<CDefines Condition="'$(FeatureCominteropTlbSupport)' == 'true'">$(CDefines);FEATURE_COMINTEROP_TLB_SUPPORT</CDefines>
<CDefines Condition="'$(FeatureCominteropUnmanagedActivation)' == 'true'">$(CDefines);FEATURE_COMINTEROP_UNMANAGED_ACTIVATION</CDefines>
<CDefines Condition="'$(FeatureCominteropWinRTManagedActivation)' == 'true'">$(CDefines);FEATURE_COMINTEROP_WINRT_MANAGED_ACTIVATION</CDefines> <!-- Enables code required to activate managed winrt from native-->
- <CDefines Condition="'$(FeatureCompressedstack)' == 'true'">$(CDefines);FEATURE_COMPRESSEDSTACK</CDefines>
<CDefines Condition="'$(FeatureCoreFxGlobalization)' == 'true'">$(CDefines);FEATURE_COREFX_GLOBALIZATION</CDefines>
<CDefines Condition="'$(FeatureCrypto)' == 'true'">$(CDefines);FEATURE_CRYPTO</CDefines>
<CDefines Condition="'$(FeatureDbgipcTransportDI)' == 'true'">$(CDefines);FEATURE_DBGIPC_TRANSPORT_DI</CDefines>
<DefineConstants Condition="'$(FeatureCominteropApartmentSupport)' == 'true'">$(DefineConstants);FEATURE_COMINTEROP_APARTMENT_SUPPORT</DefineConstants>
<DefineConstants Condition="'$(FeatureCominteropUnmanagedActivation)' == 'true'">$(DefineConstants);FEATURE_COMINTEROP_UNMANAGED_ACTIVATION</DefineConstants>
<DefineConstants Condition="'$(FeatureCominteropWinRTManagedActivation)' == 'true'">$(DefineConstants);FEATURE_COMINTEROP_WINRT_MANAGED_ACTIVATION</DefineConstants>
- <DefineConstants Condition="'$(FeatureCompressedstack)' == 'true'">$(DefineConstants);FEATURE_COMPRESSEDSTACK</DefineConstants>
<DefineConstants Condition="'$(FeatureCoreFxGlobalization)' == 'true'">$(DefineConstants);FEATURE_COREFX_GLOBALIZATION</DefineConstants>
<DefineConstants Condition="'$(FeatureCrypto)' == 'true'">$(DefineConstants);FEATURE_CRYPTO</DefineConstants>
<DefineConstants Condition="'$(FeatureDisplayCultureInfo)' == 'true'">$(DefineConstants);FEATURE_DISPLAY_CULTURE_INFO</DefineConstants>
<FeatureCominteropTlbSupport>true</FeatureCominteropTlbSupport>
<FeatureCominteropUnmanagedActivation>true</FeatureCominteropUnmanagedActivation>
<FeatureCominteropWinRTManagedActivation>true</FeatureCominteropWinRTManagedActivation>
- <FeatureCompressedstack>true</FeatureCompressedstack>
<FeatureCrypto>true</FeatureCrypto>
<FeatureDbgPublish>true</FeatureDbgPublish>
<FeatureDbiDebugging>true</FeatureDbiDebugging>
typeOwner = m_method.m_typeOwner;
-#if FEATURE_COMPRESSEDSTACK
- if (m_method.m_creationContext != null)
- {
- flags |= SecurityControlFlags.HasCreationContext;
- if(m_method.m_creationContext.CanSkipEvaluation)
- {
- flags |= SecurityControlFlags.CanSkipCSEvaluation;
- }
- }
-
-#endif // FEATURE_COMPRESSEDSTACK
securityControlFlags = (int)flags;
internal override String GetStringLiteral(int token) { return m_scope.GetString(token); }
-#if FEATURE_COMPRESSEDSTACK
- internal override CompressedStack GetSecurityContext()
- {
- return m_method.m_creationContext;
- }
-#endif // FEATURE_COMPRESSEDSTACK
internal override void ResolveToken(int token, out IntPtr typeHandle, out IntPtr methodHandle, out IntPtr fieldHandle)
{
// We capture the creation context so that we can do the checks against the same context,
// irrespective of when the method gets compiled. Note that the DynamicMethod does not know when
// it is ready for use since there is not API which indictates that IL generation has completed.
-#if FEATURE_COMPRESSEDSTACK
- internal CompressedStack m_creationContext;
-#endif // FEATURE_COMPRESSEDSTACK
private static volatile InternalModuleBuilder s_anonymouslyHostedDynamicMethodsModule;
private static readonly object s_anonymouslyHostedDynamicMethodsModuleLock = new object();
m_restrictedSkipVisibility = true;
}
-#if FEATURE_COMPRESSEDSTACK
- m_creationContext = CompressedStack.Capture();
-#endif // FEATURE_COMPRESSEDSTACK
}
else
{
internal abstract byte[] ResolveSignature(int token, int fromMethod);
//
internal abstract MethodInfo GetDynamicMethod();
-#if FEATURE_COMPRESSEDSTACK
- internal abstract CompressedStack GetSecurityContext();
-#endif
}
}
}
}
-#if FEATURE_COMPRESSEDSTACK
- internal static void CheckSetHelper(CompressedStack cs,
- PermissionSet grants,
- PermissionSet refused,
- PermissionSet demands,
- RuntimeMethodHandleInternal rmh,
- RuntimeAssembly asm,
- SecurityAction action)
- {
- if (cs != null)
- cs.CheckSetDemand(demands, rmh);
- else
- CheckSetHelper(grants, refused, demands, rmh, (Object)asm, action, true);
- }
-#else // FEATURE_COMPRESSEDSTACK
#pragma warning disable 618
internal static void CheckSetHelper(Object notUsed,
PermissionSet grants,
CheckSetHelper(grants, refused, demands, rmh, (Object)asm, action, true);
}
-#endif // FEATURE_COMPRESSEDSTACK
#pragma warning disable 618
internal static bool CheckSetHelper(PermissionSet grants,
}
return true;
}
-#if FEATURE_COMPRESSEDSTACK
- internal static void CheckHelper(CompressedStack cs,
- PermissionSet grantedSet,
- PermissionSet refusedSet,
- CodeAccessPermission demand,
- PermissionToken permToken,
- RuntimeMethodHandleInternal rmh,
- RuntimeAssembly asm,
- SecurityAction action)
- {
- if (cs != null)
- cs.CheckDemand(demand, permToken, rmh);
- else
- CheckHelper(grantedSet, refusedSet, demand, permToken, rmh, (Object)asm, action, true);
- }
-#else // FEATURE_COMPRESSEDSTACK
#pragma warning disable 618
internal static void CheckHelper(Object notUsed,
PermissionSet grantedSet,
Debug.Assert(notUsed == null, "Should not reach here with a non-null first arg which is the CompressedStack");
CheckHelper(grantedSet, refusedSet, demand, permToken, rmh, (Object)asm, action, true);
}
-#endif // FEATURE_COMPRESSEDSTACK
#pragma warning disable 618
internal static bool CheckHelper(PermissionSet grantedSet,
PermissionSet refusedSet,
}
}
-#if FEATURE_COMPRESSEDSTACK
- // Used by the stack compressor to communicate a DynamicResolver to managed code during a stackwalk.
- // The JIT will not actually place these on frames.
- internal class FrameSecurityDescriptorWithResolver : FrameSecurityDescriptor
- {
- private System.Reflection.Emit.DynamicResolver m_resolver;
-
- public System.Reflection.Emit.DynamicResolver Resolver
- {
- get
- {
- return m_resolver;
- }
- }
- }
-#endif // FEATURE_COMPRESSEDSTACK
}
// Scroll down to the end to see them.
private PermissionSetTriple m_firstPermSetTriple;
private ArrayList m_permSetTriples;
-#if FEATURE_COMPRESSEDSTACK
- private ArrayList m_zoneList;
- private ArrayList m_originList;
-#endif // FEATURE_COMPRESSEDSTACK
internal PermissionListSet() {}
private void Terminate(PermissionSetTriple currentTriple, PermissionListSet pls)
{
-#if FEATURE_COMPRESSEDSTACK
- this.UpdateZoneAndOrigin(pls);
-#endif // FEATURE_COMPRESSEDSTACK
this.UpdatePermissions(currentTriple, pls);
this.UpdateTripleListAndCreateNewTriple(currentTriple, null);
}
private bool Update(PermissionSetTriple currentTriple, PermissionListSet pls)
{
-#if FEATURE_COMPRESSEDSTACK
- this.UpdateZoneAndOrigin(pls);
-#endif // FEATURE_COMPRESSEDSTACK
return this.UpdatePermissions(currentTriple, pls);
}
private bool Update(PermissionSetTriple currentTriple, FrameSecurityDescriptor fsd)
{
-#if FEATURE_COMPRESSEDSTACK
- FrameSecurityDescriptorWithResolver fsdWithResolver = fsd as FrameSecurityDescriptorWithResolver;
- if (fsdWithResolver != null)
- {
- return Update2(currentTriple, fsdWithResolver);
- }
-#endif // FEATURE_COMPRESSEDSTACK
// check imperative
bool fHalt = Update2(currentTriple, fsd, false);
return fHalt;
}
-#if FEATURE_COMPRESSEDSTACK
- private bool Update2(PermissionSetTriple currentTriple, FrameSecurityDescriptorWithResolver fsdWithResolver)
- {
- System.Reflection.Emit.DynamicResolver resolver = fsdWithResolver.Resolver;
- CompressedStack dynamicCompressedStack = resolver.GetSecurityContext();
- dynamicCompressedStack.CompleteConstruction(null);
- return this.Update(currentTriple, dynamicCompressedStack.PLS);
- }
-#endif // FEATURE_COMPRESSEDSTACK
private bool Update2(PermissionSetTriple currentTriple, FrameSecurityDescriptor fsd, bool fDeclarative)
{
}
private void Update(PermissionSetTriple currentTriple, PermissionSet in_g, PermissionSet in_r)
{
-#if FEATURE_COMPRESSEDSTACK
- ZoneIdentityPermission z;
- UrlIdentityPermission u;
- currentTriple.UpdateGrant(in_g, out z, out u);
- currentTriple.UpdateRefused(in_r);
- AppendZoneOrigin(z, u);
-#else // !FEATURE_COMPRESEDSTACK
currentTriple.UpdateGrant(in_g);
currentTriple.UpdateRefused(in_r);
-#endif // FEATURE_COMPRESSEDSTACK
}
// Called from the VM for HG CS construction
Update(m_firstPermSetTriple, in_g, null);
}
-#if FEATURE_COMPRESSEDSTACK
- private void UpdateZoneAndOrigin(PermissionListSet pls)
- {
- if (pls != null)
- {
- if (this.m_zoneList == null && pls.m_zoneList != null && pls.m_zoneList.Count > 0)
- this.m_zoneList = new ArrayList();
- UpdateArrayList(this.m_zoneList, pls.m_zoneList);
- if (this.m_originList == null && pls.m_originList != null && pls.m_originList.Count > 0)
- this.m_originList = new ArrayList();
- UpdateArrayList(this.m_originList, pls.m_originList);
- }
- }
-#endif // FEATURE_COMPRESSEDSTACK
private bool UpdatePermissions(PermissionSetTriple currentTriple, PermissionListSet pls)
{
}
-#if FEATURE_COMPRESSEDSTACK
- private void AppendZoneOrigin(ZoneIdentityPermission z, UrlIdentityPermission u)
- {
-
- if (z != null)
- {
- if (m_zoneList == null)
- m_zoneList = new ArrayList();
- z.AppendZones(m_zoneList);
- }
-
- if (u != null)
- {
- if (m_originList == null)
- m_originList = new ArrayList();
- u.AppendOrigin(m_originList);
- }
- }
-
-[System.Runtime.InteropServices.ComVisible(true)]
- // public(internal) interface begins...
- // Creation functions
- static internal PermissionListSet CreateCompressedState(CompressedStack cs, CompressedStack innerCS)
- {
- // function that completes the construction of the compressed stack if not done so already (bottom half for demand evaluation)
-
- bool bHaltConstruction = false;
- if (cs.CompressedStackHandle == null)
- return null; // FT case or Security off
-
- PermissionListSet pls = new PermissionListSet();
- PermissionSetTriple currentTriple = new PermissionSetTriple();
- int numDomains = CompressedStack.GetDCSCount(cs.CompressedStackHandle);
- for (int i=numDomains-1; (i >= 0 && !bHaltConstruction) ; i--)
- {
- DomainCompressedStack dcs = CompressedStack.GetDomainCompressedStack(cs.CompressedStackHandle, i);
- if (dcs == null)
- continue; // we hit a FT Domain
- if (dcs.PLS == null)
- {
- // We failed on some DCS
- throw new SecurityException(String.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic")));
- }
- pls.UpdateZoneAndOrigin(dcs.PLS);
- pls.Update(currentTriple, dcs.PLS);
- bHaltConstruction = dcs.ConstructionHalted;
- }
- if (!bHaltConstruction)
- {
- PermissionListSet tmp_pls = null;
- // Construction did not halt.
- if (innerCS != null)
- {
- innerCS.CompleteConstruction(null);
- tmp_pls = innerCS.PLS;
- }
- pls.Terminate(currentTriple, tmp_pls);
- }
- else
- {
- pls.Terminate(currentTriple);
- }
-
- return pls;
- }
-
- static internal PermissionListSet CreateCompressedState(IntPtr unmanagedDCS, out bool bHaltConstruction)
- {
- PermissionListSet pls = new PermissionListSet();
- PermissionSetTriple currentTriple = new PermissionSetTriple();
-
- PermissionSet tmp_g, tmp_r;
- // Construct the descriptor list
- int descCount = DomainCompressedStack.GetDescCount(unmanagedDCS);
- bHaltConstruction = false;
- for(int i=0; (i < descCount && !bHaltConstruction); i++)
- {
- FrameSecurityDescriptor fsd;
- Assembly assembly;
- if (DomainCompressedStack.GetDescriptorInfo(unmanagedDCS, i, out tmp_g, out tmp_r, out assembly, out fsd))
- {
- // Got an FSD
- bHaltConstruction = pls.Update(currentTriple, fsd);
- }
- else
- {
- pls.Update(currentTriple, tmp_g, tmp_r);
- }
-
- }
- if (!bHaltConstruction)
- {
- // domain
- if (!DomainCompressedStack.IgnoreDomain(unmanagedDCS))
- {
- DomainCompressedStack.GetDomainPermissionSets(unmanagedDCS, out tmp_g, out tmp_r);
- pls.Update(currentTriple, tmp_g, tmp_r);
- }
- }
- pls.Terminate(currentTriple);
-
-
- // return the created object
- return pls;
-
- }
- static internal PermissionListSet CreateCompressedState_HG()
- {
- PermissionListSet pls = new PermissionListSet();
- CompressedStack.GetHomogeneousPLS(pls);
- return pls;
- }
-#endif // #if FEATURE_COMPRESSEDSTACK
// Private Demand evaluation functions - only called from the VM
internal bool CheckDemandNoThrow(CodeAccessPermission demand)
{
CheckSetDemand(grantSet, RuntimeMethodHandleInternal.EmptyHandle);
}
-#if FEATURE_COMPRESSEDSTACK
- internal void GetZoneAndOrigin(ArrayList zoneList, ArrayList originList, PermissionToken zoneToken, PermissionToken originToken)
- {
- if (m_zoneList != null)
- zoneList.AddRange(m_zoneList);
- if (m_originList != null)
- originList.AddRange(m_originList);
- }
-#endif
}
}
All = 0x3FFF
}
-#if FEATURE_COMPRESSEDSTACK
- internal struct SecurityContextSwitcher: IDisposable
- {
- internal SecurityContext.Reader prevSC; // prev SC that we restore on an Undo
- internal SecurityContext currSC; //current SC - SetSecurityContext that created the switcher set this on the Thread
- internal ExecutionContext currEC; // current ExecutionContext on Thread
- internal CompressedStackSwitcher cssw;
-
- public void Dispose()
- {
- Undo();
- }
-
- [ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)]
- [HandleProcessCorruptedStateExceptions]
- internal bool UndoNoThrow()
- {
- try
- {
- Undo();
- }
- catch
- {
- return false;
- }
- return true;
- }
-
- [ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)]
- [HandleProcessCorruptedStateExceptions]
- public void Undo()
- {
- if (currSC == null)
- {
- return; // mutiple Undo()s called on this switcher object
- }
-
- if (currEC != null)
- {
- Debug.Assert(currEC == Thread.CurrentThread.GetMutableExecutionContext(), "SecurityContextSwitcher used from another thread");
- Debug.Assert(currSC == currEC.SecurityContext, "SecurityContextSwitcher context mismatch");
-
- // restore the saved security context
- currEC.SecurityContext = prevSC.DangerousGetRawSecurityContext();
- }
- else
- {
- // caller must have already restored the ExecutionContext
- Debug.Assert(Thread.CurrentThread.GetExecutionContextReader().SecurityContext.IsSame(prevSC));
- }
-
- currSC = null; // this will prevent the switcher object being used again
-
- bool bNoException = true;
-
- bNoException &= cssw.UndoNoThrow();
-
-
- if (!bNoException)
- {
- // Failfast since we can't continue safely...
- System.Environment.FailFast(Environment.GetResourceString("ExecutionContext_UndoFailed"));
- }
-
- }
- }
-
- public sealed class SecurityContext : IDisposable
- {
- /*=========================================================================
- ** Data accessed from managed code that needs to be defined in
- ** SecurityContextObject to maintain alignment between the two classes.
- ** DON'T CHANGE THESE UNLESS YOU MODIFY SecurityContextObject in vm\object.h
- =========================================================================*/
-
- private ExecutionContext _executionContext;
- private volatile CompressedStack _compressedStack;
- static private volatile SecurityContext _fullTrustSC;
-
- internal volatile bool isNewCapture = false;
- internal volatile SecurityContextDisableFlow _disableFlow = SecurityContextDisableFlow.Nothing;
-
- [ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)]
- internal SecurityContext()
- {
- }
-
- internal struct Reader
- {
- SecurityContext m_sc;
-
- public Reader(SecurityContext sc) { m_sc = sc; }
-
- public SecurityContext DangerousGetRawSecurityContext() { return m_sc; }
-
- public bool IsNull { get { return m_sc == null; } }
- public bool IsSame(SecurityContext sc) { return m_sc == sc; }
- public bool IsSame(SecurityContext.Reader sc) { return m_sc == sc.m_sc; }
-
- [MethodImpl(MethodImplOptions.AggressiveInlining)]
- public bool IsFlowSuppressed(SecurityContextDisableFlow flags)
- {
- return (m_sc == null) ? false : ((m_sc._disableFlow & flags) == flags);
- }
-
- public CompressedStack CompressedStack { get { return IsNull ? null : m_sc.CompressedStack; } }
-
- public WindowsIdentity WindowsIdentity
- {
- [MethodImpl(MethodImplOptions.AggressiveInlining)]
- get { return IsNull ? null : m_sc.WindowsIdentity; }
- }
- }
-
-
- static internal SecurityContext FullTrustSecurityContext
- {
- get
- {
- if (_fullTrustSC == null)
- _fullTrustSC = CreateFullTrustSecurityContext();
- return _fullTrustSC;
- }
- }
-
- // link the security context to an ExecutionContext
- internal ExecutionContext ExecutionContext
- {
- [ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)]
- set
- {
- _executionContext = value;
- }
- }
-
- internal CompressedStack CompressedStack
- {
- get
- {
- return _compressedStack;
- }
- [ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)]
- set
- {
- _compressedStack = value;
- }
- }
-
- public void Dispose()
- {
- }
-
- public static AsyncFlowControl SuppressFlow()
- {
- return SuppressFlow(SecurityContextDisableFlow.All);
- }
-
- public static AsyncFlowControl SuppressFlowWindowsIdentity()
- {
- return SuppressFlow(SecurityContextDisableFlow.WI);
- }
-
- internal static AsyncFlowControl SuppressFlow(SecurityContextDisableFlow flags)
- {
- if (IsFlowSuppressed(flags))
- {
- throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_CannotSupressFlowMultipleTimes"));
- }
-
- ExecutionContext ec = Thread.CurrentThread.GetMutableExecutionContext();
- if (ec.SecurityContext == null)
- ec.SecurityContext = new SecurityContext();
- AsyncFlowControl afc = new AsyncFlowControl();
- afc.Setup(flags);
- return afc;
- }
-
- public static void RestoreFlow()
- {
- SecurityContext sc = Thread.CurrentThread.GetMutableExecutionContext().SecurityContext;
- if (sc == null || sc._disableFlow == SecurityContextDisableFlow.Nothing)
- {
- throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_CannotRestoreUnsupressedFlow"));
- }
- sc._disableFlow = SecurityContextDisableFlow.Nothing;
- }
-
- public static bool IsFlowSuppressed()
- {
- return SecurityContext.IsFlowSuppressed(SecurityContextDisableFlow.All);
- }
-
- internal static bool IsFlowSuppressed(SecurityContextDisableFlow flags)
- {
- return Thread.CurrentThread.GetExecutionContextReader().SecurityContext.IsFlowSuppressed(flags);
- }
-
- // This method is special from a security perspective - the VM will not allow a stack walk to
- // continue past the call to SecurityContext.Run. If you change the signature to this method, or
- // provide an alternate way to do a SecurityContext.Run make sure to update
- // SecurityStackWalk::IsSpecialRunFrame in the VM to search for the new method.
- [DynamicSecurityMethodAttribute()]
- [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable
- public static void Run(SecurityContext securityContext, ContextCallback callback, Object state)
- {
- if (securityContext == null )
- {
- throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_NullContext"));
- }
- Contract.EndContractBlock();
-
- StackCrawlMark stackMark = StackCrawlMark.LookForMe;
-
- if (!securityContext.isNewCapture)
- {
- throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_NotNewCaptureContext"));
- }
-
- securityContext.isNewCapture = false;
-
- ExecutionContext.Reader ec = Thread.CurrentThread.GetExecutionContextReader();
-
- // Optimization: do the callback directly if both the current and target contexts are equal to the
- // default full-trust security context
- if ( SecurityContext.CurrentlyInDefaultFTSecurityContext(ec)
- && securityContext.IsDefaultFTSecurityContext())
- {
- callback(state);
-
- if (GetCurrentWI(Thread.CurrentThread.GetExecutionContextReader()) != null)
- {
- // If we enter here it means the callback did an impersonation
- // that we need to revert.
- // We don't need to revert any other security state since it is stack-based
- // and automatically goes away when the callback returns.
- WindowsIdentity.SafeRevertToSelf(ref stackMark);
- // Ensure we have reverted to the state we entered in.
- Debug.Assert(GetCurrentWI(Thread.CurrentThread.GetExecutionContextReader()) == null);
- }
- }
- else
- {
- RunInternal(securityContext, callback, state);
- }
-
- }
- internal static void RunInternal(SecurityContext securityContext, ContextCallback callBack, Object state)
- {
- if (cleanupCode == null)
- {
- tryCode = new RuntimeHelpers.TryCode(runTryCode);
- cleanupCode = new RuntimeHelpers.CleanupCode(runFinallyCode);
- }
- SecurityContextRunData runData = new SecurityContextRunData(securityContext, callBack, state);
- RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(tryCode, cleanupCode, runData);
-
- }
-
- internal class SecurityContextRunData
- {
- internal SecurityContext sc;
- internal ContextCallback callBack;
- internal Object state;
- internal SecurityContextSwitcher scsw;
- internal SecurityContextRunData(SecurityContext securityContext, ContextCallback cb, Object state)
- {
- this.sc = securityContext;
- this.callBack = cb;
- this.state = state;
- this.scsw = new SecurityContextSwitcher();
- }
- }
-
- static internal void runTryCode(Object userData)
- {
- SecurityContextRunData rData = (SecurityContextRunData) userData;
- rData.scsw = SetSecurityContext(rData.sc, Thread.CurrentThread.GetExecutionContextReader().SecurityContext, modifyCurrentExecutionContext: true);
- rData.callBack(rData.state);
-
- }
-
- [PrePrepareMethod]
- static internal void runFinallyCode(Object userData, bool exceptionThrown)
- {
- SecurityContextRunData rData = (SecurityContextRunData) userData;
- rData.scsw.Undo();
- }
-
- static volatile internal RuntimeHelpers.TryCode tryCode;
- static volatile internal RuntimeHelpers.CleanupCode cleanupCode;
-
-
-
- // Internal API that gets called from public SetSecurityContext and from SetExecutionContext
- [ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)]
- [DynamicSecurityMethodAttribute()]
- [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable
- internal static SecurityContextSwitcher SetSecurityContext(SecurityContext sc, SecurityContext.Reader prevSecurityContext, bool modifyCurrentExecutionContext)
- {
- StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller;
- return SetSecurityContext(sc, prevSecurityContext, modifyCurrentExecutionContext, ref stackMark);
- }
-
- [HandleProcessCorruptedStateExceptions]
- internal static SecurityContextSwitcher SetSecurityContext(SecurityContext sc, SecurityContext.Reader prevSecurityContext, bool modifyCurrentExecutionContext, ref StackCrawlMark stackMark)
- {
- // Save the flow state at capture and reset it in the SC.
- SecurityContextDisableFlow _capturedFlowState = sc._disableFlow;
- sc._disableFlow = SecurityContextDisableFlow.Nothing;
-
- //Set up the switcher object
- SecurityContextSwitcher scsw = new SecurityContextSwitcher();
- scsw.currSC = sc;
- scsw.prevSC = prevSecurityContext;
-
- if (modifyCurrentExecutionContext)
- {
- // save the current Execution Context
- ExecutionContext currEC = Thread.CurrentThread.GetMutableExecutionContext();
- scsw.currEC = currEC;
- currEC.SecurityContext = sc;
- }
-
- if (sc != null)
- {
- RuntimeHelpers.PrepareConstrainedRegions();
- try
- {
- scsw.cssw = CompressedStack.SetCompressedStack(sc.CompressedStack, prevSecurityContext.CompressedStack);
- }
- catch
- {
- scsw.UndoNoThrow();
- throw;
- }
- }
- return scsw;
- }
-
- /// <internalonly/>
- public SecurityContext CreateCopy()
- {
- if (!isNewCapture)
- {
- throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_NotNewCaptureContext"));
- }
-
- SecurityContext sc = new SecurityContext();
- sc.isNewCapture = true;
- sc._disableFlow = _disableFlow;
-
- if (_compressedStack != null)
- sc._compressedStack = _compressedStack.CreateCopy();
-
- return sc;
- }
-
- /// <internalonly/>
- internal SecurityContext CreateMutableCopy()
- {
- Debug.Assert(!this.isNewCapture);
-
- SecurityContext sc = new SecurityContext();
- sc._disableFlow = this._disableFlow;
-
- if (this._compressedStack != null)
- sc._compressedStack = this._compressedStack.CreateCopy();
-
- return sc;
- }
-
- [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable
- public static SecurityContext Capture( )
- {
- // check to see if Flow is suppressed
- if (IsFlowSuppressed())
- return null;
-
- StackCrawlMark stackMark= StackCrawlMark.LookForMyCaller;
- SecurityContext sc = SecurityContext.Capture(Thread.CurrentThread.GetExecutionContextReader(), ref stackMark);
- if (sc == null)
- sc = CreateFullTrustSecurityContext();
- return sc;
- }
-
- // create a clone from a non-existing SecurityContext
- [MethodImpl(MethodImplOptions.AggressiveInlining)]
- static internal SecurityContext Capture(ExecutionContext.Reader currThreadEC, ref StackCrawlMark stackMark)
- {
- // check to see if Flow is suppressed
- if (currThreadEC.SecurityContext.IsFlowSuppressed(SecurityContextDisableFlow.All))
- return null;
-
- // If we're in FT right now, return null
- if (CurrentlyInDefaultFTSecurityContext(currThreadEC))
- return null;
-
- return CaptureCore(currThreadEC, ref stackMark);
- }
-
- static private SecurityContext CaptureCore(ExecutionContext.Reader currThreadEC, ref StackCrawlMark stackMark)
- {
- SecurityContext sc = new SecurityContext();
- sc.isNewCapture = true;
-
- // Force create CompressedStack
- sc.CompressedStack = CompressedStack.GetCompressedStack(ref stackMark);
- return sc;
- }
-
- static internal SecurityContext CreateFullTrustSecurityContext()
- {
- SecurityContext sc = new SecurityContext();
- sc.isNewCapture = true;
-
- // Force create CompressedStack
- sc.CompressedStack = new CompressedStack(null);
- return sc;
- }
-
- internal bool IsDefaultFTSecurityContext()
- {
- return (CompressedStack == null || CompressedStack.CompressedStackHandle == null);
- }
- static internal bool CurrentlyInDefaultFTSecurityContext(ExecutionContext threadEC)
- {
- return (IsDefaultThreadSecurityInfo());
- }
-
- [MethodImplAttribute(MethodImplOptions.InternalCall), ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)]
- internal extern static bool IsDefaultThreadSecurityInfo();
- }
-#endif // FEATURE_COMPRESSEDSTACK
}
return secDesc.CheckDemand((CodeAccessPermission) demandIn, permToken, rmh);
}
-#if FEATURE_COMPRESSEDSTACK
- private static bool CheckDynamicMethodSetHelper(System.Reflection.Emit.DynamicResolver dynamicResolver,
- PermissionSet demandSet,
- out PermissionSet alteredDemandSet,
- RuntimeMethodHandleInternal rmh)
- {
- System.Threading.CompressedStack creationStack = dynamicResolver.GetSecurityContext();
- bool result;
- try
- {
- result = creationStack.CheckSetDemandWithModificationNoHalt(demandSet, out alteredDemandSet, rmh);
- }
- catch (SecurityException ex)
- {
- throw new SecurityException(Environment.GetResourceString("Security_AnonymouslyHostedDynamicMethodCheckFailed"), ex);
- }
-
- return result;
- }
-
- private static bool CheckDynamicMethodHelper(System.Reflection.Emit.DynamicResolver dynamicResolver,
- IPermission demandIn,
- PermissionToken permToken,
- RuntimeMethodHandleInternal rmh)
- {
- System.Threading.CompressedStack creationStack = dynamicResolver.GetSecurityContext();
- bool result;
- try
- {
- result = creationStack.CheckDemandNoHalt((CodeAccessPermission)demandIn, permToken, rmh);
- }
- catch (SecurityException ex)
- {
- throw new SecurityException(Environment.GetResourceString("Security_AnonymouslyHostedDynamicMethodCheckFailed"), ex);
- }
- return result;
- }
-#endif // FEATURE_COMPRESSEDSTACK
//
// API for PermissionSets
[MethodImplAttribute(MethodImplOptions.InternalCall)]
private extern void StartInternal(IPrincipal principal, ref StackCrawlMark stackMark);
-#if FEATURE_COMPRESSEDSTACK
- /// <internalonly/>
- [DynamicSecurityMethodAttribute()]
- [Obsolete("Thread.SetCompressedStack is no longer supported. Please use the System.Threading.CompressedStack class")]
- public void SetCompressedStack( CompressedStack stack )
- {
- throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_ThreadAPIsNotSupported"));
- }
-
- [MethodImplAttribute(MethodImplOptions.InternalCall), ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)]
- internal extern IntPtr SetAppDomainStack( SafeCompressedStackHandle csHandle);
-
- [MethodImplAttribute(MethodImplOptions.InternalCall), ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)]
- internal extern void RestoreAppDomainStack( IntPtr appDomainStack);
-
-
- /// <internalonly/>
- [Obsolete("Thread.GetCompressedStack is no longer supported. Please use the System.Threading.CompressedStack class")]
- public CompressedStack GetCompressedStack()
- {
- throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_ThreadAPIsNotSupported"));
- }
-#endif // #if FEATURE_COMPRESSEDSTACK
// Helper method to get a logical thread ID for StringBuilder (for