* Split System\Security\Attributes.cs into properly named files.
* Formatting cleanup
"sealed public" => "public sealed"
"System.Attribute" => "Attribute"
Use autoprops when possible.
Be explicit about nullary constructors
(since 90% of them already were.)
* Remove blank line.
<Compile Include="$(BclSourcesRoot)\System\IO\UnmanagedMemoryStreamWrapper.cs" />
</ItemGroup>
<ItemGroup>
- <Compile Include="$(BclSourcesRoot)\System\Security\Attributes.cs" />
+ <Compile Include="$(BclSourcesRoot)\System\Security\DynamicSecurityMethodAttribute.cs" />
<Compile Include="$(BclSourcesRoot)\System\Security\SecurityException.cs" />
<Compile Include="$(BclSourcesRoot)\System\Security\SecurityState.cs" />
<Compile Include="$(BclSourcesRoot)\System\Security\VerificationException.cs" />
<Compile Include="$(MSBuildThisFileDirectory)System\Runtime\CompilerServices\ITuple.cs"/>
<Compile Include="$(MSBuildThisFileDirectory)System\Runtime\CompilerServices\TupleElementNamesAttribute.cs"/>
<Compile Include="$(MSBuildThisFileDirectory)System\Runtime\InteropServices\StringBuffer.cs"/>
+ <Compile Include="$(MSBuildThisFileDirectory)System\Security\AllowPartiallyTrustedCallersAttribute.cs"/>
<Compile Include="$(MSBuildThisFileDirectory)System\Security\CryptographicException.cs"/>
+ <Compile Include="$(MSBuildThisFileDirectory)System\Security\PartialTrustVisibilityLevel.cs"/>
+ <Compile Include="$(MSBuildThisFileDirectory)System\Security\SecurityCriticalAttribute.cs"/>
+ <Compile Include="$(MSBuildThisFileDirectory)System\Security\SecurityCriticalScope.cs"/>
+ <Compile Include="$(MSBuildThisFileDirectory)System\Security\SecurityRulesAttribute.cs"/>
+ <Compile Include="$(MSBuildThisFileDirectory)System\Security\SecurityRuleSet.cs"/>
+ <Compile Include="$(MSBuildThisFileDirectory)System\Security\SecuritySafeCriticalAttribute.cs"/>
+ <Compile Include="$(MSBuildThisFileDirectory)System\Security\SecurityTransparentAttribute.cs"/>
+ <Compile Include="$(MSBuildThisFileDirectory)System\Security\SecurityTreatAsSafeAttribute.cs"/>
+ <Compile Include="$(MSBuildThisFileDirectory)System\Security\SuppressUnmanagedCodeSecurityAttribute.cs"/>
+ <Compile Include="$(MSBuildThisFileDirectory)System\Security\UnverifiableCodeAttribute.cs"/>
<Compile Include="$(MSBuildThisFileDirectory)System\StackOverflowException.cs"/>
<Compile Include="$(MSBuildThisFileDirectory)System\StringSplitOptions.cs"/>
<Compile Include="$(MSBuildThisFileDirectory)System\SystemException.cs"/>
--- /dev/null
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+// See the LICENSE file in the project root for more information.
+
+namespace System.Security
+{
+ // AllowPartiallyTrustedCallersAttribute:
+ // Indicates that the Assembly is secure and can be used by untrusted
+ // and semitrusted clients
+ // For v.1, this is valid only on Assemblies, but could be expanded to
+ // include Module, Method, class
+ [AttributeUsage(AttributeTargets.Assembly, AllowMultiple = false, Inherited = false)]
+ public sealed class AllowPartiallyTrustedCallersAttribute : Attribute
+ {
+ public AllowPartiallyTrustedCallersAttribute() { }
+ public PartialTrustVisibilityLevel PartialTrustVisibilityLevel { get; set; }
+ }
+}
+
--- /dev/null
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+// See the LICENSE file in the project root for more information.
+
+namespace System.Security
+{
+ public enum PartialTrustVisibilityLevel
+ {
+ VisibleToAllHosts = 0,
+ NotVisibleByDefault = 1
+ }
+}
+
--- /dev/null
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+// See the LICENSE file in the project root for more information.
+
+namespace System.Security
+{
+ // SecurityCriticalAttribute
+ // Indicates that the decorated code or assembly performs security critical operations (e.g. Assert, "unsafe", LinkDemand, etc.)
+ // The attribute can be placed on most targets, except on arguments/return values.
+ [AttributeUsage(AttributeTargets.Assembly |
+ AttributeTargets.Class |
+ AttributeTargets.Struct |
+ AttributeTargets.Enum |
+ AttributeTargets.Constructor |
+ AttributeTargets.Method |
+ AttributeTargets.Field |
+ AttributeTargets.Interface |
+ AttributeTargets.Delegate,
+ AllowMultiple = false,
+ Inherited = false)]
+ public sealed class SecurityCriticalAttribute : Attribute
+ {
+#pragma warning disable 618 // We still use SecurityCriticalScope for v2 compat
+ public SecurityCriticalAttribute() { }
+
+ public SecurityCriticalAttribute(SecurityCriticalScope scope)
+ {
+ Scope = scope;
+ }
+
+ [Obsolete("SecurityCriticalScope is only used for .NET 2.0 transparency compatibility.")]
+ public SecurityCriticalScope Scope { get; }
+#pragma warning restore 618
+ }
+}
+
--- /dev/null
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+// See the LICENSE file in the project root for more information.
+
+namespace System.Security
+{
+ [Obsolete("SecurityCriticalScope is only used for .NET 2.0 transparency compatibility.")]
+ public enum SecurityCriticalScope
+ {
+ Explicit = 0,
+ Everything = 0x1
+ }
+}
+
--- /dev/null
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+// See the LICENSE file in the project root for more information.
+
+namespace System.Security
+{
+ public enum SecurityRuleSet : byte
+ {
+ None = 0,
+ Level1 = 1, // v2.0 transparency model
+ Level2 = 2, // v4.0 transparency model
+ }
+}
+
--- /dev/null
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+// See the LICENSE file in the project root for more information.
+
+namespace System.Security
+{
+ // SecurityRulesAttribute
+ //
+ // Indicates which set of security rules an assembly was authored against, and therefore which set of
+ // rules the runtime should enforce on the assembly. For instance, an assembly marked with
+ // [SecurityRules(SecurityRuleSet.Level1)] will follow the v2.0 transparency rules, where transparent code
+ // can call a LinkDemand by converting it to a full demand, public critical methods are implicitly
+ // treat as safe, and the remainder of the v2.0 rules apply.
+ [AttributeUsage(AttributeTargets.Assembly, AllowMultiple = false)]
+ public sealed class SecurityRulesAttribute : Attribute
+ {
+ public SecurityRulesAttribute(SecurityRuleSet ruleSet)
+ {
+ RuleSet = ruleSet;
+ }
+
+ // Should fully trusted transparent code skip IL verification
+ public bool SkipVerificationInFullTrust { get; set; }
+
+ public SecurityRuleSet RuleSet { get; }
+ }
+}
+
--- /dev/null
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+// See the LICENSE file in the project root for more information.
+
+namespace System.Security
+{
+ // SecuritySafeCriticalAttribute:
+ // Indicates that the code may contain violations to the security critical rules (e.g. transitions from
+ // critical to non-public transparent, transparent to non-public critical, etc.), has been audited for
+ // security concerns and is considered security clean. Also indicates that the code is considered SecurityCritical.
+ // The effect of this attribute is as if the code was marked [SecurityCritical][SecurityTreatAsSafe].
+ // At assembly-scope, all rule checks will be suppressed within the assembly and for calls made against the assembly.
+ // At type-scope, all rule checks will be suppressed for members within the type and for calls made against the type.
+ // At member level (e.g. field and method) the code will be treated as public - i.e. no rule checks for the members.
+
+ [AttributeUsage(AttributeTargets.Class |
+ AttributeTargets.Struct |
+ AttributeTargets.Enum |
+ AttributeTargets.Constructor |
+ AttributeTargets.Method |
+ AttributeTargets.Field |
+ AttributeTargets.Interface |
+ AttributeTargets.Delegate,
+ AllowMultiple = false,
+ Inherited = false)]
+ public sealed class SecuritySafeCriticalAttribute : Attribute
+ {
+ public SecuritySafeCriticalAttribute() { }
+ }
+}
--- /dev/null
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+// See the LICENSE file in the project root for more information.
+
+namespace System.Security
+{
+ // SecurityTransparentAttribute:
+ // Indicates the assembly contains only transparent code.
+ // Security critical actions will be restricted or converted into less critical actions. For example,
+ // Assert will be restricted, SuppressUnmanagedCode, LinkDemand, unsafe, and unverifiable code will be converted
+ // into Full-Demands.
+
+ [AttributeUsage(AttributeTargets.Assembly, AllowMultiple = false, Inherited = false)]
+ public sealed class SecurityTransparentAttribute : Attribute
+ {
+ public SecurityTransparentAttribute() { }
+ }
+}
+
--- /dev/null
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+// See the LICENSE file in the project root for more information.
+
+namespace System.Security
+{
+ // SecurityTreatAsSafeAttribute:
+ // Indicates that the code may contain violations to the security critical rules (e.g. transitions from
+ // critical to non-public transparent, transparent to non-public critical, etc.), has been audited for
+ // security concerns and is considered security clean.
+ // At assembly-scope, all rule checks will be suppressed within the assembly and for calls made against the assembly.
+ // At type-scope, all rule checks will be suppressed for members within the type and for calls made against the type.
+ // At member level (e.g. field and method) the code will be treated as public - i.e. no rule checks for the members.
+
+ [AttributeUsage(AttributeTargets.Assembly |
+ AttributeTargets.Class |
+ AttributeTargets.Struct |
+ AttributeTargets.Enum |
+ AttributeTargets.Constructor |
+ AttributeTargets.Method |
+ AttributeTargets.Field |
+ AttributeTargets.Interface |
+ AttributeTargets.Delegate,
+ AllowMultiple = false,
+ Inherited = false)]
+ [Obsolete("SecurityTreatAsSafe is only used for .NET 2.0 transparency compatibility. Please use the SecuritySafeCriticalAttribute instead.")]
+ public sealed class SecurityTreatAsSafeAttribute : Attribute
+ {
+ public SecurityTreatAsSafeAttribute() { }
+ }
+}
+
--- /dev/null
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+// See the LICENSE file in the project root for more information.
+
+namespace System.Security
+{
+ // SuppressUnmanagedCodeSecurityAttribute:
+ // Indicates that the target P/Invoke method(s) should skip the per-call
+ // security checked for unmanaged code permission.
+ [AttributeUsage(AttributeTargets.Method | AttributeTargets.Class | AttributeTargets.Interface | AttributeTargets.Delegate, AllowMultiple = true, Inherited = false)]
+ public sealed class SuppressUnmanagedCodeSecurityAttribute : Attribute
+ {
+ public SuppressUnmanagedCodeSecurityAttribute() { }
+ }
+}
+
--- /dev/null
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+// See the LICENSE file in the project root for more information.
+
+namespace System.Security
+{
+ // UnverifiableCodeAttribute:
+ // Indicates that the target module contains unverifiable code.
+ [AttributeUsage(AttributeTargets.Module, AllowMultiple = true, Inherited = false)]
+ public sealed class UnverifiableCodeAttribute : Attribute
+ {
+ public UnverifiableCodeAttribute() { }
+ }
+}
+
+++ /dev/null
-// Licensed to the .NET Foundation under one or more agreements.
-// The .NET Foundation licenses this file to you under the MIT license.
-// See the LICENSE file in the project root for more information.
-
-using System.Runtime.InteropServices;
-
-namespace System.Security
-{
- // DynamicSecurityMethodAttribute:
- // All methods that use StackCrawlMark should be marked with this attribute. This attribute
- // disables inlining of the calling method to allow stackwalking to find the exact caller.
- //
- // This attribute used to indicate that the target method requires space for a security object
- // to be allocated on the callers stack. It is not used for this purpose anymore because of security
- // stackwalks are not ever done in CoreCLR.
- [AttributeUsage(AttributeTargets.Method | AttributeTargets.Constructor, AllowMultiple = true, Inherited = false)]
- sealed internal class DynamicSecurityMethodAttribute : System.Attribute
- {
- }
-
- // SuppressUnmanagedCodeSecurityAttribute:
- // Indicates that the target P/Invoke method(s) should skip the per-call
- // security checked for unmanaged code permission.
- [AttributeUsage(AttributeTargets.Method | AttributeTargets.Class | AttributeTargets.Interface | AttributeTargets.Delegate, AllowMultiple = true, Inherited = false)]
- sealed public class SuppressUnmanagedCodeSecurityAttribute : System.Attribute
- {
- }
-
- // UnverifiableCodeAttribute:
- // Indicates that the target module contains unverifiable code.
- [AttributeUsage(AttributeTargets.Module, AllowMultiple = true, Inherited = false)]
- sealed public class UnverifiableCodeAttribute : System.Attribute
- {
- }
-
- // AllowPartiallyTrustedCallersAttribute:
- // Indicates that the Assembly is secure and can be used by untrusted
- // and semitrusted clients
- // For v.1, this is valid only on Assemblies, but could be expanded to
- // include Module, Method, class
- [AttributeUsage(AttributeTargets.Assembly, AllowMultiple = false, Inherited = false)]
- sealed public class AllowPartiallyTrustedCallersAttribute : System.Attribute
- {
- private PartialTrustVisibilityLevel _visibilityLevel;
- public AllowPartiallyTrustedCallersAttribute() { }
-
- public PartialTrustVisibilityLevel PartialTrustVisibilityLevel
- {
- get { return _visibilityLevel; }
- set { _visibilityLevel = value; }
- }
- }
-
- public enum PartialTrustVisibilityLevel
- {
- VisibleToAllHosts = 0,
- NotVisibleByDefault = 1
- }
-
- [Obsolete("SecurityCriticalScope is only used for .NET 2.0 transparency compatibility.")]
- public enum SecurityCriticalScope
- {
- Explicit = 0,
- Everything = 0x1
- }
-
- // SecurityCriticalAttribute
- // Indicates that the decorated code or assembly performs security critical operations (e.g. Assert, "unsafe", LinkDemand, etc.)
- // The attribute can be placed on most targets, except on arguments/return values.
- [AttributeUsage(AttributeTargets.Assembly |
- AttributeTargets.Class |
- AttributeTargets.Struct |
- AttributeTargets.Enum |
- AttributeTargets.Constructor |
- AttributeTargets.Method |
- AttributeTargets.Field |
- AttributeTargets.Interface |
- AttributeTargets.Delegate,
- AllowMultiple = false,
- Inherited = false)]
- sealed public class SecurityCriticalAttribute : System.Attribute
- {
-#pragma warning disable 618 // We still use SecurityCriticalScope for v2 compat
-
- private SecurityCriticalScope _val;
-
- public SecurityCriticalAttribute() { }
-
- public SecurityCriticalAttribute(SecurityCriticalScope scope)
- {
- _val = scope;
- }
-
- [Obsolete("SecurityCriticalScope is only used for .NET 2.0 transparency compatibility.")]
- public SecurityCriticalScope Scope
- {
- get
- {
- return _val;
- }
- }
-
-#pragma warning restore 618
- }
-
- // SecurityTreatAsSafeAttribute:
- // Indicates that the code may contain violations to the security critical rules (e.g. transitions from
- // critical to non-public transparent, transparent to non-public critical, etc.), has been audited for
- // security concerns and is considered security clean.
- // At assembly-scope, all rule checks will be suppressed within the assembly and for calls made against the assembly.
- // At type-scope, all rule checks will be suppressed for members within the type and for calls made against the type.
- // At member level (e.g. field and method) the code will be treated as public - i.e. no rule checks for the members.
-
- [AttributeUsage(AttributeTargets.Assembly |
- AttributeTargets.Class |
- AttributeTargets.Struct |
- AttributeTargets.Enum |
- AttributeTargets.Constructor |
- AttributeTargets.Method |
- AttributeTargets.Field |
- AttributeTargets.Interface |
- AttributeTargets.Delegate,
- AllowMultiple = false,
- Inherited = false)]
- [Obsolete("SecurityTreatAsSafe is only used for .NET 2.0 transparency compatibility. Please use the SecuritySafeCriticalAttribute instead.")]
- sealed public class SecurityTreatAsSafeAttribute : System.Attribute
- {
- public SecurityTreatAsSafeAttribute() { }
- }
-
- // SecuritySafeCriticalAttribute:
- // Indicates that the code may contain violations to the security critical rules (e.g. transitions from
- // critical to non-public transparent, transparent to non-public critical, etc.), has been audited for
- // security concerns and is considered security clean. Also indicates that the code is considered SecurityCritical.
- // The effect of this attribute is as if the code was marked [SecurityCritical][SecurityTreatAsSafe].
- // At assembly-scope, all rule checks will be suppressed within the assembly and for calls made against the assembly.
- // At type-scope, all rule checks will be suppressed for members within the type and for calls made against the type.
- // At member level (e.g. field and method) the code will be treated as public - i.e. no rule checks for the members.
-
- [AttributeUsage(AttributeTargets.Class |
- AttributeTargets.Struct |
- AttributeTargets.Enum |
- AttributeTargets.Constructor |
- AttributeTargets.Method |
- AttributeTargets.Field |
- AttributeTargets.Interface |
- AttributeTargets.Delegate,
- AllowMultiple = false,
- Inherited = false)]
- sealed public class SecuritySafeCriticalAttribute : System.Attribute
- {
- public SecuritySafeCriticalAttribute() { }
- }
-
- // SecurityTransparentAttribute:
- // Indicates the assembly contains only transparent code.
- // Security critical actions will be restricted or converted into less critical actions. For example,
- // Assert will be restricted, SuppressUnmanagedCode, LinkDemand, unsafe, and unverifiable code will be converted
- // into Full-Demands.
-
- [AttributeUsage(AttributeTargets.Assembly, AllowMultiple = false, Inherited = false)]
- sealed public class SecurityTransparentAttribute : System.Attribute
- {
- public SecurityTransparentAttribute() { }
- }
-
- public enum SecurityRuleSet : byte
- {
- None = 0,
- Level1 = 1, // v2.0 transparency model
- Level2 = 2, // v4.0 transparency model
- }
-
- // SecurityRulesAttribute
- //
- // Indicates which set of security rules an assembly was authored against, and therefore which set of
- // rules the runtime should enforce on the assembly. For instance, an assembly marked with
- // [SecurityRules(SecurityRuleSet.Level1)] will follow the v2.0 transparency rules, where transparent code
- // can call a LinkDemand by converting it to a full demand, public critical methods are implicitly
- // treat as safe, and the remainder of the v2.0 rules apply.
- [AttributeUsage(AttributeTargets.Assembly, AllowMultiple = false)]
- public sealed class SecurityRulesAttribute : Attribute
- {
- private SecurityRuleSet m_ruleSet;
- private bool m_skipVerificationInFullTrust = false;
-
- public SecurityRulesAttribute(SecurityRuleSet ruleSet)
- {
- m_ruleSet = ruleSet;
- }
-
- // Should fully trusted transparent code skip IL verification
- public bool SkipVerificationInFullTrust
- {
- get { return m_skipVerificationInFullTrust; }
- set { m_skipVerificationInFullTrust = value; }
- }
-
- public SecurityRuleSet RuleSet
- {
- get { return m_ruleSet; }
- }
- }
-}
--- /dev/null
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+// See the LICENSE file in the project root for more information.
+
+using System.Runtime.InteropServices;
+
+namespace System.Security
+{
+ // DynamicSecurityMethodAttribute:
+ // All methods that use StackCrawlMark should be marked with this attribute. This attribute
+ // disables inlining of the calling method to allow stackwalking to find the exact caller.
+ //
+ // This attribute used to indicate that the target method requires space for a security object
+ // to be allocated on the callers stack. It is not used for this purpose anymore because of security
+ // stackwalks are not ever done in CoreCLR.
+ [AttributeUsage(AttributeTargets.Method | AttributeTargets.Constructor, AllowMultiple = true, Inherited = false)]
+ internal sealed class DynamicSecurityMethodAttribute : Attribute
+ {
+ public DynamicSecurityMethodAttribute() { }
+ }
+}
projects / platform / upstream / coreclr.git / commitdiff