namespace Microsoft.Win32 {
using System;
using System.Security;
-#if FEATURE_IMPERSONATION
- using System.Security.Principal;
-#endif
using System.Text;
using System.Configuration.Assemblies;
using System.Runtime.Remoting;
[In] bool bInheritHandle,
[In] uint dwOptions);
-#if FEATURE_IMPERSONATION
- [ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)]
- [DllImport(ADVAPI32, CharSet=CharSet.Auto, SetLastError=true)]
- internal static extern
- bool DuplicateTokenEx (
- [In] SafeAccessTokenHandle ExistingTokenHandle,
- [In] TokenAccessLevels DesiredAccess,
- [In] IntPtr TokenAttributes,
- [In] SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
- [In] System.Security.Principal.TokenType TokenType,
- [In,Out] ref SafeAccessTokenHandle DuplicateTokenHandle );
-
- [DllImport(ADVAPI32, CharSet=CharSet.Auto, SetLastError=true)]
- internal static extern
- bool DuplicateTokenEx (
- [In] SafeAccessTokenHandle hExistingToken,
- [In] uint dwDesiredAccess,
- [In] IntPtr lpTokenAttributes, // LPSECURITY_ATTRIBUTES
- [In] uint ImpersonationLevel,
- [In] uint TokenType,
- [In,Out] ref SafeAccessTokenHandle phNewToken);
-#endif
[DllImport(
ADVAPI32,
EntryPoint="EqualDomainSid",
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)]
internal static extern int LsaFreeReturnBuffer(IntPtr handle);
-#if FEATURE_IMPERSONATION
- [DllImport (ADVAPI32, CharSet=CharSet.Unicode, SetLastError=true)]
- internal static extern
- bool OpenProcessToken (
- [In] IntPtr ProcessToken,
- [In] TokenAccessLevels DesiredAccess,
- [Out] out SafeAccessTokenHandle TokenHandle);
-#endif
-
[DllImport(
ADVAPI32,
EntryPoint="SetNamedSecurityInfoW",
byte[] dacl,
byte[] sacl );
- // Fusion APIs
-#if FEATURE_FUSION
- [DllImport(MSCORWKS, CharSet=CharSet.Unicode)]
- internal static extern int CreateAssemblyNameObject(out IAssemblyName ppEnum, String szAssemblyName, uint dwFlags, IntPtr pvReserved);
-
- [DllImport(MSCORWKS, CharSet=CharSet.Auto)]
- internal static extern int CreateAssemblyEnum(out IAssemblyEnum ppEnum, IApplicationContext pAppCtx, IAssemblyName pName, uint dwFlags, IntPtr pvReserved);
-#endif // FEATURE_FUSION
-
#if FEATURE_CORECLR
[DllImport(KERNEL32, CharSet=CharSet.Unicode)]
[SuppressUnmanagedCodeSecurityAttribute()]
Argument_InvalidElementName = Invalid element name '{0}'.
Argument_InvalidElementValue = Invalid element value '{0}'.
Argument_AttributeNamesMustBeUnique = Attribute names must be unique.
-#if FEATURE_CAS_POLICY
-Argument_UninitializedCertificate = Uninitialized certificate object.
-Argument_MembershipConditionElement = Element must be a <IMembershipCondition> element.
-Argument_ReservedNPMS = Cannot remove or modify reserved permissions set '{0}'.
-Argument_NPMSInUse = Permission set '{0}' was in use and could not be deleted.
-Argument_StrongNameGetPublicKey = Unable to obtain public key for StrongNameKeyPair.
-Argument_SiteCannotBeNull = Site name must be specified.
-Argument_BlobCannotBeNull = Public key must be specified.
-Argument_ZoneCannotBeNull = Zone must be specified.
-Argument_UrlCannotBeNull = URL must be specified.
-Argument_NoNPMS = Unable to find a permission set with the provided name.
-Argument_FailedCodeGroup = Failed to create a code group of type '{0}'.
-Argument_CodeGroupChildrenMustBeCodeGroups = All objects in the input list must have a parent type of 'CodeGroup'.
-#endif // FEATURE_CAS_POLICY
-#if FEATURE_IMPERSONATION
-Argument_InvalidPrivilegeName = Privilege '{0}' is not valid on this system.
-Argument_TokenZero = Token cannot be zero.
-Argument_InvalidImpersonationToken = Invalid token for impersonation - it cannot be duplicated.
-Argument_ImpersonateUser = Unable to impersonate user.
-#endif // FEATURE_IMPERSONATION
Argument_InvalidHexFormat = Improperly formatted hex string.
Argument_InvalidSite = Invalid site.
Argument_InterfaceMap = 'this' type cannot be an interface itself.
; This still appears in bcl.small but should go away eventually
Policy_Default = Error occurred while performing a policy operation.
Policy_CannotLoadSemiTrustAssembliesDuringInit = All assemblies loaded as part of AppDomain initialization must be fully trusted.
-#if FEATURE_IMPERSONATION
-Policy_PrincipalTwice = Default principal object cannot be set twice.
-#endif // FEATURE_IMPERSONATION
-#if FEATURE_CAS_POLICY
-Policy_PolicyAlreadySet = Policy for this domain cannot be set twice.
-Policy_NoExecutionPermission = Execution permission cannot be acquired.
-Policy_NoRequiredPermission = Required permissions cannot be acquired.
-Policy_MultipleExclusive = More than one exclusive group is not allowed.
-Policy_RecoverNotFileBased = PolicyLevel object not based on a file cannot be recovered.
-Policy_RecoverNoConfigFile = No old configuration file exists to recover.
-Policy_UnableToSave = Policy level '{0}' could not be saved: {1}.
-Policy_BadXml = Policy configuration XML is invalid. The required tag '{0}' is missing.
-Policy_NonFullTrustAssembly = Policy references an assembly not in the full trust assemblies list.
-Policy_MissingActivationContextInAppEvidence = The application evidence does not contain a Fusion activation context.
-Policy_NoTrustManager = A trust manager could not be loaded for this application.
-Policy_GrantSetDoesNotMatchDomain = An assembly was provided an invalid grant set by runtime host '{0}'. In a homogenous AppDomain, the only valid grant sets are FullTrust and the AppDomain's sandbox grant set.
-#endif // FEATURE_CAS_POLICY
Policy_SaveNotFileBased = PolicyLevel object not based on a file cannot be saved.
Policy_AppTrustMustGrantAppRequest = ApplicationTrust grant set does not contain ActivationContext's minimum request set.
Error_SecurityPolicyFileParse = Error occurred while parsing the '{0}' policy level. The default policy level was used instead.
Error_SecurityPolicyFileParseEx = Error '{1}' occurred while parsing the '{0}' policy level. The default policy level was used instead.
-#if FEATURE_CAS_POLICY
-Policy_EvidenceMustBeSerializable = Objects used as evidence must be serializable.
-Policy_DuplicateEvidence = The evidence collection already contains evidence of type '{0}'. Multiple pieces of the same type of evidence are not allowed.
-Policy_IncorrectHostEvidence = Runtime host '{0}' returned evidence of type '{1}' from a request for evidence of type '{2}'.
-Policy_NullHostEvidence = Runtime host '{0}' returned null when asked for assembly evidence for assembly '{1}'.
-Policy_NullHostGrantSet = Runtime host '{0}' returned a null grant set from ResolvePolicy.
-#endif // FEATURE_CAS_POLICY
-
-; Policy codegroup and permission set names and descriptions
-#if FEATURE_CAS_POLICY
-Policy_AllCode_Name = All_Code
-Policy_AllCode_DescriptionFullTrust = Code group grants all code full trust and forms the root of the code group tree.
-Policy_AllCode_DescriptionNothing = Code group grants no permissions and forms the root of the code group tree.
-Policy_MyComputer_Name = My_Computer_Zone
-Policy_MyComputer_Description = Code group grants full trust to all code originating on the local computer
-Policy_Intranet_Name = LocalIntranet_Zone
-Policy_Intranet_Description = Code group grants the intranet permission set to code from the intranet zone. This permission set grants intranet code the right to use isolated storage, full UI access, some capability to do reflection, and limited access to environment variables.
-Policy_IntranetNet_Name = Intranet_Same_Site_Access
-Policy_IntranetNet_Description = All intranet code gets the right to connect back to the site of its origin.
-Policy_IntranetFile_Name = Intranet_Same_Directory_Access
-Policy_IntranetFile_Description = All intranet code gets the right to read from its install directory.
-Policy_Internet_Name = Internet_Zone
-Policy_Internet_Description = Code group grants code from the Internet zone the Internet permission set. This permission set grants Internet code the right to use isolated storage and limited UI access.
-Policy_InternetNet_Name = Internet_Same_Site_Access
-Policy_InternetNet_Description = All Internet code gets the right to connect back to the site of its origin.
-Policy_Trusted_Name = Trusted_Zone
-Policy_Trusted_Description = Code from a trusted zone is granted the Internet permission set. This permission set grants the right to use isolated storage and limited UI access.
-Policy_TrustedNet_Name = Trusted_Same_Site_Access
-Policy_TrustedNet_Description = All Trusted Code gets the right to connect back to the site of its origin.
-Policy_Untrusted_Name = Restricted_Zone
-Policy_Untrusted_Description = Code coming from a restricted zone does not receive any permissions.
-Policy_Microsoft_Name = Microsoft_Strong_Name
-Policy_Microsoft_Description = Code group grants full trust to code signed with the Microsoft strong name.
-Policy_Ecma_Name = ECMA_Strong_Name
-Policy_Ecma_Description = Code group grants full trust to code signed with the ECMA strong name.
-
-; Policy permission set descriptions
-Policy_PS_FullTrust = Allows full access to all resources
-Policy_PS_Everything = Allows unrestricted access to all resources covered by built-in permissions
-Policy_PS_Nothing = Denies all resources, including the right to execute
-Policy_PS_Execution = Permits execution
-Policy_PS_SkipVerification = Grants right to bypass the verification
-Policy_PS_Internet = Default rights given to Internet applications
-Policy_PS_LocalIntranet = Default rights given to applications on the local intranet
-
-; default Policy level names
-Policy_PL_Enterprise = Enterprise
-Policy_PL_Machine = Machine
-Policy_PL_User = User
-Policy_PL_AppDomain = AppDomain
-#endif // FEATURE_CAS_POLICY
-
; RankException
Rank_MultiDimNotSupported = Only single dimension arrays are supported here.
Rank_MustMatch = The specified arrays must have the same number of dimensions.
null);
}
-#if FEATURE_CLICKONCE
- [System.Security.SecuritySafeCritical] // auto-generated
- public static ObjectHandle CreateInstance (ActivationContext activationContext) {
- AppDomainManager domainManager = AppDomain.CurrentDomain.DomainManager;
- if (domainManager == null)
- domainManager = new AppDomainManager();
-
- return domainManager.ApplicationActivator.CreateInstance(activationContext);
- }
-
- [System.Security.SecuritySafeCritical] // auto-generated
- public static ObjectHandle CreateInstance (ActivationContext activationContext, string[] activationCustomData) {
- AppDomainManager domainManager = AppDomain.CurrentDomain.DomainManager;
- if (domainManager == null)
- domainManager = new AppDomainManager();
-
- return domainManager.ApplicationActivator.CreateInstance(activationContext, activationCustomData);
- }
-#endif // FEATURE_CLICKONCE
-
public static ObjectHandle CreateComInstanceFrom(String assemblyName,
- String typeName)
+ String typeName)
{
return CreateComInstanceFrom(assemblyName,
typeName,
internal static readonly string SwitchNoAsyncCurrentCulture = "Switch.System.Globalization.NoAsyncCurrentCulture";
internal static readonly string SwitchThrowExceptionIfDisposedCancellationTokenSource = "Switch.System.Threading.ThrowExceptionIfDisposedCancellationTokenSource";
internal static readonly string SwitchPreserveEventListnerObjectIdentity = "Switch.System.Diagnostics.EventSource.PreserveEventListnerObjectIdentity";
-#if FEATURE_PATHCOMPAT
- internal static readonly string SwitchUseLegacyPathHandling = "Switch.System.IO.UseLegacyPathHandling";
- internal static readonly string SwitchBlockLongPaths = "Switch.System.IO.BlockLongPaths";
-#endif
// This is a partial method. Platforms can provide an implementation of it that will set override values
// from whatever mechanism is available on that platform. If no implementation is provided, the compiler is going to remove the calls
AppContext.DefineSwitchDefault(SwitchNoAsyncCurrentCulture, true);
AppContext.DefineSwitchDefault(SwitchThrowExceptionIfDisposedCancellationTokenSource, true);
}
-#if FEATURE_PATHCOMPAT
- if (version <= 40601)
- {
- AppContext.DefineSwitchDefault(SwitchUseLegacyPathHandling, true);
- AppContext.DefineSwitchDefault(SwitchBlockLongPaths, true);
- }
-#endif
+
break;
}
case "WindowsPhone":
}
}
-#if FEATURE_PATHCOMPAT
- private static int _useLegacyPathHandling;
-
- /// <summary>
- /// Use legacy path normalization logic and blocking of extended syntax.
- /// </summary>
- public static bool UseLegacyPathHandling
- {
- [MethodImpl(MethodImplOptions.AggressiveInlining)]
- get
- {
- return GetCachedSwitchValue(AppContextDefaultValues.SwitchUseLegacyPathHandling, ref _useLegacyPathHandling);
- }
- }
-
- private static int _blockLongPaths;
-
- /// <summary>
- /// Throw PathTooLongException for paths greater than MAX_PATH or directories greater than 248 (as per CreateDirectory Win32 limitations)
- /// </summary>
- public static bool BlockLongPaths
- {
- [MethodImpl(MethodImplOptions.AggressiveInlining)]
- get
- {
- return GetCachedSwitchValue(AppContextDefaultValues.SwitchBlockLongPaths, ref _blockLongPaths);
- }
- }
-#endif // FEATURE_PATHCOMPAT
-
//
// Implementation details
//
**
=============================================================================*/
-namespace System {
+namespace System
+{
using System;
-#if FEATURE_CLICKONCE
- using System.Deployment.Internal.Isolation;
- using System.Deployment.Internal.Isolation.Manifest;
- using System.Runtime.Hosting;
-#endif
using System.Reflection;
using System.Runtime;
using System.Runtime.CompilerServices;
-#if FEATURE_REMOTING
- using System.Runtime.Remoting.Channels;
- using System.Runtime.Remoting.Contexts;
-#endif
using System.Security;
using System.Security.Permissions;
-#if FEATURE_IMPERSONATION
- using System.Security.Principal;
-#endif
using System.Security.Policy;
using System.Security.Util;
using System.Collections;
using System.Collections.Generic;
using System.Threading;
using System.Runtime.InteropServices;
- using System.Runtime.Remoting;
-#if FEATURE_REMOTING
- using Context = System.Runtime.Remoting.Contexts.Context;
-#endif
+ using System.Runtime.Remoting;
using System.Reflection.Emit;
using CultureInfo = System.Globalization.CultureInfo;
-#if !FEATURE_CORECLR
- using System.Globalization;
-#endif
using System.IO;
using AssemblyHashAlgorithm = System.Configuration.Assemblies.AssemblyHashAlgorithm;
using System.Text;
- using Microsoft.Win32;
using System.Runtime.ConstrainedExecution;
using System.Runtime.Versioning;
using System.Diagnostics.Contracts;
}
}
-
- #if FEATURE_CORECLR
[System.Security.SecurityCritical] // auto-generated
- #endif
[Serializable]
[ComVisible(true)]
public delegate Assembly ResolveEventHandler(Object sender, ResolveEventArgs args);
[ComDefaultInterface(typeof(System._AppDomain))]
[ComVisible(true)]
public sealed class AppDomain :
-#if FEATURE_REMOTING
- MarshalByRefObject,
-#endif
_AppDomain, IEvidenceFactory
{
// Domain security information
public event ResolveEventHandler ReflectionOnlyAssemblyResolve;
#endif // FEATURE_REFLECTION_ONLY
-#if FEATURE_REMOTING
- private Context _DefaultContext;
-#endif
-
-#if FEATURE_CLICKONCE
- private ActivationContext _activationContext;
- private ApplicationIdentity _applicationIdentity;
-#endif
private ApplicationTrust _applicationTrust;
-
-#if FEATURE_IMPERSONATION
- private IPrincipal _DefaultPrincipal;
-#endif // FEATURE_IMPERSONATION
-#if FEATURE_REMOTING
- private DomainSpecificRemotingData _RemotingData;
-#endif
private EventHandler _processExit;
- #if FEATURE_CORECLR
[System.Security.SecurityCritical]
- #endif
private EventHandler _domainUnload;
- #if FEATURE_CORECLR
[System.Security.SecurityCritical] // auto-generated
- #endif
private UnhandledExceptionEventHandler _unhandledException;
-#if FEATURE_APTCA
- private String[] _aptcaVisibleAssemblies;
-#endif
-
// The compat flags are set at domain creation time to indicate that the given breaking
// changes (named in the strings) should not be used in this domain. We only use the
// keys, the vhe values are ignored.
private IntPtr _pDomain; // this is an unmanaged pointer (AppDomain * m_pDomain)` used from the VM.
-#if FEATURE_CAS_POLICY
- private PrincipalPolicy _PrincipalPolicy; // this is an enum
-#endif
private bool _HasSetPolicy;
private bool _IsFastFullTrustDomain; // quick check to see if the AppDomain is fully trusted and homogenous
private bool _compatFlagsInitialized;
private static extern void SetSecurityHomogeneousFlag(AppDomainHandle domain,
[MarshalAs(UnmanagedType.Bool)] bool runtimeSuppliedHomogenousGrantSet);
-#if FEATURE_CAS_POLICY
- [SecurityCritical]
- [SuppressUnmanagedCodeSecurity]
- [DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode)]
- private static extern void SetLegacyCasPolicyEnabled(AppDomainHandle domain);
-
- [SecurityCritical]
- private void SetLegacyCasPolicyEnabled()
- {
- SetLegacyCasPolicyEnabled(GetNativeHandle());
- }
-#endif // FEATURE_CAS_POLICY
-
/// <summary>
/// Get a handle used to make a call into the VM pointing to this domain
/// </summary>
throw new InvalidOperationException(Environment.GetResourceString("Argument_InvalidHandle"));
}
-#if FEATURE_REMOTING
- BCLDebug.Assert(!RemotingServices.IsTransparentProxy(this), "QCalls should be made with the real AppDomain object rather than a transparent proxy");
-#endif // FEATURE_REMOTING
return new AppDomainHandle(_pDomain);
}
if (notifyFusion)
SetupFusionStore(_FusionStore, FusionStoreOld); // Notify Fusion about the changes the user implementation of InitializeNewDomain may have made to the FusionStore object.
-
-#if FEATURE_APPDOMAINMANAGER_INITOPTIONS
- AppDomainManagerInitializationOptions flags = _domainManager.InitializationFlags;
- if ((flags & AppDomainManagerInitializationOptions.RegisterWithHost) == AppDomainManagerInitializationOptions.RegisterWithHost)
- {
- _domainManager.RegisterWithHost();
- }
-#endif // FEATURE_APPDOMAINMANAGER_INITOPTIONS
}
- InitializeCompatibilityFlags();
+ InitializeCompatibilityFlags();
}
/// <summary>
SetAppDomainManagerType(GetNativeHandle(), assembly, type);
}
-#if FEATURE_APTCA
- internal String[] PartialTrustVisibleAssemblies
- {
- get { return _aptcaVisibleAssemblies; }
-
- [SecuritySafeCritical]
- set
- {
- _aptcaVisibleAssemblies = value;
-
- // Build up the canonical representaiton of this list to allow the VM to do optimizations in
- // common cases
- string canonicalConditionalAptcaList = null;
- if (value != null)
- {
- StringBuilder conditionalAptcaListBuilder = StringBuilderCache.Acquire();
- for (int i = 0; i < value.Length; ++i)
- {
- if (value[i] != null)
- {
- conditionalAptcaListBuilder.Append(value[i].ToUpperInvariant());
- if (i != value.Length - 1)
- {
- conditionalAptcaListBuilder.Append(';');
- }
- }
- }
-
- canonicalConditionalAptcaList = StringBuilderCache.GetStringAndRelease(conditionalAptcaListBuilder);
- }
-
- SetCanonicalConditionalAptcaList(canonicalConditionalAptcaList);
- }
- }
-
- [SecurityCritical]
- [SuppressUnmanagedCodeSecurity]
- [DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode)]
- private static extern void SetCanonicalConditionalAptcaList(AppDomainHandle appDomain, string canonicalList);
-
- [SecurityCritical]
- private void SetCanonicalConditionalAptcaList(string canonicalList)
- {
- SetCanonicalConditionalAptcaList(GetNativeHandle(), canonicalList);
- }
-#endif // FEATURE_APTCA
-
-#if FEATURE_CLICKONCE
- /// <summary>
- /// If the CLR is being started up to run a ClickOnce applicaiton, setup the default AppDomain
- /// with information about that application.
- /// </summary>
- private void SetupDefaultClickOnceDomain(string fullName, string[] manifestPaths, string[] activationData)
- {
- Contract.Requires(fullName != null, "fullName != null");
- FusionStore.ActivationArguments = new ActivationArguments(fullName, manifestPaths, activationData);
- }
-#endif // FEATURE_CLICKONCE
-
/// <summary>
/// Called for every AppDomain (including the default domain) to initialize the security of the AppDomain)
/// </summary>
{
AppDomainSetup adSetup = FusionStore;
-#if FEATURE_CAS_POLICY
- // If the AppDomain is setup to use legacy CAS policy, then set that bit in the application
- // security descriptor.
- if (CompatibilitySwitches.IsNetFx40LegacySecurityPolicy)
- {
- SetLegacyCasPolicyEnabled();
- }
-#endif // FEATURE_CAS_POLICY
-
-#if FEATURE_CLICKONCE
-
- // Check if the domain manager set an ActivationContext (Debug-In-Zone for example)
- // or if this is an AppDomain with an ApplicationTrust.
- if (adSetup.ActivationArguments != null) {
- // Merge the new evidence with the manifest's evidence if applicable
- ActivationContext activationContext = null;
- ApplicationIdentity appIdentity = null;
- string[] activationData = null;
- CmsUtils.CreateActivationContext(adSetup.ActivationArguments.ApplicationFullName,
- adSetup.ActivationArguments.ApplicationManifestPaths,
- adSetup.ActivationArguments.UseFusionActivationContext,
- out appIdentity, out activationContext);
- activationData = adSetup.ActivationArguments.ActivationData;
- providedSecurityInfo = CmsUtils.MergeApplicationEvidence(providedSecurityInfo,
- appIdentity,
- activationContext,
- activationData,
- adSetup.ApplicationTrust);
- SetupApplicationHelper(providedSecurityInfo, creatorsSecurityInfo, appIdentity, activationContext, activationData);
- }
- else
-#endif // FEATURE_CLICKONCE
- {
- bool runtimeSuppliedHomogenousGrant = false;
- ApplicationTrust appTrust = adSetup.ApplicationTrust;
-
-#if FEATURE_CAS_POLICY
- // In non-legacy CAS mode, domains should be homogenous. If the host has not specified a sandbox
- // of their own, we'll set it up to be fully trusted. We must read the IsLegacyCasPolicy
- // enabled property here rathern than just reading the switch from above because the entire
- // process may also be opted into legacy CAS policy mode.
- if (appTrust == null && !IsLegacyCasPolicyEnabled) {
- _IsFastFullTrustDomain = true;
- runtimeSuppliedHomogenousGrant = true;
- }
-#endif // FEATURE_CAS_POLICY
+ bool runtimeSuppliedHomogenousGrant = false;
+ ApplicationTrust appTrust = adSetup.ApplicationTrust;
- if (appTrust != null) {
- SetupDomainSecurityForHomogeneousDomain(appTrust, runtimeSuppliedHomogenousGrant);
- }
- else if (_IsFastFullTrustDomain) {
- SetSecurityHomogeneousFlag(GetNativeHandle(), runtimeSuppliedHomogenousGrant);
- }
+ if (appTrust != null) {
+ SetupDomainSecurityForHomogeneousDomain(appTrust, runtimeSuppliedHomogenousGrant);
+ }
+ else if (_IsFastFullTrustDomain) {
+ SetSecurityHomogeneousFlag(GetNativeHandle(), runtimeSuppliedHomogenousGrant);
}
// Get the evidence supplied for the domain. If no evidence was supplied, it means that we want
// to use the default evidence creation strategy for this domain
Evidence newAppDomainEvidence = (providedSecurityInfo != null ? providedSecurityInfo : creatorsSecurityInfo);
if (newAppDomainEvidence == null && generateDefaultEvidence) {
-#if FEATURE_CAS_POLICY
- newAppDomainEvidence = new Evidence(new AppDomainEvidenceFactory(this));
-#else // !FEATURE_CAS_POLICY
newAppDomainEvidence = new Evidence();
-#endif // FEATURE_CAS_POLICY
- }
-
-#if FEATURE_CAS_POLICY
- if (_domainManager != null) {
- // Give the host a chance to alter the AppDomain evidence
- HostSecurityManager securityManager = _domainManager.HostSecurityManager;
- if (securityManager != null) {
- nSetHostSecurityManagerFlags (securityManager.Flags);
- if ((securityManager.Flags & HostSecurityManagerOptions.HostAppDomainEvidence) == HostSecurityManagerOptions.HostAppDomainEvidence) {
- newAppDomainEvidence = securityManager.ProvideAppDomainEvidence(newAppDomainEvidence);
- // If this is a disconnected evidence collection, then attach it to the AppDomain,
- // allowing the host security manager to get callbacks for delay generated evidence
- if (newAppDomainEvidence != null && newAppDomainEvidence.Target == null) {
- newAppDomainEvidence.Target = new AppDomainEvidenceFactory(this);
- }
- }
- }
}
-#endif // FEATURE_CAS_POLICY
-
// Set the evidence on the managed side
_SecurityIdentity = newAppDomainEvidence;
SetupDomainSecurity(newAppDomainEvidence,
parentSecurityDescriptor,
publishAppDomain);
-
-#if FEATURE_CAS_POLICY
- // The AppDomain is now resolved. Go ahead and set the PolicyLevel
- // from the HostSecurityManager if specified.
- if (_domainManager != null)
- RunDomainManagerPostInitialization(_domainManager);
-#endif // FEATURE_CAS_POLICY
- }
-
-#if FEATURE_CAS_POLICY
- [System.Security.SecurityCritical] // auto-generated
- private void RunDomainManagerPostInitialization (AppDomainManager domainManager)
- {
- // force creation of the HostExecutionContextManager for the current AppDomain
- HostExecutionContextManager contextManager = domainManager.HostExecutionContextManager;
-
- if (IsLegacyCasPolicyEnabled)
- {
-#pragma warning disable 618
- HostSecurityManager securityManager = domainManager.HostSecurityManager;
- if (securityManager != null)
- {
- if ((securityManager.Flags & HostSecurityManagerOptions.HostPolicyLevel) == HostSecurityManagerOptions.HostPolicyLevel)
- {
- // set AppDomain policy if specified
- PolicyLevel level = securityManager.DomainPolicy;
- if (level != null)
- SetAppDomainPolicy(level);
- }
- }
-#pragma warning restore 618
- }
- }
-#endif
-
-
-#if FEATURE_CLICKONCE
-
- [System.Security.SecurityCritical] // auto-generated
- private void SetupApplicationHelper (Evidence providedSecurityInfo, Evidence creatorsSecurityInfo, ApplicationIdentity appIdentity, ActivationContext activationContext, string[] activationData) {
- Contract.Requires(providedSecurityInfo != null);
- HostSecurityManager securityManager = AppDomain.CurrentDomain.HostSecurityManager;
- ApplicationTrust appTrust = securityManager.DetermineApplicationTrust(providedSecurityInfo, creatorsSecurityInfo, new TrustManagerContext());
- if (appTrust == null || !appTrust.IsApplicationTrustedToRun)
- throw new PolicyException(Environment.GetResourceString("Policy_NoExecutionPermission"),
- System.__HResults.CORSEC_E_NO_EXEC_PERM,
- null);
-
- // The application is trusted to run. Set up the AppDomain according to the manifests.
- if (activationContext != null)
- SetupDomainForApplication(activationContext, activationData);
- SetupDomainSecurityForApplication(appIdentity, appTrust);
- }
-
- [System.Security.SecurityCritical] // auto-generated
- private void SetupDomainForApplication(ActivationContext activationContext, string[] activationData) {
- Contract.Requires(activationContext != null);
- if (IsDefaultAppDomain()) {
- // make the ActivationArguments available off the AppDomain object.
- AppDomainSetup adSetup = this.FusionStore;
- adSetup.ActivationArguments = new ActivationArguments(activationContext, activationData);
-
- // set the application base to point at where the application resides
- string entryPointPath = CmsUtils.GetEntryPointFullPath(activationContext);
- if (!String.IsNullOrEmpty(entryPointPath))
- adSetup.SetupDefaults(entryPointPath);
- else
- adSetup.ApplicationBase = activationContext.ApplicationDirectory;
-
- // update fusion context
- SetupFusionStore(adSetup, null);
- }
-
- // perform app data directory migration.
- activationContext.PrepareForExecution();
- activationContext.SetApplicationState(ActivationContext.ApplicationState.Starting);
- // set current app data directory.
- activationContext.SetApplicationState(ActivationContext.ApplicationState.Running);
-
- // make data directory path available.
- IPermission permission = null;
- string dataDirectory = activationContext.DataDirectory;
- if (dataDirectory != null && dataDirectory.Length > 0)
- permission = new FileIOPermission(FileIOPermissionAccess.PathDiscovery, dataDirectory);
- this.SetData("DataDirectory", dataDirectory, permission);
-
- _activationContext = activationContext;
- }
-
- [System.Security.SecurityCritical] // auto-generated
- private void SetupDomainSecurityForApplication(ApplicationIdentity appIdentity,
- ApplicationTrust appTrust)
- {
- // Set the Application trust on the managed side.
- _applicationIdentity = appIdentity;
- SetupDomainSecurityForHomogeneousDomain(appTrust, false);
}
-#endif // FEATURE_CLICKONCE
[System.Security.SecurityCritical] // auto-generated
private void SetupDomainSecurityForHomogeneousDomain(ApplicationTrust appTrust,
if (runtimeSuppliedHomogenousGrantSet)
{
BCLDebug.Assert(_FusionStore.ApplicationTrust != null, "Expected to find runtime supplied ApplicationTrust");
-#if FEATURE_CAS_POLICY
- _FusionStore.ApplicationTrust = null;
-#endif // FEATURE_CAS_POLICY
}
_applicationTrust = appTrust;
runtimeSuppliedHomogenousGrantSet);
}
- // This method is called from CorHost2::ExecuteApplication to activate a ClickOnce application in the default AppDomain.
-#if FEATURE_CLICKONCE
- [System.Security.SecuritySafeCritical] // auto-generated
- private int ActivateApplication () {
- ObjectHandle oh = Activator.CreateInstance(AppDomain.CurrentDomain.ActivationContext);
- return (int) oh.Unwrap();
- }
-#endif //FEATURE_CLICKONCE
-
public AppDomainManager DomainManager {
[System.Security.SecurityCritical] // auto-generated_required
get {
}
}
-#if FEATURE_CAS_POLICY
- internal HostSecurityManager HostSecurityManager {
- [System.Security.SecurityCritical] // auto-generated
- get {
- HostSecurityManager securityManager = null;
- AppDomainManager domainManager = AppDomain.CurrentDomain.DomainManager;
- if (domainManager != null)
- securityManager = domainManager.HostSecurityManager;
-
- if (securityManager == null)
- securityManager = new HostSecurityManager();
- return securityManager;
- }
- }
-#endif // FEATURE_CAS_POLICY
-#if FEATURE_REFLECTION_ONLY_LOAD
+#if FEATURE_REFLECTION_ONLY_LOAD
private Assembly ResolveAssemblyForIntrospection(Object sender, ResolveEventArgs args)
{
Contract.Requires(args != null);
SecurityContextSource.CurrentAssembly);
}
-
[System.Security.SecuritySafeCritical] // auto-generated
[MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable
[Obsolete("Assembly level declarative security is obsolete and is no longer enforced by the CLR by default. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")]
return nApplyPolicy(asmName);
}
-
public ObjectHandle CreateInstance(String assemblyName,
String typeName)
throw new ArgumentNullException(nameof(assemblyName));
Contract.EndContractBlock();
-#if FEATURE_CAS_POLICY
- if (securityAttributes != null && !IsLegacyCasPolicyEnabled)
- {
- throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyImplicit"));
- }
-#endif // FEATURE_CAS_POLICY
-
#pragma warning disable 618
return Activator.CreateInstance(assemblyName,
typeName,
Object[] activationAttributes,
Evidence securityAttributes)
{
-#if FEATURE_CAS_POLICY
- Contract.Assert(IsLegacyCasPolicyEnabled || securityAttributes == null);
-#endif // FEATURE_CAS_POLICY
-
PermissionSet.s_fullTrust.Assert();
#pragma warning disable 618
return CreateInstance(assemblyName, typeName, ignoreCase, bindingAttr, binder, args, culture, activationAttributes, securityAttributes);
throw new NullReferenceException();
Contract.EndContractBlock();
-#if FEATURE_CAS_POLICY
- if (securityAttributes != null && !IsLegacyCasPolicyEnabled)
- {
- throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyImplicit"));
- }
-#endif // FEATURE_CAS_POLICY
-
return Activator.CreateInstanceFrom(assemblyFile,
typeName,
ignoreCase,
Object[] activationAttributes,
Evidence securityAttributes)
{
-#if FEATURE_CAS_POLICY
- Contract.Assert(IsLegacyCasPolicyEnabled || securityAttributes == null);
-#endif // FEATURE_CAS_POLICY
-
PermissionSet.s_fullTrust.Assert();
#pragma warning disable 618
return CreateInstanceFrom(assemblyName, typeName, ignoreCase, bindingAttr, binder, args, culture, activationAttributes, securityAttributes);
byte[] rawSymbolStore,
Evidence securityEvidence)
{
-#if FEATURE_CAS_POLICY
- if (securityEvidence != null && !IsLegacyCasPolicyEnabled)
- {
- throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyImplicit"));
- }
-#endif // FEATURE_CAS_POLICY
-
StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller;
return RuntimeAssembly.nLoadImage(rawAssembly,
rawSymbolStore,
Evidence assemblySecurity,
String[] args)
{
-#if FEATURE_CAS_POLICY
- if (assemblySecurity != null && !IsLegacyCasPolicyEnabled)
- {
- throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyImplicit"));
- }
-#endif // FEATURE_CAS_POLICY
-
RuntimeAssembly assembly = (RuntimeAssembly)Assembly.LoadFrom(assemblyFile, assemblySecurity);
-
+
if (args == null)
args = new String[0];
byte[] hashValue,
AssemblyHashAlgorithm hashAlgorithm)
{
-#if FEATURE_CAS_POLICY
- if (assemblySecurity != null && !IsLegacyCasPolicyEnabled)
- {
- throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyImplicit"));
- }
-#endif // FEATURE_CAS_POLICY
-
RuntimeAssembly assembly = (RuntimeAssembly)Assembly.LoadFrom(assemblyFile,
assemblySecurity,
hashValue,
return nExecuteAssembly(assembly, args);
}
- #if FEATURE_CORECLR
[System.Security.SecurityCritical] // auto-generated
- #endif
public int ExecuteAssemblyByName(String assemblyName)
{
return ExecuteAssemblyByName(assemblyName, (string[])null);
Evidence assemblySecurity,
params String[] args)
{
-#if FEATURE_CAS_POLICY
- if (assemblySecurity != null && !IsLegacyCasPolicyEnabled)
- {
- throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyImplicit"));
- }
-#endif // FEATURE_CAS_POLICY
-
RuntimeAssembly assembly = (RuntimeAssembly)Assembly.Load(assemblyName, assemblySecurity);
-
+
if (args == null)
args = new String[0];
Evidence assemblySecurity,
params String[] args)
{
-#if FEATURE_CAS_POLICY
- if (assemblySecurity != null && !IsLegacyCasPolicyEnabled)
- {
- throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyImplicit"));
- }
-#endif // FEATURE_CAS_POLICY
-
RuntimeAssembly assembly = (RuntimeAssembly)Assembly.Load(assemblyName, assemblySecurity);
-
+
if (args == null)
args = new String[0];
}
}
-#if FEATURE_CAS_POLICY
- public Evidence Evidence
- {
- [System.Security.SecuritySafeCritical] // auto-generated
- [SecurityPermissionAttribute(SecurityAction.Demand, ControlEvidence = true)]
- get {
- return EvidenceNoDemand;
- }
- }
-
- internal Evidence EvidenceNoDemand {
- [SecurityCritical]
- get {
- if (_SecurityIdentity == null) {
- if (!IsDefaultAppDomain() && nIsDefaultAppDomainForEvidence()) {
-#if !FEATURE_CORECLR
- //
- // V1.x compatibility: If this is an AppDomain created
- // by the default appdomain without an explicit evidence
- // then reuse the evidence of the default AppDomain.
- //
- return GetDefaultDomain().Evidence;
-#else
- Contract.Assert(false,"This code should not be called for core CLR");
-
- // This operation is not allowed
- throw new InvalidOperationException();
-#endif
- }
- else {
- // We can't cache this value, since the VM needs to differentiate between AppDomains
- // which have no user supplied evidence and those which do and it uses the presence
- // of Evidence on the domain to make that switch.
- return new Evidence(new AppDomainEvidenceFactory(this));
- }
- }
- else {
- return _SecurityIdentity.Clone();
- }
- }
- }
-
- internal Evidence InternalEvidence
- {
- get {
- return _SecurityIdentity;
- }
- }
-
- internal EvidenceBase GetHostEvidence(Type type)
- {
- if (_SecurityIdentity != null)
- {
- return _SecurityIdentity.GetHostEvidence(type);
- }
- else
- {
- return new Evidence(new AppDomainEvidenceFactory(this)).GetHostEvidence(type);
- }
- }
-#endif // FEATURE_CAS_POLICY
-
public String FriendlyName
{
[System.Security.SecuritySafeCritical] // auto-generated
public String BaseDirectory
{
-#if FEATURE_CORECLR
[System.Security.SecurityCritical]
-#endif
get {
return FusionStore.ApplicationBase;
}
}
-#if FEATURE_FUSION
- public String RelativeSearchPath
- {
- get { return FusionStore.PrivateBinPath; }
- }
-
- public bool ShadowCopyFiles
- {
- get {
- String s = FusionStore.ShadowCopyFiles;
- if((s != null) &&
- (String.Compare(s, "true", StringComparison.OrdinalIgnoreCase) == 0))
- return true;
- else
- return false;
- }
- }
-#endif
-
[System.Security.SecuritySafeCritical] // auto-generated
public override String ToString()
{
StringBuilder sb = StringBuilderCache.Acquire();
-
+
String fn = nGetFriendlyName();
if (fn != null) {
sb.Append(Environment.GetResourceString("Loader_Name") + fn);
sb.Append(Environment.NewLine);
}
-
+
if(_Policies == null || _Policies.Length == 0)
sb.Append(Environment.GetResourceString("Loader_NoContextPolicies")
+ Environment.NewLine);
return nGetAssemblies(false /* forIntrospection */);
}
-
public Assembly[] ReflectionOnlyGetAssemblies()
{
return nGetAssemblies(true /* forIntrospection */);
[MethodImplAttribute(MethodImplOptions.InternalCall)]
internal extern bool IsUnloadingForcedFinalize();
- // this is true when we've just started going through the finalizers and are forcing objects to finalize
- // so must be aware that certain infrastructure may have gone away
+ // this is true when we've just started going through the finalizers and are forcing objects to finalize
+ // so must be aware that certain infrastructure may have gone away
[System.Security.SecuritySafeCritical] // auto-generated
[MethodImplAttribute(MethodImplOptions.InternalCall)]
public extern bool IsFinalizingForUnload();
[MethodImplAttribute(MethodImplOptions.InternalCall)]
internal static extern void PublishAnonymouslyHostedDynamicMethodsAssembly(RuntimeAssembly assemblyHandle);
-#if FEATURE_FUSION
- // Appends the following string to the private path. Valid paths
- // are of the form "bin;util/i386" etc.
- [System.Security.SecurityCritical] // auto-generated_required
- [Obsolete("AppDomain.AppendPrivatePath has been deprecated. Please investigate the use of AppDomainSetup.PrivateBinPath instead. http://go.microsoft.com/fwlink/?linkid=14202")]
- public void AppendPrivatePath(String path)
- {
- if(path == null || path.Length == 0)
- return;
-
- String current = FusionStore.Value[(int) AppDomainSetup.LoaderInformation.PrivateBinPathValue];
- StringBuilder appendPath = StringBuilderCache.Acquire();
-
- if(current != null && current.Length > 0) {
- // See if the last character is a separator
- appendPath.Append(current);
- if((current[current.Length-1] != Path.PathSeparator) &&
- (path[0] != Path.PathSeparator))
- appendPath.Append(Path.PathSeparator);
- }
- appendPath.Append(path);
-
- String result = StringBuilderCache.GetStringAndRelease(appendPath);
- InternalSetPrivateBinPath(result);
- }
-
-
- [System.Security.SecurityCritical] // auto-generated_required
- [Obsolete("AppDomain.ClearPrivatePath has been deprecated. Please investigate the use of AppDomainSetup.PrivateBinPath instead. http://go.microsoft.com/fwlink/?linkid=14202")]
- public void ClearPrivatePath()
- {
- InternalSetPrivateBinPath(String.Empty);
- }
-
- [System.Security.SecurityCritical] // auto-generated_required
- [Obsolete("AppDomain.ClearShadowCopyPath has been deprecated. Please investigate the use of AppDomainSetup.ShadowCopyDirectories instead. http://go.microsoft.com/fwlink/?linkid=14202")]
- public void ClearShadowCopyPath()
- {
- InternalSetShadowCopyPath(String.Empty);
- }
-
- [System.Security.SecurityCritical] // auto-generated_required
- [Obsolete("AppDomain.SetCachePath has been deprecated. Please investigate the use of AppDomainSetup.CachePath instead. http://go.microsoft.com/fwlink/?linkid=14202")]
- public void SetCachePath(String path)
- {
- InternalSetCachePath(path);
- }
-#endif // FEATURE_FUSION
-
[System.Security.SecurityCritical] // auto-generated_required
public void SetData (string name, object data) {
SetDataHelper(name, data, null);
}
[System.Security.SecurityCritical] // auto-generated_required
- public void SetData (string name, object data, IPermission permission) {
-#if FEATURE_CORECLR
+ public void SetData (string name, object data, IPermission permission)
+ {
if (!name.Equals("LOCATION_URI"))
{
// Only LOCATION_URI can be set using AppDomain.SetData
throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_SetData_OnlyLocationURI", name));
}
-#endif // FEATURE_CORECLR
+
SetDataHelper(name, data, permission);
}
[System.Security.SecurityCritical] // auto-generated
- private void SetDataHelper (string name, object data, IPermission permission) {
+ private void SetDataHelper (string name, object data, IPermission permission)
+ {
if (name == null)
throw new ArgumentNullException(nameof(name));
Contract.EndContractBlock();
- //
- // Synopsis:
- // IgnoreSystemPolicy is provided as a legacy flag to allow callers to
- // skip enterprise, machine and user policy levels. When this flag is set,
- // any demands triggered in this AppDomain will be evaluated against the
- // AppDomain CAS policy level that is set on the AppDomain.
- // Security Requirements:
- // The caller needs to be fully trusted in order to be able to set
- // this legacy mode.
- // Remarks:
- // There needs to be an AppDomain policy level set before this compat
- // switch can be set on the AppDomain.
- //
-#if FEATURE_FUSION
- if (name.Equals(TargetFrameworkNameAppCompatSetting)) {
- _FusionStore.TargetFrameworkName = (String) data;
- return;
- }
-#if FEATURE_CAS_POLICY
- if (name.Equals("IgnoreSystemPolicy")) {
- lock (this) {
- if (!_HasSetPolicy)
- throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_SetData"));
- }
- new PermissionSet(PermissionState.Unrestricted).Demand();
- }
-#endif
- int key = AppDomainSetup.Locate(name);
-
- if(key == -1) {
- lock (((ICollection)LocalStore).SyncRoot) {
- LocalStore[name] = new object[] {data, permission};
- }
- }
- else {
- if (permission != null)
- throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_SetData"));
- // Be sure to call these properties, not Value, since
- // these do more than call Value.
- switch(key) {
- case (int) AppDomainSetup.LoaderInformation.DynamicBaseValue:
- FusionStore.DynamicBase = (string) data;
- break;
- case (int) AppDomainSetup.LoaderInformation.DevPathValue:
- FusionStore.DeveloperPath = (string) data;
- break;
- case (int) AppDomainSetup.LoaderInformation.ShadowCopyDirectoriesValue:
- FusionStore.ShadowCopyDirectories = (string) data;
- break;
- case (int) AppDomainSetup.LoaderInformation.DisallowPublisherPolicyValue:
- if(data != null)
- FusionStore.DisallowPublisherPolicy = true;
- else
- FusionStore.DisallowPublisherPolicy = false;
- break;
- case (int) AppDomainSetup.LoaderInformation.DisallowCodeDownloadValue:
- if (data != null)
- FusionStore.DisallowCodeDownload = true;
- else
- FusionStore.DisallowCodeDownload = false;
- break;
- case (int) AppDomainSetup.LoaderInformation.DisallowBindingRedirectsValue:
- if(data != null)
- FusionStore.DisallowBindingRedirects = true;
- else
- FusionStore.DisallowBindingRedirects = false;
- break;
- case (int) AppDomainSetup.LoaderInformation.DisallowAppBaseProbingValue:
- if(data != null)
- FusionStore.DisallowApplicationBaseProbing = true;
- else
- FusionStore.DisallowApplicationBaseProbing = false;
- break;
- case (int) AppDomainSetup.LoaderInformation.ConfigurationBytesValue:
- FusionStore.SetConfigurationBytes((byte[]) data);
- break;
- default:
- FusionStore.Value[key] = (string) data;
- break;
- }
- }
-#else // FEATURE_FUSION
-#if FEATURE_CORECLR
// SetData should only be used to set values that don't already exist.
+ object[] currentVal;
+ lock (((ICollection)LocalStore).SyncRoot) {
+ LocalStore.TryGetValue(name, out currentVal);
+ }
+ if (currentVal != null && currentVal[0] != null)
{
- object[] currentVal;
- lock (((ICollection)LocalStore).SyncRoot) {
- LocalStore.TryGetValue(name, out currentVal);
- }
- if (currentVal != null && currentVal[0] != null)
- {
- throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_SetData_OnlyOnce"));
- }
+ throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_SetData_OnlyOnce"));
}
-#endif // FEATURE_CORECLR
lock (((ICollection)LocalStore).SyncRoot) {
LocalStore[name] = new object[] {data, permission};
}
-#endif // FEATURE_FUSION
}
[Pure]
- #if FEATURE_CORECLR
[System.Security.SecurityCritical] // auto-generated
- #else
- [System.Security.SecuritySafeCritical]
- #endif
public Object GetData(string name)
{
if(name == null)
return FusionStore.ApplicationBase;
case (int) AppDomainSetup.LoaderInformation.ApplicationNameValue:
return FusionStore.ApplicationName;
-#if FEATURE_FUSION
- case (int) AppDomainSetup.LoaderInformation.ConfigurationFileValue:
- return FusionStore.ConfigurationFile;
- case (int) AppDomainSetup.LoaderInformation.DynamicBaseValue:
- return FusionStore.DynamicBase;
- case (int) AppDomainSetup.LoaderInformation.DevPathValue:
- return FusionStore.DeveloperPath;
- case (int) AppDomainSetup.LoaderInformation.PrivateBinPathValue:
- return FusionStore.PrivateBinPath;
- case (int) AppDomainSetup.LoaderInformation.PrivateBinPathProbeValue:
- return FusionStore.PrivateBinPathProbe;
- case (int) AppDomainSetup.LoaderInformation.ShadowCopyDirectoriesValue:
- return FusionStore.ShadowCopyDirectories;
- case (int) AppDomainSetup.LoaderInformation.ShadowCopyFilesValue:
- return FusionStore.ShadowCopyFiles;
- case (int) AppDomainSetup.LoaderInformation.CachePathValue:
- return FusionStore.CachePath;
- case (int) AppDomainSetup.LoaderInformation.LicenseFileValue:
- return FusionStore.LicenseFile;
- case (int) AppDomainSetup.LoaderInformation.DisallowPublisherPolicyValue:
- return FusionStore.DisallowPublisherPolicy;
- case (int) AppDomainSetup.LoaderInformation.DisallowCodeDownloadValue:
- return FusionStore.DisallowCodeDownload;
- case (int) AppDomainSetup.LoaderInformation.DisallowBindingRedirectsValue:
- return FusionStore.DisallowBindingRedirects;
- case (int) AppDomainSetup.LoaderInformation.DisallowAppBaseProbingValue:
- return FusionStore.DisallowApplicationBaseProbing;
- case (int) AppDomainSetup.LoaderInformation.ConfigurationBytesValue:
- return FusionStore.GetConfigurationBytes();
-#endif //FEATURE_FUSION
-
default:
Contract.Assert(false, "Need to handle new LoaderInformation value in AppDomain.GetData()");
return null;
}
}
-
}
// The compat flags are set at domain creation time to indicate that the given breaking
[DllImport(Microsoft.Win32.Win32Native.KERNEL32)]
public static extern int GetCurrentThreadId();
-#if FEATURE_REMOTING
- [System.Security.SecuritySafeCritical] // auto-generated
- [SecurityPermissionAttribute( SecurityAction.Demand, ControlAppDomain = true ),
- ReliabilityContract(Consistency.MayCorruptAppDomain, Cer.MayFail)]
- public static void Unload(AppDomain domain)
+ internal ApplicationTrust ApplicationTrust
{
- if (domain == null)
- throw new ArgumentNullException(nameof(domain));
- Contract.EndContractBlock();
+ get {
+ if (_applicationTrust == null && _IsFastFullTrustDomain) {
+ _applicationTrust = new ApplicationTrust(new PermissionSet(PermissionState.Unrestricted));
+ }
- try {
- Int32 domainID = AppDomain.GetIdForUnload(domain);
- if (domainID==0)
- throw new CannotUnloadAppDomainException();
- AppDomain.nUnload(domainID);
- }
- catch(Exception e) {
- throw e; // throw it again to reset stack trace
+ return _applicationTrust;
}
}
-#endif
-
- // Explicitly set policy for a domain (providing policy hasn't been set
- // previously). Making this call will guarantee that previously loaded
- // assemblies will be granted permissions based on the default machine
- // policy that was in place prior to this call.
-#if FEATURE_CAS_POLICY
- [System.Security.SecurityCritical] // auto-generated_required
- [Obsolete("AppDomain policy levels are obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")]
- public void SetAppDomainPolicy(PolicyLevel domainPolicy)
- {
- if (domainPolicy == null)
- throw new ArgumentNullException(nameof(domainPolicy));
- Contract.EndContractBlock();
-
- if (!IsLegacyCasPolicyEnabled)
- {
- throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyExplicit"));
- }
-
- // Check that policy has not been set previously.
- lock (this) {
- if (_HasSetPolicy)
- throw new PolicyException(Environment.GetResourceString("Policy_PolicyAlreadySet"));
- _HasSetPolicy = true;
-
- // Make sure that the loader allows us to change security policy
- // at this time (this will throw if not.)
- nChangeSecurityPolicy();
- }
-
- // Add the new policy level.
- SecurityManager.PolicyManager.AddLevel(domainPolicy);
- }
-#endif //#if !FEATURE_CAS_POLICY
-#if FEATURE_CLICKONCE
- public ActivationContext ActivationContext {
- [System.Security.SecurityCritical] // auto-generated_required
- get {
- return _activationContext;
- }
- }
-
- public ApplicationIdentity ApplicationIdentity {
- [System.Security.SecurityCritical] // auto-generated_required
- get {
- return _applicationIdentity;
- }
- }
-#endif // FEATURE_CLICKONCE
-
-
-#if FEATURE_CLICKONCE
- public ApplicationTrust ApplicationTrust {
- [System.Security.SecurityCritical] // auto-generated_required
-#else // FEATURE_CLICKONCE
- internal ApplicationTrust ApplicationTrust {
-#endif // FEATURE_CLICKONCE
- get {
- if (_applicationTrust == null && _IsFastFullTrustDomain) {
- _applicationTrust = new ApplicationTrust(new PermissionSet(PermissionState.Unrestricted));
- }
-
- return _applicationTrust;
- }
- }
-
-#if FEATURE_IMPERSONATION
- // Set the default principal object to be attached to threads if they
- // attempt to bind to a principal while executing in this appdomain. The
- // default can only be set once.
- [System.Security.SecuritySafeCritical] // auto-generated
- [SecurityPermissionAttribute(SecurityAction.Demand, Flags=SecurityPermissionFlag.ControlPrincipal)]
- public void SetThreadPrincipal(IPrincipal principal)
- {
- if (principal == null)
- throw new ArgumentNullException(nameof(principal));
- Contract.EndContractBlock();
-
- lock (this) {
- // Check that principal has not been set previously.
- if (_DefaultPrincipal != null)
- throw new PolicyException(Environment.GetResourceString("Policy_PrincipalTwice"));
-
- _DefaultPrincipal = principal;
- }
- }
-#endif // FEATURE_IMPERSONATION
-
-#if FEATURE_CAS_POLICY
- // Similar to the above, but sets the class of principal to be created
- // instead.
- [System.Security.SecuritySafeCritical] // auto-generated
- [SecurityPermissionAttribute(SecurityAction.Demand, Flags=SecurityPermissionFlag.ControlPrincipal)]
- public void SetPrincipalPolicy(PrincipalPolicy policy)
- {
- _PrincipalPolicy = policy;
- }
-#endif
-
-
-#if FEATURE_REMOTING
- // This method gives AppDomain an infinite life time by preventing a lease from being
- // created
- [System.Security.SecurityCritical] // auto-generated_required
- public override Object InitializeLifetimeService()
- {
- return null;
- }
- // This is useful for requesting execution of some code
- // in another appDomain ... the delegate may be defined
- // on a marshal-by-value object or a marshal-by-ref or
- // contextBound object.
- public void DoCallBack(CrossAppDomainDelegate callBackDelegate)
- {
- if (callBackDelegate == null)
- throw new ArgumentNullException(nameof(callBackDelegate));
- Contract.EndContractBlock();
-
- callBackDelegate();
- }
-#endif
-
public String DynamicDirectory
{
}
}
-#if FEATURE_CAS_POLICY
- public static AppDomain CreateDomain(String friendlyName,
- Evidence securityInfo) // Optional
- {
- return CreateDomain(friendlyName,
- securityInfo,
- null);
- }
-
- public static AppDomain CreateDomain(String friendlyName,
- Evidence securityInfo, // Optional
- String appBasePath,
- String appRelativeSearchPath,
- bool shadowCopyFiles)
- {
- AppDomainSetup info = new AppDomainSetup();
- info.ApplicationBase = appBasePath;
- info.PrivateBinPath = appRelativeSearchPath;
- if(shadowCopyFiles)
- info.ShadowCopyFiles = "true";
-
- return CreateDomain(friendlyName,
- securityInfo,
- info);
- }
-#endif // #if FEATURE_CAS_POLICY (not exposed in core)
-
-
[System.Security.SecurityCritical] // auto-generated
[MethodImplAttribute(MethodImplOptions.InternalCall)]
extern private String GetDynamicDir();
- // Private helpers called from unmanaged code.
-
-#if FEATURE_REMOTING
-
- public static AppDomain CreateDomain(String friendlyName)
- {
- return CreateDomain(friendlyName, null, null);
- }
-
-
- // Marshal a single object into a serialized blob.
- [System.Security.SecurityCritical] // auto-generated
- private static byte[] MarshalObject(Object o)
- {
- CodeAccessPermission.Assert(true);
-
- return Serialize(o);
- }
-
- // Marshal two objects into serialized blobs.
- [System.Security.SecurityCritical] // auto-generated
- private static byte[] MarshalObjects(Object o1, Object o2, out byte[] blob2)
- {
- CodeAccessPermission.Assert(true);
-
- byte[] blob1 = Serialize(o1);
- blob2 = Serialize(o2);
- return blob1;
- }
-
- // Unmarshal a single object from a serialized blob.
- [System.Security.SecurityCritical] // auto-generated
- private static Object UnmarshalObject(byte[] blob)
- {
- CodeAccessPermission.Assert(true);
-
- return Deserialize(blob);
- }
-
- // Unmarshal two objects from serialized blobs.
- [System.Security.SecurityCritical] // auto-generated
- private static Object UnmarshalObjects(byte[] blob1, byte[] blob2, out Object o2)
- {
- CodeAccessPermission.Assert(true);
-
- Object o1 = Deserialize(blob1);
- o2 = Deserialize(blob2);
- return o1;
- }
-
- // Helper routines.
- [System.Security.SecurityCritical] // auto-generated
- private static byte[] Serialize(Object o)
- {
- if (o == null)
- {
- return null;
- }
- else if (o is ISecurityEncodable)
- {
- SecurityElement element = ((ISecurityEncodable)o).ToXml();
- MemoryStream ms = new MemoryStream( 4096 );
- ms.WriteByte( 0 );
- StreamWriter writer = new StreamWriter( ms, Encoding.UTF8 );
- element.ToWriter( writer );
- writer.Flush();
- return ms.ToArray();
- }
- else
- {
- MemoryStream ms = new MemoryStream();
- ms.WriteByte( 1 );
- CrossAppDomainSerializer.SerializeObject(o, ms);
- return ms.ToArray();
- }
- }
-
- [System.Security.SecurityCritical] // auto-generated
- private static Object Deserialize(byte[] blob)
- {
- if (blob == null)
- return null;
-
- if (blob[0] == 0)
- {
- Parser parser = new Parser( blob, Tokenizer.ByteTokenEncoding.UTF8Tokens, 1 );
- SecurityElement root = parser.GetTopElement();
- if (root.Tag.Equals( "IPermission" ) || root.Tag.Equals( "Permission" ))
- {
- IPermission ip = System.Security.Util.XMLUtil.CreatePermission( root, PermissionState.None, false );
-
- if (ip == null)
- {
- return null;
- }
-
- ip.FromXml( root );
-
- return ip;
- }
- else if (root.Tag.Equals( "PermissionSet" ))
- {
- PermissionSet permissionSet = new PermissionSet();
-
- permissionSet.FromXml( root, false, false );
-
- return permissionSet;
- }
- else if (root.Tag.Equals( "PermissionToken" ))
- {
- PermissionToken pToken = new PermissionToken();
-
- pToken.FromXml( root );
-
- return pToken;
- }
- else
- {
- return null;
- }
-
- }
- else
- {
- Object obj = null;
- using(MemoryStream stream = new MemoryStream( blob, 1, blob.Length - 1 )) {
- obj = CrossAppDomainSerializer.DeserializeObject(stream);
- }
-
- Contract.Assert( !(obj is IPermission), "IPermission should be xml deserialized" );
- Contract.Assert( !(obj is PermissionSet), "PermissionSet should be xml deserialized" );
-
- return obj;
- }
- }
-
-#endif // FEATURE_REMOTING
-
-#if !FEATURE_CORECLR
- //
- // Called by the VM if ICLRExecutionManager::Pause is called with the PAUSE_APP_DOMAINS flag.
- // This mimics the behavior of the CoreCLR FAS (fast application switching) model, to ensure
- // that code that depends on things happening in a particular order will work.
- //
- [System.Security.SecurityCritical]
- internal static void Pause()
- {
- AppDomainPauseManager.Instance.Pausing();
- AppDomainPauseManager.Instance.Paused();
- }
-
- //
- // Called by the VM if ICLRExecutionManager::Resume is called after ICLRExecutionManager::Pause
- // was called with the PAUSE_APP_DOMAINS flag.
- // This mimics the behavior of the CoreCLR FAS (fast application switching) model, to ensure
- // that code that depends on things happening in a particular order will work.
- //
- [System.Security.SecurityCritical]
- internal static void Resume()
- {
- if (AppDomainPauseManager.IsPaused)
- {
- AppDomainPauseManager.Instance.Resuming();
- AppDomainPauseManager.Instance.Resumed();
- }
- }
-#endif
-
private AppDomain() {
throw new NotSupportedException(Environment.GetResourceString(ResId.NotSupported_Constructor));
}
}
#endif // FEATURE_VERSIONING
-#if FEATURE_REMOTING
- internal void CreateRemotingData()
- {
- lock(this) {
- if (_RemotingData == null)
- _RemotingData = new DomainSpecificRemotingData();
- }
- }
-
- internal DomainSpecificRemotingData RemotingData
- {
- get
- {
- if (_RemotingData == null)
- CreateRemotingData();
-
- return _RemotingData;
- }
- }
-#endif // FEATURE_REMOTING
-
[System.Security.SecurityCritical] // auto-generated
[MethodImplAttribute(MethodImplOptions.InternalCall)]
private extern String nGetFriendlyName();
_domainUnload += value;
}
}
-#if FEATURE_CORECLR
[System.Security.SecuritySafeCritical]
-#endif
remove
{
lock(this)
return null;
}
-#if FEATURE_REFLECTION_ONLY_LOAD
-
- private RuntimeAssembly OnReflectionOnlyAssemblyResolveEvent(RuntimeAssembly assembly, String assemblyFullName)
- {
- ResolveEventHandler eventHandler = ReflectionOnlyAssemblyResolve;
- if (eventHandler != null) {
-
- Delegate[] ds = eventHandler.GetInvocationList();
- int len = ds.Length;
- for (int i = 0; i < len; i++) {
- Assembly asm = ((ResolveEventHandler)ds[i])(this, new ResolveEventArgs(assemblyFullName, assembly));
- RuntimeAssembly ret = GetRuntimeAssembly(asm);
- if (ret != null)
- return ret;
- }
- }
-
- return null;
- }
-
-#if FEATURE_COMINTEROP
- // Called by VM - code:CLRPrivTypeCacheReflectionOnlyWinRT::RaiseNamespaceResolveEvent
- private RuntimeAssembly[] OnReflectionOnlyNamespaceResolveEvent(RuntimeAssembly assembly, string namespaceName)
- {
- return System.Runtime.InteropServices.WindowsRuntime.WindowsRuntimeMetadata.OnReflectionOnlyNamespaceResolveEvent(this, assembly, namespaceName);
- }
-#endif // FEATURE_COMINTEROP
-
-#endif // FEATURE_REFLECTION_ONLY_LOAD
-
#if FEATURE_COMINTEROP
// Called by VM - code:CLRPrivTypeCacheWinRT::RaiseDesignerNamespaceResolveEvent
private string[] OnDesignerNamespaceResolveEvent(string namespaceName)
}
}
-#if FEATURE_FUSION
- private void TurnOnBindingRedirects()
- {
- _FusionStore.DisallowBindingRedirects = false;
- }
-#endif
-
- // This will throw a CannotUnloadAppDomainException if the appdomain is
- // in another process.
-#if FEATURE_REMOTING
- [System.Security.SecurityCritical] // auto-generated
- [ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)]
- internal static Int32 GetIdForUnload(AppDomain domain)
- {
- if (RemotingServices.IsTransparentProxy(domain))
- {
- return RemotingServices.GetServerDomainIdForProxy(domain);
- }
- else
- return domain.Id;
- }
-#endif
-
// Used to determine if server object context is valid in
// x-domain remoting scenarios.
[System.Security.SecurityCritical] // auto-generated
[MethodImplAttribute(MethodImplOptions.InternalCall)]
[ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)]
internal static extern bool IsDomainIdValid(Int32 id);
-
-#if FEATURE_REMOTING
- [System.Security.SecurityCritical] // auto-generated
- [MethodImplAttribute(MethodImplOptions.InternalCall)]
- static internal extern AppDomain GetDefaultDomain();
-#endif
-
-#if FEATURE_IMPERSONATION
- // Internal routine to retrieve the default principal object. If this is
- // called before the principal has been explicitly set, it will
- // automatically allocate a default principal based on the policy set by
- // SetPrincipalPolicy.
- internal IPrincipal GetThreadPrincipal()
- {
- IPrincipal principal = null;
- if (_DefaultPrincipal == null) {
-#if FEATURE_CAS_POLICY
- switch (_PrincipalPolicy) {
- case PrincipalPolicy.NoPrincipal:
- principal = null;
- break;
- case PrincipalPolicy.UnauthenticatedPrincipal:
- principal = new GenericPrincipal(new GenericIdentity("", ""),
- new String[] {""});
- break;
- case PrincipalPolicy.WindowsPrincipal:
- principal = new WindowsPrincipal(WindowsIdentity.GetCurrent());
- break;
- default:
- principal = null;
- break;
- }
-#else
- principal = new GenericPrincipal(new GenericIdentity("", ""),
- new String[] {""});
-
-#endif
- }
- else
- principal = _DefaultPrincipal;
-
- return principal;
- }
-#endif // FEATURE_IMPERSONATION
-
-#if FEATURE_REMOTING
-
- [System.Security.SecurityCritical] // auto-generated
- internal void CreateDefaultContext()
- {
- lock(this) {
- // if it has not been created we ask the Context class to
- // create a new default context for this appdomain.
- if (_DefaultContext == null)
- _DefaultContext = Context.CreateDefaultContext();
- }
- }
-
- [System.Security.SecurityCritical] // auto-generated
- internal Context GetDefaultContext()
- {
- if (_DefaultContext == null)
- CreateDefaultContext();
- return _DefaultContext;
- }
-
- // Ensure that evidence provided when creating an AppDomain would not have been used to create a
- // sandbox in legacy CAS mode. If it could have been used to create a sandbox, and we're not in CAS
- // mode, then we throw an exception to prevent acciental creation of unsandboxed domains where a
- // sandbox would have been expected.
- [SecuritySafeCritical]
- internal static void CheckDomainCreationEvidence(AppDomainSetup creationDomainSetup,
- Evidence creationEvidence)
- {
- if (creationEvidence != null && !CurrentDomain.IsLegacyCasPolicyEnabled)
- {
- if (creationDomainSetup == null || creationDomainSetup.ApplicationTrust == null)
- {
- // We allow non-null evidence in CAS mode to support the common pattern of passing in
- // AppDomain.CurrentDomain.Evidence. Since the zone evidence must have been changed
- // if the user has any expectation of sandboxing the domain under legacy CAS policy,
- // we use a zone comparison to check for this pattern. A strict comparison will not
- // work, since MSDN samples for creating a domain show using a modified version of the
- // current domain's evidence and we would capturce people who copied and pasted these
- // samples without intending to sandbox.
- Zone creatorsZone = CurrentDomain.EvidenceNoDemand.GetHostEvidence<Zone>();
- SecurityZone creatorsSecurityZone = creatorsZone != null ?
- creatorsZone.SecurityZone :
- SecurityZone.MyComputer;
-
- Zone suppliedZone = creationEvidence.GetHostEvidence<Zone>();
- if (suppliedZone != null)
- {
- if (suppliedZone.SecurityZone != creatorsSecurityZone &&
- suppliedZone.SecurityZone != SecurityZone.MyComputer)
- {
- throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyImplicit"));
- }
- }
- }
- }
- }
-
-#if FEATURE_CAS_POLICY
- [System.Security.SecuritySafeCritical] // auto-generated
- [SecurityPermissionAttribute( SecurityAction.Demand, ControlAppDomain = true )]
- public static AppDomain CreateDomain(String friendlyName,
- Evidence securityInfo,
- AppDomainSetup info)
- {
- return InternalCreateDomain(friendlyName, securityInfo, info);
- }
-#else
- internal static AppDomain CreateDomain(String friendlyName,
- Evidence securityInfo,
- AppDomainSetup info)
- {
- return InternalCreateDomain(friendlyName, securityInfo, info);
- }
-#endif
-
- [System.Security.SecurityCritical] // auto-generated
- internal static AppDomain InternalCreateDomain(String friendlyName,
- Evidence securityInfo,
- AppDomainSetup info)
- {
- if (friendlyName == null)
- throw new ArgumentNullException(nameof(friendlyName), Environment.GetResourceString("ArgumentNull_String"));
-
- Contract.EndContractBlock();
-
- AppDomain.CheckCreateDomainSupported();
-
- if (info == null)
- info = new AppDomainSetup();
- if (info.TargetFrameworkName == null)
- info.TargetFrameworkName = AppDomain.CurrentDomain.GetTargetFrameworkName();
-
- AppDomainManager domainManager = AppDomain.CurrentDomain.DomainManager;
- if (domainManager != null)
- return domainManager.CreateDomain(friendlyName, securityInfo, info);
-
- // No AppDomainManager is set up for this domain
- // If evidence is provided, we check to make sure that is allowed.
- if (securityInfo != null)
- {
- new SecurityPermission(SecurityPermissionFlag.ControlEvidence).Demand();
-
- // If we're potentially trying to sandbox without using a homogenous domain, we need to reject
- // the domain creation.
- CheckDomainCreationEvidence(info, securityInfo);
- }
-
- return nCreateDomain(friendlyName,
- info,
- securityInfo,
- securityInfo == null ? AppDomain.CurrentDomain.InternalEvidence : null,
- AppDomain.CurrentDomain.GetSecurityDescriptor());
- }
-#endif // FEATURE_REMOTING
-
-#if FEATURE_CAS_POLICY
-
- public static AppDomain CreateDomain (string friendlyName,
- Evidence securityInfo,
- AppDomainSetup info,
- PermissionSet grantSet,
- params StrongName[] fullTrustAssemblies)
- {
- if (info == null)
- throw new ArgumentNullException(nameof(info));
- if (info.ApplicationBase == null)
- throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_AppDomainSandboxAPINeedsExplicitAppBase"));
- Contract.EndContractBlock();
-
- if (fullTrustAssemblies == null)
- {
- fullTrustAssemblies = new StrongName[0];
- }
-
- info.ApplicationTrust = new ApplicationTrust(grantSet, fullTrustAssemblies);
- return CreateDomain(friendlyName, securityInfo, info);
- }
-
- public static AppDomain CreateDomain(String friendlyName,
- Evidence securityInfo, // Optional
- String appBasePath,
- String appRelativeSearchPath,
- bool shadowCopyFiles,
- AppDomainInitializer adInit,
- string[] adInitArgs)
- {
- AppDomainSetup info = new AppDomainSetup();
- info.ApplicationBase = appBasePath;
- info.PrivateBinPath = appRelativeSearchPath;
- info.AppDomainInitializer=adInit;
- info.AppDomainInitializerArguments=adInitArgs;
- if(shadowCopyFiles)
- info.ShadowCopyFiles = "true";
-
- return CreateDomain(friendlyName,
- securityInfo,
- info);
- }
-#endif // FEATURE_CAS_POLICY
-
-#if FEATURE_CORECLR
[System.Security.SecurityCritical]
[DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode)]
[SuppressUnmanagedCodeSecurity]
private static extern void nSetNativeDllSearchDirectories(string paths);
-#endif
[System.Security.SecurityCritical] // auto-generated
private void SetupFusionStore(AppDomainSetup info, AppDomainSetup oldInfo)
{
Contract.Requires(info != null);
-#if FEATURE_FUSION
- if (oldInfo == null) {
-
- // Create the application base and configuration file from the imagelocation
- // passed in or use the Win32 Image name.
- if(info.Value[(int) AppDomainSetup.LoaderInformation.ApplicationBaseValue] == null ||
- info.Value[(int) AppDomainSetup.LoaderInformation.ConfigurationFileValue] == null )
-#else
if (info.ApplicationBase == null)
-#endif
-
{
-#if FEATURE_FUSION
- AppDomain defaultDomain = GetDefaultDomain();
- if (this == defaultDomain) {
- // The default domain gets its defaults from the main process.
- info.SetupDefaults(RuntimeEnvironment.GetModuleFileName(), imageLocationAlreadyNormalized : true);
- }
- else {
- // Other domains get their defaults from the default domain. This way, a host process
- // can use AppDomainManager to set up the defaults for every domain created in the process.
- if (info.Value[(int) AppDomainSetup.LoaderInformation.ConfigurationFileValue] == null)
- info.ConfigurationFile = defaultDomain.FusionStore.Value[(int) AppDomainSetup.LoaderInformation.ConfigurationFileValue];
- if (info.Value[(int) AppDomainSetup.LoaderInformation.ApplicationBaseValue] == null)
- info.ApplicationBase = defaultDomain.FusionStore.Value[(int) AppDomainSetup.LoaderInformation.ApplicationBaseValue];
- if (info.Value[(int) AppDomainSetup.LoaderInformation.ApplicationNameValue] == null)
- info.ApplicationName = defaultDomain.FusionStore.Value[(int) AppDomainSetup.LoaderInformation.ApplicationNameValue];
- }
-#else
info.SetupDefaults(RuntimeEnvironment.GetModuleFileName(), imageLocationAlreadyNormalized : true);
-#endif
-
}
-#if FEATURE_FUSION
- // If there is no relative path then check the
- // environment
- if(info.Value[(int) AppDomainSetup.LoaderInformation.PrivateBinPathValue] == null)
- info.PrivateBinPath = Environment.nativeGetEnvironmentVariable(AppDomainSetup.PrivateBinPathEnvironmentVariable);
-
- // Add the developer path if it exists on this
- // machine.
- if(info.DeveloperPath == null)
- info.DeveloperPath = RuntimeEnvironment.GetDeveloperPath();
-
- }
-
- // Set up the fusion context
- IntPtr fusionContext = GetFusionContext();
- info.SetupFusionContext(fusionContext, oldInfo);
-
- // Set loader optimization policy
-#else
#if FEATURE_VERSIONING
nCreateContext();
#endif // FEATURE_VERSIONING
-#endif // FEATURE_FUSION
#if FEATURE_LOADER_OPTIMIZATION
if (info.LoaderOptimization != LoaderOptimization.NotSpecified || (oldInfo != null && info.LoaderOptimization != oldInfo.LoaderOptimization))
UpdateLoaderOptimization(info.LoaderOptimization);
-#endif
-
-
-
+#endif
// This must be the last action taken
_FusionStore = info;
}
byte[] serializedEvidence = null;
bool generateDefaultEvidence = false;
-#if FEATURE_CAS_POLICY
- // serialize evidence
- EvidenceCollection evidenceCollection = null;
-
- if (providedSecurityInfo != null || creatorsSecurityInfo != null)
- {
- // If we're just passing through AppDomain.CurrentDomain.Evidence, and that evidence is just
- // using the standard runtime AppDomainEvidenceFactory, don't waste time serializing it and
- // deserializing it back -- instead, we can recreate a new AppDomainEvidenceFactory in the new
- // domain. We only want to do this if there is no HostSecurityManager, otherwise the
- // HostSecurityManager could have added additional evidence on top of our standard factory.
- HostSecurityManager hsm = CurrentDomain.DomainManager != null ? CurrentDomain.DomainManager.HostSecurityManager : null;
- bool hostMayContributeEvidence = hsm != null &&
- hsm.GetType() != typeof(HostSecurityManager) &&
- (hsm.Flags & HostSecurityManagerOptions.HostAppDomainEvidence) == HostSecurityManagerOptions.HostAppDomainEvidence;
- if (!hostMayContributeEvidence)
- {
- if (providedSecurityInfo != null &&
- providedSecurityInfo.IsUnmodified &&
- providedSecurityInfo.Target != null &&
- providedSecurityInfo.Target is AppDomainEvidenceFactory)
- {
- providedSecurityInfo = null;
- generateDefaultEvidence = true;
- }
- if (creatorsSecurityInfo != null &&
- creatorsSecurityInfo.IsUnmodified &&
- creatorsSecurityInfo.Target != null &&
- creatorsSecurityInfo.Target is AppDomainEvidenceFactory)
- {
- creatorsSecurityInfo = null;
- generateDefaultEvidence = true;
- }
- }
- }
- if ((providedSecurityInfo != null) ||
- (creatorsSecurityInfo != null)) {
- evidenceCollection = new EvidenceCollection();
- evidenceCollection.ProvidedSecurityInfo = providedSecurityInfo;
- evidenceCollection.CreatorsSecurityInfo = creatorsSecurityInfo;
- }
-
- if (evidenceCollection != null) {
- serializedEvidence =
- CrossAppDomainSerializer.SerializeObject(evidenceCollection).GetBuffer();
- }
-#endif // FEATURE_CAS_POLICY
-
AppDomainInitializerInfo initializerInfo = null;
if (setup!=null && setup.AppDomainInitializer!=null)
initializerInfo=new AppDomainInitializerInfo(setup.AppDomainInitializer);
// will travel x-Ad, drop non-agile data
AppDomainSetup newSetup = new AppDomainSetup(setup, false);
-#if FEATURE_CORECLR
// Remove the special AppDomainCompatSwitch entries from the set of name value pairs
// And add them to the AppDomainSetup
//
// Desktop code should use System.AppDomain.CreateDomain() or
// System.AppDomainManager.CreateDomain() and add the flags to the AppDomainSetup
List<String> compatList = new List<String>();
-
+
if(propertyNames!=null && propertyValues != null)
{
for (int i=0; i<propertyNames.Length; i++)
if(String.Compare(propertyNames[i], "AppDomainCompatSwitch", StringComparison.OrdinalIgnoreCase) == 0)
{
compatList.Add(propertyValues[i]);
- propertyNames[i] = null;
+ propertyNames[i] = null;
propertyValues[i] = null;
}
if (compatList.Count > 0)
{
newSetup.SetCompatibilitySwitches(compatList);
- }
+ }
}
-#endif // FEATURE_CORECLR
-
return new Object[]
{
};
} // PrepareDataForSetup
-
[System.Security.SecurityCritical] // auto-generated
[MethodImplAttribute(MethodImplOptions.NoInlining)]
private static Object Setup(Object arg)
if(propertyNames!=null && propertyValues != null)
{
-#if FEATURE_CORECLR
StringBuilder normalisedAppPathList = null;
-#endif // FEATURE_CORECLR
+
for (int i=0; i<propertyNames.Length; i++)
{
if(propertyNames[i]=="APPBASE") // make sure in sync with Fusion
newSetup.ApplicationBase = NormalizePath(propertyValues[i], fullCheck: true);
}
-#if FEATURE_CAS_POLICY
- else if(propertyNames[i]=="LOCATION_URI" && providedSecurityInfo==null)
- {
- providedSecurityInfo=new Evidence();
- providedSecurityInfo.AddHostEvidence(new Url(propertyValues[i]));
- ad.SetDataHelper(propertyNames[i],propertyValues[i],null);
- }
-#endif // FEATURE_CAS_POLICY
#if FEATURE_LOADER_OPTIMIZATION
else
if(propertyNames[i]=="LOADER_OPTIMIZATION")
}
}
#endif // FEATURE_LOADER_OPTIMIZATION
-#if FEATURE_CORECLR
else
if(propertyNames[i]=="NATIVE_DLL_SEARCH_DIRECTORIES")
{
{
ad.SetDataHelper(propertyNames[i],propertyValues[i],null); // just propagate
}
-#endif
-
- }
- }
-
-#if !FEATURE_CORECLR
- AppDomainSortingSetupInfo sortingSetup = newSetup._AppDomainSortingSetupInfo;
-
- if(sortingSetup != null)
- {
- if(sortingSetup._pfnIsNLSDefinedString == IntPtr.Zero || sortingSetup._pfnCompareStringEx == IntPtr.Zero || sortingSetup._pfnLCMapStringEx == IntPtr.Zero || sortingSetup._pfnFindNLSStringEx == IntPtr.Zero
- || sortingSetup._pfnCompareStringOrdinal == IntPtr.Zero || sortingSetup._pfnGetNLSVersionEx == IntPtr.Zero)
- {
-
- if(!(sortingSetup._pfnIsNLSDefinedString == IntPtr.Zero && sortingSetup._pfnCompareStringEx == IntPtr.Zero && sortingSetup._pfnLCMapStringEx == IntPtr.Zero && sortingSetup._pfnFindNLSStringEx == IntPtr.Zero
- && sortingSetup._pfnCompareStringOrdinal == IntPtr.Zero && sortingSetup._pfnGetNLSVersionEx == IntPtr.Zero))
- {
- // Some functions defined but not all of them.
- throw new ArgumentException(Environment.GetResourceString("ArgumentException_NotAllCustomSortingFuncsDefined"));
- }
-
}
}
-#endif
ad.SetupFusionStore(newSetup, null); // makes FusionStore a ref to newSetup
// but it's confusing since it isn't immediately obvious whether we have a ref or a copy
AppDomainSetup adSetup = ad.FusionStore;
-#if FEATURE_CORECLR
adSetup.InternalSetApplicationTrust(sandboxName);
-#endif // FEATURE_CORECLR
-
-#if !FEATURE_CORECLR // not used by coreclr
- if (serializedEvidence != null) {
- EvidenceCollection evidenceCollection = (EvidenceCollection)
- CrossAppDomainSerializer.DeserializeObject(new MemoryStream(serializedEvidence));
- providedSecurityInfo = evidenceCollection.ProvidedSecurityInfo;
- creatorsSecurityInfo = evidenceCollection.CreatorsSecurityInfo;
- }
-#endif
+
// set up the friendly name
ad.nSetupFriendlyName(friendlyName);
ad.SetAppDomainManagerType(adSetup.AppDomainManagerAssembly, adSetup.AppDomainManagerType);
}
-#if FEATURE_APTCA
- // set any conditial-aptca visible assemblies
- ad.PartialTrustVisibleAssemblies = adSetup.PartialTrustVisibleAssemblies;
-#endif // FEATURE_APTCA
-
ad.CreateAppDomainManager(); // could modify FusionStore's object
ad.InitializeDomainSecurity(providedSecurityInfo,
creatorsSecurityInfo,
adSetup.AppDomainInitializer=initializerInfo.Unwrap();
RunInitializer(adSetup);
- // Activate the application if needed.
-#if FEATURE_CLICKONCE
- ObjectHandle oh = null;
- if (adSetup.ActivationArguments != null && adSetup.ActivationArguments.ActivateInstance)
- oh = Activator.CreateInstance(ad.ActivationContext);
- return RemotingServices.MarshalInternal(oh, null, null);
-#else
return null;
-#endif // FEATURE_CLICKONCE
}
[SecuritySafeCritical]
internal static string NormalizePath(string path, bool fullCheck)
{
-#if FEATURE_PATHCOMPAT
- // Appcontext switches can't currently be safely hit during AppDomain bringup
- return Path.LegacyNormalizePath(
- path: path,
- fullCheck: fullCheck,
- maxPathLength: PathInternal.MaxShortPath,
- expandShortPaths: true);
-#else
return Path.GetFullPath(path);
-#endif
}
-#if FEATURE_APTCA
- // Called from DomainAssembly in Conditional APTCA cases
- [PermissionSet(SecurityAction.Assert, Unrestricted = true)]
- [SecuritySafeCritical]
- private bool IsAssemblyOnAptcaVisibleList(RuntimeAssembly assembly)
- {
- if (_aptcaVisibleAssemblies == null)
- return false;
-
- AssemblyName assemblyName = assembly.GetName();
- String name = assemblyName.GetNameWithPublicKey();
-
- name = name.ToUpperInvariant();
-
- int index = Array.BinarySearch<string>(_aptcaVisibleAssemblies, name,
- StringComparer.OrdinalIgnoreCase);
- return (index >=0);
-
- }
-
- //Used to binary search the list of C-APTCA strings for an AssemblyName. It compares assembly name
- //and public key token.
- private class CAPTCASearcher : IComparer
- {
- int IComparer.Compare(object /*string*/lhs, object /*AssemblyName*/rhs)
- {
- AssemblyName captcaEntry = new AssemblyName((string)lhs);
- AssemblyName comparand = (AssemblyName)rhs;
- int nameComp = string.Compare(captcaEntry.Name,
- comparand.Name,
- StringComparison.OrdinalIgnoreCase);
- if (nameComp != 0)
- {
- return nameComp;
- }
-
- //simple names match. Compare public key tokens.
- byte[] lhsKey = captcaEntry.GetPublicKeyToken();
- byte[] rhsKey = comparand.GetPublicKeyToken();
-
- // We require both sides have a public key token
- if (lhsKey == null)
- {
- return -1;
- }
- if (rhsKey == null)
- {
- return 1;
- }
- if (lhsKey.Length < rhsKey.Length)
- {
- return -1;
- }
- if (lhsKey.Length > rhsKey.Length)
- {
- return 1;
- }
-
- // Tokens seem valid - make sure the compare correctly
- for (int i = 0; i < lhsKey.Length; ++i)
- {
- byte lhsByte = lhsKey[i];
- byte rhsByte = rhsKey[i];
-
- if (lhsByte < rhsByte)
- {
- return -1;
- }
- if (lhsByte > rhsByte)
- {
- return 1;
- }
- }
-
- //They match.
- return 0;
- }
- }
-
- [System.Security.SecurityCritical]
- private unsafe bool IsAssemblyOnAptcaVisibleListRaw(char * namePtr, int nameLen, byte * keyTokenPtr,
- int keyTokenLen)
- {
- //This version is used for checking ngen dependencies against the C-APTCA list. It lets us
- //reject ngen images that depend on an assembly that has been disabled in the current domain.
- //Since we only have the public key token in the ngen image, we'll check against that. The
- //rationale is that if you have a public key token collision in your process you have many
- //problems. Since the source of this public key token is an ngen image for a full trust
- //assembly, there is essentially no risk to the reduced check.
- if (_aptcaVisibleAssemblies == null)
- return false;
-
- string name = new string(namePtr, 0, nameLen);
- byte[] keyToken = new byte[keyTokenLen];
- for( int i = 0; i < keyToken.Length; ++i )
- keyToken[i] = keyTokenPtr[i];
-
- AssemblyName asmName = new AssemblyName();
- asmName.Name = name;
- asmName.SetPublicKeyToken(keyToken);
- try
- {
- int index = Array.BinarySearch(_aptcaVisibleAssemblies, asmName, new CAPTCASearcher());
- return (index >= 0);
- }
- catch (InvalidOperationException) { /* Can happen for poorly formed assembly names */ return false; }
- }
-
-#endif
-
// This routine is called from unmanaged code to
// set the default fusion context.
[System.Security.SecurityCritical] // auto-generated
// It is possible that we could have multiple threads initializing
// the default domain. We will just take the winner of these two.
// (eg. one thread doing a com call and another doing attach for IJW)
- lock (this) {
- if(_FusionStore == null) {
+ lock (this)
+ {
+ if(_FusionStore == null)
+ {
AppDomainSetup setup = new AppDomainSetup();
-#if FEATURE_CORECLR
+
// always use internet permission set
setup.InternalSetApplicationTrust("Internet");
-#endif // FEATURE_CORECLR
-#if FEATURE_FUSION
- setup.SetupDefaults(RuntimeEnvironment.GetModuleFileName(), imageLocationAlreadyNormalized : true);
- if(path != null)
- setup.Value[(int) AppDomainSetup.LoaderInformation.ApplicationBaseValue] = path;
- if(configFile != null)
- setup.Value[(int) AppDomainSetup.LoaderInformation.ConfigurationFileValue] = configFile;
-
- // Default fusion context starts with binding redirects turned off.
- if (!allowRedirects)
- setup.DisallowBindingRedirects = true;
-#endif
-
-#if !FEATURE_CORECLR
- if (propertyNames != null) {
- BCLDebug.Assert(propertyValues != null, "propertyValues != null");
- BCLDebug.Assert(propertyNames.Length == propertyValues.Length, "propertyNames.Length == propertyValues.Length");
-
- for (int i = 0; i < propertyNames.Length; ++i) {
- if (String.Equals(propertyNames[i], "PARTIAL_TRUST_VISIBLE_ASSEMBLIES", StringComparison.Ordinal)) {
- // The value of the PARTIAL_TRUST_VISIBLE_ASSEMBLIES property is a semicolon
- // delimited list of assembly names to add to the
- // PartialTrustVisibleAssemblies setting of the domain setup
- if (propertyValues[i] != null) {
- if (propertyValues[i].Length > 0) {
- setup.PartialTrustVisibleAssemblies = propertyValues[i].Split(';');
- }
- else {
- setup.PartialTrustVisibleAssemblies = new string[0];
- }
- }
- }
- else {
- // In v4 we disallow anything but PARTIAL_TRUST_VISIBLE_ASSEMBLIES to come
- // in via the default domain properties. That restriction could be lifted
- // in a future release, at which point this assert should be removed.
- //
- // This should be kept in sync with the real externally facing filter code
- // in CorHost2::SetPropertiesForDefaultAppDomain
- BCLDebug.Assert(false, "Unexpected default domain property");
- }
- }
- }
-#endif // !FEATURE_CORECLR
-
-#if FEATURE_APTCA
- // Propigate the set of conditional APTCA assemblies that will be used in the default
- // domain onto the domain itself and also into the VM
- PartialTrustVisibleAssemblies = setup.PartialTrustVisibleAssemblies;
-#endif // FEATURE_APTCA
-
SetupFusionStore(setup, null);
}
}
}
}
#endif
-
-#if FEATURE_FUSION
- [System.Security.SecurityCritical] // auto-generated
- [MethodImplAttribute(MethodImplOptions.InternalCall)]
- internal extern IntPtr GetFusionContext();
-#endif // FEATURE_FUSION
[System.Security.SecurityCritical] // auto-generated
[MethodImplAttribute(MethodImplOptions.InternalCall)]
internal extern IntPtr GetSecurityDescriptor();
-#if FEATURE_REMOTING
- [System.Security.SecurityCritical] // auto-generated
- [MethodImplAttribute(MethodImplOptions.InternalCall)]
- internal static extern AppDomain nCreateDomain(String friendlyName,
- AppDomainSetup setup,
- Evidence providedSecurityInfo,
- Evidence creatorsSecurityInfo,
- IntPtr parentSecurityDescriptor);
-
- [System.Security.SecurityCritical] // auto-generated
- [MethodImplAttribute(MethodImplOptions.InternalCall)]
- internal static extern ObjRef nCreateInstance(String friendlyName,
- AppDomainSetup setup,
- Evidence providedSecurityInfo,
- Evidence creatorsSecurityInfo,
- IntPtr parentSecurityDescriptor);
-#endif
-
[SecurityCritical]
private void SetupDomainSecurity(Evidence appDomainEvidence,
IntPtr creatorsSecurityDescriptor,
internal extern void UpdateLoaderOptimization(LoaderOptimization optimization);
#endif
-#if FEATURE_FUSION
- //
- // This is just designed to prevent compiler warnings.
- // This field is used from native, but we need to prevent the compiler warnings.
- //
-
- [System.Security.SecurityCritical] // auto-generated_required
- [Obsolete("AppDomain.SetShadowCopyPath has been deprecated. Please investigate the use of AppDomainSetup.ShadowCopyDirectories instead. http://go.microsoft.com/fwlink/?linkid=14202")]
- public void SetShadowCopyPath(String path)
- {
- InternalSetShadowCopyPath(path);
- }
-
- [System.Security.SecurityCritical] // auto-generated_required
- [Obsolete("AppDomain.SetShadowCopyFiles has been deprecated. Please investigate the use of AppDomainSetup.ShadowCopyFiles instead. http://go.microsoft.com/fwlink/?linkid=14202")]
- public void SetShadowCopyFiles()
- {
- InternalSetShadowCopyFiles();
- }
-
- [System.Security.SecurityCritical] // auto-generated_required
- [Obsolete("AppDomain.SetDynamicBase has been deprecated. Please investigate the use of AppDomainSetup.DynamicBase instead. http://go.microsoft.com/fwlink/?linkid=14202")]
- public void SetDynamicBase(String path)
- {
- InternalSetDynamicBase(path);
- }
-#endif // FEATURE_FUSION
-
public AppDomainSetup SetupInformation
{
get {
}
}
-#if FEATURE_FUSION
- [System.Security.SecurityCritical] // auto-generated
- internal void InternalSetShadowCopyPath(String path)
- {
- if (path != null)
- {
- IntPtr fusionContext = GetFusionContext();
- AppDomainSetup.UpdateContextProperty(fusionContext, AppDomainSetup.ShadowCopyDirectoriesKey, path);
- }
- FusionStore.ShadowCopyDirectories = path;
- }
-
- [System.Security.SecurityCritical] // auto-generated
- internal void InternalSetShadowCopyFiles()
- {
- IntPtr fusionContext = GetFusionContext();
- AppDomainSetup.UpdateContextProperty(fusionContext, AppDomainSetup.ShadowCopyFilesKey, "true");
- FusionStore.ShadowCopyFiles = "true";
- }
-
- [System.Security.SecurityCritical] // auto-generated
- internal void InternalSetCachePath(String path)
- {
- FusionStore.CachePath = path;
- if (FusionStore.Value[(int) AppDomainSetup.LoaderInformation.CachePathValue] != null)
- {
- IntPtr fusionContext = GetFusionContext();
- AppDomainSetup.UpdateContextProperty(fusionContext, AppDomainSetup.CachePathKey,
- FusionStore.Value[(int) AppDomainSetup.LoaderInformation.CachePathValue]);
- }
- }
-
- [System.Security.SecurityCritical] // auto-generated
- internal void InternalSetPrivateBinPath(String path)
- {
- IntPtr fusionContext = GetFusionContext();
- AppDomainSetup.UpdateContextProperty(fusionContext, AppDomainSetup.PrivateBinPathKey, path);
- FusionStore.PrivateBinPath = path;
- }
-
- [System.Security.SecurityCritical] // auto-generated
- internal void InternalSetDynamicBase(String path)
- {
- FusionStore.DynamicBase = path;
- if (FusionStore.Value[(int) AppDomainSetup.LoaderInformation.DynamicBaseValue] != null)
- {
- IntPtr fusionContext = GetFusionContext();
- AppDomainSetup.UpdateContextProperty(fusionContext, AppDomainSetup.DynamicBaseKey,
- FusionStore.Value[(int) AppDomainSetup.LoaderInformation.DynamicBaseValue]);
- }
- }
-#endif // FEATURE_FUSION
-
[System.Security.SecurityCritical] // auto-generated
[MethodImplAttribute(MethodImplOptions.InternalCall)]
internal extern String IsStringInterned(String str);
[DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode)]
private static extern void GetGrantSet(AppDomainHandle domain, ObjectHandleOnStack retGrantSet);
-#if FEATURE_CAS_POLICY
- [SecurityCritical]
- [DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode)]
- [SuppressUnmanagedCodeSecurity]
- [return: MarshalAs(UnmanagedType.Bool)]
- private static extern bool GetIsLegacyCasPolicyEnabled(AppDomainHandle domain);
-#endif // FEATURE_CAS_POLICY
-
public PermissionSet PermissionSet
{
// SecurityCritical because permissions can contain sensitive information such as paths
}
}
-#if FEATURE_CAS_POLICY
- internal bool IsLegacyCasPolicyEnabled
- {
- [SecuritySafeCritical]
- get
- {
- return GetIsLegacyCasPolicyEnabled(GetNativeHandle());
- }
- }
-
- // Determine what this homogenous domain thinks the grant set should be for a specific set of evidence
- [SecuritySafeCritical]
- internal PermissionSet GetHomogenousGrantSet(Evidence evidence)
- {
- Contract.Assert(evidence != null);
- Contract.Assert(IsHomogenous);
- Contract.Assert(evidence.GetHostEvidence<GacInstalled>() == null);
-
- if (_IsFastFullTrustDomain)
- {
- return new PermissionSet(PermissionState.Unrestricted);
- }
-
- // If the ApplicationTrust's full trust list calls out the assembly, then it is fully trusted
- if (evidence.GetDelayEvaluatedHostEvidence<StrongName>() != null)
- {
- foreach (StrongName fullTrustAssembly in ApplicationTrust.FullTrustAssemblies)
- {
- StrongNameMembershipCondition sn = new StrongNameMembershipCondition(fullTrustAssembly.PublicKey,
- fullTrustAssembly.Name,
- fullTrustAssembly.Version);
-
- object usedEvidence = null;
- if ((sn as IReportMatchMembershipCondition).Check(evidence, out usedEvidence))
- {
- IDelayEvaluatedEvidence delayEvidence = usedEvidence as IDelayEvaluatedEvidence;
- if (usedEvidence != null)
- {
- delayEvidence.MarkUsed();
- }
-
- return new PermissionSet(PermissionState.Unrestricted);
- }
- }
- }
-
- // Otherwise, the grant set is just the default grant set
- return ApplicationTrust.DefaultGrantSet.PermissionSet.Copy();
- }
-#endif // FEATURE_CAS_POLICY
-
[System.Security.SecurityCritical] // auto-generated
[MethodImplAttribute(MethodImplOptions.InternalCall)]
private extern void nChangeSecurityPolicy();
return oh.Unwrap();
} // CreateInstanceAndUnwrap
-
public Object CreateInstanceAndUnwrap(String assemblyName,
String typeName,
Object[] activationAttributes)
return false;
}
-#if FEATURE_FUSION
- private static AppDomainSetup InternalCreateDomainSetup(String imageLocation)
- {
- int i = imageLocation.LastIndexOf('\\');
-
- Contract.Assert(i != -1, "invalid image location");
-
- AppDomainSetup info = new AppDomainSetup();
- info.ApplicationBase = imageLocation.Substring(0, i+1);
-
- StringBuilder config = new StringBuilder(imageLocation.Substring(i+1));
- config.Append(AppDomainSetup.ConfigurationExtension);
- info.ConfigurationFile = config.ToString();
-
- return info;
- }
-
- // Used by the validator for testing but not executing an assembly
- private static AppDomain InternalCreateDomain(String imageLocation)
- {
- AppDomainSetup info = InternalCreateDomainSetup(imageLocation);
- return CreateDomain("Validator",
- null,
- info);
- }
-
- [System.Security.SecurityCritical] // auto-generated
- private void InternalSetDomainContext(String imageLocation)
- {
- SetupFusionStore(InternalCreateDomainSetup(imageLocation), null);
- }
-#endif
-
#if FEATURE_APPDOMAIN_RESOURCE_MONITORING
[System.Security.SecurityCritical] // auto-generated
[MethodImplAttribute(MethodImplOptions.InternalCall)]
}
}
#endif
-
-#if !FEATURE_CORECLR
- // this method is required so Object.GetType is not made virtual by the compiler
- // _AppDomain.GetType()
- public new Type GetType()
- {
- return base.GetType();
- }
-
- void _AppDomain.GetTypeInfoCount(out uint pcTInfo)
- {
- throw new NotImplementedException();
- }
-
- void _AppDomain.GetTypeInfo(uint iTInfo, uint lcid, IntPtr ppTInfo)
- {
- throw new NotImplementedException();
- }
-
- void _AppDomain.GetIDsOfNames([In] ref Guid riid, IntPtr rgszNames, uint cNames, uint lcid, IntPtr rgDispId)
- {
- throw new NotImplementedException();
- }
-
- // If you implement this method, make sure to include _AppDomain.Invoke in VM\DangerousAPIs.h and
- // include _AppDomain in SystemDomain::IsReflectionInvocationMethod in AppDomain.cpp.
- void _AppDomain.Invoke(uint dispIdMember, [In] ref Guid riid, uint lcid, short wFlags, IntPtr pDispParams, IntPtr pVarResult, IntPtr pExcepInfo, IntPtr puArgErr)
- {
- throw new NotImplementedException();
- }
-#endif
}
- // CallBacks provide a facility to request execution of some code
- // in another context/appDomain.
- // CrossAppDomainDelegate type is defined for appdomain call backs.
- // The delegate used to request a callbak through the DoCallBack method
- // must be of CrossContextDelegate type.
-#if FEATURE_REMOTING
-[System.Runtime.InteropServices.ComVisible(true)]
- public delegate void CrossAppDomainDelegate();
-#endif
-
/// <summary>
/// Handle used to marshal an AppDomain to the VM (eg QCall). When marshaled via a QCall, the target
/// method in the VM will recieve a QCall::AppDomainHandle parameter.
// participate in the creation and control the settings of new AppDomains.
//
-namespace System {
- using System.Collections;
- using System.Globalization;
- using System.IO;
+namespace System
+{
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Security;
- using System.Security.Permissions;
- using System.Security.Policy;
- using System.Threading;
-#if FEATURE_CLICKONCE
- using System.Runtime.Hosting;
-#endif
- using System.Runtime.Versioning;
using System.Runtime.InteropServices;
- using System.Diagnostics.Contracts;
-
-#if FEATURE_APPDOMAINMANAGER_INITOPTIONS
- [Flags]
- [System.Runtime.InteropServices.ComVisible(true)]
- public enum AppDomainManagerInitializationOptions {
- None = 0x0000,
- RegisterWithHost = 0x0001
- }
-#endif // FEATURE_APPDOMAINMANAGER_INITOPTIONS
[System.Security.SecurityCritical] // auto-generated_required
[System.Runtime.InteropServices.ComVisible(true)]
-#if !FEATURE_CORECLR
- [SecurityPermissionAttribute(SecurityAction.InheritanceDemand, Flags = SecurityPermissionFlag.Infrastructure)]
-#endif
- public class AppDomainManager : MarshalByRefObject {
+ public class AppDomainManager : MarshalByRefObject
+ {
public AppDomainManager () {}
-#if FEATURE_REMOTING
- [System.Security.SecurityCritical] // auto-generated
- public virtual AppDomain CreateDomain (string friendlyName,
- Evidence securityInfo,
- AppDomainSetup appDomainInfo) {
- return CreateDomainHelper(friendlyName, securityInfo, appDomainInfo);
- }
-
- [System.Security.SecurityCritical] // auto-generated_required
- [SecurityPermissionAttribute(SecurityAction.Demand, ControlAppDomain = true)]
- protected static AppDomain CreateDomainHelper (string friendlyName,
- Evidence securityInfo,
- AppDomainSetup appDomainInfo) {
- if (friendlyName == null)
- throw new ArgumentNullException(nameof(friendlyName), Environment.GetResourceString("ArgumentNull_String"));
-
- Contract.EndContractBlock();
- // If evidence is provided, we check to make sure that is allowed.
- if (securityInfo != null) {
- new SecurityPermission(SecurityPermissionFlag.ControlEvidence).Demand();
-
- // Check the evidence to ensure that if it expects a sandboxed domain, it actually gets one.
- AppDomain.CheckDomainCreationEvidence(appDomainInfo, securityInfo);
- }
-
- if (appDomainInfo == null) {
- appDomainInfo = new AppDomainSetup();
- }
-
- // If there was no specified AppDomainManager for the new domain, default it to being the same
- // as the current domain's AppDomainManager.
- if (appDomainInfo.AppDomainManagerAssembly == null || appDomainInfo.AppDomainManagerType == null) {
- string inheritedDomainManagerAssembly;
- string inheritedDomainManagerType;
-
- AppDomain.CurrentDomain.GetAppDomainManagerType(out inheritedDomainManagerAssembly,
- out inheritedDomainManagerType);
-
- if (appDomainInfo.AppDomainManagerAssembly == null) {
- appDomainInfo.AppDomainManagerAssembly = inheritedDomainManagerAssembly;
- }
- if (appDomainInfo.AppDomainManagerType == null) {
- appDomainInfo.AppDomainManagerType = inheritedDomainManagerType;
- }
- }
-
- // If there was no specified TargetFrameworkName for the new domain, default it to the current domain's.
- if (appDomainInfo.TargetFrameworkName == null)
- appDomainInfo.TargetFrameworkName = AppDomain.CurrentDomain.GetTargetFrameworkName();
-
- return AppDomain.nCreateDomain(friendlyName,
- appDomainInfo,
- securityInfo,
- securityInfo == null ? AppDomain.CurrentDomain.InternalEvidence : null,
- AppDomain.CurrentDomain.GetSecurityDescriptor());
- }
-#endif // FEATURE_REMOTING
[System.Security.SecurityCritical]
- public virtual void InitializeNewDomain (AppDomainSetup appDomainInfo) {
+ public virtual void InitializeNewDomain (AppDomainSetup appDomainInfo)
+ {
// By default, InitializeNewDomain does nothing. AppDomain.CreateAppDomainManager relies on this fact.
}
-#if FEATURE_APPDOMAINMANAGER_INITOPTIONS
-
- private AppDomainManagerInitializationOptions m_flags = AppDomainManagerInitializationOptions.None;
- public AppDomainManagerInitializationOptions InitializationFlags {
- get {
- return m_flags;
- }
- set {
- m_flags = value;
- }
- }
-#endif // FEATURE_APPDOMAINMANAGER_INITOPTIONS
-
-#if FEATURE_CLICKONCE
- private ApplicationActivator m_appActivator = null;
- public virtual ApplicationActivator ApplicationActivator {
- get {
- if (m_appActivator == null)
- m_appActivator = new ApplicationActivator();
- return m_appActivator;
- }
- }
-#endif //#if FEATURE_CLICKONCE
-
-#if FEATURE_CAS_POLICY
- public virtual HostSecurityManager HostSecurityManager {
- get {
- return null;
- }
- }
-
- public virtual HostExecutionContextManager HostExecutionContextManager {
- get {
- // By default, the AppDomainManager returns the HostExecutionContextManager.
- return HostExecutionContextManager.GetInternalHostExecutionContextManager();
- }
- }
-#endif // FEATURE_CAS_POLICY
-
[DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode), SuppressUnmanagedCodeSecurity]
private static extern void GetEntryAssembly(ObjectHandleOnStack retAssembly);
// In the second case, we maintain the old behavior by calling GetEntryAssembly().
if (m_entryAssembly == null)
{
-
-#if FEATURE_CLICKONCE
- AppDomain domain = AppDomain.CurrentDomain;
- if (domain.IsDefaultAppDomain() && domain.ActivationContext != null) {
- ManifestRunner runner = new ManifestRunner(domain, domain.ActivationContext);
- m_entryAssembly = runner.EntryAssembly;
- } else
-#endif //#if FEATURE_CLICKONCE
{
RuntimeAssembly entryAssembly = null;
GetEntryAssembly(JitHelpers.GetObjectHandleOnStack(ref entryAssembly));
{
return false;
}
-
-#if FEATURE_APPDOMAINMANAGER_INITOPTIONS
- [MethodImplAttribute(MethodImplOptions.InternalCall)]
- private static extern bool HasHost();
-
- [DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode)]
- [SecurityCritical]
- [SuppressUnmanagedCodeSecurity]
- private static extern void RegisterWithHost(IntPtr appDomainManager);
-
- internal void RegisterWithHost() {
- if (HasHost()) {
- IntPtr punkAppDomainManager = IntPtr.Zero;
-
- RuntimeHelpers.PrepareConstrainedRegions();
- try {
- punkAppDomainManager = Marshal.GetIUnknownForObject(this);
- RegisterWithHost(punkAppDomainManager);
- }
- finally {
- if (!punkAppDomainManager.IsNull()) {
- Marshal.Release(punkAppDomainManager);
- }
- }
- }
- }
-#endif // FEATURE_APPDOMAINMANAGER_INITOPTIONS
}
}
**
=============================================================================*/
-namespace System {
- using System;
-#if FEATURE_CLICKONCE
- using System.Deployment.Internal.Isolation;
- using System.Deployment.Internal.Isolation.Manifest;
- using System.Runtime.Hosting;
-#endif
- using System.Runtime.CompilerServices;
- using System.Runtime;
+namespace System
+{
using System.Text;
- using System.Threading;
using System.Runtime.InteropServices;
using System.Runtime.Serialization;
- using System.Reflection;
using System.Security;
- using System.Security.Permissions;
using System.Security.Policy;
- using System.Globalization;
using Path = System.IO.Path;
- using System.Runtime.Versioning;
using System.Diagnostics.Contracts;
- using System.Collections;
using System.Collections.Generic;
[Serializable]
private const string MACHINE_CONFIGURATION_FILE = "config\\machine.config";
private const string ACTAG_HOST_CONFIG_FILE = "HOST_CONFIG";
-#if FEATURE_FUSION
- private const string LICENSE_FILE = "LICENSE_FILE";
-#endif
-
// Constants from fusionpriv.h
private const string ACTAG_APP_CONFIG_FILE = "APP_CONFIG_FILE";
private const string ACTAG_MACHINE_CONFIG = "MACHINE_CONFIG";
private AppDomainInitializer _AppDomainInitializer;
[OptionalField(VersionAdded = 2)]
private string[] _AppDomainInitializerArguments;
-#if FEATURE_CLICKONCE
- [OptionalField(VersionAdded = 2)]
- private ActivationArguments _ActivationArguments;
-#endif
-#if FEATURE_CORECLR
+
// On the CoreCLR, this contains just the name of the permission set that we install in the new appdomain.
// Not the ToXml().ToString() of an ApplicationTrust object.
-#endif
[OptionalField(VersionAdded = 2)]
private string _ApplicationTrust;
[OptionalField(VersionAdded = 2)]
[OptionalField(VersionAdded = 4)]
private string _AppDomainManagerType;
-#if FEATURE_APTCA
- [OptionalField(VersionAdded = 4)]
- private string[] _AptcaVisibleAssemblies;
-#endif
-
// A collection of strings used to indicate which breaking changes shouldn't be applied
// to an AppDomain. We only use the keys, the values are ignored.
[OptionalField(VersionAdded = 4)]
[OptionalField(VersionAdded = 5)] // This was added in .NET FX v4.5
private String _TargetFrameworkName;
-#if !FEATURE_CORECLR
- [NonSerialized]
- internal AppDomainSortingSetupInfo _AppDomainSortingSetupInfo;
-#endif
-
[OptionalField(VersionAdded = 5)] // This was added in .NET FX v4.5
private bool _CheckedForTargetFrameworkName;
_LoaderOptimization = copy._LoaderOptimization;
_AppDomainInitializerArguments = copy.AppDomainInitializerArguments;
-#if FEATURE_CLICKONCE
- _ActivationArguments = copy.ActivationArguments;
-#endif
_ApplicationTrust = copy._ApplicationTrust;
+
if (copyDomainBoundData)
_AppDomainInitializer = copy.AppDomainInitializer;
else
#endif // FEATURE_COMINTEROP
_AppDomainManagerAssembly = copy.AppDomainManagerAssembly;
_AppDomainManagerType = copy.AppDomainManagerType;
-#if FEATURE_APTCA
- _AptcaVisibleAssemblies = copy.PartialTrustVisibleAssemblies;
-#endif
if (copy._CompatFlags != null)
{
SetCompatibilitySwitches(copy._CompatFlags.Keys);
}
-#if !FEATURE_CORECLR
- if(copy._AppDomainSortingSetupInfo != null)
- {
- _AppDomainSortingSetupInfo = new AppDomainSortingSetupInfo(copy._AppDomainSortingSetupInfo);
- }
-#endif
_TargetFrameworkName = copy._TargetFrameworkName;
#if FEATURE_RANDOMIZED_STRING_HASHING
_LoaderOptimization = LoaderOptimization.NotSpecified;
}
-#if FEATURE_CLICKONCE
- // Creates an AppDomainSetup object from an application identity.
- public AppDomainSetup (ActivationContext activationContext) : this (new ActivationArguments(activationContext)) {}
-
- [System.Security.SecuritySafeCritical] // auto-generated
- public AppDomainSetup (ActivationArguments activationArguments) {
- if (activationArguments == null)
- throw new ArgumentNullException(nameof(activationArguments));
- Contract.EndContractBlock();
-
- _LoaderOptimization = LoaderOptimization.NotSpecified;
- ActivationArguments = activationArguments;
-
- Contract.Assert(activationArguments.ActivationContext != null, "Cannot set base directory without activation context");
- string entryPointPath = CmsUtils.GetEntryPointFullPath(activationArguments);
- if (!String.IsNullOrEmpty(entryPointPath))
- SetupDefaults(entryPointPath);
- else
- ApplicationBase = activationArguments.ActivationContext.ApplicationDirectory;
-
- }
-#endif // !FEATURE_CLICKONCE
-
- #if FEATURE_CORECLR
[System.Security.SecurityCritical] // auto-generated
- #endif
internal void SetupDefaults(string imageLocation, bool imageLocationAlreadyNormalized = false) {
char[] sep = {'\\', '/'};
int i = imageLocation.LastIndexOfAny(sep);
set { _AppDomainManagerType = value; }
}
-#if FEATURE_APTCA
- public string[] PartialTrustVisibleAssemblies
- {
- get { return _AptcaVisibleAssemblies; }
- set {
- if (value != null) {
- _AptcaVisibleAssemblies = (string[])value.Clone();
- Array.Sort<string>(_AptcaVisibleAssemblies, StringComparer.OrdinalIgnoreCase);
- }
- else {
- _AptcaVisibleAssemblies = null;
- }
- }
- }
-#endif
-
public String ApplicationBase
{
#if FEATURE_CORECLR
public void SetCompatibilitySwitches(IEnumerable<String> switches)
{
-
-#if !FEATURE_CORECLR
- if(_AppDomainSortingSetupInfo != null)
- {
- _AppDomainSortingSetupInfo._useV2LegacySorting = false;
- _AppDomainSortingSetupInfo._useV4LegacySorting = false;
- }
-#endif
-
#if FEATURE_RANDOMIZED_STRING_HASHING
_UseRandomizedStringHashing = false;
#endif
_CompatFlags = new Dictionary<string, object>();
foreach (String str in switches)
{
-#if !FEATURE_CORECLR
- if(StringComparer.OrdinalIgnoreCase.Equals("NetFx40_Legacy20SortingBehavior", str)) {
- if(_AppDomainSortingSetupInfo == null)
- {
- _AppDomainSortingSetupInfo = new AppDomainSortingSetupInfo();
- }
- _AppDomainSortingSetupInfo._useV2LegacySorting = true;
- }
-
- if(StringComparer.OrdinalIgnoreCase.Equals("NetFx45_Legacy40SortingBehavior", str)) {
- if(_AppDomainSortingSetupInfo == null)
- {
- _AppDomainSortingSetupInfo = new AppDomainSortingSetupInfo();
- }
- _AppDomainSortingSetupInfo._useV4LegacySorting = true;
- }
-#endif
-
#if FEATURE_RANDOMIZED_STRING_HASHING
if(StringComparer.OrdinalIgnoreCase.Equals("UseRandomizedStringHashAlgorithm", str)) {
_UseRandomizedStringHashing = true;
}
#endif
-
_CompatFlags.Add(str, null);
}
}
set { _CheckedForTargetFrameworkName = value; }
}
-#if !FEATURE_CORECLR
- [SecurityCritical]
- public void SetNativeFunction(string functionName, int functionVersion, IntPtr functionPointer)
- {
- if(functionName == null)
- {
- throw new ArgumentNullException(nameof(functionName));
- }
-
- if(functionPointer == IntPtr.Zero)
- {
- throw new ArgumentNullException(nameof(functionPointer));
- }
-
- if(String.IsNullOrWhiteSpace(functionName))
- {
- throw new ArgumentException(Environment.GetResourceString("Argument_NPMSInvalidName"), nameof(functionName));
- }
-
- Contract.EndContractBlock();
-
- if(functionVersion < 1)
- {
- throw new ArgumentException(Environment.GetResourceString("ArgumentException_MinSortingVersion", 1, functionName));
- }
-
- if(_AppDomainSortingSetupInfo == null)
- {
- _AppDomainSortingSetupInfo = new AppDomainSortingSetupInfo();
- }
-
- if(String.Equals(functionName, "IsNLSDefinedString", StringComparison.OrdinalIgnoreCase))
- {
- _AppDomainSortingSetupInfo._pfnIsNLSDefinedString = functionPointer;
- }
-
- if (String.Equals(functionName, "CompareStringEx", StringComparison.OrdinalIgnoreCase))
- {
- _AppDomainSortingSetupInfo._pfnCompareStringEx = functionPointer;
- }
-
- if (String.Equals(functionName, "LCMapStringEx", StringComparison.OrdinalIgnoreCase))
- {
- _AppDomainSortingSetupInfo._pfnLCMapStringEx = functionPointer;
- }
-
- if (String.Equals(functionName, "FindNLSStringEx", StringComparison.OrdinalIgnoreCase))
- {
- _AppDomainSortingSetupInfo._pfnFindNLSStringEx = functionPointer;
- }
-
- if (String.Equals(functionName, "CompareStringOrdinal", StringComparison.OrdinalIgnoreCase))
- {
- _AppDomainSortingSetupInfo._pfnCompareStringOrdinal = functionPointer;
- }
-
- if (String.Equals(functionName, "GetNLSVersionEx", StringComparison.OrdinalIgnoreCase))
- {
- _AppDomainSortingSetupInfo._pfnGetNLSVersionEx = functionPointer;
- }
-
- if (String.Equals(functionName, "FindStringOrdinal", StringComparison.OrdinalIgnoreCase))
- {
- _AppDomainSortingSetupInfo._pfnFindStringOrdinal = functionPointer;
- }
- }
-#endif
-
public String DynamicBase
{
[System.Security.SecuritySafeCritical] // auto-generated
}
}
-
public bool DisallowPublisherPolicy
{
get
else {
if (normalize)
dir = NormalizePath(dir, true);
-
- // The only way AppDomainSetup is exposed in coreclr is through the AppDomainManager
- // and the AppDomainManager is a SecurityCritical type. Also, all callers of callstacks
- // leading from VerifyDir are SecurityCritical. So we can remove the Demand because
- // we have validated that all callers are SecurityCritical
-#if !FEATURE_CORECLR
- if (IsFilePath(dir))
- new FileIOPermission( FileIOPermissionAccess.PathDiscovery, dir ).Demand();
-#endif // !FEATURE_CORECLR
}
}
}
}
-#if FEATURE_CLICKONCE
- [XmlIgnoreMember]
- public ActivationArguments ActivationArguments {
- [Pure]
- get {
- return _ActivationArguments;
- }
- set {
- _ActivationArguments = value;
- }
- }
-#endif // !FEATURE_CLICKONCE
-
internal ApplicationTrust InternalGetApplicationTrust()
{
-
if (_ApplicationTrust == null) return null;
-
-
-#if FEATURE_CORECLR
ApplicationTrust grantSet = new ApplicationTrust(NamedPermissionSet.GetBuiltInSet(_ApplicationTrust));
-#else
- SecurityElement securityElement = SecurityElement.FromString(_ApplicationTrust);
- ApplicationTrust grantSet = new ApplicationTrust();
- grantSet.FromXml(securityElement);
-#endif
return grantSet;
}
-#if FEATURE_CORECLR
internal void InternalSetApplicationTrust(String permissionSetName)
{
_ApplicationTrust = permissionSetName;
}
-#else
- internal void InternalSetApplicationTrust(ApplicationTrust value)
- {
- if (value != null)
- {
- _ApplicationTrust = value.ToXml().ToString();
- }
- else
- {
- _ApplicationTrust = null;
- }
- }
-#endif
-#if FEATURE_CLICKONCE
- [XmlIgnoreMember]
- public ApplicationTrust ApplicationTrust
- {
- get {
- return InternalGetApplicationTrust();
- }
- set {
- InternalSetApplicationTrust(value);
- }
- }
-#else // FEATURE_CLICKONCE
[XmlIgnoreMember]
internal ApplicationTrust ApplicationTrust
{
- get {
+ get
+ {
return InternalGetApplicationTrust();
}
-#if !FEATURE_CORECLR
- set {
- InternalSetApplicationTrust(value);
- }
-#endif
}
-#endif // FEATURE_CLICKONCE
public String PrivateBinPath
{
}
}
-
public String PrivateBinPathProbe
{
get {
}
}
-#if FEATURE_FUSION
- [SecurityCritical]
- internal bool UpdateContextPropertyIfNeeded(LoaderInformation FieldValue, String FieldKey, String UpdatedField, IntPtr fusionContext, AppDomainSetup oldADS)
- {
- String FieldString = Value[(int) FieldValue],
- OldFieldString = (oldADS == null ? null : oldADS.Value[(int) FieldValue]);
- if (FieldString != OldFieldString) { // Compare references since strings are immutable
- UpdateContextProperty(fusionContext, FieldKey, UpdatedField == null ? FieldString : UpdatedField);
- return true;
- }
-
- return false;
- }
-
- [SecurityCritical]
- internal void UpdateBooleanContextPropertyIfNeeded(LoaderInformation FieldValue, String FieldKey, IntPtr fusionContext, AppDomainSetup oldADS)
- {
- if (Value[(int) FieldValue] != null)
- UpdateContextProperty(fusionContext, FieldKey, "true");
- else if (oldADS != null && oldADS.Value[(int) FieldValue] != null)
- UpdateContextProperty(fusionContext, FieldKey, "false");
- }
-
- [SecurityCritical]
- internal static bool ByteArraysAreDifferent(Byte[] A, Byte[] B)
- {
- int length = A.Length;
- if (length != B.Length)
- return true;
-
- for(int i = 0; i < length; i++) {
- if (A[i] != B[i])
- return true;
- }
-
- return false;
- }
-
- [System.Security.SecurityCritical] // auto-generated
- internal static void UpdateByteArrayContextPropertyIfNeeded(Byte[] NewArray, Byte[] OldArray, String FieldKey, IntPtr fusionContext)
- {
- if ((NewArray != null && OldArray == null) ||
- (NewArray == null && OldArray != null) ||
- (NewArray != null && OldArray != null && ByteArraysAreDifferent(NewArray, OldArray)))
- UpdateContextProperty(fusionContext, FieldKey, NewArray);
- }
-
- [System.Security.SecurityCritical] // auto-generated
- internal void SetupFusionContext(IntPtr fusionContext, AppDomainSetup oldADS)
- {
- UpdateContextPropertyIfNeeded(LoaderInformation.ApplicationBaseValue, ApplicationBaseKey, null, fusionContext, oldADS);
- UpdateContextPropertyIfNeeded(LoaderInformation.PrivateBinPathValue, PrivateBinPathKey, null, fusionContext, oldADS);
- UpdateContextPropertyIfNeeded(LoaderInformation.DevPathValue, DeveloperPathKey, null, fusionContext, oldADS);
-
- UpdateBooleanContextPropertyIfNeeded(LoaderInformation.DisallowPublisherPolicyValue, DisallowPublisherPolicyKey, fusionContext, oldADS);
- UpdateBooleanContextPropertyIfNeeded(LoaderInformation.DisallowCodeDownloadValue, DisallowCodeDownloadKey, fusionContext, oldADS);
- UpdateBooleanContextPropertyIfNeeded(LoaderInformation.DisallowBindingRedirectsValue, DisallowBindingRedirectsKey, fusionContext, oldADS);
- UpdateBooleanContextPropertyIfNeeded(LoaderInformation.DisallowAppBaseProbingValue, DisallowAppBaseProbingKey, fusionContext, oldADS);
-
- if(UpdateContextPropertyIfNeeded(LoaderInformation.ShadowCopyFilesValue, ShadowCopyFilesKey, ShadowCopyFiles, fusionContext, oldADS)) {
-
- // If we are asking for shadow copy directories then default to
- // only to the ones that are in the private bin path.
- if(Value[(int) LoaderInformation.ShadowCopyDirectoriesValue] == null)
- ShadowCopyDirectories = BuildShadowCopyDirectories();
-
- UpdateContextPropertyIfNeeded(LoaderInformation.ShadowCopyDirectoriesValue, ShadowCopyDirectoriesKey, null, fusionContext, oldADS);
- }
-
- UpdateContextPropertyIfNeeded(LoaderInformation.CachePathValue, CachePathKey, null, fusionContext, oldADS);
- UpdateContextPropertyIfNeeded(LoaderInformation.PrivateBinPathProbeValue, PrivateBinPathProbeKey, PrivateBinPathProbe, fusionContext, oldADS);
- UpdateContextPropertyIfNeeded(LoaderInformation.ConfigurationFileValue, ConfigurationFileKey, null, fusionContext, oldADS);
-
- UpdateByteArrayContextPropertyIfNeeded(_ConfigurationBytes, oldADS == null ? null : oldADS.GetConfigurationBytes(), ConfigurationBytesKey, fusionContext);
-
- UpdateContextPropertyIfNeeded(LoaderInformation.ApplicationNameValue, ApplicationNameKey, ApplicationName, fusionContext, oldADS);
- UpdateContextPropertyIfNeeded(LoaderInformation.DynamicBaseValue, DynamicBaseKey, null, fusionContext, oldADS);
-
- // Always add the runtime configuration file to the appdomain
- UpdateContextProperty(fusionContext, MachineConfigKey, RuntimeEnvironment.GetRuntimeDirectoryImpl() + RuntimeConfigurationFile);
-
- String hostBindingFile = RuntimeEnvironment.GetHostBindingFile();
- if(hostBindingFile != null || oldADS != null) // If oldADS != null, we don't know the old value of the hostBindingFile, so we force an update even when hostBindingFile == null.
- UpdateContextProperty(fusionContext, HostBindingKey, hostBindingFile);
- }
-
- [System.Security.SecurityCritical] // auto-generated
- [MethodImplAttribute(MethodImplOptions.InternalCall)]
- internal static extern void UpdateContextProperty(IntPtr fusionContext, string key, Object value);
-#endif // FEATURE_FUSION
-
static internal int Locate(String s)
{
if(String.IsNullOrEmpty(s))
return -1;
-#if FEATURE_FUSION
- // verify assumptions hardcoded into the switch below
- Contract.Assert('A' == ACTAG_APP_CONFIG_FILE[0] , "Assumption violated");
- Contract.Assert('A' == ACTAG_APP_NAME[0] , "Assumption violated");
- Contract.Assert('A' == ACTAG_APP_BASE_URL[0] , "Assumption violated");
- Contract.Assert('B' == ACTAG_BINPATH_PROBE_ONLY[0] , "Assumption violated");
- Contract.Assert('C' == ACTAG_APP_CACHE_BASE[0] , "Assumption violated");
- Contract.Assert('D' == ACTAG_DEV_PATH[0] , "Assumption violated");
- Contract.Assert('D' == ACTAG_APP_DYNAMIC_BASE[0] , "Assumption violated");
- Contract.Assert('F' == ACTAG_FORCE_CACHE_INSTALL[0] , "Assumption violated");
- Contract.Assert('L' == LICENSE_FILE[0] , "Assumption violated");
- Contract.Assert('P' == ACTAG_APP_PRIVATE_BINPATH[0] , "Assumption violated");
- Contract.Assert('S' == ACTAG_APP_SHADOW_COPY_DIRS[0], "Assumption violated");
- Contract.Assert('D' == ACTAG_DISALLOW_APPLYPUBLISHERPOLICY[0], "Assumption violated");
- Contract.Assert('C' == ACTAG_CODE_DOWNLOAD_DISABLED[0], "Assumption violated");
- Contract.Assert('D' == ACTAG_DISALLOW_APP_BINDING_REDIRECTS[0], "Assumption violated");
- Contract.Assert('D' == ACTAG_DISALLOW_APP_BASE_PROBING[0], "Assumption violated");
- Contract.Assert('A' == ACTAG_APP_CONFIG_BLOB[0], "Assumption violated");
-
- switch (s[0]) {
- case 'A':
- if (s == ACTAG_APP_CONFIG_FILE) return (int)LoaderInformation.ConfigurationFileValue;
- if (s == ACTAG_APP_NAME) return (int)LoaderInformation.ApplicationNameValue;
- if (s == ACTAG_APP_BASE_URL) return (int)LoaderInformation.ApplicationBaseValue;
- if (s == ACTAG_APP_CONFIG_BLOB) return (int)LoaderInformation.ConfigurationBytesValue;
- break;
- case 'B':
- if (s == ACTAG_BINPATH_PROBE_ONLY) return (int)LoaderInformation.PrivateBinPathProbeValue;
- break;
- case 'C':
- if (s == ACTAG_APP_CACHE_BASE) return (int)LoaderInformation.CachePathValue;
- if (s == ACTAG_CODE_DOWNLOAD_DISABLED) return (int)LoaderInformation.DisallowCodeDownloadValue;
- break;
- case 'D':
- if (s == ACTAG_DEV_PATH) return (int)LoaderInformation.DevPathValue;
- if (s == ACTAG_APP_DYNAMIC_BASE) return (int)LoaderInformation.DynamicBaseValue;
- if (s == ACTAG_DISALLOW_APPLYPUBLISHERPOLICY) return (int)LoaderInformation.DisallowPublisherPolicyValue;
- if (s == ACTAG_DISALLOW_APP_BINDING_REDIRECTS) return (int)LoaderInformation.DisallowBindingRedirectsValue;
- if (s == ACTAG_DISALLOW_APP_BASE_PROBING) return (int)LoaderInformation.DisallowAppBaseProbingValue;
- break;
- case 'F':
- if (s == ACTAG_FORCE_CACHE_INSTALL) return (int)LoaderInformation.ShadowCopyFilesValue;
- break;
- case 'L':
- if (s == LICENSE_FILE) return (int)LoaderInformation.LicenseFileValue;
- break;
- case 'P':
- if (s == ACTAG_APP_PRIVATE_BINPATH) return (int)LoaderInformation.PrivateBinPathValue;
- break;
- case 'S':
- if (s == ACTAG_APP_SHADOW_COPY_DIRS) return (int)LoaderInformation.ShadowCopyDirectoriesValue;
- break;
- }
-#else
Contract.Assert('A' == ACTAG_APP_BASE_URL[0] , "Assumption violated");
if (s[0]=='A' && s == ACTAG_APP_BASE_URL)
return (int)LoaderInformation.ApplicationBaseValue;
-#endif //FEATURE_FUSION
-
return -1;
}
-#if FEATURE_FUSION
- private string BuildShadowCopyDirectories()
- {
- // Default to only to the ones that are in the private bin path.
- String binPath = Value[(int) LoaderInformation.PrivateBinPathValue];
- if(binPath == null)
- return null;
-
- StringBuilder result = StringBuilderCache.Acquire();
- String appBase = Value[(int) LoaderInformation.ApplicationBaseValue];
- if(appBase != null) {
- char[] sep = {';'};
- string[] directories = binPath.Split(sep);
- int size = directories.Length;
- bool appendSlash = !( (appBase[appBase.Length-1] == '/') ||
- (appBase[appBase.Length-1] == '\\') );
-
- if (size == 0) {
- result.Append(appBase);
- if (appendSlash)
- result.Append('\\');
- result.Append(binPath);
- }
- else {
- for(int i = 0; i < size; i++) {
- result.Append(appBase);
- if (appendSlash)
- result.Append('\\');
- result.Append(directories[i]);
-
- if (i < size-1)
- result.Append(';');
- }
- }
- }
-
- return StringBuilderCache.GetStringAndRelease(result);
- }
-#endif // FEATURE_FUSION
#if FEATURE_COMINTEROP
public bool SandboxInterop
**
**
===========================================================*/
-namespace System {
- using System.Reflection;
- using System.Runtime.CompilerServices;
- using SecurityManager = System.Security.SecurityManager;
- using System.Security.Permissions;
- using IEvidenceFactory = System.Security.IEvidenceFactory;
-#if FEATURE_IMPERSONATION
- using System.Security.Principal;
-#endif
- using System.Security.Policy;
- using System.Security;
- using System.Security.Util;
- using System.Collections;
- using System.Text;
- using System.Configuration.Assemblies;
- using System.Threading;
+namespace System
+{
using System.Runtime.InteropServices;
- using System.Runtime.Remoting;
- using System.Reflection.Emit;
- using CultureInfo = System.Globalization.CultureInfo;
- using System.IO;
- using System.Runtime.Versioning;
[GuidAttribute("05F696DC-2B29-3663-AD8B-C4389CF2A713")]
[InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)]
[CLSCompliant(false)]
-[System.Runtime.InteropServices.ComVisible(true)]
+ [System.Runtime.InteropServices.ComVisible(true)]
public interface _AppDomain
{
-#if !FEATURE_CORECLR
- void GetTypeInfoCount(out uint pcTInfo);
-
- void GetTypeInfo(uint iTInfo, uint lcid, IntPtr ppTInfo);
-
- void GetIDsOfNames([In] ref Guid riid, IntPtr rgszNames, uint cNames, uint lcid, IntPtr rgDispId);
-
- void Invoke(uint dispIdMember, [In] ref Guid riid, uint lcid, short wFlags, IntPtr pDispParams, IntPtr pVarResult, IntPtr pExcepInfo, IntPtr puArgErr);
-
- String ToString();
-
- bool Equals (Object other);
-
- int GetHashCode ();
-
- Type GetType ();
-
-#if FEATURE_REMOTING
- [System.Security.SecurityCritical] // auto-generated_required
- Object InitializeLifetimeService ();
-
- [System.Security.SecurityCritical] // auto-generated_required
- Object GetLifetimeService ();
-#endif // FEATURE_REMOTING
-
-#if FEATURE_CAS_POLICY
- Evidence Evidence { get; }
-#endif // FEATURE_CAS_POLICY
- event EventHandler DomainUnload;
-
- [method:System.Security.SecurityCritical]
- event AssemblyLoadEventHandler AssemblyLoad;
-
- event EventHandler ProcessExit;
-
- [method:System.Security.SecurityCritical]
- event ResolveEventHandler TypeResolve;
-
- [method:System.Security.SecurityCritical]
- event ResolveEventHandler ResourceResolve;
-
- [method:System.Security.SecurityCritical]
- event ResolveEventHandler AssemblyResolve;
-
- [method:System.Security.SecurityCritical]
- event UnhandledExceptionEventHandler UnhandledException;
-
- AssemblyBuilder DefineDynamicAssembly(AssemblyName name,
- AssemblyBuilderAccess access);
-
- AssemblyBuilder DefineDynamicAssembly(AssemblyName name,
- AssemblyBuilderAccess access,
- String dir);
-
- AssemblyBuilder DefineDynamicAssembly(AssemblyName name,
- AssemblyBuilderAccess access,
- Evidence evidence);
-
- AssemblyBuilder DefineDynamicAssembly(AssemblyName name,
- AssemblyBuilderAccess access,
- PermissionSet requiredPermissions,
- PermissionSet optionalPermissions,
- PermissionSet refusedPermissions);
-
- AssemblyBuilder DefineDynamicAssembly(AssemblyName name,
- AssemblyBuilderAccess access,
- String dir,
- Evidence evidence);
-
- AssemblyBuilder DefineDynamicAssembly(AssemblyName name,
- AssemblyBuilderAccess access,
- String dir,
- PermissionSet requiredPermissions,
- PermissionSet optionalPermissions,
- PermissionSet refusedPermissions);
-
- AssemblyBuilder DefineDynamicAssembly(AssemblyName name,
- AssemblyBuilderAccess access,
- Evidence evidence,
- PermissionSet requiredPermissions,
- PermissionSet optionalPermissions,
- PermissionSet refusedPermissions);
-
- AssemblyBuilder DefineDynamicAssembly(AssemblyName name,
- AssemblyBuilderAccess access,
- String dir,
- Evidence evidence,
- PermissionSet requiredPermissions,
- PermissionSet optionalPermissions,
- PermissionSet refusedPermissions);
-
- AssemblyBuilder DefineDynamicAssembly(AssemblyName name,
- AssemblyBuilderAccess access,
- String dir,
- Evidence evidence,
- PermissionSet requiredPermissions,
- PermissionSet optionalPermissions,
- PermissionSet refusedPermissions,
- bool isSynchronized);
-
- ObjectHandle CreateInstance(String assemblyName,
- String typeName);
-
-
- ObjectHandle CreateInstanceFrom(String assemblyFile,
- String typeName);
-
-
- ObjectHandle CreateInstance(String assemblyName,
- String typeName,
- Object[] activationAttributes);
-
- ObjectHandle CreateInstanceFrom(String assemblyFile,
- String typeName,
- Object[] activationAttributes);
-
- ObjectHandle CreateInstance(String assemblyName,
- String typeName,
- bool ignoreCase,
- BindingFlags bindingAttr,
- Binder binder,
- Object[] args,
- CultureInfo culture,
- Object[] activationAttributes,
- Evidence securityAttributes);
-
- ObjectHandle CreateInstanceFrom(String assemblyFile,
- String typeName,
- bool ignoreCase,
- BindingFlags bindingAttr,
- Binder binder,
- Object[] args,
- CultureInfo culture,
- Object[] activationAttributes,
- Evidence securityAttributes);
-
- Assembly Load(AssemblyName assemblyRef);
-
- Assembly Load(String assemblyString);
-
- Assembly Load(byte[] rawAssembly);
-
- Assembly Load(byte[] rawAssembly,
- byte[] rawSymbolStore);
-
- Assembly Load(byte[] rawAssembly,
- byte[] rawSymbolStore,
- Evidence securityEvidence);
-
- Assembly Load(AssemblyName assemblyRef,
- Evidence assemblySecurity);
-
- Assembly Load(String assemblyString,
- Evidence assemblySecurity);
-
- int ExecuteAssembly(String assemblyFile,
- Evidence assemblySecurity);
-
- int ExecuteAssembly(String assemblyFile);
-
- int ExecuteAssembly(String assemblyFile,
- Evidence assemblySecurity,
- String[] args);
-
- String FriendlyName
- { get; }
-#if FEATURE_FUSION
- String BaseDirectory
- {
- get;
- }
-
- String RelativeSearchPath
- { get; }
-
- bool ShadowCopyFiles
- { get; }
-#endif
- Assembly[] GetAssemblies();
-#if FEATURE_FUSION
- [System.Security.SecurityCritical] // auto-generated_required
- void AppendPrivatePath(String path);
-
- [System.Security.SecurityCritical] // auto-generated_required
- void ClearPrivatePath();
-
- [System.Security.SecurityCritical] // auto-generated_required
- void SetShadowCopyPath (String s);
-
- [System.Security.SecurityCritical] // auto-generated_required
- void ClearShadowCopyPath ( );
-
- [System.Security.SecurityCritical] // auto-generated_required
- void SetCachePath (String s);
-#endif //FEATURE_FUSION
- [System.Security.SecurityCritical] // auto-generated_required
- void SetData(String name, Object data);
-
- #if FEATURE_CORECLR
- [System.Security.SecurityCritical] // auto-generated
- #endif
- Object GetData(string name);
-
-#if FEATURE_CAS_POLICY
- [System.Security.SecurityCritical] // auto-generated_required
- void SetAppDomainPolicy(PolicyLevel domainPolicy);
-
-#if FEATURE_IMPERSONATION
- void SetThreadPrincipal(IPrincipal principal);
-#endif // FEATURE_IMPERSONATION
-
- void SetPrincipalPolicy(PrincipalPolicy policy);
-#endif
-
-#if FEATURE_REMOTING
- void DoCallBack(CrossAppDomainDelegate theDelegate);
-#endif
-
- String DynamicDirectory
- { get; }
-#endif
}
}
[System.Security.SecuritySafeCritical]
private static string InternalGetCurrentDirectory(bool checkHost)
{
- string currentDirectory = (
-#if FEATURE_PATHCOMPAT
- AppContextSwitches.UseLegacyPathHandling ? LegacyGetCurrentDirectory() :
-#endif
- NewGetCurrentDirectory());
-
+ string currentDirectory = NewGetCurrentDirectory();
string demandPath = GetDemandDir(currentDirectory, true);
-#if FEATURE_CORECLR
if (checkHost)
{
FileSecurityState state = new FileSecurityState(FileSecurityStateAccess.PathDiscovery, String.Empty, demandPath);
state.EnsureState();
}
-#else
- FileIOPermission.QuickDemand(FileIOPermissionAccess.PathDiscovery, demandPath, false, false);
-#endif
- return currentDirectory;
- }
-
-#if FEATURE_PATHCOMPAT
- [System.Security.SecurityCritical]
- private static String LegacyGetCurrentDirectory()
- {
- StringBuilder sb = StringBuilderCache.Acquire(Path.MaxPath + 1);
- if (Win32Native.GetCurrentDirectory(sb.Capacity, sb) == 0)
- __Error.WinIOError();
- String currentDirectory = sb.ToString();
- // Note that if we have somehow put our command prompt into short
- // file name mode (ie, by running edlin or a DOS grep, etc), then
- // this will return a short file name.
- if (currentDirectory.IndexOf('~') >= 0) {
- int r = Win32Native.GetLongPathName(currentDirectory, sb, sb.Capacity);
- if (r == 0 || r >= Path.MaxPath) {
- int errorCode = Marshal.GetLastWin32Error();
- if (r >= Path.MaxPath)
- errorCode = Win32Native.ERROR_FILENAME_EXCED_RANGE;
- if (errorCode != Win32Native.ERROR_FILE_NOT_FOUND &&
- errorCode != Win32Native.ERROR_PATH_NOT_FOUND &&
- errorCode != Win32Native.ERROR_INVALID_FUNCTION && // by design - enough said.
- errorCode != Win32Native.ERROR_ACCESS_DENIED)
- __Error.WinIOError(errorCode, String.Empty);
- }
- currentDirectory = sb.ToString();
- }
- StringBuilderCache.Release(sb);
- String demandPath = GetDemandDir(currentDirectory, true);
-
return currentDirectory;
}
-#endif // FEATURE_PATHCOMPAT
[System.Security.SecurityCritical]
private static string NewGetCurrentDirectory()
}
}
-#if FEATURE_CORECLR
[System.Security.SecurityCritical] // auto-generated
-#else
- [System.Security.SecuritySafeCritical]
-#endif
public static void SetCurrentDirectory(String path)
{
if (path==null)
using __HResults = System.__HResults;
using System.Runtime.Versioning;
using System.Diagnostics.Contracts;
-#if FEATURE_CORECLR
using System.Runtime.Loader;
-#endif
-
[Serializable]
[System.Runtime.InteropServices.ComVisible(true)]
#pragma warning restore 618
public abstract class Assembly : _Assembly, IEvidenceFactory, ICustomAttributeProvider, ISerializable
{
-#region constructors
protected Assembly() {}
-#endregion
#region public static methods
return base.GetHashCode();
}
-#if FEATURE_CORECLR
[System.Security.SecurityCritical]
public static Assembly LoadFrom(String assemblyFile)
{
string fullPath = Path.GetFullPath(assemblyFile);
return AssemblyLoadContext.Default.LoadFromAssemblyPath(fullPath);
}
-#else
- // Locate an assembly by the name of the file containing the manifest.
- [System.Security.SecuritySafeCritical]
- [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable
- public static Assembly LoadFrom(String assemblyFile)
- {
- Contract.Ensures(Contract.Result<Assembly>() != null);
- Contract.Ensures(!Contract.Result<Assembly>().ReflectionOnly);
-
- StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller;
-
- return RuntimeAssembly.InternalLoadFrom(
- assemblyFile,
- null, // securityEvidence
- null, // hashValue
- AssemblyHashAlgorithm.None,
- false,// forIntrospection
- false,// suppressSecurityChecks
- ref stackMark);
- }
-#endif
// Locate an assembly for reflection by the name of the file containing the manifest.
[System.Security.SecuritySafeCritical] // auto-generated
byte[] hashValue,
AssemblyHashAlgorithm hashAlgorithm)
{
-#if FEATURE_CORECLR
throw new NotSupportedException(Environment.GetResourceString("NotSupported_AssemblyLoadFromHash"));
-#else
- StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller;
-
- return RuntimeAssembly.InternalLoadFrom(
- assemblyFile,
- null,
- hashValue,
- hashAlgorithm,
- false,
- false,
- ref stackMark);
-#endif
}
-#if FEATURE_CAS_POLICY
- // Load an assembly into the LoadFrom context bypassing some security checks
- [SecurityCritical]
- [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable
- public static Assembly UnsafeLoadFrom(string assemblyFile)
- {
-
- Contract.Ensures(Contract.Result<Assembly>() != null);
- Contract.Ensures(!Contract.Result<Assembly>().ReflectionOnly);
-
- StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller;
-
- return RuntimeAssembly.InternalLoadFrom(assemblyFile,
- null, // securityEvidence
- null, // hashValue
- AssemblyHashAlgorithm.None,
- false, // forIntrospection
- true, // suppressSecurityChecks
- ref stackMark);
- }
-#elif FEATURE_CORECLR
[SecurityCritical]
public static Assembly UnsafeLoadFrom(string assemblyFile)
{
return LoadFrom(assemblyFile);
}
-#endif // FEATURE_CAS_POLICY
// Locate an assembly by the long form of the assembly name.
// eg. "Toolbox.dll, version=1.1.10.1220, locale=en, publickey=1234567890123456789012345678901234567890"
// Locate an assembly by its name. The name can be strong or
// weak. The assembly is loaded into the domain of the caller.
-#if FEATURE_CORECLR
[System.Security.SecurityCritical] // auto-generated
-#else
- [System.Security.SecuritySafeCritical]
-#endif
[MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable
public static Assembly Load(AssemblyName assemblyRef)
{
// Locate an assembly by its name. The name can be strong or
// weak. The assembly is loaded into the domain of the caller.
-#if FEATURE_CORECLR
[System.Security.SecurityCritical] // auto-generated
-#else
- [System.Security.SecuritySafeCritical]
-#endif
[MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable
internal static Assembly Load(AssemblyName assemblyRef, IntPtr ptrLoadContextBinder)
{
return RuntimeAssembly.InternalLoadAssemblyName(assemblyRef, assemblySecurity, null, ref stackMark, true /*thrownOnFileNotFound*/, false /*forIntrospection*/, false /*suppressSecurityChecks*/);
}
-#if FEATURE_FUSION
- [System.Security.SecuritySafeCritical] // auto-generated
- [Obsolete("This method has been deprecated. Please use Assembly.Load() instead. http://go.microsoft.com/fwlink/?linkid=14202")]
- [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable
- public static Assembly LoadWithPartialName(String partialName)
- {
- StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller;
- return RuntimeAssembly.LoadWithPartialNameInternal(partialName, null, ref stackMark);
- }
-
- [System.Security.SecuritySafeCritical] // auto-generated
- [Obsolete("This method has been deprecated. Please use Assembly.Load() instead. http://go.microsoft.com/fwlink/?linkid=14202")]
- [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable
- public static Assembly LoadWithPartialName(String partialName, Evidence securityEvidence)
- {
- StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller;
- return RuntimeAssembly.LoadWithPartialNameInternal(partialName, securityEvidence, ref stackMark);
- }
-#elif FEATURE_CORECLR
[System.Security.SecuritySafeCritical] // auto-generated
[Obsolete("This method has been deprecated. Please use Assembly.Load() instead. http://go.microsoft.com/fwlink/?linkid=14202")]
public static Assembly LoadWithPartialName(String partialName)
return Load(partialName);
}
-#endif // FEATURE_FUSION
-
// Loads the assembly with a COFF based IMAGE containing
// an emitted assembly. The assembly is loaded into the domain
// of the caller.
-#if FEATURE_CORECLR
[System.Security.SecurityCritical] // auto-generated
-#else
- [System.Security.SecuritySafeCritical]
-#endif
[MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable
public static Assembly Load(byte[] rawAssembly)
{
AppDomain.CheckLoadByteArraySupported();
-#if FEATURE_CORECLR
return Load(rawAssembly, null);
-#else
- StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller;
- return RuntimeAssembly.nLoadImage(
- rawAssembly,
- null, // symbol store
- null, // evidence
- ref stackMark,
- false, // fIntrospection
- SecurityContextSource.CurrentAssembly);
-#endif
}
// Loads the assembly for reflection with a COFF based IMAGE containing
// an emitted assembly. The assembly is loaded into the domain
// of the caller. The second parameter is the raw bytes
// representing the symbol store that matches the assembly.
-#if FEATURE_CORECLR
[System.Security.SecurityCritical] // auto-generated
-#else
- [System.Security.SecuritySafeCritical]
-#endif
[MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable
public static Assembly Load(byte[] rawAssembly,
byte[] rawSymbolStore)
{
-
Contract.Ensures(Contract.Result<Assembly>() != null);
Contract.Ensures(!Contract.Result<Assembly>().ReflectionOnly);
AppDomain.CheckLoadByteArraySupported();
-#if FEATURE_CORECLR
if(rawAssembly == null)
throw new ArgumentNullException(nameof(rawAssembly));
AssemblyLoadContext alc = new IndividualAssemblyLoadContext();
MemoryStream assemblyStream = new MemoryStream(rawAssembly);
MemoryStream symbolStream = (rawSymbolStore!=null)?new MemoryStream(rawSymbolStore):null;
return alc.LoadFromStream(assemblyStream, symbolStream);
-#else
- StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller;
- return RuntimeAssembly.nLoadImage(
- rawAssembly,
- rawSymbolStore,
- null, // evidence
- ref stackMark,
- false, // fIntrospection
- SecurityContextSource.CurrentAssembly);
-#endif
}
// Load an assembly from a byte array, controlling where the grant set of this assembly is
byte[] rawSymbolStore,
SecurityContextSource securityContextSource)
{
-
Contract.Ensures(Contract.Result<Assembly>() != null);
Contract.Ensures(!Contract.Result<Assembly>().ReflectionOnly);
securityContextSource);
}
-#if FEATURE_CAS_POLICY
- [System.Security.SecuritySafeCritical] // auto-generated
- [SecurityPermissionAttribute(SecurityAction.Demand, Flags=SecurityPermissionFlag.ControlEvidence)]
- [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable
- [Obsolete("This method is obsolete and will be removed in a future release of the .NET Framework. Please use an overload of Load which does not take an Evidence parameter. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")]
- public static Assembly Load(byte[] rawAssembly,
- byte[] rawSymbolStore,
- Evidence securityEvidence)
- {
-
- Contract.Ensures(Contract.Result<Assembly>() != null);
- Contract.Ensures(!Contract.Result<Assembly>().ReflectionOnly);
-
- AppDomain.CheckLoadByteArraySupported();
-
- if (securityEvidence != null && !AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled)
- {
- // A zone of MyComputer could not have been used to sandbox, so for compatibility we do not
- // throw an exception when we see it.
- Zone zone = securityEvidence.GetHostEvidence<Zone>();
- if (zone == null || zone.SecurityZone != SecurityZone.MyComputer)
- {
- throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyImplicit"));
- }
- }
-
- StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller;
- return RuntimeAssembly.nLoadImage(
- rawAssembly,
- rawSymbolStore,
- securityEvidence,
- ref stackMark,
- false, // fIntrospection
- SecurityContextSource.CurrentAssembly);
- }
-#endif // FEATURE_CAS_POLICY
-
-#if FEATURE_CORECLR
private static Dictionary<string, Assembly> s_loadfile = new Dictionary<string, Assembly>();
-#endif
[System.Security.SecuritySafeCritical] // auto-generated
public static Assembly LoadFile(String path)
{
-
Contract.Ensures(Contract.Result<Assembly>() != null);
Contract.Ensures(!Contract.Result<Assembly>().ReflectionOnly);
AppDomain.CheckLoadFileSupported();
-#if FEATURE_CORECLR
Assembly result = null;
if(path == null)
throw new ArgumentNullException(nameof(path));
s_loadfile.Add(normalizedPath, result);
}
return result;
-#else
- new FileIOPermission(FileIOPermissionAccess.PathDiscovery | FileIOPermissionAccess.Read, path).Demand();
- return RuntimeAssembly.nLoadFile(path, null);
-#endif
- }
-
-#if FEATURE_CAS_POLICY
- [System.Security.SecuritySafeCritical] // auto-generated
- [SecurityPermissionAttribute(SecurityAction.Demand, Flags=SecurityPermissionFlag.ControlEvidence)]
- [Obsolete("This method is obsolete and will be removed in a future release of the .NET Framework. Please use an overload of LoadFile which does not take an Evidence parameter. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")]
- public static Assembly LoadFile(String path,
- Evidence securityEvidence)
- {
-
- Contract.Ensures(Contract.Result<Assembly>() != null);
- Contract.Ensures(!Contract.Result<Assembly>().ReflectionOnly);
-
- AppDomain.CheckLoadFileSupported();
-
- if (securityEvidence != null && !AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled)
- throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyImplicit"));
-
- new FileIOPermission(FileIOPermissionAccess.PathDiscovery | FileIOPermissionAccess.Read, path).Demand();
- return RuntimeAssembly.nLoadFile(path, securityEvidence);
}
-#endif // FEATURE_CAS_POLICY
-#if FEATURE_CORECLR
[System.Security.SecurityCritical] // auto-generated
[MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable
public static Assembly Load(Stream assemblyStream, Stream pdbStream)
StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller;
return RuntimeAssembly.InternalLoadFromStream(assemblyStream, pdbStream, ref stackMark);
}
-
[System.Security.SecurityCritical] // auto-generated
[MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable
public static Assembly Load(Stream assemblyStream)
StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller;
return RuntimeAssembly.InternalLoadFromStream(assemblyStream, null, ref stackMark);
}
-#endif //FEATURE_CORECLR
/*
* Get the assembly that the current code is running from.
domainManager = new AppDomainManager();
return domainManager.EntryAssembly;
}
-
+
#endregion // public static methods
#region public methods
public virtual String CodeBase
{
-#if FEATURE_CORECLR
[System.Security.SecurityCritical] // auto-generated
-#endif
get
{
throw new NotImplementedException();
}
}
-#if FEATURE_CORECLR
[System.Security.SecurityCritical] // auto-generated
-#endif
public virtual AssemblyName GetName()
{
return GetName(false);
}
-#if FEATURE_CORECLR
[System.Security.SecurityCritical] // auto-generated
-#endif
public virtual AssemblyName GetName(bool copiedName)
{
throw new NotImplementedException();
}
}
-#if !FEATURE_CORECLR
- Type _Assembly.GetType()
- {
- return base.GetType();
- }
-#endif
-
public virtual Type GetType(String name)
{
return GetType(name, false, false);
throw new NotImplementedException();
}
-#if FEATURE_CAS_POLICY
- public virtual Evidence Evidence
- {
- get
- {
- throw new NotImplementedException();
- }
- }
-
- public virtual PermissionSet PermissionSet
- {
- // SecurityCritical because permissions can contain sensitive information such as paths
- [SecurityCritical]
- get
- {
- throw new NotImplementedException();
- }
- }
-
- public bool IsFullyTrusted
- {
- [SecuritySafeCritical]
- get
- {
- return PermissionSet.IsUnrestricted();
- }
- }
-
- public virtual SecurityRuleSet SecurityRuleSet
- {
- get
- {
- throw new NotImplementedException();
- }
- }
-#elif FEATURE_CORECLR
public bool IsFullyTrusted
{
[SecuritySafeCritical]
return SecurityRuleSet.None;
}
}
-#endif // FEATURE_CAS_POLICY
// ISerializable implementation
[System.Security.SecurityCritical] // auto-generated_required
// Returns the file in the File table of the manifest that matches the
// given name. (Name should not include path.)
-#if FEATURE_CORECLR
[System.Security.SecurityCritical] // auto-generated
-#endif
public virtual FileStream GetFile(String name)
{
throw new NotImplementedException();
return GetFiles(false);
}
-#if FEATURE_CORECLR
[System.Security.SecurityCritical] // auto-generated
-#endif
public virtual FileStream[] GetFiles(bool getResourceModules)
{
throw new NotImplementedException();
public virtual String Location
{
-#if FEATURE_CORECLR
[System.Security.SecurityCritical] // auto-generated
-#endif
get
{
throw new NotImplementedException();
[Serializable]
internal class RuntimeAssembly : Assembly
-#if !FEATURE_CORECLR
- , ICustomQueryInterface
-#endif
{
-#if !FEATURE_CORECLR
-#region ICustomQueryInterface
- [System.Security.SecurityCritical]
- CustomQueryInterfaceResult ICustomQueryInterface.GetInterface([In]ref Guid iid, out IntPtr ppv)
- {
- if (iid == typeof(NativeMethods.IDispatch).GUID)
- {
- ppv = Marshal.GetComInterfaceForObject(this, typeof(_Assembly));
- return CustomQueryInterfaceResult.Handled;
- }
-
- ppv = IntPtr.Zero;
- return CustomQueryInterfaceResult.NotHandled;
- }
-#endregion
-#endif // !FEATURE_CORECLR
-
#if FEATURE_APPX
// The highest byte is the flags and the lowest 3 bytes are
// the cached ctor token of [DynamicallyInvocableAttribute].
{
if ((m_flags & ASSEMBLY_FLAGS.ASSEMBLY_FLAGS_INITIALIZED) == 0)
{
- ASSEMBLY_FLAGS flags = ASSEMBLY_FLAGS.ASSEMBLY_FLAGS_UNKNOWN;
-
-#if FEATURE_CORECLR
- flags |= ASSEMBLY_FLAGS.ASSEMBLY_FLAGS_FRAMEWORK | ASSEMBLY_FLAGS.ASSEMBLY_FLAGS_SAFE_REFLECTION;
-#else
- if (RuntimeAssembly.IsFrameworkAssembly(GetName()))
- {
- flags |= ASSEMBLY_FLAGS.ASSEMBLY_FLAGS_FRAMEWORK | ASSEMBLY_FLAGS.ASSEMBLY_FLAGS_SAFE_REFLECTION;
-
- foreach (string name in s_unsafeFrameworkAssemblyNames)
- {
- if (String.Compare(GetSimpleName(), name, StringComparison.OrdinalIgnoreCase) == 0)
- {
- flags &= ~ASSEMBLY_FLAGS.ASSEMBLY_FLAGS_SAFE_REFLECTION;
- break;
- }
- }
-
- // Each blessed API will be annotated with a "__DynamicallyInvokableAttribute".
- // This "__DynamicallyInvokableAttribute" is a type defined in its own assembly.
- // So the ctor is always a MethodDef and the type a TypeDef.
- // We cache this ctor MethodDef token for faster custom attribute lookup.
- // If this attribute type doesn't exist in the assembly, it means the assembly
- // doesn't contain any blessed APIs.
- Type invocableAttribute = GetType("__DynamicallyInvokableAttribute", false);
- if (invocableAttribute != null)
- {
- Contract.Assert(((MetadataToken)invocableAttribute.MetadataToken).IsTypeDef);
-
- ConstructorInfo ctor = invocableAttribute.GetConstructor(Type.EmptyTypes);
- Contract.Assert(ctor != null);
-
- int token = ctor.MetadataToken;
- Contract.Assert(((MetadataToken)token).IsMethodDef);
-
- flags |= (ASSEMBLY_FLAGS)token & ASSEMBLY_FLAGS.ASSEMBLY_FLAGS_TOKEN_MASK;
- }
- }
- else if (IsDesignerBindingContext())
- {
- flags = ASSEMBLY_FLAGS.ASSEMBLY_FLAGS_SAFE_REFLECTION;
- }
-#endif
+ ASSEMBLY_FLAGS flags = ASSEMBLY_FLAGS.ASSEMBLY_FLAGS_UNKNOWN
+ | ASSEMBLY_FLAGS.ASSEMBLY_FLAGS_FRAMEWORK | ASSEMBLY_FLAGS.ASSEMBLY_FLAGS_SAFE_REFLECTION;
m_flags = flags | ASSEMBLY_FLAGS.ASSEMBLY_FLAGS_INITIALIZED;
}
return m_flags;
}
}
-#endif // FEATURE_CORECLR
+#endif // FEATURE_APPX
internal object SyncRoot
{
public override String CodeBase
{
-#if FEATURE_CORECLR
[System.Security.SecurityCritical] // auto-generated
-#else
- [System.Security.SecuritySafeCritical]
-#endif
get {
String codeBase = GetCodeBase(false);
VerifyCodeBaseDiscovery(codeBase);
// If the assembly is copied before it is loaded, the codebase will be set to the
// actual file loaded if copiedName is true. If it is false, then the original code base
// is returned.
-#if FEATURE_CORECLR
[System.Security.SecurityCritical] // auto-generated
-#else
- [System.Security.SecuritySafeCritical]
-#endif
public override AssemblyName GetName(bool copiedName)
{
AssemblyName an = new AssemblyName();
return an;
}
-#if FEATURE_APTCA
- // This method is called from the VM when creating conditional APTCA exceptions, in order to include
- // the text which must be added to the partial trust visible assembly list
- [SecurityCritical]
- [PermissionSet(SecurityAction.Assert, Unrestricted = true)]
- private string GetNameForConditionalAptca()
- {
- AssemblyName assemblyName = GetName();
- return assemblyName.GetNameWithPublicKey();
-
- }
-#endif // FEATURE_APTCA
-
[System.Security.SecurityCritical] // auto-generated
[DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode)]
[SuppressUnmanagedCodeSecurity]
return GetManifestResourceStream(name, ref stackMark, false);
}
-#if FEATURE_CAS_POLICY
- [System.Security.SecurityCritical] // auto-generated
- [DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode)]
- [SuppressUnmanagedCodeSecurity]
- private extern static void GetEvidence(RuntimeAssembly assembly, ObjectHandleOnStack retEvidence);
-
- [SecurityCritical]
- [DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode)]
- [SuppressUnmanagedCodeSecurity]
- private extern static SecurityRuleSet GetSecurityRuleSet(RuntimeAssembly assembly);
-
- public override Evidence Evidence
- {
- [SecuritySafeCritical]
- [SecurityPermissionAttribute( SecurityAction.Demand, ControlEvidence = true )]
- get
- {
- Evidence evidence = EvidenceNoDemand;
- return evidence.Clone();
- }
- }
-
- internal Evidence EvidenceNoDemand
- {
- [SecurityCritical]
- get
- {
- Evidence evidence = null;
- GetEvidence(GetNativeHandle(), JitHelpers.GetObjectHandleOnStack(ref evidence));
- return evidence;
- }
- }
-
- public override PermissionSet PermissionSet
- {
- [SecurityCritical]
- get
- {
- PermissionSet grantSet = null;
- PermissionSet deniedSet = null;
-
- GetGrantSet(out grantSet, out deniedSet);
-
- if (grantSet != null)
- {
- return grantSet.Copy();
- }
- else
- {
- return new PermissionSet(PermissionState.Unrestricted);
- }
- }
- }
-
- public override SecurityRuleSet SecurityRuleSet
- {
- [SecuritySafeCritical]
- get
- {
- return GetSecurityRuleSet(GetNativeHandle());
- }
- }
-#endif // FEATURE_CAS_POLICY
-
// ISerializable implementation
[System.Security.SecurityCritical] // auto-generated_required
public override void GetObjectData(SerializationInfo info, StreamingContext context)
{
return CustomAttribute.GetCustomAttributes(this, typeof(object) as RuntimeType);
}
-
+
public override Object[] GetCustomAttributes(Type attributeType, bool inherit)
{
if (attributeType == null)
{
return CustomAttributeData.GetCustomAttributesInternal(this);
}
-
+
[System.Security.SecurityCritical] // auto-generated
[MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable
internal static RuntimeAssembly InternalLoadFrom(String assemblyFile,
Contract.EndContractBlock();
-#if FEATURE_CAS_POLICY
- if (securityEvidence != null && !AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled)
- {
- throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyImplicit"));
- }
-#endif // FEATURE_CAS_POLICY
AssemblyName an = new AssemblyName();
an.CodeBase = assemblyFile;
an.SetHashControl(hashValue, hashAlgorithm);
if (assemblySecurity != null)
{
-#if FEATURE_CAS_POLICY
- if (!AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled)
- {
- throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyImplicit"));
- }
-#endif // FEATURE_CAS_POLICY
-
if (!suppressSecurityChecks)
{
#pragma warning disable 618
}
}
-
String codeBase = VerifyCodeBase(assemblyRef.CodeBase);
- if (codeBase != null && !suppressSecurityChecks) {
-
- if (String.Compare( codeBase, 0, s_localFilePrefix, 0, 5, StringComparison.OrdinalIgnoreCase) != 0) {
-#if FEATURE_FUSION // Of all the binders, Fusion is the only one that understands Web locations
- IPermission perm = CreateWebPermission( assemblyRef.EscapedCodeBase );
- perm.Demand();
-#else
+ if (codeBase != null && !suppressSecurityChecks)
+ {
+ if (String.Compare( codeBase, 0, s_localFilePrefix, 0, 5, StringComparison.OrdinalIgnoreCase) != 0)
+ {
+ // Of all the binders, Fusion is the only one that understands Web locations
throw new ArgumentException(Environment.GetResourceString("Arg_InvalidFileName"), "assemblyRef.CodeBase");
-#endif
}
- else {
+ else
+ {
System.Security.Util.URLString urlString = new System.Security.Util.URLString( codeBase, true );
new FileIOPermission( FileIOPermissionAccess.PathDiscovery | FileIOPermissionAccess.Read , urlString.GetFileName() ).Demand();
- }
+ }
}
return nLoad(assemblyRef, codeBase, assemblySecurity, reqAssembly, ref stackMark,
String codeBase,
Evidence assemblySecurity,
RuntimeAssembly locationHint,
- ref StackCrawlMark stackMark,
+ ref StackCrawlMark stackMark,
IntPtr pPrivHostBinder,
- bool throwOnFileNotFound,
+ bool throwOnFileNotFound,
bool forIntrospection,
bool suppressSecurityChecks,
IntPtr ptrLoadContextBinder);
-#if !FEATURE_CORECLR
- // The NGEN task uses this method, so please do not modify its signature
- [System.Security.SecurityCritical] // auto-generated
- [MethodImplAttribute(MethodImplOptions.InternalCall)]
- private static extern bool IsFrameworkAssembly(AssemblyName assemblyName);
-
- [System.Security.SecurityCritical]
- [MethodImplAttribute(MethodImplOptions.InternalCall)]
- internal static extern bool IsNewPortableAssembly(AssemblyName assemblyName);
-#endif
-
[System.Security.SecurityCritical] // auto-generated
private static RuntimeAssembly nLoad(AssemblyName fileName,
String codeBase,
throwOnFileNotFound, forIntrospection, suppressSecurityChecks, ptrLoadContextBinder);
}
-#if FEATURE_FUSION
- // used by vm
- [System.Security.SecurityCritical] // auto-generated
- [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable
- private static unsafe RuntimeAssembly LoadWithPartialNameHack(String partialName, bool cropPublicKey)
- {
- StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller;
-
- AssemblyName an = new AssemblyName(partialName);
-
- if (!IsSimplyNamed(an))
- {
- if (cropPublicKey)
- {
- an.SetPublicKey(null);
- an.SetPublicKeyToken(null);
- }
-
- if(IsFrameworkAssembly(an) || !AppDomain.IsAppXModel())
- {
- AssemblyName GACAssembly = EnumerateCache(an);
- if(GACAssembly != null)
- return InternalLoadAssemblyName(GACAssembly, null, null,ref stackMark, true /*thrownOnFileNotFound*/, false, false);
- else
- return null;
- }
- }
-
- if (AppDomain.IsAppXModel())
- {
- // also try versionless bind from the package
- an.Version = null;
- return nLoad(an, null, null, null, ref stackMark,
- IntPtr.Zero,
- false, false, false);
- }
- return null;
-
- }
-
-#if !FEATURE_CORECLR
- [System.Security.SecurityCritical] // auto-generated
- internal static RuntimeAssembly LoadWithPartialNameInternal(String partialName, Evidence securityEvidence, ref StackCrawlMark stackMark)
- {
- AssemblyName an = new AssemblyName(partialName);
- return LoadWithPartialNameInternal(an, securityEvidence, ref stackMark);
- }
-
- [System.Security.SecurityCritical] // auto-generated
- internal static RuntimeAssembly LoadWithPartialNameInternal(AssemblyName an, Evidence securityEvidence, ref StackCrawlMark stackMark)
- {
- if (securityEvidence != null)
- {
-#if FEATURE_CAS_POLICY
- if (!AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled)
- {
- throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyImplicit"));
- }
-#endif // FEATURE_CAS_POLICY
- new SecurityPermission(SecurityPermissionFlag.ControlEvidence).Demand();
- }
-
- AppDomain.CheckLoadWithPartialNameSupported(stackMark);
-
- RuntimeAssembly result = null;
- try {
- result = nLoad(an, null, securityEvidence, null, ref stackMark,
- IntPtr.Zero,
- true, false, false);
- }
- catch(Exception e) {
- if (e.IsTransient)
- throw e;
-
- if (IsUserError(e))
- throw;
-
-
- if(IsFrameworkAssembly(an) || !AppDomain.IsAppXModel())
- {
- if (IsSimplyNamed(an))
- return null;
-
- AssemblyName GACAssembly = EnumerateCache(an);
- if(GACAssembly != null)
- result = InternalLoadAssemblyName(GACAssembly, securityEvidence, null, ref stackMark, true /*thrownOnFileNotFound*/, false, false);
- }
- else
- {
- an.Version = null;
- result = nLoad(an, null, securityEvidence, null, ref stackMark,
- IntPtr.Zero,
- false, false, false);
- }
- }
-
-
- return result;
- }
-#endif // !FEATURE_CORECLR
-
- [SecuritySafeCritical]
- private static bool IsUserError(Exception e)
- {
- return (uint)e.HResult == COR_E_LOADING_REFERENCE_ASSEMBLY;
- }
-
- private static bool IsSimplyNamed(AssemblyName partialName)
- {
- byte[] pk = partialName.GetPublicKeyToken();
- if ((pk != null) &&
- (pk.Length == 0))
- return true;
-
- pk = partialName.GetPublicKey();
- if ((pk != null) &&
- (pk.Length == 0))
- return true;
-
- return false;
- }
-
- [System.Security.SecurityCritical] // auto-generated
- private static AssemblyName EnumerateCache(AssemblyName partialName)
- {
- new SecurityPermission(SecurityPermissionFlag.UnmanagedCode).Assert();
-
- partialName.Version = null;
-
- ArrayList a = new ArrayList();
- Fusion.ReadCache(a, partialName.FullName, ASM_CACHE.GAC);
-
- IEnumerator myEnum = a.GetEnumerator();
- AssemblyName ainfoBest = null;
- CultureInfo refCI = partialName.CultureInfo;
-
- while (myEnum.MoveNext()) {
- AssemblyName ainfo = new AssemblyName((String)myEnum.Current);
-
- if (CulturesEqual(refCI, ainfo.CultureInfo)) {
- if (ainfoBest == null)
- ainfoBest = ainfo;
- else {
- // Choose highest version
- if (ainfo.Version > ainfoBest.Version)
- ainfoBest = ainfo;
- }
- }
- }
-
- return ainfoBest;
- }
-
- private static bool CulturesEqual(CultureInfo refCI, CultureInfo defCI)
- {
- bool defNoCulture = defCI.Equals(CultureInfo.InvariantCulture);
-
- // cultured asms aren't allowed to be bound to if
- // the ref doesn't ask for them specifically
- if ((refCI == null) || refCI.Equals(CultureInfo.InvariantCulture))
- return defNoCulture;
-
- if (defNoCulture ||
- ( !defCI.Equals(refCI) ))
- return false;
-
- return true;
- }
-#endif // FEATURE_FUSION
-
[System.Security.SecurityCritical] // auto-generated
[MethodImplAttribute(MethodImplOptions.InternalCall)]
private static extern bool IsReflectionOnly(RuntimeAssembly assembly);
}
}
-#if FEATURE_CORECLR
// Loads the assembly with a COFF based IMAGE containing
// an emitted assembly. The assembly is loaded into the domain
// of the caller. Currently is implemented only for UnmanagedMemoryStream
return assembly;
}
}
-#endif //FEATURE_CORECLR
-
-#if FEATURE_MULTIMODULE_ASSEMBLIES
- [System.Security.SecurityCritical] // auto-generated
- [DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode)]
- [SuppressUnmanagedCodeSecurity]
- private extern static void LoadModule(RuntimeAssembly assembly,
- String moduleName,
- byte[] rawModule, int cbModule,
- byte[] rawSymbolStore, int cbSymbolStore,
- ObjectHandleOnStack retModule);
-
- [SecurityPermissionAttribute(SecurityAction.Demand, ControlEvidence = true)]
- [System.Security.SecuritySafeCritical] // auto-generated
- public override Module LoadModule(String moduleName, byte[] rawModule, byte[] rawSymbolStore)
- {
- RuntimeModule retModule = null;
- LoadModule(
- GetNativeHandle(),
- moduleName,
- rawModule,
- (rawModule != null) ? rawModule.Length : 0,
- rawSymbolStore,
- (rawSymbolStore != null) ? rawSymbolStore.Length : 0,
- JitHelpers.GetObjectHandleOnStack(ref retModule));
-
- return retModule;
- }
-#endif //FEATURE_MULTIMODULE_ASSEMBLIES
// Returns the module in this assembly with name 'name'
// Returns the file in the File table of the manifest that matches the
// given name. (Name should not include path.)
-#if FEATURE_CORECLR
[System.Security.SecurityCritical] // auto-generated
-#else
- [System.Security.SecuritySafeCritical]
-#endif
public override FileStream GetFile(String name)
{
RuntimeModule m = (RuntimeModule)GetModule(name);
FileAccess.Read, FileShare.Read, FileStream.DefaultBufferSize, false);
}
-#if FEATURE_CORECLR
[System.Security.SecurityCritical] // auto-generated
-#else
- [System.Security.SecuritySafeCritical]
-#endif
public override FileStream[] GetFiles(bool getResourceModules)
{
Module[] m = GetModules(getResourceModules);
return fs;
}
-
// Returns the names of all the resources
[System.Security.SecurityCritical] // auto-generated
[MethodImplAttribute(MethodImplOptions.InternalCall)]
{
return GetManifestResourceNames(GetNativeHandle());
}
-
-
+
[System.Security.SecurityCritical] // auto-generated
[DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode)]
[SuppressUnmanagedCodeSecurity]
public override String Location
{
-#if FEATURE_CORECLR
[System.Security.SecurityCritical] // auto-generated
-#else
- [System.Security.SecuritySafeCritical]
-#endif
get {
String location = null;
[System.Security.SecuritySafeCritical] // auto-generated
get
{
-#if FEATURE_CORECLR
return false;
-#else
- return IsGlobalAssemblyCache(GetNativeHandle());
-#endif
}
}
[System.Security.SecuritySafeCritical] // auto-generated
get
{
-#if FEATURE_CORECLR
return 0;
-#else
- return GetHostContext(GetNativeHandle());
-#endif
}
}
if(name != null)
sb.Append(name);
-
- return GetManifestResourceStream(sb.ToString(), ref stackMark, skipSecurityCheck);
- }
-#if FEATURE_CAS_POLICY
- internal bool IsStrongNameVerified
- {
- [System.Security.SecurityCritical] // auto-generated
- get { return GetIsStrongNameVerified(GetNativeHandle()); }
+ return GetManifestResourceStream(sb.ToString(), ref stackMark, skipSecurityCheck);
}
- [System.Security.SecurityCritical] // auto-generated
- [DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode)]
- [SuppressUnmanagedCodeSecurity]
- private static extern bool GetIsStrongNameVerified(RuntimeAssembly assembly);
-#endif // FEATURE_CAS_POLICY
-
// GetResource will return a pointer to the resources in memory.
[System.Security.SecurityCritical] // auto-generated
[DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode)]
[System.Security.SecurityCritical] // auto-generated
private void VerifyCodeBaseDiscovery(String codeBase)
{
-#if FEATURE_CAS_POLICY
- if (CodeAccessSecurityEngine.QuickCheckForAllDemands()) {
- return;
- }
-#endif // FEATURE_CAS_POLICY
-
if ((codeBase != null) &&
(String.Compare( codeBase, 0, s_localFilePrefix, 0, 5, StringComparison.OrdinalIgnoreCase) == 0)) {
System.Security.Util.URLString urlString = new System.Security.Util.URLString( codeBase, true );
return IsAllSecurityTransparent(GetNativeHandle());
}
-#if FEATURE_FUSION
- // demandFlag:
- // 0 demand PathDiscovery permission only
- // 1 demand Read permission only
- // 2 demand both Read and PathDiscovery
- // 3 demand Web permission only
- [System.Security.SecurityCritical] // auto-generated
- private static void DemandPermission(String codeBase, bool havePath,
- int demandFlag)
- {
- FileIOPermissionAccess access = FileIOPermissionAccess.PathDiscovery;
- switch(demandFlag) {
-
- case 0: // default
- break;
- case 1:
- access = FileIOPermissionAccess.Read;
- break;
- case 2:
- access = FileIOPermissionAccess.PathDiscovery | FileIOPermissionAccess.Read;
- break;
-
- case 3:
- IPermission perm = CreateWebPermission(AssemblyName.EscapeCodeBase(codeBase));
- perm.Demand();
- return;
- }
-
- if (!havePath) {
- System.Security.Util.URLString urlString = new System.Security.Util.URLString( codeBase, true );
- codeBase = urlString.GetFileName();
- }
-
- codeBase = Path.GetFullPathInternal(codeBase); // canonicalize
-
- new FileIOPermission(access, codeBase).Demand();
- }
-#endif
-
-#if FEATURE_FUSION
- private static IPermission CreateWebPermission( String codeBase )
- {
- Contract.Assert( codeBase != null, "Must pass in a valid CodeBase" );
- Assembly sys = Assembly.Load("System, Version=" + ThisAssembly.Version + ", Culture=neutral, PublicKeyToken=" + AssemblyRef.EcmaPublicKeyToken);
-
- Type type = sys.GetType("System.Net.NetworkAccess", true);
-
- IPermission retval = null;
- if (!type.IsEnum || !type.IsVisible)
- goto Exit;
-
- Object[] webArgs = new Object[2];
- webArgs[0] = (Enum) Enum.Parse(type, "Connect", true);
- if (webArgs[0] == null)
- goto Exit;
-
- webArgs[1] = codeBase;
-
- type = sys.GetType("System.Net.WebPermission", true);
-
- if (!type.IsVisible)
- goto Exit;
-
- retval = (IPermission) Activator.CreateInstance(type, webArgs);
-
- Exit:
- if (retval == null) {
- Contract.Assert( false, "Unable to create WebPermission" );
- throw new InvalidOperationException();
- }
-
- return retval;
- }
-#endif
// This method is called by the VM.
[System.Security.SecurityCritical]
private RuntimeModule OnModuleResolveEvent(String moduleName)
return InternalGetSatelliteAssembly(name, culture, version, true, ref stackMark);
}
-#if !FEATURE_CORECLR
- [System.Security.SecurityCritical] // auto-generated
- [DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode)]
- [SuppressUnmanagedCodeSecurity]
- [return: MarshalAs(UnmanagedType.Bool)]
- private static extern bool UseRelativeBindForSatellites();
-#endif
-
[System.Security.SecurityCritical] // auto-generated
[MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable
internal RuntimeAssembly InternalGetSatelliteAssembly(String name,
an.CultureInfo = culture;
an.Name = name;
- RuntimeAssembly retAssembly = null;
-
-#if !FEATURE_CORECLR
- bool bIsAppXDevMode = AppDomain.IsAppXDesignMode();
-
- bool useRelativeBind = false;
- if (CodeAccessSecurityEngine.QuickCheckForAllDemands())
- {
- if (IsFrameworkAssembly())
- useRelativeBind = true;
- else
- useRelativeBind = UseRelativeBindForSatellites();
- }
-
-
- if (bIsAppXDevMode || useRelativeBind)
- {
- if (GlobalAssemblyCache)
- {
- // lookup in GAC
- ArrayList a = new ArrayList();
- bool bTryLoadAnyway = false;
- try
- {
- Fusion.ReadCache(a, an.FullName, ASM_CACHE.GAC);
- }
- catch(Exception e)
- {
- if (e.IsTransient)
- throw;
-
- // We also catch any other exception types we haven't come across yet,
- // not just UnauthorizedAccessException.
-
- // We do not want this by itself to cause us to fail to load resources.
-
- // On Classic, try the old unoptimized way, for full compatibility with 4.0.
- // i.e. fall back to using nLoad.
- if (!AppDomain.IsAppXModel())
- bTryLoadAnyway = true;
-
- // On AppX:
- // Do not try nLoad since that would effectively allow Framework
- // resource satellite assemblies to be placed in AppX packages.
- // Instead, leave retAssembly == null. If we were called by the
- // ResourceManager, this will usually result in falling back to
- // the next culture in the resource fallback chain, possibly the
- // neutral culture.
-
- // Note: if throwOnFileNotFound is true, arbitrary
- // exceptions will be absorbed here and
- // FileNotFoundException will be thrown in their place.
- // (See below: "throw new FileNotFoundException").
- }
- if (a.Count > 0 || bTryLoadAnyway)
- {
- // present in the GAC, load it from there
- retAssembly = nLoad(an, null, null, this, ref stackMark,
- IntPtr.Zero,
- throwOnFileNotFound, false, false);
- }
- }
- else
- {
- String codeBase = CodeBase;
-
- if ((codeBase != null) &&
- (String.Compare(codeBase, 0, s_localFilePrefix, 0, 5, StringComparison.OrdinalIgnoreCase) == 0))
- {
- retAssembly = InternalProbeForSatelliteAssemblyNextToParentAssembly(an,
- name,
- codeBase,
- culture,
- throwOnFileNotFound,
- bIsAppXDevMode /* useLoadFile */, // if bIsAppXDevMode is false, then useRelativeBind is true.
- ref stackMark);
- if (retAssembly != null && !IsSimplyNamed(an))
- {
- AssemblyName defName = retAssembly.GetName();
- if (!AssemblyName.ReferenceMatchesDefinitionInternal(an,defName,false))
- retAssembly = null;
- }
- }
- else if (!bIsAppXDevMode)
- {
- retAssembly = nLoad(an, null, null, this, ref stackMark,
- IntPtr.Zero,
- throwOnFileNotFound, false, false);
- }
- }
- }
- else
-#endif // !FEATURE_CORECLR
- {
- retAssembly = nLoad(an, null, null, this, ref stackMark,
- IntPtr.Zero,
- throwOnFileNotFound, false, false);
- }
+ RuntimeAssembly retAssembly = nLoad(an, null, null, this, ref stackMark,
+ IntPtr.Zero,
+ throwOnFileNotFound, false, false);
if (retAssembly == this || (retAssembly == null && throwOnFileNotFound))
{
// the .DLL and .EXE load attempts if the user is interested in digging deeper.
if (retAssembly == null && throwOnFileNotFound)
- throw dllNotFoundException;
+ throw dllNotFoundException;
}
}
catch (DirectoryNotFoundException)
ref StackCrawlMark stackMark,
bool fIntrospection,
SecurityContextSource securityContextSource);
-#if FEATURE_CORECLR
+
[System.Security.SecurityCritical] // auto-generated
[DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode)]
[SuppressUnmanagedCodeSecurity]
ulong pdbSize,
StackCrawlMarkHandle stackMark,
ObjectHandleOnStack retAssembly);
-#endif
[System.Security.SecurityCritical] // auto-generated
[DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode)]
[MethodImplAttribute(MethodImplOptions.InternalCall)]
internal static extern RuntimeModule GetManifestModule(RuntimeAssembly assembly);
-#if FEATURE_APTCA
- [System.Security.SecuritySafeCritical]
- [MethodImplAttribute(MethodImplOptions.InternalCall)]
- internal static extern bool AptcaCheck(RuntimeAssembly targetAssembly, RuntimeAssembly sourceAssembly);
-#endif // FEATURE_APTCA
-
[System.Security.SecurityCritical] // auto-generated
[MethodImplAttribute(MethodImplOptions.InternalCall)]
internal static extern int GetToken(RuntimeAssembly assembly);
_StrongNameKeyPair = keyPair;
}
-#if !FEATURE_CORECLR
- void _AssemblyName.GetTypeInfoCount(out uint pcTInfo)
- {
- throw new NotImplementedException();
- }
-
- void _AssemblyName.GetTypeInfo(uint iTInfo, uint lcid, IntPtr ppTInfo)
- {
- throw new NotImplementedException();
- }
-
- void _AssemblyName.GetIDsOfNames([In] ref Guid riid, IntPtr rgszNames, uint cNames, uint lcid, IntPtr rgDispId)
- {
- throw new NotImplementedException();
- }
-
- void _AssemblyName.Invoke(uint dispIdMember, [In] ref Guid riid, uint lcid, short wFlags, IntPtr pDispParams, IntPtr pVarResult, IntPtr pExcepInfo, IntPtr puArgErr)
- {
- throw new NotImplementedException();
- }
-#endif
-
-#if FEATURE_APTCA
- internal string GetNameWithPublicKey()
- {
- byte[] key = GetPublicKey();
-
- // The following string should not be localized because it is used in security decisions.
- return Name + ", PublicKey=" + System.Security.Util.Hex.EncodeHexString(key);
- }
-#endif
-
// This call opens and closes the file, but does not add the
// assembly to the domain.
[System.Security.SecurityCritical] // auto-generated
[System.Security.SecurityCritical] // auto-generated
[MethodImplAttribute(MethodImplOptions.InternalCall)]
private extern byte[] nGetPublicKeyToken();
-
+
[System.Security.SecurityCritical] // auto-generated
static internal String EscapeCodeBase(String codebase)
{
if (dest == null)
return codebase;
- return new string(dest, 0, position);
+ return new string(dest, 0, position);
}
// This implementation of EscapeString has been copied from System.Private.Uri from corefx repo
[InterfaceTypeAttribute(ComInterfaceType.InterfaceIsDual)]
[TypeLibImportClassAttribute(typeof(System.Reflection.Assembly))]
[CLSCompliant(false)]
-[System.Runtime.InteropServices.ComVisible(true)]
+ [System.Runtime.InteropServices.ComVisible(true)]
public interface _Assembly
{
-#if !FEATURE_CORECLR
- #region Object Members
- String ToString();
- bool Equals(Object other);
- int GetHashCode();
- Type GetType();
- #endregion
-
- #region Assembly Members
- String CodeBase {
-#if FEATURE_CORECLR
-[System.Security.SecurityCritical] // auto-generated
-#endif
-get; }
- String EscapedCodeBase { get; }
- #if FEATURE_CORECLR
- [System.Security.SecurityCritical] // auto-generated
- #endif
- AssemblyName GetName();
- #if FEATURE_CORECLR
- [System.Security.SecurityCritical] // auto-generated
- #endif
- AssemblyName GetName(bool copiedName);
- String FullName { get; }
- MethodInfo EntryPoint { get; }
- Type GetType(String name);
- Type GetType(String name, bool throwOnError);
- Type[] GetExportedTypes();
- Type[] GetTypes();
- Stream GetManifestResourceStream(Type type, String name);
- Stream GetManifestResourceStream(String name);
- #if FEATURE_CORECLR
- [System.Security.SecurityCritical] // auto-generated
- #endif
- FileStream GetFile(String name);
- FileStream[] GetFiles();
- #if FEATURE_CORECLR
- [System.Security.SecurityCritical] // auto-generated
- #endif
- FileStream[] GetFiles(bool getResourceModules);
- String[] GetManifestResourceNames();
- ManifestResourceInfo GetManifestResourceInfo(String resourceName);
- String Location {
-#if FEATURE_CORECLR
-[System.Security.SecurityCritical] // auto-generated
-#endif
-get; }
-#if FEATURE_CAS_POLICY
- Evidence Evidence { get; }
-#endif // FEATURE_CAS_POLICY
- Object[] GetCustomAttributes(Type attributeType, bool inherit);
- Object[] GetCustomAttributes(bool inherit);
- bool IsDefined(Type attributeType, bool inherit);
-#if FEATURE_SERIALIZATION
- [System.Security.SecurityCritical] // auto-generated_required
- void GetObjectData(SerializationInfo info, StreamingContext context);
-#endif
- [method: System.Security.SecurityCritical]
- event ModuleResolveEventHandler ModuleResolve;
- Type GetType(String name, bool throwOnError, bool ignoreCase);
- Assembly GetSatelliteAssembly(CultureInfo culture);
- Assembly GetSatelliteAssembly(CultureInfo culture, Version version);
-#if FEATURE_MULTIMODULE_ASSEMBLIES
- Module LoadModule(String moduleName, byte[] rawModule);
- Module LoadModule(String moduleName, byte[] rawModule, byte[] rawSymbolStore);
-#endif
- Object CreateInstance(String typeName);
- Object CreateInstance(String typeName, bool ignoreCase);
- Object CreateInstance(String typeName, bool ignoreCase, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes);
- Module[] GetLoadedModules();
- Module[] GetLoadedModules(bool getResourceModules);
- Module[] GetModules();
- Module[] GetModules(bool getResourceModules);
- Module GetModule(String name);
- AssemblyName[] GetReferencedAssemblies();
- bool GlobalAssemblyCache { get; }
- #endregion
-#endif
}
-
[GuidAttribute("f7102fa9-cabb-3a74-a6da-b4567ef1b079")]
[InterfaceTypeAttribute(ComInterfaceType.InterfaceIsIUnknown)]
[TypeLibImportClassAttribute(typeof(System.Reflection.MemberInfo))]
return false;
}
-#if FEATURE_APTCA
- // APTCA checks
- RuntimeAssembly attributeAssembly = (RuntimeAssembly)attributeType.Assembly;
- RuntimeAssembly decoratedModuleAssembly = (RuntimeAssembly)decoratedModule.Assembly;
-
- if (attributeAssembly != lastAptcaOkAssembly &&
- !RuntimeAssembly.AptcaCheck(attributeAssembly, decoratedModuleAssembly))
- return false;
-
- // Cache last successful APTCA check (optimization)
- lastAptcaOkAssembly = decoratedModuleAssembly;
-#endif // FEATURE_APTCA
-
// Resolve the attribute ctor
ConstArray ctorSig = scope.GetMethodSignature(caRecord.tkCtor);
isVarArg = (ctorSig[0] & 0x05) != 0;
}
else if (attribute.m_con.DeclaringType == typeof(SecurityCriticalAttribute))
{
-#if !FEATURE_CORECLR
- SecurityCriticalScope scope = SecurityCriticalScope.Everything;
- if (attribute.m_constructorArgs != null &&
- attribute.m_constructorArgs.Length == 1 &&
- attribute.m_constructorArgs[0] is SecurityCriticalScope)
- {
- scope = (SecurityCriticalScope)attribute.m_constructorArgs[0];
- }
-
- assemblyFlags |= DynamicAssemblyFlags.Critical;
- if (scope == SecurityCriticalScope.Everything)
-#endif // !FEATURE_CORECLR
{
assemblyFlags |= DynamicAssemblyFlags.AllCritical;
}
}
-#if !FEATURE_CORECLR
- else if (attribute.m_con.DeclaringType == typeof(SecurityRulesAttribute))
- {
- securityRulesBlob = new byte[attribute.m_blob.Length];
- Buffer.BlockCopy(attribute.m_blob, 0, securityRulesBlob, 0, securityRulesBlob.Length);
- }
- else if (attribute.m_con.DeclaringType == typeof(SecurityTreatAsSafeAttribute))
- {
- assemblyFlags |= DynamicAssemblyFlags.TreatAsSafe;
- }
-#endif // !FEATURE_CORECLR
-#if FEATURE_APTCA
- else if (attribute.m_con.DeclaringType == typeof(AllowPartiallyTrustedCallersAttribute))
- {
- assemblyFlags |= DynamicAssemblyFlags.Aptca;
- aptcaBlob = new byte[attribute.m_blob.Length];
- Buffer.BlockCopy(attribute.m_blob, 0, aptcaBlob, 0, aptcaBlob.Length);
- }
-#endif // FEATURE_APTCA
}
#pragma warning restore 618
}
ISymbolWriter writer = null;
IntPtr pInternalSymWriter = new IntPtr();
- // create the dynamic module
-
-#if FEATURE_MULTIMODULE_ASSEMBLIES
-
-#if FEATURE_CORECLR
-#error FEATURE_MULTIMODULE_ASSEMBLIES should always go with !FEATURE_CORECLR
-#endif //FEATURE_CORECLR
-
- m_assemblyData.CheckNameConflict(name);
-
- if (m_fManifestModuleUsedAsDefinedModule == true)
- { // We need to define a new module
- int tkFile;
- InternalModuleBuilder internalDynModule = (InternalModuleBuilder)DefineDynamicModule(
- InternalAssembly,
- emitSymbolInfo,
- name,
- name,
- ref stackMark,
- ref pInternalSymWriter,
- true /*fIsTransient*/,
- out tkFile);
- dynModule = new ModuleBuilder(this, internalDynModule);
-
- // initialize the dynamic module's managed side information
- dynModule.Init(name, null, tkFile);
- }
- else
- { // We will reuse the manifest module
- m_manifestModuleBuilder.ModifyModuleName(name);
- dynModule = m_manifestModuleBuilder;
-
- if (emitSymbolInfo)
- {
- pInternalSymWriter = ModuleBuilder.nCreateISymWriterForDynamicModule(dynModule.InternalModule, name);
- }
- }
-
-#else // FEATURE_MULTIMODULE_ASSEMBLIES
- // Without FEATURE_MULTIMODULE_ASSEMBLIES only one ModuleBuilder per AssemblyBuilder can be created
+ // create the dynamic module- only one ModuleBuilder per AssemblyBuilder can be created
if (m_fManifestModuleUsedAsDefinedModule == true)
throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_NoMultiModuleAssembly"));
// Init(...) has already been called on m_manifestModuleBuilder in InitManifestModule()
dynModule = m_manifestModuleBuilder;
-#endif // FEATURE_MULTIMODULE_ASSEMBLIES
// Create the symbol writer
if (emitSymbolInfo)
{
-#if FEATURE_MULTIMODULE_ASSEMBLIES && !FEATURE_CORECLR
- // this is the code path for the desktop runtime
-
- // create the default SymWriter
- Assembly assem = LoadISymWrapper();
- Type symWriter = assem.GetType("System.Diagnostics.SymbolStore.SymWriter", true, false);
- if (symWriter != null && !symWriter.IsVisible)
- symWriter = null;
-
- if (symWriter == null)
- {
- // cannot find SymWriter - throw TypeLoadException since we couldnt find the type.
- throw new TypeLoadException(Environment.GetResourceString(ResId.MissingType, "SymWriter"));
- }
-
- new SecurityPermission(SecurityPermissionFlag.UnmanagedCode).Demand();
-
- try
- {
- (new PermissionSet(PermissionState.Unrestricted)).Assert();
- writer = (ISymbolWriter)Activator.CreateInstance(symWriter);
-
- // Set the underlying writer for the managed writer
- // that we're using. Note that this function requires
- // unmanaged code access.
- writer.SetUnderlyingWriter(pInternalSymWriter);
- }
- finally
- {
- CodeAccessPermission.RevertAssert();
- }
-#endif // FEATURE_MULTIMODULE_ASSEMBLIES && !FEATURE_CORECLR
-
-#if !FEATURE_MULTIMODULE_ASSEMBLIES && FEATURE_CORECLR
- // this is the code path for CoreCLR
-
writer = SymWrapperCore.SymWriter.CreateSymWriter();
// Set the underlying writer for the managed writer
// that we're using. Note that this function requires
// In Telesto, we took the SetUnderlyingWriter method private as it's a very rickety method.
// This might someday be a good move for the desktop CLR too.
((SymWrapperCore.SymWriter)writer).InternalSetUnderlyingWriter(pInternalSymWriter);
-#endif // !FEATURE_MULTIMODULE_ASSEMBLIES && FEATURE_CORECLR
} // Creating the symbol writer
dynModule.SetSymWriter(writer);
return dynModule;
} // DefineDynamicModuleInternalNoLock
-
-#if !FEATURE_CORECLR
- // All dynamic modules in SilverLight are transient so we removed this overload of DefineDynamicModule
- // Note that it is assumed that !FEATURE_CORECLR always goes with FEATURE_MULTIMODULE_ASSEMBLIES
- // If we ever will build a non coreclr version of the runtime without FEATURE_MULTIMODULE_ASSEMBLIES
- // we will need to make the same changes here as the ones we made in the transient overload
-
- /**********************************************
- *
- * Defines a named dynamic module. It is an error to define multiple
- * modules within an Assembly with the same name. No symbol information
- * will be emitted.
- *
- **********************************************/
- [System.Security.SecuritySafeCritical] // auto-generated
- [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable
- public ModuleBuilder DefineDynamicModule(
- String name,
- String fileName)
- {
- Contract.Ensures(Contract.Result<ModuleBuilder>() != null);
-
- StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller;
-
- // delegate to the next DefineDynamicModule
- return DefineDynamicModuleInternal(name, fileName, false, ref stackMark);
- }
-
- /**********************************************
- *
- * Emit symbol information if emitSymbolInfo is true using the
- * default symbol writer interface.
- * An exception will be thrown if the assembly is transient.
- *
- **********************************************/
- [System.Security.SecuritySafeCritical] // auto-generated
- [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable
- public ModuleBuilder DefineDynamicModule(
- String name, // module name
- String fileName, // module file name
- bool emitSymbolInfo) // specify if emit symbol info or not
- {
- Contract.Ensures(Contract.Result<ModuleBuilder>() != null);
-
- StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller;
- return DefineDynamicModuleInternal(name, fileName, emitSymbolInfo, ref stackMark);
- }
-
- [System.Security.SecurityCritical] // auto-generated
- private ModuleBuilder DefineDynamicModuleInternal(
- String name, // module name
- String fileName, // module file name
- bool emitSymbolInfo, // specify if emit symbol info or not
- ref StackCrawlMark stackMark) // stack crawl mark used to find caller
- {
- lock(SyncRoot)
- {
- return DefineDynamicModuleInternalNoLock(name, fileName, emitSymbolInfo, ref stackMark);
- }
- }
-
- // "name" will be used for:
- // 1. The Name field in the Module table.
- // 2. ModuleBuilder.GetModule(string).
- // "fileName" will be used for:
- // 1. The name field in the ModuleRef table when this module is being referenced by
- // another module in the same assembly.
- // 2. .file record in the in memory assembly manifest when the module is created in memory
- // 3. .file record in the on disk assembly manifest when the assembly is saved to disk
- // 4. The file name of the saved module.
- [System.Security.SecurityCritical] // auto-generated
- private ModuleBuilder DefineDynamicModuleInternalNoLock(
- String name, // module name
- String fileName, // module file name
- bool emitSymbolInfo, // specify if emit symbol info or not
- ref StackCrawlMark stackMark) // stack crawl mark used to find caller
- {
- if (name == null)
- throw new ArgumentNullException(nameof(name));
- if (name.Length == 0)
- throw new ArgumentException(Environment.GetResourceString("Argument_EmptyName"), nameof(name));
- if (name[0] == '\0')
- throw new ArgumentException(Environment.GetResourceString("Argument_InvalidName"), nameof(name));
-
- if (fileName == null)
- throw new ArgumentNullException(nameof(fileName));
- if (fileName.Length == 0)
- throw new ArgumentException(Environment.GetResourceString("Argument_EmptyFileName"), nameof(fileName));
- if (!String.Equals(fileName, Path.GetFileName(fileName)))
- throw new ArgumentException(Environment.GetResourceString("Argument_NotSimpleFileName"), nameof(fileName));
- Contract.Ensures(Contract.Result<ModuleBuilder>() != null);
- Contract.EndContractBlock();
-
- BCLDebug.Log("DYNIL", "## DYNIL LOGGING: AssemblyBuilder.DefineDynamicModule( " + name + ", " + fileName + ", " + emitSymbolInfo + " )");
- if (m_assemblyData.m_access == AssemblyBuilderAccess.Run)
- {
- // Error! You cannot define a persistable module within a transient data.
- throw new NotSupportedException(Environment.GetResourceString("Argument_BadPersistableModuleInTransientAssembly"));
- }
-
- if (m_assemblyData.m_isSaved == true)
- {
- // assembly has been saved before!
- throw new InvalidOperationException(Environment.GetResourceString(
- "InvalidOperation_CannotAlterAssembly"));
- }
-
- ModuleBuilder dynModule;
- ISymbolWriter writer = null;
- IntPtr pInternalSymWriter = new IntPtr();
-
- // create the dynamic module
-
- m_assemblyData.CheckNameConflict(name);
- m_assemblyData.CheckFileNameConflict(fileName);
-
- int tkFile;
- InternalModuleBuilder internalDynModule = (InternalModuleBuilder)DefineDynamicModule(
- InternalAssembly,
- emitSymbolInfo,
- name,
- fileName,
- ref stackMark,
- ref pInternalSymWriter,
- false /*fIsTransient*/,
- out tkFile);
- dynModule = new ModuleBuilder(this, internalDynModule);
-
- // initialize the dynamic module's managed side information
- dynModule.Init(name, fileName, tkFile);
-
- // Create the symbol writer
- if (emitSymbolInfo)
- {
- // create the default SymWriter
- Assembly assem = LoadISymWrapper();
- Type symWriter = assem.GetType("System.Diagnostics.SymbolStore.SymWriter", true, false);
- if (symWriter != null && !symWriter.IsVisible)
- symWriter = null;
-
- if (symWriter == null)
- {
- // cannot find SymWriter - throw TypeLoadException since we couldnt find the type.
- throw new TypeLoadException(Environment.GetResourceString("MissingType", "SymWriter"));
- }
- try
- {
- (new PermissionSet(PermissionState.Unrestricted)).Assert();
- writer = (ISymbolWriter)Activator.CreateInstance(symWriter);
-
- // Set the underlying writer for the managed writer
- // that we're using. Note that this function requires
- // unmanaged code access.
- writer.SetUnderlyingWriter(pInternalSymWriter);
- }
- finally
- {
- CodeAccessPermission.RevertAssert();
- }
- }
-
- dynModule.SetSymWriter(writer);
-
- m_assemblyData.AddModule(dynModule);
-
- return dynModule;
- } // DefineDynamicModuleInternalNoLock
-#endif // !FEATURE_CORECLR
#endregion
private Assembly LoadISymWrapper()
}
}
-#if !FEATURE_CORECLR
- if (FrameworkEventSource.IsInitialized)
- {
- FrameworkEventSource.Log.ResourceManagerLookupFailed(BaseNameField, MainAssembly, culture.Name);
- }
-#endif
return null;
}
// The config file told us what satellites might be installed.
int pos = Array.IndexOf(installedSatellites, lookForCulture.Name);
-#if !FEATURE_CORECLR
- if (FrameworkEventSource.IsInitialized && FrameworkEventSource.Log.IsEnabled()) {
- if (pos < 0) {
- FrameworkEventSource.Log.ResourceManagerCultureNotFoundInConfigFile(BaseNameField, MainAssembly, lookForCulture.Name);
- }
- else {
- FrameworkEventSource.Log.ResourceManagerCultureFoundInConfigFile(BaseNameField, MainAssembly, lookForCulture.Name);
- }
- }
-#endif
return pos >= 0;
}
[System.Security.SecurityCritical] // auto-generated
private Hashtable GetSatelliteAssembliesFromConfig()
{
-#if FEATURE_FUSION
-
- String fileName = AppDomain.CurrentDomain.FusionStore.ConfigurationFileInternal;
- if (fileName == null) {
- return null;
- }
-
- // Don't do a security assert. We need to support semi-trusted
- // scenarios, but asserting here causes infinite resource lookups
- // while initializing security & looking up mscorlib's config file.
- // Use internal methods to bypass security checks.
-
- // If we're dealing with a local file name or a UNC path instead
- // of a URL, check to see if the file exists here for perf (avoids
- // throwing a FileNotFoundException).
- if (fileName.Length >= 2 &&
- ((fileName[1] == Path.VolumeSeparatorChar) || (fileName[0] == Path.DirectorySeparatorChar && fileName[1] == Path.DirectorySeparatorChar)) &&
- !File.InternalExists(fileName))
- return null;
-
- ConfigTreeParser parser = new ConfigTreeParser();
- String queryPath = "/configuration/satelliteassemblies";
- ConfigNode node = null;
- // Catch exceptions in case a web app doesn't have a config file.
- try {
- node = parser.Parse(fileName, queryPath, true);
- }
- catch(Exception) {}
-
- if (node == null) {
- return null;
- }
-
- // The application config file will contain sections like this:
- // <?xml version="1.0"?>
- // <configuration>
- // <satelliteassemblies>
- // <assembly name="mscorlib, Version=..., PublicKeyToken=...">
- // <culture>fr</culture>
- // </assembly>
- // <assembly name="UserAssembly, ...">
- // <culture>fr-FR</culture>
- // <culture>de-CH</culture>
- // </assembly>
- // <assembly name="UserAssembly2, ...">
- // </assembly>
- // </satelliteassemblies>
- // </configuration>
- Hashtable satelliteInfo = new Hashtable(StringComparer.OrdinalIgnoreCase);
- foreach(ConfigNode assemblyNode in node.Children) {
- if (!String.Equals(assemblyNode.Name, "assembly"))
- throw new ApplicationException(Environment.GetResourceString("XMLSyntax_InvalidSyntaxSatAssemTag", Path.GetFileName(fileName), assemblyNode.Name));
-
- if (assemblyNode.Attributes.Count == 0)
- throw new ApplicationException(Environment.GetResourceString("XMLSyntax_InvalidSyntaxSatAssemTagNoAttr", Path.GetFileName(fileName)));
-
- DictionaryEntry de = (DictionaryEntry) assemblyNode.Attributes[0];
- String assemblyName = (String) de.Value;
- if (!String.Equals(de.Key, "name") || String.IsNullOrEmpty(assemblyName) || assemblyNode.Attributes.Count > 1)
- throw new ApplicationException(Environment.GetResourceString("XMLSyntax_InvalidSyntaxSatAssemTagBadAttr", Path.GetFileName(fileName), de.Key, de.Value));
-
- ArrayList list = new ArrayList(5);
- foreach(ConfigNode child in assemblyNode.Children)
- if (child.Value != null)
- list.Add(child.Value);
-
- String[] satellites = new String[list.Count];
- for(int i=0; i<satellites.Length; i++) {
- String cultureName = (String)list[i];
- satellites[i] = cultureName;
-#if !FEATURE_CORECLR
- if (FrameworkEventSource.IsInitialized)
- {
- FrameworkEventSource.Log.ResourceManagerAddingCultureFromConfigFile(BaseNameField, MainAssembly, cultureName);
- }
-#endif
- }
-
- satelliteInfo.Add(assemblyName, satellites);
- }
-
- return satelliteInfo;
-#else
return null;
-#endif //FEATURE_FUSION
-
}
#endif // RESOURCE_SATELLITE_CONFIG
// participate in the security decisions in the AppDomain.
//
-namespace System.Security {
+namespace System.Security
+{
using System.Collections;
-#if FEATURE_CLICKONCE
- using System.Deployment.Internal.Isolation;
- using System.Deployment.Internal.Isolation.Manifest;
- using System.Runtime.Hosting;
-#endif
using System.Reflection;
using System.Security;
using System.Security.Permissions;
using System.Diagnostics.Contracts;
-[Serializable]
+ [Serializable]
[Flags]
[System.Runtime.InteropServices.ComVisible(true)]
public enum HostSecurityManagerOptions {
return inputEvidence;
}
-#if FEATURE_CLICKONCE
- [System.Security.SecurityCritical] // auto-generated
- [SecurityPermissionAttribute(SecurityAction.Assert, Unrestricted=true)]
- public virtual ApplicationTrust DetermineApplicationTrust(Evidence applicationEvidence, Evidence activatorEvidence, TrustManagerContext context)
- {
- if (applicationEvidence == null)
- throw new ArgumentNullException(nameof(applicationEvidence));
- Contract.EndContractBlock();
-
- // This method looks for a trust decision for the ActivationContext in three locations, in order
- // of preference:
- //
- // 1. Supplied by the host in the AppDomainSetup. If the host supplied a decision this way, it
- // will be in the applicationEvidence.
- // 2. Reuse the ApplicationTrust from the current AppDomain
- // 3. Ask the TrustManager for a trust decision
-
- // get the activation context from the application evidence.
- // The default HostSecurityManager does not examine the activatorEvidence
- // but other security managers could use it to figure out the
- // evidence of the domain attempting to activate the application.
-
- ActivationArguments activationArgs = applicationEvidence.GetHostEvidence<ActivationArguments>();
- if (activationArgs == null)
- throw new ArgumentException(Environment.GetResourceString("Policy_MissingActivationContextInAppEvidence"));
-
- ActivationContext actCtx = activationArgs.ActivationContext;
- if (actCtx == null)
- throw new ArgumentException(Environment.GetResourceString("Policy_MissingActivationContextInAppEvidence"));
-
- // Make sure that any ApplicationTrust we find applies to the ActivationContext we're
- // creating the new AppDomain for.
- ApplicationTrust appTrust = applicationEvidence.GetHostEvidence<ApplicationTrust>();
- if (appTrust != null &&
- !CmsUtils.CompareIdentities(appTrust.ApplicationIdentity, activationArgs.ApplicationIdentity, ApplicationVersionMatch.MatchExactVersion))
- {
- appTrust = null;
- }
-
- // If there was not a trust decision supplied in the Evidence, we can reuse the existing trust
- // decision from this domain if its identity matches the ActivationContext of the new domain.
- // Otherwise consult the TrustManager for a trust decision
- if (appTrust == null)
- {
- if (AppDomain.CurrentDomain.ApplicationTrust != null &&
- CmsUtils.CompareIdentities(AppDomain.CurrentDomain.ApplicationTrust.ApplicationIdentity, activationArgs.ApplicationIdentity, ApplicationVersionMatch.MatchExactVersion))
- {
- appTrust = AppDomain.CurrentDomain.ApplicationTrust;
- }
- else
- {
- appTrust = ApplicationSecurityManager.DetermineApplicationTrustInternal(actCtx, context);
- }
- }
-
- // If the trust decision allows the application to run, then it should also have a permission set
- // which is at least the permission set the application requested.
- ApplicationSecurityInfo appRequest = new ApplicationSecurityInfo(actCtx);
- if (appTrust != null &&
- appTrust.IsApplicationTrustedToRun &&
- !appRequest.DefaultRequestSet.IsSubsetOf(appTrust.DefaultGrantSet.PermissionSet))
- {
- throw new InvalidOperationException(Environment.GetResourceString("Policy_AppTrustMustGrantAppRequest"));
- }
-
- return appTrust;
- }
-#endif // FEATURE_CLICKONCE
-
-#if FEATURE_CAS_POLICY
- // Query the CLR to see what it would have granted a specific set of evidence
- public virtual PermissionSet ResolvePolicy(Evidence evidence)
- {
- if (evidence == null)
- throw new ArgumentNullException(nameof(evidence));
- Contract.EndContractBlock();
-
- //
- // If the evidence is from the GAC then the result is full trust.
- // In a homogenous domain, then the application trust object provides the grant set.
- // When CAS policy is disabled, the result is full trust.
- // Otherwise, the result comes from evaluating CAS policy.
- //
-
- if (evidence.GetHostEvidence<GacInstalled>() != null)
- {
- return new PermissionSet(PermissionState.Unrestricted);
- }
- else if (AppDomain.CurrentDomain.IsHomogenous)
- {
- return AppDomain.CurrentDomain.GetHomogenousGrantSet(evidence);
- }
- else if (!AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled)
- {
- return new PermissionSet(PermissionState.Unrestricted);
- }
- else
- {
- return SecurityManager.PolicyManager.CodeGroupResolve(evidence, false);
- }
- }
-#endif
-
/// <summary>
/// Determine what types of evidence the host might be able to supply for the AppDomain if requested
/// </summary>
// Callers should have already made checks for invalid path format via normalization. This method will only make the
// additional checks needed to throw the same exceptions that would normally throw when using FileIOPermission.
// These checks are done via CheckIllegalCharacters() and StringExpressionSet in AddPathList() above.
- //
- // We have to check the beginning as some paths may be passed in as path + @"\.", which will be normalized away.
-#if !FEATURE_CORECLR
- BCLDebug.Assert(
- fullPath.StartsWith(Path.NormalizePath(fullPath, fullCheck: false), StringComparison.OrdinalIgnoreCase),
- string.Format("path isn't normalized: {0}", fullPath));
-#endif
#if !PLATFORM_UNIX
// Checking for colon / invalid characters on device paths blocks legitimate access to objects such as named pipes.
- if (
- #if FEATURE_PATHCOMPAT
- AppContextSwitches.UseLegacyPathHandling ||
- #endif
- !PathInternal.IsDevice(fullPath))
+ if (!PathInternal.IsDevice(fullPath))
{
// GetFullPath already checks normal invalid path characters. We need to just check additional (wildcard) characters here.
// (By calling the standard helper we can allow extended paths \\?\ through when the support is enabled.)
// The .NET Foundation licenses this file to you under the MIT license.
// See the LICENSE file in the project root for more information.
-//
-
-//
//
// This class encapsulates security decisions about an application.
//
-namespace System.Security.Policy {
+namespace System.Security.Policy
+{
using System.Collections;
using System.Collections.Generic;
-#if FEATURE_CLICKONCE
- using System.Deployment.Internal.Isolation;
- using System.Deployment.Internal.Isolation.Manifest;
-#endif
using System.Globalization;
using System.IO;
using System.Runtime.InteropServices;
[Serializable]
public sealed class ApplicationTrust : EvidenceBase, ISecurityEncodable
{
-#if FEATURE_CLICKONCE
- private ApplicationIdentity m_appId;
- private bool m_appTrustedToRun;
- private bool m_persist;
-
- private object m_extraInfo;
- private SecurityElement m_elExtraInfo;
-#endif
private PolicyStatement m_psDefaultGrant;
private IList<StrongName> m_fullTrustAssemblies;
[NonSerialized]
private int m_grantSetSpecialFlags;
-#if FEATURE_CLICKONCE
- public ApplicationTrust (ApplicationIdentity applicationIdentity) : this () {
- ApplicationIdentity = applicationIdentity;
- }
-#endif
public ApplicationTrust () : this (new PermissionSet(PermissionState.None))
{
}
DefaultGrantSet = new PolicyStatement(defaultGrantSet);
}
-#if FEATURE_CLICKONCE
- public ApplicationIdentity ApplicationIdentity {
- get {
- return m_appId;
- }
- set {
- if (value == null)
- throw new ArgumentNullException(nameof(value), Environment.GetResourceString("Argument_InvalidAppId"));
- Contract.EndContractBlock();
- m_appId = value;
- }
- }
-#endif
public PolicyStatement DefaultGrantSet {
get {
if (m_psDefaultGrant == null)
return m_fullTrustAssemblies;
}
}
-#if FEATURE_CLICKONCE
- public bool IsApplicationTrustedToRun {
- get {
- return m_appTrustedToRun;
- }
- set {
- m_appTrustedToRun = value;
- }
- }
-
- public bool Persist {
- get {
- return m_persist;
- }
- set {
- m_persist = value;
- }
- }
-
- public object ExtraInfo {
- get {
- if (m_elExtraInfo != null) {
- m_extraInfo = ObjectFromXml(m_elExtraInfo);
- m_elExtraInfo = null;
- }
- return m_extraInfo;
- }
- set {
- m_elExtraInfo = null;
- m_extraInfo = value;
- }
- }
-#endif //FEATURE_CLICKONCE
-
-#if FEATURE_CAS_POLICY
- public SecurityElement ToXml () {
- SecurityElement elRoot = new SecurityElement("ApplicationTrust");
- elRoot.AddAttribute("version", "1");
-
-#if FEATURE_CLICKONCE
- if (m_appId != null) {
- elRoot.AddAttribute("FullName", SecurityElement.Escape(m_appId.FullName));
- }
- if (m_appTrustedToRun) {
- elRoot.AddAttribute("TrustedToRun", "true");
- }
- if (m_persist) {
- elRoot.AddAttribute("Persist", "true");
- }
-#endif // FEATURE_CLICKONCE
-
- if (m_psDefaultGrant != null) {
- SecurityElement elDefaultGrant = new SecurityElement("DefaultGrant");
- elDefaultGrant.AddChild(m_psDefaultGrant.ToXml());
- elRoot.AddChild(elDefaultGrant);
- }
- if (m_fullTrustAssemblies.Count > 0) {
- SecurityElement elFullTrustAssemblies = new SecurityElement("FullTrustAssemblies");
- foreach (StrongName fullTrustAssembly in m_fullTrustAssemblies) {
- elFullTrustAssemblies.AddChild(fullTrustAssembly.ToXml());
- }
- elRoot.AddChild(elFullTrustAssemblies);
- }
-
-#if FEATURE_CLICKONCE
- if (ExtraInfo != null) {
- elRoot.AddChild(ObjectToXml("ExtraInfo", ExtraInfo));
- }
-#endif // FEATURE_CLICKONCE
- return elRoot;
- }
-
- public void FromXml (SecurityElement element) {
- if (element == null)
- throw new ArgumentNullException(nameof(element));
- if (String.Compare(element.Tag, "ApplicationTrust", StringComparison.Ordinal) != 0)
- throw new ArgumentException(Environment.GetResourceString("Argument_InvalidXML"));
-
-#if FEATURE_CLICKONCE
- m_appTrustedToRun = false;
- string isAppTrustedToRun = element.Attribute("TrustedToRun");
- if (isAppTrustedToRun != null && String.Compare(isAppTrustedToRun, "true", StringComparison.Ordinal) == 0) {
- m_appTrustedToRun = true;
- }
-
- m_persist = false;
- string persist = element.Attribute("Persist");
- if (persist != null && String.Compare(persist, "true", StringComparison.Ordinal) == 0) {
- m_persist = true;
- }
-
- m_appId = null;
- string fullName = element.Attribute("FullName");
- if (fullName != null && fullName.Length > 0) {
- m_appId = new ApplicationIdentity(fullName);
- }
-#endif // FEATURE_CLICKONCE
-
- m_psDefaultGrant = null;
- m_grantSetSpecialFlags = 0;
- SecurityElement elDefaultGrant = element.SearchForChildByTag("DefaultGrant");
- if (elDefaultGrant != null) {
- SecurityElement elDefaultGrantPS = elDefaultGrant.SearchForChildByTag("PolicyStatement");
- if (elDefaultGrantPS != null) {
- PolicyStatement ps = new PolicyStatement(null);
- ps.FromXml(elDefaultGrantPS);
- m_psDefaultGrant = ps;
- m_grantSetSpecialFlags = SecurityManager.GetSpecialFlags(ps.PermissionSet, null);
- }
- }
-
- List<StrongName> fullTrustAssemblies = new List<StrongName>();
- SecurityElement elFullTrustAssemblies = element.SearchForChildByTag("FullTrustAssemblies");
- if (elFullTrustAssemblies != null && elFullTrustAssemblies.InternalChildren != null) {
- IEnumerator enumerator = elFullTrustAssemblies.Children.GetEnumerator();
- while (enumerator.MoveNext()) {
- StrongName fullTrustAssembly = new StrongName();
- fullTrustAssembly.FromXml(enumerator.Current as SecurityElement);
- fullTrustAssemblies.Add(fullTrustAssembly);
- }
- }
-
- m_fullTrustAssemblies = fullTrustAssemblies.AsReadOnly();
-
-#if FEATURE_CLICKONCE
- m_elExtraInfo = element.SearchForChildByTag("ExtraInfo");
-#endif // FEATURE_CLICKONCE
- }
-
-#if FEATURE_CLICKONCE
- private static SecurityElement ObjectToXml (string tag, Object obj) {
- BCLDebug.Assert(obj != null, "You need to pass in an object");
-
- ISecurityEncodable encodableObj = obj as ISecurityEncodable;
-
- SecurityElement elObject;
- if (encodableObj != null) {
- elObject = encodableObj.ToXml();
- if (!elObject.Tag.Equals(tag))
- throw new ArgumentException(Environment.GetResourceString("Argument_InvalidXML"));
- }
-
- MemoryStream stream = new MemoryStream();
- BinaryFormatter formatter = new BinaryFormatter();
- formatter.Serialize(stream, obj);
- byte[] array = stream.ToArray();
-
- elObject = new SecurityElement(tag);
- elObject.AddAttribute("Data", Hex.EncodeHexString(array));
- return elObject;
- }
-
- private static Object ObjectFromXml (SecurityElement elObject) {
- BCLDebug.Assert(elObject != null, "You need to pass in a security element");
-
- if (elObject.Attribute("class") != null) {
- ISecurityEncodable encodableObj = XMLUtil.CreateCodeGroup(elObject) as ISecurityEncodable;
- if (encodableObj != null) {
- encodableObj.FromXml(elObject);
- return encodableObj;
- }
- }
-
- string objectData = elObject.Attribute("Data");
- MemoryStream stream = new MemoryStream(Hex.DecodeHexString(objectData));
- BinaryFormatter formatter = new BinaryFormatter();
- return formatter.Deserialize(stream);
- }
-#endif // FEATURE_CLICKONCE
-#endif // FEATURE_CAS_POLICY
#pragma warning disable 618
[SecurityPermission(SecurityAction.Demand, SerializationFormatter = true)]
return base.Clone();
}
}
-
-#if FEATURE_CLICKONCE
- [System.Security.SecurityCritical] // auto-generated_required
- [System.Runtime.InteropServices.ComVisible(true)]
- public sealed class ApplicationTrustCollection : ICollection {
- private const string ApplicationTrustProperty = "ApplicationTrust";
- private const string InstallerIdentifier = "{60051b8f-4f12-400a-8e50-dd05ebd438d1}";
- private static Guid ClrPropertySet = new Guid("c989bb7a-8385-4715-98cf-a741a8edb823");
-
- // The CLR specific constant install reference.
- private static object s_installReference = null;
- private static StoreApplicationReference InstallReference {
- get {
- if (s_installReference == null) {
- Interlocked.CompareExchange(ref s_installReference,
- new StoreApplicationReference(
- IsolationInterop.GUID_SXS_INSTALL_REFERENCE_SCHEME_OPAQUESTRING,
- InstallerIdentifier,
- null),
- null);
- }
- return (StoreApplicationReference) s_installReference;
- }
- }
-
- private object m_appTrusts = null;
- private ArrayList AppTrusts {
- [System.Security.SecurityCritical] // auto-generated
- get {
- if (m_appTrusts == null) {
- ArrayList appTrusts = new ArrayList();
- if (m_storeBounded) {
- RefreshStorePointer();
- // enumerate the user store and populate the collection
- StoreDeploymentMetadataEnumeration deplEnum = m_pStore.EnumInstallerDeployments(IsolationInterop.GUID_SXS_INSTALL_REFERENCE_SCHEME_OPAQUESTRING, InstallerIdentifier, ApplicationTrustProperty, null);
- foreach (IDefinitionAppId defAppId in deplEnum) {
- StoreDeploymentMetadataPropertyEnumeration metadataEnum = m_pStore.EnumInstallerDeploymentProperties(IsolationInterop.GUID_SXS_INSTALL_REFERENCE_SCHEME_OPAQUESTRING, InstallerIdentifier, ApplicationTrustProperty, defAppId);
- foreach (StoreOperationMetadataProperty appTrustProperty in metadataEnum) {
- string appTrustXml = appTrustProperty.Value;
- if (appTrustXml != null && appTrustXml.Length > 0) {
- SecurityElement seTrust = SecurityElement.FromString(appTrustXml);
- ApplicationTrust appTrust = new ApplicationTrust();
- appTrust.FromXml(seTrust);
- appTrusts.Add(appTrust);
- }
- }
- }
- }
- Interlocked.CompareExchange(ref m_appTrusts, appTrusts, null);
- }
- return m_appTrusts as ArrayList;
- }
- }
-
- private bool m_storeBounded = false;
- private Store m_pStore = null; // Component store interface pointer.
-
- // Only internal constructors are exposed.
- [System.Security.SecurityCritical] // auto-generated
- internal ApplicationTrustCollection () : this(false) {}
- internal ApplicationTrustCollection (bool storeBounded) {
- m_storeBounded = storeBounded;
- }
-
- [System.Security.SecurityCritical] // auto-generated
- private void RefreshStorePointer () {
- // Refresh store pointer.
- if (m_pStore != null)
- Marshal.ReleaseComObject(m_pStore.InternalStore);
- m_pStore = IsolationInterop.GetUserStore();
- }
-
- public int Count
- {
- [System.Security.SecuritySafeCritical] // overrides public transparent member
- get {
- return AppTrusts.Count;
- }
- }
-
- public ApplicationTrust this[int index] {
- [System.Security.SecurityCritical] // auto-generated
- get {
- return AppTrusts[index] as ApplicationTrust;
- }
- }
-
- public ApplicationTrust this[string appFullName] {
- [System.Security.SecurityCritical] // auto-generated
- get {
- ApplicationIdentity identity = new ApplicationIdentity(appFullName);
- ApplicationTrustCollection appTrusts = Find(identity, ApplicationVersionMatch.MatchExactVersion);
- if (appTrusts.Count > 0)
- return appTrusts[0];
- return null;
- }
- }
-
- [System.Security.SecurityCritical] // auto-generated
- private void CommitApplicationTrust(ApplicationIdentity applicationIdentity, string trustXml) {
- StoreOperationMetadataProperty[] properties = new StoreOperationMetadataProperty[] {
- new StoreOperationMetadataProperty(ClrPropertySet, ApplicationTrustProperty, trustXml)
- };
-
- IEnumDefinitionIdentity idenum = applicationIdentity.Identity.EnumAppPath();
- IDefinitionIdentity[] asbId = new IDefinitionIdentity[1];
- IDefinitionIdentity deplId = null;
- if (idenum.Next(1, asbId) == 1)
- deplId = asbId[0];
-
- IDefinitionAppId defAppId = IsolationInterop.AppIdAuthority.CreateDefinition();
- defAppId.SetAppPath(1, new IDefinitionIdentity[] {deplId});
- defAppId.put_Codebase(applicationIdentity.CodeBase);
-
- using (StoreTransaction storeTxn = new StoreTransaction()) {
- storeTxn.Add(new StoreOperationSetDeploymentMetadata(defAppId, InstallReference, properties));
- RefreshStorePointer();
- m_pStore.Transact(storeTxn.Operations);
- }
-
- m_appTrusts = null; // reset the app trusts in the collection.
- }
-
- [System.Security.SecurityCritical] // auto-generated
- public int Add (ApplicationTrust trust) {
- if (trust == null)
- throw new ArgumentNullException(nameof(trust));
- if (trust.ApplicationIdentity == null)
- throw new ArgumentException(Environment.GetResourceString("Argument_ApplicationTrustShouldHaveIdentity"));
- Contract.EndContractBlock();
-
- // Add the trust decision of the application to the fusion store.
- if (m_storeBounded) {
- CommitApplicationTrust(trust.ApplicationIdentity, trust.ToXml().ToString());
- return -1;
- } else {
- return AppTrusts.Add(trust);
- }
- }
-
- [System.Security.SecurityCritical] // auto-generated
- public void AddRange (ApplicationTrust[] trusts) {
- if (trusts == null)
- throw new ArgumentNullException(nameof(trusts));
- Contract.EndContractBlock();
-
- int i=0;
- try {
- for (; i<trusts.Length; i++) {
- Add(trusts[i]);
- }
- } catch {
- for (int j=0; j<i; j++) {
- Remove(trusts[j]);
- }
- throw;
- }
- }
-
- [System.Security.SecurityCritical] // auto-generated
- public void AddRange (ApplicationTrustCollection trusts) {
- if (trusts == null)
- throw new ArgumentNullException(nameof(trusts));
- Contract.EndContractBlock();
-
- int i = 0;
- try {
- foreach (ApplicationTrust trust in trusts) {
- Add(trust);
- i++;
- }
- } catch {
- for (int j=0; j<i; j++) {
- Remove(trusts[j]);
- }
- throw;
- }
- }
-
- [System.Security.SecurityCritical] // auto-generated
- public ApplicationTrustCollection Find (ApplicationIdentity applicationIdentity, ApplicationVersionMatch versionMatch) {
- ApplicationTrustCollection collection = new ApplicationTrustCollection(false);
- foreach (ApplicationTrust trust in this) {
- if (CmsUtils.CompareIdentities(trust.ApplicationIdentity, applicationIdentity, versionMatch))
- collection.Add(trust);
- }
- return collection;
- }
-
- [System.Security.SecurityCritical] // auto-generated
- public void Remove (ApplicationIdentity applicationIdentity, ApplicationVersionMatch versionMatch) {
- ApplicationTrustCollection collection = Find(applicationIdentity, versionMatch);
- RemoveRange(collection);
- }
-
- [System.Security.SecurityCritical] // auto-generated
- public void Remove (ApplicationTrust trust) {
- if (trust == null)
- throw new ArgumentNullException(nameof(trust));
- if (trust.ApplicationIdentity == null)
- throw new ArgumentException(Environment.GetResourceString("Argument_ApplicationTrustShouldHaveIdentity"));
- Contract.EndContractBlock();
-
- // Remove the trust decision of the application from the fusion store.
- if (m_storeBounded) {
- CommitApplicationTrust(trust.ApplicationIdentity, null);
- } else {
- AppTrusts.Remove(trust);
- }
- }
-
- [System.Security.SecurityCritical] // auto-generated
- public void RemoveRange (ApplicationTrust[] trusts) {
- if (trusts == null)
- throw new ArgumentNullException(nameof(trusts));
- Contract.EndContractBlock();
-
- int i=0;
- try {
- for (; i<trusts.Length; i++) {
- Remove(trusts[i]);
- }
- } catch {
- for (int j=0; j<i; j++) {
- Add(trusts[j]);
- }
- throw;
- }
- }
-
- [System.Security.SecurityCritical] // auto-generated
- public void RemoveRange (ApplicationTrustCollection trusts) {
- if (trusts == null)
- throw new ArgumentNullException(nameof(trusts));
- Contract.EndContractBlock();
-
- int i = 0;
- try {
- foreach (ApplicationTrust trust in trusts) {
- Remove(trust);
- i++;
- }
- } catch {
- for (int j=0; j<i; j++) {
- Add(trusts[j]);
- }
- throw;
- }
- }
-
- [System.Security.SecurityCritical] // auto-generated
- public void Clear() {
- // remove all trust decisions in the collection.
- ArrayList trusts = this.AppTrusts;
- if (m_storeBounded) {
- foreach (ApplicationTrust trust in trusts) {
- if (trust.ApplicationIdentity == null)
- throw new ArgumentException(Environment.GetResourceString("Argument_ApplicationTrustShouldHaveIdentity"));
-
- // Remove the trust decision of the application from the fusion store.
- CommitApplicationTrust(trust.ApplicationIdentity, null);
- }
- }
- trusts.Clear();
- }
-
- public ApplicationTrustEnumerator GetEnumerator() {
- return new ApplicationTrustEnumerator(this);
- }
-
- /// <internalonly/>
- [System.Security.SecuritySafeCritical] // overrides public transparent member
- IEnumerator IEnumerable.GetEnumerator()
- {
- return new ApplicationTrustEnumerator(this);
- }
-
- /// <internalonly/>
- [System.Security.SecuritySafeCritical] // overrides public transparent member
- void ICollection.CopyTo(Array array, int index) {
- if (array == null)
- throw new ArgumentNullException(nameof(array));
- if (array.Rank != 1)
- throw new ArgumentException(Environment.GetResourceString("Arg_RankMultiDimNotSupported"));
- if (index < 0 || index >= array.Length)
- throw new ArgumentOutOfRangeException(nameof(index), Environment.GetResourceString("ArgumentOutOfRange_Index"));
- if (array.Length - index < this.Count)
- throw new ArgumentException(Environment.GetResourceString("Argument_InvalidOffLen"));
- Contract.EndContractBlock();
-
- for (int i=0; i < this.Count; i++) {
- array.SetValue(this[i], index++);
- }
- }
-
- public void CopyTo (ApplicationTrust[] array, int index) {
- ((ICollection)this).CopyTo(array, index);
- }
-
- public bool IsSynchronized {
- [System.Security.SecuritySafeCritical] // overrides public transparent member
- get
- {
- return false;
- }
- }
-
- public object SyncRoot {
- [System.Security.SecuritySafeCritical] // overrides public transparent member
- get
- {
- return this;
- }
- }
- }
-
- [System.Runtime.InteropServices.ComVisible(true)]
- public sealed class ApplicationTrustEnumerator : IEnumerator {
- [System.Security.SecurityCritical] // auto-generated
- private ApplicationTrustCollection m_trusts;
- private int m_current;
-
- private ApplicationTrustEnumerator() {}
- [System.Security.SecurityCritical] // auto-generated
- internal ApplicationTrustEnumerator(ApplicationTrustCollection trusts) {
- m_trusts = trusts;
- m_current = -1;
- }
-
- public ApplicationTrust Current {
- [System.Security.SecuritySafeCritical] // auto-generated
- get {
- return m_trusts[m_current];
- }
- }
-
- /// <internalonly/>
- object IEnumerator.Current {
- [System.Security.SecuritySafeCritical] // auto-generated
- get {
- return (object) m_trusts[m_current];
- }
- }
-
- [System.Security.SecuritySafeCritical] // auto-generated
- public bool MoveNext() {
- if (m_current == ((int) m_trusts.Count - 1))
- return false;
- m_current++;
- return true;
- }
-
- public void Reset() {
- m_current = -1;
- }
- }
-#endif // FEATURE_CLICKONCE
}
// The .NET Foundation licenses this file to you under the MIT license.
// See the LICENSE file in the project root for more information.
-//
-
namespace System.Security.Policy
{
- using System;
- using System.Collections;
- using System.Collections.Generic;
- using System.Configuration.Assemblies;
- using System.Diagnostics.Contracts;
- using System.IO;
- using System.Reflection;
- using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
- using System.Runtime.Remoting;
#if FEATURE_SERIALIZATION
using System.Runtime.Serialization;
using System.Runtime.Serialization.Formatters.Binary;
#endif // FEATURE_SERIALIZATION
- using System.Security.Permissions;
- using System.Security.Util;
- using System.Threading;
- using Microsoft.Win32.SafeHandles;
/// <summary>
/// The Evidence class keeps track of information that can be used to make security decisions about
#endif
[ComVisible(true)]
public sealed class Evidence
-#if FEATURE_CAS_POLICY
- : ICollection
-#endif // FEATURE_CAS_POLICY
{
-#if !FEATURE_CORECLR && FEATURE_RWLOCK
-#if FEATURE_SERIALIZATION
- [OptionalField(VersionAdded = 4)]
- private Dictionary<Type, EvidenceTypeDescriptor> m_evidence;
-
- [OptionalField(VersionAdded = 4)]
- private bool m_deserializedTargetEvidence;
-
- // These fields are only used to deserialize v2.0 serialized versions of Evidence. It will be null
- // after the seriailzation process is complete, and should not be used.
-#pragma warning disable 414
- private volatile ArrayList m_hostList;
- private volatile ArrayList m_assemblyList;
-#pragma warning restore 414
-#else // !FEATURE_SERIALIZATION
- private Dictionary<Type, EvidenceTypeDescriptor> m_evidence;
-#endif // FEATURE_SERIALIZATION
-
- [NonSerialized]
- private ReaderWriterLock m_evidenceLock;
-
- [NonSerialized]
- private uint m_version;
-
- [NonSerialized]
- private IRuntimeEvidenceFactory m_target;
-
- private bool m_locked;
-
- // If this evidence collection is a clone where we may need to backpatch to the original, this will
- // reference the collection it was cloned from. See
- // code:System.Security.Policy.Evidence#BackpatchGeneratedEvidence
- [NonSerialized]
- private WeakReference m_cloneOrigin;
-
- private static volatile Type[] s_runtimeEvidenceTypes;
-
- /// <summary>
- /// Set of actions that we could perform if we detect that we are attempting to add evidence
- /// when we already have evidence of that type stored.
- /// </summary>
- private enum DuplicateEvidenceAction
- {
- Throw, // Throw an exception
- Merge, // Create a list of all the evidence objects
- SelectNewObject // The newly added object wins
- }
-
-#if FEATURE_CAS_POLICY
- public Evidence()
- {
- m_evidence = new Dictionary<Type, EvidenceTypeDescriptor>();
- m_evidenceLock = new ReaderWriterLock();
- }
-#endif // FEATURE_CAS_POLICY
-
- /// <summary>
- /// Create a deep copy of an evidence object
- /// </summary>
- public Evidence(Evidence evidence)
- {
- m_evidence = new Dictionary<Type, EvidenceTypeDescriptor>();
-
- if (evidence != null)
- {
- using (EvidenceLockHolder lockHolder = new EvidenceLockHolder(evidence, EvidenceLockHolder.LockType.Reader))
- {
- foreach (KeyValuePair<Type, EvidenceTypeDescriptor> evidenceType in evidence.m_evidence)
- {
- EvidenceTypeDescriptor cloneDescriptor = evidenceType.Value;
- if (cloneDescriptor != null)
- {
- cloneDescriptor = cloneDescriptor.Clone();
- }
-
- m_evidence[evidenceType.Key] = cloneDescriptor;
- }
-
- m_target = evidence.m_target;
- m_locked = evidence.m_locked;
-#if FEATURE_SERIALIZATION
- m_deserializedTargetEvidence = evidence.m_deserializedTargetEvidence;
-#endif // FEATURE_SERIALIZATION
-
- // see code:System.Security.Policy.Evidence#BackpatchGeneratedEvidence
- if (evidence.Target != null)
- {
- m_cloneOrigin = new WeakReference(evidence);
- }
- }
- }
-
- // see code:System.Security.Policy.Evidence#EvidenceLock
- m_evidenceLock = new ReaderWriterLock();
- }
-
- [Obsolete("This constructor is obsolete. Please use the constructor which takes arrays of EvidenceBase instead.")]
- public Evidence(object[] hostEvidence, object[] assemblyEvidence)
- {
- m_evidence = new Dictionary<Type, EvidenceTypeDescriptor>();
-
- // This is a legacy evidence entry point, so we add through the legacy add APIs in order to get
- // proper legacy wrapping and merge behavior.
-#pragma warning disable 618
- if (hostEvidence != null)
- {
- foreach (object hostEvidenceObject in hostEvidence)
- {
- AddHost(hostEvidenceObject);
- }
- }
-
- if (assemblyEvidence != null)
- {
- foreach (object assemblyEvidenceObject in assemblyEvidence)
- {
- AddAssembly(assemblyEvidenceObject);
- }
- }
-#pragma warning restore 618
-
- // see code:System.Security.Policy.Evidence#EvidenceLock
- m_evidenceLock = new ReaderWriterLock();
- }
-
- public Evidence(EvidenceBase[] hostEvidence, EvidenceBase[] assemblyEvidence)
- {
- m_evidence = new Dictionary<Type, EvidenceTypeDescriptor>();
-
- if (hostEvidence != null)
- {
- foreach (EvidenceBase hostEvidenceObject in hostEvidence)
- {
- AddHostEvidence(hostEvidenceObject, GetEvidenceIndexType(hostEvidenceObject), DuplicateEvidenceAction.Throw);
- }
- }
-
- if (assemblyEvidence != null)
- {
- foreach (EvidenceBase assemblyEvidenceObject in assemblyEvidence)
- {
- AddAssemblyEvidence(assemblyEvidenceObject, GetEvidenceIndexType(assemblyEvidenceObject), DuplicateEvidenceAction.Throw);
- }
- }
-
- // see code:System.Security.Policy.Evidence#EvidenceLock
- m_evidenceLock = new ReaderWriterLock();
- }
-
- /// <summary>
- /// Create an empty evidence collection which will contain evidence for a specific assembly or
- /// AppDomain
- /// </summary>
- [SecuritySafeCritical]
- internal Evidence(IRuntimeEvidenceFactory target)
- {
- Contract.Assert(target != null);
-
- m_evidence = new Dictionary<Type, EvidenceTypeDescriptor>();
- m_target = target;
-
- // Setup the types of evidence that the CLR can generate for a target as keys in the dictionary
- foreach (Type runtimeEvidenceType in RuntimeEvidenceTypes)
- {
- BCLDebug.Assert(typeof(EvidenceBase).IsAssignableFrom(runtimeEvidenceType), "All runtime evidence types should be EvidenceBases");
- m_evidence[runtimeEvidenceType] = null;
- }
-
- QueryHostForPossibleEvidenceTypes();
-
- // see code:System.Security.Policy.Evidence#EvidenceLock
- m_evidenceLock = new ReaderWriterLock();
- }
-
- internal static Type[] RuntimeEvidenceTypes
- {
- get
- {
- if (s_runtimeEvidenceTypes == null)
- {
- Type[] runtimeEvidenceTypes = new Type[]
- {
-#if FEATURE_CLICKONCE
- typeof(System.Runtime.Hosting.ActivationArguments),
-#endif // FEATURE_CLICKONCE
-#if FEATURE_CAS_POLICY
- typeof(ApplicationDirectory),
-#endif // FEATURE_CAS_POLICY
- typeof(ApplicationTrust),
-#if FEATURE_CAS_POLICY
- typeof(GacInstalled),
- typeof(Hash),
- typeof(Publisher),
-#endif // FEATURE_CAS_POLICY
- typeof(Site),
- typeof(StrongName),
- typeof(Url),
- typeof(Zone)
- };
-
-#if FEATURE_CAS_POLICY
- // We only supply permission request evidence in legacy CAS mode
- if (AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled)
- {
-#pragma warning disable 618 // We need to generate PermissionRequestEvidence in compatibility mode
- int l = runtimeEvidenceTypes.Length;
- Array.Resize(ref runtimeEvidenceTypes, l+1);
- runtimeEvidenceTypes[l] = typeof(PermissionRequestEvidence);
-#pragma warning restore 618
- }
-#endif // FEATURE_CAS_POLICY
-
- s_runtimeEvidenceTypes = runtimeEvidenceTypes;
- }
-
- return s_runtimeEvidenceTypes;
- }
- }
-
- //
- // #EvidenceLock
- //
- // Evidence synchronization locking wrappers. In the case where the lock has not yet been created,
- // we know that we're in the process of constructing the evidence collection and therefore we can
- // act as though the evidence is locked. If there is a lock in place, then just delegate back to it.
- //
- // The nested EvidenceLockHolder and EvidenceUpgradeLockHolder utility classes can be used to wrap
- // these methods when acquiring and releasing the evidence lock.
- //
-
- // Millisecond timeout when waiting to acquire the evidence lock
- private const int LockTimeout = 5000;
-
- private bool IsReaderLockHeld
- {
- get { return m_evidenceLock == null || m_evidenceLock.IsReaderLockHeld; }
- }
-
- private bool IsWriterLockHeld
- {
- get { return m_evidenceLock == null || m_evidenceLock.IsWriterLockHeld; }
- }
-
- private void AcquireReaderLock()
- {
- Contract.Assert(m_evidenceLock == null || !IsReaderLockHeld);
-
- if (m_evidenceLock != null)
- {
- m_evidenceLock.AcquireReaderLock(LockTimeout);
- }
- }
-
- private void AcquireWriterlock()
- {
- Contract.Assert(m_evidenceLock == null || !IsWriterLockHeld);
-
- if (m_evidenceLock != null)
- {
- m_evidenceLock.AcquireWriterLock(LockTimeout);
- }
- }
-
- private void DowngradeFromWriterLock(ref LockCookie lockCookie)
- {
- Contract.Assert(IsWriterLockHeld);
- if (m_evidenceLock != null)
- {
- m_evidenceLock.DowngradeFromWriterLock(ref lockCookie);
- }
- }
-
- private LockCookie UpgradeToWriterLock()
- {
- Contract.Assert(IsReaderLockHeld);
- return m_evidenceLock != null ? m_evidenceLock.UpgradeToWriterLock(LockTimeout) : new LockCookie();
- }
-
- private void ReleaseReaderLock()
- {
- Contract.Assert(IsReaderLockHeld);
-
- if (m_evidenceLock != null)
- {
- m_evidenceLock.ReleaseReaderLock();
- }
- }
-
- private void ReleaseWriterLock()
- {
- Contract.Assert(IsWriterLockHeld);
-
- if (m_evidenceLock != null)
- {
- m_evidenceLock.ReleaseWriterLock();
- }
- }
-
- [Obsolete("This method is obsolete. Please use AddHostEvidence instead.")]
- [SecuritySafeCritical]
- public void AddHost(object id)
- {
- if (id == null)
- throw new ArgumentNullException(nameof(id));
- if (!id.GetType().IsSerializable)
- throw new ArgumentException(Environment.GetResourceString("Policy_EvidenceMustBeSerializable"), nameof(id));
- Contract.EndContractBlock();
-
- if (m_locked)
- {
- new SecurityPermission(SecurityPermissionFlag.ControlEvidence).Demand();
- }
-
- EvidenceBase evidence = WrapLegacyEvidence(id);
- Type evidenceIndex = GetEvidenceIndexType(evidence);
-
- // Whidbey allowed for multiple types of the same evidence, so if we're being called via the Whidbey
- // APIs, then allow the evidences to merge together.
- AddHostEvidence(evidence, evidenceIndex, DuplicateEvidenceAction.Merge);
- }
-
- [Obsolete("This method is obsolete. Please use AddAssemblyEvidence instead.")]
- public void AddAssembly(object id)
- {
- if (id == null)
- throw new ArgumentNullException(nameof(id));
- if (!id.GetType().IsSerializable)
- throw new ArgumentException(Environment.GetResourceString("Policy_EvidenceMustBeSerializable"), nameof(id));
- Contract.EndContractBlock();
-
- EvidenceBase evidence = WrapLegacyEvidence(id);
- Type evidenceIndex = GetEvidenceIndexType(evidence);
-
- // Whidbey allowed for multiple types of the same evidence, so if we're being called via the Whidbey
- // APIs, then allow the evidences to merge together.
- AddAssemblyEvidence(evidence, evidenceIndex, DuplicateEvidenceAction.Merge);
- }
-
- /// <summary>
- /// Add a piece of evidence to the assembly supplied evidence list. This method will disallow adding
- /// evidence if there is already evidence of that type in the assembly list.
- /// </summary>
- [ComVisible(false)]
- public void AddAssemblyEvidence<T>(T evidence) where T : EvidenceBase
- {
- if (evidence == null)
- throw new ArgumentNullException(nameof(evidence));
- Contract.EndContractBlock();
-
- // Index the evidence under the type that the Add function was called with, unless we were given
- // a plain EvidenceBase or a wrapped legacy evidence. In that case, we need to index under a
- // more specific type.
- Type evidenceType = typeof(T);
- if (typeof(T) == typeof(EvidenceBase) || evidence is ILegacyEvidenceAdapter)
- {
- evidenceType = GetEvidenceIndexType(evidence);
- }
-
- AddAssemblyEvidence(evidence, evidenceType, DuplicateEvidenceAction.Throw);
- }
-
- private void AddAssemblyEvidence(EvidenceBase evidence, Type evidenceType, DuplicateEvidenceAction duplicateAction)
- {
- using (EvidenceLockHolder lockHolder = new EvidenceLockHolder(this, EvidenceLockHolder.LockType.Writer))
- {
- AddAssemblyEvidenceNoLock(evidence, evidenceType, duplicateAction);
- }
- }
-
- private void AddAssemblyEvidenceNoLock(EvidenceBase evidence, Type evidenceType, DuplicateEvidenceAction duplicateAction)
- {
- Contract.Assert(IsWriterLockHeld);
- Contract.Assert(evidence != null);
- Contract.Assert(evidenceType != null);
-
- // We need to make sure that any target supplied evidence is deserialized before adding to the
- // Assembly collection in order to preserve the semantics that the evidence objects supplied by
- // the target are the original versions and evidence objects added via the APIs are the duplicates.
- DeserializeTargetEvidence();
-
- EvidenceTypeDescriptor descriptor = GetEvidenceTypeDescriptor(evidenceType, true);
-
- ++m_version;
- if (descriptor.AssemblyEvidence == null)
- {
- descriptor.AssemblyEvidence = evidence;
- }
- else
- {
- descriptor.AssemblyEvidence = HandleDuplicateEvidence(descriptor.AssemblyEvidence,
- evidence,
- duplicateAction);
- }
- }
-
- /// <summary>
- /// Add a piece of evidence to the host supplied evidence list. This method will disallow adding
- /// evidence if there is already evidence of that type in the host list.
- /// </summary>
- [ComVisible(false)]
- public void AddHostEvidence<T>(T evidence) where T : EvidenceBase
- {
- if (evidence == null)
- throw new ArgumentNullException(nameof(evidence));
- Contract.EndContractBlock();
-
- // Index the evidence under the type that the Add function was called with, unless we were given
- // a plain EvidenceBase or a wrapped legacy evidence. In that case, we need to index under a
- // more specific type.
- Type evidenceType = typeof(T);
- if (typeof(T) == typeof(EvidenceBase) || evidence is ILegacyEvidenceAdapter)
- {
- evidenceType = GetEvidenceIndexType(evidence);
- }
-
- AddHostEvidence(evidence, evidenceType, DuplicateEvidenceAction.Throw);
- }
-
- [SecuritySafeCritical]
- private void AddHostEvidence(EvidenceBase evidence, Type evidenceType, DuplicateEvidenceAction duplicateAction)
- {
- Contract.Assert(evidence != null);
- Contract.Assert(evidenceType != null);
-
- if (Locked)
- {
- new SecurityPermission(SecurityPermissionFlag.ControlEvidence).Demand();
- }
-
- using (EvidenceLockHolder lockHolder = new EvidenceLockHolder(this, EvidenceLockHolder.LockType.Writer))
- {
- AddHostEvidenceNoLock(evidence, evidenceType, duplicateAction);
- }
- }
-
- /// <summary>
- /// Add evidence to the host supplied evidence collection without acquiring the evidence lock or
- /// checking to make sure that the caller has permission to bypass locked evidence.
- /// </summary>
- private void AddHostEvidenceNoLock(EvidenceBase evidence, Type evidenceType, DuplicateEvidenceAction duplicateAction)
- {
- Contract.Assert(IsWriterLockHeld);
- Contract.Assert(evidence != null);
- Contract.Assert(evidenceType != null);
-
- EvidenceTypeDescriptor descriptor = GetEvidenceTypeDescriptor(evidenceType, true);
-
- ++m_version;
- if (descriptor.HostEvidence == null)
- {
- descriptor.HostEvidence = evidence;
- }
- else
- {
- descriptor.HostEvidence = HandleDuplicateEvidence(descriptor.HostEvidence,
- evidence,
- duplicateAction);
- }
- }
-
- /// <summary>
- /// Ask the host for the types of evidence that it might provide if it is asked.
- ///
- /// This should only be called when setting up the Evidence collection to interact with the
- /// host, and should not be used once that connection is established and the evidence has been
- /// made available to user code.
- /// </summary>
- [SecurityCritical]
- private void QueryHostForPossibleEvidenceTypes()
- {
-#if FEATURE_CAS_POLICY
- Contract.Assert(IsWriterLockHeld);
-
- // First check to see if we have a HostSecurityManager
- if (AppDomain.CurrentDomain.DomainManager != null)
- {
- HostSecurityManager hsm = AppDomain.CurrentDomain.DomainManager.HostSecurityManager;
- if (hsm != null)
- {
- Type[] hostSuppliedTypes = null;
-
- AppDomain targetDomain = m_target.Target as AppDomain;
- Assembly targetAssembly = m_target.Target as Assembly;
-
- //
- // If the HostSecurityManager wants to supply evidence for the type of target that we have,
- // then ask it what types of evidence it might supply.
- //
-
- if (targetAssembly != null &&
- (hsm.Flags & HostSecurityManagerOptions.HostAssemblyEvidence) == HostSecurityManagerOptions.HostAssemblyEvidence)
- {
- hostSuppliedTypes = hsm.GetHostSuppliedAssemblyEvidenceTypes(targetAssembly);
- }
- else if (targetDomain != null &&
- (hsm.Flags & HostSecurityManagerOptions.HostAppDomainEvidence) == HostSecurityManagerOptions.HostAppDomainEvidence)
- {
- hostSuppliedTypes = hsm.GetHostSuppliedAppDomainEvidenceTypes();
- }
-
- //
- // Finally, mark the descriptor for each of the types that the host can supply to indicate
- // we should ask the host to generate them if we're asked.
- //
-
- if (hostSuppliedTypes != null)
- {
- foreach (Type hostEvidenceType in hostSuppliedTypes)
- {
- EvidenceTypeDescriptor evidenceDescriptor = GetEvidenceTypeDescriptor(hostEvidenceType, true);
- evidenceDescriptor.HostCanGenerate = true;
- }
- }
- }
- }
-#endif // FEATURE_CAS_POLICY
- }
-
- internal bool IsUnmodified
- {
- get { return m_version == 0; }
- }
-
- /// <summary>
- /// Set or check to see if the evidence is locked. Locked evidence cannot have its host supplied
- /// evidence list be modified without a successful demand for ControlEvidence. Any code can lock
- /// evidence, but only code with ControlEvidence may unlock it.
- ///
- /// This lock is not the same as the synchronization lock that gates access to the evidence collection.
- /// </summary>
- public bool Locked
- {
- get
- {
- return m_locked;
- }
-
- [SecuritySafeCritical]
- set
- {
- if (!value)
- {
- new SecurityPermission(SecurityPermissionFlag.ControlEvidence).Demand();
-
- m_locked = false;
- }
- else
- {
- m_locked = true;
- }
- }
- }
-
- /// <summary>
- /// Target of any delay generated evidence objects
- /// </summary>
- internal IRuntimeEvidenceFactory Target
- {
- get { return m_target; }
-
- //
- // There are two retargeting scenarios supported:
- //
- // 1. A PEFileEvidenceFactory is being upgraded to an AssemblyEvidenceFactory and we don't want
- // to throw away any already generated evidence.
- // 2. A detached evidence collection is being applied to an AppDomain and that domain has a
- // HostSecurityManager. In that case, we want to attach the target to the AppDomain to
- // allow the HostSecurityManager to get callbacks for delay generated evidence.
- //
-
- [SecurityCritical]
- set
- {
-#if FEATURE_CAS_POLICY
- Contract.Assert((m_target != null && m_target is PEFileEvidenceFactory && value != null && value is AssemblyEvidenceFactory) ||
- (m_target == null && value != null && value is AppDomainEvidenceFactory),
- "Evidence retargeting should only be from PEFile -> Assembly or detached -> AppDomain.");
-#endif // FEATURE_CAS_POLICY
-
- using (EvidenceLockHolder lockHolder = new EvidenceLockHolder(this, EvidenceLockHolder.LockType.Writer))
- {
- m_target = value;
-
- // Since we've updated what we're pointing at, we need to query the host to determine what
- // types of evidence that it can generate for this new target.
- QueryHostForPossibleEvidenceTypes();
- }
- }
- }
-
- /// <summary>
- /// Get the type that would be used to index into the evidence dictionary for this object
- /// </summary>
- private static Type GetEvidenceIndexType(EvidenceBase evidence)
- {
- Contract.Assert(evidence != null);
-
- //
- // Legacy wrapper evidence types should be indexed via the type of evidence that they're wrapping
- // so check to see if we have one of those; otherwise just return the type itself.
- //
-
- ILegacyEvidenceAdapter adapter = evidence as ILegacyEvidenceAdapter;
- return adapter == null ? evidence.GetType() : adapter.EvidenceType;
- }
-
- /// <summary>
- /// Get the type descriptor for a specific type of evidence. This method should be used instead
- /// of accessing the dictionary directly as it will handle the case where a new descriptor needs
- /// to be created.
- /// </summary>
- internal EvidenceTypeDescriptor GetEvidenceTypeDescriptor(Type evidenceType)
- {
- return GetEvidenceTypeDescriptor(evidenceType, false);
- }
-
- /// <summary>
- /// Get the type descriptor for a specific type of evidence, optionally creating a descriptor if
- /// we did not yet know about this type of evidence. This method should be used instead of
- /// accessing the dictionary directly as it will handle the case where a new descriptor needs
- /// to be created.
- /// </summary>
- private EvidenceTypeDescriptor GetEvidenceTypeDescriptor(Type evidenceType, bool addIfNotExist)
- {
- Contract.Assert(IsReaderLockHeld || IsWriterLockHeld);
- Contract.Assert(evidenceType != null);
-
- // If we don't know about the type being indexed and we don't want to add it then exit out
- EvidenceTypeDescriptor descriptor = null;
- if (!m_evidence.TryGetValue(evidenceType, out descriptor) && !addIfNotExist)
- {
- return null;
- }
-
- // If we haven't yet created a descriptor for this type then create one now
- if (descriptor == null)
- {
- descriptor = new EvidenceTypeDescriptor();
-#if _DEBUG
- descriptor.SetEvidenceType(evidenceType);
-#endif // _DEBUG
-
- bool upgradedLock = false;
- LockCookie upgradeCookie = new LockCookie();
- try
- {
- if (!IsWriterLockHeld)
- {
- upgradeCookie = UpgradeToWriterLock();
- upgradedLock = true;
- }
-
- m_evidence[evidenceType] = descriptor;
- }
- finally
- {
- if (upgradedLock)
- DowngradeFromWriterLock(ref upgradeCookie);
- }
- }
-
- return descriptor;
- }
-
- /// <summary>
- /// This method is called if a piece of evidence is added but another piece of evidence of the same
- /// type already existed. We have different strategies depending on compatibility concerns of the
- /// calling code.
- /// </summary>
- private static EvidenceBase HandleDuplicateEvidence(EvidenceBase original,
- EvidenceBase duplicate,
- DuplicateEvidenceAction action)
- {
- Contract.Assert(original != null);
- Contract.Assert(duplicate != null);
- Contract.Assert(original.GetType() == duplicate.GetType() || original.GetType() == typeof(LegacyEvidenceList));
-
- switch (action)
- {
- // Throw - duplicate evidence is not allowed (Arrowhead behavior), so throw an exception
- case DuplicateEvidenceAction.Throw:
- throw new InvalidOperationException(Environment.GetResourceString("Policy_DuplicateEvidence", duplicate.GetType().FullName));
-
- // SelectNewObject - MergeWithNoDuplicates behavior - the duplicate object wins
- case DuplicateEvidenceAction.SelectNewObject:
- return duplicate;
-
- // Merge - compat behavior. Merge the old and new evidence into a list so that both may exist
- case DuplicateEvidenceAction.Merge:
-
- LegacyEvidenceList list = original as LegacyEvidenceList;
- if (list == null)
- {
- list = new LegacyEvidenceList();
- list.Add(original);
- }
-
- list.Add(duplicate);
- return list;
-
- default:
- BCLDebug.Assert(false, "Uknown DuplicateEvidenceAction");
- return null;
- }
- }
-
- /// <summary>
- /// Wrap evidence we recieved through a legacy API to ensure that it is stored in an EvidenceBase
- /// </summary>
- private static EvidenceBase WrapLegacyEvidence(object evidence)
- {
- Contract.Assert(evidence != null);
-
- EvidenceBase wrappedEvidence = evidence as EvidenceBase;
- if (wrappedEvidence == null)
- {
- wrappedEvidence = new LegacyEvidenceWrapper(evidence);
- }
-
- return wrappedEvidence;
- }
-
- /// <summary>
- /// Upwrap evidence stored in a legacy adapter.
- ///
- /// This is only necessary for the case where multiple objects derived from EvidenceBase is
- /// are added via the legacy APIs and are then retrieved via GetHostEvidence. This may occur if
- /// a legacy application adds CLR supplied evidence types via the old APIs and a new application
- /// consumes the resulting evidence.
- /// </summary>
- private static object UnwrapEvidence(EvidenceBase evidence)
- {
- ILegacyEvidenceAdapter adapter = evidence as ILegacyEvidenceAdapter;
- return adapter == null ? evidence : adapter.EvidenceObject;
- }
-
- /// <summary>
- /// Merge two evidence collections together. Note that this will cause all of the lazily
- /// generated evidence for the input collection to be generated, as well as causing any lazily
- /// generated evidence that both collections share to be generated in the target.
- /// </summary>
- [SecuritySafeCritical]
- public void Merge(Evidence evidence)
- {
- if (evidence == null)
- {
- return;
- }
-
- using (EvidenceLockHolder lockHolder = new EvidenceLockHolder(this, EvidenceLockHolder.LockType.Writer))
- {
- bool checkedLock = false;
- IEnumerator hostEnumerator = evidence.GetHostEnumerator();
- while (hostEnumerator.MoveNext())
- {
- if (Locked && !checkedLock)
- {
- new SecurityPermission(SecurityPermissionFlag.ControlEvidence).Demand();
- checkedLock = true;
- }
-
- // If we could potentially have evidence of the type about to be merged into our host list,
- // then make sure that we generate that evidence before merging. This will prevent the
- // newly merged evidence from masking the value that we would have generated on our own.
- Type hostEvidenceType = hostEnumerator.Current.GetType();
- if (m_evidence.ContainsKey(hostEvidenceType))
- {
- GetHostEvidenceNoLock(hostEvidenceType);
- }
-
- EvidenceBase hostEvidence = WrapLegacyEvidence(hostEnumerator.Current);
- AddHostEvidenceNoLock(hostEvidence,
- GetEvidenceIndexType(hostEvidence),
- DuplicateEvidenceAction.Merge);
- }
-
- // Add each piece of assembly evidence. We don't need to deserialize our copy of the
- // evidence because AddAssemblyEvidenceNoLock will do this for us.
- IEnumerator assemblyEnumerator = evidence.GetAssemblyEnumerator();
- while (assemblyEnumerator.MoveNext())
- {
- EvidenceBase assemblyEvidence = WrapLegacyEvidence(assemblyEnumerator.Current);
- AddAssemblyEvidenceNoLock(assemblyEvidence,
- GetEvidenceIndexType(assemblyEvidence),
- DuplicateEvidenceAction.Merge);
- }
- }
- }
-
- /// <summary>
- /// Same as merge, except only one instance of any one evidence type is allowed. When duplicates
- /// are found, the evidence in the input argument will have priority. Note this will force the
- /// entire input evidence to be generated, and does not check for locked evidence
- /// </summary>
- internal void MergeWithNoDuplicates(Evidence evidence)
- {
- if (evidence == null)
- {
- return;
- }
-
- using (EvidenceLockHolder lockHolder = new EvidenceLockHolder(this, EvidenceLockHolder.LockType.Writer))
- {
- IEnumerator hostEnumerator = evidence.GetHostEnumerator();
- while (hostEnumerator.MoveNext())
- {
- EvidenceBase hostEvidence = WrapLegacyEvidence(hostEnumerator.Current);
- AddHostEvidenceNoLock(hostEvidence,
- GetEvidenceIndexType(hostEvidence),
- DuplicateEvidenceAction.SelectNewObject);
- }
-
- IEnumerator assemblyEnumerator = evidence.GetAssemblyEnumerator();
- while (assemblyEnumerator.MoveNext())
- {
- EvidenceBase assemblyEvidence = WrapLegacyEvidence(assemblyEnumerator.Current);
- AddAssemblyEvidenceNoLock(assemblyEvidence,
- GetEvidenceIndexType(assemblyEvidence),
- DuplicateEvidenceAction.SelectNewObject);
- }
- }
- }
-
-#if FEATURE_SERIALIZATION
- /// <summary>
- /// Do a full serialization of the evidence, which requires that we generate all of the evidence
- /// we can and disconnect ourselves from the host and source assembly.
- /// </summary>
- [ComVisible(false)]
- [OnSerializing]
- [SecurityCritical]
- [PermissionSet(SecurityAction.Assert, Unrestricted = true)]
- private void OnSerializing(StreamingContext context)
- {
- using (EvidenceLockHolder lockHolder = new EvidenceLockHolder(this, EvidenceLockHolder.LockType.Reader))
- {
- // First, force all of the host evidence that might be lazily generated to be created
- foreach (Type evidenceType in new List<Type>(m_evidence.Keys))
- {
- GetHostEvidenceNoLock(evidenceType);
- }
-
- // Also ensure that all serialized assembly evidence has been created
- DeserializeTargetEvidence();
- }
-
- // Fill in legacy evidence lists. We can't guarantee thread-safety here using locks
- // because we can't put a lock in the serialization code that will read the lists.
- // The best we can do is prevent another thread from seeing a half-populated list.
- // Therefore, we assign the lists after we've populated them fully (and declare them volatile.)
- ArrayList hostList = new ArrayList();
- IEnumerator hostEnumerator = GetHostEnumerator();
- while (hostEnumerator.MoveNext())
- {
- hostList.Add(hostEnumerator.Current);
- }
- m_hostList = hostList;
-
- ArrayList assemblyList = new ArrayList();
- IEnumerator assemblyEnumerator = GetAssemblyEnumerator();
- while (assemblyEnumerator.MoveNext())
- {
- assemblyList.Add(assemblyEnumerator.Current);
- }
- m_assemblyList = assemblyList;
- }
-
- /// <summary>
- /// Finish deserializing legacy evidence
- /// </summary>
- [ComVisible(false)]
- [OnDeserialized]
- [SecurityCritical]
- private void OnDeserialized(StreamingContext context)
- {
- // Look at host and assembly evidence lists only if we serialized using Whidbey.
- if (m_evidence == null)
- {
- m_evidence = new Dictionary<Type, EvidenceTypeDescriptor>();
-
- // Whidbey evidence may need to be wrapped or added to a LegacyEvidenceList, so we go
- // through the legacy APIs to add them.
-#pragma warning disable 618
- if (m_hostList != null)
- {
- foreach (object evidenceObject in m_hostList)
- {
- if (evidenceObject != null)
- {
- AddHost(evidenceObject);
- }
- }
-
- m_hostList = null;
- }
-
- if (m_assemblyList != null)
- {
- foreach (object evidenceObject in m_assemblyList)
- {
- if (evidenceObject != null)
- {
- AddAssembly(evidenceObject);
- }
- }
-
- m_assemblyList = null;
- }
-#pragma warning restore 618
- }
-
- // see code:System.Security.Policy.Evidence#EvidenceLock
- m_evidenceLock = new ReaderWriterLock();
- }
-#endif // FEATURE_SERIALIZATION
-
- /// <summary>
- /// Load any serialized evidence out of the target assembly into our evidence collection.
- ///
- /// We allow entry to this method with only a reader lock held, since most of the time we will
- /// not need to write to the evidence dictionary. If we haven't yet deserialized the target
- /// evidence, then we will upgrade to a writer lock at that point.
- /// </summary>
- private void DeserializeTargetEvidence()
- {
-#if FEATURE_SERIALIZATION
- Contract.Assert(IsReaderLockHeld || IsWriterLockHeld);
-
- if (m_target != null && !m_deserializedTargetEvidence)
- {
- bool upgradedLock = false;
- LockCookie lockCookie = new LockCookie();
- try
- {
- if (!IsWriterLockHeld)
- {
- lockCookie = UpgradeToWriterLock();
- upgradedLock = true;
- }
-
- // Set this to true here because AddAssemblyEvidenceNoLock will attempt to reenter this
- // method creating possible infinite recursion.
- m_deserializedTargetEvidence = true;
-
- foreach (EvidenceBase targetEvidence in m_target.GetFactorySuppliedEvidence())
- {
- AddAssemblyEvidenceNoLock(targetEvidence, GetEvidenceIndexType(targetEvidence), DuplicateEvidenceAction.Throw);
- }
- }
- finally
- {
- if (upgradedLock)
- DowngradeFromWriterLock(ref lockCookie);
- }
- }
-#endif // FEATURE_SERIALIZATION
- }
-
-#if FEATURE_SERIALIZATION
- /// <summary>
- /// Serialize out raw evidence objects which have already been generated, ignoring any evidence
- /// which might be present but has not yet been created for this assembly.
- ///
- /// This is used for indexing into the security policy cache, since we know that once policy is
- /// resolved, the relevent membership conditions will have checked for any applicable evidence
- /// and therefore after poliyc resolution this evidence collection will contain any evidence
- /// objects necessary to arrive at its grant set.
- /// </summary>
- [SecurityCritical]
- internal byte[] RawSerialize()
- {
- try
- {
- using (EvidenceLockHolder lockHolder = new EvidenceLockHolder(this, EvidenceLockHolder.LockType.Reader))
- {
- // Filter out any evidence which is not yet generated
- Dictionary<Type, EvidenceBase> generatedEvidence = new Dictionary<Type, EvidenceBase>();
- foreach (KeyValuePair<Type, EvidenceTypeDescriptor> evidenceType in m_evidence)
- {
- if (evidenceType.Value != null && evidenceType.Value.HostEvidence != null)
- {
- generatedEvidence[evidenceType.Key] = evidenceType.Value.HostEvidence;
- }
- }
-
- using (MemoryStream serializationStream = new MemoryStream())
- {
- BinaryFormatter formatter = new BinaryFormatter();
- formatter.Serialize(serializationStream, generatedEvidence);
- return serializationStream.ToArray();
- }
- }
- }
- catch (SecurityException)
- {
- // We're running in a context where it's not safe to serialize the evidence out. In this case
- // Simply decline to cache the result of the policy evaluation
- return null;
- }
- }
-#endif // FEATURE_SERIALIZATION
-
- //
- // ICollection implementation. All ICollection interface members are potentially much more
- // expensive in Arrowhead then they were downlevel. They should not be used if the standard Get and
- // Add methods will work instead.
- //
-
- [Obsolete("Evidence should not be treated as an ICollection. Please use the GetHostEnumerator and GetAssemblyEnumerator methods rather than using CopyTo.")]
- public void CopyTo(Array array, int index)
- {
- if (array == null)
- throw new ArgumentNullException(nameof(array));
- if (index < 0 || index > array.Length - Count)
- throw new ArgumentOutOfRangeException(nameof(index));
- Contract.EndContractBlock();
-
- int currentIndex = index;
-
- IEnumerator hostEnumerator = GetHostEnumerator();
- while (hostEnumerator.MoveNext())
- {
- array.SetValue(hostEnumerator.Current, currentIndex);
- ++currentIndex;
- }
-
- IEnumerator assemblyEnumerator = GetAssemblyEnumerator();
- while (assemblyEnumerator.MoveNext())
- {
- array.SetValue(assemblyEnumerator.Current, currentIndex);
- ++currentIndex;
- }
- }
-
- public IEnumerator GetHostEnumerator()
- {
- using (EvidenceLockHolder lockHolder = new EvidenceLockHolder(this, EvidenceLockHolder.LockType.Reader))
- {
- return new EvidenceEnumerator(this, EvidenceEnumerator.Category.Host);
- }
- }
-
- public IEnumerator GetAssemblyEnumerator()
- {
- using (EvidenceLockHolder lockHolder = new EvidenceLockHolder(this, EvidenceLockHolder.LockType.Reader))
- {
- DeserializeTargetEvidence();
- return new EvidenceEnumerator(this, EvidenceEnumerator.Category.Assembly);
- }
- }
-
- /// <summary>
- /// Get an enumerator that can iterate over the raw evidence objects stored for the assembly
- /// </summary>
- internal RawEvidenceEnumerator GetRawAssemblyEvidenceEnumerator()
- {
- Contract.Assert(IsReaderLockHeld);
- DeserializeTargetEvidence();
- return new RawEvidenceEnumerator(this, new List<Type>(m_evidence.Keys), false);
- }
-
- /// <summary>
- /// Get an enumerator that can iterate over the raw evidence objects stored for the host
- /// </summary>
- /// <returns></returns>
- internal RawEvidenceEnumerator GetRawHostEvidenceEnumerator()
- {
- Contract.Assert(IsReaderLockHeld);
- return new RawEvidenceEnumerator(this, new List<Type>(m_evidence.Keys), true);
- }
-
- [Obsolete("GetEnumerator is obsolete. Please use GetAssemblyEnumerator and GetHostEnumerator instead.")]
- public IEnumerator GetEnumerator()
- {
- using (EvidenceLockHolder lockHolder = new EvidenceLockHolder(this, EvidenceLockHolder.LockType.Reader))
- {
- return new EvidenceEnumerator(this, EvidenceEnumerator.Category.Host | EvidenceEnumerator.Category.Assembly);
- }
- }
-
- /// <summary>
- /// Get a specific type of assembly supplied evidence
- /// </summary>
- [ComVisible(false)]
- public T GetAssemblyEvidence<T>() where T : EvidenceBase
- {
- return UnwrapEvidence(GetAssemblyEvidence(typeof(T))) as T;
- }
-
- internal EvidenceBase GetAssemblyEvidence(Type type)
- {
- Contract.Assert(type != null);
-
- using (EvidenceLockHolder lockHolder = new EvidenceLockHolder(this, EvidenceLockHolder.LockType.Reader))
- {
- return GetAssemblyEvidenceNoLock(type);
- }
- }
-
- private EvidenceBase GetAssemblyEvidenceNoLock(Type type)
- {
- Contract.Assert(IsReaderLockHeld || IsWriterLockHeld);
- Contract.Assert(type != null);
-
- DeserializeTargetEvidence();
- EvidenceTypeDescriptor descriptor = GetEvidenceTypeDescriptor(type);
- if (descriptor != null)
- {
- return descriptor.AssemblyEvidence;
- }
-
- return null;
- }
-
- /// <summary>
- /// Get a specific type of host supplied evidence
- /// </summary>
- [ComVisible(false)]
- public T GetHostEvidence<T>() where T : EvidenceBase
- {
- return UnwrapEvidence(GetHostEvidence(typeof(T))) as T;
- }
-
- /// <summary>
- /// Get a specific type of evidence from the host which may not have been verified yet. If the
- /// evidence was not verified, then don't mark it as being used yet.
- /// </summary>
- internal T GetDelayEvaluatedHostEvidence<T>() where T : EvidenceBase, IDelayEvaluatedEvidence
- {
- return UnwrapEvidence(GetHostEvidence(typeof(T), false)) as T;
- }
-
- internal EvidenceBase GetHostEvidence(Type type)
- {
- Contract.Assert(type != null);
-
- return GetHostEvidence(type, true);
- }
-
- [SecuritySafeCritical]
- private EvidenceBase GetHostEvidence(Type type, bool markDelayEvaluatedEvidenceUsed)
- {
- Contract.Assert(type != null);
-
- using (EvidenceLockHolder lockHolder = new EvidenceLockHolder(this, EvidenceLockHolder.LockType.Reader))
- {
- EvidenceBase evidence = GetHostEvidenceNoLock(type);
-
- if (markDelayEvaluatedEvidenceUsed)
- {
- IDelayEvaluatedEvidence delayEvidence = evidence as IDelayEvaluatedEvidence;
- if (delayEvidence != null)
- {
- delayEvidence.MarkUsed();
- }
- }
-
- return evidence;
- }
- }
-
- /// <summary>
- /// Get host supplied evidence from the collection
- ///
- /// We attempt to find host evdience in the following order:
- ///
- /// 1. Already generated or explicitly supplied evidence
- /// 2. Evidence supplied by the CLR host
- /// 3. Evidence supplied by the CLR itself
- /// </summary>
- [SecurityCritical]
- private EvidenceBase GetHostEvidenceNoLock(Type type)
- {
- Contract.Assert(IsReaderLockHeld || IsWriterLockHeld);
- Contract.Assert(type != null);
-
- EvidenceTypeDescriptor descriptor = GetEvidenceTypeDescriptor(type);
-
- // If the evidence descriptor doesn't exist for the host evidence type than the evidence doesn't
- // exist and neither the host nor the runtime can produce it.
- if (descriptor == null)
- {
- return null;
- }
-
- // If the evidence has already been generated or if it was explicitly provided then return that
- if (descriptor.HostEvidence != null)
- {
- return descriptor.HostEvidence;
- }
-
- // If we have a target, then the host or the runtime might be able to generate this type of
- // evidence on demand.
- if (m_target != null && !descriptor.Generated)
- {
- using (EvidenceUpgradeLockHolder lockHolder = new EvidenceUpgradeLockHolder(this))
- {
- // Make sure that we don't attempt to generate this type of evidencea again if we fail to
- // generate it now.
- descriptor.Generated = true;
-
- EvidenceBase generatedEvidence = GenerateHostEvidence(type, descriptor.HostCanGenerate);
- if (generatedEvidence != null)
- {
- descriptor.HostEvidence = generatedEvidence;
-
- //
- // #BackpatchGeneratedEvidence
- //
- // If we were cloned from another evidence collection propigate any generated evidence
- // back to the original collection. Since Assembly and AppDomain both clone their
- // evidence before giving it to users, this prevents us from having to regenerate
- // evidence types on each clone that gets created. Note that we do not want to do this
- // backpatching if the origin already has evidence of this type or if it has had
- // this type of evidence removed from its collection.
- //
-
- Evidence cloneOrigin = m_cloneOrigin != null ? m_cloneOrigin.Target as Evidence : null;
- if (cloneOrigin != null)
- {
- BCLDebug.Assert(cloneOrigin.Target != null && cloneOrigin.Target == Target,
- "Attempt to backpatch evidence to a collection with a different target.");
-
- using (EvidenceLockHolder cloneLockHolder = new EvidenceLockHolder(cloneOrigin, EvidenceLockHolder.LockType.Writer))
- {
- EvidenceTypeDescriptor cloneDescriptor = cloneOrigin.GetEvidenceTypeDescriptor(type);
- if (cloneDescriptor != null && cloneDescriptor.HostEvidence == null)
- {
- cloneDescriptor.HostEvidence = generatedEvidence.Clone() as EvidenceBase;
- }
- }
- }
-
- }
-
- return generatedEvidence;
- }
- }
-
- // The evidence could not be generated and was not found
- return null;
- }
-
- /// <summary>
- /// Attempt to generate host evidence on demand via calls to the runtime host or the evidence facotry
- /// </summary>
- [SecurityCritical]
- private EvidenceBase GenerateHostEvidence(Type type, bool hostCanGenerate)
- {
- Contract.Assert(type != null);
- Contract.Assert(IsWriterLockHeld);
-
-#if FEATURE_CAS_POLICY
- // First let the host generate the evidence if it can.
- if (hostCanGenerate)
- {
- AppDomain targetDomain = m_target.Target as AppDomain;
- Assembly targetAssembly = m_target.Target as Assembly;
-
- EvidenceBase hostEvidence = null;
- if (targetDomain != null)
- {
- hostEvidence = AppDomain.CurrentDomain.HostSecurityManager.GenerateAppDomainEvidence(type);
- }
- else if (targetAssembly != null)
- {
- hostEvidence = AppDomain.CurrentDomain.HostSecurityManager.GenerateAssemblyEvidence(type, targetAssembly);
- }
-
- // If the host generated the evidence, verify that it generated the evidence we expected
- // and use that.
- if (hostEvidence != null)
- {
- if (!type.IsAssignableFrom(hostEvidence.GetType()))
- {
- string hostType = AppDomain.CurrentDomain.HostSecurityManager.GetType().FullName;
- string recievedType = hostEvidence.GetType().FullName;
- string requestedType = type.FullName;
-
- throw new InvalidOperationException(Environment.GetResourceString("Policy_IncorrectHostEvidence", hostType, recievedType, requestedType));
- }
-
- return hostEvidence;
- }
- }
-#endif // FEATURE_CAS_POLICY
-
- // Finally, check to see if the CLR can generate the evidence
- return m_target.GenerateEvidence(type);
- }
-
- [Obsolete("Evidence should not be treated as an ICollection. Please use GetHostEnumerator and GetAssemblyEnumerator to iterate over the evidence to collect a count.")]
- public int Count
- {
- get
- {
- int count = 0;
-
- IEnumerator hostEvidence = GetHostEnumerator();
- while (hostEvidence.MoveNext())
- {
- ++count;
- }
-
- IEnumerator assemblyEvidence = GetAssemblyEnumerator();
- while (assemblyEvidence.MoveNext())
- {
- ++count;
- }
-
- return count;
- }
- }
-
- /// <summary>
- /// Get the number of pieces of evidence which are currently generated, without causing any
- /// lazily generated evidence to be created.
- /// </summary>
- [ComVisible(false)]
- internal int RawCount
- {
- get
- {
- int count = 0;
-
- using (EvidenceLockHolder lockHolder = new EvidenceLockHolder(this, EvidenceLockHolder.LockType.Reader))
- {
- foreach (Type evidenceType in new List<Type>(m_evidence.Keys))
- {
- EvidenceTypeDescriptor descriptor = GetEvidenceTypeDescriptor(evidenceType);
-
- if (descriptor != null)
- {
- if (descriptor.AssemblyEvidence != null)
- {
- ++count;
- }
- if (descriptor.HostEvidence != null)
- {
- ++count;
- }
- }
- }
- }
-
- return count;
- }
- }
-
- public Object SyncRoot
- {
- get { return this; }
- }
-
- public bool IsSynchronized
- {
- get { return true; }
- }
-
- public bool IsReadOnly
- {
- get { return false; }
- }
-
-#if FEATURE_CAS_POLICY
- [ComVisible(false)]
- public Evidence Clone()
- {
- return new Evidence(this);
- }
-#endif // FEATURE_CAS_POLICY
-
- [ComVisible(false)]
- [SecuritySafeCritical]
- public void Clear()
- {
- if (Locked)
- {
- new SecurityPermission(SecurityPermissionFlag.ControlEvidence).Demand();
- }
-
- using (EvidenceLockHolder lockHolder = new EvidenceLockHolder(this, EvidenceLockHolder.LockType.Writer))
- {
- ++m_version;
- m_evidence.Clear();
- }
- }
-
- [ComVisible(false)]
- [SecuritySafeCritical]
- public void RemoveType(Type t)
- {
- if (t == null)
- throw new ArgumentNullException(nameof(t));
- Contract.EndContractBlock();
-
- using (EvidenceLockHolder lockHolder = new EvidenceLockHolder(this, EvidenceLockHolder.LockType.Writer))
- {
- EvidenceTypeDescriptor descriptor = GetEvidenceTypeDescriptor(t);
- if (descriptor != null)
- {
- ++m_version;
-
- // If we've locked this evidence collection, we need to do the lock check in the case that
- // either we have host evidence, or that the host might generate it, since removing the
- // evidence will cause us to bypass the host's ability to ever generate the evidence.
- if (Locked && (descriptor.HostEvidence != null || descriptor.HostCanGenerate))
- {
- new SecurityPermission(SecurityPermissionFlag.ControlEvidence).Demand();
- }
-
- m_evidence.Remove(t);
- }
- }
- }
-
- /// <summary>
- /// Mark all of the already generated evidence in the collection as having been used during a
- /// policy evaluation.
- /// </summary>
- internal void MarkAllEvidenceAsUsed()
- {
- using (EvidenceLockHolder lockHolder = new EvidenceLockHolder(this, EvidenceLockHolder.LockType.Reader))
- {
- foreach (KeyValuePair<Type, EvidenceTypeDescriptor> evidenceType in m_evidence)
- {
- if (evidenceType.Value != null)
- {
- IDelayEvaluatedEvidence hostEvidence = evidenceType.Value.HostEvidence as IDelayEvaluatedEvidence;
- if (hostEvidence != null)
- {
- hostEvidence.MarkUsed();
- }
-
- IDelayEvaluatedEvidence assemblyEvidence = evidenceType.Value.AssemblyEvidence as IDelayEvaluatedEvidence;
- if (assemblyEvidence != null)
- {
- assemblyEvidence.MarkUsed();
- }
- }
- }
- }
- }
-
-#if FEATURE_CAS_POLICY
- /// <summary>
- /// Determine if delay evaluated strong name evidence is contained in this collection, and if so
- /// if it was used during policy evaluation.
- ///
- /// This method is called from the VM in SecurityPolicy::WasStrongNameEvidenceUsed
- /// This class should be used as an adapter layer to allow the public facing EvidenceEnumerator to
- /// be able to get the evidence values out of an Evidence class. It is tightly coupled with the
- /// internal data structures holding the evidence objects in the Evidence class.
- /// </summary>
- private bool WasStrongNameEvidenceUsed()
- {
- using (EvidenceLockHolder lockHolder = new EvidenceLockHolder(this, EvidenceLockHolder.LockType.Reader))
- {
- EvidenceTypeDescriptor snTypeDescriptor = GetEvidenceTypeDescriptor(typeof(StrongName));
- if (snTypeDescriptor != null)
- {
- IDelayEvaluatedEvidence snEvidence = snTypeDescriptor.HostEvidence as IDelayEvaluatedEvidence;
- return snEvidence != null && snEvidence.WasUsed;
- }
-
- return false;
- }
- }
-#endif // FEATURE_CAS_POLICY
-
- /// <summary>
- /// Utility class to wrap acquiring a lock onto the evidence collection
- /// </summary>
- private class EvidenceLockHolder : IDisposable
- {
- private Evidence m_target;
- private LockType m_lockType;
-
- public enum LockType
- {
- Reader,
- Writer
- }
-
- public EvidenceLockHolder(Evidence target, LockType lockType)
- {
- Contract.Assert(target != null);
- Contract.Assert(lockType == LockType.Reader || lockType == LockType.Writer);
-
- m_target = target;
- m_lockType = lockType;
-
- if (m_lockType == LockType.Reader)
- {
- m_target.AcquireReaderLock();
- }
- else
- {
- m_target.AcquireWriterlock();
- }
- }
-
- public void Dispose()
- {
- if (m_lockType == LockType.Reader && m_target.IsReaderLockHeld)
- {
- m_target.ReleaseReaderLock();
- }
- else if (m_lockType == LockType.Writer && m_target.IsWriterLockHeld)
- {
- m_target.ReleaseWriterLock();
- }
- }
- }
-
- /// <summary>
- /// Utility class to wrap upgrading an acquired reader lock to a writer lock and then
- /// downgrading it back to a reader lock.
- /// </summary>
- private class EvidenceUpgradeLockHolder : IDisposable
- {
- private Evidence m_target;
- private LockCookie m_cookie;
-
- public EvidenceUpgradeLockHolder(Evidence target)
- {
- Contract.Assert(target != null);
-
- m_target = target;
- m_cookie = m_target.UpgradeToWriterLock();
- }
-
- public void Dispose()
- {
- if (m_target.IsWriterLockHeld)
- {
- m_target.DowngradeFromWriterLock(ref m_cookie);
- }
- }
- }
-
- /// <summary>
- /// Enumerator that iterates directly over the evidence type map, returning back the evidence objects
- /// that are contained in it. This enumerator will generate any lazy evaluated evidence it finds,
- /// but it does not attempt to deal with legacy evidence adapters.
- ///
- /// This class should be used as an adapter layer to allow the public facing EvidenceEnumerator to
- /// be able to get the evidence values out of an Evidence class. It is tightly coupled with the
- /// internal data structures holding the evidence objects in the Evidence class.
- /// </summary>
- internal sealed class RawEvidenceEnumerator : IEnumerator<EvidenceBase>
- {
- private Evidence m_evidence;
- private bool m_hostEnumerator; // true to enumerate host evidence, false to enumerate assembly evidence
- private uint m_evidenceVersion;
-
- private Type[] m_evidenceTypes;
- private int m_typeIndex;
- private EvidenceBase m_currentEvidence;
-
- private static volatile List<Type> s_expensiveEvidence;
-
- public RawEvidenceEnumerator(Evidence evidence, IEnumerable<Type> evidenceTypes, bool hostEnumerator)
- {
- Contract.Assert(evidence != null);
- Contract.Assert(evidenceTypes != null);
-
- m_evidence = evidence;
- m_hostEnumerator = hostEnumerator;
- m_evidenceTypes = GenerateEvidenceTypes(evidence, evidenceTypes, hostEnumerator);
- m_evidenceVersion = evidence.m_version;
-
- Reset();
- }
-
- public EvidenceBase Current
- {
- get
- {
- if (m_evidence.m_version != m_evidenceVersion)
- throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_EnumFailedVersion"));
-
- return m_currentEvidence;
- }
- }
-
- object IEnumerator.Current
- {
- get
- {
- if (m_evidence.m_version != m_evidenceVersion)
- throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_EnumFailedVersion"));
-
- return m_currentEvidence;
- }
- }
-
- /// <summary>
- /// List of types of evidence that we would like to avoid generating if possible
- /// </summary>
- private static List<Type> ExpensiveEvidence
- {
- get
- {
- if (s_expensiveEvidence == null)
- {
- List<Type> expensiveEvidence = new List<Type>();
-#if FEATURE_CAS_POLICY
- expensiveEvidence.Add(typeof(Hash));
- expensiveEvidence.Add(typeof(Publisher));
-#endif // FEATURE_CAS_POLICY
- s_expensiveEvidence = expensiveEvidence;
-
-#if _DEBUG
- List<Type> runtimeTypes = new List<Type>(Evidence.RuntimeEvidenceTypes);
- foreach (Type expensiveType in s_expensiveEvidence)
- {
- BCLDebug.Assert(runtimeTypes.Contains(expensiveType),
- "Evidence type not generated by the runtime found in expensive evidence type list");
- }
-#endif // _DEBUG
- }
-
- return s_expensiveEvidence;
- }
- }
-
- public void Dispose()
- {
- return;
- }
-
- /// <summary>
- /// Generate the array of types of evidence that could have values for
- /// </summary>
- private static Type[] GenerateEvidenceTypes(Evidence evidence,
- IEnumerable<Type> evidenceTypes,
- bool hostEvidence)
- {
- Contract.Assert(evidence != null);
- Contract.Assert(evidenceTypes != null);
-
- //
- // Sort the evidence being generated into three categories, which we enumerate in order:
- // 1. Evidence which has already been generated
- // 2. Evidence which is relatively inexpensive to generate
- // 3. Evidence which is expensive to generate.
- //
- // This allows us to be as efficient as possible in case the user of the enumerator stops the
- // enumeration before we step up to the next more expensive category.
- //
-
- List<Type> alreadyGeneratedList = new List<Type>();
- List<Type> inexpensiveList = new List<Type>();
- List<Type> expensiveList = new List<Type>(ExpensiveEvidence.Count);
-
- // Iterate over the evidence types classifying into the three groups. We need to copy the list
- // here since GetEvidenceTypeDescriptor will potentially update the evidence dictionary, which
- // evidenceTypes iterates over.
- foreach (Type evidenceType in evidenceTypes)
- {
- EvidenceTypeDescriptor descriptor = evidence.GetEvidenceTypeDescriptor(evidenceType);
- BCLDebug.Assert(descriptor != null, "descriptor != null");
-
- bool alreadyGenerated = (hostEvidence && descriptor.HostEvidence != null) ||
- (!hostEvidence && descriptor.AssemblyEvidence != null);
-
- if (alreadyGenerated)
- {
- alreadyGeneratedList.Add(evidenceType);
- }
- else if (ExpensiveEvidence.Contains(evidenceType))
- {
- expensiveList.Add(evidenceType);
- }
- else
- {
- inexpensiveList.Add(evidenceType);
- }
- }
-
- Type[] enumerationTypes = new Type[alreadyGeneratedList.Count + inexpensiveList.Count + expensiveList.Count];
- alreadyGeneratedList.CopyTo(enumerationTypes, 0);
- inexpensiveList.CopyTo(enumerationTypes, alreadyGeneratedList.Count);
- expensiveList.CopyTo(enumerationTypes, alreadyGeneratedList.Count + inexpensiveList.Count);
-
- return enumerationTypes;
- }
-
- [SecuritySafeCritical]
- public bool MoveNext()
- {
- using (EvidenceLockHolder lockHolder = new EvidenceLockHolder(m_evidence, EvidenceLockHolder.LockType.Reader))
- {
- if (m_evidence.m_version != m_evidenceVersion)
- throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_EnumFailedVersion"));
-
- m_currentEvidence = null;
-
- // Iterate over the possible types of evidence that we could have until we find one that
- // really exists, or we run out of posibilities.
- do
- {
- ++m_typeIndex;
-
- if (m_typeIndex < m_evidenceTypes.Length)
- {
- if (m_hostEnumerator)
- {
- m_currentEvidence = m_evidence.GetHostEvidenceNoLock(m_evidenceTypes[m_typeIndex]);
- }
- else
- {
- m_currentEvidence = m_evidence.GetAssemblyEvidenceNoLock(m_evidenceTypes[m_typeIndex]);
- }
- }
- }
- while (m_typeIndex < m_evidenceTypes.Length && m_currentEvidence == null);
- }
-
- return m_currentEvidence != null;
- }
-
- public void Reset()
- {
- if (m_evidence.m_version != m_evidenceVersion)
- throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_EnumFailedVersion"));
-
- m_typeIndex = -1;
- m_currentEvidence = null;
- }
- }
-
- private sealed class EvidenceEnumerator : IEnumerator
- {
- private Evidence m_evidence;
- private Category m_category;
- private Stack m_enumerators;
-
- private object m_currentEvidence;
-
- [Flags]
- internal enum Category
- {
- Host = 0x1, // Enumerate only host supplied evidence
- Assembly = 0x2 // Enumerate only assembly supplied evidence
- }
-
- internal EvidenceEnumerator(Evidence evidence, Category category)
- {
- Contract.Assert(evidence != null);
- Contract.Assert(evidence.IsReaderLockHeld);
-
- m_evidence = evidence;
- m_category = category;
- ResetNoLock();
- }
-
- public bool MoveNext()
- {
- IEnumerator currentEnumerator = CurrentEnumerator;
-
- // No more enumerators means we can't go any further
- if (currentEnumerator == null)
- {
- m_currentEvidence = null;
- return false;
- }
-
- // See if the current enumerator can continue
- if (currentEnumerator.MoveNext())
- {
- //
- // If we've found an adapter for legacy evidence, we need to unwrap it for it to be the
- // current enumerator's value. For wrapped evidence, this is a simple unwrap, for a list of
- // evidence, we need to make that the current enumerator and get its first value.
- //
-
- LegacyEvidenceWrapper legacyWrapper = currentEnumerator.Current as LegacyEvidenceWrapper;
- LegacyEvidenceList legacyList = currentEnumerator.Current as LegacyEvidenceList;
-
- if (legacyWrapper != null)
- {
- m_currentEvidence = legacyWrapper.EvidenceObject;
- }
- else if (legacyList != null)
- {
- IEnumerator legacyListEnumerator = legacyList.GetEnumerator();
- m_enumerators.Push(legacyListEnumerator);
- MoveNext();
- }
- else
- {
- m_currentEvidence = currentEnumerator.Current;
- }
-
- BCLDebug.Assert(m_currentEvidence != null, "m_currentEvidence != null");
- return true;
- }
- else
- {
- // If we've reached the end of the current enumerator, move to the next one and try again
- m_enumerators.Pop();
- return MoveNext();
- }
- }
-
- public object Current
- {
- get { return m_currentEvidence; }
- }
-
- private IEnumerator CurrentEnumerator
- {
- get
- {
- return m_enumerators.Count > 0 ? m_enumerators.Peek() as IEnumerator : null;
- }
- }
-
- public void Reset()
- {
- using (EvidenceLockHolder lockHolder = new EvidenceLockHolder(m_evidence, EvidenceLockHolder.LockType.Reader))
- {
- ResetNoLock();
- }
- }
-
- private void ResetNoLock()
- {
- Contract.Assert(m_evidence != null);
- Contract.Assert(m_evidence.IsReaderLockHeld);
-
- m_currentEvidence = null;
- m_enumerators = new Stack();
-
- if ((m_category & Category.Host) == Category.Host)
- {
- m_enumerators.Push(m_evidence.GetRawHostEvidenceEnumerator());
- }
- if ((m_category & Category.Assembly) == Category.Assembly)
- {
- m_enumerators.Push(m_evidence.GetRawAssemblyEvidenceEnumerator());
- }
- }
- }
-#endif //!FEATURE_CORECLR && FEATURE_RWLOCK
}
}
**
===========================================================*/
namespace System.Security
-{
+{
using Microsoft.Win32;
using Microsoft.Win32.SafeHandles;
using System.Threading;
using System.Runtime.Remoting;
-#if FEATURE_IMPERSONATION
- using System.Security.Principal;
-#endif
using System.Collections;
using System.Runtime.Serialization;
using System.Security.Permissions;
All = 0x3FFF
}
-#if FEATURE_IMPERSONATION
- internal enum WindowsImpersonationFlowMode {
- IMP_FASTFLOW = 0,
- IMP_NOFLOW = 1,
- IMP_ALWAYSFLOW = 2,
- IMP_DEFAULT = IMP_FASTFLOW
- }
-#endif
-
#if FEATURE_COMPRESSEDSTACK
internal struct SecurityContextSwitcher: IDisposable
{
internal SecurityContext currSC; //current SC - SetSecurityContext that created the switcher set this on the Thread
internal ExecutionContext currEC; // current ExecutionContext on Thread
internal CompressedStackSwitcher cssw;
-#if FEATURE_IMPERSONATION
- internal WindowsImpersonationContext wic;
-#endif
[System.Security.SecuritySafeCritical] // overrides public transparent member
public void Dispose()
currSC = null; // this will prevent the switcher object being used again
bool bNoException = true;
-#if FEATURE_IMPERSONATION
- try
- {
- if (wic != null)
- bNoException &= wic.UndoNoThrow();
- }
- catch
- {
- // Failfast since we can't continue safely...
- bNoException &= cssw.UndoNoThrow();
- System.Environment.FailFast(Environment.GetResourceString("ExecutionContext_UndoFailed"));
-
- }
-#endif
+
bNoException &= cssw.UndoNoThrow();
}
}
-
public sealed class SecurityContext : IDisposable
{
-#if FEATURE_IMPERSONATION
- // Note that only one of the following variables will be true. The way we set up the flow mode in the g_pConfig guarantees this.
- static bool _LegacyImpersonationPolicy = (GetImpersonationFlowMode() == WindowsImpersonationFlowMode.IMP_NOFLOW);
- static bool _alwaysFlowImpersonationPolicy = (GetImpersonationFlowMode() == WindowsImpersonationFlowMode.IMP_ALWAYSFLOW);
-#endif
/*=========================================================================
** Data accessed from managed code that needs to be defined in
** SecurityContextObject to maintain alignment between the two classes.
=========================================================================*/
private ExecutionContext _executionContext;
-#if FEATURE_IMPERSONATION
- private volatile WindowsIdentity _windowsIdentity;
-#endif
private volatile CompressedStack _compressedStack;
static private volatile SecurityContext _fullTrustSC;
_executionContext = value;
}
}
-
-#if FEATURE_IMPERSONATION
-
-
- internal WindowsIdentity WindowsIdentity
- {
- get
- {
- return _windowsIdentity;
- }
- set
- {
- // Note, we do not dispose of the existing windows identity, since some code such as remoting
- // relies on reusing that identity. If you are not going to reuse the existing identity, then
- // you should dispose of the existing identity before resetting it.
- _windowsIdentity = value;
- }
- }
-#endif // FEATURE_IMPERSONATION
-
internal CompressedStack CompressedStack
{
get
public void Dispose()
{
-#if FEATURE_IMPERSONATION
- if (_windowsIdentity != null)
- _windowsIdentity.Dispose();
-#endif // FEATURE_IMPERSONATION
}
[System.Security.SecurityCritical] // auto-generated_required
{
return SecurityContext.IsFlowSuppressed(SecurityContextDisableFlow.All);
}
-#if FEATURE_IMPERSONATION
- public static bool IsWindowsIdentityFlowSuppressed()
- {
- return (_LegacyImpersonationPolicy|| SecurityContext.IsFlowSuppressed(SecurityContextDisableFlow.WI));
- }
-#endif
+
[SecuritySafeCritical]
internal static bool IsFlowSuppressed(SecurityContextDisableFlow flags)
{
RuntimeHelpers.PrepareConstrainedRegions();
try
{
-#if FEATURE_IMPERSONATION
- scsw.wic = null;
- if (!_LegacyImpersonationPolicy)
- {
- if (sc.WindowsIdentity != null)
- {
- scsw.wic = sc.WindowsIdentity.Impersonate(ref stackMark);
- }
- else if ( ((_capturedFlowState & SecurityContextDisableFlow.WI) == 0)
- && prevSecurityContext.WindowsIdentity != null)
- {
- // revert impersonation if there was no WI flow supression at capture and we're currently impersonating
- scsw.wic = WindowsIdentity.SafeRevertToSelf(ref stackMark);
- }
- }
-#endif
scsw.cssw = CompressedStack.SetCompressedStack(sc.CompressedStack, prevSecurityContext.CompressedStack);
}
catch
sc.isNewCapture = true;
sc._disableFlow = _disableFlow;
-#if FEATURE_IMPERSONATION
- if (WindowsIdentity != null)
- sc._windowsIdentity = new WindowsIdentity(WindowsIdentity.AccessToken);
-#endif //FEATURE_IMPERSONATION
-
if (_compressedStack != null)
sc._compressedStack = _compressedStack.CreateCopy();
SecurityContext sc = new SecurityContext();
sc._disableFlow = this._disableFlow;
-#if FEATURE_IMPERSONATION
- if (this.WindowsIdentity != null)
- sc._windowsIdentity = new WindowsIdentity(this.WindowsIdentity.AccessToken);
-#endif //FEATURE_IMPERSONATION
-
if (this._compressedStack != null)
sc._compressedStack = this._compressedStack.CreateCopy();
SecurityContext sc = new SecurityContext();
sc.isNewCapture = true;
-#if FEATURE_IMPERSONATION
- // Force create WindowsIdentity
- if (!IsWindowsIdentityFlowSuppressed())
- {
- WindowsIdentity currentIdentity = GetCurrentWI(currThreadEC);
- if (currentIdentity != null)
- sc._windowsIdentity = new WindowsIdentity(currentIdentity.AccessToken);
- }
- else
- {
- sc._disableFlow = SecurityContextDisableFlow.WI;
- }
-#endif // FEATURE_IMPERSONATION
-
// Force create CompressedStack
sc.CompressedStack = CompressedStack.GetCompressedStack(ref stackMark);
return sc;
}
+
[System.Security.SecurityCritical] // auto-generated
static internal SecurityContext CreateFullTrustSecurityContext()
{
SecurityContext sc = new SecurityContext();
sc.isNewCapture = true;
-
-#if FEATURE_IMPERSONATION
- if (IsWindowsIdentityFlowSuppressed())
- {
- sc._disableFlow = SecurityContextDisableFlow.WI;
- }
-#endif // FEATURE_IMPERSONATION
-
// Force create CompressedStack
sc.CompressedStack = new CompressedStack(null);
return sc;
}
-#if FEATURE_IMPERSONATION
-
- static internal bool AlwaysFlowImpersonationPolicy { get { return _alwaysFlowImpersonationPolicy; } }
-
- // Check to see if we have a WI on the thread and return if we do
- [System.Security.SecurityCritical] // auto-generated
- [MethodImpl(MethodImplOptions.AggressiveInlining)]
- static internal WindowsIdentity GetCurrentWI(ExecutionContext.Reader threadEC)
- {
- return GetCurrentWI(threadEC, _alwaysFlowImpersonationPolicy);
- }
-
- [System.Security.SecurityCritical] // auto-generated
- [MethodImpl(MethodImplOptions.AggressiveInlining)]
- static internal WindowsIdentity GetCurrentWI(ExecutionContext.Reader threadEC, bool cachedAlwaysFlowImpersonationPolicy)
- {
- Contract.Assert(cachedAlwaysFlowImpersonationPolicy == _alwaysFlowImpersonationPolicy);
- if (cachedAlwaysFlowImpersonationPolicy)
- {
- // Examine the threadtoken at the cost of a kernel call if the user has set the IMP_ALWAYSFLOW mode
- return WindowsIdentity.GetCurrentInternal(TokenAccessLevels.MaximumAllowed, true);
- }
-
- return threadEC.SecurityContext.WindowsIdentity;
- }
-
- [System.Security.SecurityCritical]
- static internal void RestoreCurrentWI(ExecutionContext.Reader currentEC, ExecutionContext.Reader prevEC, WindowsIdentity targetWI, bool cachedAlwaysFlowImpersonationPolicy)
- {
- Contract.Assert(currentEC.IsSame(Thread.CurrentThread.GetExecutionContextReader()));
- Contract.Assert(cachedAlwaysFlowImpersonationPolicy == _alwaysFlowImpersonationPolicy);
-
- // NOTE: cachedAlwaysFlowImpersonationPolicy is a perf optimization to avoid always having to access a static variable here.
- if (cachedAlwaysFlowImpersonationPolicy || prevEC.SecurityContext.WindowsIdentity != targetWI)
- {
- //
- // Either we're always flowing, or the target WI was obtained from the current EC in the first place.
- //
- Contract.Assert(_alwaysFlowImpersonationPolicy || currentEC.SecurityContext.WindowsIdentity == targetWI);
-
- RestoreCurrentWIInternal(targetWI);
- }
- }
-
- [System.Security.SecurityCritical]
- static private void RestoreCurrentWIInternal(WindowsIdentity targetWI)
- {
- int hr = Win32.RevertToSelf();
- if (hr < 0)
- Environment.FailFast(Win32Native.GetMessage(hr));
-
- if (targetWI != null)
- {
- SafeAccessTokenHandle tokenHandle = targetWI.AccessToken;
- if (tokenHandle != null && !tokenHandle.IsInvalid)
- {
- hr = Win32.ImpersonateLoggedOnUser(tokenHandle);
- if (hr < 0)
- Environment.FailFast(Win32Native.GetMessage(hr));
- }
- }
- }
-
- [System.Security.SecurityCritical] // auto-generated
- internal bool IsDefaultFTSecurityContext()
- {
- return (WindowsIdentity == null && (CompressedStack == null || CompressedStack.CompressedStackHandle == null));
- }
- [System.Security.SecurityCritical] // auto-generated
- [MethodImpl(MethodImplOptions.AggressiveInlining)]
- static internal bool CurrentlyInDefaultFTSecurityContext(ExecutionContext.Reader threadEC)
- {
- return (IsDefaultThreadSecurityInfo() && GetCurrentWI(threadEC) == null);
- }
-#else
-
internal bool IsDefaultFTSecurityContext()
{
return (CompressedStack == null || CompressedStack.CompressedStackHandle == null);
{
return (IsDefaultThreadSecurityInfo());
}
-#endif
-#if FEATURE_IMPERSONATION
- [System.Security.SecuritySafeCritical] // auto-generated
- [MethodImplAttribute(MethodImplOptions.InternalCall), ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)]
- internal extern static WindowsImpersonationFlowMode GetImpersonationFlowMode();
-#endif
+
[System.Security.SecurityCritical] // auto-generated
[MethodImplAttribute(MethodImplOptions.InternalCall), ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)]
internal extern static bool IsDefaultThreadSecurityInfo();
-
}
#endif // FEATURE_COMPRESSEDSTACK
}
// The .NET Foundation licenses this file to you under the MIT license.
// See the LICENSE file in the project root for more information.
-//
-
-//
//
// The SecurityManager class provides a general purpose API for interacting
// with the security system.
//
-namespace System.Security {
+namespace System.Security
+{
using System;
- using System.Security.Util;
- using System.Security.Policy;
using System.Security.Permissions;
- using System.Collections;
using System.Runtime.InteropServices;
using System.Runtime.CompilerServices;
-#if FEATURE_CLICKONCE
- using System.Runtime.Hosting;
-#endif // FEATURE_CLICKONCE
- using System.Text;
- using System.Threading;
- using System.Reflection;
- using System.IO;
- using System.Globalization;
- using System.Runtime.Versioning;
- using System.Diagnostics.Contracts;
[Serializable]
[System.Runtime.InteropServices.ComVisible(true)]
}
[System.Runtime.InteropServices.ComVisible(true)]
- static public class SecurityManager {
-#if FEATURE_CAS_POLICY
- private static volatile SecurityPermission executionSecurityPermission = null;
-
- private static PolicyManager polmgr = new PolicyManager();
- internal static PolicyManager PolicyManager {
- get {
- return polmgr;
- }
- }
-
- //
- // Public APIs
- //
- [System.Security.SecuritySafeCritical] // auto-generated
- [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable
- [Obsolete("IsGranted is obsolete and will be removed in a future release of the .NET Framework. Please use the PermissionSet property of either AppDomain or Assembly instead.")]
- public static bool IsGranted( IPermission perm )
- {
- if (perm == null)
- return true;
-
- PermissionSet granted = null, denied = null;
- StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller;
- GetGrantedPermissions( JitHelpers.GetObjectHandleOnStack(ref granted),
- JitHelpers.GetObjectHandleOnStack(ref denied),
- JitHelpers.GetStackCrawlMarkHandle(ref stackMark) );
- return granted.Contains( perm ) && (denied == null || !denied.Contains( perm ));
- }
-
- // Get a sandbox permission set that the CLR considers safe to grant an application with the given
- // evidence. Note that this API is not a policy API, but rather a host helper API so that a host can
- // determine if an application's requested permission set is reasonable. This is esentially just a
- // hard coded mapping of Zone -> Sandbox and is not configurable in any way.
- public static PermissionSet GetStandardSandbox(Evidence evidence)
- {
- if (evidence == null)
- throw new ArgumentNullException(nameof(evidence));
- Contract.EndContractBlock();
-
- //
- // The top-level switch for grant set is based upon Zone
- // MyComputer -> FullTrust
- // Intranet -> LocalIntranet
- // Trusted -> Internet
- // Internet -> Internet
- // All else -> Nothing
- //
- // Both the Internet and LocalIntranet zones can have permission set extensions applied to them
- // if there is Activation.
- //
-
- Zone zone = evidence.GetHostEvidence<Zone>();
- if (zone == null)
- {
- return new PermissionSet(PermissionState.None);
- }
-#if FEATURE_CAS_POLICY
- else if (zone.SecurityZone == SecurityZone.MyComputer)
- {
- return new PermissionSet(PermissionState.Unrestricted);
- }
- else if (zone.SecurityZone == SecurityZone.Intranet)
- {
- PermissionSet intranetGrantSet = BuiltInPermissionSets.LocalIntranet;
-
- // We also need to add in same site web and file IO permission
- PolicyStatement webPolicy =
- new NetCodeGroup(new AllMembershipCondition()).Resolve(evidence);
- PolicyStatement filePolicy =
- new FileCodeGroup(new AllMembershipCondition(), FileIOPermissionAccess.Read | FileIOPermissionAccess.PathDiscovery).Resolve(evidence);
-
- if (webPolicy != null)
- {
- intranetGrantSet.InplaceUnion(webPolicy.PermissionSet);
- }
- if (filePolicy != null)
- {
- intranetGrantSet.InplaceUnion(filePolicy.PermissionSet);
- }
-
- return intranetGrantSet;
- }
- else if (zone.SecurityZone == SecurityZone.Internet ||
- zone.SecurityZone == SecurityZone.Trusted)
- {
- PermissionSet internetGrantSet = BuiltInPermissionSets.Internet;
-
- // We also need to add in same site web permission
- PolicyStatement webPolicy =
- new NetCodeGroup(new AllMembershipCondition()).Resolve(evidence);
-
- if (webPolicy != null)
- {
- internetGrantSet.InplaceUnion(webPolicy.PermissionSet);
- }
-
- return internetGrantSet;
- }
-#endif // FEATURE_CAS_POLICY
- else
- {
- return new PermissionSet(PermissionState.None);
- }
- }
-
- /// <internalonly/>
- [System.Security.SecurityCritical] // auto-generated_required
- [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable
- static public void GetZoneAndOrigin( out ArrayList zone, out ArrayList origin )
- {
- StackCrawlMark mark = StackCrawlMark.LookForMyCaller;
- CodeAccessSecurityEngine.GetZoneAndOrigin( ref mark, out zone, out origin );
- }
- [System.Security.SecuritySafeCritical] // auto-generated
- [SecurityPermissionAttribute( SecurityAction.Demand, Flags = SecurityPermissionFlag.ControlPolicy )]
- [Obsolete("This method is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")]
- static public PolicyLevel LoadPolicyLevelFromFile(string path, PolicyLevelType type)
- {
- if (path == null)
- throw new ArgumentNullException( nameof(path) );
- Contract.EndContractBlock();
-
- if (!AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled)
- {
- throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyExplicit"));
- }
-
- // We need to retain V1.x compatibility by throwing the same exception type.
- if (!File.InternalExists(path))
- throw new ArgumentException( Environment.GetResourceString("Argument_PolicyFileDoesNotExist"));
-
- String fullPath = Path.GetFullPath( path );
-
- FileIOPermission perm = new FileIOPermission( PermissionState.None );
- perm.AddPathList( FileIOPermissionAccess.Read, fullPath );
- perm.AddPathList( FileIOPermissionAccess.Write, fullPath );
- perm.Demand();
-
- using (FileStream stream = new FileStream(path, FileMode.Open, FileAccess.Read)) {
- using (StreamReader reader = new StreamReader(stream)) {
- return LoadPolicyLevelFromStringHelper(reader.ReadToEnd(), path, type);
- }
- }
- }
-
- [System.Security.SecuritySafeCritical] // auto-generated
- [SecurityPermissionAttribute( SecurityAction.Demand, Flags = SecurityPermissionFlag.ControlPolicy )]
- [Obsolete("This method is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")]
- static public PolicyLevel LoadPolicyLevelFromString(string str, PolicyLevelType type)
- {
- return LoadPolicyLevelFromStringHelper(str, null, type);
- }
-
- private static PolicyLevel LoadPolicyLevelFromStringHelper (string str, string path, PolicyLevelType type)
- {
- if (str == null)
- throw new ArgumentNullException( nameof(str) );
- Contract.EndContractBlock();
-
- PolicyLevel level = new PolicyLevel(type, path);
-
- Parser parser = new Parser( str );
- SecurityElement elRoot = parser.GetTopElement();
- if (elRoot == null)
- throw new ArgumentException( String.Format( CultureInfo.CurrentCulture, Environment.GetResourceString( "Policy_BadXml" ), "configuration" ) );
-
- SecurityElement elMscorlib = elRoot.SearchForChildByTag( "mscorlib" );
- if (elMscorlib == null)
- throw new ArgumentException( String.Format( CultureInfo.CurrentCulture, Environment.GetResourceString( "Policy_BadXml" ), "mscorlib" ) );
-
- SecurityElement elSecurity = elMscorlib.SearchForChildByTag( "security" );
- if (elSecurity == null)
- throw new ArgumentException( String.Format( CultureInfo.CurrentCulture, Environment.GetResourceString( "Policy_BadXml" ), "security" ) );
-
- SecurityElement elPolicy = elSecurity.SearchForChildByTag( "policy" );
- if (elPolicy == null)
- throw new ArgumentException( String.Format( CultureInfo.CurrentCulture, Environment.GetResourceString( "Policy_BadXml" ), "policy" ) );
-
- SecurityElement elPolicyLevel = elPolicy.SearchForChildByTag( "PolicyLevel" );
- if (elPolicyLevel != null)
- level.FromXml( elPolicyLevel );
- else
- throw new ArgumentException( String.Format( CultureInfo.CurrentCulture, Environment.GetResourceString( "Policy_BadXml" ), nameof(PolicyLevel) ) );
-
- return level;
- }
-
- [System.Security.SecuritySafeCritical] // auto-generated
- [SecurityPermissionAttribute( SecurityAction.Demand, Flags = SecurityPermissionFlag.ControlPolicy )]
- [Obsolete("This method is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")]
- static public void SavePolicyLevel( PolicyLevel level )
- {
- if (!AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled)
- {
- throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyExplicit"));
- }
-
- PolicyManager.EncodeLevel( level );
- }
-
- [System.Security.SecuritySafeCritical] // auto-generated
- [Obsolete("This method is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")]
- static public PermissionSet ResolvePolicy(Evidence evidence,
- PermissionSet reqdPset,
- PermissionSet optPset,
- PermissionSet denyPset,
- out PermissionSet denied)
- {
- if (!AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled)
- {
- throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyExplicit"));
- }
-
- return ResolvePolicy(evidence, reqdPset, optPset, denyPset, out denied, true);
- }
-
- [System.Security.SecuritySafeCritical] // auto-generated
- [Obsolete("This method is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")]
- static public PermissionSet ResolvePolicy(Evidence evidence)
- {
- if (!AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled)
- {
- throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyExplicit"));
- }
-
- // If we aren't passed any evidence, just make an empty object
- if (evidence == null)
- {
- evidence = new Evidence();
- }
-
- return polmgr.Resolve(evidence);
- }
-
- [Obsolete("This method is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")]
- static public PermissionSet ResolvePolicy( Evidence[] evidences )
- {
- if (!AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled)
- {
- throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyExplicit"));
- }
-
- if (evidences == null || evidences.Length == 0)
- evidences = new Evidence[] { null };
-
- PermissionSet retval = ResolvePolicy( evidences[0] );
- if (retval == null)
- return null;
-
- for (int i = 1; i < evidences.Length; ++i)
- {
- retval = retval.Intersect( ResolvePolicy( evidences[i] ) );
- if (retval == null || retval.IsEmpty())
- return retval;
- }
-
- return retval;
- }
-
-#if FEATURE_CAS_POLICY
- // Determine if the current thread would require a security context capture if the security state of
- // the thread needs to be re-created at a later point in time. This can be used, for instance, if
- // sensitive data is being obtained after security demands succeed, and that data is to be cached.
- // If there is an Assert up the stack, then we wouldn't want to cache the data without capturing the
- // corresponding security context to go along with it - otherwise we risk leaking data obtained
- // under an assert to code which may no longer be running with that assert in place.
- //
- // A return value of false indicates that the CLR guarantees all of the following conditions are true:
- // 1. No partial trust AppDomains are on the stack
- // 2. No partial trust assemblies are on the stack
- // 3. There are no currently active PermitOnly or Deny modifiers on the stack
- //
- // A return value of true means only that the CLR cannot guarantee that all of the conditions are
- // true, and not that one of the conditions really is false.
- //
- // IMPORTANT: The above means is only reliable in the false return case. If we say that the thread
- // does not require a context capture, then that answer is guaranteed to be correct. However, we may
- // say that the thread does require a capture when it does not actually strictly need to capture the
- // state. This is fine, as being overly conservative when capturing context will not lead to
- // security holes; being overly agresssive in avoding the capture could lead to holes however.
- //
- // This API is SecurityCritical because its main use is to optimize away unnecessary security
- // context captures, which means that the code using it is security sensitive and needs to be audited.
- [SecurityCritical]
- public static bool CurrentThreadRequiresSecurityContextCapture()
- {
- // If we know that the thread is not made up of entirely full trust code, and that there are no
- // security stack modifiers on the thread, then there is no need to capture a security context.
- return !CodeAccessSecurityEngine.QuickCheckForAllDemands();
- }
-#endif // FEATURE_CAS_POLICY
-
- //
- // This method resolves the policy for the specified evidence, but it
- // ignores the AppDomain level even when one is available in the current policy.
- //
-
- [System.Security.SecuritySafeCritical] // auto-generated
- [Obsolete("This method is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")]
- public static PermissionSet ResolveSystemPolicy (Evidence evidence)
- {
- if (!AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled)
- {
- throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyExplicit"));
- }
-
- if (PolicyManager.IsGacAssembly(evidence))
- {
- return new PermissionSet(PermissionState.Unrestricted);
- }
-
- return polmgr.CodeGroupResolve(evidence, true);
- }
-
- [System.Security.SecuritySafeCritical] // auto-generated
- [Obsolete("This method is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")]
- static public IEnumerator ResolvePolicyGroups(Evidence evidence)
- {
- if (!AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled)
- {
- throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyExplicit"));
- }
-
- return polmgr.ResolveCodeGroups(evidence);
- }
-
- [System.Security.SecuritySafeCritical] // auto-generated
- [Obsolete("This method is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")]
- public static IEnumerator PolicyHierarchy()
- {
- if (!AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled)
- {
- throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyExplicit"));
- }
-
- return polmgr.PolicyHierarchy();
- }
-
- [System.Security.SecuritySafeCritical] // auto-generated
- [SecurityPermissionAttribute( SecurityAction.Demand, Flags = SecurityPermissionFlag.ControlPolicy )]
- [Obsolete("This method is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")]
- public static void SavePolicy()
- {
- if (!AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled)
- {
- throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyExplicit"));
- }
-
- polmgr.Save();
- }
-
-
- [System.Security.SecurityCritical] // auto-generated
- private static PermissionSet ResolveCasPolicy(Evidence evidence,
- PermissionSet reqdPset,
- PermissionSet optPset,
- PermissionSet denyPset,
- out PermissionSet denied,
- out int securitySpecialFlags,
- bool checkExecutionPermission)
- {
- Contract.Assert(AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled);
-
- CodeAccessPermission.Assert(true);
-
- PermissionSet granted = ResolvePolicy(evidence,
- reqdPset,
- optPset,
- denyPset,
- out denied,
- checkExecutionPermission);
-
- securitySpecialFlags = SecurityManager.GetSpecialFlags(granted, denied);
- return granted;
- }
-
- [System.Security.SecurityCritical] // auto-generated
- static private PermissionSet ResolvePolicy(Evidence evidence,
- PermissionSet reqdPset,
- PermissionSet optPset,
- PermissionSet denyPset,
- out PermissionSet denied,
- bool checkExecutionPermission)
- {
- Contract.Assert(AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled);
-
- if (executionSecurityPermission == null)
- executionSecurityPermission = new SecurityPermission(SecurityPermissionFlag.Execution);
-
- PermissionSet requested = null;
- PermissionSet optional;
- PermissionSet allowed;
-
- Exception savedException = null;
-
- // We don't want to recurse back into here as a result of a
- // stackwalk during resolution. So simply assert full trust (this
- // implies that custom permissions cannot use any permissions that
- // don't implement IUnrestrictedPermission.
- // PermissionSet.s_fullTrust.Assert();
-
- // The requested set is the union of the minimal request and the
- // optional request. Minimal request defaults to empty, optional
- // is "AllPossible" (includes any permission that can be defined)
- // which is symbolized by null.
- optional = optPset;
-
- if (reqdPset == null)
- requested = optional;
- else
- // If optional is null, the requested set becomes null/"AllPossible".
- requested = optional == null ? null : reqdPset.Union(optional);
-
- // Make sure that the right to execute is requested (if this feature is
- // enabled).
-
- if (requested != null && !requested.IsUnrestricted())
- requested.AddPermission( executionSecurityPermission );
-
- // If we aren't passed any evidence, just make an empty object
- if (evidence == null)
- {
- evidence = new Evidence();
- }
-
- allowed = polmgr.Resolve(evidence);
- // Intersect the grant with the RequestOptional
- if (requested != null)
- allowed.InplaceIntersect(requested);
-
- // Check that we were granted the right to execute.
- if (checkExecutionPermission)
- {
- if (!allowed.Contains(executionSecurityPermission) ||
- (denyPset != null && denyPset.Contains(executionSecurityPermission)))
- {
- throw new PolicyException(Environment.GetResourceString("Policy_NoExecutionPermission"),
- System.__HResults.CORSEC_E_NO_EXEC_PERM,
- savedException);
- }
- }
-
- // Check that we were granted at least the minimal set we asked for. Do
- // this before pruning away any overlap with the refused set so that
- // users have the flexability of defining minimal permissions that are
- // only expressable as set differences (e.g. allow access to "C:\" but
- // disallow "C:\Windows").
- if (reqdPset != null && !reqdPset.IsSubsetOf(allowed))
- {
- BCLDebug.Assert(AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled, "Evaluating assembly level declarative security without legacy CAS policy enabled");
- throw new PolicyException(Environment.GetResourceString( "Policy_NoRequiredPermission" ),
- System.__HResults.CORSEC_E_MIN_GRANT_FAIL,
- savedException );
- }
-
- // Remove any granted permissions that are safe subsets of some denied
- // permission. The remaining denied permissions (if any) are returned
- // along with the modified grant set for use in checks.
- if (denyPset != null)
- {
- BCLDebug.Assert(AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled, "Evaluating assembly level declarative security without legacy CAS policy enabled");
- denied = denyPset.Copy();
- allowed.MergeDeniedSet(denied);
- if (denied.IsEmpty())
- denied = null;
- }
- else
- denied = null;
-
- allowed.IgnoreTypeLoadFailures = true;
-
- return allowed;
- }
-
- [Obsolete("Because execution permission checks can no longer be turned off, the CheckExecutionRights property no longer has any effect.")]
- static public bool CheckExecutionRights
- {
- get { return true; }
-
- set
- {
- // The setter for this property is a no-op since execution checking can no longer be turned off
- }
- }
-
- [Obsolete("Because security can no longer be turned off, the SecurityEnabled property no longer has any effect.")]
- public static bool SecurityEnabled
- {
- get { return true; }
-
- set
- {
- // The setter for this property is a no-op since security cannot be turned off
- }
- }
-#endif // #if FEATURE_CAS_POLICY
-
+ static public class SecurityManager
+ {
private static int[][] s_BuiltInPermissionIndexMap = {
new int[] { BuiltInPermissionIndex.EnvironmentPermissionIndex, (int) PermissionType.EnvironmentPermission },
new int[] { BuiltInPermissionIndex.FileDialogPermissionIndex, (int) PermissionType.FileDialogPermission },
return flags;
}
#pragma warning restore 618
-
+
[System.Security.SecurityCritical] // auto-generated
[DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode)]
[SuppressUnmanagedCodeSecurity]
#if PLATFORM_UNIX
Interop.Sys.MaxPath))
#else
- #if FEATURE_PATHCOMPAT
- AppContextSwitches.BlockLongPaths ? PathInternal.MaxShortPath :
- #endif
PathInternal.MaxLongPath))
#endif
{
ExecutionContext.CaptureOptions.IgnoreSyncCtx);
t.SetExecutionContextHelper(ec);
}
-#if FEATURE_IMPERSONATION
- IPrincipal principal = (IPrincipal)CallContext.Principal;
-#else
+
IPrincipal principal = null;
-#endif
StartInternal(principal, ref stackMark);
}
-
#if FEATURE_CORECLR
internal ExecutionContext ExecutionContext
{
private static extern void nativeInitCultureAccessors();
#endif
- /*=============================================================*/
-
- /*======================================================================
- ** Current thread context is stored in a slot in the thread local store
- ** CurrentContext gets the Context from the slot.
- ======================================================================*/
-#if FEATURE_REMOTING
- public static Context CurrentContext
- {
- [System.Security.SecurityCritical] // auto-generated_required
- get
- {
- return CurrentThread.GetCurrentContextInternal();
- }
- }
-
- [System.Security.SecurityCritical] // auto-generated
- internal Context GetCurrentContextInternal()
- {
- if (m_Context == null)
- {
- m_Context = Context.DefaultContext;
- }
- return m_Context;
- }
-#endif
-
-
-#if FEATURE_IMPERSONATION
- // Get and set thread's current principal (for role based security).
- public static IPrincipal CurrentPrincipal
- {
- [System.Security.SecuritySafeCritical] // auto-generated
- get
- {
- lock (CurrentThread)
- {
- IPrincipal principal = (IPrincipal)
- CallContext.Principal;
- if (principal == null)
- {
- principal = GetDomain().GetThreadPrincipal();
- CallContext.Principal = principal;
- }
- return principal;
- }
- }
-
- [System.Security.SecuritySafeCritical] // auto-generated
- [SecurityPermissionAttribute(SecurityAction.Demand, Flags=SecurityPermissionFlag.ControlPrincipal)]
- set
- {
- CallContext.Principal = value;
- }
- }
-
- // Private routine called from unmanaged code to set an initial
- // principal for a newly created thread.
- [System.Security.SecurityCritical] // auto-generated
- private void SetPrincipalInternal(IPrincipal principal)
- {
- GetMutableExecutionContext().LogicalCallContext.SecurityData.Principal = principal;
- }
-#endif // FEATURE_IMPERSONATION
-
-#if FEATURE_REMOTING
-
- // This returns the exposed context for a given context ID.
- [System.Security.SecurityCritical] // auto-generated
- [MethodImplAttribute(MethodImplOptions.InternalCall)]
- internal static extern Context GetContextInternal(IntPtr id);
-
- [System.Security.SecurityCritical] // auto-generated
- [MethodImplAttribute(MethodImplOptions.InternalCall)]
- internal extern Object InternalCrossContextCallback(Context ctx, IntPtr ctxID, Int32 appDomainID, InternalCrossContextDelegate ftnToCall, Object[] args);
-
- [System.Security.SecurityCritical] // auto-generated
- internal Object InternalCrossContextCallback(Context ctx, InternalCrossContextDelegate ftnToCall, Object[] args)
- {
- return InternalCrossContextCallback(ctx, ctx.InternalContextID, 0, ftnToCall, args);
- }
-
- // CompleteCrossContextCallback is called by the EE after transitioning to the requested context
- private static Object CompleteCrossContextCallback(InternalCrossContextDelegate ftnToCall, Object[] args)
- {
- return ftnToCall(args);
- }
-#endif // FEATURE_REMOTING
-
/*======================================================================
** Returns the current domain in which current thread is running.
======================================================================*/
if (ad == null)
ad = GetDomainInternal();
-#if FEATURE_REMOTING
- Contract.Assert(CurrentThread.m_Context == null || CurrentThread.m_Context.AppDomain == ad, "AppDomains on the managed & unmanaged threads should match");
-#endif
return ad;
}
projects / platform / upstream / dotnet / runtime.git / commitdiff