src/vm/securitydescriptorassembly.h

   1 //
   2 // Copyright (c) Microsoft. All rights reserved.
   3 // Licensed under the MIT license. See LICENSE file in the project root for full license information.
   4 //
   5 //
   6
   7 //
   8
   9
  10 #ifndef __SECURITYDESCRIPTOR_ASSEMBLY_H__
  11 #define __SECURITYDESCRIPTOR_ASSEMBLY_H__
  12
  13 #include "security.h"
  14 #include "securitydescriptor.h"
  15 struct AssemblyLoadSecurity;
  16
  17 class Assembly;
  18 class DomainAssembly;
  19
  20 // Security flags for the objects that store security information
  21 #define CORSEC_ASSERTED             0x000020 // Asseted permission set present on frame
  22 #define CORSEC_DENIED               0x000040 // Denied permission set present on frame
  23 #define CORSEC_REDUCED              0x000080 // Reduced permission set present on frame
  24
  25
  26 ///////////////////////////////////////////////////////////////////////////////
  27 //
  28 //      [SecurityDescriptor]
  29 //      |
  30 //      +----[PEFileSecurityDescriptor]
  31 //      |
  32 //      +----[ApplicationSecurityDescriptor]
  33 //      |
  34 //      +----[AssemblySecurityDescriptor]
  35 //
  36 //      [SharedSecurityDescriptor]
  37 //
  38 ///////////////////////////////////////////////////////////////////////////////
  39 //
  40 // A Security Descriptor is placed on AppDomain and Assembly (Unmanged) objects.
  41 // AppDomain and Assembly could be from different zones.
  42 // Security Descriptor could also be placed on a native frame.
  43 //
  44 ///////////////////////////////////////////////////////////////////////////////
  45
  46 #define MAX_PASSED_DEMANDS 10
  47
  48 //------------------------------------------------------------------
  49 //
  50 //          ASSEMBLY SECURITY DESCRIPTOR
  51 //
  52 //------------------------------------------------------------------
  53
  54 #ifndef DACCESS_COMPILE
  55 void StoreObjectInLazyHandle(LOADERHANDLE& handle, OBJECTREF ref, LoaderAllocator* la);
  56 #endif
  57 class AssemblySecurityDescriptor : public SecurityDescriptorBase<IAssemblySecurityDescriptor>
  58 {
  59 public:
  60 #ifndef FEATURE_PAL
  61     VPTR_VTABLE_CLASS(AssemblySecurityDescriptor, SecurityDescriptorBase<IAssemblySecurityDescriptor>)
  62 #endif
  63
  64 private:
  65     PsetCacheEntry*   m_arrPassedLinktimeDemands[MAX_PASSED_DEMANDS];
  66     DWORD   m_dwNumPassedDemands;
  67
  68     COR_TRUST                                *m_pSignature;            // Contains the publisher, requested permission
  69     SharedSecurityDescriptor                 *m_pSharedSecDesc;        // Shared state for assemblies loaded into multiple appdomains
  70
  71 #ifdef FEATURE_CAS_POLICY
  72     LOADERHANDLE m_hRequiredPermissionSet;  // Required Requested Permissions
  73     LOADERHANDLE m_hOptionalPermissionSet;  // Optional Requested Permissions
  74     LOADERHANDLE m_hDeniedPermissionSet;    // Denied Permissions
  75
  76     BOOL                m_fAdditionalEvidence;
  77     BOOL                m_fIsSignatureLoaded;
  78     BOOL                m_fAssemblyRequestsComputed;
  79 #endif // FEATURE_CAS_POLICY
  80
  81     BOOL                m_fMicrosoftPlatform;
  82     BOOL                m_fAllowSkipVerificationInFullTrust;
  83
  84 #ifndef DACCESS_COMPILE
  85 public:
  86     virtual SharedSecurityDescriptor *GetSharedSecDesc();
  87
  88     virtual BOOL CanAssert();
  89     virtual BOOL HasUnrestrictedUIPermission();
  90     virtual BOOL IsAllCritical();
  91     virtual BOOL IsAllSafeCritical();
  92     virtual BOOL IsAllPublicAreaSafeCritical();
  93     virtual BOOL IsAllTransparent();
  94     virtual BOOL IsSystem();
  95         BOOL QuickIsFullyTrusted();
  96
  97         BOOL CanSkipVerification();
  98     virtual BOOL AllowSkipVerificationInFullTrust();
  99
 100     virtual VOID Resolve();
 101
 102     virtual void ResolvePolicy(ISharedSecurityDescriptor *pSharedDesc, BOOL fShouldSkipPolicyResolution);
 103
 104         AssemblySecurityDescriptor(AppDomain *pDomain, DomainAssembly *pAssembly, LoaderAllocator *pLoaderAllocator);
 105
 106     inline BOOL AlreadyPassedDemand(PsetCacheEntry *pCasDemands);
 107     inline void TryCachePassedDemand(PsetCacheEntry *pCasDemands);
 108     Assembly* GetAssembly();
 109
 110 #ifndef DACCESS_COMPILE
 111     virtual void PropagatePermissionSet(OBJECTREF GrantedPermissionSet, OBJECTREF DeniedPermissionSet, DWORD dwSpecialFlags);
 112 #endif  // !DACCESS_COMPILE
 113
 114 #ifdef FEATURE_CAS_POLICY
 115     virtual HRESULT LoadSignature(COR_TRUST **ppSignature = NULL);
 116     virtual OBJECTREF GetEvidence();
 117     DWORD GetZone();
 118
 119     OBJECTREF GetRequestedPermissionSet(OBJECTREF *pOptionalPermissionSet, OBJECTREF *pDeniedPermissionSet);
 120
 121     virtual void SetRequestedPermissionSet(OBJECTREF RequiredPermissionSet,
 122                                           OBJECTREF OptionalPermissionSet,
 123                                           OBJECTREF DeniedPermissionSet);
 124
 125 #ifndef DACCESS_COMPILE
 126     virtual void SetAdditionalEvidence(OBJECTREF evidence);
 127     virtual BOOL HasAdditionalEvidence();
 128     virtual OBJECTREF GetAdditionalEvidence();
 129     virtual void SetEvidenceFromPEFile(IPEFileSecurityDescriptor *pPEFileSecDesc);
 130 #endif  // !DACCESS_COMPILE
 131 #endif // FEATURE_CAS_POLICY
 132
 133 #ifndef FEATURE_CORECLR
 134     virtual BOOL AllowApplicationSpecifiedAppDomainManager();
 135 #endif // !FEATURE_CORECLR
 136
 137     virtual void CheckAllowAssemblyLoad();
 138
 139 #ifdef FEATURE_CORECLR
 140     inline BOOL IsMicrosoftPlatform();
 141 #endif // FEATURE_CORECLR
 142
 143 private:
 144     BOOL CanSkipPolicyResolution();
 145     OBJECTREF UpgradePEFileEvidenceToAssemblyEvidence(const OBJECTREF& objPEFileEvidence);
 146
 147     void ResolveWorker();
 148
 149 #ifdef FEATURE_CAS_POLICY
 150     inline BOOL IsAssemblyRequestsComputed();
 151     inline BOOL IsSignatureLoaded();
 152     inline void SetSignatureLoaded();
 153 #endif
 154
 155 #ifdef FEATURE_APTCA
 156     // If you think you need to call this method, you're probably wrong.  We shouldn't be making any
 157     // security enforcement decisions based upon this result -- it's strictly for ensuring that we load
 158     // conditional APTCA assemblies correctly.
 159     inline BOOL IsConditionalAptca();
 160 #endif // FEATURE_APTCA
 161
 162 #ifdef FEATURE_CORECLR
 163     inline void SetMicrosoftPlatform();
 164 #endif // FEAUTRE_CORECLR
 165 #endif // #ifndef DACCESS_COMPILE
 166 };
 167
 168
 169 // This really isn't in the SecurityDescriptor hierarchy, per-se. It's attached
 170 // to the unmanaged assembly object and used to store common information when
 171 // the assembly is shared across multiple appdomains.
 172 class SharedSecurityDescriptor : public ISharedSecurityDescriptor
 173 {
 174 private:
 175     // Unmanaged assembly this descriptor is attached to.
 176     Assembly           *m_pAssembly;
 177
 178     // All policy resolution is funnelled through the shared descriptor so we
 179     // can guarantee everyone's using the same grant/denied sets.
 180     BOOL                m_fResolved;
 181     BOOL                m_fFullyTrusted;
 182     BOOL                m_fCanCallUnmanagedCode;
 183     BOOL                m_fCanAssert;
 184     BOOL                m_fMicrosoftPlatform;
 185
 186 public:
 187     SharedSecurityDescriptor(Assembly *pAssembly);
 188
 189     // All policy resolution is funnelled through the shared descriptor so we
 190     // can guarantee everyone's using the same grant/denied sets.
 191     virtual void Resolve(IAssemblySecurityDescriptor *pSecDesc = NULL);
 192         virtual BOOL IsResolved() const;
 193
 194     // Is this assembly a system assembly?
 195     virtual BOOL IsSystem();
 196     virtual Assembly* GetAssembly();
 197
 198     inline BOOL IsMicrosoftPlatform();
 199     BOOL IsFullyTrusted();
 200     BOOL CanCallUnmanagedCode() const;
 201     BOOL CanAssert();
 202 };
 203
 204 #include "securitydescriptorassembly.inl"
 205
 206 #endif // #define __SECURITYDESCRIPTOR_ASSEMBLY_H__