diff options
Diffstat (limited to 'src/vm')
74 files changed, 101 insertions, 2290 deletions
diff --git a/src/vm/CMakeLists.txt b/src/vm/CMakeLists.txt index aab8d536f8..65faacf221 100644 --- a/src/vm/CMakeLists.txt +++ b/src/vm/CMakeLists.txt @@ -101,7 +101,6 @@ set(VM_SOURCES_DAC_AND_WKS_COMMON precode.cpp prestub.cpp rejit.cpp - security.cpp sigformat.cpp siginfo.cpp spinlock.cpp diff --git a/src/vm/appdomain.cpp b/src/vm/appdomain.cpp index 2f1a7c925a..78ebe50c26 100644 --- a/src/vm/appdomain.cpp +++ b/src/vm/appdomain.cpp @@ -8,7 +8,6 @@ #include "appdomain.hpp" #include "peimagelayout.inl" #include "field.h" -#include "security.h" #include "strongnameinternal.h" #include "excep.h" #include "eeconfig.h" @@ -2715,9 +2714,6 @@ void SystemDomain::LoadBaseSystemClasses() // Load Object g_pObjectClass = MscorlibBinder::GetClass(CLASS__OBJECT); - // get the Object::.ctor method desc so we can special-case it - g_pObjectCtorMD = MscorlibBinder::GetMethod(METHOD__OBJECT__CTOR); - // Now that ObjectClass is loaded, we can set up // the system for finalizers. There is no point in deferring this, since we need // to know this before we allocate our first object. @@ -3741,10 +3737,6 @@ StackWalkAction SystemDomain::CallersMethodCallback(CrawlFrame* pCf, VOID* data) /* We asked to be called back only for functions */ _ASSERTE(pFunc); - // Ignore intercepted frames - if(pFunc->IsInterceptedForDeclSecurity()) - return SWA_CONTINUE; - CallersData* pCaller = (CallersData*) data; if(pCaller->skip == 0) { pCaller->pMethod = pFunc; diff --git a/src/vm/appdomainnative.cpp b/src/vm/appdomainnative.cpp index 41259897c0..0ee950c85b 100644 --- a/src/vm/appdomainnative.cpp +++ b/src/vm/appdomainnative.cpp @@ -7,7 +7,6 @@ #include "common.h" #include "appdomain.hpp" #include "appdomainnative.hpp" -#include "security.h" #include "vars.hpp" #include "eeconfig.h" #include "appdomain.inl" diff --git a/src/vm/arm/stubs.cpp b/src/vm/arm/stubs.cpp index 05ffed49da..9b8d6afb29 100644 --- a/src/vm/arm/stubs.cpp +++ b/src/vm/arm/stubs.cpp @@ -19,7 +19,6 @@ #include "eeconfig.h" #include "cgensys.h" #include "asmconstants.h" -#include "security.h" #include "virtualcallstub.h" #include "gcdump.h" #include "rtlfunctions.h" diff --git a/src/vm/assembly.cpp b/src/vm/assembly.cpp index c9a995452c..32a7cd9969 100644 --- a/src/vm/assembly.cpp +++ b/src/vm/assembly.cpp @@ -18,7 +18,6 @@ #include "assembly.hpp" #include "appdomain.hpp" -#include "security.h" #include "perfcounters.h" #include "assemblyname.hpp" diff --git a/src/vm/assemblyname.cpp b/src/vm/assemblyname.cpp index bc6034ae63..f0ed60bb6d 100644 --- a/src/vm/assemblyname.cpp +++ b/src/vm/assemblyname.cpp @@ -20,7 +20,6 @@ #include <shlwapi.h> #include "assemblyname.hpp" -#include "security.h" #include "field.h" #include "strongname.h" #include "eeconfig.h" @@ -111,7 +110,7 @@ FCIMPL1(Object*, AssemblyNameNative::GetPublicKeyToken, Object* refThisUNSAFE) { FCALL_CONTRACT; - OBJECTREF orOutputArray = NULL; + U1ARRAYREF orOutputArray = NULL; OBJECTREF refThis = (OBJECTREF) refThisUNSAFE; HELPER_METHOD_FRAME_BEGIN_RET_1(refThis); @@ -137,7 +136,8 @@ FCIMPL1(Object*, AssemblyNameNative::GetPublicKeyToken, Object* refThisUNSAFE) } } - Security::CopyEncodingToByteArray(pbToken, cb, &orOutputArray); + orOutputArray = (U1ARRAYREF)AllocatePrimitiveArray(ELEMENT_TYPE_U1, cb); + memcpyNoGCRefs(orOutputArray->m_Array, pbToken, cb); } HELPER_METHOD_FRAME_END(); diff --git a/src/vm/assemblynative.cpp b/src/vm/assemblynative.cpp index d1ae07dc64..f0cfe9376c 100644 --- a/src/vm/assemblynative.cpp +++ b/src/vm/assemblynative.cpp @@ -23,7 +23,6 @@ #include "field.h" #include "assemblyname.hpp" #include "eeconfig.h" -#include "security.h" #include "strongname.h" #include "interoputil.h" #include "frames.h" diff --git a/src/vm/assemblyspec.cpp b/src/vm/assemblyspec.cpp index 9ec1d97086..502877d95a 100644 --- a/src/vm/assemblyspec.cpp +++ b/src/vm/assemblyspec.cpp @@ -19,7 +19,6 @@ #include <stdlib.h> #include "assemblyspec.hpp" -#include "security.h" #include "eeconfig.h" #include "strongname.h" #include "strongnameholders.h" @@ -527,13 +526,13 @@ void AssemblySpec::AssemblyNameInit(ASSEMBLYNAMEREF* pAsmName, PEImage* pImageIn strCtor.Call(args); } - // public key or token byte array if (m_pbPublicKeyOrToken) - Security::CopyEncodingToByteArray((BYTE*) m_pbPublicKeyOrToken, - m_cbPublicKeyOrToken, - (OBJECTREF*) &gc.PublicKeyOrToken); + { + gc.PublicKeyOrToken = (U1ARRAYREF)AllocatePrimitiveArray(ELEMENT_TYPE_U1, m_cbPublicKeyOrToken); + memcpyNoGCRefs(gc.PublicKeyOrToken->m_Array, m_pbPublicKeyOrToken, m_cbPublicKeyOrToken); + } // simple name if(GetName()) diff --git a/src/vm/ceeload.cpp b/src/vm/ceeload.cpp index 074d241798..bec7372bd1 100644 --- a/src/vm/ceeload.cpp +++ b/src/vm/ceeload.cpp @@ -20,7 +20,6 @@ #include "reflectclasswriter.h" #include "method.hpp" #include "stublink.h" -#include "security.h" #include "cgensys.h" #include "excep.h" #include "dbginterface.h" @@ -14083,97 +14082,6 @@ LPCWSTR Module::GetPathForErrorMessages() } } -#ifndef DACCESS_COMPILE -BOOL IsVerifiableWrapper(MethodDesc* pMD) -{ - BOOL ret = FALSE; - //EX_TRY contains _alloca, so I can't use this inside of a loop. 4wesome. - EX_TRY - { - ret = pMD->IsVerifiable(); - } - EX_CATCH - { - //if the method has a security exception, it will fly through IsVerifiable. Shunt - //to the unverifiable path below. - } - EX_END_CATCH(RethrowTerminalExceptions) - return ret; -} -#endif //DACCESS_COMPILE -void Module::VerifyAllMethods() -{ - CONTRACTL - { - THROWS; - GC_TRIGGERS; - MODE_ANY; - } - CONTRACTL_END; -#ifndef DACCESS_COMPILE - //If the EE isn't started yet, it's not safe to jit. We fail in COM jitting a p/invoke. - if (!g_fEEStarted) - return; - - struct Local - { - static bool VerifyMethodsForTypeDef(Module * pModule, mdTypeDef td) - { - bool ret = true; - TypeHandle th = ClassLoader::LoadTypeDefThrowing(pModule, td, ClassLoader::ThrowIfNotFound, - ClassLoader::PermitUninstDefOrRef); - - MethodTable * pMT = th.GetMethodTable(); - MethodTable::MethodIterator it(pMT); - for (; it.IsValid(); it.Next()) - { - MethodDesc * pMD = it.GetMethodDesc(); - if (pMD->HasILHeader() && Security::IsMethodTransparent(pMD) - && (g_pObjectCtorMD != pMD)) - { - if (!IsVerifiableWrapper(pMD)) - { -#ifdef _DEBUG - SString s; - if (LoggingOn(LF_VERIFIER, LL_ERROR)) - TypeString::AppendMethodDebug(s, pMD); - LOG((LF_VERIFIER, LL_ERROR, "Transparent Method (0x%p), %S is unverifiable\n", - pMD, s.GetUnicode())); -#endif - ret = false; - } - } - } - return ret; - } - }; - //Verify all methods in a module eagerly, forcing them to get loaded. - - IMDInternalImport * pMDI = GetMDImport(); - HENUMTypeDefInternalHolder hEnum(pMDI); - mdTypeDef td; - hEnum.EnumTypeDefInit(); - - bool isAllVerifiable = true; - //verify global methods - if (GetGlobalMethodTable()) - { - //verify everything in the MT. - if (!Local::VerifyMethodsForTypeDef(this, COR_GLOBAL_PARENT_TOKEN)) - isAllVerifiable = false; - } - while (pMDI->EnumTypeDefNext(&hEnum, &td)) - { - //verify everything - if (!Local::VerifyMethodsForTypeDef(this, td)) - isAllVerifiable = false; - } - if (!isAllVerifiable) - EEFileLoadException::Throw(GetFile(), COR_E_VERIFICATION); -#endif //DACCESS_COMPILE -} - - #if defined(_DEBUG) && !defined(DACCESS_COMPILE) && !defined(CROSS_COMPILE) void Module::ExpandAll() { @@ -14275,9 +14183,6 @@ void Module::ExpandAll() }; //Jit all methods eagerly - /* XXX Thu 4/26/2007 - * This code is lifted mostly from code:Module::VerifyAllMethods - */ IMDInternalImport * pMDI = GetMDImport(); HENUMTypeDefInternalHolder hEnum(pMDI); mdTypeDef td; diff --git a/src/vm/ceeload.h b/src/vm/ceeload.h index 99b4ad8f35..987ace0ae2 100644 --- a/src/vm/ceeload.h +++ b/src/vm/ceeload.h @@ -3259,8 +3259,6 @@ protected: public: - void VerifyAllMethods(); - CrstBase *GetLookupTableCrst() { LIMITED_METHOD_CONTRACT; diff --git a/src/vm/ceemain.cpp b/src/vm/ceemain.cpp index f28785bc21..0bc7f4994a 100644 --- a/src/vm/ceemain.cpp +++ b/src/vm/ceemain.cpp @@ -137,7 +137,6 @@ #include "stackwalk.h" #include "gcheaputilities.h" #include "interoputil.h" -#include "security.h" #include "fieldmarshaler.h" #include "dbginterface.h" #include "eedbginterfaceimpl.h" @@ -1111,12 +1110,6 @@ void EEStartupHelper(COINITIEE fFlags) SystemDomain::SystemModule()->ExpandAll(); } - //For a similar reason, let's not run VerifyAllOnLoad either. - if (g_pConfig->VerifyModulesOnLoad()) - { - SystemDomain::SystemModule()->VerifyAllMethods(); - } - // Perform mscorlib consistency check if requested g_Mscorlib.CheckExtended(); diff --git a/src/vm/class.cpp b/src/vm/class.cpp index 6697b23a9a..2210a14620 100644 --- a/src/vm/class.cpp +++ b/src/vm/class.cpp @@ -5,12 +5,6 @@ // File: CLASS.CPP // - -// - -// -// ============================================================================ - #include "common.h" #include "dllimport.h" diff --git a/src/vm/class.h b/src/vm/class.h index 60cab67707..9a8b78a788 100644 --- a/src/vm/class.h +++ b/src/vm/class.h @@ -2,19 +2,11 @@ // The .NET Foundation licenses this file to you under the MIT license. // See the LICENSE file in the project root for more information. -// ==++== -// -// - -// // ==--== // // File: CLASS.H // - -// - // // NOTE: Even though EEClass is considered to contain cold data (relative to MethodTable), these data // structures *are* touched (especially during startup as part of soft-binding). As a result, and given the @@ -1300,77 +1292,6 @@ public: } #endif - inline BOOL IsCritical() - { - LIMITED_METHOD_CONTRACT; - _ASSERTE(HasCriticalTransparentInfo()); - return (m_VMFlags & VMFLAG_TRANSPARENCY_MASK) != VMFLAG_TRANSPARENCY_TRANSPARENT - && !IsAllTransparent(); - } - - inline BOOL IsTreatAsSafe() - { - LIMITED_METHOD_CONTRACT; - _ASSERTE(HasCriticalTransparentInfo()); - return (m_VMFlags & VMFLAG_TRANSPARENCY_MASK) == VMFLAG_TRANSPARENCY_ALLCRITICAL_TAS || - (m_VMFlags & VMFLAG_TRANSPARENCY_MASK) == VMFLAG_TRANSPARENCY_TAS_NOTCRITICAL - ; - } - - inline BOOL IsAllTransparent() - { - LIMITED_METHOD_CONTRACT; - _ASSERTE(HasCriticalTransparentInfo()); - return (m_VMFlags & VMFLAG_TRANSPARENCY_MASK) == VMFLAG_TRANSPARENCY_ALL_TRANSPARENT; - } - - inline BOOL IsAllCritical() - { - LIMITED_METHOD_CONTRACT; - _ASSERTE(HasCriticalTransparentInfo()); - return (m_VMFlags & VMFLAG_TRANSPARENCY_MASK) == VMFLAG_TRANSPARENCY_ALLCRITICAL - || (m_VMFlags & VMFLAG_TRANSPARENCY_MASK) == VMFLAG_TRANSPARENCY_ALLCRITICAL_TAS; - } - - inline BOOL HasCriticalTransparentInfo() - { - LIMITED_METHOD_CONTRACT; - return (m_VMFlags & VMFLAG_TRANSPARENCY_MASK) != VMFLAG_TRANSPARENCY_UNKNOWN; - } - - void SetCriticalTransparentInfo( - BOOL fIsTreatAsSafe, - BOOL fIsAllTransparent, - BOOL fIsAllCritical) - { - WRAPPER_NO_CONTRACT; - - // TAS wihtout critical doesn't make sense - although it was allowed in the v2 desktop model, - // so we need to allow it for compatibility reasons on the desktop. - _ASSERTE(!fIsTreatAsSafe || fIsAllCritical); - - //if nothing is set, then we're transparent. - unsigned flags = VMFLAG_TRANSPARENCY_TRANSPARENT; - - if (fIsAllTransparent) - { - flags = VMFLAG_TRANSPARENCY_ALL_TRANSPARENT; - } - else if (fIsAllCritical) - { - flags = fIsTreatAsSafe ? VMFLAG_TRANSPARENCY_ALLCRITICAL_TAS : - VMFLAG_TRANSPARENCY_ALLCRITICAL; - } - else - { - flags = fIsTreatAsSafe ? VMFLAG_TRANSPARENCY_TAS_NOTCRITICAL : - VMFLAG_TRANSPARENCY_TRANSPARENT; - } - - FastInterlockOr(EnsureWritablePages(&m_VMFlags), flags); - - _ASSERTE(HasCriticalTransparentInfo()); - } inline DWORD IsUnsafeValueClass() { LIMITED_METHOD_CONTRACT; @@ -1398,29 +1319,6 @@ public: } public: - - inline void SetDoesNotHaveSuppressUnmanagedCodeAccessAttr() - { - WRAPPER_NO_CONTRACT; - FastInterlockOr(EnsureWritablePages(&m_VMFlags),VMFLAG_NOSUPPRESSUNMGDCODEACCESS); - } - - inline BOOL HasSuppressUnmanagedCodeAccessAttr() - { - LIMITED_METHOD_CONTRACT; - return !(m_VMFlags & VMFLAG_NOSUPPRESSUNMGDCODEACCESS); - } - - inline BOOL HasRemotingProxyAttribute() - { - LIMITED_METHOD_CONTRACT; - return m_VMFlags & VMFLAG_REMOTING_PROXY_ATTRIBUTE; - } - inline void SetHasRemotingProxyAttribute() - { - LIMITED_METHOD_CONTRACT; - m_VMFlags |= (DWORD)VMFLAG_REMOTING_PROXY_ATTRIBUTE; - } inline BOOL IsAlign8Candidate() { LIMITED_METHOD_CONTRACT; @@ -1519,11 +1417,6 @@ public: m_VMFlags |= VMFLAG_DELEGATE; } - // This is only applicable to interfaces. This method does not - // provide correct information for non-interface types. - DWORD SomeMethodsRequireInheritanceCheck(); - void SetSomeMethodsRequireInheritanceCheck(); - BOOL HasFixedAddressVTStatics() { LIMITED_METHOD_CONTRACT; @@ -2014,35 +1907,7 @@ public: #endif VMFLAG_DELEGATE = 0x00000002, - //Desktop - // -------------- - //Flag | All Transparent | Critical | All Critical | TreatAsSafe - //TRANSPARENT | 0 | 0 | 0 | 0 - //ALL_TRANSPARENT | 1 | 0 | 0 | 0 - //CRITICAL | 0 | 1 | 0 | 0 - //TAS_CRITICAL | 0 | 1 | 0 | 1 - //ALLCRITICAL | 0 | 0 | 1 | 0 - //ALLCRITICAL_TAS | 0 | 0 | 1 | 1 - //TAS_NOTCRITICAL | 0 | 0 | 0 | 1 - // - // - //On CoreCLR TAS implies Critical and "All Critical" and "Critical" are the same thing. - //CoreCLR - // -------------- - //Flag | All Transparent | Critical | TreatAsSafe - //TRANSPARENT | 0 | 0 | 0 - //ALL_TRANSPARENT | 1 | 0 | 0 - //CRITICAL | 0 | 1 | 0 - //TAS_CRITICAL | 0 | 1 | 1 - VMFLAG_TRANSPARENCY_MASK = 0x0000001c, - VMFLAG_TRANSPARENCY_UNKNOWN = 0x00000000, - VMFLAG_TRANSPARENCY_TRANSPARENT = 0x00000004, - VMFLAG_TRANSPARENCY_ALL_TRANSPARENT = 0x00000008, - VMFLAG_TRANSPARENCY_CRITICAL = 0x0000000c, - VMFLAG_TRANSPARENCY_CRITICAL_TAS = 0x00000010, - VMFLAG_TRANSPARENCY_ALLCRITICAL = 0x00000014, - VMFLAG_TRANSPARENCY_ALLCRITICAL_TAS = 0x00000018, - VMFLAG_TRANSPARENCY_TAS_NOTCRITICAL = 0x0000001c, + // VMFLAG_UNUSED = 0x0000001c, VMFLAG_FIXED_ADDRESS_VT_STATICS = 0x00000020, // Value type Statics in this class will be pinned VMFLAG_HASLAYOUT = 0x00000040, @@ -2068,13 +1933,13 @@ public: VMFLAG_BESTFITMAPPING = 0x00004000, // BestFitMappingAttribute.Value VMFLAG_THROWONUNMAPPABLECHAR = 0x00008000, // BestFitMappingAttribute.ThrowOnUnmappableChar - VMFLAG_NOSUPPRESSUNMGDCODEACCESS = 0x00010000, + // unused = 0x00010000, VMFLAG_NO_GUID = 0x00020000, VMFLAG_HASNONPUBLICFIELDS = 0x00040000, - VMFLAG_REMOTING_PROXY_ATTRIBUTE = 0x00080000, + // unused = 0x00080000, VMFLAG_CONTAINS_STACK_PTR = 0x00100000, VMFLAG_PREFER_ALIGN8 = 0x00200000, // Would like to have 8-byte alignment - VMFLAG_METHODS_REQUIRE_INHERITANCE_CHECKS = 0x00400000, + // unused = 0x00400000, #ifdef FEATURE_COMINTEROP VMFLAG_SPARSE_FOR_COMINTEROP = 0x00800000, diff --git a/src/vm/class.inl b/src/vm/class.inl index 78e05cdd14..d411f817d2 100644 --- a/src/vm/class.inl +++ b/src/vm/class.inl @@ -5,12 +5,6 @@ // File: CLASS.INL // - -// - -// -// ============================================================================ - #ifndef _CLASS_INL_ #define _CLASS_INL_ //*************************************************************************************** @@ -20,18 +14,6 @@ inline PTR_MethodDescChunk EEClass::GetChunks() return m_pChunks.GetValueMaybeNull(PTR_HOST_MEMBER_TADDR(EEClass, this, m_pChunks)); } -//*************************************************************************************** -inline DWORD EEClass::SomeMethodsRequireInheritanceCheck() -{ - return (m_VMFlags & VMFLAG_METHODS_REQUIRE_INHERITANCE_CHECKS); -} - -//*************************************************************************************** -inline void EEClass::SetSomeMethodsRequireInheritanceCheck() -{ - m_VMFlags = m_VMFlags | VMFLAG_METHODS_REQUIRE_INHERITANCE_CHECKS; -} - //******************************************************************************* #ifndef DACCESS_COMPILE // Set default values for optional fields. diff --git a/src/vm/classcompat.cpp b/src/vm/classcompat.cpp index 84ec3958ce..384e63fefb 100644 --- a/src/vm/classcompat.cpp +++ b/src/vm/classcompat.cpp @@ -31,7 +31,6 @@ #include "fieldmarshaler.h" #include "cgensys.h" #include "gcheaputilities.h" -#include "security.h" #include "dbginterface.h" #include "comdelegate.h" #include "sigformat.h" @@ -1307,11 +1306,6 @@ VOID MethodTableBuilder::BuildInteropVTable_PlaceVtableMethods( // The interface we are attempting to place MethodTable *pInterface = pCurItfInfo->m_pMethodTable; - _ASSERTE(!(pCurItfInfo->IsDeclaredOnClass() && - !pInterface->IsExternallyVisible() && - pInterface->GetAssembly() != bmtType->pModule->GetAssembly() && - !Security::CanSkipVerification(GetAssembly()->GetDomainAssembly()))); - // Did we place this interface already due to the parent class's interface placement? if (pCurItfInfo->GetInteropStartSlot() != MethodTable::NO_SLOT) { diff --git a/src/vm/clsload.cpp b/src/vm/clsload.cpp index 2e91672184..bb71f0b6ed 100644 --- a/src/vm/clsload.cpp +++ b/src/vm/clsload.cpp @@ -23,7 +23,6 @@ #include "comsynchronizable.h" #include "threads.h" #include "dllimport.h" -#include "security.h" #include "dbginterface.h" #include "log.h" #include "eeconfig.h" @@ -4869,27 +4868,6 @@ StaticAccessCheckContext::StaticAccessCheckContext(MethodDesc* pCallerMethod, Me m_pCallerAssembly = pCallerType->GetAssembly(); } -// Critical callers do not need the extra access checks -bool StaticAccessCheckContext::IsCallerCritical() -{ - CONTRACTL - { - THROWS; - GC_TRIGGERS; - MODE_ANY; - } - CONTRACTL_END; - - if (m_pCallerMethod == NULL || !Security::IsMethodTransparent(m_pCallerMethod)) - { - return true; - } - - return false; -} - - - //****************************************************************************** // static @@ -4911,8 +4889,7 @@ void AccessCheckOptions::Startup() //****************************************************************************** AccessCheckOptions::AccessCheckOptions( const AccessCheckOptions & templateOptions, - BOOL throwIfTargetIsInaccessible, - BOOL skipCheckForCriticalCode /*=FALSE*/) : + BOOL throwIfTargetIsInaccessible) : m_pAccessContext(templateOptions.m_pAccessContext) { WRAPPER_NO_CONTRACT; @@ -4922,8 +4899,7 @@ AccessCheckOptions::AccessCheckOptions( throwIfTargetIsInaccessible, templateOptions.m_pTargetMT, templateOptions.m_pTargetMethod, - templateOptions.m_pTargetField, - skipCheckForCriticalCode); + templateOptions.m_pTargetField); } //****************************************************************************** @@ -4978,36 +4954,15 @@ BOOL AccessCheckOptions::DemandMemberAccess(AccessCheckContext *pContext, Method // classes/members in app code. if (m_accessCheckType != kMemberAccess && pTargetMT) { - if (visibilityCheck && Security::IsTransparencyEnforcementEnabled()) - { - // In CoreCLR RMA means visibility checks always succeed if the target is user code. - if (m_accessCheckType == kRestrictedMemberAccess || m_accessCheckType == kRestrictedMemberAccessNoTransparency) - return TRUE; - - // Accessing private types/members in platform code. - fAccessingFrameworkCode = TRUE; - } - else - { - // We allow all transparency checks to succeed in LCG methods and reflection invocation. - if (m_accessCheckType == kNormalAccessNoTransparency || m_accessCheckType == kRestrictedMemberAccessNoTransparency) - return TRUE; - } + // We allow all transparency checks to succeed in LCG methods and reflection invocation. + if (m_accessCheckType == kNormalAccessNoTransparency || m_accessCheckType == kRestrictedMemberAccessNoTransparency) + return TRUE; } // Always allow interop (NULL) callers full access. if (pContext->IsCalledFromInterop()) return TRUE; - MethodDesc* pCallerMD = pContext->GetCallerMethod(); - - // critical code is exempted from all accessibility rules, regardless of the AccessCheckType. - if (pCallerMD != NULL && - !Security::IsMethodTransparent(pCallerMD)) - { - return TRUE; - } - // No Access if (m_fThrowIfTargetIsInaccessible) { @@ -5090,15 +5045,6 @@ BOOL AccessCheckOptions::DemandMemberAccessOrFail(AccessCheckContext *pContext, } CONTRACTL_END; - // m_fSkipCheckForCriticalCode is only ever set to true for CanAccessMemberForExtraChecks. - // For legacy compat we allow the access check to succeed for all AccessCheckType if the caller is critical. - if (m_fSkipCheckForCriticalCode) - { - if (pContext->IsCalledFromInterop() || - !Security::IsMethodTransparent(pContext->GetCallerMethod())) - return TRUE; - } - if (DoNormalAccessibilityChecks()) { if (pContext->GetCallerAssembly()->IgnoresAccessChecksTo(pTargetMT->GetAssembly())) @@ -5131,15 +5077,6 @@ BOOL AccessCheckOptions::FailOrThrow(AccessCheckContext *pContext) const } CONTRACTL_END; - // m_fSkipCheckForCriticalCode is only ever set to true for CanAccessMemberForExtraChecks. - // For legacy compat we allow the access check to succeed for all AccessCheckType if the caller is critical. - if (m_fSkipCheckForCriticalCode) - { - if (pContext->IsCalledFromInterop() || - !Security::IsMethodTransparent(pContext->GetCallerMethod())) - return TRUE; - } - if (m_fThrowIfTargetIsInaccessible) { ThrowAccessException(pContext); @@ -5151,7 +5088,6 @@ BOOL AccessCheckOptions::FailOrThrow(AccessCheckContext *pContext) const // Generate access exception context strings that are due to potential security misconfiguration void GetAccessExceptionAdditionalContextForSecurity(Assembly *pAccessingAssembly, Assembly *pTargetAssembly, - BOOL isTransparencyError, BOOL fAccessingFrameworkCode, StringArrayList *pContextInformation) { @@ -5182,7 +5118,6 @@ void GetAccessExceptionAdditionalContextForSecurity(Assembly *pAccessingAssembly // context is available, then this returns SString.Empty. SString GetAdditionalAccessExceptionContext(Assembly *pAccessingAssembly, Assembly *pTargetAssembly, - BOOL isTransparencyError, BOOL fAccessingFrameworkCode) { CONTRACTL @@ -5200,7 +5135,6 @@ SString GetAdditionalAccessExceptionContext(Assembly *pAccessingAssembly, // See if the exception may have been caused by security GetAccessExceptionAdditionalContextForSecurity(pAccessingAssembly, pTargetAssembly, - isTransparencyError, fAccessingFrameworkCode, &contextComponents); @@ -5236,15 +5170,10 @@ void DECLSPEC_NORETURN ThrowFieldAccessException(AccessCheckContext* pContext, } CONTRACTL_END; - BOOL isTransparencyError = FALSE; - MethodDesc* pCallerMD = pContext->GetCallerMethod(); - if (pCallerMD != NULL) - isTransparencyError = !Security::CheckCriticalAccess(pContext, NULL, pFD, NULL); ThrowFieldAccessException(pCallerMD, pFD, - isTransparencyError, messageID, pInnerException, fAccessingFrameworkCode); @@ -5252,7 +5181,6 @@ void DECLSPEC_NORETURN ThrowFieldAccessException(AccessCheckContext* pContext, void DECLSPEC_NORETURN ThrowFieldAccessException(MethodDesc* pCallerMD, FieldDesc *pFD, - BOOL isTransparencyError, UINT messageID /* = 0 */, Exception *pInnerException /* = NULL */, BOOL fAccessingFrameworkCode /* = FALSE */) @@ -5271,22 +5199,11 @@ void DECLSPEC_NORETURN ThrowFieldAccessException(MethodDesc* pCallerMD, { if (messageID == 0) { - // Figure out if we can give a specific reason why this field access was rejected - for instance, if - // we see that the caller is transparent and accessing a critical field, then we can put that - // information into the exception message. - if (isTransparencyError) - { - messageID = IDS_E_CRITICAL_FIELD_ACCESS_DENIED; - } - else - { - messageID = IDS_E_FIELDACCESS; - } + messageID = IDS_E_FIELDACCESS; } SString strAdditionalContext = GetAdditionalAccessExceptionContext(pCallerMD->GetAssembly(), pFD->GetApproxEnclosingMethodTable()->GetAssembly(), - isTransparencyError, fAccessingFrameworkCode); EX_THROW_WITH_INNER(EEFieldException, (pFD, pCallerMD, strAdditionalContext, messageID), pInnerException); @@ -5313,15 +5230,10 @@ void DECLSPEC_NORETURN ThrowMethodAccessException(AccessCheckContext* pContext, } CONTRACTL_END; - BOOL isTransparencyError = FALSE; - MethodDesc* pCallerMD = pContext->GetCallerMethod(); - if (pCallerMD != NULL) - isTransparencyError = !Security::CheckCriticalAccess(pContext, pCalleeMD, NULL, NULL); ThrowMethodAccessException(pCallerMD, pCalleeMD, - isTransparencyError, messageID, pInnerException, fAccessingFrameworkCode); @@ -5329,7 +5241,6 @@ void DECLSPEC_NORETURN ThrowMethodAccessException(AccessCheckContext* pContext, void DECLSPEC_NORETURN ThrowMethodAccessException(MethodDesc* pCallerMD, MethodDesc *pCalleeMD, - BOOL isTransparencyError, UINT messageID /* = 0 */, Exception *pInnerException /* = NULL */, BOOL fAccessingFrameworkCode /* = FALSE */) @@ -5348,22 +5259,11 @@ void DECLSPEC_NORETURN ThrowMethodAccessException(MethodDesc* pCallerMD, { if (messageID == 0) { - // Figure out if we can give a specific reason why this method access was rejected - for instance, if - // we see that the caller is transparent and the callee is critical, then we can put that - // information into the exception message. - if (isTransparencyError) - { - messageID = IDS_E_CRITICAL_METHOD_ACCESS_DENIED; - } - else - { - messageID = IDS_E_METHODACCESS; - } + messageID = IDS_E_METHODACCESS; } SString strAdditionalContext = GetAdditionalAccessExceptionContext(pCallerMD->GetAssembly(), pCalleeMD->GetAssembly(), - isTransparencyError, fAccessingFrameworkCode); EX_THROW_WITH_INNER(EEMethodException, (pCalleeMD, pCallerMD, strAdditionalContext, messageID), pInnerException); @@ -5390,15 +5290,10 @@ void DECLSPEC_NORETURN ThrowTypeAccessException(AccessCheckContext* pContext, } CONTRACTL_END; - BOOL isTransparencyError = FALSE; - MethodDesc* pCallerMD = pContext->GetCallerMethod(); - if (pCallerMD != NULL) - isTransparencyError = !Security::CheckCriticalAccess(pContext, NULL, NULL, pMT); ThrowTypeAccessException(pCallerMD, pMT, - isTransparencyError, messageID, pInnerException, fAccessingFrameworkCode); @@ -5406,7 +5301,6 @@ void DECLSPEC_NORETURN ThrowTypeAccessException(AccessCheckContext* pContext, void DECLSPEC_NORETURN ThrowTypeAccessException(MethodDesc* pCallerMD, MethodTable *pMT, - BOOL isTransparencyError, UINT messageID /* = 0 */, Exception *pInnerException /* = NULL */, BOOL fAccessingFrameworkCode /* = FALSE */) @@ -5425,22 +5319,11 @@ void DECLSPEC_NORETURN ThrowTypeAccessException(MethodDesc* pCallerMD, { if (messageID == 0) { - // Figure out if we can give a specific reason why this type access was rejected - for instance, if - // we see that the caller is transparent and is accessing a critical type, then we can put that - // information into the exception message. - if (isTransparencyError) - { - messageID = IDS_E_CRITICAL_TYPE_ACCESS_DENIED; - } - else - { - messageID = IDS_E_TYPEACCESS; - } + messageID = IDS_E_TYPEACCESS; } SString strAdditionalContext = GetAdditionalAccessExceptionContext(pCallerMD->GetAssembly(), pMT->GetAssembly(), - isTransparencyError, fAccessingFrameworkCode); EX_THROW_WITH_INNER(EETypeAccessException, (pMT, pCallerMD, strAdditionalContext, messageID), pInnerException); @@ -5451,51 +5334,6 @@ void DECLSPEC_NORETURN ThrowTypeAccessException(MethodDesc* pCallerMD, } } -//****************************************************************************** -// This function determines whether a method [if transparent] -// can access a specified target (e.g. Type, Method, Field) -static BOOL CheckTransparentAccessToCriticalCode( - AccessCheckContext* pContext, - DWORD dwMemberAccess, - MethodTable* pTargetMT, - MethodDesc* pOptionalTargetMethod, - FieldDesc* pOptionalTargetField, - MethodTable* pOptionalTargetType, - const AccessCheckOptions & accessCheckOptions) -{ - CONTRACTL - { - THROWS; - GC_TRIGGERS; - MODE_ANY; - PRECONDITION(CheckPointer(pContext)); - PRECONDITION(accessCheckOptions.TransparencyCheckNeeded()); - } - CONTRACTL_END; - - if (!Security::IsTransparencyEnforcementEnabled()) - return TRUE; - - // At most one of these should be non-NULL - _ASSERTE(1 >= ((pOptionalTargetMethod ? 1 : 0) + - (pOptionalTargetField ? 1 : 0) + - (pOptionalTargetType ? 1 : 0))); - - - // if the caller [Method] is transparent, do special security checks - // check if security disallows access to target member - if (!Security::CheckCriticalAccess( - pContext, - pOptionalTargetMethod, - pOptionalTargetField, - pOptionalTargetType)) - { - return accessCheckOptions.DemandMemberAccessOrFail(pContext, pTargetMT, FALSE /*visibilityCheck*/); - } - - return TRUE; -} // static BOOL CheckTransparentAccessToCriticalCode - //--------------------------------------------------------------------------------------- // // Checks to see if access to a member with assembly visiblity is allowed. @@ -5620,8 +5458,7 @@ BOOL ClassLoader::CanAccessClass( // True if access is legal, AccessCheckContext* pContext, // The caller context MethodTable* pTargetClass, // The desired target class. Assembly* pTargetAssembly, // Assembly containing the target class. - const AccessCheckOptions & accessCheckOptions, - BOOL checkTargetTypeTransparency)// = TRUE + const AccessCheckOptions & accessCheckOptions)// = TRUE { CONTRACTL { @@ -5639,26 +5476,6 @@ BOOL ClassLoader::CanAccessClass( // True if access is legal, //if (!pTargetClass) // return TRUE; - // check transparent/critical on type - // Note that dwMemberAccess is of no use here since we don't have a target method yet. It really should be made an optional arg. - // For now, we pass in mdPublic. - if (checkTargetTypeTransparency && accessCheckOptions.TransparencyCheckNeeded()) - { - if (!CheckTransparentAccessToCriticalCode( - pContext, - mdPublic, - pTargetClass, - NULL, - NULL, - pTargetClass, - accessCheckOptions)) - { - // no need to call accessCheckOptions.DemandMemberAccessOrFail here because - // CheckTransparentAccessToCriticalCode does that already - return FALSE; - } - } - // Step 2: Recursively call CanAccessClass on the generic type arguments // Is the desired target a generic instantiation? if (pTargetClass->HasInstantiation()) @@ -5679,8 +5496,7 @@ BOOL ClassLoader::CanAccessClass( // True if access is legal, pContext, pMT, th.GetAssembly(), - accessCheckOptions, - checkTargetTypeTransparency)) + accessCheckOptions)) { // no need to call accessCheckOptions.DemandMemberAccessOrFail here because the base case in // CanAccessClass does that already @@ -5780,23 +5596,14 @@ BOOL ClassLoader::CanAccessClass( // True if access is legal, dwProtection, NULL, NULL, - accessCheckOptions, - FALSE, - FALSE); + accessCheckOptions); } // BOOL ClassLoader::CanAccessClass() //****************************************************************************** // This is a front-end to CheckAccessMember that handles the nested class scope. If can't access // from the current point and are a nested class, then try from the enclosing class. -// It does two things in addition to CanAccessMember: -// 1. If the caller class doesn't have access to the caller, see if the enclosing class does. -// 2. CanAccessMemberForExtraChecks which checks whether the caller class has access to -// the signature of the target method or field. +// In addition to CanAccessMember, if the caller class doesn't have access to the caller, see if the enclosing class does. // -// checkTargetMethodTransparency is set to FALSE only when the check is for JIT-compilation -// because the JIT has a mechanism to insert a callout for the case where -// we need to perform the currentMD <-> TargetMD check at runtime. - /* static */ BOOL ClassLoader::CanAccess( // TRUE if access is allowed, FALSE otherwise. AccessCheckContext* pContext, // The caller context @@ -5806,9 +5613,7 @@ BOOL ClassLoader::CanAccess( // TRUE if access is all MethodDesc* pOptionalTargetMethod, // The target method; NULL if the target is a not a method or // there is no need to check the method's instantiation. FieldDesc* pOptionalTargetField, // or The desired field; if NULL, return TRUE - const AccessCheckOptions & accessCheckOptions, // = s_NormalAccessChecks - BOOL checkTargetMethodTransparency, // = TRUE - BOOL checkTargetTypeTransparency) // = TRUE + const AccessCheckOptions & accessCheckOptions) // = s_NormalAccessChecks { CONTRACT(BOOL) { @@ -5833,9 +5638,7 @@ BOOL ClassLoader::CanAccess( // TRUE if access is all pOptionalTargetField, // Suppress exceptions for nested classes since this is not a hard-failure, // and we can do additional checks - accessCheckOptionsNoThrow, - checkTargetMethodTransparency, - checkTargetTypeTransparency)) + accessCheckOptionsNoThrow)) { // If we're here, CheckAccessMember didn't allow access. BOOL canAccess = FALSE; @@ -5869,9 +5672,7 @@ BOOL ClassLoader::CanAccess( // TRUE if access is all dwMemberAccess, pOptionalTargetMethod, pOptionalTargetField, - accessCheckOptionsNoThrow, - checkTargetMethodTransparency, - checkTargetTypeTransparency); + accessCheckOptionsNoThrow); } if (!canAccess) @@ -5881,212 +5682,12 @@ BOOL ClassLoader::CanAccess( // TRUE if access is all } } - // For member access, we do additional checks to ensure that the specific member can - // be accessed - - if (!CanAccessMemberForExtraChecks( - pContext, - pTargetMT, - pOptionalTargetMethod, - pOptionalTargetField, - accessCheckOptions, - checkTargetMethodTransparency)) - { - RETURN_FROM_INTERIOR_PROBE(FALSE); - } - RETURN_FROM_INTERIOR_PROBE(TRUE); END_INTERIOR_STACK_PROBE; } // BOOL ClassLoader::CanAccess() //****************************************************************************** -// Performs additional checks for member access - -BOOL ClassLoader::CanAccessMemberForExtraChecks( - AccessCheckContext* pContext, - MethodTable* pTargetExactMT, - MethodDesc* pOptionalTargetMethod, - FieldDesc* pOptionalTargetField, - const AccessCheckOptions & accessCheckOptions, - BOOL checkTargetMethodTransparency) -{ - CONTRACTL - { - THROWS; - GC_TRIGGERS; - MODE_ANY; - PRECONDITION(CheckPointer(pContext)); - } - CONTRACTL_END; - - // Critical callers do not need the extra checks - // This early-out saves the cost of all the subsequent work - if (pContext->IsCallerCritical()) - { - return TRUE; - } - - if (pOptionalTargetMethod == NULL && pOptionalTargetField == NULL) - return TRUE; - - _ASSERTE((pOptionalTargetMethod == NULL) != (pOptionalTargetField == NULL)); - - // We should always do checks on member signatures. But for backward compatibility we skip this check - // for critical callers. And since we don't want to look for the caller here which might incur a stack walk, - // we delay the check to DemandMemberAccessOrFail time. - AccessCheckOptions legacyAccessCheckOptions(accessCheckOptions, accessCheckOptions.Throws(), TRUE); - - if (pOptionalTargetMethod) - { - // A method is accessible only if all the types in the signature - // are also accessible. - if (!CanAccessSigForExtraChecks(pContext, - pOptionalTargetMethod, - pTargetExactMT, - legacyAccessCheckOptions, - checkTargetMethodTransparency)) - { - return FALSE; - } - } - else - { - _ASSERTE(pOptionalTargetField != NULL); - - // A field is accessible only if the field type is also accessible - - TypeHandle fieldType = pOptionalTargetField->GetExactFieldType(TypeHandle(pTargetExactMT)); - CorElementType fieldCorType = fieldType.GetSignatureCorElementType(); - - MethodTable * pFieldTypeMT = fieldType.GetMethodTableOfElementType(); - - // No access check needed on a generic variable or a function pointer - if (pFieldTypeMT != NULL) - { - if (!CanAccessClassForExtraChecks(pContext, - pFieldTypeMT, - pFieldTypeMT->GetAssembly(), - legacyAccessCheckOptions, - TRUE)) - { - return FALSE; - } - } - } - - return TRUE; -} - -//****************************************************************************** -// Can all the types in the signature of the pTargetMethodSig be accessed? -// -// "ForExtraChecks" means that we only do extra checks (security and transparency) -// instead of the usual loader visibility checks. Post V2, we can enable all checks. - -BOOL ClassLoader::CanAccessSigForExtraChecks( // TRUE if access is allowed, FALSE otherwise. - AccessCheckContext* pContext, - MethodDesc* pTargetMethodSig, // The target method. If this is a shared method, pTargetExactMT gives - // additional information about the exact type - MethodTable* pTargetExactMT, // or The desired field; if NULL, return TRUE - const AccessCheckOptions & accessCheckOptions, - BOOL checkTargetTransparency) -{ - CONTRACTL - { - THROWS; - GC_TRIGGERS; - MODE_ANY; - PRECONDITION(CheckPointer(pContext)); - } - CONTRACTL_END; - - MetaSig sig(pTargetMethodSig, TypeHandle(pTargetExactMT)); - - // First, check the return type - - TypeHandle retType = sig.GetRetTypeHandleThrowing(); - MethodTable * pRetMT = retType.GetMethodTableOfElementType(); - - // No access check needed on a generic variable or a function pointer - if (pRetMT != NULL) - { - if (!CanAccessClassForExtraChecks(pContext, - pRetMT, - retType.GetAssembly(), - accessCheckOptions, - checkTargetTransparency)) - { - return FALSE; - } - } - - // - // Now walk all the arguments in the signature - // - - for (CorElementType argType = sig.NextArg(); argType != ELEMENT_TYPE_END; argType = sig.NextArg()) - { - TypeHandle thArg = sig.GetLastTypeHandleThrowing(); - - MethodTable * pArgMT = thArg.GetMethodTableOfElementType(); - - // Either a TypeVarTypeDesc or a FnPtrTypeDesc. No access check needed. - if (pArgMT == NULL) - continue; - - BOOL canAcesssElement = CanAccessClassForExtraChecks( - pContext, - pArgMT, - thArg.GetAssembly(), - accessCheckOptions, - checkTargetTransparency); - if (!canAcesssElement) - { - return FALSE; - } - } - - return TRUE; -} - -//****************************************************************************** -// Can the type be accessed? -// -// "ForExtraChecks" means that we only do extra checks (security and transparency) -// instead of the usual loader visibility checks. Post V2, we can enable all checks. - -BOOL ClassLoader::CanAccessClassForExtraChecks( // True if access is legal, false otherwise. - AccessCheckContext* pContext, - MethodTable* pTargetClass, // The desired target class. - Assembly* pTargetAssembly, // Assembly containing that class. - const AccessCheckOptions & accessCheckOptions, - BOOL checkTargetTypeTransparency) -{ - CONTRACTL - { - THROWS; - GC_TRIGGERS; - MODE_ANY; - PRECONDITION(CheckPointer(pContext)); - } - CONTRACTL_END; - - // ------------- Old comments begins ------------ - // Critical callers do not need the extra checks - // TODO: can we enable full access checks now? - // ------------- Old comments ends ------------ - - // We shouldn't bypass accessibility check on member signature for FT/Critical callers - - return CanAccessClass(pContext, - pTargetClass, - pTargetAssembly, - accessCheckOptions, - checkTargetTypeTransparency); -} - -//****************************************************************************** // This is the helper function for the corresponding CanAccess() // It does the following checks: // 1. CanAccessClass on pTargetMT @@ -6103,9 +5704,7 @@ BOOL ClassLoader::CheckAccessMember( // TRUE if access is allowed MethodDesc* pOptionalTargetMethod, // The target method; NULL if the target is a not a method or // there is no need to check the method's instantiation. FieldDesc* pOptionalTargetField, // target field, NULL if there is no Target field - const AccessCheckOptions & accessCheckOptions, - BOOL checkTargetMethodTransparency, - BOOL checkTargetTypeTransparency + const AccessCheckOptions & accessCheckOptions ) { CONTRACTL @@ -6124,17 +5723,13 @@ BOOL ClassLoader::CheckAccessMember( // TRUE if access is allowed if (!CanAccessClass(pContext, pTargetMT, pTargetAssembly, - accessCheckOptions, - checkTargetTypeTransparency)) + accessCheckOptions)) { return FALSE; } // If we are trying to access a generic method, we have to ensure its instantiation is accessible. // Note that we need to perform transparency checks on the instantiation even if we have - // checkTargetMethodTransparency set to false, since generic type parameters by design do not effect - // the transparency of the generic method that is closing over them. This means standard transparency - // checks between caller and closed callee may succeed even if the callee's closure includes a critical type. if (!CanAccessMethodInstantiation( pContext, pOptionalTargetMethod, @@ -6150,23 +5745,6 @@ BOOL ClassLoader::CheckAccessMember( // TRUE if access is allowed // We don't need to do transparency check against pTargetMT here because // it was already done in CanAccessClass above. - if (accessCheckOptions.TransparencyCheckNeeded() && - ((checkTargetMethodTransparency && pOptionalTargetMethod) || - pOptionalTargetField)) - { - if (!CheckTransparentAccessToCriticalCode( - pContext, - dwMemberAccess, - pTargetMT, - pOptionalTargetMethod, - pOptionalTargetField, - NULL, - accessCheckOptions)) - { - return FALSE; - } - } - if (IsMdPublic(dwMemberAccess)) { return TRUE; diff --git a/src/vm/clsload.hpp b/src/vm/clsload.hpp index 656f260e01..5a9248e422 100644 --- a/src/vm/clsload.hpp +++ b/src/vm/clsload.hpp @@ -317,7 +317,6 @@ public: virtual MethodTable* GetCallerMT() = 0; // The class that wants access; NULL if interop caller. virtual Assembly* GetCallerAssembly() = 0; // Assembly containing that class. virtual bool IsCalledFromInterop() = 0; - virtual bool IsCallerCritical() = 0; // Can we do a quick check for caller's transparency status? }; class StaticAccessCheckContext : public AccessCheckContext @@ -367,8 +366,6 @@ public: return false; } - virtual bool IsCallerCritical(); - private: MethodDesc* m_pCallerMethod; MethodTable* m_pCallerMT; @@ -429,8 +426,7 @@ public: AccessCheckOptions( const AccessCheckOptions & templateAccessCheckOptions, - BOOL throwIfTargetIsInaccessible, - BOOL skipCheckForCriticalCode = FALSE); + BOOL throwIfTargetIsInaccessible); // Follow standard rules for doing accessability BOOL DoNormalAccessibilityChecks() const @@ -471,8 +467,7 @@ private: BOOL throwIfTargetIsInaccessible, MethodTable * pTargetMT, MethodDesc * pTargetMD, - FieldDesc * pTargetFD, - BOOL skipCheckForCriticalCode = FALSE); + FieldDesc * pTargetFD); BOOL DemandMemberAccess(AccessCheckContext *pContext, MethodTable * pTargetMT, BOOL visibilityCheck) const; @@ -493,27 +488,22 @@ private: DynamicResolver * m_pAccessContext; // If the target is not accessible, should the API return FALSE, or should it throw an exception? BOOL m_fThrowIfTargetIsInaccessible; - // flag to enable legacy behavior in ClassLoader::CanAccessMemberForExtraChecks. - BOOL m_fSkipCheckForCriticalCode; }; void DECLSPEC_NORETURN ThrowFieldAccessException(MethodDesc *pCallerMD, FieldDesc *pFD, - BOOL isTransparencyError, UINT messageID = 0, Exception *pInnerException = NULL, BOOL fAccessingFrameworkCode = FALSE); void DECLSPEC_NORETURN ThrowMethodAccessException(MethodDesc *pCallerMD, MethodDesc *pCalleeMD, - BOOL isTransparencyError, UINT messageID = 0, Exception *pInnerException = NULL, BOOL fAccessingFrameworkCode = FALSE); void DECLSPEC_NORETURN ThrowTypeAccessException(MethodDesc *pCallerMD, MethodTable *pMT, - BOOL isTransparencyError, UINT messageID = 0, Exception *pInnerException = NULL, BOOL fAccessingFrameworkCode = FALSE); @@ -889,8 +879,7 @@ public: AccessCheckContext* pContext, MethodTable* pTargetClass, Assembly* pTargetAssembly, - const AccessCheckOptions & accessCheckOptions = *AccessCheckOptions::s_pNormalAccessChecks, - BOOL checkTargetTypeTransparency = TRUE); + const AccessCheckOptions & accessCheckOptions = *AccessCheckOptions::s_pNormalAccessChecks); static BOOL CanAccess( AccessCheckContext* pContext, @@ -899,16 +888,7 @@ public: DWORD dwMemberAttrs, MethodDesc* pOptionalTargetMethod, FieldDesc* pOptionalTargetField, - const AccessCheckOptions & accessCheckOptions = *AccessCheckOptions::s_pNormalAccessChecks, - BOOL checkTargetMethodTransparency = TRUE, - BOOL checkTargetTypeTransparency = TRUE); - - static BOOL CanAccessClassForExtraChecks( - AccessCheckContext* pContext, - MethodTable* pTargetClass, - Assembly* pTargetAssembly, - const AccessCheckOptions & accessCheckOptions, - BOOL checkTargetTypeTransparency); + const AccessCheckOptions & accessCheckOptions = *AccessCheckOptions::s_pNormalAccessChecks); static BOOL CanAccessFamilyVerification( TypeHandle thCurrentClass, @@ -921,21 +901,6 @@ private: MethodDesc* pOptionalTargetMethod, const AccessCheckOptions & accessCheckOptions); - static BOOL CanAccessMemberForExtraChecks( - AccessCheckContext* pContext, - MethodTable* pTargetExactMT, - MethodDesc* pOptionalTargetMethod, - FieldDesc* pOptionalTargetField, - const AccessCheckOptions & accessCheckOptions, - BOOL checkTargetMethodTransparency); - - static BOOL CanAccessSigForExtraChecks( - AccessCheckContext* pContext, - MethodDesc* pTargetMethodSig, - MethodTable* pTargetExactMT, - const AccessCheckOptions & accessCheckOptions, - BOOL checkTargetTransparency); - static BOOL CanAccessFamily( MethodTable* pCurrentClass, MethodTable* pTargetClass); @@ -947,9 +912,7 @@ private: DWORD dwMemberAttrs, MethodDesc* pOptionalTargetMethod, FieldDesc* pOptionalTargetField, - const AccessCheckOptions & accessCheckOptions = *AccessCheckOptions::s_pNormalAccessChecks, - BOOL checkTargetMethodTransparency = TRUE, - BOOL checkTargetTypeTransparency = TRUE); + const AccessCheckOptions & accessCheckOptions = *AccessCheckOptions::s_pNormalAccessChecks); public: diff --git a/src/vm/clsload.inl b/src/vm/clsload.inl index 991498ec9c..7dcd1a5d00 100644 --- a/src/vm/clsload.inl +++ b/src/vm/clsload.inl @@ -64,8 +64,7 @@ inline void AccessCheckOptions::Initialize( BOOL throwIfTargetIsInaccessible, MethodTable * pTargetMT, MethodDesc * pTargetMethod, - FieldDesc * pTargetField, - BOOL skipCheckForCriticalCode /*=FALSE*/) + FieldDesc * pTargetField) { CONTRACTL { @@ -90,7 +89,6 @@ inline void AccessCheckOptions::Initialize( m_pTargetMT = pTargetMT; m_pTargetMethod = pTargetMethod; m_pTargetField = pTargetField; - m_fSkipCheckForCriticalCode = skipCheckForCriticalCode; } //****************************************************************************** diff --git a/src/vm/comcallablewrapper.cpp b/src/vm/comcallablewrapper.cpp index fdb0e54a45..322bcdc268 100644 --- a/src/vm/comcallablewrapper.cpp +++ b/src/vm/comcallablewrapper.cpp @@ -37,7 +37,6 @@ #include "dispex.h" #include "perfcounters.h" #include "guidfromname.h" -#include "security.h" #include "comconnectionpoints.h" #include <objsafe.h> // IID_IObjctSafe #include "virtualcallstub.h" @@ -3274,9 +3273,7 @@ inline IUnknown * ComCallWrapper::GetComIPFromCCW_VisibilityCheck( } CONTRACT_END; - // Ensure that the interface we are passing out was defined in trusted code. - if ((!(flags & GetComIPFromCCW::SuppressSecurityCheck) && pIntfComMT->IsDefinedInUntrustedCode()) || - // Do a visibility check if needed. + if (// Do a visibility check if needed. ((flags & GetComIPFromCCW::CheckVisibility) && (!pIntfComMT->IsComVisible()))) { // If not, fail to return the interface. @@ -3698,10 +3695,8 @@ IUnknown* ComCallWrapper::GetComIPFromCCW(ComCallWrapper *pWrap, REFIID riid, Me ComMethodTable * pIntfComMT = ComMethodTable::ComMethodTableFromIP(pIntf); // Manual inlining of GetComIPFromCCW_VisibilityCheck() for common case. - if (// Ensure that the interface we are passing out was defined in trusted code. - (!(flags & GetComIPFromCCW::SuppressSecurityCheck) && pIntfComMT->IsDefinedInUntrustedCode()) - // Do a visibility check if needed. - || ((flags & GetComIPFromCCW::CheckVisibility) && (!pIntfComMT->IsComVisible()))) + if (// Do a visibility check if needed. + ((flags & GetComIPFromCCW::CheckVisibility) && (!pIntfComMT->IsComVisible()))) { // If not, fail to return the interface. SafeRelease(pIntf); @@ -5452,12 +5447,6 @@ ComMethodTable* ComCallWrapperTemplate::GetClassComMT() MethodTable *pMT = m_thClass.GetMethodTable(); - // Preload the policy for these classes before we take the lock. - for (MethodTable* pMethodTable = pMT; pMethodTable != NULL; pMethodTable = pMethodTable->GetParentMethodTable()) - { - Security::CanCallUnmanagedCode(pMethodTable->GetModule()); - } - // We haven't set it up yet, generate one. ComMethodTable* pClassComMT; if (pMT->IsDelegate() && (pMT->IsProjectedFromWinRT() || WinRTTypeNameConverter::IsRedirectedType(pMT))) @@ -5887,12 +5876,6 @@ ComMethodTable* ComCallWrapperTemplate::CreateComMethodTableForClass(MethodTable if (IsTypeVisibleFromCom(TypeHandle(pComMT->m_pMT))) pComMT->m_Flags |= enum_ComVisible; - if (!Security::CanCallUnmanagedCode(pComMT->m_pMT->GetModule())) - { - pComMT->m_Flags |= enum_IsUntrusted; - } - - #if _DEBUG { // In debug set all the vtable slots to 0xDEADCA11. @@ -5974,11 +5957,6 @@ ComMethodTable* ComCallWrapperTemplate::CreateComMethodTableForInterface(MethodT if (pItfClass->GetClass()->IsComClassInterface()) pComMT->m_Flags |= enum_ComClassItf; - if (!Security::CanCallUnmanagedCode(pComMT->m_pMT->GetModule())) - { - pComMT->m_Flags |= enum_IsUntrusted; - } - #ifdef _DEBUG { // In debug set all the vtable slots to 0xDEADCA11. @@ -6064,11 +6042,6 @@ ComMethodTable* ComCallWrapperTemplate::CreateComMethodTableForBasic(MethodTable if (pMT->GetClass()->IsComClassInterface()) pComMT->m_Flags |= enum_ComClassItf; - if (!Security::CanCallUnmanagedCode(pMT->GetModule())) - { - pComMT->m_Flags |= enum_IsUntrusted; - } - #ifdef MDA_SUPPORTED #ifdef _DEBUG { @@ -6150,11 +6123,6 @@ ComMethodTable* ComCallWrapperTemplate::CreateComMethodTableForDelegate(MethodTa pComMT->m_Flags |= enum_GuidGenerated; - if (!Security::CanCallUnmanagedCode(pComMT->m_pMT->GetModule())) - { - pComMT->m_Flags |= enum_IsUntrusted; - } - #if _DEBUG { // In debug set all the vtable slots to 0xDEADCA11. @@ -6287,11 +6255,6 @@ ComCallWrapperTemplate* ComCallWrapperTemplate::CreateTemplate(TypeHandle thClas // Preload the policy for this interface CCWInterfaceMapIterator it(thClass, pClsFact, true); - while (it.Next()) - { - Module *pModule = it.GetInterface()->GetModule(); - Security::CanCallUnmanagedCode(pModule); - } // Num interfaces in the template. unsigned numInterfaces = it.GetCount(); diff --git a/src/vm/comcallablewrapper.h b/src/vm/comcallablewrapper.h index 85647279f3..1a68135e77 100644 --- a/src/vm/comcallablewrapper.h +++ b/src/vm/comcallablewrapper.h @@ -572,7 +572,7 @@ enum Masks enum_SigClassLoadChecked = 0x00000100, enum_ComClassItf = 0x00000200, enum_GuidGenerated = 0x00000400, - enum_IsUntrusted = 0x00001000, + // enum_unused = 0x00001000, enum_IsBasic = 0x00002000, enum_IsWinRTDelegate = 0x00004000, enum_IsWinRTTrivialAggregate = 0x00008000, @@ -646,12 +646,6 @@ struct ComMethodTable return (CorClassIfaceAttr)(m_Flags & enum_ClassInterfaceTypeMask); } - BOOL IsDefinedInUntrustedCode() - { - LIMITED_METHOD_CONTRACT; - return (m_Flags & enum_IsUntrusted) ? TRUE : FALSE; - } - BOOL IsIClassX() { LIMITED_METHOD_CONTRACT; diff --git a/src/vm/comdelegate.cpp b/src/vm/comdelegate.cpp index cee0d8c08a..961a758750 100644 --- a/src/vm/comdelegate.cpp +++ b/src/vm/comdelegate.cpp @@ -22,7 +22,6 @@ #include "mdaassistants.h" #include "cgensys.h" #include "asmconstants.h" -#include "security.h" #include "virtualcallstub.h" #include "callingconvention.h" #include "customattribute.h" @@ -933,30 +932,6 @@ void COMDelegate::BindToMethod(DELEGATEREF *pRefThis, pExactMethodType, pTargetMethod->IsStatic() ? NULL : pInstanceMT, pTargetMethod); - - // Ask for skip verification if a delegate over a .ctor or .cctor is requested. - if (pTargetMethod->IsClassConstructorOrCtor()) - Security::SpecialDemand(SSWT_LATEBOUND_LINKDEMAND, SECURITY_SKIP_VER); - -#ifdef FEATURE_COMINTEROP - // Check if it's a COM object and if so, demand unmanaged code permission. - // <TODO> I think we need a target check here. Investigate. </TODO> - if (pTargetMethod && pTargetMethod->GetMethodTable()->IsComObjectType()) - Security::SpecialDemand(SSWT_DEMAND_FROM_NATIVE, SECURITY_UNMANAGED_CODE); -#endif // FEATURE_COMINTEROP - - // Devdiv bug 296229: dangerous methods are those that make security decisions based on - // the result of stack walks. When a delegate to such a method is invoked asynchronously - // the stackwalker will stop at the remoting code and consider the caller unmanaged code. - // Unmanaged code is allowed to bypass any security check. - if (InvokeUtil::IsDangerousMethod(pTargetMethod)) - Security::SpecialDemand(SSWT_LATEBOUND_LINKDEMAND, REFLECTION_MEMBER_ACCESS); - - // Check whether the creator of the delegate lives in the same assembly as the target method. If not, and they aren't fully - // trusted, we have to make this delegate a secure wrapper and allocate a new inner delegate to represent the real target. - MethodDesc *pCreatorMethod = sCtx.GetCallerMethod(); - if (NeedsSecureDelegate(pCreatorMethod, sCtx.GetCallerDomain(), pTargetMethod)) - refRealDelegate = CreateSecureDelegate(*pRefThis, pCreatorMethod, pTargetMethod); } // If we didn't wrap the real delegate in a secure delegate then the real delegate is the one passed in. @@ -1511,8 +1486,7 @@ OBJECTREF COMDelegate::ConvertToDelegate(LPVOID pCallback, MethodTable* pMT) { GCX_PREEMP(); - DWORD dwStubFlags = pMT->ClassRequiresUnmanagedCodeCheck() ? NDIRECTSTUB_FL_HASDECLARATIVESECURITY : 0; - pMarshalStub = GetStubForInteropMethod(pMD, dwStubFlags, &(pClass->m_pForwardStubMD)); + pMarshalStub = GetStubForInteropMethod(pMD, 0, &(pClass->m_pForwardStubMD)); // Save this new stub on the DelegateEEClass. EnsureWritablePages(dac_cast<PVOID>(&pClass->m_pMarshalStub), sizeof(PCODE)); @@ -1633,9 +1607,6 @@ OBJECTREF COMDelegate::ConvertWinRTInterfaceToDelegate(IUnknown *pIdentity, Meth DWORD dwStubFlags = NDIRECTSTUB_FL_COM | NDIRECTSTUB_FL_WINRT | NDIRECTSTUB_FL_WINRTDELEGATE; - if (pMT->ClassRequiresUnmanagedCodeCheck()) - dwStubFlags |= NDIRECTSTUB_FL_HASDECLARATIVESECURITY; - pMarshalStub = GetStubForInteropMethod(pMD, dwStubFlags); // At this point we must have a non-NULL ComPlusCallInfo @@ -1737,9 +1708,6 @@ MethodDesc* COMDelegate::GetILStubMethodDesc(EEImplMethodDesc* pDelegateMD, DWOR dwStubFlags |= NDIRECTSTUB_FL_DELEGATE; } - if (pMT->ClassRequiresUnmanagedCodeCheck()) - dwStubFlags |= NDIRECTSTUB_FL_HASDECLARATIVESECURITY; - PInvokeStaticSigInfo sigInfo(pDelegateMD); return NDirect::CreateCLRToNativeILStub(&sigInfo, dwStubFlags, pDelegateMD); } @@ -1832,8 +1800,6 @@ FCIMPL3(PCODE, COMDelegate::AdjustTarget, Object* refThisUNSAFE, Object* targetU #ifdef FEATURE_COMINTEROP isComObject = pMTTarg->IsComObjectType(); - if (isComObject) - DoUnmanagedCodeAccessCheck(pMeth); #endif // FEATURE_COMINTEROP if (!pMT->IsTransparentProxy()) @@ -1971,18 +1937,7 @@ FCIMPL3(void, COMDelegate::DelegateConstruct, Object* refThisUNSAFE, Object* tar methodArgCount++; // count 'this' } - // do we need a secure delegate? - - // Devdiv bug 296229: dangerous methods are those that make security decisions based on - // the result of stack walks. When a delegate to such a method is invoked asynchronously - // the stackwalker will stop at the remoting code and consider the caller unmanaged code. - // Unmanaged code is allowed to bypass any security check. - if (InvokeUtil::IsDangerousMethod(pMeth)) - Security::SpecialDemand(SSWT_LATEBOUND_LINKDEMAND, REFLECTION_MEMBER_ACCESS); - - if (NeedsSecureDelegate(pCreatorMethod, GetAppDomain(), pMeth)) - gc.refThis = CreateSecureDelegate(gc.refThis, pCreatorMethod, pMeth); - else if (NeedsWrapperDelegate(pMeth)) + if (NeedsWrapperDelegate(pMeth)) gc.refThis = CreateSecureDelegate(gc.refThis, NULL, pMeth); if (pMeth->GetLoaderAllocator()->IsCollectible()) @@ -2033,8 +1988,6 @@ FCIMPL3(void, COMDelegate::DelegateConstruct, Object* refThisUNSAFE, Object* tar BOOL isComObject = false; #ifdef FEATURE_COMINTEROP isComObject = pMTTarg->IsComObjectType(); - if (isComObject) - DoUnmanagedCodeAccessCheck(pMeth); #endif // FEATURE_COMINTEROP if (!pMTTarg->IsTransparentProxy()) @@ -2125,56 +2078,6 @@ FCIMPL3(void, COMDelegate::DelegateConstruct, Object* refThisUNSAFE, Object* tar } FCIMPLEND - -#ifdef FEATURE_COMINTEROP -void COMDelegate::DoUnmanagedCodeAccessCheck(MethodDesc* pMeth) -{ - // Skip if SuppressUnmanagedCodePermission is present - if (pMeth->RequiresLinktimeCheck()) - { - // Check whether this is actually a SuppressUnmanagedCodePermission attribute and - // if so, don't do a demand - { - return; - } - } - - // If this method is defined directly on an interface, get that interface - // Otherwise, from the class get the interface that this method is defined on. - // Based on this interface, skip the check if the interface is DispatchOnly or - // if the interface is defined in fully-trusted code. - if (pMeth->IsComPlusCall()) - { - ComPlusCallMethodDesc *pCMD = (ComPlusCallMethodDesc *)pMeth; - MethodTable* pMTItf = (pCMD->m_pComPlusCallInfo == NULL ? NULL : pCMD->m_pComPlusCallInfo->m_pInterfaceMT); - - // If the interface methodtable is null, then the ComPlusCallMethodDesc hasn't been set up yet. - if (pMTItf == NULL) - { - GCX_PREEMP(); - pMeth->DoPrestub(NULL); - pMTItf = ((ComPlusCallMethodDesc*)pMeth)->m_pComPlusCallInfo->m_pInterfaceMT; - } - else - { - pMTItf->CheckRestore(); - } - - if (pMTItf->GetComInterfaceType() == ifDispatch) - { - return; - } - else if (Security::CanCallUnmanagedCode(pMTItf->GetModule())) - { - return; - } - } - - Security::SpecialDemand(SSWT_DEMAND_FROM_NATIVE, SECURITY_UNMANAGED_CODE); -} -#endif // FEATURE_COMINTEROP - - MethodDesc *COMDelegate::GetMethodDesc(OBJECTREF orDelegate) { CONTRACTL @@ -2463,20 +2366,6 @@ FCIMPLEND #endif // CROSSGEN_COMPILE - -BOOL COMDelegate::NeedsSecureDelegate(MethodDesc* pCreatorMethod, AppDomain *pCreatorDomain, MethodDesc* pTargetMD) -{ - CONTRACTL - { - THROWS; - GC_TRIGGERS; - MODE_ANY; - } - CONTRACTL_END; - - return FALSE; -} - BOOL COMDelegate::NeedsWrapperDelegate(MethodDesc* pTargetMD) { LIMITED_METHOD_CONTRACT; @@ -3422,19 +3311,13 @@ MethodDesc* COMDelegate::GetDelegateCtor(TypeHandle delegateType, MethodDesc *pT if (!isStatic) methodArgCount++; // count 'this' MethodDesc *pCallerMethod = (MethodDesc*)pCtorData->pMethod; - BOOL needsSecureDelegate = NeedsSecureDelegate(pCallerMethod, GetAppDomain(), pTargetMethod); - if (!needsSecureDelegate && NeedsWrapperDelegate(pTargetMethod)) + if (NeedsWrapperDelegate(pTargetMethod)) { // If we need a wrapper even it is not a secure delegate, go through slow path return NULL; } - // If this is a secure delegate case, and the secure delegate would have a pointer to a collectible - // method in it, then use the slow path. This could be optimized with a set of fast paths. - if (needsSecureDelegate && (pCallerMethod->IsLCGMethod() || pCallerMethod->GetLoaderAllocator()->IsCollectible())) - return NULL; - // Force the slow path for nullable so that we can give the user an error in case were the verifier is not run. MethodTable* pMT = pTargetMethod->GetMethodTable(); if (!pTargetMethod->IsStatic() && Nullable::IsNullableType(pMT)) @@ -3486,10 +3369,6 @@ MethodDesc* COMDelegate::GetDelegateCtor(TypeHandle delegateType, MethodDesc *pT // Another is to pass a gchandle to the delegate ctor. This is fastest, but only works if we can predict the gc handle at this time. // We will use this for the non secure variants - // Collectible secure delegates can go down the slow path - if (isCollectible && needsSecureDelegate) - return NULL; - if (invokeArgCount == methodArgCount) { // case 2, 3, 6 @@ -3501,9 +3380,7 @@ MethodDesc* COMDelegate::GetDelegateCtor(TypeHandle delegateType, MethodDesc *pT if (!isStatic && pTargetMethod->IsVirtual() && !pTargetMethod->GetMethodTable()->IsValueType()) { // case 3 - if (needsSecureDelegate) - pRealCtor = MscorlibBinder::GetMethod(METHOD__MULTICAST_DELEGATE__CTOR_SECURE_VIRTUAL_DISPATCH); - else if (isCollectible) + if (isCollectible) pRealCtor = MscorlibBinder::GetMethod(METHOD__MULTICAST_DELEGATE__CTOR_COLLECTIBLE_VIRTUAL_DISPATCH); else pRealCtor = MscorlibBinder::GetMethod(METHOD__MULTICAST_DELEGATE__CTOR_VIRTUAL_DISPATCH); @@ -3511,9 +3388,7 @@ MethodDesc* COMDelegate::GetDelegateCtor(TypeHandle delegateType, MethodDesc *pT else { // case 2, 6 - if (needsSecureDelegate) - pRealCtor = MscorlibBinder::GetMethod(METHOD__MULTICAST_DELEGATE__CTOR_SECURE_OPENED); - else if (isCollectible) + if (isCollectible) pRealCtor = MscorlibBinder::GetMethod(METHOD__MULTICAST_DELEGATE__CTOR_COLLECTIBLE_OPENED); else pRealCtor = MscorlibBinder::GetMethod(METHOD__MULTICAST_DELEGATE__CTOR_OPENED); @@ -3527,13 +3402,7 @@ MethodDesc* COMDelegate::GetDelegateCtor(TypeHandle delegateType, MethodDesc *pT if (!pShuffleThunk) pShuffleThunk = SetupShuffleThunk(pDelMT, pTargetMethod); pCtorData->pArg3 = (void*)pShuffleThunk->GetEntryPoint(); - if (needsSecureDelegate) - { - // need to fill the info for the secure delegate - pCtorData->pArg4 = (void *)GetSecureInvoke(pDelegateInvoke); - pCtorData->pArg5 = pCallerMethod; - } - else if (isCollectible) + if (isCollectible) { pCtorData->pArg4 = pTargetMethodLoaderAllocator->GetLoaderAllocatorObjectHandle(); } @@ -3557,41 +3426,22 @@ MethodDesc* COMDelegate::GetDelegateCtor(TypeHandle delegateType, MethodDesc *pT (pTargetMethod->IsInterface() || (pTargetMethod->GetMethodTable()->IsValueType() && !pTargetMethod->IsUnboxingStub())); - if (needsSecureDelegate) - { - if (needsRuntimeInfo) - pRealCtor = MscorlibBinder::GetMethod(METHOD__MULTICAST_DELEGATE__CTOR_SECURE_RT_CLOSED); - else - { - if (!isStatic) - pRealCtor = MscorlibBinder::GetMethod(METHOD__MULTICAST_DELEGATE__CTOR_SECURE_CLOSED); - else - pRealCtor = MscorlibBinder::GetMethod(METHOD__MULTICAST_DELEGATE__CTOR_SECURE_CLOSED_STATIC); - } - - // need to fill the info for the secure delegate - pCtorData->pArg3 = (void *)GetSecureInvoke(pDelegateInvoke); - pCtorData->pArg4 = pCallerMethod; - } + if (needsRuntimeInfo) + pRealCtor = MscorlibBinder::GetMethod(METHOD__MULTICAST_DELEGATE__CTOR_RT_CLOSED); else { - if (needsRuntimeInfo) - pRealCtor = MscorlibBinder::GetMethod(METHOD__MULTICAST_DELEGATE__CTOR_RT_CLOSED); + if (!isStatic) + pRealCtor = MscorlibBinder::GetMethod(METHOD__MULTICAST_DELEGATE__CTOR_CLOSED); else { - if (!isStatic) - pRealCtor = MscorlibBinder::GetMethod(METHOD__MULTICAST_DELEGATE__CTOR_CLOSED); + if (isCollectible) + { + pRealCtor = MscorlibBinder::GetMethod(METHOD__MULTICAST_DELEGATE__CTOR_COLLECTIBLE_CLOSED_STATIC); + pCtorData->pArg3 = pTargetMethodLoaderAllocator->GetLoaderAllocatorObjectHandle(); + } else { - if (isCollectible) - { - pRealCtor = MscorlibBinder::GetMethod(METHOD__MULTICAST_DELEGATE__CTOR_COLLECTIBLE_CLOSED_STATIC); - pCtorData->pArg3 = pTargetMethodLoaderAllocator->GetLoaderAllocatorObjectHandle(); - } - else - { - pRealCtor = MscorlibBinder::GetMethod(METHOD__MULTICAST_DELEGATE__CTOR_CLOSED_STATIC); - } + pRealCtor = MscorlibBinder::GetMethod(METHOD__MULTICAST_DELEGATE__CTOR_CLOSED_STATIC); } } } diff --git a/src/vm/comdelegate.h b/src/vm/comdelegate.h index 5630cf9a75..f6ca775b60 100644 --- a/src/vm/comdelegate.h +++ b/src/vm/comdelegate.h @@ -71,8 +71,6 @@ public: static PCODE GetSecureInvoke(MethodDesc* pMD); // determines where the delegate needs to be wrapped for non-security reason static BOOL NeedsWrapperDelegate(MethodDesc* pTargetMD); - // determines whether the delegate needs to be wrapped - static BOOL NeedsSecureDelegate(MethodDesc* pCreatorMethod, AppDomain *pCreatorDomain, MethodDesc* pTargetMD); // on entry delegate points to the delegate to wrap static DELEGATEREF CreateSecureDelegate(DELEGATEREF delegate, MethodDesc* pCreatorMethod, MethodDesc* pTargetMD); @@ -122,10 +120,6 @@ public: static Stub *GenerateStubForHost(MethodDesc *pInvokeMD, MethodDesc *pStubMD, LPVOID pNativeTarget, Stub *pInnerStub); #endif // _TARGET_X86_ -#ifdef FEATURE_COMINTEROP - static void DoUnmanagedCodeAccessCheck(MethodDesc* pMeth); -#endif // FEATURE_COMINTEROP - static MethodDesc * __fastcall GetMethodDesc(OBJECTREF obj); static OBJECTREF GetTargetObject(OBJECTREF obj); diff --git a/src/vm/commodule.cpp b/src/vm/commodule.cpp index cb14967295..45b31bfe68 100644 --- a/src/vm/commodule.cpp +++ b/src/vm/commodule.cpp @@ -9,7 +9,6 @@ #include "reflectclasswriter.h" #include "class.h" #include "corpolicy.h" -#include "security.h" #include "ceesectionstring.h" #include <cor.h> #include "typeparse.h" diff --git a/src/vm/compile.cpp b/src/vm/compile.cpp index abfe07e6f4..b3d187c555 100644 --- a/src/vm/compile.cpp +++ b/src/vm/compile.cpp @@ -22,7 +22,6 @@ #include "compile.h" #include "excep.h" #include "field.h" -#include "security.h" #include "eeconfig.h" #include "zapsig.h" #include "gcrefmap.h" diff --git a/src/vm/comsynchronizable.cpp b/src/vm/comsynchronizable.cpp index 01ba49651b..3425e2db2c 100644 --- a/src/vm/comsynchronizable.cpp +++ b/src/vm/comsynchronizable.cpp @@ -20,7 +20,6 @@ #include "excep.h" #include "vars.hpp" #include "field.h" -#include "security.h" #include "comsynchronizable.h" #include "dbginterface.h" #include "comdelegate.h" diff --git a/src/vm/comthreadpool.cpp b/src/vm/comthreadpool.cpp index a9fad74cee..c49f83400c 100644 --- a/src/vm/comthreadpool.cpp +++ b/src/vm/comthreadpool.cpp @@ -23,7 +23,6 @@ #include "object.h" #include "field.h" #include "excep.h" -#include "security.h" #include "eeconfig.h" #include "corhost.h" #include "nativeoverlapped.h" diff --git a/src/vm/comtoclrcall.cpp b/src/vm/comtoclrcall.cpp index b6d59a859f..11f522431d 100644 --- a/src/vm/comtoclrcall.cpp +++ b/src/vm/comtoclrcall.cpp @@ -28,7 +28,6 @@ #include "siginfo.hpp" #include "comcallablewrapper.h" #include "field.h" -#include "security.h" #include "virtualcallstub.h" #include "dllimport.h" #include "mlinfo.h" @@ -425,45 +424,6 @@ void COMToCLRInvokeTarget(PCODE pManagedTarget, OBJECTREF pObject, ComCallMethod InvokeStub(pCMD, pManagedTarget, pObject, pFrame, pThread, pRetValOut); } -bool COMToCLRWorkerBody_SecurityCheck(ComCallMethodDesc * pCMD, MethodDesc * pMD, Thread * pThread, UINT64 * pRetValOut) -{ - CONTRACTL - { - NOTHROW; - GC_TRIGGERS; - MODE_COOPERATIVE; - SO_TOLERANT; - } - CONTRACTL_END; - - bool result = true; - - BEGIN_SO_INTOLERANT_CODE_NOTHROW(pThread, { *pRetValOut = COR_E_STACKOVERFLOW; return false; } ); - - EX_TRY - { - - // Need to check for the presence of a security link demand on the target - // method. If we're hosted inside of an app domain with security, we perform - // the link demand against that app domain's grant set. - Security::CheckLinkDemandAgainstAppDomain(pMD); - - if (pCMD->IsEarlyBoundUnsafe()) - COMPlusThrow(kSecurityException); - - } - EX_CATCH - { - *pRetValOut = SetupErrorInfo(GET_THROWABLE()); - result = false; - } - EX_END_CATCH(SwallowAllExceptions); - - END_SO_INTOLERANT_CODE; - - return result; -} - NOINLINE void COMToCLRWorkerBody_Rare(Thread * pThread, ComMethodFrame * pFrame, ComCallWrapper * pWrap, MethodDesc * pRealMD, ComCallMethodDesc * pCMD, DWORD maskedFlags, @@ -482,17 +442,12 @@ void COMToCLRWorkerBody_Rare(Thread * pThread, ComMethodFrame * pFrame, ComCallW OBJECTREF pObject; int fpReturnSize = 0; - if (maskedFlags & enum_NeedsSecurityCheck) - { - if (!COMToCLRWorkerBody_SecurityCheck(pCMD, pRealMD, pThread, pRetValOut)) - return; - } if (maskedFlags & enum_NativeR8Retval) fpReturnSize = 8; if (maskedFlags & enum_NativeR4Retval) fpReturnSize = 4; - maskedFlags &= ~(enum_NeedsSecurityCheck|enum_NativeR4Retval|enum_NativeR8Retval); + maskedFlags &= ~(enum_NativeR4Retval|enum_NativeR8Retval); CONSISTENCY_CHECK(maskedFlags != ( enum_IsWinRTCtor|enum_IsVirtual)); CONSISTENCY_CHECK(maskedFlags != (enum_IsDelegateInvoke|enum_IsWinRTCtor|enum_IsVirtual)); @@ -573,7 +528,6 @@ void COMToCLRWorkerBody( OBJECTREF pObject; DWORD mask = ( - enum_NeedsSecurityCheck | enum_IsDelegateInvoke | enum_IsWinRTCtor | enum_IsVirtual | @@ -1104,11 +1058,6 @@ static void FieldCallWorkerBody(Thread *pThread, ComMethodFrame* pFrame) } #endif // PROFILING_SUPPORTED - if (pCMD->IsEarlyBoundUnsafe()) - { - COMPlusThrow(kSecurityException); - } - UINT64 retVal; InvokeStub(pCMD, NULL, pWrap->GetObjectRef(), pFrame, pThread, &retVal); @@ -1338,20 +1287,6 @@ void ComCallMethodDesc::InitMethod(MethodDesc *pMD, MethodDesc *pInterfaceMD, BO { // Initialize the native type information size of native stack, native retval flags, etc). InitNativeInfo(); - - // If this interface method is implemented on a class which lives - // in an assembly without UnmanagedCodePermission, then - // we mark the ComCallMethodDesc as unsafe for being called early-bound. - Module* pModule = pMD->GetModule(); - if (!Security::CanCallUnmanagedCode(pModule)) - { - m_flags |= (enum_NeedsSecurityCheck | enum_IsEarlyBoundUnsafe); - } - else if (pMD->RequiresLinktimeCheck()) - { - // remember that we have to call Security::CheckLinkDemandAgainstAppDomain at invocation time - m_flags |= enum_NeedsSecurityCheck; - } } if (pMD->IsEEImpl() && COMDelegate::IsDelegateInvokeMethod(pMD)) @@ -1384,15 +1319,6 @@ void ComCallMethodDesc::InitField(FieldDesc* pFD, BOOL isGetter) { // Initialize the native type information size of native stack, native retval flags, etc). InitNativeInfo(); - - // If this interface method is implemented on a class which lives - // in an assembly without UnmanagedCodePermission, then - // we mark the ComCallMethodDesc as unsafe for being called early-bound. - Module* pModule = pFD->GetModule(); - if (!Security::CanCallUnmanagedCode(pModule)) - { - m_flags |= enum_IsEarlyBoundUnsafe; - } } }; diff --git a/src/vm/comtoclrcall.h b/src/vm/comtoclrcall.h index 145aaadbd7..d2f3891993 100644 --- a/src/vm/comtoclrcall.h +++ b/src/vm/comtoclrcall.h @@ -29,10 +29,10 @@ enum ComCallFlags enum_NativeHResultRetVal = 0x0040, // Native ret val is an HRESULT enum_NativeBoolRetVal = 0x0080, // Native ret val is 0 in the case of failure enum_NativeVoidRetVal = 0x0100, // Native ret val is void - enum_IsEarlyBoundUnsafe = 0x0200, // Is unsafe to be called early-bound + // unused = 0x0200, enum_HasMarshalError = 0x0400, // The signature is not marshalable and m_StackBytes is a guess enum_IsDelegateInvoke = 0x0800, // The method is an 'Invoke' on a delegate - enum_NeedsSecurityCheck = 0x1000, // Security check is needed at every invocation + // unused = 0x1000, enum_IsWinRTCall = 0x2000, // The method is declared on a WinRT interface/delegate enum_IsWinRTCtor = 0x4000, // The method is a WinRT constructor enum_IsWinRTStatic = 0x8000, // The method is a WinRT static @@ -119,18 +119,6 @@ public: return (m_flags & enum_IsFieldCall); } - BOOL IsEarlyBoundUnsafe() - { - LIMITED_METHOD_CONTRACT; - return (m_flags & enum_IsEarlyBoundUnsafe); - } - - BOOL NeedsSecurityCheck() - { - LIMITED_METHOD_CONTRACT; - return (m_flags & enum_NeedsSecurityCheck); - } - BOOL IsMethodCall() { WRAPPER_NO_CONTRACT; diff --git a/src/vm/crossgencompile.cpp b/src/vm/crossgencompile.cpp index bcbf9d1636..c4b9d3dfc3 100644 --- a/src/vm/crossgencompile.cpp +++ b/src/vm/crossgencompile.cpp @@ -16,7 +16,6 @@ #include "comdelegate.h" #include "compile.h" -#include "security.h" #include "invokeutil.h" #include "comcallablewrapper.h" diff --git a/src/vm/customattribute.cpp b/src/vm/customattribute.cpp index 60e002eb71..6c765414c3 100644 --- a/src/vm/customattribute.cpp +++ b/src/vm/customattribute.cpp @@ -10,7 +10,6 @@ #include "threads.h" #include "excep.h" #include "corerror.h" -#include "security.h" #include "classnames.h" #include "fcall.h" #include "assemblynative.hpp" diff --git a/src/vm/dispatchinfo.cpp b/src/vm/dispatchinfo.cpp index ee29506d27..492603da05 100644 --- a/src/vm/dispatchinfo.cpp +++ b/src/vm/dispatchinfo.cpp @@ -28,7 +28,6 @@ #include "olevariant.h" #include "commtmemberinfomap.h" #include "dispparammarshaler.h" -#include "security.h" #include "reflectioninvocation.h" #include "dbginterface.h" @@ -1588,50 +1587,6 @@ void DispatchInfo::InvokeMemberWorker(DispatchMemberInfo* pDispMemberInfo, pObjs->MemberInfo = ObjectFromHandle(pDispMemberInfo->m_hndMemberInfo); MemberType = pDispMemberInfo->GetMemberType(); - // Determine whether the member has a link time security check. If so we - // need to emulate this (since the caller is obviously not jitted in this - // case). Only methods and properties can have a link time check. - MethodDesc *pMDforSecurity = NULL; - - if (MemberType == Method) - { - MethodDescCallSite getMethodHandle(METHOD__METHOD_BASE__GET_METHODDESC, &pObjs->MemberInfo); - ARG_SLOT arg = ObjToArgSlot(pObjs->MemberInfo); - pMDforSecurity = (MethodDesc*) getMethodHandle.Call_RetLPVOID(&arg); - } - else if (MemberType == Property) - { - MethodDescCallSite getSetter(METHOD__PROPERTY__GET_SETTER, &pObjs->MemberInfo); - ARG_SLOT args[] = - { - ObjToArgSlot(pObjs->MemberInfo), - BoolToArgSlot(false) - }; - OBJECTREF method = getSetter.Call_RetOBJECTREF(args); - if (method == NULL) - { - MethodDescCallSite getGetter(METHOD__PROPERTY__GET_GETTER, &pObjs->MemberInfo); - ARG_SLOT args1[] = - { - ObjToArgSlot(pObjs->MemberInfo), - BoolToArgSlot(false) - }; - method = getGetter.Call_RetOBJECTREF(args1); - } - - if (method != NULL) - { - GCPROTECT_BEGIN(method) - MethodDescCallSite getMethodHandle(METHOD__METHOD_BASE__GET_METHODDESC, &method); - ARG_SLOT arg = ObjToArgSlot(method); - pMDforSecurity = (MethodDesc*) getMethodHandle.Call_RetLPVOID(&arg); - GCPROTECT_END(); - } - } - - if (pMDforSecurity) - Security::CheckLinkDemandAgainstAppDomain(pMDforSecurity); - switch (MemberType) { case Field: diff --git a/src/vm/dllimport.cpp b/src/vm/dllimport.cpp index a0631c3345..e7857e412d 100644 --- a/src/vm/dllimport.cpp +++ b/src/vm/dllimport.cpp @@ -19,7 +19,6 @@ #include "dllimport.h" #include "method.hpp" #include "siginfo.hpp" -#include "security.h" #include "comdelegate.h" #include "ceeload.h" #include "mlinfo.h" @@ -1183,7 +1182,6 @@ public: #endif // FEATURE_COMINTEROP LogOneFlag(dwStubFlags, NDIRECTSTUB_FL_NGENEDSTUBFORPROFILING, " NDIRECTSTUB_FL_NGENEDSTUBFORPROFILING\n", facility, level); LogOneFlag(dwStubFlags, NDIRECTSTUB_FL_GENERATEDEBUGGABLEIL, " NDIRECTSTUB_FL_GENERATEDEBUGGABLEIL\n", facility, level); - LogOneFlag(dwStubFlags, NDIRECTSTUB_FL_HASDECLARATIVESECURITY, " NDIRECTSTUB_FL_HASDECLARATIVESECURITY\n", facility, level); LogOneFlag(dwStubFlags, NDIRECTSTUB_FL_UNMANAGED_CALLI, " NDIRECTSTUB_FL_UNMANAGED_CALLI\n", facility, level); LogOneFlag(dwStubFlags, NDIRECTSTUB_FL_TRIGGERCCTOR, " NDIRECTSTUB_FL_TRIGGERCCTOR\n", facility, level); #ifdef FEATURE_COMINTEROP @@ -1214,7 +1212,6 @@ public: NDIRECTSTUB_FL_REVERSE_INTEROP | NDIRECTSTUB_FL_NGENEDSTUBFORPROFILING | NDIRECTSTUB_FL_GENERATEDEBUGGABLEIL | - NDIRECTSTUB_FL_HASDECLARATIVESECURITY | NDIRECTSTUB_FL_UNMANAGED_CALLI | NDIRECTSTUB_FL_TRIGGERCCTOR | #ifdef FEATURE_COMINTEROP @@ -5010,44 +5007,7 @@ MethodDesc* NDirect::CreateCLRToNativeILStub( pParamTokenArray = (mdParamDef*)_alloca(numParamTokens * sizeof(mdParamDef)); CollateParamTokens(pModule->GetMDImport(), pSigDesc->m_tkMethodDef, numArgs, pParamTokenArray); - // for interop vectors that have declarative security, we need - // to update the stub flags to ensure a unique stub hash - // is generated based on the marshalling signature AND - // any declarative security. - // IMPORTANT: This will only inject the security callouts for - // interop functionality which has a non-null target MethodDesc. - // Currently, this is known to exclude things like native - // function ptrs. It is assumed that if the target is not - // attribute'able for metadata, then it cannot have declarative - // security - and that the target is not attributable if it was - // not passed to this function. MethodDesc *pMD = pSigDesc->m_pMD; - if (pMD != NULL && SF_IsForwardStub(dwStubFlags)) - { - // In an AppX process there is only one fully trusted AppDomain, so there is never any need to insert - // a security callout on the stubs. - if (!AppX::IsAppXProcess()) - { -#ifdef FEATURE_COMINTEROP - if (pMD->IsComPlusCall() || pMD->IsGenericComPlusCall()) - { - // To preserve Whidbey behavior, we only enforce the implicit demand for - // unmanaged code permission. - MethodTable* pMT = ComPlusCallInfo::FromMethodDesc(pMD)->m_pInterfaceMT; - if (pMT->ClassRequiresUnmanagedCodeCheck() && - !pMD->HasSuppressUnmanagedCodeAccessAttr()) - { - dwStubFlags |= NDIRECTSTUB_FL_HASDECLARATIVESECURITY; - } - } - else -#endif // FEATURE_COMPINTEROP - if (pMD->IsInterceptedForDeclSecurity()) - { - dwStubFlags |= NDIRECTSTUB_FL_HASDECLARATIVESECURITY; - } - } - } NewHolder<ILStubState> pStubState; diff --git a/src/vm/dllimport.h b/src/vm/dllimport.h index c918f58651..058484c45e 100644 --- a/src/vm/dllimport.h +++ b/src/vm/dllimport.h @@ -161,7 +161,7 @@ enum NDirectStubFlags #endif // FEATURE_COMINTEROP NDIRECTSTUB_FL_NGENEDSTUBFORPROFILING = 0x00000100, NDIRECTSTUB_FL_GENERATEDEBUGGABLEIL = 0x00000200, - NDIRECTSTUB_FL_HASDECLARATIVESECURITY = 0x00000400, + // unused = 0x00000400, NDIRECTSTUB_FL_UNMANAGED_CALLI = 0x00000800, NDIRECTSTUB_FL_TRIGGERCCTOR = 0x00001000, #ifdef FEATURE_COMINTEROP @@ -223,7 +223,6 @@ inline bool SF_IsHRESULTSwapping (DWORD dwStubFlags) { LIMITED_METHOD_CONT inline bool SF_IsReverseStub (DWORD dwStubFlags) { LIMITED_METHOD_CONTRACT; return (dwStubFlags < NDIRECTSTUB_FL_INVALID && 0 != (dwStubFlags & NDIRECTSTUB_FL_REVERSE_INTEROP)); } inline bool SF_IsNGENedStubForProfiling(DWORD dwStubFlags) { LIMITED_METHOD_CONTRACT; return (dwStubFlags < NDIRECTSTUB_FL_INVALID && 0 != (dwStubFlags & NDIRECTSTUB_FL_NGENEDSTUBFORPROFILING)); } inline bool SF_IsDebuggableStub (DWORD dwStubFlags) { LIMITED_METHOD_CONTRACT; return (dwStubFlags < NDIRECTSTUB_FL_INVALID && 0 != (dwStubFlags & NDIRECTSTUB_FL_GENERATEDEBUGGABLEIL)); } -inline bool SF_IsStubWithDemand (DWORD dwStubFlags) { LIMITED_METHOD_CONTRACT; return (dwStubFlags < NDIRECTSTUB_FL_INVALID && 0 != (dwStubFlags & NDIRECTSTUB_FL_HASDECLARATIVESECURITY)); } inline bool SF_IsCALLIStub (DWORD dwStubFlags) { LIMITED_METHOD_CONTRACT; return (dwStubFlags < NDIRECTSTUB_FL_INVALID && 0 != (dwStubFlags & NDIRECTSTUB_FL_UNMANAGED_CALLI)); } inline bool SF_IsStubWithCctorTrigger (DWORD dwStubFlags) { LIMITED_METHOD_CONTRACT; return (dwStubFlags < NDIRECTSTUB_FL_INVALID && 0 != (dwStubFlags & NDIRECTSTUB_FL_TRIGGERCCTOR)); } inline bool SF_IsForNumParamBytes (DWORD dwStubFlags) { LIMITED_METHOD_CONTRACT; return (dwStubFlags < NDIRECTSTUB_FL_INVALID && 0 != (dwStubFlags & NDIRECTSTUB_FL_FOR_NUMPARAMBYTES)); } @@ -299,10 +298,6 @@ inline void SF_ConsistencyCheck(DWORD dwStubFlags) CONSISTENCY_CHECK(!(SF_IsFieldGetterStub(dwStubFlags) && !SF_IsHRESULTSwapping(dwStubFlags))); CONSISTENCY_CHECK(!(SF_IsFieldSetterStub(dwStubFlags) && !SF_IsHRESULTSwapping(dwStubFlags))); - // Reverse and CALLI stubs don't have demands - CONSISTENCY_CHECK(!(SF_IsReverseStub(dwStubFlags) && SF_IsStubWithDemand(dwStubFlags))); - CONSISTENCY_CHECK(!(SF_IsCALLIStub(dwStubFlags) && SF_IsStubWithDemand(dwStubFlags))); - // Delegate stubs are not COM CONSISTENCY_CHECK(!(SF_IsDelegateStub(dwStubFlags) && SF_IsCOMStub(dwStubFlags))); } diff --git a/src/vm/domainfile.cpp b/src/vm/domainfile.cpp index 32f35fd39a..e5736b7282 100644 --- a/src/vm/domainfile.cpp +++ b/src/vm/domainfile.cpp @@ -16,7 +16,6 @@ #include <shlwapi.h> -#include "security.h" #include "invokeutil.h" #include "eeconfig.h" #include "dynamicmethod.h" @@ -1291,10 +1290,6 @@ void DomainFile::Activate() m_bDisableActivationCheck=TRUE; pMT->CheckRunClassInitThrowing(); } - if (g_pConfig->VerifyModulesOnLoad()) - { - m_pModule->VerifyAllMethods(); - } #ifdef _DEBUG if (g_pConfig->ExpandModulesOnLoad()) { diff --git a/src/vm/dynamicmethod.cpp b/src/vm/dynamicmethod.cpp index acfea3e7f6..2d0fa9ce56 100644 --- a/src/vm/dynamicmethod.cpp +++ b/src/vm/dynamicmethod.cpp @@ -11,7 +11,6 @@ #include "object.h" #include "method.hpp" #include "comdelegate.h" -#include "security.h" #include "field.h" #include "contractimpl.h" #include "nibblemapmacros.h" diff --git a/src/vm/ecall.cpp b/src/vm/ecall.cpp index 97255e15a1..6f5f11b894 100644 --- a/src/vm/ecall.cpp +++ b/src/vm/ecall.cpp @@ -559,10 +559,6 @@ LPVOID ECall::GetQCallImpl(MethodDesc * pMD) ("%s::%s is not registered using QCFuncElement macro in ecall.cpp", pMD->m_pszDebugClassName, pMD->m_pszDebugMethodName)); - CONSISTENCY_CHECK_MSGF(pMD->HasSuppressUnmanagedCodeAccessAttr(), - ("%s::%s is not marked with SuppressUnmanagedCodeSecurityAttribute()", - pMD->m_pszDebugClassName, pMD->m_pszDebugMethodName)); - DWORD dwAttrs = pMD->GetAttrs(); BOOL fPublicOrProtected = IsMdPublic(dwAttrs) || IsMdFamily(dwAttrs) || IsMdFamORAssem(dwAttrs); diff --git a/src/vm/ecalllist.h b/src/vm/ecalllist.h index a76c64790b..f5dfc9df80 100644 --- a/src/vm/ecalllist.h +++ b/src/vm/ecalllist.h @@ -345,10 +345,6 @@ FCFuncStart(gMetaDataImport) FCFuncElement("_GetMarshalAs", MetaDataImport::GetMarshalAs) FCFuncEnd() -FCFuncStart(gRuntimeFieldInfoFuncs) - FCFuncElement("PerformVisibilityCheckOnField", ReflectionInvocation::PerformVisibilityCheckOnField) -FCFuncEnd() - FCFuncStart(gSignatureNative) FCFuncElement("GetSignature", SignatureNative::GetSignature) FCFuncElement("GetCustomModifiers", SignatureNative::GetCustomModifiers) @@ -1415,7 +1411,6 @@ FCClassElement("RegistrationServices", "System.Runtime.InteropServices", gRegist #endif // FEATURE_COMINTEROP_MANAGED_ACTIVATION #endif // FEATURE_COMINTEROP -FCClassElement("RtFieldInfo", "System.Reflection", gRuntimeFieldInfoFuncs) FCClassElement("RuntimeAssembly", "System.Reflection", gAssemblyFuncs) #ifdef FEATURE_COMINTEROP FCClassElement("RuntimeClass", "System.Runtime.InteropServices.WindowsRuntime", gRuntimeClassFuncs) diff --git a/src/vm/eeconfig.cpp b/src/vm/eeconfig.cpp index 05cdd0aa6c..d7c700efee 100644 --- a/src/vm/eeconfig.cpp +++ b/src/vm/eeconfig.cpp @@ -241,7 +241,6 @@ HRESULT EEConfig::Init() INDEBUG(fStressLog = true;) - fVerifyAllOnLoad = false; #ifdef _DEBUG fExpandAllOnLoad = false; fDebuggable = false; @@ -1096,9 +1095,6 @@ HRESULT EEConfig::sync() fEnableRCWCleanupOnSTAShutdown = (CLRConfig::GetConfigValue(CLRConfig::INTERNAL_EnableRCWCleanupOnSTAShutdown) != 0); #endif // FEATURE_COMINTEROP - //Eager verification of all assemblies. - fVerifyAllOnLoad = (GetConfigDWORD_DontUse_(CLRConfig::EXTERNAL_VerifyAllOnLoad, fVerifyAllOnLoad) != 0); - #ifdef _DEBUG fExpandAllOnLoad = (GetConfigDWORD_DontUse_(CLRConfig::INTERNAL_ExpandAllOnLoad, fExpandAllOnLoad) != 0); #endif //_DEBUG diff --git a/src/vm/eeconfig.h b/src/vm/eeconfig.h index ccd5cd28bd..872765bc27 100644 --- a/src/vm/eeconfig.h +++ b/src/vm/eeconfig.h @@ -474,7 +474,6 @@ public: } #endif // FEATURE_COMINTEROP - bool VerifyModulesOnLoad(void) const { LIMITED_METHOD_CONTRACT; return fVerifyAllOnLoad; } #ifdef _DEBUG bool ExpandModulesOnLoad(void) const { LIMITED_METHOD_CONTRACT; return fExpandAllOnLoad; } #endif //_DEBUG @@ -934,8 +933,6 @@ private: //---------------------------------------------------------------- bool m_fDeveloperInstallation; // We are on a developers machine bool fAppDomainUnload; // Enable appdomain unloading - bool fVerifyAllOnLoad; // True if we want to verify all methods in an assembly at load time. - DWORD dwADURetryCount; #ifdef _DEBUG diff --git a/src/vm/frames.cpp b/src/vm/frames.cpp index 86bb97b8c7..d38762b87e 100644 --- a/src/vm/frames.cpp +++ b/src/vm/frames.cpp @@ -13,7 +13,6 @@ #include "method.hpp" #include "class.h" #include "excep.h" -#include "security.h" #include "stublink.h" #include "fieldmarshaler.h" #include "siginfo.hpp" diff --git a/src/vm/genmeth.cpp b/src/vm/genmeth.cpp index dc55221308..dd8e3283cc 100644 --- a/src/vm/genmeth.cpp +++ b/src/vm/genmeth.cpp @@ -120,34 +120,6 @@ static MethodDesc* CreateMethodDesc(LoaderAllocator *pAllocator, { pMD->SetSynchronized(); } - if (pTemplateMD->RequiresLinktimeCheck()) - { - pMD->SetRequiresLinktimeCheck(); - } - if (pTemplateMD->RequiresInheritanceCheck()) - { - pMD->SetRequiresInheritanceCheck(); - } - if (pTemplateMD->ParentRequiresInheritanceCheck()) - { - pMD->SetParentRequiresInheritanceCheck(); - } - if (pTemplateMD->IsInterceptedForDeclSecurity()) - { - pMD->SetInterceptedForDeclSecurity(); - } - if (pTemplateMD->IsInterceptedForDeclSecurityCASDemandsOnly()) - { - pMD->SetInterceptedForDeclSecurityCASDemandsOnly(); - } - if (pTemplateMD->HasCriticalTransparentInfo()) - { - pMD->SetCriticalTransparentInfo(pTemplateMD->IsCritical(), pTemplateMD->IsTreatAsSafe()); - } - if (pTemplateMD->RequiresLinkTimeCheckHostProtectionOnly()) - { - pMD->SetRequiresLinkTimeCheckHostProtectionOnly(); - } pMD->SetMemberDef(token); pMD->SetSlot(pTemplateMD->GetSlot()); diff --git a/src/vm/i386/cgenx86.cpp b/src/vm/i386/cgenx86.cpp index e315ffb1e6..9b8960a6eb 100644 --- a/src/vm/i386/cgenx86.cpp +++ b/src/vm/i386/cgenx86.cpp @@ -19,7 +19,6 @@ #include "dllimport.h" #include "comdelegate.h" #include "log.h" -#include "security.h" #include "comdelegate.h" #include "array.h" #include "jitinterface.h" diff --git a/src/vm/i386/stublinkerx86.cpp b/src/vm/i386/stublinkerx86.cpp index dbb4c028c1..b77609822b 100644 --- a/src/vm/i386/stublinkerx86.cpp +++ b/src/vm/i386/stublinkerx86.cpp @@ -21,7 +21,6 @@ #include "excep.h" #include "dllimport.h" #include "log.h" -#include "security.h" #include "comdelegate.h" #include "array.h" #include "jitinterface.h" diff --git a/src/vm/interpreter.cpp b/src/vm/interpreter.cpp index df1cc92a97..d18eede1f1 100644 --- a/src/vm/interpreter.cpp +++ b/src/vm/interpreter.cpp @@ -10210,7 +10210,7 @@ void Interpreter::CallI() MethodDesc* pMD; if (mSig.HasThis()) { - pMD = g_pObjectCtorMD; + pMD = g_pObjectFinalizerMD; } else { diff --git a/src/vm/invokeutil.cpp b/src/vm/invokeutil.cpp index 9efc84d711..4c1dd4d203 100644 --- a/src/vm/invokeutil.cpp +++ b/src/vm/invokeutil.cpp @@ -18,7 +18,6 @@ #include "method.hpp" #include "threads.h" #include "excep.h" -#include "security.h" #include "field.h" #include "customattribute.h" #include "eeconfig.h" @@ -601,11 +600,9 @@ void InvokeUtil::ValidField(TypeHandle th, OBJECTREF* value) if (!srcTH.CanCastTo(th)) COMPlusThrow(kArgumentException,W("Arg_ObjObj")); } - Security::SpecialDemand(SSWT_LATEBOUND_LINKDEMAND, SECURITY_SKIP_VER); return; } else if (MscorlibBinder::IsClass((*value)->GetMethodTable(), CLASS__INTPTR)) { - Security::SpecialDemand(SSWT_LATEBOUND_LINKDEMAND, SECURITY_SKIP_VER); return; } diff --git a/src/vm/invokeutil.h b/src/vm/invokeutil.h index cfa1a0e96b..ec8114f76a 100644 --- a/src/vm/invokeutil.h +++ b/src/vm/invokeutil.h @@ -66,14 +66,6 @@ public: virtual MethodDesc* GetCallerMethod(); virtual Assembly* GetCallerAssembly(); virtual bool IsCalledFromInterop(); - - // The caller will be computed lazily by the reflection system. - virtual bool IsCallerCritical() - { - LIMITED_METHOD_CONTRACT; - - return false; - } AccessCheckOptions::AccessCheckType GetAccessCheckType() const { diff --git a/src/vm/jithelpers.cpp b/src/vm/jithelpers.cpp index bfb2b34565..96c2cf6e97 100644 --- a/src/vm/jithelpers.cpp +++ b/src/vm/jithelpers.cpp @@ -20,7 +20,6 @@ #include "excep.h" #include "float.h" // for isnan #include "dbginterface.h" -#include "security.h" #include "dllimport.h" #include "gcheaputilities.h" #include "comdelegate.h" @@ -46,7 +45,6 @@ #include "genericdict.h" #include "array.h" #include "debuginfostore.h" -#include "security.h" #include "safemath.h" #include "threadstatics.h" diff --git a/src/vm/jitinterface.cpp b/src/vm/jitinterface.cpp index ff3010d12c..97fe3e8262 100644 --- a/src/vm/jitinterface.cpp +++ b/src/vm/jitinterface.cpp @@ -24,7 +24,6 @@ #include "excep.h" #include "float.h" // for isnan #include "dbginterface.h" -#include "security.h" #include "dllimport.h" #include "gcheaputilities.h" #include "comdelegate.h" @@ -47,7 +46,6 @@ #include "genericdict.h" #include "array.h" #include "debuginfostore.h" -#include "security.h" #include "safemath.h" #include "runtimehandles.h" #include "sigbuilder.h" @@ -1787,9 +1785,7 @@ void CEEInfo::getFieldInfo (CORINFO_RESOLVED_TOKEN * pResolvedToken, fieldAttribs, NULL, (flags & CORINFO_ACCESS_INIT_ARRAY) ? NULL : pField, // For InitializeArray, we don't need tocheck the type of the field. - accessCheckOptions, - FALSE /*checkTargetMethodTransparency*/, - TRUE /*checkTargetTypeTransparency*/); + accessCheckOptions); if (!canAccess) { @@ -1928,14 +1924,6 @@ CEEInfo::findCallSiteSig( if (TypeFromToken(sigMethTok) == mdtMemberRef) { IfFailThrow(module->GetMDImport()->GetNameAndSigOfMemberRef(sigMethTok, &pSig, &cbSig, &szName)); - - // Defs have already been checked by the loader for validity - // However refs need to be checked. - if (!Security::CanSkipVerification(module->GetDomainAssembly())) - { - // Can pass 0 for the flags, since it is only used for defs. - IfFailThrow(validateTokenSig(sigMethTok, pSig, cbSig, 0, module->GetMDImport())); - } } else if (TypeFromToken(sigMethTok) == mdtMethodDef) { @@ -5559,9 +5547,7 @@ void CEEInfo::getCallInfo( pCalleeForSecurity->GetAttrs(), pCalleeForSecurity, NULL, - accessCheckOptions, - FALSE, - TRUE + accessCheckOptions ); // If we were allowed access to the exact method, but it is on a type that has a type parameter @@ -5581,11 +5567,10 @@ void CEEInfo::getCallInfo( // No accees check is need for Var, MVar, or FnPtr. if (pTypeParamMT != NULL) - canAccessMethod = ClassLoader::CanAccessClassForExtraChecks(&accessContext, - pTypeParamMT, - typeParam.GetAssembly(), - accessCheckOptions, - TRUE); + canAccessMethod = ClassLoader::CanAccessClass(&accessContext, + pTypeParamMT, + typeParam.GetAssembly(), + accessCheckOptions); } pResult->accessAllowed = canAccessMethod ? CORINFO_ACCESS_ALLOWED : CORINFO_ACCESS_ILLEGAL; @@ -6499,13 +6484,10 @@ DWORD CEEInfo::getMethodAttribsInternal (CORINFO_METHOD_HANDLE ftn) if (pMD->IsLCGMethod()) { -#ifndef CROSSGEN_COMPILE -#endif // !CROSSGEN_COMPILE - return CORINFO_FLG_STATIC | CORINFO_FLG_DONT_INLINE | CORINFO_FLG_NOSECURITYWRAP; } - DWORD result = 0; + DWORD result = CORINFO_FLG_NOSECURITYWRAP; // <REVISIT_TODO>@todo: can we git rid of CORINFO_FLG_ stuff and just include cor.h?</REVISIT_TODO> @@ -6559,11 +6541,6 @@ DWORD CEEInfo::getMethodAttribsInternal (CORINFO_METHOD_HANDLE ftn) result |= CORINFO_FLG_PINVOKE; } - if (!pMD->IsInterceptedForDeclSecurity()) - { - result |= CORINFO_FLG_NOSECURITYWRAP; - } - if (IsMdRequireSecObject(attribs)) { // Assume all methods marked as DynamicSecurity are @@ -6645,15 +6622,6 @@ void CEEInfo::setMethodAttribs ( } } - // Both CORINFO_FLG_UNVERIFIABLE and CORINFO_FLG_VERIFIABLE cannot be set - _ASSERTE(!(attribs & CORINFO_FLG_UNVERIFIABLE) || - !(attribs & CORINFO_FLG_VERIFIABLE )); - - if (attribs & CORINFO_FLG_VERIFIABLE) - ftn->SetIsVerified(TRUE); - else if (attribs & CORINFO_FLG_UNVERIFIABLE) - ftn->SetIsVerified(FALSE); - EE_TO_JIT_TRANSITION(); } @@ -7389,12 +7357,6 @@ CEEInfo::getMethodInfo( else { /* Get the IL header */ - /* <REVISIT_TODO>TODO: canInline already did validation, however, we do it again - here because NGEN uses this function without calling canInline - It would be nice to avoid this redundancy </REVISIT_TODO>*/ - Module* pModule = ftn->GetModule(); - - bool verify = !Security::CanSkipVerification(ftn); if (ftn->IsDynamicMethod()) { @@ -7402,28 +7364,7 @@ CEEInfo::getMethodInfo( } else { - COR_ILMETHOD_DECODER::DecoderStatus status = COR_ILMETHOD_DECODER::SUCCESS; - COR_ILMETHOD_DECODER header(ftn->GetILHeader(TRUE), ftn->GetMDImport(), verify ? &status : NULL); - - // If we get a verification error then we try to demand SkipVerification for the module - if (status == COR_ILMETHOD_DECODER::VERIFICATION_ERROR && - Security::CanSkipVerification(pModule->GetDomainAssembly())) - { - status = COR_ILMETHOD_DECODER::SUCCESS; - } - - if (status != COR_ILMETHOD_DECODER::SUCCESS) - { - if (status == COR_ILMETHOD_DECODER::VERIFICATION_ERROR) - { - // Throw a verification HR - COMPlusThrowHR(COR_E_VERIFICATION); - } - else - { - COMPlusThrowHR(COR_E_BADIMAGEFORMAT, BFA_BAD_IL); - } - } + COR_ILMETHOD_DECODER header(ftn->GetILHeader(TRUE), ftn->GetMDImport(), NULL); getMethodInfoHelper(ftn, ftnHnd, &header, methInfo); } @@ -7550,25 +7491,6 @@ CorInfoInline CEEInfo::canInline (CORINFO_METHOD_HANDLE hCaller, Module * pOrigCallerModule; pOrigCallerModule = pOrigCaller->GetLoaderModule(); - // Prevent recursive compiling/inlining/verifying - if (pOrigCaller != pCallee) - { - // The Inliner may not do code verification. - // So never inline anything that is unverifiable / bad code. - if (!Security::CanSkipVerification(pCallee)) - { - // Inlinee needs to be verifiable - if (!pCallee->IsVerifiable()) - { - result = INLINE_NEVER; - szFailReason = "Inlinee is not verifiable"; - goto exit; - } - } - } - - // We check this here as the call to MethodDesc::IsVerifiable() - // may set CORINFO_FLG_DONT_INLINE. if (pCallee->IsNotInline()) { result = INLINE_NEVER; @@ -7969,8 +7891,7 @@ CorInfoInstantiationVerification goto exit; } - result = pMethod->IsVerifiable() ? INSTVER_GENERIC_PASSED_VERIFICATION - : INSTVER_GENERIC_FAILED_VERIFICATION; + result = INSTVER_GENERIC_PASSED_VERIFICATION; exit: ; @@ -8025,16 +7946,6 @@ bool CEEInfo::canTailCall (CORINFO_METHOD_HANDLE hCaller, goto exit; } - // TailCalls will throw off security stackwalking logic when there is a declarative Assert - // Note that this check will also include declarative demands. It's OK to do a tailcall in - // those cases, but we currently don't have a way to check only for declarative Asserts. - if (pCaller->IsInterceptedForDeclSecurity()) - { - result = false; - szFailReason = "Caller has declarative security"; - goto exit; - } - if (!fIsTailPrefix) { mdMethodDef callerToken = pCaller->GetMemberDef(); @@ -11881,13 +11792,6 @@ CorJitResult invokeCompileMethod(EEJitManager *jitMgr, return ret; } -CORJIT_FLAGS GetCompileFlagsIfGenericInstantiation( - CORINFO_METHOD_HANDLE method, - CORJIT_FLAGS compileFlags, - ICorJitInfo * pCorJitInfo, - BOOL * raiseVerificationException, - BOOL * unverifiableGenericCode); - CorJitResult CallCompileMethodWithSEHWrapper(EEJitManager *jitMgr, CEEInfo *comp, struct CORINFO_METHOD_INFO *info, @@ -12137,22 +12041,10 @@ CORJIT_FLAGS GetCompileFlags(MethodDesc * ftn, CORJIT_FLAGS flags, CORINFO_METHO } } - // - // Verification flags - // - -#ifdef _DEBUG - if (g_pConfig->IsJitVerificationDisabled()) - flags.Set(CORJIT_FLAGS::CORJIT_FLAG_SKIP_VERIFICATION); -#endif // _DEBUG - - if (!flags.IsSet(CORJIT_FLAGS::CORJIT_FLAG_IMPORT_ONLY) && Security::CanSkipVerification(ftn)) - flags.Set(CORJIT_FLAGS::CORJIT_FLAG_SKIP_VERIFICATION); + flags.Set(CORJIT_FLAGS::CORJIT_FLAG_SKIP_VERIFICATION); if (ftn->IsILStub()) { - flags.Set(CORJIT_FLAGS::CORJIT_FLAG_SKIP_VERIFICATION); - // no debug info available for IL stubs flags.Clear(CORJIT_FLAGS::CORJIT_FLAG_DEBUG_INFO); } @@ -12160,148 +12052,6 @@ CORJIT_FLAGS GetCompileFlags(MethodDesc * ftn, CORJIT_FLAGS flags, CORINFO_METHO return flags; } -#if defined(_WIN64) -//The implementation of Jit64 prevents it from both inlining and verifying at the same time. This causes a -//perf problem for code that adopts Transparency. This code attempts to enable inlining in spite of that -//limitation in that scenario. -// -//This only works for real methods. If the method isn't IsIL, then IsVerifiable will AV. That would be a -//bad thing (TM). -BOOL IsTransparentMethodSafeToSkipVerification(CORJIT_FLAGS flags, MethodDesc * ftn) -{ - STANDARD_VM_CONTRACT; - - BOOL ret = FALSE; - if (!flags.IsSet(CORJIT_FLAGS::CORJIT_FLAG_IMPORT_ONLY) && !flags.IsSet(CORJIT_FLAGS::CORJIT_FLAG_SKIP_VERIFICATION) - && Security::IsMethodTransparent(ftn) && - ((ftn->IsIL() && !ftn->IsUnboxingStub()) || - (ftn->IsDynamicMethod() && !ftn->IsILStub()))) - { - EX_TRY - { - //Verify the method - ret = ftn->IsVerifiable(); - } - EX_CATCH - { - //If the jit throws an exception, do not let it leak out of here. For example, we can sometimes - //get an IPE that we could recover from in the Jit (i.e. invalid local in a method with skip - //verification). - } - EX_END_CATCH(RethrowTerminalExceptions) - } - return ret; -} -#else -#define IsTransparentMethodSafeToSkipVerification(flags,ftn) (FALSE) -#endif //_WIN64 - -/*********************************************************************/ -// We verify generic code once and for all using the typical open type, -// and then no instantiations need to be verified. If verification -// failed, then we need to throw an exception whenever we try -// to compile a real instantiation - -CORJIT_FLAGS GetCompileFlagsIfGenericInstantiation( - CORINFO_METHOD_HANDLE method, - CORJIT_FLAGS compileFlags, - ICorJitInfo * pCorJitInfo, - BOOL * raiseVerificationException, - BOOL * unverifiableGenericCode) -{ - STANDARD_VM_CONTRACT; - - *raiseVerificationException = FALSE; - *unverifiableGenericCode = FALSE; - - // If we have already decided to skip verification, keep on going. - if (compileFlags.IsSet(CORJIT_FLAGS::CORJIT_FLAG_SKIP_VERIFICATION)) - return compileFlags; - - CorInfoInstantiationVerification ver = pCorJitInfo->isInstantiationOfVerifiedGeneric(method); - - switch(ver) - { - case INSTVER_NOT_INSTANTIATION: - // Non-generic, or open instantiation of a generic type/method - if (IsTransparentMethodSafeToSkipVerification(compileFlags, (MethodDesc*)method)) - compileFlags.Set(CORJIT_FLAGS::CORJIT_FLAG_SKIP_VERIFICATION); - return compileFlags; - - case INSTVER_GENERIC_PASSED_VERIFICATION: - // If the typical instantiation is verifiable, there is no need - // to verify the concrete instantiations - compileFlags.Set(CORJIT_FLAGS::CORJIT_FLAG_SKIP_VERIFICATION); - return compileFlags; - - case INSTVER_GENERIC_FAILED_VERIFICATION: - - *unverifiableGenericCode = TRUE; - - // The generic method is not verifiable. - // Check if it has SkipVerification permission - MethodDesc * pGenMethod = GetMethod(method)->LoadTypicalMethodDefinition(); - - CORINFO_METHOD_HANDLE genMethodHandle = CORINFO_METHOD_HANDLE(pGenMethod); - - CorInfoCanSkipVerificationResult canSkipVer; - canSkipVer = pCorJitInfo->canSkipMethodVerification(genMethodHandle); - - switch(canSkipVer) - { - -#ifdef FEATURE_PREJIT - case CORINFO_VERIFICATION_DONT_JIT: - { - // Transparent code could be partial trust, but we don't know at NGEN time. - // This is the flag that NGEN passes to the JIT to tell it to give-up if it - // hits unverifiable code. Since we've already hit unverifiable code, - // there's no point in starting the JIT, just to have it give up, so we - // give up here. - _ASSERTE(compileFlags.IsSet(CORJIT_FLAGS::CORJIT_FLAG_PREJIT)); - *raiseVerificationException = TRUE; - return CORJIT_FLAGS(); // This value will not be used - } -#else // FEATURE_PREJIT - // Need to have this case here to keep the MAC build happy - case CORINFO_VERIFICATION_DONT_JIT: - { - _ASSERTE(!"We should never get here"); - return compileFlags; - } -#endif // FEATURE_PREJIT - - case CORINFO_VERIFICATION_CANNOT_SKIP: - { - // For unverifiable generic code without SkipVerification permission, - // we cannot ask the compiler to emit CORINFO_HELP_VERIFICATION in - // unverifiable branches as the compiler cannot determine the unverifiable - // branches while compiling the concrete instantiation. Instead, - // just throw a VerificationException right away. - *raiseVerificationException = TRUE; - return CORJIT_FLAGS(); // This value will not be used - } - - case CORINFO_VERIFICATION_CAN_SKIP: - { - compileFlags.Set(CORJIT_FLAGS::CORJIT_FLAG_SKIP_VERIFICATION); - return compileFlags; - } - - case CORINFO_VERIFICATION_RUNTIME_CHECK: - { - // Compile the method without CORJIT_FLAG_SKIP_VERIFICATION. - // The compiler will know to add a call to - // CORINFO_HELP_VERIFICATION_RUNTIME_CHECK, and then to skip verification. - return compileFlags; - } - } - } - - _ASSERTE(!"We should never get here"); - return compileFlags; -} - // ******************************************************************** // Throw the right type of exception for the given JIT result @@ -12560,26 +12310,12 @@ PCODE UnsafeJitFunction(MethodDesc* ftn, COR_ILMETHOD_DECODER* ILHeader, CORJIT_ pMethodForSecurity->GetAttrs(), pMethodForSecurity, NULL, - accessCheckOptions, - TRUE /*Check method transparency*/, - TRUE /*Check type transparency*/)) + accessCheckOptions)) { EX_THROW(EEMethodException, (pMethodForSecurity)); } } - BOOL raiseVerificationException, unverifiableGenericCode; - - flags = GetCompileFlagsIfGenericInstantiation( - ftnHnd, - flags, - &jitInfo, - &raiseVerificationException, - &unverifiableGenericCode); - - if (raiseVerificationException) - COMPlusThrow(kVerificationException); - CorJitResult res; PBYTE nativeEntry; ULONG sizeOfCode; @@ -12676,11 +12412,6 @@ PCODE UnsafeJitFunction(MethodDesc* ftn, COR_ILMETHOD_DECODER* ILHeader, CORJIT_ if (flags.IsSet(CORJIT_FLAGS::CORJIT_FLAG_IMPORT_ONLY)) { - // The method must been processed by the verifier. Note that it may - // either have been marked as verifiable or unverifiable. - // ie. IsVerified() does not imply IsVerifiable() - _ASSERTE(ftn->IsVerified()); - // We are done break; } diff --git a/src/vm/marshalnative.cpp b/src/vm/marshalnative.cpp index 34d7a861b5..a552ef33f5 100644 --- a/src/vm/marshalnative.cpp +++ b/src/vm/marshalnative.cpp @@ -28,7 +28,6 @@ #include "fieldmarshaler.h" #include "cgensys.h" #include "gcheaputilities.h" -#include "security.h" #include "dbginterface.h" #include "marshalnative.h" #include "fcall.h" diff --git a/src/vm/memberload.cpp b/src/vm/memberload.cpp index 6f0f2b6213..86be548cd2 100644 --- a/src/vm/memberload.cpp +++ b/src/vm/memberload.cpp @@ -30,7 +30,6 @@ #include "fieldmarshaler.h" #include "cgensys.h" #include "gcheaputilities.h" -#include "security.h" #include "dbginterface.h" #include "comdelegate.h" #include "sigformat.h" diff --git a/src/vm/method.cpp b/src/vm/method.cpp index fc84298bc7..63777e8ac1 100644 --- a/src/vm/method.cpp +++ b/src/vm/method.cpp @@ -12,7 +12,6 @@ #include "common.h" -#include "security.h" #include "excep.h" #include "dbginterface.h" #include "ecall.h" @@ -939,118 +938,6 @@ BOOL MethodDesc::IsTightlyBoundToMethodTable() #ifndef DACCESS_COMPILE - -//******************************************************************************* -HRESULT MethodDesc::Verify(COR_ILMETHOD_DECODER* ILHeader, - BOOL fThrowException, - BOOL fForceVerify) -{ - CONTRACTL - { - NOTHROW; - GC_TRIGGERS; - INJECT_FAULT(return E_OUTOFMEMORY;); - } - CONTRACTL_END - -#ifdef _VER_EE_VERIFICATION_ENABLED - // ForceVerify will force verification if the Verifier is OFF - if (fForceVerify) - goto DoVerify; - - // Don't even try to verify if verifier is off. - if (g_fVerifierOff) - return S_OK; - - if (IsVerified()) - return S_OK; - - // LazyCanSkipVerification does not resolve the policy. - // We go ahead with verification if policy is not resolved. - // In case the verification fails, we resolve policy and - // fail verification if the Assembly of this method does not have - // permission to skip verification. - - if (Security::LazyCanSkipVerification(GetModule()->GetDomainAssembly())) - return S_OK; - -#ifdef _DEBUG - _ASSERTE(Security::IsSecurityOn()); - _ASSERTE(GetModule() != SystemDomain::SystemModule()); -#endif // _DEBUG - - -DoVerify: - - HRESULT hr; - - if (fThrowException) - hr = Verifier::VerifyMethod(this, ILHeader, NULL, - fForceVerify ? VER_FORCE_VERIFY : VER_STOP_ON_FIRST_ERROR); - else - hr = Verifier::VerifyMethodNoException(this, ILHeader); - - if (SUCCEEDED(hr)) - SetIsVerified(TRUE); - - return hr; -#else // !_VER_EE_VERIFICATION_ENABLED - _ASSERTE(!"EE Verification is disabled, should never get here"); - return E_FAIL; -#endif // !_VER_EE_VERIFICATION_ENABLED -} - -//******************************************************************************* - -BOOL MethodDesc::IsVerifiable() -{ - STANDARD_VM_CONTRACT; - - if (IsVerified()) - return (m_wFlags & mdcVerifiable); - - if (!IsTypicalMethodDefinition()) - { - // We cannot verify concrete instantiation (eg. List<int>.Add()). - // We have to verify the typical instantiation (eg. List<T>.Add()). - MethodDesc * pGenMethod = LoadTypicalMethodDefinition(); - BOOL isVerifiable = pGenMethod->IsVerifiable(); - - // Propagate the result from the typical instantiation to the - // concrete instantiation - SetIsVerified(isVerifiable); - - return isVerifiable; - } - - COR_ILMETHOD_DECODER *pHeader = NULL; - // Don't use HasILHeader() here because it returns the wrong answer - // for methods that have DynamicIL (not to be confused with DynamicMethods) - if (IsIL() && !IsUnboxingStub()) - { - COR_ILMETHOD_DECODER::DecoderStatus status; - COR_ILMETHOD_DECODER header(GetILHeader(), GetMDImport(), &status); - if (status != COR_ILMETHOD_DECODER::SUCCESS) - { - COMPlusThrowHR(COR_E_BADIMAGEFORMAT, BFA_BAD_IL); - } - pHeader = &header; - -#ifdef _VER_EE_VERIFICATION_ENABLED - static ConfigDWORD peVerify; - if (peVerify.val(CLRConfig::EXTERNAL_PEVerify)) - { - HRESULT hr = Verify(&header, TRUE, FALSE); - } -#endif // _VER_EE_VERIFICATION_ENABLED - } - - UnsafeJitFunction(this, pHeader, CORJIT_FLAGS(CORJIT_FLAGS::CORJIT_FLAG_IMPORT_ONLY)); - _ASSERTE(IsVerified()); - - return (IsVerified() && (m_wFlags & mdcVerifiable)); -} - //******************************************************************************* // Update flags in a thread safe manner. WORD MethodDesc::InterlockedUpdateFlags(WORD wMask, BOOL fSet) @@ -2655,9 +2542,6 @@ void MethodDesc::Save(DataImage *image) { STANDARD_VM_CONTRACT; - // Make sure that the transparency is cached in the NGen image - Security::IsMethodTransparent(this); - // Initialize the DoesNotHaveEquivalentValuetypeParameters flag. // If we fail to determine whether there is a type-equivalent struct parameter (eg. because there is a struct parameter // defined in a missing dependency), then just continue. The reason we run this method is to initialize a flag that is @@ -5143,14 +5027,6 @@ BOOL MethodDesc::HasNativeCallableAttribute() return FALSE; } -//******************************************************************************* -BOOL MethodDesc::HasSuppressUnmanagedCodeAccessAttr() -{ - LIMITED_METHOD_CONTRACT; - - return TRUE; -} - #ifdef FEATURE_COMINTEROP //******************************************************************************* void ComPlusCallMethodDesc::InitComEventCallInfo() diff --git a/src/vm/method.hpp b/src/vm/method.hpp index 99c2384a2d..671fd82b7f 100644 --- a/src/vm/method.hpp +++ b/src/vm/method.hpp @@ -146,29 +146,10 @@ enum MethodDescClassification // Method is static mdcStatic = 0x0020, - // Temporary Security Interception. - // Methods can now be intercepted by security. An intercepted method behaves - // like it was an interpreted method. The Prestub at the top of the method desc - // is replaced by an interception stub. Therefore, no back patching will occur. - // We picked this approach to minimize the number variations given IL and native - // code with edit and continue. E&C will need to find the real intercepted method - // and if it is intercepted change the real stub. If E&C is enabled then there - // is no back patching and needs to fix the pre-stub. - mdcIntercepted = 0x0040, - - // Method requires linktime security checks. - mdcRequiresLinktimeCheck = 0x0080, - - // Method requires inheritance security checks. - // If this bit is set, then this method demands inheritance permissions - // or a method that this method overrides demands inheritance permissions - // or both. - mdcRequiresInheritanceCheck = 0x0100, - - // The method that this method overrides requires an inheritance security check. - // This bit is used as an optimization to avoid looking up overridden methods - // during the inheritance check. - mdcParentRequiresInheritanceCheck = 0x0200, + // unused = 0x0040, + // unused = 0x0080, + // unused = 0x0100, + // unused = 0x0200, // Duplicate method. When a method needs to be placed in multiple slots in the // method table, because it could not be packed into one slot. For eg, a method @@ -673,7 +654,6 @@ public: } void ComputeSuppressUnmanagedCodeAccessAttr(IMDInternalImport *pImport); - BOOL HasSuppressUnmanagedCodeAccessAttr(); BOOL HasNativeCallableAttribute(); #ifdef FEATURE_COMINTEROP @@ -701,32 +681,6 @@ public: // Update flags in a thread safe manner. WORD InterlockedUpdateFlags(WORD wMask, BOOL fSet); - inline DWORD IsInterceptedForDeclSecurity() - { - LIMITED_METHOD_CONTRACT; - STATIC_CONTRACT_SO_TOLERANT; - return m_wFlags & mdcIntercepted; - } - - inline void SetInterceptedForDeclSecurity() - { - LIMITED_METHOD_CONTRACT; - m_wFlags |= mdcIntercepted; - } - - inline DWORD IsInterceptedForDeclSecurityCASDemandsOnly() - { - LIMITED_METHOD_CONTRACT; - STATIC_CONTRACT_SO_TOLERANT; - return m_bFlags2 & enum_flag2_CASDemandsOnly; - } - - inline void SetInterceptedForDeclSecurityCASDemandsOnly() - { - LIMITED_METHOD_CONTRACT; - m_bFlags2 |= enum_flag2_CASDemandsOnly; - } - // If the method is in an Edit and Contine (EnC) module, then // we DON'T want to backpatch this, ever. We MUST always call // through the precode so that we can update the method. @@ -815,50 +769,11 @@ public: BOOL IsQCall(); //================================================================ - // Has the method been verified? - // This does not mean that the IL is verifiable, just that we have - // determined if the IL is verfiable or unverifiable. - // (Is this is dead code since the JIT now does verification?) - - inline BOOL IsVerified() - { - LIMITED_METHOD_CONTRACT; - return m_wFlags & mdcVerifiedState; - } - - inline void SetIsVerified(BOOL isVerifiable) - { - WRAPPER_NO_CONTRACT; - - WORD flags = isVerifiable ? (WORD(mdcVerifiedState) | WORD(mdcVerifiable)) - : (WORD(mdcVerifiedState)); - InterlockedUpdateFlags(flags, TRUE); - } - - inline void ResetIsVerified() - { - WRAPPER_NO_CONTRACT; - InterlockedUpdateFlags(mdcVerifiedState | mdcVerifiable, FALSE); - } - - BOOL IsVerifiable(); - - // fThrowException is used to prevent Verifier from - // throwin an exception on error - // fForceVerify is to be used by tools that need to - // force verifier to verify code even if the code is fully trusted. - HRESULT Verify(COR_ILMETHOD_DECODER* ILHeader, - BOOL fThrowException, - BOOL fForceVerify); - - - //================================================================ // inline void ClearFlagsOnUpdate() { WRAPPER_NO_CONTRACT; - ResetIsVerified(); SetNotInline(FALSE); } @@ -1225,45 +1140,6 @@ protected: } public: - //================================================================== - // Security... - - inline DWORD RequiresLinktimeCheck() - { - LIMITED_METHOD_CONTRACT; - return m_wFlags & mdcRequiresLinktimeCheck; - } - - inline DWORD RequiresInheritanceCheck() - { - LIMITED_METHOD_CONTRACT; - return m_wFlags & mdcRequiresInheritanceCheck; - } - - inline DWORD ParentRequiresInheritanceCheck() - { - LIMITED_METHOD_CONTRACT; - return m_wFlags & mdcParentRequiresInheritanceCheck; - } - - void SetRequiresLinktimeCheck() - { - LIMITED_METHOD_CONTRACT; - m_wFlags |= mdcRequiresLinktimeCheck; - } - - void SetRequiresInheritanceCheck() - { - LIMITED_METHOD_CONTRACT; - m_wFlags |= mdcRequiresInheritanceCheck; - } - - void SetParentRequiresInheritanceCheck() - { - LIMITED_METHOD_CONTRACT; - m_wFlags |= mdcParentRequiresInheritanceCheck; - } - mdMethodDef GetMemberDef() const; mdMethodDef GetMemberDef_NoLogging() const; @@ -1765,62 +1641,6 @@ public: VOID GetMethodInfoNoSig(SString &namespaceOrClassName, SString &methodName); VOID GetFullMethodInfo(SString& fullMethodSigName); - BOOL IsCritical() - { - LIMITED_METHOD_CONTRACT; - _ASSERTE(HasCriticalTransparentInfo()); - return (m_bFlags2 & enum_flag2_Transparency_Mask) != enum_flag2_Transparency_Transparent; - } - - BOOL IsTreatAsSafe() - { - LIMITED_METHOD_CONTRACT; - _ASSERTE(HasCriticalTransparentInfo()); - return (m_bFlags2 & enum_flag2_Transparency_Mask) == enum_flag2_Transparency_TreatAsSafe; - } - - BOOL IsTransparent() - { - WRAPPER_NO_CONTRACT; - _ASSERTE(HasCriticalTransparentInfo()); - return !IsCritical(); - } - - BOOL HasCriticalTransparentInfo() - { - LIMITED_METHOD_CONTRACT; - return (m_bFlags2 & enum_flag2_Transparency_Mask) != enum_flag2_Transparency_Unknown; - } - - void SetCriticalTransparentInfo(BOOL fIsCritical, BOOL fIsTreatAsSafe) - { - WRAPPER_NO_CONTRACT; - - // TreatAsSafe has to imply critical - _ASSERTE(fIsCritical || !fIsTreatAsSafe); - - EnsureWritablePages(this); - InterlockedUpdateFlags2( - static_cast<BYTE>(fIsTreatAsSafe ? enum_flag2_Transparency_TreatAsSafe : - fIsCritical ? enum_flag2_Transparency_Critical : - enum_flag2_Transparency_Transparent), - TRUE); - - _ASSERTE(HasCriticalTransparentInfo()); - } - - BOOL RequiresLinkTimeCheckHostProtectionOnly() - { - LIMITED_METHOD_CONTRACT; - return (m_bFlags2 & enum_flag2_HostProtectionLinkCheckOnly) != 0; - } - - void SetRequiresLinkTimeCheckHostProtectionOnly() - { - LIMITED_METHOD_CONTRACT; - m_bFlags2 |= enum_flag2_HostProtectionLinkCheckOnly; - } - BOOL HasTypeEquivalentStructParameters() #ifndef FEATURE_TYPEEQUIVALENCE { @@ -1870,21 +1690,10 @@ protected: enum_flag2_IsUnboxingStub = 0x04, enum_flag2_HasNativeCodeSlot = 0x08, // Has slot for native code - enum_flag2_Transparency_Mask = 0x30, - enum_flag2_Transparency_Unknown = 0x00, // The transparency has not been computed yet - enum_flag2_Transparency_Transparent = 0x10, // Method is transparent - enum_flag2_Transparency_Critical = 0x20, // Method is critical - enum_flag2_Transparency_TreatAsSafe = 0x30, // Method is treat as safe. Also implied critical. - - // CAS Demands: Demands for Permissions that are CAS Permissions. CAS Perms are those - // that derive from CodeAccessPermission and need a stackwalk to evaluate demands - // Non-CAS perms are those that don't need a stackwalk and don't derive from CodeAccessPermission. The implementor - // specifies the behavior on a demand. Examples: CAS: FileIOPermission. Non-CAS: PrincipalPermission. - // This bit gets set if the demands are BCL CAS demands only. Even if there are non-BCL CAS demands, we don't set this - // bit. - enum_flag2_CASDemandsOnly = 0x40, - - enum_flag2_HostProtectionLinkCheckOnly = 0x80, // Method has LinkTime check due to HP only. + // unused = 0x10, + // unused = 0x20, + // unused = 0x40, + // unused = 0x80, }; BYTE m_bFlags2; diff --git a/src/vm/methodtable.cpp b/src/vm/methodtable.cpp index 6e6987ebf2..1088082c84 100644 --- a/src/vm/methodtable.cpp +++ b/src/vm/methodtable.cpp @@ -33,7 +33,6 @@ #include "fieldmarshaler.h" #include "cgensys.h" #include "gcheaputilities.h" -#include "security.h" #include "dbginterface.h" #include "comdelegate.h" #include "eventtrace.h" @@ -5157,7 +5156,7 @@ void MethodTable::CheckRestore() BOOL SatisfiesClassConstraints(TypeHandle instanceTypeHnd, TypeHandle typicalTypeHnd, const InstantiationContext *pInstContext); -static VOID DoAccessibilityCheck(MethodTable *pAskingMT, MethodTable *pTargetMT, UINT resIDWhy, BOOL checkTargetTypeTransparency) +static VOID DoAccessibilityCheck(MethodTable *pAskingMT, MethodTable *pTargetMT, UINT resIDWhy) { CONTRACTL { @@ -5171,8 +5170,7 @@ static VOID DoAccessibilityCheck(MethodTable *pAskingMT, MethodTable *pTargetMT, if (!ClassLoader::CanAccessClass(&accessContext, pTargetMT, //the desired class pTargetMT->GetAssembly(), //the desired class's assembly - *AccessCheckOptions::s_pNormalAccessChecks, - checkTargetTypeTransparency + *AccessCheckOptions::s_pNormalAccessChecks )) { SString displayName; @@ -5221,7 +5219,7 @@ VOID DoAccessibilityCheckForConstraint(MethodTable *pAskingMT, TypeHandle thCons } else { - DoAccessibilityCheck(pAskingMT, thConstraint.GetMethodTable(), resIDWhy, FALSE); + DoAccessibilityCheck(pAskingMT, thConstraint.GetMethodTable(), resIDWhy); } } @@ -5585,7 +5583,7 @@ void MethodTable::DoFullyLoad(Generics::RecursionGraph * const pVisited, const // A transparenct type should not be allowed to derive from a critical type. // However since this has never been enforced before we have many classes that // violate this rule. Enforcing it now will be a breaking change. - DoAccessibilityCheck(this, pParentMT, E_ACCESSDENIED, /* checkTargetTypeTransparency*/ FALSE); + DoAccessibilityCheck(this, pParentMT, E_ACCESSDENIED); } } } @@ -5604,7 +5602,7 @@ void MethodTable::DoFullyLoad(Generics::RecursionGraph * const pVisited, const // A transparenct type should not be allowed to implement a critical interface. // However since this has never been enforced before we have many classes that // violate this rule. Enforcing it now will be a breaking change. - DoAccessibilityCheck(this, it.GetInterface(), IDS_CLASSLOAD_INTERFACE_NO_ACCESS, /* checkTargetTypeTransparency*/ FALSE); + DoAccessibilityCheck(this, it.GetInterface(), IDS_CLASSLOAD_INTERFACE_NO_ACCESS); } } } @@ -5643,7 +5641,7 @@ void MethodTable::DoFullyLoad(Generics::RecursionGraph * const pVisited, const if (fNeedAccessChecks) { - DoAccessibilityCheck(this, th.GetMethodTable(), E_ACCESSDENIED, FALSE); + DoAccessibilityCheck(this, th.GetMethodTable(), E_ACCESSDENIED); } } diff --git a/src/vm/methodtablebuilder.cpp b/src/vm/methodtablebuilder.cpp index c185ba112a..888dd7fb6f 100644 --- a/src/vm/methodtablebuilder.cpp +++ b/src/vm/methodtablebuilder.cpp @@ -21,7 +21,6 @@ #include "encee.h" #include "mdaassistants.h" #include "ecmakey.h" -#include "security.h" #include "customattribute.h" #include "typestring.h" @@ -4177,19 +4176,6 @@ VOID MethodTableBuilder::InitializeFieldDescs(FieldDesc *pFieldDescList, pszFieldName ); - // Check if the ValueType field containing non-publics is overlapped - if (HasExplicitFieldOffsetLayout() - && pLayoutFieldInfo != NULL - && pLayoutFieldInfo->m_fIsOverlapped - && pByValueClass != NULL - && pByValueClass->GetClass()->HasNonPublicFields()) - { - if (!Security::CanSkipVerification(GetAssembly()->GetDomainAssembly())) - { - BuildMethodTableThrowException(IDS_CLASSLOAD_BADOVERLAP); - } - } - // We're using FieldDesc::m_pMTOfEnclosingClass to temporarily store the field's size. // if (fIsByValue) @@ -4290,14 +4276,6 @@ VOID MethodTableBuilder::InitializeFieldDescs(FieldDesc *pFieldDescList, BAD_FORMAT_NOTHROW_ASSERT(!"ObjectRef in an RVA field"); BuildMethodTableThrowException(COR_E_BADIMAGEFORMAT, IDS_CLASSLOAD_BAD_FIELD, mdTokenNil); } - if (pByValueClass->GetClass()->HasNonPublicFields()) - { - if (!Security::CanHaveRVA(GetAssembly())) - { - BAD_FORMAT_NOTHROW_ASSERT(!"ValueType with non-public fields as a type of an RVA field"); - BuildMethodTableThrowException(COR_E_BADIMAGEFORMAT, IDS_CLASSLOAD_BAD_FIELD, mdTokenNil); - } - } } } @@ -4330,14 +4308,6 @@ VOID MethodTableBuilder::InitializeFieldDescs(FieldDesc *pFieldDescList, { fldSize = GetSizeForCorElementType(FieldDescElementType); } - if (!GetModule()->CheckRvaField(rva, fldSize)) - { - if (!Security::CanHaveRVA(GetAssembly())) - { - BAD_FORMAT_NOTHROW_ASSERT(!"Illegal RVA of a mapped field"); - BuildMethodTableThrowException(COR_E_BADIMAGEFORMAT, IDS_CLASSLOAD_BAD_FIELD, mdTokenNil); - } - } pFD->SetOffsetRVA(rva); } @@ -4377,14 +4347,6 @@ VOID MethodTableBuilder::InitializeFieldDescs(FieldDesc *pFieldDescList, BAD_FORMAT_NOTHROW_ASSERT(!"ObjectRef in an RVA self-referencing static field"); BuildMethodTableThrowException(COR_E_BADIMAGEFORMAT, IDS_CLASSLOAD_BAD_FIELD, mdTokenNil); } - if (HasNonPublicFields()) - { // RVA ValueTypes with non-public fields must be checked against security - if (!Security::CanHaveRVA(GetAssembly())) - { - BAD_FORMAT_NOTHROW_ASSERT(!"ValueType with non-public fields as a type of an RVA self-referencing static field"); - BuildMethodTableThrowException(COR_E_BADIMAGEFORMAT, IDS_CLASSLOAD_BAD_FIELD, mdTokenNil); - } - } } DWORD dwNumInstanceFields = dwCurrentDeclaredField + (HasParent() ? GetParentMethodTable()->GetNumInstanceFields() : 0); @@ -4473,15 +4435,6 @@ MethodTableBuilder::VerifySelfReferencingStaticValueTypeFields_WithRVA( { DWORD rva; IfFailThrow(GetMDImport()->GetFieldRVA(pFD->GetMemberDef(), &rva)); - - if (!GetModule()->CheckRvaField(rva, bmtFP->NumInstanceFieldBytes)) - { - if (!Security::CanHaveRVA(GetAssembly())) - { - BAD_FORMAT_NOTHROW_ASSERT(!"Illegal RVA of a mapped self-referencing static field"); - BuildMethodTableThrowException(COR_E_BADIMAGEFORMAT, IDS_CLASSLOAD_BAD_FIELD, mdTokenNil); - } - } } } } @@ -8536,17 +8489,6 @@ MethodTableBuilder::HandleExplicitLayout( IDS_CLASSLOAD_EXPLICIT_LAYOUT); } - if (!explicitClassTrust.IsVerifiable()) - { - if (!Security::CanSkipVerification(GetAssembly()->GetDomainAssembly())) - { - ThrowFieldLayoutError(GetCl(), - GetModule(), - firstObjectOverlapOffset, - IDS_CLASSLOAD_UNVERIFIABLE_FIELD_LAYOUT); - } - } - if (!explicitClassTrust.IsNonOverLayed()) { SetHasOverLayedFields(); diff --git a/src/vm/methodtablebuilder.h b/src/vm/methodtablebuilder.h index e5043cf06d..a7d7bdd158 100644 --- a/src/vm/methodtablebuilder.h +++ b/src/vm/methodtablebuilder.h @@ -223,7 +223,6 @@ private: BOOL IsDelegate() { WRAPPER_NO_CONTRACT; return GetHalfBakedClass()->IsDelegate(); } BOOL IsNested() { WRAPPER_NO_CONTRACT; return GetHalfBakedClass()->IsNested(); } BOOL HasFieldsWhichMustBeInited() { WRAPPER_NO_CONTRACT; return GetHalfBakedClass()->HasFieldsWhichMustBeInited(); } - BOOL HasRemotingProxyAttribute() { WRAPPER_NO_CONTRACT; return GetHalfBakedClass()->HasRemotingProxyAttribute(); } BOOL IsBlittable() { WRAPPER_NO_CONTRACT; return GetHalfBakedClass()->IsBlittable(); } PTR_MethodDescChunk GetChunks() { WRAPPER_NO_CONTRACT; return GetHalfBakedClass()->GetChunks(); } BOOL HasExplicitFieldOffsetLayout() { WRAPPER_NO_CONTRACT; return GetHalfBakedClass()->HasExplicitFieldOffsetLayout(); } @@ -258,7 +257,6 @@ private: void SetNumBoxedRegularStatics(WORD x) { WRAPPER_NO_CONTRACT; GetHalfBakedClass()->SetNumBoxedRegularStatics(x); } void SetNumBoxedThreadStatics(WORD x) { WRAPPER_NO_CONTRACT; GetHalfBakedClass()->SetNumBoxedThreadStatics(x); } void SetAlign8Candidate() { WRAPPER_NO_CONTRACT; GetHalfBakedClass()->SetAlign8Candidate(); } - void SetHasRemotingProxyAttribute() { WRAPPER_NO_CONTRACT; GetHalfBakedClass()->SetHasRemotingProxyAttribute(); } void SetHasOverLayedFields() { WRAPPER_NO_CONTRACT; GetHalfBakedClass()->SetHasOverLayedFields(); } void SetNonGCRegularStaticFieldBytes(DWORD x) { WRAPPER_NO_CONTRACT; GetHalfBakedClass()->SetNonGCRegularStaticFieldBytes(x); } void SetNonGCThreadStaticFieldBytes(DWORD x) { WRAPPER_NO_CONTRACT; GetHalfBakedClass()->SetNonGCThreadStaticFieldBytes(x); } diff --git a/src/vm/mngstdinterfaces.cpp b/src/vm/mngstdinterfaces.cpp index 5aafe8a97c..d6de4f32a0 100644 --- a/src/vm/mngstdinterfaces.cpp +++ b/src/vm/mngstdinterfaces.cpp @@ -22,7 +22,6 @@ #include "method.hpp" #include "runtimecallablewrapper.h" #include "excep.h" -#include "security.h" #include "typeparse.h" // @@ -217,9 +216,6 @@ LPVOID MngStdItfBase::ForwardCallToManagedView( // The target isn't a TP so it better be a COM object. _ASSERTE(Lr.Obj->GetMethodTable()->IsComObjectType()); - // We are about to call out to ummanaged code so we need to make a security check. - Security::SpecialDemand(SSWT_DEMAND_FROM_NATIVE, SECURITY_UNMANAGED_CODE); - { RCWHolder pRCW(GetThread()); RCWPROTECT_BEGIN(pRCW, Lr.Obj); diff --git a/src/vm/mscorlib.h b/src/vm/mscorlib.h index 1753149a0e..a9750fe884 100644 --- a/src/vm/mscorlib.h +++ b/src/vm/mscorlib.h @@ -609,12 +609,7 @@ DEFINE_METHOD(MULTICAST_DELEGATE, CTOR_CLOSED, CtorClosed, DEFINE_METHOD(MULTICAST_DELEGATE, CTOR_CLOSED_STATIC, CtorClosedStatic, IM_Obj_IntPtr_RetVoid) DEFINE_METHOD(MULTICAST_DELEGATE, CTOR_RT_CLOSED, CtorRTClosed, IM_Obj_IntPtr_RetVoid) DEFINE_METHOD(MULTICAST_DELEGATE, CTOR_OPENED, CtorOpened, IM_Obj_IntPtr_IntPtr_RetVoid) -DEFINE_METHOD(MULTICAST_DELEGATE, CTOR_SECURE_CLOSED, CtorSecureClosed, IM_Obj_IntPtr_IntPtr_IntPtr_RetVoid) -DEFINE_METHOD(MULTICAST_DELEGATE, CTOR_SECURE_CLOSED_STATIC,CtorSecureClosedStatic, IM_Obj_IntPtr_IntPtr_IntPtr_RetVoid) -DEFINE_METHOD(MULTICAST_DELEGATE, CTOR_SECURE_RT_CLOSED, CtorSecureRTClosed, IM_Obj_IntPtr_IntPtr_IntPtr_RetVoid) -DEFINE_METHOD(MULTICAST_DELEGATE, CTOR_SECURE_OPENED, CtorSecureOpened, IM_Obj_IntPtr_IntPtr_IntPtr_IntPtr_RetVoid) DEFINE_METHOD(MULTICAST_DELEGATE, CTOR_VIRTUAL_DISPATCH, CtorVirtualDispatch, IM_Obj_IntPtr_IntPtr_RetVoid) -DEFINE_METHOD(MULTICAST_DELEGATE, CTOR_SECURE_VIRTUAL_DISPATCH, CtorSecureVirtualDispatch, IM_Obj_IntPtr_IntPtr_IntPtr_IntPtr_RetVoid) DEFINE_METHOD(MULTICAST_DELEGATE, CTOR_COLLECTIBLE_CLOSED_STATIC, CtorCollectibleClosedStatic, IM_Obj_IntPtr_IntPtr_RetVoid) DEFINE_METHOD(MULTICAST_DELEGATE, CTOR_COLLECTIBLE_OPENED, CtorCollectibleOpened, IM_Obj_IntPtr_IntPtr_IntPtr_RetVoid) DEFINE_METHOD(MULTICAST_DELEGATE, CTOR_COLLECTIBLE_VIRTUAL_DISPATCH, CtorCollectibleVirtualDispatch, IM_Obj_IntPtr_IntPtr_IntPtr_RetVoid) diff --git a/src/vm/multicorejit.cpp b/src/vm/multicorejit.cpp index 7e756864ed..d35c3f7d9a 100644 --- a/src/vm/multicorejit.cpp +++ b/src/vm/multicorejit.cpp @@ -12,7 +12,6 @@ #include "common.h" #include "vars.hpp" -#include "security.h" #include "eeconfig.h" #include "dllimport.h" #include "comdelegate.h" diff --git a/src/vm/multicorejitplayer.cpp b/src/vm/multicorejitplayer.cpp index 8a9c8f8397..247fa0a14a 100644 --- a/src/vm/multicorejitplayer.cpp +++ b/src/vm/multicorejitplayer.cpp @@ -12,7 +12,6 @@ #include "common.h" #include "vars.hpp" -#include "security.h" #include "eeconfig.h" #include "dllimport.h" #include "comdelegate.h" diff --git a/src/vm/olevariant.cpp b/src/vm/olevariant.cpp index a15a1979e2..1ec6f70213 100644 --- a/src/vm/olevariant.cpp +++ b/src/vm/olevariant.cpp @@ -14,7 +14,6 @@ #include "excep.h" #include "frames.h" #include "vars.hpp" -#include "security.h" #include "olevariant.h" #include "comdatetime.h" #include "fieldmarshaler.h" @@ -2563,12 +2562,6 @@ void OleVariant::MarshalRecordVariantOleToCom(VARIANT *pOleVariant, if (!pValueClass) COMPlusThrow(kArgumentException, IDS_EE_CANNOT_MAP_TO_MANAGED_VC); - Module* pModule = pValueClass->GetModule(); - if (!Security::CanCallUnmanagedCode(pModule)) - { - COMPlusThrow(kArgumentException, IDS_EE_VTRECORD_SECURITY); - } - // Now that we have the value class, allocate an instance of the // boxed value class and copy the contents of the record into it. BoxedValueClass = AllocateObject(pValueClass); @@ -2597,12 +2590,6 @@ void OleVariant::MarshalRecordVariantComToOle(VariantData *pComVariant, GCPROTECT_BEGIN(BoxedValueClass) { _ASSERTE(BoxedValueClass != NULL); - Module* pModule = BoxedValueClass->GetMethodTable()->GetModule(); - if (!Security::CanCallUnmanagedCode(pModule)) - { - COMPlusThrow(kArgumentException, IDS_EE_VTRECORD_SECURITY); - } - ConvertValueClassToVariant(&BoxedValueClass, pOleVariant); } GCPROTECT_END(); @@ -2633,12 +2620,6 @@ void OleVariant::MarshalRecordArrayOleToCom(void *oleArray, BASEARRAYREF *pComAr } CONTRACTL_END; - Module* pModule = pElementMT->GetModule(); - if (!Security::CanCallUnmanagedCode(pModule)) - { - COMPlusThrow(kArgumentException, IDS_EE_VTRECORD_SECURITY); - } - if (pElementMT->IsBlittable()) { // The array is blittable so we can simply copy it. @@ -2671,12 +2652,6 @@ void OleVariant::MarshalRecordArrayComToOle(BASEARRAYREF *pComArray, void *oleAr } CONTRACTL_END; - Module* pModule = pElementMT->GetModule(); - if (!Security::CanCallUnmanagedCode(pModule)) - { - COMPlusThrow(kArgumentException, IDS_EE_VTRECORD_SECURITY); - } - if (pElementMT->IsBlittable()) { // The array is blittable so we can simply copy it. diff --git a/src/vm/pefile.cpp b/src/vm/pefile.cpp index 5d83ee97cb..306a52269c 100644 --- a/src/vm/pefile.cpp +++ b/src/vm/pefile.cpp @@ -17,7 +17,6 @@ #include "eeconfig.h" #include "product_version.h" #include "eventtrace.h" -#include "security.h" #include "corperm.h" #include "dbginterface.h" #include "peimagelayout.inl" diff --git a/src/vm/prestub.cpp b/src/vm/prestub.cpp index 2cc14166e4..84d27943f5 100644 --- a/src/vm/prestub.cpp +++ b/src/vm/prestub.cpp @@ -13,7 +13,6 @@ #include "common.h" #include "vars.hpp" -#include "security.h" #include "eeconfig.h" #include "dllimport.h" #include "comdelegate.h" @@ -482,23 +481,9 @@ COR_ILMETHOD_DECODER* MethodDesc::GetAndVerifyMetadataILHeader(PrepareCodeConfig pHeader = new (pDecoderMemory) COR_ILMETHOD_DECODER(ilHeader, GetMDImport(), &status); } - if (status == COR_ILMETHOD_DECODER::VERIFICATION_ERROR && - Security::CanSkipVerification(GetModule()->GetDomainAssembly())) + if (status == COR_ILMETHOD_DECODER::FORMAT_ERROR) { - status = COR_ILMETHOD_DECODER::SUCCESS; - } - - if (status != COR_ILMETHOD_DECODER::SUCCESS) - { - if (status == COR_ILMETHOD_DECODER::VERIFICATION_ERROR) - { - // Throw a verification HR - COMPlusThrowHR(COR_E_VERIFICATION); - } - else - { - COMPlusThrowHR(COR_E_BADIMAGEFORMAT, BFA_BAD_IL); - } + COMPlusThrowHR(COR_E_BADIMAGEFORMAT, BFA_BAD_IL); } #ifdef _VER_EE_VERIFICATION_ENABLED @@ -769,7 +754,6 @@ PCODE MethodDesc::JitCompileCodeLockedEventWrapper(PrepareCodeConfig* pConfig, J // Notify the profiler that JIT completed. // Must do this after the address has been set. // @ToDo: Why must we set the address before notifying the profiler ?? - // Note that if IsInterceptedForDeclSecurity is set no one should access the jitted code address anyway. { if (!IsNoMetadata()) { diff --git a/src/vm/reflectioninvocation.cpp b/src/vm/reflectioninvocation.cpp index 7f8a9e0075..2495f72eca 100644 --- a/src/vm/reflectioninvocation.cpp +++ b/src/vm/reflectioninvocation.cpp @@ -12,7 +12,6 @@ #include "method.hpp" #include "typehandle.h" #include "field.h" -#include "security.h" #include "eeconfig.h" #include "vars.hpp" #include "jitinterface.h" @@ -36,13 +35,13 @@ // it's used for both method and field to signify that no access is allowed #define INVOCATION_FLAGS_NO_INVOKE 0x00000002 -#define INVOCATION_FLAGS_NEED_SECURITY 0x00000004 +// #define unused 0x00000004 // because field and method are different we can reuse the same bits //method #define INVOCATION_FLAGS_IS_CTOR 0x00000010 #define INVOCATION_FLAGS_RISKY_METHOD 0x00000020 -#define INVOCATION_FLAGS_W8P_API 0x00000040 +// #define unused 0x00000040 #define INVOCATION_FLAGS_IS_DELEGATE_CTOR 0x00000080 #define INVOCATION_FLAGS_CONTAINS_STACK_POINTERS 0x00000100 // field @@ -76,24 +75,6 @@ static TypeHandle NullableTypeOfByref(TypeHandle th) { return subType; } -static void TryDemand(DWORD whatPermission, RuntimeExceptionKind reKind, LPCWSTR wszTag) { - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - } - CONTRACTL_END; - - - EX_TRY { - Security::SpecialDemand(SSWT_LATEBOUND_LINKDEMAND, whatPermission); - } - EX_CATCH { - COMPlusThrow(reKind, wszTag); - } - EX_END_CATCH_UNREACHABLE -} - static void TryCallMethodWorker(MethodDescCallSite* pMethodCallSite, ARG_SLOT* args, Frame* pDebuggerCatchFrame) { // Use static contracts b/c we have SEH. @@ -222,55 +203,6 @@ FCIMPL5(Object*, RuntimeFieldHandle::GetValue, ReflectFieldObject *pFieldUNSAFE, } FCIMPLEND -FCIMPL5(void, ReflectionInvocation::PerformVisibilityCheckOnField, FieldDesc *pFieldDesc, Object *target, ReflectClassBaseObject *pDeclaringTypeUNSAFE, DWORD attr, DWORD invocationFlags) { - CONTRACTL { - FCALL_CHECK; - PRECONDITION(CheckPointer(pFieldDesc)); - PRECONDITION(CheckPointer(pDeclaringTypeUNSAFE)); - } - CONTRACTL_END; - - - REFLECTCLASSBASEREF refDeclaringType = (REFLECTCLASSBASEREF)ObjectToOBJECTREF(pDeclaringTypeUNSAFE); - - TypeHandle declaringType = refDeclaringType->GetType(); - OBJECTREF targetObj = ObjectToOBJECTREF(target); - - HELPER_METHOD_FRAME_BEGIN_2(targetObj, refDeclaringType); - - if ((invocationFlags & INVOCATION_FLAGS_SPECIAL_FIELD) != 0) { - // Verify that this is not a Final Field - if (IsFdInitOnly(attr)) - TryDemand(SECURITY_SERIALIZATION, kFieldAccessException, W("Acc_ReadOnly")); - if (IsFdHasFieldRVA(attr)) - TryDemand(SECURITY_SKIP_VER, kFieldAccessException, W("Acc_RvaStatic")); - } - - if ((invocationFlags & INVOCATION_FLAGS_NEED_SECURITY) != 0) { - // Verify the callee/caller access - - bool targetRemoted = FALSE; - - - RefSecContext sCtx(InvokeUtil::GetInvocationAccessCheckType(targetRemoted)); - - MethodTable* pInstanceMT = NULL; - if (targetObj != NULL && !pFieldDesc->IsStatic()) { - TypeHandle targetType = targetObj->GetTypeHandle(); - if (!targetType.IsTypeDesc()) - pInstanceMT = targetType.AsMethodTable(); - } - - // Perform the normal access check (caller vs field). - InvokeUtil::CanAccessField(&sCtx, - declaringType.GetMethodTable(), - pInstanceMT, - pFieldDesc); - } - HELPER_METHOD_FRAME_END(); -} -FCIMPLEND - FCIMPL2(FC_BOOL_RET, ReflectionInvocation::CanValueSpecialCast, ReflectClassBaseObject *pValueTypeUNSAFE, ReflectClassBaseObject *pTargetTypeUNSAFE) { CONTRACTL { FCALL_CHECK; @@ -296,9 +228,7 @@ FCIMPL2(FC_BOOL_RET, ReflectionInvocation::CanValueSpecialCast, ReflectClassBase // the object must be an IntPtr or a System.Reflection.Pointer if (valueType == TypeHandle(MscorlibBinder::GetClass(CLASS__INTPTR))) { // - // it's an IntPtr, it's good. Demand SkipVerification and proceed - - Security::SpecialDemand(SSWT_LATEBOUND_LINKDEMAND, SECURITY_SKIP_VER); + // it's an IntPtr, it's good. } // // it's a System.Reflection.Pointer object @@ -307,13 +237,7 @@ FCIMPL2(FC_BOOL_RET, ReflectionInvocation::CanValueSpecialCast, ReflectClassBase else if (!InvokeUtil::IsVoidPtr(targetType)) { if (!valueType.CanCastTo(targetType)) ret = FALSE; - else - // demand SkipVerification and proceed - Security::SpecialDemand(SSWT_LATEBOUND_LINKDEMAND, SECURITY_SKIP_VER); } - else - // demand SkipVerification and proceed - Security::SpecialDemand(SSWT_LATEBOUND_LINKDEMAND, SECURITY_SKIP_VER); } else { // the field type is an enum or a primitive. To have any chance of assignement the object type must // be an enum or primitive as well. @@ -523,10 +447,6 @@ FCIMPL4(Object*, RuntimeTypeHandle::CreateInstance, ReflectClassBaseObject* refT if (!pClassFactory) COMPlusThrow(kInvalidComObjectException, IDS_EE_NO_BACKING_CLASS_FACTORY); - // Check for the required permissions (SecurityPermission.UnmanagedCode), - // since arbitrary unmanaged code in the class factory will execute below). - Security::SpecialDemand(SSWT_LATEBOUND_LINKDEMAND, SECURITY_UNMANAGED_CODE); - // create an instance of the Com Object rv = ((ComClassFactory*)pClassFactory)->CreateInstance(NULL); @@ -539,11 +459,6 @@ FCIMPL4(Object*, RuntimeTypeHandle::CreateInstance, ReflectClassBaseObject* refT else #endif // FEATURE_COMINTEROP { - // If we are creating a COM object which has backing metadata we still - // need to ensure that the caller has unmanaged code access permission. - if (pVMT->IsComObjectType()) - Security::SpecialDemand(SSWT_LATEBOUND_LINKDEMAND, SECURITY_UNMANAGED_CODE); - // if this is an abstract class then we will fail this if (pVMT->IsAbstract()) { if (pVMT->IsInterface()) @@ -767,15 +682,6 @@ FCIMPL1(DWORD, ReflectionInvocation::GetSpecialSecurityFlags, ReflectMethodObjec if (InvokeUtil::IsDangerousMethod(pMethod)) dwFlags |= INVOCATION_FLAGS_RISKY_METHOD; - // Is there a link demand? - if (pMethod->RequiresLinktimeCheck()) { - dwFlags |= INVOCATION_FLAGS_NEED_SECURITY; - } - else - if (Security::IsMethodCritical(pMethod) && !Security::IsMethodSafeCritical(pMethod)) { - dwFlags |= INVOCATION_FLAGS_NEED_SECURITY; - } - HELPER_METHOD_FRAME_END(); return dwFlags; } @@ -846,8 +752,6 @@ OBJECTREF InvokeArrayConstructor(ArrayTypeDesc* arrayDesc, MethodDesc* pMeth, PT // If we're trying to create an array of pointers or function pointers, // check that the caller has skip verification permission. CorElementType et = arrayDesc->GetArrayElementTypeHandle().GetVerifierCorElementType(); - if (et == ELEMENT_TYPE_PTR || et == ELEMENT_TYPE_FNPTR) - Security::SpecialDemand(SSWT_LATEBOUND_LINKDEMAND, SECURITY_SKIP_VER); // Validate the argCnt an the Rank. Also allow nested SZARRAY's. _ASSERTE(argCnt == (int) arrayDesc->GetRank() || argCnt == (int) arrayDesc->GetRank() * 2 || @@ -1826,12 +1730,6 @@ FCIMPL5(void, RuntimeFieldHandle::SetValueDirect, ReflectFieldObject *pFieldUNSA // Verify that this is not a Final Field DWORD attr = pField->GetAttributes(); // should we cache? - if (IsFdInitOnly(attr)) { - TryDemand(SECURITY_SERIALIZATION, kFieldAccessException, W("Acc_ReadOnly")); - } - if (IsFdHasFieldRVA(attr)) { - TryDemand(SECURITY_SKIP_VER, kFieldAccessException, W("Acc_RvaStatic")); - } if (IsFdLiteral(attr)) COMPlusThrow(kFieldAccessException,W("Acc_ReadOnly")); @@ -2581,10 +2479,6 @@ FCIMPL8(Object*, ReflectionInvocation::InvokeDispMethod, ReflectClassBaseObject* _ASSERTE(gc.target != NULL); _ASSERTE(gc.target->GetMethodTable()->IsComObjectType()); - // Unless security is turned off, we need to validate that the calling code - // has unmanaged code access privilege. - Security::SpecialDemand(SSWT_LATEBOUND_LINKDEMAND, SECURITY_UNMANAGED_CODE); - WORD flags = 0; if (invokeAttr & BINDER_InvokeMethod) flags |= DISPATCH_METHOD; diff --git a/src/vm/reflectioninvocation.h b/src/vm/reflectioninvocation.h index 206e7516be..cda0e6e0da 100644 --- a/src/vm/reflectioninvocation.h +++ b/src/vm/reflectioninvocation.h @@ -80,8 +80,6 @@ public: static FCDECL4(void, PerformSecurityCheck, Object *target, MethodDesc *pMeth, ReflectClassBaseObject *pParent, DWORD dwFlags); static FCDECL2(void, CheckArgs, PTRArray *objs, SignatureNative sig); - static FCDECL5(void, PerformVisibilityCheckOnField, FieldDesc *fieldDesc, Object *target, ReflectClassBaseObject *pDeclaringType, DWORD attr, DWORD invocationFlags); - static void PrepareDelegateHelper(OBJECTREF* pDelegate, BOOL onlyContractedMethod); static void CanCacheTargetAndCrackedSig(MethodDesc* pMD); }; diff --git a/src/vm/runtimehandles.cpp b/src/vm/runtimehandles.cpp index 07dc7b6104..39f221d0c0 100644 --- a/src/vm/runtimehandles.cpp +++ b/src/vm/runtimehandles.cpp @@ -28,7 +28,6 @@ #include "contractimpl.h" #include "dynamicmethod.h" #include "peimagelayout.inl" -#include "security.h" #include "eventtrace.h" #include "invokeutil.h" @@ -135,9 +134,7 @@ static BOOL CheckCAVisibilityFromDecoratedType(MethodTable* pCAMT, MethodDesc* p dwAttr, pCACtor, NULL, - *AccessCheckOptions::s_pNormalAccessChecks, - FALSE, - FALSE); + *AccessCheckOptions::s_pNormalAccessChecks); } BOOL QCALLTYPE RuntimeMethodHandle::IsCAVisibleFromDecoratedType( @@ -1014,37 +1011,6 @@ RuntimeTypeHandle::IsVisible( return fIsExternallyVisible; } // RuntimeTypeHandle::IsVisible -FCIMPL1(FC_BOOL_RET, RuntimeTypeHandle::HasProxyAttribute, ReflectClassBaseObject *pTypeUNSAFE) { - CONTRACTL { - FCALL_CHECK; - } - CONTRACTL_END; - - REFLECTCLASSBASEREF refType = (REFLECTCLASSBASEREF)ObjectToOBJECTREF(pTypeUNSAFE); - - if (refType == NULL) - FCThrowRes(kArgumentNullException, W("Arg_InvalidHandle")); - - TypeHandle typeHandle = refType->GetType(); - - // TODO: Justify this - if (typeHandle.IsGenericVariable()) - FC_RETURN_BOOL(FALSE); - - if (typeHandle.IsTypeDesc()) { - if (!typeHandle.IsArray()) - FC_RETURN_BOOL(FALSE); - } - - MethodTable* pMT= typeHandle.GetMethodTable(); - - if (!pMT) - FCThrowRes(kArgumentException, W("Arg_InvalidHandle")); - - FC_RETURN_BOOL(pMT->GetClass()->HasRemotingProxyAttribute()); -} -FCIMPLEND - FCIMPL2(FC_BOOL_RET, RuntimeTypeHandle::IsComObject, ReflectClassBaseObject *pTypeUNSAFE, CLR_BOOL isGenericCOM) { #ifdef FEATURE_COMINTEROP CONTRACTL { diff --git a/src/vm/runtimehandles.h b/src/vm/runtimehandles.h index 95742c4341..4b6b117b98 100644 --- a/src/vm/runtimehandles.h +++ b/src/vm/runtimehandles.h @@ -198,7 +198,6 @@ public: static BOOL QCALLTYPE IsVisible(EnregisteredTypeHandle pTypeHandle); - static FCDECL1(FC_BOOL_RET, HasProxyAttribute, ReflectClassBaseObject *pType); static FCDECL2(FC_BOOL_RET, IsComObject, ReflectClassBaseObject *pType, CLR_BOOL isGenericCOM); static FCDECL2(FC_BOOL_RET, CanCastTo, ReflectClassBaseObject *pType, ReflectClassBaseObject *pTarget); static FCDECL2(FC_BOOL_RET, IsInstanceOfType, ReflectClassBaseObject *pType, Object *object); diff --git a/src/vm/security.cpp b/src/vm/security.cpp deleted file mode 100644 index 7a6c8b82ea..0000000000 --- a/src/vm/security.cpp +++ /dev/null @@ -1,48 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. -// - -#include "common.h" - -#include "security.h" - -// -// The method in this file have nothing to do with security. They historically lived in security subsystem. -// TODO: Move them to move appropriate place. -// - -void Security::CopyByteArrayToEncoding(IN U1ARRAYREF* pArray, OUT PBYTE* ppbData, OUT DWORD* pcbData) -{ - CONTRACTL { - THROWS; - GC_NOTRIGGER; - MODE_COOPERATIVE; - PRECONDITION(CheckPointer(pArray)); - PRECONDITION(CheckPointer(ppbData)); - PRECONDITION(CheckPointer(pcbData)); - PRECONDITION(*pArray != NULL); - } CONTRACTL_END; - - DWORD size = (DWORD) (*pArray)->GetNumComponents(); - *ppbData = new BYTE[size]; - *pcbData = size; - - CopyMemory(*ppbData, (*pArray)->GetDirectPointerToNonObjectElements(), size); -} - -void Security::CopyEncodingToByteArray(IN PBYTE pbData, IN DWORD cbData, IN OBJECTREF* pArray) -{ - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - } CONTRACTL_END; - - U1ARRAYREF pObj; - _ASSERTE(pArray); - - pObj = (U1ARRAYREF)AllocatePrimitiveArray(ELEMENT_TYPE_U1,cbData); - memcpyNoGCRefs(pObj->m_Array, pbData, cbData); - *pArray = (OBJECTREF) pObj; -} diff --git a/src/vm/security.h b/src/vm/security.h deleted file mode 100644 index fa4840998e..0000000000 --- a/src/vm/security.h +++ /dev/null @@ -1,93 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. -// - -#ifndef __security_h__ -#define __security_h__ - -// -// Stubbed out implementation of security subsystem -// TODO: Eliminate this file -// - -enum SecurityStackWalkType -{ - SSWT_DECLARATIVE_DEMAND = 1, - SSWT_IMPERATIVE_DEMAND = 2, - SSWT_DEMAND_FROM_NATIVE = 3, - SSWT_IMPERATIVE_ASSERT = 4, - SSWT_DENY_OR_PERMITONLY = 5, - SSWT_LATEBOUND_LINKDEMAND = 6, - SSWT_COUNT_OVERRIDES = 7, - SSWT_GET_ZONE_AND_URL = 8, -}; - -// special flags -#define SECURITY_UNMANAGED_CODE 0 -#define SECURITY_SKIP_VER 1 -#define REFLECTION_TYPE_INFO 2 -#define SECURITY_ASSERT 3 -#define REFLECTION_MEMBER_ACCESS 4 -#define SECURITY_SERIALIZATION 5 -#define REFLECTION_RESTRICTED_MEMBER_ACCESS 6 -#define SECURITY_FULL_TRUST 7 -#define SECURITY_BINDING_REDIRECTS 8 - -// Ultimately this will become the only interface through -// which the VM will access security code. - -namespace Security -{ - inline BOOL IsTransparencyEnforcementEnabled() { return false; } - - inline BOOL CanCallUnmanagedCode(Module *pModule) { return true; } - -#ifndef DACCESS_COMPILE - inline BOOL CanTailCall(MethodDesc* pMD) { return true; } - inline BOOL CanHaveRVA(Assembly * pAssembly) { return true; } - inline BOOL CanAccessNonVerifiableExplicitField(MethodDesc* pMD) { return true; } - inline BOOL CanSkipVerification(MethodDesc * pMethod) { return true; } -#endif - - inline BOOL CanSkipVerification(DomainAssembly * pAssembly) { return true; } - - // ---------------------------------------- - // SecurityAttributes - // ---------------------------------------- - - void CopyByteArrayToEncoding(IN U1ARRAYREF* pArray, OUT PBYTE* pbData, OUT DWORD* cbData); - void CopyEncodingToByteArray(IN PBYTE pbData, IN DWORD cbData, IN OBJECTREF* pArray); - - inline void SpecialDemand(SecurityStackWalkType eType, DWORD whatPermission) { } - - // Transparency checks - inline BOOL IsMethodTransparent(MethodDesc * pMD) { return false; } - inline BOOL IsMethodCritical(MethodDesc * pMD) { return true; } - inline BOOL IsMethodSafeCritical(MethodDesc * pMD) { return false; } - - inline BOOL IsTypeCritical(MethodTable *pMT) { return true; } - inline BOOL IsTypeSafeCritical(MethodTable *pMT) { return false; } - inline BOOL IsTypeTransparent(MethodTable * pMT) { return false; } - inline BOOL IsTypeAllTransparent(MethodTable * pMT) { return false; } - - inline BOOL IsFieldTransparent(FieldDesc * pFD) { return false; } - inline BOOL IsFieldCritical(FieldDesc * pFD) { return true; } - inline BOOL IsFieldSafeCritical(FieldDesc * pFD) { return false; } - - inline BOOL IsTokenTransparent(Module* pModule, mdToken token) { return false; } - - inline BOOL CheckCriticalAccess(AccessCheckContext* pContext, - MethodDesc* pOptionalTargetMethod = NULL, - FieldDesc* pOptionalTargetField = NULL, - MethodTable * pOptionalTargetType = NULL) - { - return true; - } - - inline void CheckLinkDemandAgainstAppDomain(MethodDesc *pMD) - { - } -}; - -#endif diff --git a/src/vm/siginfo.cpp b/src/vm/siginfo.cpp index 30dcf0f1ad..40a55cb6f0 100644 --- a/src/vm/siginfo.cpp +++ b/src/vm/siginfo.cpp @@ -18,7 +18,6 @@ #include "field.h" #include "eeconfig.h" #include "runtimehandles.h" // for SignatureNative -#include "security.h" // for CanSkipVerification #include "winwrap.h" #include <formattype.h> #include "sigbuilder.h" @@ -1531,12 +1530,11 @@ TypeHandle SigPointer::GetTypeHandleThrowing( if (typFromSigIsClass != typLoadedIsClass) { - if((pModule->GetMDImport()->GetMetadataStreamVersion() != MD_STREAM_VER_1X) - || !Security::CanSkipVerification(pModule->GetDomainAssembly())) + if (pModule->GetMDImport()->GetMetadataStreamVersion() != MD_STREAM_VER_1X) { - pOrigModule->GetAssembly()->ThrowTypeLoadException(pModule->GetMDImport(), - typeToken, - BFA_CLASSLOAD_VALUETYPEMISMATCH); + pOrigModule->GetAssembly()->ThrowTypeLoadException(pModule->GetMDImport(), + typeToken, + BFA_CLASSLOAD_VALUETYPEMISMATCH); } } } diff --git a/src/vm/stdinterfaces.cpp b/src/vm/stdinterfaces.cpp index 34ba39019e..fa2d2a7b23 100644 --- a/src/vm/stdinterfaces.cpp +++ b/src/vm/stdinterfaces.cpp @@ -1262,15 +1262,12 @@ Dispatch_GetIDsOfNames(IDispatch* pDisp, REFIID riid, __in_ecount(cNames) OLECHA if (pCMT->HasInvisibleParent()) return E_NOTIMPL; - // Use the right implementation based on the flags in the ComMethodTable and ComCallWrapperTemplate - if (!pCMT->IsDefinedInUntrustedCode()) + ComCallWrapperTemplate *pTemplate = MapIUnknownToWrapper(pDisp)->GetComCallWrapperTemplate(); + if (pTemplate->IsUseOleAutDispatchImpl()) { - ComCallWrapperTemplate *pTemplate = MapIUnknownToWrapper(pDisp)->GetComCallWrapperTemplate(); - if (pTemplate->IsUseOleAutDispatchImpl()) - { - return OleAutDispatchImpl_GetIDsOfNames(pDisp, riid, rgszNames, cNames, lcid, rgdispid); - } + return OleAutDispatchImpl_GetIDsOfNames(pDisp, riid, rgszNames, cNames, lcid, rgdispid); } + return InternalDispatchImpl_GetIDsOfNames(pDisp, riid, rgszNames, cNames, lcid, rgdispid); } @@ -1305,14 +1302,10 @@ Dispatch_Invoke if (pCMT->HasInvisibleParent()) return E_NOTIMPL; - // Use the right implementation based on the flags in the ComMethodTable. - if (!pCMT->IsDefinedInUntrustedCode()) + ComCallWrapperTemplate *pTemplate = MapIUnknownToWrapper(pDisp)->GetComCallWrapperTemplate(); + if (pTemplate->IsUseOleAutDispatchImpl()) { - ComCallWrapperTemplate *pTemplate = MapIUnknownToWrapper(pDisp)->GetComCallWrapperTemplate(); - if (pTemplate->IsUseOleAutDispatchImpl()) - { - return OleAutDispatchImpl_Invoke(pDisp, dispidMember, riid, lcid, wFlags, pdispparams, pvarResult, pexcepinfo, puArgErr); - } + return OleAutDispatchImpl_Invoke(pDisp, dispidMember, riid, lcid, wFlags, pdispparams, pvarResult, pexcepinfo, puArgErr); } return InternalDispatchImpl_Invoke(pDisp, dispidMember, riid, lcid, wFlags, pdispparams, pvarResult, pexcepinfo, puArgErr); diff --git a/src/vm/stubhelpers.cpp b/src/vm/stubhelpers.cpp index 837d88f65a..43250e5207 100644 --- a/src/vm/stubhelpers.cpp +++ b/src/vm/stubhelpers.cpp @@ -16,7 +16,6 @@ #include "dllimport.h" #include "fieldmarshaler.h" #include "comdelegate.h" -#include "security.h" #include "eventtrace.h" #include "comdatetime.h" #include "gcheaputilities.h" diff --git a/src/vm/threadpoolrequest.cpp b/src/vm/threadpoolrequest.cpp index f52de8cf41..523a0631d6 100644 --- a/src/vm/threadpoolrequest.cpp +++ b/src/vm/threadpoolrequest.cpp @@ -21,7 +21,6 @@ #include "object.h" #include "field.h" #include "excep.h" -#include "security.h" #include "eeconfig.h" #include "corhost.h" #include "nativeoverlapped.h" diff --git a/src/vm/vars.cpp b/src/vm/vars.cpp index 3a8046b26b..ff941d2101 100644 --- a/src/vm/vars.cpp +++ b/src/vm/vars.cpp @@ -99,7 +99,6 @@ GPTR_IMPL(MethodTable, g_pICastableInterface); GPTR_IMPL(MethodDesc, g_pExecuteBackoutCodeHelperMethod); -GPTR_IMPL(MethodDesc, g_pObjectCtorMD); GPTR_IMPL(MethodDesc, g_pObjectFinalizerMD); GPTR_IMPL(Thread,g_pFinalizerThread); diff --git a/src/vm/vars.hpp b/src/vm/vars.hpp index cc167f2809..c9f4848692 100644 --- a/src/vm/vars.hpp +++ b/src/vm/vars.hpp @@ -404,7 +404,6 @@ GPTR_DECL(MethodTable, g_pICastableInterface); GPTR_DECL(MethodDesc, g_pExecuteBackoutCodeHelperMethod); -GPTR_DECL(MethodDesc, g_pObjectCtorMD); GPTR_DECL(MethodDesc, g_pObjectFinalizerMD); //<TODO> @TODO Remove eventually - determines whether the verifier throws an exception when something fails</TODO> |