src/mscorlib/src/System/Security/SecurityRuntime.cs


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159

// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.
// See the LICENSE file in the project root for more information.

// 

namespace System.Security
{
    using System;
    using System.Globalization;
    using System.Threading;
    using System.Reflection;
    using System.Collections;
    using System.Runtime.CompilerServices;
    using System.Security.Permissions;
    using System.Runtime.Versioning;
    using System.Diagnostics.Contracts;

    internal class SecurityRuntime
    {
        private SecurityRuntime(){}

        // Returns the security object for the caller of the method containing
        // 'stackMark' on its frame.
        //
        // THE RETURNED OBJECT IS THE LIVE RUNTIME OBJECT. BE CAREFUL WITH IT!
        //
        // Internal only, do not doc.
        // 
        [MethodImplAttribute(MethodImplOptions.InternalCall)]
        internal static extern 
        FrameSecurityDescriptor GetSecurityObjectForFrame(ref StackCrawlMark stackMark,
                                                          bool create);

        // Constants used to return status to native
        internal const bool StackContinue  = true;
        internal const bool StackHalt      = false;

        // this method is a big perf hit, so don't call unnecessarily
        internal static MethodInfo GetMethodInfo(RuntimeMethodHandleInternal rmh)
        {
            if (rmh.IsNullHandle())
                return null;

#if _DEBUG
            try
            {
#endif
                // Assert here because reflection will check grants and if we fail the check,
                // there will be an infinite recursion that overflows the stack.
                PermissionSet.s_fullTrust.Assert();
                return (System.RuntimeType.GetMethodBase(RuntimeMethodHandle.GetDeclaringType(rmh), rmh) as MethodInfo);
#if _DEBUG
            }
            catch(Exception)
            {
                return null;
            }
#endif
        }

        private static bool FrameDescSetHelper(FrameSecurityDescriptor secDesc,
                                               PermissionSet demandSet,
                                               out PermissionSet alteredDemandSet,
                                               RuntimeMethodHandleInternal rmh)
        {
            return secDesc.CheckSetDemand(demandSet, out alteredDemandSet, rmh);
        }

        private static bool FrameDescHelper(FrameSecurityDescriptor secDesc,
                                               IPermission demandIn, 
                                               PermissionToken permToken,
                                               RuntimeMethodHandleInternal rmh)
        {
            return secDesc.CheckDemand((CodeAccessPermission) demandIn, permToken, rmh);
        }

#if FEATURE_COMPRESSEDSTACK
        private static bool CheckDynamicMethodSetHelper(System.Reflection.Emit.DynamicResolver dynamicResolver,
                                                     PermissionSet demandSet,
                                                     out PermissionSet alteredDemandSet,
                                                     RuntimeMethodHandleInternal rmh)
        {
            System.Threading.CompressedStack creationStack = dynamicResolver.GetSecurityContext();
            bool result;
            try
            {
                result = creationStack.CheckSetDemandWithModificationNoHalt(demandSet, out alteredDemandSet, rmh);
            }
            catch (SecurityException ex)
            {
                throw new SecurityException(Environment.GetResourceString("Security_AnonymouslyHostedDynamicMethodCheckFailed"), ex);
            }
            
            return result;
        }

        private static bool CheckDynamicMethodHelper(System.Reflection.Emit.DynamicResolver dynamicResolver,
                                             IPermission demandIn, 
                                             PermissionToken permToken,
                                             RuntimeMethodHandleInternal rmh)
        {
            System.Threading.CompressedStack creationStack = dynamicResolver.GetSecurityContext();
            bool result;
            try
            {
                result = creationStack.CheckDemandNoHalt((CodeAccessPermission)demandIn, permToken, rmh);
            }
            catch (SecurityException ex)
            {
                throw new SecurityException(Environment.GetResourceString("Security_AnonymouslyHostedDynamicMethodCheckFailed"), ex);
            }
            return result;
        }
#endif // FEATURE_COMPRESSEDSTACK

        //
        // API for PermissionSets
        //

        internal static void Assert(PermissionSet permSet, ref StackCrawlMark stackMark)
        {
        }

        internal static void AssertAllPossible(ref StackCrawlMark stackMark)
        {
        }

        internal static void Deny(PermissionSet permSet, ref StackCrawlMark stackMark)
        {
        }

        internal static void PermitOnly(PermissionSet permSet, ref StackCrawlMark stackMark)
        {
        }

        //
        // Revert API
        //

        internal static void RevertAssert(ref StackCrawlMark stackMark)
        {
        }

        internal static void RevertDeny(ref StackCrawlMark stackMark)
        {
        }
        
        internal static void RevertPermitOnly(ref StackCrawlMark stackMark)
        {
        }
        
        internal static void RevertAll(ref StackCrawlMark stackMark)
        {
        }
    }
}