From: Atsushi Kanamori Date: Thu, 9 Mar 2017 14:44:26 +0000 (-0800) Subject: Move System.Security attributes to shared partition. (#10036) X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=dd0dd2234eb982b8cfbfa9dbf1e8a3979bcb79c4;p=platform%2Fupstream%2Fcoreclr.git Move System.Security attributes to shared partition. (#10036) * Split System\Security\Attributes.cs into properly named files. * Formatting cleanup "sealed public" => "public sealed" "System.Attribute" => "Attribute" Use autoprops when possible. Be explicit about nullary constructors (since 90% of them already were.) * Remove blank line. --- diff --git a/src/mscorlib/System.Private.CoreLib.csproj b/src/mscorlib/System.Private.CoreLib.csproj index 0271052591..55be676ce3 100644 --- a/src/mscorlib/System.Private.CoreLib.csproj +++ b/src/mscorlib/System.Private.CoreLib.csproj @@ -756,7 +756,7 @@ - + diff --git a/src/mscorlib/shared/System.Private.CoreLib.Shared.projitems b/src/mscorlib/shared/System.Private.CoreLib.Shared.projitems index 0d1670fe84..cf9a5f0a8c 100644 --- a/src/mscorlib/shared/System.Private.CoreLib.Shared.projitems +++ b/src/mscorlib/shared/System.Private.CoreLib.Shared.projitems @@ -159,7 +159,18 @@ + + + + + + + + + + + diff --git a/src/mscorlib/shared/System/Security/AllowPartiallyTrustedCallersAttribute.cs b/src/mscorlib/shared/System/Security/AllowPartiallyTrustedCallersAttribute.cs new file mode 100644 index 0000000000..84ad65c4c0 --- /dev/null +++ b/src/mscorlib/shared/System/Security/AllowPartiallyTrustedCallersAttribute.cs @@ -0,0 +1,19 @@ +// Licensed to the .NET Foundation under one or more agreements. +// The .NET Foundation licenses this file to you under the MIT license. +// See the LICENSE file in the project root for more information. + +namespace System.Security +{ + // AllowPartiallyTrustedCallersAttribute: + // Indicates that the Assembly is secure and can be used by untrusted + // and semitrusted clients + // For v.1, this is valid only on Assemblies, but could be expanded to + // include Module, Method, class + [AttributeUsage(AttributeTargets.Assembly, AllowMultiple = false, Inherited = false)] + public sealed class AllowPartiallyTrustedCallersAttribute : Attribute + { + public AllowPartiallyTrustedCallersAttribute() { } + public PartialTrustVisibilityLevel PartialTrustVisibilityLevel { get; set; } + } +} + diff --git a/src/mscorlib/shared/System/Security/PartialTrustVisibilityLevel.cs b/src/mscorlib/shared/System/Security/PartialTrustVisibilityLevel.cs new file mode 100644 index 0000000000..a0cb5789ac --- /dev/null +++ b/src/mscorlib/shared/System/Security/PartialTrustVisibilityLevel.cs @@ -0,0 +1,13 @@ +// Licensed to the .NET Foundation under one or more agreements. +// The .NET Foundation licenses this file to you under the MIT license. +// See the LICENSE file in the project root for more information. + +namespace System.Security +{ + public enum PartialTrustVisibilityLevel + { + VisibleToAllHosts = 0, + NotVisibleByDefault = 1 + } +} + diff --git a/src/mscorlib/shared/System/Security/SecurityCriticalAttribute.cs b/src/mscorlib/shared/System/Security/SecurityCriticalAttribute.cs new file mode 100644 index 0000000000..2bf1700afb --- /dev/null +++ b/src/mscorlib/shared/System/Security/SecurityCriticalAttribute.cs @@ -0,0 +1,36 @@ +// Licensed to the .NET Foundation under one or more agreements. +// The .NET Foundation licenses this file to you under the MIT license. +// See the LICENSE file in the project root for more information. + +namespace System.Security +{ + // SecurityCriticalAttribute + // Indicates that the decorated code or assembly performs security critical operations (e.g. Assert, "unsafe", LinkDemand, etc.) + // The attribute can be placed on most targets, except on arguments/return values. + [AttributeUsage(AttributeTargets.Assembly | + AttributeTargets.Class | + AttributeTargets.Struct | + AttributeTargets.Enum | + AttributeTargets.Constructor | + AttributeTargets.Method | + AttributeTargets.Field | + AttributeTargets.Interface | + AttributeTargets.Delegate, + AllowMultiple = false, + Inherited = false)] + public sealed class SecurityCriticalAttribute : Attribute + { +#pragma warning disable 618 // We still use SecurityCriticalScope for v2 compat + public SecurityCriticalAttribute() { } + + public SecurityCriticalAttribute(SecurityCriticalScope scope) + { + Scope = scope; + } + + [Obsolete("SecurityCriticalScope is only used for .NET 2.0 transparency compatibility.")] + public SecurityCriticalScope Scope { get; } +#pragma warning restore 618 + } +} + diff --git a/src/mscorlib/shared/System/Security/SecurityCriticalScope.cs b/src/mscorlib/shared/System/Security/SecurityCriticalScope.cs new file mode 100644 index 0000000000..e0f5a8e2cd --- /dev/null +++ b/src/mscorlib/shared/System/Security/SecurityCriticalScope.cs @@ -0,0 +1,14 @@ +// Licensed to the .NET Foundation under one or more agreements. +// The .NET Foundation licenses this file to you under the MIT license. +// See the LICENSE file in the project root for more information. + +namespace System.Security +{ + [Obsolete("SecurityCriticalScope is only used for .NET 2.0 transparency compatibility.")] + public enum SecurityCriticalScope + { + Explicit = 0, + Everything = 0x1 + } +} + diff --git a/src/mscorlib/shared/System/Security/SecurityRuleSet.cs b/src/mscorlib/shared/System/Security/SecurityRuleSet.cs new file mode 100644 index 0000000000..1b62fd4e7d --- /dev/null +++ b/src/mscorlib/shared/System/Security/SecurityRuleSet.cs @@ -0,0 +1,14 @@ +// Licensed to the .NET Foundation under one or more agreements. +// The .NET Foundation licenses this file to you under the MIT license. +// See the LICENSE file in the project root for more information. + +namespace System.Security +{ + public enum SecurityRuleSet : byte + { + None = 0, + Level1 = 1, // v2.0 transparency model + Level2 = 2, // v4.0 transparency model + } +} + diff --git a/src/mscorlib/shared/System/Security/SecurityRulesAttribute.cs b/src/mscorlib/shared/System/Security/SecurityRulesAttribute.cs new file mode 100644 index 0000000000..ad17087f8b --- /dev/null +++ b/src/mscorlib/shared/System/Security/SecurityRulesAttribute.cs @@ -0,0 +1,28 @@ +// Licensed to the .NET Foundation under one or more agreements. +// The .NET Foundation licenses this file to you under the MIT license. +// See the LICENSE file in the project root for more information. + +namespace System.Security +{ + // SecurityRulesAttribute + // + // Indicates which set of security rules an assembly was authored against, and therefore which set of + // rules the runtime should enforce on the assembly. For instance, an assembly marked with + // [SecurityRules(SecurityRuleSet.Level1)] will follow the v2.0 transparency rules, where transparent code + // can call a LinkDemand by converting it to a full demand, public critical methods are implicitly + // treat as safe, and the remainder of the v2.0 rules apply. + [AttributeUsage(AttributeTargets.Assembly, AllowMultiple = false)] + public sealed class SecurityRulesAttribute : Attribute + { + public SecurityRulesAttribute(SecurityRuleSet ruleSet) + { + RuleSet = ruleSet; + } + + // Should fully trusted transparent code skip IL verification + public bool SkipVerificationInFullTrust { get; set; } + + public SecurityRuleSet RuleSet { get; } + } +} + diff --git a/src/mscorlib/shared/System/Security/SecuritySafeCriticalAttribute.cs b/src/mscorlib/shared/System/Security/SecuritySafeCriticalAttribute.cs new file mode 100644 index 0000000000..ee2e4b0499 --- /dev/null +++ b/src/mscorlib/shared/System/Security/SecuritySafeCriticalAttribute.cs @@ -0,0 +1,30 @@ +// Licensed to the .NET Foundation under one or more agreements. +// The .NET Foundation licenses this file to you under the MIT license. +// See the LICENSE file in the project root for more information. + +namespace System.Security +{ + // SecuritySafeCriticalAttribute: + // Indicates that the code may contain violations to the security critical rules (e.g. transitions from + // critical to non-public transparent, transparent to non-public critical, etc.), has been audited for + // security concerns and is considered security clean. Also indicates that the code is considered SecurityCritical. + // The effect of this attribute is as if the code was marked [SecurityCritical][SecurityTreatAsSafe]. + // At assembly-scope, all rule checks will be suppressed within the assembly and for calls made against the assembly. + // At type-scope, all rule checks will be suppressed for members within the type and for calls made against the type. + // At member level (e.g. field and method) the code will be treated as public - i.e. no rule checks for the members. + + [AttributeUsage(AttributeTargets.Class | + AttributeTargets.Struct | + AttributeTargets.Enum | + AttributeTargets.Constructor | + AttributeTargets.Method | + AttributeTargets.Field | + AttributeTargets.Interface | + AttributeTargets.Delegate, + AllowMultiple = false, + Inherited = false)] + public sealed class SecuritySafeCriticalAttribute : Attribute + { + public SecuritySafeCriticalAttribute() { } + } +} diff --git a/src/mscorlib/shared/System/Security/SecurityTransparentAttribute.cs b/src/mscorlib/shared/System/Security/SecurityTransparentAttribute.cs new file mode 100644 index 0000000000..03f41387ae --- /dev/null +++ b/src/mscorlib/shared/System/Security/SecurityTransparentAttribute.cs @@ -0,0 +1,19 @@ +// Licensed to the .NET Foundation under one or more agreements. +// The .NET Foundation licenses this file to you under the MIT license. +// See the LICENSE file in the project root for more information. + +namespace System.Security +{ + // SecurityTransparentAttribute: + // Indicates the assembly contains only transparent code. + // Security critical actions will be restricted or converted into less critical actions. For example, + // Assert will be restricted, SuppressUnmanagedCode, LinkDemand, unsafe, and unverifiable code will be converted + // into Full-Demands. + + [AttributeUsage(AttributeTargets.Assembly, AllowMultiple = false, Inherited = false)] + public sealed class SecurityTransparentAttribute : Attribute + { + public SecurityTransparentAttribute() { } + } +} + diff --git a/src/mscorlib/shared/System/Security/SecurityTreatAsSafeAttribute.cs b/src/mscorlib/shared/System/Security/SecurityTreatAsSafeAttribute.cs new file mode 100644 index 0000000000..7a95122bf0 --- /dev/null +++ b/src/mscorlib/shared/System/Security/SecurityTreatAsSafeAttribute.cs @@ -0,0 +1,32 @@ +// Licensed to the .NET Foundation under one or more agreements. +// The .NET Foundation licenses this file to you under the MIT license. +// See the LICENSE file in the project root for more information. + +namespace System.Security +{ + // SecurityTreatAsSafeAttribute: + // Indicates that the code may contain violations to the security critical rules (e.g. transitions from + // critical to non-public transparent, transparent to non-public critical, etc.), has been audited for + // security concerns and is considered security clean. + // At assembly-scope, all rule checks will be suppressed within the assembly and for calls made against the assembly. + // At type-scope, all rule checks will be suppressed for members within the type and for calls made against the type. + // At member level (e.g. field and method) the code will be treated as public - i.e. no rule checks for the members. + + [AttributeUsage(AttributeTargets.Assembly | + AttributeTargets.Class | + AttributeTargets.Struct | + AttributeTargets.Enum | + AttributeTargets.Constructor | + AttributeTargets.Method | + AttributeTargets.Field | + AttributeTargets.Interface | + AttributeTargets.Delegate, + AllowMultiple = false, + Inherited = false)] + [Obsolete("SecurityTreatAsSafe is only used for .NET 2.0 transparency compatibility. Please use the SecuritySafeCriticalAttribute instead.")] + public sealed class SecurityTreatAsSafeAttribute : Attribute + { + public SecurityTreatAsSafeAttribute() { } + } +} + diff --git a/src/mscorlib/shared/System/Security/SuppressUnmanagedCodeSecurityAttribute.cs b/src/mscorlib/shared/System/Security/SuppressUnmanagedCodeSecurityAttribute.cs new file mode 100644 index 0000000000..a60b8d3668 --- /dev/null +++ b/src/mscorlib/shared/System/Security/SuppressUnmanagedCodeSecurityAttribute.cs @@ -0,0 +1,16 @@ +// Licensed to the .NET Foundation under one or more agreements. +// The .NET Foundation licenses this file to you under the MIT license. +// See the LICENSE file in the project root for more information. + +namespace System.Security +{ + // SuppressUnmanagedCodeSecurityAttribute: + // Indicates that the target P/Invoke method(s) should skip the per-call + // security checked for unmanaged code permission. + [AttributeUsage(AttributeTargets.Method | AttributeTargets.Class | AttributeTargets.Interface | AttributeTargets.Delegate, AllowMultiple = true, Inherited = false)] + public sealed class SuppressUnmanagedCodeSecurityAttribute : Attribute + { + public SuppressUnmanagedCodeSecurityAttribute() { } + } +} + diff --git a/src/mscorlib/shared/System/Security/UnverifiableCodeAttribute.cs b/src/mscorlib/shared/System/Security/UnverifiableCodeAttribute.cs new file mode 100644 index 0000000000..1560b6617b --- /dev/null +++ b/src/mscorlib/shared/System/Security/UnverifiableCodeAttribute.cs @@ -0,0 +1,15 @@ +// Licensed to the .NET Foundation under one or more agreements. +// The .NET Foundation licenses this file to you under the MIT license. +// See the LICENSE file in the project root for more information. + +namespace System.Security +{ + // UnverifiableCodeAttribute: + // Indicates that the target module contains unverifiable code. + [AttributeUsage(AttributeTargets.Module, AllowMultiple = true, Inherited = false)] + public sealed class UnverifiableCodeAttribute : Attribute + { + public UnverifiableCodeAttribute() { } + } +} + diff --git a/src/mscorlib/src/System/Security/Attributes.cs b/src/mscorlib/src/System/Security/Attributes.cs deleted file mode 100644 index 9e93bc1dda..0000000000 --- a/src/mscorlib/src/System/Security/Attributes.cs +++ /dev/null @@ -1,204 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -using System.Runtime.InteropServices; - -namespace System.Security -{ - // DynamicSecurityMethodAttribute: - // All methods that use StackCrawlMark should be marked with this attribute. This attribute - // disables inlining of the calling method to allow stackwalking to find the exact caller. - // - // This attribute used to indicate that the target method requires space for a security object - // to be allocated on the callers stack. It is not used for this purpose anymore because of security - // stackwalks are not ever done in CoreCLR. - [AttributeUsage(AttributeTargets.Method | AttributeTargets.Constructor, AllowMultiple = true, Inherited = false)] - sealed internal class DynamicSecurityMethodAttribute : System.Attribute - { - } - - // SuppressUnmanagedCodeSecurityAttribute: - // Indicates that the target P/Invoke method(s) should skip the per-call - // security checked for unmanaged code permission. - [AttributeUsage(AttributeTargets.Method | AttributeTargets.Class | AttributeTargets.Interface | AttributeTargets.Delegate, AllowMultiple = true, Inherited = false)] - sealed public class SuppressUnmanagedCodeSecurityAttribute : System.Attribute - { - } - - // UnverifiableCodeAttribute: - // Indicates that the target module contains unverifiable code. - [AttributeUsage(AttributeTargets.Module, AllowMultiple = true, Inherited = false)] - sealed public class UnverifiableCodeAttribute : System.Attribute - { - } - - // AllowPartiallyTrustedCallersAttribute: - // Indicates that the Assembly is secure and can be used by untrusted - // and semitrusted clients - // For v.1, this is valid only on Assemblies, but could be expanded to - // include Module, Method, class - [AttributeUsage(AttributeTargets.Assembly, AllowMultiple = false, Inherited = false)] - sealed public class AllowPartiallyTrustedCallersAttribute : System.Attribute - { - private PartialTrustVisibilityLevel _visibilityLevel; - public AllowPartiallyTrustedCallersAttribute() { } - - public PartialTrustVisibilityLevel PartialTrustVisibilityLevel - { - get { return _visibilityLevel; } - set { _visibilityLevel = value; } - } - } - - public enum PartialTrustVisibilityLevel - { - VisibleToAllHosts = 0, - NotVisibleByDefault = 1 - } - - [Obsolete("SecurityCriticalScope is only used for .NET 2.0 transparency compatibility.")] - public enum SecurityCriticalScope - { - Explicit = 0, - Everything = 0x1 - } - - // SecurityCriticalAttribute - // Indicates that the decorated code or assembly performs security critical operations (e.g. Assert, "unsafe", LinkDemand, etc.) - // The attribute can be placed on most targets, except on arguments/return values. - [AttributeUsage(AttributeTargets.Assembly | - AttributeTargets.Class | - AttributeTargets.Struct | - AttributeTargets.Enum | - AttributeTargets.Constructor | - AttributeTargets.Method | - AttributeTargets.Field | - AttributeTargets.Interface | - AttributeTargets.Delegate, - AllowMultiple = false, - Inherited = false)] - sealed public class SecurityCriticalAttribute : System.Attribute - { -#pragma warning disable 618 // We still use SecurityCriticalScope for v2 compat - - private SecurityCriticalScope _val; - - public SecurityCriticalAttribute() { } - - public SecurityCriticalAttribute(SecurityCriticalScope scope) - { - _val = scope; - } - - [Obsolete("SecurityCriticalScope is only used for .NET 2.0 transparency compatibility.")] - public SecurityCriticalScope Scope - { - get - { - return _val; - } - } - -#pragma warning restore 618 - } - - // SecurityTreatAsSafeAttribute: - // Indicates that the code may contain violations to the security critical rules (e.g. transitions from - // critical to non-public transparent, transparent to non-public critical, etc.), has been audited for - // security concerns and is considered security clean. - // At assembly-scope, all rule checks will be suppressed within the assembly and for calls made against the assembly. - // At type-scope, all rule checks will be suppressed for members within the type and for calls made against the type. - // At member level (e.g. field and method) the code will be treated as public - i.e. no rule checks for the members. - - [AttributeUsage(AttributeTargets.Assembly | - AttributeTargets.Class | - AttributeTargets.Struct | - AttributeTargets.Enum | - AttributeTargets.Constructor | - AttributeTargets.Method | - AttributeTargets.Field | - AttributeTargets.Interface | - AttributeTargets.Delegate, - AllowMultiple = false, - Inherited = false)] - [Obsolete("SecurityTreatAsSafe is only used for .NET 2.0 transparency compatibility. Please use the SecuritySafeCriticalAttribute instead.")] - sealed public class SecurityTreatAsSafeAttribute : System.Attribute - { - public SecurityTreatAsSafeAttribute() { } - } - - // SecuritySafeCriticalAttribute: - // Indicates that the code may contain violations to the security critical rules (e.g. transitions from - // critical to non-public transparent, transparent to non-public critical, etc.), has been audited for - // security concerns and is considered security clean. Also indicates that the code is considered SecurityCritical. - // The effect of this attribute is as if the code was marked [SecurityCritical][SecurityTreatAsSafe]. - // At assembly-scope, all rule checks will be suppressed within the assembly and for calls made against the assembly. - // At type-scope, all rule checks will be suppressed for members within the type and for calls made against the type. - // At member level (e.g. field and method) the code will be treated as public - i.e. no rule checks for the members. - - [AttributeUsage(AttributeTargets.Class | - AttributeTargets.Struct | - AttributeTargets.Enum | - AttributeTargets.Constructor | - AttributeTargets.Method | - AttributeTargets.Field | - AttributeTargets.Interface | - AttributeTargets.Delegate, - AllowMultiple = false, - Inherited = false)] - sealed public class SecuritySafeCriticalAttribute : System.Attribute - { - public SecuritySafeCriticalAttribute() { } - } - - // SecurityTransparentAttribute: - // Indicates the assembly contains only transparent code. - // Security critical actions will be restricted or converted into less critical actions. For example, - // Assert will be restricted, SuppressUnmanagedCode, LinkDemand, unsafe, and unverifiable code will be converted - // into Full-Demands. - - [AttributeUsage(AttributeTargets.Assembly, AllowMultiple = false, Inherited = false)] - sealed public class SecurityTransparentAttribute : System.Attribute - { - public SecurityTransparentAttribute() { } - } - - public enum SecurityRuleSet : byte - { - None = 0, - Level1 = 1, // v2.0 transparency model - Level2 = 2, // v4.0 transparency model - } - - // SecurityRulesAttribute - // - // Indicates which set of security rules an assembly was authored against, and therefore which set of - // rules the runtime should enforce on the assembly. For instance, an assembly marked with - // [SecurityRules(SecurityRuleSet.Level1)] will follow the v2.0 transparency rules, where transparent code - // can call a LinkDemand by converting it to a full demand, public critical methods are implicitly - // treat as safe, and the remainder of the v2.0 rules apply. - [AttributeUsage(AttributeTargets.Assembly, AllowMultiple = false)] - public sealed class SecurityRulesAttribute : Attribute - { - private SecurityRuleSet m_ruleSet; - private bool m_skipVerificationInFullTrust = false; - - public SecurityRulesAttribute(SecurityRuleSet ruleSet) - { - m_ruleSet = ruleSet; - } - - // Should fully trusted transparent code skip IL verification - public bool SkipVerificationInFullTrust - { - get { return m_skipVerificationInFullTrust; } - set { m_skipVerificationInFullTrust = value; } - } - - public SecurityRuleSet RuleSet - { - get { return m_ruleSet; } - } - } -} diff --git a/src/mscorlib/src/System/Security/DynamicSecurityMethodAttribute.cs b/src/mscorlib/src/System/Security/DynamicSecurityMethodAttribute.cs new file mode 100644 index 0000000000..83be902a2c --- /dev/null +++ b/src/mscorlib/src/System/Security/DynamicSecurityMethodAttribute.cs @@ -0,0 +1,21 @@ +// Licensed to the .NET Foundation under one or more agreements. +// The .NET Foundation licenses this file to you under the MIT license. +// See the LICENSE file in the project root for more information. + +using System.Runtime.InteropServices; + +namespace System.Security +{ + // DynamicSecurityMethodAttribute: + // All methods that use StackCrawlMark should be marked with this attribute. This attribute + // disables inlining of the calling method to allow stackwalking to find the exact caller. + // + // This attribute used to indicate that the target method requires space for a security object + // to be allocated on the callers stack. It is not used for this purpose anymore because of security + // stackwalks are not ever done in CoreCLR. + [AttributeUsage(AttributeTargets.Method | AttributeTargets.Constructor, AllowMultiple = true, Inherited = false)] + internal sealed class DynamicSecurityMethodAttribute : Attribute + { + public DynamicSecurityMethodAttribute() { } + } +}