1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
|
// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.
// See the LICENSE file in the project root for more information.
//
namespace System.Security {
using System;
using System.Threading;
using System.Security.Util;
using System.Collections;
using System.Runtime.CompilerServices;
using System.Security.Permissions;
using System.Reflection;
using System.Globalization;
using System.Security.Policy;
using System.Runtime.Versioning;
using System.Diagnostics;
using System.Diagnostics.Contracts;
// Used in DemandInternal, to remember the result of previous demands
// KEEP IN SYNC WITH DEFINITIONS IN SECURITYPOLICY.H
[Serializable]
internal enum PermissionType
{
// special flags
SecurityUnmngdCodeAccess = 0,
SecuritySkipVerification = 1,
ReflectionTypeInfo = 2,
SecurityAssert = 3,
ReflectionMemberAccess = 4,
SecuritySerialization = 5,
ReflectionRestrictedMemberAccess = 6,
FullTrust = 7,
SecurityBindingRedirects = 8,
// special permissions
UIPermission = 9,
EnvironmentPermission = 10,
FileDialogPermission = 11,
FileIOPermission = 12,
ReflectionPermission = 13,
SecurityPermission = 14,
// additional special flags
SecurityControlEvidence = 16,
SecurityControlPrincipal = 17
}
internal static class CodeAccessSecurityEngine
{
internal static SecurityPermission AssertPermission;
internal static PermissionToken AssertPermissionToken;
[MethodImplAttribute(MethodImplOptions.InternalCall)]
internal static extern void SpecialDemand(PermissionType whatPermission, ref StackCrawlMark stackMark);
[System.Diagnostics.Conditional( "_DEBUG" )]
private static void DEBUG_OUT( String str )
{
#if _DEBUG
if (debug)
Console.WriteLine( str );
#endif
}
#if _DEBUG
private static bool debug = false;
private const String file = "d:\\foo\\debug.txt";
#endif
// static default constructor. This will be called before any of the static members are accessed.
static CodeAccessSecurityEngine()
{
#pragma warning disable 618
AssertPermission = new SecurityPermission(SecurityPermissionFlag.Assertion);
#pragma warning restore 618
AssertPermissionToken = PermissionToken.GetToken(AssertPermission);
}
#pragma warning disable 618
private static void ThrowSecurityException(RuntimeAssembly asm, PermissionSet granted, PermissionSet refused, RuntimeMethodHandleInternal rmh, SecurityAction action, Object demand, IPermission permThatFailed)
#pragma warning restore 618
{
AssemblyName asmName = null;
Evidence asmEvidence = null;
if (asm != null)
{
// Assert here because reflection will check grants and if we fail the check,
// there will be an infinite recursion that overflows the stack.
PermissionSet.s_fullTrust.Assert();
asmName = asm.GetName();
}
throw SecurityException.MakeSecurityException(asmName, asmEvidence, granted, refused, rmh, action, demand, permThatFailed);
}
#pragma warning disable 618
private static void ThrowSecurityException(Object assemblyOrString, PermissionSet granted, PermissionSet refused, RuntimeMethodHandleInternal rmh, SecurityAction action, Object demand, IPermission permThatFailed)
#pragma warning restore 618
{
Debug.Assert((assemblyOrString == null || assemblyOrString is RuntimeAssembly || assemblyOrString is String), "Must pass in an Assembly object or String object here");
if (assemblyOrString == null || assemblyOrString is RuntimeAssembly)
ThrowSecurityException((RuntimeAssembly)assemblyOrString, granted, refused, rmh, action, demand, permThatFailed);
else
{
AssemblyName asmName = new AssemblyName((String)assemblyOrString);
throw SecurityException.MakeSecurityException(asmName, null, granted, refused, rmh, action, demand, permThatFailed);
}
}
#if FEATURE_COMPRESSEDSTACK
internal static void CheckSetHelper(CompressedStack cs,
PermissionSet grants,
PermissionSet refused,
PermissionSet demands,
RuntimeMethodHandleInternal rmh,
RuntimeAssembly asm,
SecurityAction action)
{
if (cs != null)
cs.CheckSetDemand(demands, rmh);
else
CheckSetHelper(grants, refused, demands, rmh, (Object)asm, action, true);
}
#else // FEATURE_COMPRESSEDSTACK
#pragma warning disable 618
internal static void CheckSetHelper(Object notUsed,
PermissionSet grants,
PermissionSet refused,
PermissionSet demands,
RuntimeMethodHandleInternal rmh,
RuntimeAssembly asm,
SecurityAction action)
#pragma warning restore 618
{
// To reduce the amount of ifdef-code-churn, a dummy arg is used for the first parameter - instead of a CompressedStack object,
// we use a System.Object that should always be null. If we tried to change the signature of the function, there will need to be
// corresponding changes in VM (metasig.h, mscorlib.h, securitystackwalk.cpp, number of elements in the arg array, etc.)
Debug.Assert(notUsed == null, "Should not reach here with a non-null first arg which is the CompressedStack");
CheckSetHelper(grants, refused, demands, rmh, (Object)asm, action, true);
}
#endif // FEATURE_COMPRESSEDSTACK
#pragma warning disable 618
internal static bool CheckSetHelper(PermissionSet grants,
PermissionSet refused,
PermissionSet demands,
RuntimeMethodHandleInternal rmh,
Object assemblyOrString,
SecurityAction action,
bool throwException)
#pragma warning restore 618
{
Debug.Assert(demands != null, "Should not reach here with a null demand set");
IPermission permThatFailed = null;
if (grants != null)
grants.CheckDecoded(demands);
if (refused != null)
refused.CheckDecoded(demands);
bool bThreadSecurity = SecurityManager._SetThreadSecurity(false);
try
{
// Check grant set
if (!demands.CheckDemand(grants, out permThatFailed))
{
if (throwException)
ThrowSecurityException(assemblyOrString, grants, refused, rmh, action, demands, permThatFailed);
else
return false;
}
// Check refused set
if (!demands.CheckDeny(refused, out permThatFailed))
{
if (throwException)
ThrowSecurityException(assemblyOrString, grants, refused, rmh, action, demands, permThatFailed);
else
return false;
}
}
catch (SecurityException)
{
throw;
}
catch (Exception)
{
// Any exception besides a security exception in this code means that
// a permission was unable to properly handle what we asked of it.
// We will define this to mean that the demand failed.
if (throwException)
ThrowSecurityException(assemblyOrString, grants, refused, rmh, action, demands, permThatFailed);
else
return false;
}
finally
{
if (bThreadSecurity)
SecurityManager._SetThreadSecurity(true);
}
return true;
}
#if FEATURE_COMPRESSEDSTACK
internal static void CheckHelper(CompressedStack cs,
PermissionSet grantedSet,
PermissionSet refusedSet,
CodeAccessPermission demand,
PermissionToken permToken,
RuntimeMethodHandleInternal rmh,
RuntimeAssembly asm,
SecurityAction action)
{
if (cs != null)
cs.CheckDemand(demand, permToken, rmh);
else
CheckHelper(grantedSet, refusedSet, demand, permToken, rmh, (Object)asm, action, true);
}
#else // FEATURE_COMPRESSEDSTACK
#pragma warning disable 618
internal static void CheckHelper(Object notUsed,
PermissionSet grantedSet,
PermissionSet refusedSet,
CodeAccessPermission demand,
PermissionToken permToken,
RuntimeMethodHandleInternal rmh,
RuntimeAssembly asm,
SecurityAction action)
#pragma warning restore 618
{
// To reduce the amount of ifdef-code-churn, a dummy arg is used for the first parameter - instead of a CompressedStack object,
// we use a System.Object that should always be null. If we tried to change the signature of the function, there will need to be
// corresponding changes in VM (metasig.h, mscorlib.h, securitystackwalk.cpp, number of elements in the arg array, etc.)
Debug.Assert(notUsed == null, "Should not reach here with a non-null first arg which is the CompressedStack");
CheckHelper(grantedSet, refusedSet, demand, permToken, rmh, (Object)asm, action, true);
}
#endif // FEATURE_COMPRESSEDSTACK
#pragma warning disable 618
internal static bool CheckHelper(PermissionSet grantedSet,
PermissionSet refusedSet,
CodeAccessPermission demand,
PermissionToken permToken,
RuntimeMethodHandleInternal rmh,
Object assemblyOrString,
SecurityAction action,
bool throwException)
#pragma warning restore 618
{
// We should never get here with a null demand
Debug.Assert(demand != null, "Should not reach here with a null demand");
if (permToken == null)
permToken = PermissionToken.GetToken(demand);
if (grantedSet != null)
grantedSet.CheckDecoded(permToken.m_index);
if (refusedSet != null)
refusedSet.CheckDecoded(permToken.m_index);
// If PermissionSet is null, then module does not have Permissions... Fail check.
bool bThreadSecurity = SecurityManager._SetThreadSecurity(false);
try
{
if (grantedSet == null)
{
if (throwException)
ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
else
return false;
}
else if (!grantedSet.IsUnrestricted())
{
// If we aren't unrestricted, there is a refused set, or our permission is not of the unrestricted
// variety, we need to do the proper callback.
Debug.Assert(demand != null,"demand != null");
// Find the permission of matching type in the permission set.
CodeAccessPermission grantedPerm =
(CodeAccessPermission)grantedSet.GetPermission(permToken);
// Make sure the demand has been granted
if (!demand.CheckDemand( grantedPerm ))
{
if (throwException)
ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
else
return false;
}
}
// Make the sure the permission is not refused.
if (refusedSet != null)
{
CodeAccessPermission refusedPerm =
(CodeAccessPermission)refusedSet.GetPermission(permToken);
if (refusedPerm != null)
{
if (!refusedPerm.CheckDeny(demand))
{
#if _DEBUG
if (debug)
DEBUG_OUT( "Permission found in refused set" );
#endif
if (throwException)
ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
else
return false;
}
}
if (refusedSet.IsUnrestricted())
{
if (throwException)
ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
else
return false;
}
}
}
catch (SecurityException)
{
throw;
}
catch (Exception)
{
// Any exception besides a security exception in this code means that
// a permission was unable to properly handle what we asked of it.
// We will define this to mean that the demand failed.
if (throwException)
ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand);
else
return false;
}
finally
{
if (bThreadSecurity)
SecurityManager._SetThreadSecurity(true);
}
DEBUG_OUT( "Check passed" );
return true;
}
internal static void Check(CodeAccessPermission cap, ref StackCrawlMark stackMark)
{
}
internal static void Check(PermissionSet permSet, ref StackCrawlMark stackMark)
{
}
[MethodImplAttribute(MethodImplOptions.InternalCall)]
internal static extern FrameSecurityDescriptor CheckNReturnSO(PermissionToken permToken,
CodeAccessPermission demand,
ref StackCrawlMark stackMark,
int create );
internal static void Assert(CodeAccessPermission cap, ref StackCrawlMark stackMark)
{
}
internal static void Deny(CodeAccessPermission cap, ref StackCrawlMark stackMark)
{
}
internal static void PermitOnly(CodeAccessPermission cap, ref StackCrawlMark stackMark)
{
}
#if FEATURE_PLS
// Update the PLS used for optimization in the AppDomain: called from the VM
private static PermissionListSet UpdateAppDomainPLS(PermissionListSet adPLS, PermissionSet grantedPerms, PermissionSet refusedPerms) {
if (adPLS == null) {
adPLS = new PermissionListSet();
adPLS.UpdateDomainPLS(grantedPerms, refusedPerms);
return adPLS;
} else {
PermissionListSet newPLS = new PermissionListSet();
newPLS.UpdateDomainPLS(adPLS);
newPLS.UpdateDomainPLS(grantedPerms, refusedPerms);
return newPLS;
}
}
#endif //FEATURE_PLS
}
}
|
