diff options
Diffstat (limited to 'src/vm/securitymeta.cpp')
-rw-r--r-- | src/vm/securitymeta.cpp | 245 |
1 files changed, 0 insertions, 245 deletions
diff --git a/src/vm/securitymeta.cpp b/src/vm/securitymeta.cpp index 3101416bae..dcb2eb765f 100644 --- a/src/vm/securitymeta.cpp +++ b/src/vm/securitymeta.cpp @@ -56,9 +56,6 @@ void FieldSecurityDescriptor::VerifyDataComputed() return; } -#ifndef FEATURE_CORECLR - FieldSecurityDescriptorTransparencyEtwEvents etw(this); -#endif // !FEATURE_CORECLR #ifdef _DEBUG // If we've setup a breakpoint when we compute the transparency of this field, then stop in the debugger @@ -283,9 +280,6 @@ void MethodSecurityDescriptor::ComputeCriticalTransparentInfo() } CONTRACTL_END; -#ifndef FEATURE_CORECLR - MethodSecurityDescriptorTransparencyEtwEvents etw(this); -#endif // !FEATURE_CORECLR MethodTable* pMT = m_pMD->GetMethodTable(); @@ -739,72 +733,6 @@ void MethodSecurityDescriptor::InvokeInheritanceChecks(MethodDesc *pChildMD) } } -#ifndef FEATURE_CORECLR - // Check CAS Inheritance - - // Early out if we're fully trusted - if (SecurityDeclarative::FullTrustCheckForLinkOrInheritanceDemand(pChildMD->GetAssembly())) - { - return; - } - - if (HasInheritanceDeclarativeSecurity()) - { -#ifdef CROSSGEN_COMPILE - // NGen is always full trust. This path should be unreachable. - CrossGenNotSupported("HasInheritanceDeclarativeSecurity()"); -#else // CROSSGEN_COMPILE - GCX_COOP(); - - OBJECTREF refCasDemands = NULL; - PsetCacheEntry* pCasDemands = NULL; - - HRESULT hr = GetDeclaredPermissionsWithCache(dclInheritanceCheck, &refCasDemands, &pCasDemands); - if (refCasDemands != NULL) - { - _ASSERTE(pCasDemands != NULL); - - // See if inheritor's assembly has passed this demand before - AssemblySecurityDescriptor *pInheritorAssem = static_cast<AssemblySecurityDescriptor*>(pChildMD->GetAssembly()->GetSecurityDescriptor()); - BOOL fSkipCheck = pInheritorAssem->AlreadyPassedDemand(pCasDemands); - - if (!fSkipCheck) - { - GCPROTECT_BEGIN(refCasDemands); - - // Perform the check (it's really just a LinkDemand) - SecurityStackWalk::LinkOrInheritanceCheck(pChildMD->GetAssembly()->GetSecurityDescriptor(), refCasDemands, pChildMD->GetAssembly(), dclInheritanceCheck); - - // Demand passed. Add it to the Inheritor's assembly's list of passed demands - pInheritorAssem->TryCachePassedDemand(pCasDemands); - - GCPROTECT_END(); - } - } - - // @todo -- non cas shouldn't be used for inheritance demands... - - // Check non-CAS Inheritance - OBJECTREF refNonCasDemands = NULL; - hr = GetDeclaredPermissionsWithCache( dclNonCasInheritance, &refNonCasDemands, NULL); - if (refNonCasDemands != NULL) - { - _ASSERTE(((PERMISSIONSETREF)refNonCasDemands)->CheckedForNonCas() && "Declarative permissions should have been checked for nonCAS in PermissionSet.CreateSerialized"); - if (((PERMISSIONSETREF)refNonCasDemands)->ContainsNonCas()) - { - GCPROTECT_BEGIN(refNonCasDemands); - - // Perform the check - MethodDescCallSite demand(METHOD__PERMISSION_SET__DEMAND_NON_CAS, &refNonCasDemands); - ARG_SLOT arg = ObjToArgSlot(refNonCasDemands); - demand.Call(&arg); - - GCPROTECT_END(); - } - } -#endif // CROSSGEN_COMPILE - } -#endif // FEATURE_CORECLR } MethodSecurityDescriptor::MethodImplementationIterator::MethodImplementationIterator(MethodDesc *pMD) @@ -1099,9 +1027,6 @@ void TypeSecurityDescriptor::ComputeCriticalTransparentInfo() } CONTRACTL_END; -#ifndef FEATURE_CORECLR - TypeSecurityDescriptorTransparencyEtwEvents etw(this); -#endif // !FEATURE_CORECLR #ifdef _DEBUG // If we've setup a breakpoint when we compute the transparency of this type, then stop in the debugger now @@ -1240,9 +1165,6 @@ void TypeSecurityDescriptor::ComputeCriticalTransparentInfo() // Update the cached values in the EE Class. g_IBCLogger.LogEEClassCOWTableAccess(m_pMT); pClass->SetCriticalTransparentInfo( -#ifndef FEATURE_CORECLR - typeFlags & (TypeSecurityDescriptorFlags_IsCritical | TypeSecurityDescriptorFlags_IsAllCritical), -#endif // FEATURE_CORECLR typeFlags & TypeSecurityDescriptorFlags_IsTreatAsSafe, typeFlags & TypeSecurityDescriptorFlags_IsAllTransparent, typeFlags & TypeSecurityDescriptorFlags_IsAllCritical); @@ -1484,73 +1406,6 @@ void TypeSecurityDescriptor::InvokeInheritanceChecks(MethodTable* pChildMT) } } -#ifndef FEATURE_CORECLR - // Fast path check - if (SecurityDeclarative::FullTrustCheckForLinkOrInheritanceDemand(pChildMT->GetAssembly())) - { - return; - } - - if (HasInheritanceDeclarativeSecurity()) - { -#ifdef CROSSGEN_COMPILE - // NGen is always full trust. This path should be unreachable. - CrossGenNotSupported("HasInheritanceDeclarativeSecurity()"); -#else // CROSSGEN_COMPILE - GCX_COOP(); - - // If we have a class that requires inheritance checks, - // then we require a thread to perform the checks. - // We won't have a thread when some of the system classes - // are preloaded, so make sure that none of them have - // inheritance checks. - _ASSERTE(GetThread() != NULL); - - struct - { - OBJECTREF refCasDemands; - OBJECTREF refNonCasDemands; - } - gc; - ZeroMemory(&gc, sizeof(gc)); - - GCPROTECT_BEGIN(gc); - - EEClass *pClass = m_pMT->GetClass(); - if (pClass->RequiresCasInheritanceCheck()) - { - GetDeclaredPermissionsWithCache(dclInheritanceCheck, &gc.refCasDemands, NULL); - } - - if (pClass->RequiresNonCasInheritanceCheck()) - { - GetDeclaredPermissionsWithCache(dclNonCasInheritance, &gc.refNonCasDemands, NULL); - } - - if (gc.refCasDemands != NULL) - { - SecurityStackWalk::LinkOrInheritanceCheck(pChildMT->GetAssembly()->GetSecurityDescriptor(), - gc.refCasDemands, - pChildMT->GetAssembly(), - dclInheritanceCheck); - } - - if (gc.refNonCasDemands != NULL) - { - _ASSERTE(((PERMISSIONSETREF)gc.refNonCasDemands)->CheckedForNonCas() && "Declarative permissions should have been checked for nonCAS in PermissionSet.CreateSerialized"); - if(((PERMISSIONSETREF)gc.refNonCasDemands)->ContainsNonCas()) - { - MethodDescCallSite demand(METHOD__PERMISSION_SET__DEMAND_NON_CAS, &gc.refNonCasDemands); - - ARG_SLOT arg = ObjToArgSlot(gc.refNonCasDemands); - demand.Call(&arg); - } - } - - GCPROTECT_END(); -#endif // CROSSGEN_COMPILE - } -#endif // FEATURE_CORECLR } // Module security descriptor contains static security information about the module @@ -1571,9 +1426,6 @@ void ModuleSecurityDescriptor::VerifyDataComputed() return; } -#ifndef FEATURE_CORECLR - ModuleSecurityDescriptorTransparencyEtwEvents etw(this); -#endif // !FEATURE_CORECLR // Read the security attributes from the assembly Assembly *pAssembly = m_pModule->GetAssembly(); @@ -1584,17 +1436,6 @@ void ModuleSecurityDescriptor::VerifyDataComputed() TokenSecurityDescriptorFlags tokenFlags = GetTokenFlags(); -#ifndef FEATURE_CORECLR - // Make sure we understand the security rule set being asked for - if (GetSecurityRuleSet() < SecurityRuleSet_Min || GetSecurityRuleSet() > SecurityRuleSet_Max) - { - // Unknown rule set - fail to load this module - SString strAssemblyName; - pAssembly->GetDisplayName(strAssemblyName); - COMPlusThrow(kFileLoadException, IDS_E_UNKNOWN_SECURITY_RULESET, strAssemblyName.GetUnicode()); - } - -#endif // !FEATURE_CORECLR // Get a transparency behavior object for the assembly. const SecurityTransparencyBehavior *pTransparencyBehavior = @@ -1707,40 +1548,6 @@ void ModuleSecurityDescriptor::VerifyDataComputed() _ASSERTE(m_flags == moduleFlags); } -#ifndef FEATURE_CORECLR - -// Determine if this assembly was build against a version of the runtime that only supported legacy transparency -BOOL ModuleSecurityDescriptor::AssemblyVersionRequiresLegacyTransparency() -{ - CONTRACTL - { - THROWS; - GC_TRIGGERS; - MODE_ANY; - SO_INTOLERANT; - } - CONTRACTL_END; - - BOOL fIsLegacyAssembly = FALSE; - - // Check the manifest version number to see if we're a v1 or v2 assembly. We specifically check for the - // manifest version to come back as a string that starts with either v1 or v2; if we get anything - // unexpected, we'll just use the default transparency implementation - LPCSTR szVersion = NULL; - IMDInternalImport *pmdImport = m_pModule->GetAssembly()->GetManifestImport(); - if (SUCCEEDED(pmdImport->GetVersionString(&szVersion))) - { - if (szVersion != NULL && strlen(szVersion) > 2) - { - fIsLegacyAssembly = szVersion[0] == 'v' && - (szVersion[1] == '1' || szVersion[1] == '2'); - } - } - - return fIsLegacyAssembly; -} - -#endif // !FEATURE_CORECLR ModuleSecurityDescriptor* ModuleSecurityDescriptor::GetModuleSecurityDescriptor(Assembly *pAssembly) { @@ -1938,31 +1745,6 @@ TokenSecurityDescriptorFlags TokenSecurityDescriptor::ReadSecurityAttributes(IMD { flags |= TokenSecurityDescriptorFlags_Critical; -#ifndef FEATURE_CORECLR - // Check the SecurityCriticalScope parameter - const BYTE *pbAttributeBlob; - ULONG cbAttributeBlob; - - if (FAILED(pmdImport->GetCustomAttributeAsBlob( - currentAttribute, - reinterpret_cast<const void **>(&pbAttributeBlob), - &cbAttributeBlob))) - { - continue; - } - CustomAttributeParser cap(pbAttributeBlob, cbAttributeBlob); - if (SUCCEEDED(cap.SkipProlog())) - { - UINT32 dwCriticalFlags; - if (SUCCEEDED(cap.GetU4(&dwCriticalFlags))) - { - if (dwCriticalFlags == SecurityCriticalFlags_All) - { - flags |= TokenSecurityDescriptorFlags_AllCritical; - } - } - } -#endif // !FEATURE_CORECLR } else if (strcmp(g_SecuritySafeCriticalAttribute + sizeof(g_SecurityNS), szAttributeName) == 0) { @@ -1972,30 +1754,6 @@ TokenSecurityDescriptorFlags TokenSecurityDescriptor::ReadSecurityAttributes(IMD { flags |= TokenSecurityDescriptorFlags_Transparent; } -#ifndef FEATURE_CORECLR - else if (strcmp(g_SecurityRulesAttribute + sizeof(g_SecurityNS), szAttributeName) == 0) - { - const BYTE *pbAttributeBlob; - ULONG cbAttributeBlob; - - if (FAILED(pmdImport->GetCustomAttributeAsBlob( - currentAttribute, - reinterpret_cast<const void **>(&pbAttributeBlob), - &cbAttributeBlob))) - { - continue; - } - - TokenSecurityDescriptorFlags securityRulesFlags = - ParseSecurityRulesAttribute(pbAttributeBlob, cbAttributeBlob); - - flags |= securityRulesFlags; - } - else if (strcmp(g_SecurityTreatAsSafeAttribute + sizeof(g_SecurityNS), szAttributeName) == 0) - { - flags |= TokenSecurityDescriptorFlags_TreatAsSafe; - } -#endif // !FEATURE_CORECLR } } @@ -2023,9 +1781,6 @@ void TokenSecurityDescriptor::VerifySemanticDataComputed() return; } -#ifndef FEATURE_CORECLR - TokenSecurityDescriptorTransparencyEtwEvents etw(this); -#endif // !FEATURE_CORECLR bool fIsSemanticallyCritical = false; bool fIsSemanticallyTreatAsSafe = false; |