diff options
Diffstat (limited to 'src/vm/securitydescriptorassembly.h')
-rw-r--r-- | src/vm/securitydescriptorassembly.h | 196 |
1 files changed, 196 insertions, 0 deletions
diff --git a/src/vm/securitydescriptorassembly.h b/src/vm/securitydescriptorassembly.h new file mode 100644 index 0000000000..15bc83eef6 --- /dev/null +++ b/src/vm/securitydescriptorassembly.h @@ -0,0 +1,196 @@ +// Licensed to the .NET Foundation under one or more agreements. +// The .NET Foundation licenses this file to you under the MIT license. +// See the LICENSE file in the project root for more information. +// + +// + + +#ifndef __SECURITYDESCRIPTOR_ASSEMBLY_H__ +#define __SECURITYDESCRIPTOR_ASSEMBLY_H__ + +#include "security.h" +#include "securitydescriptor.h" +struct AssemblyLoadSecurity; + +class Assembly; +class DomainAssembly; + +// Security flags for the objects that store security information +#define CORSEC_ASSERTED 0x000020 // Asseted permission set present on frame +#define CORSEC_DENIED 0x000040 // Denied permission set present on frame +#define CORSEC_REDUCED 0x000080 // Reduced permission set present on frame + + +/////////////////////////////////////////////////////////////////////////////// +// +// [SecurityDescriptor] +// | +// +----[PEFileSecurityDescriptor] +// | +// +----[ApplicationSecurityDescriptor] +// | +// +----[AssemblySecurityDescriptor] +// +// [SharedSecurityDescriptor] +// +/////////////////////////////////////////////////////////////////////////////// +// +// A Security Descriptor is placed on AppDomain and Assembly (Unmanged) objects. +// AppDomain and Assembly could be from different zones. +// Security Descriptor could also be placed on a native frame. +// +/////////////////////////////////////////////////////////////////////////////// + +#define MAX_PASSED_DEMANDS 10 + +//------------------------------------------------------------------ +// +// ASSEMBLY SECURITY DESCRIPTOR +// +//------------------------------------------------------------------ + +#ifndef DACCESS_COMPILE +void StoreObjectInLazyHandle(LOADERHANDLE& handle, OBJECTREF ref, LoaderAllocator* la); +#endif +class AssemblySecurityDescriptor : public SecurityDescriptorBase<IAssemblySecurityDescriptor> +{ +public: + VPTR_VTABLE_CLASS(AssemblySecurityDescriptor, SecurityDescriptorBase<IAssemblySecurityDescriptor>) + +private: + PsetCacheEntry* m_arrPassedLinktimeDemands[MAX_PASSED_DEMANDS]; + DWORD m_dwNumPassedDemands; + + COR_TRUST *m_pSignature; // Contains the publisher, requested permission + SharedSecurityDescriptor *m_pSharedSecDesc; // Shared state for assemblies loaded into multiple appdomains + +#ifdef FEATURE_CAS_POLICY + LOADERHANDLE m_hRequiredPermissionSet; // Required Requested Permissions + LOADERHANDLE m_hOptionalPermissionSet; // Optional Requested Permissions + LOADERHANDLE m_hDeniedPermissionSet; // Denied Permissions + + BOOL m_fAdditionalEvidence; + BOOL m_fIsSignatureLoaded; + BOOL m_fAssemblyRequestsComputed; +#endif // FEATURE_CAS_POLICY + + BOOL m_fMicrosoftPlatform; + BOOL m_fAllowSkipVerificationInFullTrust; + +#ifndef DACCESS_COMPILE +public: + virtual SharedSecurityDescriptor *GetSharedSecDesc(); + + virtual BOOL CanAssert(); + virtual BOOL HasUnrestrictedUIPermission(); + virtual BOOL IsAllCritical(); + virtual BOOL IsAllSafeCritical(); + virtual BOOL IsAllPublicAreaSafeCritical(); + virtual BOOL IsAllTransparent(); + virtual BOOL IsSystem(); + BOOL QuickIsFullyTrusted(); + + BOOL CanSkipVerification(); + virtual BOOL AllowSkipVerificationInFullTrust(); + + virtual VOID Resolve(); + + virtual void ResolvePolicy(ISharedSecurityDescriptor *pSharedDesc, BOOL fShouldSkipPolicyResolution); + + AssemblySecurityDescriptor(AppDomain *pDomain, DomainAssembly *pAssembly, LoaderAllocator *pLoaderAllocator); + + inline BOOL AlreadyPassedDemand(PsetCacheEntry *pCasDemands); + inline void TryCachePassedDemand(PsetCacheEntry *pCasDemands); + Assembly* GetAssembly(); + +#ifndef DACCESS_COMPILE + virtual void PropagatePermissionSet(OBJECTREF GrantedPermissionSet, OBJECTREF DeniedPermissionSet, DWORD dwSpecialFlags); +#endif // !DACCESS_COMPILE + +#ifdef FEATURE_CAS_POLICY + virtual HRESULT LoadSignature(COR_TRUST **ppSignature = NULL); + virtual OBJECTREF GetEvidence(); + DWORD GetZone(); + + OBJECTREF GetRequestedPermissionSet(OBJECTREF *pOptionalPermissionSet, OBJECTREF *pDeniedPermissionSet); + + virtual void SetRequestedPermissionSet(OBJECTREF RequiredPermissionSet, + OBJECTREF OptionalPermissionSet, + OBJECTREF DeniedPermissionSet); + +#ifndef DACCESS_COMPILE + virtual void SetAdditionalEvidence(OBJECTREF evidence); + virtual BOOL HasAdditionalEvidence(); + virtual OBJECTREF GetAdditionalEvidence(); + virtual void SetEvidenceFromPEFile(IPEFileSecurityDescriptor *pPEFileSecDesc); +#endif // !DACCESS_COMPILE +#endif // FEATURE_CAS_POLICY + +#ifndef FEATURE_CORECLR + virtual BOOL AllowApplicationSpecifiedAppDomainManager(); +#endif // !FEATURE_CORECLR + + virtual void CheckAllowAssemblyLoad(); + +private: + BOOL CanSkipPolicyResolution(); + OBJECTREF UpgradePEFileEvidenceToAssemblyEvidence(const OBJECTREF& objPEFileEvidence); + + void ResolveWorker(); + +#ifdef FEATURE_CAS_POLICY + inline BOOL IsAssemblyRequestsComputed(); + inline BOOL IsSignatureLoaded(); + inline void SetSignatureLoaded(); +#endif + +#ifdef FEATURE_APTCA + // If you think you need to call this method, you're probably wrong. We shouldn't be making any + // security enforcement decisions based upon this result -- it's strictly for ensuring that we load + // conditional APTCA assemblies correctly. + inline BOOL IsConditionalAptca(); +#endif // FEATURE_APTCA + +#endif // #ifndef DACCESS_COMPILE +}; + + +// This really isn't in the SecurityDescriptor hierarchy, per-se. It's attached +// to the unmanaged assembly object and used to store common information when +// the assembly is shared across multiple appdomains. +class SharedSecurityDescriptor : public ISharedSecurityDescriptor +{ +private: + // Unmanaged assembly this descriptor is attached to. + Assembly *m_pAssembly; + + // All policy resolution is funnelled through the shared descriptor so we + // can guarantee everyone's using the same grant/denied sets. + BOOL m_fResolved; + BOOL m_fFullyTrusted; + BOOL m_fCanCallUnmanagedCode; + BOOL m_fCanAssert; + BOOL m_fMicrosoftPlatform; + +public: + SharedSecurityDescriptor(Assembly *pAssembly); + virtual ~SharedSecurityDescriptor() {} + + // All policy resolution is funnelled through the shared descriptor so we + // can guarantee everyone's using the same grant/denied sets. + virtual void Resolve(IAssemblySecurityDescriptor *pSecDesc = NULL); + virtual BOOL IsResolved() const; + + // Is this assembly a system assembly? + virtual BOOL IsSystem(); + virtual Assembly* GetAssembly(); + + BOOL IsFullyTrusted(); + BOOL CanCallUnmanagedCode() const; + BOOL CanAssert(); +}; + +#include "securitydescriptorassembly.inl" + +#endif // #define __SECURITYDESCRIPTOR_ASSEMBLY_H__ |