpecialFlags = m_dwDomainWideSpecialFlags; - dwNewDomainWideSpecialFlags = (dwOldDomainWideSpecialFlags & pNewSecDescriptor->GetSpecialFlags()); - } - while (InterlockedCompareExchange((LONG*)&m_dwDomainWideSpecialFlags, dwNewDomainWideSpecialFlags, dwOldDomainWideSpecialFlags) != dwOldDomainWideSpecialFlags); - } -} - - -DWORD ApplicationSecurityDescriptor::GetDomainWideSpecialFlag() const -{ - LIMITED_METHOD_CONTRACT; - return m_dwDomainWideSpecialFlags; -} - -void ApplicationSecurityDescriptor::FinishInitialization() -{ - WRAPPER_NO_CONTRACT; - // Resolve the AppDomain security descriptor. - this->Resolve(); - - // Reset the initialization in-progress flag. - this->ResetInitializationInProgress(); - - // Initialize the PLS with the grant set of the AppDomain - this->InitializePLS(); -} - -void ApplicationSecurityDescriptor::SetHostSecurityManagerFlags(DWORD dwFlags) -{ - LIMITED_METHOD_CONTRACT; - m_dwHostSecurityManagerFlags |= dwFlags; -} - -void ApplicationSecurityDescriptor::SetPolicyLevelFlag() -{ - LIMITED_METHOD_CONTRACT; - m_dwHostSecurityManagerFlags |= HOST_POLICY_LEVEL; -} - -BOOL ApplicationSecurityDescriptor::IsHomogeneous() const -{ - LIMITED_METHOD_CONTRACT; - return m_fHomogeneous; -} - -// Should the HSM be consulted for security decisions in this AppDomain. -BOOL ApplicationSecurityDescriptor::CallHostSecurityManager() -{ - LIMITED_METHOD_CONTRACT; - return (m_dwHostSecurityManagerFlags & HOST_APP_DOMAIN_EVIDENCE || - m_dwHostSecurityManagerFlags & HOST_POLICY_LEVEL || - m_dwHostSecurityManagerFlags & HOST_ASM_EVIDENCE || - m_dwHostSecurityManagerFlags & HOST_RESOLVE_POLICY); -} - -// The AppDomain is considered a default one (FT) if the property is set and it's not a homogeneous AppDomain -BOOL ApplicationSecurityDescriptor::IsDefaultAppDomain() const -{ - LIMITED_METHOD_CONTRACT; - return m_fIsDefaultAppdomain - ; -} - -BOOL ApplicationSecurityDescriptor::IsDefaultAppDomainEvidence() -{ - LIMITED_METHOD_CONTRACT; - return m_fIsDefaultAppdomainEvidence;// This need not be a default AD, but has no evidence. So we'll use the default AD evidence -} - -// Indicates whether the initialization phase is in progress. -BOOL ApplicationSecurityDescriptor::IsInitializationInProgress() -{ - LIMITED_METHOD_CONTRACT; - return m_fIsInitializationInProgress; -} - -BOOL ApplicationSecurityDescriptor::ContainsAnyRefusedPermissions() -{ - LIMITED_METHOD_CONTRACT; - return m_fContainsAnyRefusedPermissions; -} - -// Is it possible for the AppDomain to contain partial trust code. This method may return true even if the -// domain does not currently have partial trust code in it - a true value simply means that it is possible -// for partial trust code to eventually end up in the domain. -BOOL ApplicationSecurityDescriptor::DomainMayContainPartialTrustCode() -{ - WRAPPER_NO_CONTRACT; - return !m_fHomogeneous || !IsFullyTrusted(); -} - - -#endif // !DACCESS_COMPILE - - |