// Licensed to the .NET Foundation under one or more agreements. // The .NET Foundation licenses this file to you under the MIT license. // See the LICENSE file in the project root for more information. // // using System; using System.Diagnostics.Contracts; using System.Security.Permissions; using Microsoft.Win32; namespace System.Security { internal static class BuiltInPermissionSets { // // Raw PermissionSet XML - the built in permission sets are expressed in XML form since they contain // permissions from assemblies other than mscorlib. // private static readonly string s_everythingXml = @" "; private static readonly string s_executionXml = @" "; private static readonly string s_fullTrustXml = @""; private static readonly string s_internetXml = @" "; private static readonly string s_localIntranetXml = @" "; private static readonly string s_nothingXml = @""; private static readonly string s_skipVerificationXml = @" "; #if FEATURE_CAS_POLICY private const string s_wpfExtensionXml = @" "; private const string s_wpfExtensionUnrestrictedXml = @" "; #endif //FEATURE_CAS_POLICY // // Built in permission set objects // private static NamedPermissionSet s_everything; private static NamedPermissionSet s_execution; private static NamedPermissionSet s_fullTrust; private static NamedPermissionSet s_internet; private static NamedPermissionSet s_localIntranet; private static NamedPermissionSet s_nothing; private static NamedPermissionSet s_skipVerification; // // Standard permission sets // internal static NamedPermissionSet Everything { get { return GetOrDeserializeExtendablePermissionSet(ref s_everything, s_everythingXml #if FEATURE_CAS_POLICY , s_wpfExtensionUnrestrictedXml #endif // FEATURE_CAS_POLICY ); } } internal static NamedPermissionSet Execution { get { return GetOrDeserializePermissionSet(ref s_execution, s_executionXml); } } internal static NamedPermissionSet FullTrust { get { return GetOrDeserializePermissionSet(ref s_fullTrust, s_fullTrustXml); } } internal static NamedPermissionSet Internet { get { return GetOrDeserializeExtendablePermissionSet(ref s_internet, s_internetXml #if FEATURE_CAS_POLICY , s_wpfExtensionXml #endif // FEATURE_CAS_POLICY ); } } internal static NamedPermissionSet LocalIntranet { get { return GetOrDeserializeExtendablePermissionSet(ref s_localIntranet, s_localIntranetXml #if FEATURE_CAS_POLICY , s_wpfExtensionXml #endif // FEATURE_CAS_POLICY ); } } internal static NamedPermissionSet Nothing { get { return GetOrDeserializePermissionSet(ref s_nothing, s_nothingXml); } } internal static NamedPermissionSet SkipVerification { get { return GetOrDeserializePermissionSet(ref s_skipVerification, s_skipVerificationXml); } } // // Utility methods to construct the permission set objects from the well known XML and any permission // set extensions if necessary // private static NamedPermissionSet GetOrDeserializeExtendablePermissionSet(ref NamedPermissionSet permissionSet, string permissionSetXml #if FEATURE_CAS_POLICY ,string extensionXml #endif // FEATURE_CAS_POLICY ) { Contract.Requires(!String.IsNullOrEmpty(permissionSetXml)); #if FEATURE_CAS_POLICY Contract.Requires(!String.IsNullOrEmpty(extensionXml)); #endif // FEATURE_CAS_POLICY if (permissionSet == null) { #if FEATURE_CAS_POLICY SecurityElement securityElement = SecurityElement.FromString(permissionSetXml); NamedPermissionSet deserializedPermissionSet = new NamedPermissionSet(securityElement); PermissionSet extensions = GetPermissionSetExtensions(extensionXml); deserializedPermissionSet.InplaceUnion(extensions); permissionSet = deserializedPermissionSet; #endif // FEATURE_CAS_POLICY } return permissionSet.Copy() as NamedPermissionSet; } private static NamedPermissionSet GetOrDeserializePermissionSet(ref NamedPermissionSet permissionSet, string permissionSetXml) { Contract.Assert(!String.IsNullOrEmpty(permissionSetXml)); #if FEATURE_CAS_POLICY if (permissionSet == null) { SecurityElement securityElement = SecurityElement.FromString(permissionSetXml); NamedPermissionSet deserializedPermissionSet = new NamedPermissionSet(securityElement); permissionSet = deserializedPermissionSet; } #endif // FEATURE_CAS_POLICY return permissionSet.Copy() as NamedPermissionSet; } #if FEATURE_CAS_POLICY private static PermissionSet GetPermissionSetExtensions(string extensionXml) { Contract.Requires(!String.IsNullOrEmpty(extensionXml)); SecurityElement se = SecurityElement.FromString(extensionXml); // Return the permission set extension only if WPF is in the present framework profile. // XMLUtil.GetClassFromElement() helps do the quickest check, with no exception thrown and // minimal parsing. SecurityElement firstPermission = (SecurityElement)se.Children[0]; if (System.Security.Util.XMLUtil.GetClassFromElement(firstPermission, /*ignoreTypeLoadFailures*/true) != null) { PermissionSet extensions = new NamedPermissionSet(se); return extensions; } return null; } #endif // FEATURE_CAS_POLICY } }