2 // Copyright (c) Microsoft. All rights reserved.
3 // Licensed under the MIT license. See LICENSE file in the project root for full license information.
10 #ifndef __SECURITYDESCRIPTOR_ASSEMBLY_H__
11 #define __SECURITYDESCRIPTOR_ASSEMBLY_H__
14 #include "securitydescriptor.h"
15 struct AssemblyLoadSecurity;
20 // Security flags for the objects that store security information
21 #define CORSEC_ASSERTED 0x000020 // Asseted permission set present on frame
22 #define CORSEC_DENIED 0x000040 // Denied permission set present on frame
23 #define CORSEC_REDUCED 0x000080 // Reduced permission set present on frame
26 ///////////////////////////////////////////////////////////////////////////////
28 // [SecurityDescriptor]
30 // +----[PEFileSecurityDescriptor]
32 // +----[ApplicationSecurityDescriptor]
34 // +----[AssemblySecurityDescriptor]
36 // [SharedSecurityDescriptor]
38 ///////////////////////////////////////////////////////////////////////////////
40 // A Security Descriptor is placed on AppDomain and Assembly (Unmanged) objects.
41 // AppDomain and Assembly could be from different zones.
42 // Security Descriptor could also be placed on a native frame.
44 ///////////////////////////////////////////////////////////////////////////////
46 #define MAX_PASSED_DEMANDS 10
48 //------------------------------------------------------------------
50 // ASSEMBLY SECURITY DESCRIPTOR
52 //------------------------------------------------------------------
54 #ifndef DACCESS_COMPILE
55 void StoreObjectInLazyHandle(LOADERHANDLE& handle, OBJECTREF ref, LoaderAllocator* la);
57 class AssemblySecurityDescriptor : public SecurityDescriptorBase<IAssemblySecurityDescriptor>
61 VPTR_VTABLE_CLASS(AssemblySecurityDescriptor, SecurityDescriptorBase<IAssemblySecurityDescriptor>)
65 PsetCacheEntry* m_arrPassedLinktimeDemands[MAX_PASSED_DEMANDS];
66 DWORD m_dwNumPassedDemands;
68 COR_TRUST *m_pSignature; // Contains the publisher, requested permission
69 SharedSecurityDescriptor *m_pSharedSecDesc; // Shared state for assemblies loaded into multiple appdomains
71 #ifdef FEATURE_CAS_POLICY
72 LOADERHANDLE m_hRequiredPermissionSet; // Required Requested Permissions
73 LOADERHANDLE m_hOptionalPermissionSet; // Optional Requested Permissions
74 LOADERHANDLE m_hDeniedPermissionSet; // Denied Permissions
76 BOOL m_fAdditionalEvidence;
77 BOOL m_fIsSignatureLoaded;
78 BOOL m_fAssemblyRequestsComputed;
79 #endif // FEATURE_CAS_POLICY
81 BOOL m_fMicrosoftPlatform;
82 BOOL m_fAllowSkipVerificationInFullTrust;
84 #ifndef DACCESS_COMPILE
86 virtual SharedSecurityDescriptor *GetSharedSecDesc();
88 virtual BOOL CanAssert();
89 virtual BOOL HasUnrestrictedUIPermission();
90 virtual BOOL IsAllCritical();
91 virtual BOOL IsAllSafeCritical();
92 virtual BOOL IsAllPublicAreaSafeCritical();
93 virtual BOOL IsAllTransparent();
94 virtual BOOL IsSystem();
95 BOOL QuickIsFullyTrusted();
97 BOOL CanSkipVerification();
98 virtual BOOL AllowSkipVerificationInFullTrust();
100 virtual VOID Resolve();
102 virtual void ResolvePolicy(ISharedSecurityDescriptor *pSharedDesc, BOOL fShouldSkipPolicyResolution);
104 AssemblySecurityDescriptor(AppDomain *pDomain, DomainAssembly *pAssembly, LoaderAllocator *pLoaderAllocator);
106 inline BOOL AlreadyPassedDemand(PsetCacheEntry *pCasDemands);
107 inline void TryCachePassedDemand(PsetCacheEntry *pCasDemands);
108 Assembly* GetAssembly();
110 #ifndef DACCESS_COMPILE
111 virtual void PropagatePermissionSet(OBJECTREF GrantedPermissionSet, OBJECTREF DeniedPermissionSet, DWORD dwSpecialFlags);
112 #endif // !DACCESS_COMPILE
114 #ifdef FEATURE_CAS_POLICY
115 virtual HRESULT LoadSignature(COR_TRUST **ppSignature = NULL);
116 virtual OBJECTREF GetEvidence();
119 OBJECTREF GetRequestedPermissionSet(OBJECTREF *pOptionalPermissionSet, OBJECTREF *pDeniedPermissionSet);
121 virtual void SetRequestedPermissionSet(OBJECTREF RequiredPermissionSet,
122 OBJECTREF OptionalPermissionSet,
123 OBJECTREF DeniedPermissionSet);
125 #ifndef DACCESS_COMPILE
126 virtual void SetAdditionalEvidence(OBJECTREF evidence);
127 virtual BOOL HasAdditionalEvidence();
128 virtual OBJECTREF GetAdditionalEvidence();
129 virtual void SetEvidenceFromPEFile(IPEFileSecurityDescriptor *pPEFileSecDesc);
130 #endif // !DACCESS_COMPILE
131 #endif // FEATURE_CAS_POLICY
133 #ifndef FEATURE_CORECLR
134 virtual BOOL AllowApplicationSpecifiedAppDomainManager();
135 #endif // !FEATURE_CORECLR
137 virtual void CheckAllowAssemblyLoad();
139 #ifdef FEATURE_CORECLR
140 inline BOOL IsMicrosoftPlatform();
141 #endif // FEATURE_CORECLR
144 BOOL CanSkipPolicyResolution();
145 OBJECTREF UpgradePEFileEvidenceToAssemblyEvidence(const OBJECTREF& objPEFileEvidence);
147 void ResolveWorker();
149 #ifdef FEATURE_CAS_POLICY
150 inline BOOL IsAssemblyRequestsComputed();
151 inline BOOL IsSignatureLoaded();
152 inline void SetSignatureLoaded();
156 // If you think you need to call this method, you're probably wrong. We shouldn't be making any
157 // security enforcement decisions based upon this result -- it's strictly for ensuring that we load
158 // conditional APTCA assemblies correctly.
159 inline BOOL IsConditionalAptca();
160 #endif // FEATURE_APTCA
162 #ifdef FEATURE_CORECLR
163 inline void SetMicrosoftPlatform();
164 #endif // FEAUTRE_CORECLR
165 #endif // #ifndef DACCESS_COMPILE
169 // This really isn't in the SecurityDescriptor hierarchy, per-se. It's attached
170 // to the unmanaged assembly object and used to store common information when
171 // the assembly is shared across multiple appdomains.
172 class SharedSecurityDescriptor : public ISharedSecurityDescriptor
175 // Unmanaged assembly this descriptor is attached to.
176 Assembly *m_pAssembly;
178 // All policy resolution is funnelled through the shared descriptor so we
179 // can guarantee everyone's using the same grant/denied sets.
181 BOOL m_fFullyTrusted;
182 BOOL m_fCanCallUnmanagedCode;
184 BOOL m_fMicrosoftPlatform;
187 SharedSecurityDescriptor(Assembly *pAssembly);
189 // All policy resolution is funnelled through the shared descriptor so we
190 // can guarantee everyone's using the same grant/denied sets.
191 virtual void Resolve(IAssemblySecurityDescriptor *pSecDesc = NULL);
192 virtual BOOL IsResolved() const;
194 // Is this assembly a system assembly?
195 virtual BOOL IsSystem();
196 virtual Assembly* GetAssembly();
198 inline BOOL IsMicrosoftPlatform();
199 BOOL IsFullyTrusted();
200 BOOL CanCallUnmanagedCode() const;
204 #include "securitydescriptorassembly.inl"
206 #endif // #define __SECURITYDESCRIPTOR_ASSEMBLY_H__