diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/coreclr/hosts/coreconsole/coreconsole.cpp | 3 | ||||
| -rw-r--r-- | src/coreclr/hosts/corerun/corerun.cpp | 5 | ||||
| -rw-r--r-- | src/dlls/mscoree/unixinterface.cpp | 3 | ||||
| -rw-r--r-- | src/inc/MSCOREE.IDL | 2 | ||||
| -rw-r--r-- | src/pal/prebuilt/inc/mscoree.h | 5 | ||||
| -rw-r--r-- | src/vm/appdomain.hpp | 17 | ||||
| -rw-r--r-- | src/vm/clsload.cpp | 16 | ||||
| -rw-r--r-- | src/vm/corhost.cpp | 5 | ||||
| -rw-r--r-- | src/vm/invokeutil.cpp | 38 | ||||
| -rw-r--r-- | src/vm/methodtablebuilder.cpp | 3 | ||||
| -rw-r--r-- | src/vm/security.cpp | 17 | ||||
| -rw-r--r-- | src/vm/security.h | 2 | ||||
| -rw-r--r-- | src/vm/securitydeclarative.cpp | 9 | ||||
| -rw-r--r-- | src/vm/securitymeta.cpp | 43 | ||||
| -rw-r--r-- | src/vm/securitytransparentassembly.cpp | 61 |
15 files changed, 128 insertions, 101 deletions
diff --git a/src/coreclr/hosts/coreconsole/coreconsole.cpp b/src/coreclr/hosts/coreconsole/coreconsole.cpp index 7523bb61ee..5e436ed7a1 100644 --- a/src/coreclr/hosts/coreconsole/coreconsole.cpp +++ b/src/coreclr/hosts/coreconsole/coreconsole.cpp @@ -496,7 +496,8 @@ bool TryRun(const int argc, const wchar_t* argv[], Logger &log, const bool verbo // - Prevents the application from being torn down if a managed exception is unhandled // APPDOMAIN_ENABLE_PLATFORM_SPECIFIC_APPS | - APPDOMAIN_ENABLE_PINVOKE_AND_CLASSIC_COMINTEROP, + APPDOMAIN_ENABLE_PINVOKE_AND_CLASSIC_COMINTEROP | + APPDOMAIN_DISABLE_TRANSPARENCY_ENFORCEMENT, NULL, // Name of the assembly that contains the AppDomainManager implementation NULL, // The AppDomainManager implementation type name sizeof(property_keys)/sizeof(wchar_t*), // The number of properties diff --git a/src/coreclr/hosts/corerun/corerun.cpp b/src/coreclr/hosts/corerun/corerun.cpp index fdcb140607..6766b6ba17 100644 --- a/src/coreclr/hosts/corerun/corerun.cpp +++ b/src/coreclr/hosts/corerun/corerun.cpp @@ -537,8 +537,9 @@ bool TryRun(const int argc, const wchar_t* argv[], Logger &log, const bool verbo // APPDOMAIN_IGNORE_UNHANDLED_EXCEPTION // - Prevents the application from being torn down if a managed exception is unhandled // - APPDOMAIN_ENABLE_PLATFORM_SPECIFIC_APPS | - APPDOMAIN_ENABLE_PINVOKE_AND_CLASSIC_COMINTEROP, + APPDOMAIN_ENABLE_PLATFORM_SPECIFIC_APPS | + APPDOMAIN_ENABLE_PINVOKE_AND_CLASSIC_COMINTEROP | + APPDOMAIN_DISABLE_TRANSPARENCY_ENFORCEMENT, NULL, // Name of the assembly that contains the AppDomainManager implementation NULL, // The AppDomainManager implementation type name sizeof(property_keys)/sizeof(wchar_t*), // The number of properties diff --git a/src/dlls/mscoree/unixinterface.cpp b/src/dlls/mscoree/unixinterface.cpp index 265e99539e..2eaa1b81cb 100644 --- a/src/dlls/mscoree/unixinterface.cpp +++ b/src/dlls/mscoree/unixinterface.cpp @@ -176,7 +176,8 @@ HRESULT ExecuteAssembly( // - Prevents the application from being torn down if a managed exception is unhandled // APPDOMAIN_ENABLE_PLATFORM_SPECIFIC_APPS | - APPDOMAIN_ENABLE_PINVOKE_AND_CLASSIC_COMINTEROP, + APPDOMAIN_ENABLE_PINVOKE_AND_CLASSIC_COMINTEROP | + APPDOMAIN_DISABLE_TRANSPARENCY_ENFORCEMENT, NULL, // Name of the assembly that contains the AppDomainManager implementation NULL, // The AppDomainManager implementation type name propertyCount, diff --git a/src/inc/MSCOREE.IDL b/src/inc/MSCOREE.IDL index 957b02f44a..ddb326b8ce 100644 --- a/src/inc/MSCOREE.IDL +++ b/src/inc/MSCOREE.IDL @@ -368,6 +368,8 @@ typedef enum APPDOMAIN_ENABLE_PLATFORM_SPECIFIC_APPS = 0x40, APPDOMAIN_ENABLE_ASSEMBLY_LOADFILE = 0x80, + + APPDOMAIN_DISABLE_TRANSPARENCY_ENFORCEMENT = 0x100, #endif //FEATURE_CORECLR } APPDOMAIN_SECURITY_FLAGS; diff --git a/src/pal/prebuilt/inc/mscoree.h b/src/pal/prebuilt/inc/mscoree.h index 9ec3e6409c..a526da58b6 100644 --- a/src/pal/prebuilt/inc/mscoree.h +++ b/src/pal/prebuilt/inc/mscoree.h @@ -236,7 +236,7 @@ struct IActivationFactory; #define CLR_MINOR_VERSION ( 0 ) -#define CLR_BUILD_VERSION ( 22220 ) +#define CLR_BUILD_VERSION ( 22719 ) #define CLR_ASSEMBLY_MAJOR_VERSION ( 4 ) @@ -351,7 +351,8 @@ enum __MIDL___MIDL_itf_mscoree_0000_0000_0005 APPDOMAIN_ENABLE_PINVOKE_AND_CLASSIC_COMINTEROP = 0x10, APPDOMAIN_SET_TEST_KEY = 0x20, APPDOMAIN_ENABLE_PLATFORM_SPECIFIC_APPS = 0x40, - APPDOMAIN_ENABLE_ASSEMBLY_LOADFILE = 0x80 + APPDOMAIN_ENABLE_ASSEMBLY_LOADFILE = 0x80, + APPDOMAIN_DISABLE_TRANSPARENCY_ENFORCEMENT = 0x100 } APPDOMAIN_SECURITY_FLAGS; STDAPI GetRequestedRuntimeVersionForCLSID(REFCLSID rclsid, _Out_writes_opt_(cchBuffer) LPWSTR pVersion, DWORD cchBuffer, _Out_opt_ DWORD* dwLength, CLSID_RESOLUTION_FLAGS dwResolutionFlags); diff --git a/src/vm/appdomain.hpp b/src/vm/appdomain.hpp index 0e966659bb..4840b904df 100644 --- a/src/vm/appdomain.hpp +++ b/src/vm/appdomain.hpp @@ -2936,7 +2936,21 @@ public: LIMITED_METHOD_CONTRACT; return (m_dwFlags & ENABLE_ASSEMBLY_LOADFILE); - } + } + + void DisableTransparencyEnforcement() + { + LIMITED_METHOD_CONTRACT; + + m_dwFlags |= DISABLE_TRANSPARENCY_ENFORCEMENT; + } + + BOOL IsTransparencyEnforcementDisabled() + { + LIMITED_METHOD_CONTRACT; + + return (m_dwFlags & DISABLE_TRANSPARENCY_ENFORCEMENT); + } #endif // defined(FEATURE_CORECLR) void SetPassiveDomain() @@ -3997,6 +4011,7 @@ public: #ifdef FEATURE_CORECLR ENABLE_SKIP_PLAT_CHECKS = 0x200000, // Skip various assembly checks (like platform check) ENABLE_ASSEMBLY_LOADFILE = 0x400000, // Allow Assembly.LoadFile in CoreCLR + DISABLE_TRANSPARENCY_ENFORCEMENT= 0x800000, // Disable enforcement of security transparency rules #endif }; diff --git a/src/vm/clsload.cpp b/src/vm/clsload.cpp index 8d5fae5c2d..f80041cf38 100644 --- a/src/vm/clsload.cpp +++ b/src/vm/clsload.cpp @@ -5,12 +5,6 @@ // // File: clsload.cpp // - - - -// - -// // ============================================================================ #include "common.h" @@ -4880,7 +4874,7 @@ BOOL AccessCheckOptions::DemandMemberAccess(AccessCheckContext *pContext, Method _ASSERTE(GetAppDomain()->GetSecurityDescriptor()->IsFullyTrusted() || m_accessCheckType == kRestrictedMemberAccess); - if (visibilityCheck) + if (visibilityCheck && Security::IsTransparencyEnforcementEnabled()) { // In CoreCLR RMA means visibility checks always succeed if the target is user code. if ((m_accessCheckType == kRestrictedMemberAccess || m_accessCheckType == kRestrictedMemberAccessNoTransparency) && @@ -5530,6 +5524,9 @@ static BOOL CheckTransparentAccessToCriticalCode( } CONTRACTL_END; + if (!Security::IsTransparencyEnforcementEnabled()) + return TRUE; + // At most one of these should be non-NULL _ASSERTE(1 >= ((pOptionalTargetMethod ? 1 : 0) + (pOptionalTargetField ? 1 : 0) + @@ -5561,11 +5558,8 @@ static BOOL CheckTransparentAccessToCriticalCode( { SecurityTransparent::LogTransparencyError(pContext->GetCallerMethod(), "Transparent code accessing a critical type, method, or field", pOptionalTargetMethod); } - if (!g_pConfig->DisableTransparencyEnforcement()) #endif // _DEBUG - { - return accessCheckOptions.DemandMemberAccessOrFail(pContext, pTargetMT, FALSE /*visibilityCheck*/); - } + return accessCheckOptions.DemandMemberAccessOrFail(pContext, pTargetMT, FALSE /*visibilityCheck*/); } return TRUE; diff --git a/src/vm/corhost.cpp b/src/vm/corhost.cpp index 8f4769d0fe..6e26ceb7d1 100644 --- a/src/vm/corhost.cpp +++ b/src/vm/corhost.cpp @@ -1593,6 +1593,11 @@ HRESULT CorHost2::_CreateAppDomain( { pDomain->SetAllowLoadFile(); } + + if (dwFlags & APPDOMAIN_DISABLE_TRANSPARENCY_ENFORCEMENT) + { + pDomain->DisableTransparencyEnforcement(); + } #endif // FEATURE_CORECLR if (dwFlags & APPDOMAIN_SECURITY_FORBID_CROSSAD_REVERSE_PINVOKE) diff --git a/src/vm/invokeutil.cpp b/src/vm/invokeutil.cpp index 4c623f6981..60ee90630f 100644 --- a/src/vm/invokeutil.cpp +++ b/src/vm/invokeutil.cpp @@ -1667,14 +1667,16 @@ void InvokeUtil::CanAccessMethod(MethodDesc* pMeth, if (pMeth->IsNDirect() || (pMeth->IsComPlusCall() && !pMeth->IsInterface())) { - MethodDesc* pmdCaller = pSCtx->GetCallerMethod(); - - if (pmdCaller != NULL && - Security::IsMethodTransparent(pmdCaller)) + if (Security::IsTransparencyEnforcementEnabled()) { - ThrowMethodAccessException(pSCtx, pMeth, IDS_E_TRANSPARENT_CALL_NATIVE); - } + MethodDesc* pmdCaller = pSCtx->GetCallerMethod(); + if (pmdCaller != NULL && + Security::IsMethodTransparent(pmdCaller)) + { + ThrowMethodAccessException(pSCtx, pMeth, IDS_E_TRANSPARENT_CALL_NATIVE); + } + } } #else // FEATURE_CORECLR @@ -1706,21 +1708,21 @@ void InvokeUtil::CanAccessMethod(MethodDesc* pMeth, //checkSkipVer is set only when the user tries to invoke a constructor on a existing object. if (checkSkipVer) { - MethodDesc *pCallerMD = pSCtx->GetCallerMethod(); - - // Interop (NULL) caller should be able to skip verification - if (pCallerMD != NULL && - Security::IsMethodTransparent(pCallerMD) && - !pCallerMD->GetAssembly()->GetSecurityTransparencyBehavior()->CanTransparentCodeSkipVerification()) + if (Security::IsTransparencyEnforcementEnabled()) { -#ifdef _DEBUG - if (g_pConfig->LogTransparencyErrors()) + MethodDesc *pCallerMD = pSCtx->GetCallerMethod(); + + // Interop (NULL) caller should be able to skip verification + if (pCallerMD != NULL && + Security::IsMethodTransparent(pCallerMD) && + !pCallerMD->GetAssembly()->GetSecurityTransparencyBehavior()->CanTransparentCodeSkipVerification()) { - SecurityTransparent::LogTransparencyError(pMeth, "Attempt by a transparent method to use unverifiable code"); - } - if (!g_pConfig->DisableTransparencyEnforcement()) +#ifdef _DEBUG + if (g_pConfig->LogTransparencyErrors()) + { + SecurityTransparent::LogTransparencyError(pMeth, "Attempt by a transparent method to use unverifiable code"); + } #endif // _DEBUG - { ThrowMethodAccessException(pCallerMD, pMeth, FALSE, IDS_E_TRANSPARENT_REFLECTION); } } diff --git a/src/vm/methodtablebuilder.cpp b/src/vm/methodtablebuilder.cpp index b64772eb40..db099e2996 100644 --- a/src/vm/methodtablebuilder.cpp +++ b/src/vm/methodtablebuilder.cpp @@ -12441,6 +12441,9 @@ void MethodTableBuilder::VerifyInheritanceSecurity() if (IsInterface()) return; + if (!Security::IsTransparencyEnforcementEnabled()) + return; + // If we have a non-interface class, then do inheritance security // checks on it. The check starts by checking for inheritance // permission demands on the current class. If these first checks diff --git a/src/vm/security.cpp b/src/vm/security.cpp index f30ecd799c..e263c326f4 100644 --- a/src/vm/security.cpp +++ b/src/vm/security.cpp @@ -44,6 +44,23 @@ IPEFileSecurityDescriptor* Security::CreatePEFileSecurityDescriptor(AppDomain* p } #endif +BOOL Security::IsTransparencyEnforcementEnabled() +{ + LIMITED_METHOD_CONTRACT; + +#ifdef FEATURE_CORECLR + if (GetAppDomain()->IsTransparencyEnforcementDisabled()) + return FALSE; +#endif + +#ifdef _DEBUG + if (g_pConfig->DisableTransparencyEnforcement()) + return FALSE; +#endif + + return TRUE; +} + //--------------------------------------------------------------------------------------- // // Determine if security checks should be bypassed for a method because the method is diff --git a/src/vm/security.h b/src/vm/security.h index 9331a6820a..f549b1045b 100644 --- a/src/vm/security.h +++ b/src/vm/security.h @@ -78,6 +78,8 @@ namespace Security inline bool CanLoadFromRemoteSources(); #endif // FEATURE_CAS_POLICY + BOOL IsTransparencyEnforcementEnabled(); + BOOL BypassSecurityChecksForProfiler(MethodDesc *pMD); inline BOOL CanCallUnmanagedCode(Module *pModule); inline BOOL CanAssert(Module *pModule); diff --git a/src/vm/securitydeclarative.cpp b/src/vm/securitydeclarative.cpp index d302a6c208..b2e07974fd 100644 --- a/src/vm/securitydeclarative.cpp +++ b/src/vm/securitydeclarative.cpp @@ -1423,19 +1423,16 @@ void SecurityDeclarative::EnsureAssertAllowed(MethodDesc *pMeth, MethodSecurityD } // Check if the Method is allowed to assert based on transparent/critical classification - if (!SecurityTransparent::IsAllowedToAssert(pMeth)) + if (!SecurityTransparent::IsAllowedToAssert(pMeth) && Security::IsTransparencyEnforcementEnabled()) { #ifdef _DEBUG if (g_pConfig->LogTransparencyErrors()) { SecurityTransparent::LogTransparencyError(pMeth, "Transparent method using a security assert"); } - if (!g_pConfig->DisableTransparencyEnforcement()) #endif // _DEBUG - { - // if assembly is transparent fail the ASSERT operations - COMPlusThrow(kInvalidOperationException, W("InvalidOperation_AssertTransparentCode")); - } + // if assembly is transparent fail the ASSERT operations + COMPlusThrow(kInvalidOperationException, W("InvalidOperation_AssertTransparentCode")); } return; diff --git a/src/vm/securitymeta.cpp b/src/vm/securitymeta.cpp index 1d50c76a76..f631cc17d1 100644 --- a/src/vm/securitymeta.cpp +++ b/src/vm/securitymeta.cpp @@ -644,9 +644,9 @@ void MethodSecurityDescriptor::InvokeInheritanceChecks(MethodDesc *pChildMD) PRECONDITION(CheckPointer(pChildMD)); } CONTRACTL_END; - + const SecurityTransparencyBehavior *pTransparencyBehavior = pChildMD->GetAssembly()->GetSecurityTransparencyBehavior(); - if (pTransparencyBehavior->AreInheritanceRulesEnforced()) + if (pTransparencyBehavior->AreInheritanceRulesEnforced() && Security::IsTransparencyEnforcementEnabled()) { // The profiler may want to suppress these checks if it's currently running on the child type if (Security::BypassSecurityChecksForProfiler(pChildMD)) @@ -692,11 +692,8 @@ void MethodSecurityDescriptor::InvokeInheritanceChecks(MethodDesc *pChildMD) { SecurityTransparent::LogTransparencyError(pChildMD, "Critical method overriding a SafeCritical base method", m_pMD); } - if (!g_pConfig->DisableTransparencyEnforcement()) #endif // _DEBUG - { - SecurityTransparent::ThrowTypeLoadException(pChildMD); - } + SecurityTransparent::ThrowTypeLoadException(pChildMD); } } else @@ -711,11 +708,8 @@ void MethodSecurityDescriptor::InvokeInheritanceChecks(MethodDesc *pChildMD) { SecurityTransparent::LogTransparencyError(pChildMD, "Transparent method overriding a critical base method", m_pMD); } - if (!g_pConfig->DisableTransparencyEnforcement()) #endif // _DEBUG - { - SecurityTransparent::ThrowTypeLoadException(pChildMD); - } + SecurityTransparent::ThrowTypeLoadException(pChildMD); } else if (methSecurityDescriptor.IsTreatAsSafe() && !methSecurityDescriptor.IsOpportunisticallyCritical()) { @@ -726,11 +720,8 @@ void MethodSecurityDescriptor::InvokeInheritanceChecks(MethodDesc *pChildMD) { SecurityTransparent::LogTransparencyError(pChildMD, "Safe critical method overriding a SafeCritical base method", m_pMD); } - if (!g_pConfig->DisableTransparencyEnforcement()) #endif // _DEBUG - { - SecurityTransparent::ThrowTypeLoadException(pChildMD); - } + SecurityTransparent::ThrowTypeLoadException(pChildMD); } } } @@ -744,14 +735,12 @@ void MethodSecurityDescriptor::InvokeInheritanceChecks(MethodDesc *pChildMD) { SecurityTransparent::LogTransparencyError(pChildMD, "Critical method overriding a transparent base method", m_pMD); } - if (!g_pConfig->DisableTransparencyEnforcement()) #endif // _DEBUG - { - SecurityTransparent::ThrowTypeLoadException(pChildMD); - } + SecurityTransparent::ThrowTypeLoadException(pChildMD); } } } + #ifndef FEATURE_CORECLR // Check CAS Inheritance @@ -1395,7 +1384,7 @@ void TypeSecurityDescriptor::InvokeInheritanceChecks(MethodTable* pChildMT) CONTRACTL_END; const SecurityTransparencyBehavior *pChildTransparencyBehavior = pChildMT->GetAssembly()->GetSecurityTransparencyBehavior(); - if (pChildTransparencyBehavior->AreInheritanceRulesEnforced()) + if (pChildTransparencyBehavior->AreInheritanceRulesEnforced() && Security::IsTransparencyEnforcementEnabled()) { // We compare the child class with the most critical base class in the type hierarchy. // @@ -1476,12 +1465,9 @@ void TypeSecurityDescriptor::InvokeInheritanceChecks(MethodTable* pChildMT) { SecurityTransparent::LogTransparencyError(pChildMT, "Transparent or safe critical type deriving from a critical base type"); } - if (!g_pConfig->DisableTransparencyEnforcement()) #endif // _DEBUG - { - // The parent class is critical, but the child class is not - SecurityTransparent::ThrowTypeLoadException(pChildMT); - } + // The parent class is critical, but the child class is not + SecurityTransparent::ThrowTypeLoadException(pChildMT); } } else if (fFoundSafeCriticalParent) @@ -1493,17 +1479,14 @@ void TypeSecurityDescriptor::InvokeInheritanceChecks(MethodTable* pChildMT) { SecurityTransparent::LogTransparencyError(pChildMT, "Transparent type deriving from a safe critical base type"); } - if (!g_pConfig->DisableTransparencyEnforcement()) #endif // _DEBUG - { - // The parent class is safe critical, but the child class is transparent - SecurityTransparent::ThrowTypeLoadException(pChildMT); - } + // The parent class is safe critical, but the child class is transparent + SecurityTransparent::ThrowTypeLoadException(pChildMT); } } } -#ifndef FEATURE_CORECLR +#ifndef FEATURE_CORECLR // Fast path check if (SecurityDeclarative::FullTrustCheckForLinkOrInheritanceDemand(pChildMT->GetAssembly())) { diff --git a/src/vm/securitytransparentassembly.cpp b/src/vm/securitytransparentassembly.cpp index 2a3ac4e493..d9b2401110 100644 --- a/src/vm/securitytransparentassembly.cpp +++ b/src/vm/securitytransparentassembly.cpp @@ -7,8 +7,6 @@ // // Implementation for transparent code feature // - - //-------------------------------------------------------------------------- @@ -703,7 +701,7 @@ CorInfoIsAccessAllowedResult SecurityTransparent::RequiresTransparentCodeChecks( // check if the caller assembly is transparent and NOT an interception stub (e.g. marshalling) bool doChecks = !pCallerMD->IsILStub() && IsMethodTransparent(pCallerMD); - if (doChecks) + if (doChecks && Security::IsTransparencyEnforcementEnabled()) { if (!IsTransparentCallerAllowed(pCallerMD, pCalleeMD, pError)) { @@ -812,6 +810,11 @@ static void ConvertLinkDemandToFullDemand(MethodDesc* pCallerMD, MethodDesc* pCa return; } + if (!Security::IsTransparencyEnforcementEnabled()) + { + return; + } + // Profilers may wish to suppress linktime checks for methods they're profiling if (Security::BypassSecurityChecksForProfiler(pCallerMD)) { @@ -925,34 +928,32 @@ static void ConvertLinkDemandToFullDemand(MethodDesc* pCallerMD, MethodDesc* pCa { SecurityTransparent::LogTransparencyError(pCallerMD, "Transparent method calling unmanaged code"); } - if (!g_pConfig->DisableTransparencyEnforcement()) #endif // _DEBUG + + if (pCallerMD->GetAssembly()->GetSecurityTransparencyBehavior()->CanTransparentCodeCallUnmanagedCode()) { - if (pCallerMD->GetAssembly()->GetSecurityTransparencyBehavior()->CanTransparentCodeCallUnmanagedCode()) - { #ifdef FEATURE_APTCA - if (fCallerIsAPTCA) - { - // if the caller assembly is APTCA, then only inject this demand, for NON-APTCA we will allow - // calls to native code - // NOTE: the JIT would have already performed the LinkDemand for this anyways - Security::SpecialDemand(SSWT_LATEBOUND_LINKDEMAND, SECURITY_UNMANAGED_CODE); - } -#endif // FEATURE_APTCA - } - else + if (fCallerIsAPTCA) { + // if the caller assembly is APTCA, then only inject this demand, for NON-APTCA we will allow + // calls to native code + // NOTE: the JIT would have already performed the LinkDemand for this anyways + Security::SpecialDemand(SSWT_LATEBOUND_LINKDEMAND, SECURITY_UNMANAGED_CODE); + } +#endif // FEATURE_APTCA + } + else + { #if defined(FEATURE_CORECLR_COVERAGE_BUILD) && defined(FEATURE_STRONGNAME_DELAY_SIGNING_ALLOWED) - // For code coverage builds we have an issue where the inserted types/methods are not annotated. - // In patricular, there may be p/invokes from transparent code. Allow that on cov builds for platform assemblies. - // Paranoia: allow this only on non shp builds - all builds except the SHP type will have - // FEATURE_STRONGNAME_DELAY_SIGNING_ALLOWED defined. So we can use that to figure out if this is a SHP build - // type that someone is trying to relax that constraint on and not allow that. - if (!pCalleeMD->GetModule()->GetFile()->GetAssembly()->IsProfileAssembly()) + // For code coverage builds we have an issue where the inserted types/methods are not annotated. + // In patricular, there may be p/invokes from transparent code. Allow that on cov builds for platform assemblies. + // Paranoia: allow this only on non shp builds - all builds except the SHP type will have + // FEATURE_STRONGNAME_DELAY_SIGNING_ALLOWED defined. So we can use that to figure out if this is a SHP build + // type that someone is trying to relax that constraint on and not allow that. + if (!pCalleeMD->GetModule()->GetFile()->GetAssembly()->IsProfileAssembly()) #endif // defined(FEATURE_CORECLR_COVERAGE_BUILD) && defined(FEATURE_STRONGNAME_DELAY_SIGNING_ALLOWED) - { - ::ThrowMethodAccessException(pCallerMD, pCalleeMD, FALSE, IDS_E_TRANSPARENT_CALL_NATIVE); - } + { + ::ThrowMethodAccessException(pCallerMD, pCalleeMD, FALSE, IDS_E_TRANSPARENT_CALL_NATIVE); } } } @@ -975,6 +976,11 @@ VOID SecurityTransparent::EnforceTransparentAssemblyChecks(MethodDesc* pCallerMD } CONTRACTL_END; + if (!Security::IsTransparencyEnforcementEnabled()) + { + return; + } + // Profilers may wish to suppress transparency checks for methods they're profiling if (Security::BypassSecurityChecksForProfiler(pCallerMD)) { @@ -1005,11 +1011,8 @@ VOID SecurityTransparent::EnforceTransparentAssemblyChecks(MethodDesc* pCallerMD { LogTransparencyError(pCallerMD, "Transparent method accessing a critical method", pCalleeMD); } - if (!g_pConfig->DisableTransparencyEnforcement()) #endif // _DEBUG - { - ::ThrowMethodAccessException(pCallerMD, pCalleeMD, TRUE, IDS_E_CRITICAL_METHOD_ACCESS_DENIED); - } + ::ThrowMethodAccessException(pCallerMD, pCalleeMD, TRUE, IDS_E_CRITICAL_METHOD_ACCESS_DENIED); } } |