From 5c47caa806e6907df81e7a96864984df4d0f38cd Mon Sep 17 00:00:00 2001 From: Jan Kotas Date: Mon, 6 Feb 2017 06:53:42 -0800 Subject: [PATCH] CAS Security cleanup (#9355) --- src/classlibnative/bcltype/CMakeLists.txt | 1 - src/classlibnative/bcltype/console.cpp | 152 -- src/classlibnative/bcltype/console.h | 45 - src/mscorlib/System.Private.CoreLib.csproj | 1077 ++++++++- src/mscorlib/facade/project.json | 1 + src/mscorlib/model.xml | 93 - src/mscorlib/mscorlib.shared.sources.props | 1181 ---------- src/mscorlib/src/CleanupToDoList.cs | 52 + src/mscorlib/src/Microsoft/Win32/RegistryKey.cs | 294 +-- src/mscorlib/src/System/Activator.cs | 2 +- src/mscorlib/src/System/AppDomain.cs | 38 +- src/mscorlib/src/System/AppDomainSetup.cs | 2 +- .../src/System/DelegateSerializationHolder.cs | 8 +- src/mscorlib/src/System/Diagnostics/Debugger.cs | 49 - .../System/Diagnostics/Eventing/EventProvider.cs | 2 + .../src/System/Diagnostics/Eventing/EventSource.cs | 2 + src/mscorlib/src/System/Diagnostics/Stackframe.cs | 29 - src/mscorlib/src/System/Environment.cs | 145 +- src/mscorlib/src/System/Exception.cs | 13 - .../src/System/Globalization/JapaneseCalendar.cs | 4 - .../src/System/IO/PinnedBufferMemoryStream.cs | 2 +- .../src/System/IO/UnmanagedMemoryStream.cs | 36 +- src/mscorlib/src/System/Reflection/Assembly.cs | 63 +- src/mscorlib/src/System/Reflection/AssemblyName.cs | 1 - .../src/System/Reflection/ConstructorInfo.cs | 4 - .../src/System/Reflection/CustomAttribute.cs | 37 +- .../src/System/Reflection/Emit/AssemblyBuilder.cs | 18 - .../src/System/Reflection/Emit/ModuleBuilder.cs | 5 - src/mscorlib/src/System/Reflection/MethodBase.cs | 3 - src/mscorlib/src/System/Reflection/Module.cs | 17 +- .../System/Resources/FileBasedResourceGroveler.cs | 36 +- .../src/System/Resources/ResourceReader.cs | 2 +- src/mscorlib/src/System/RtType.cs | 37 - .../src/System/Security/AccessControl/Enums.cs | 13 - .../src/System/Security/CodeAccessPermission.cs | 155 -- .../System/Security/CodeAccessSecurityEngine.cs | 335 --- .../src/System/Security/FrameSecurityDescriptor.cs | 351 --- src/mscorlib/src/System/Security/IPermission.cs | 84 - .../src/System/Security/NamedPermissionSet.cs | 75 - .../src/System/Security/PermissionListSet.cs | 79 - src/mscorlib/src/System/Security/PermissionSet.cs | 1259 ---------- .../src/System/Security/PermissionSetEnumerator.cs | 89 - .../src/System/Security/PermissionSetTriple.cs | 82 - .../src/System/Security/PermissionToken.cs | 284 --- .../Security/Permissions/EnvironmentPermission.cs | 299 --- .../Security/Permissions/FileDialogPermission.cs | 158 -- .../Security/Permissions/FileIOPermission.cs | 863 ------- .../Permissions/HostProtectionPermission.cs | 265 --- .../Security/Permissions/IBuiltInPermission.cs | 39 - .../Permissions/IUnrestrictedPermission.cs | 13 - .../Security/Permissions/PermissionAttributes.cs | 159 -- .../System/Security/Permissions/PermissionState.cs | 21 - .../Security/Permissions/ReflectionPermission.cs | 274 --- .../Security/Permissions/RegistryPermission.cs | 311 --- .../Security/Permissions/SecurityPermission.cs | 269 --- .../Permissions/StrongNamePublicKeyBlob.cs | 79 - .../System/Security/Permissions/UIPermission.cs | 247 -- .../src/System/Security/Policy/ApplicationTrust.cs | 86 - .../src/System/Security/Policy/Evidence.cs | 31 - .../src/System/Security/Policy/EvidenceBase.cs | 29 - .../src/System/Security/Policy/PolicyStatement.cs | 136 -- .../src/System/Security/Policy/StrongName.cs | 63 - .../src/System/Security/Principal/IIdentity.cs | 29 - .../src/System/Security/Principal/IPrincipal.cs | 26 - .../Security/Principal/TokenImpersonationLevel.cs | 15 - .../src/System/Security/SecurityContext.cs | 38 - .../src/System/Security/SecurityException.cs | 7 +- .../src/System/Security/SecurityManager.cs | 143 -- .../src/System/Security/SecurityRuntime.cs | 85 - src/mscorlib/src/System/Security/SecurityZone.cs | 14 - src/mscorlib/src/System/Security/Util/Hex.cs | 54 - .../System/Security/Util/StringExpressionSet.cs | 746 ------ .../src/System/Security/Util/TokenBasedSet.cs | 349 --- .../Security/Util/TokenBasedSetEnumerator.cs | 36 - src/mscorlib/src/System/Security/Util/URLString.cs | 1046 +-------- .../src/System/Security/Util/sitestring.cs | 233 -- src/mscorlib/src/System/SharedStatics.cs | 1 - .../src/System/Threading/LockRecursionException.cs | 1 - src/mscorlib/src/System/TimeZoneInfo.Win32.cs | 2 +- src/vm/CMakeLists.txt | 2 - src/vm/appdomain.cpp | 1 - src/vm/appdomainnative.cpp | 193 -- src/vm/appdomainnative.hpp | 1 - src/vm/appdomainstack.cpp | 85 - src/vm/appdomainstack.h | 3 - src/vm/ceemain.cpp | 1 - src/vm/certificatecache.cpp | 85 - src/vm/certificatecache.h | 40 - src/vm/comsynchronizable.cpp | 1 - src/vm/confighelper.cpp | 309 --- src/vm/confighelper.h | 203 -- src/vm/corhost.cpp | 8 - src/vm/ecalllist.h | 404 ---- src/vm/eeconfig.h | 20 - src/vm/eetoprofinterfaceimpl.cpp | 12 - src/vm/i386/excepx86.cpp | 1 - src/vm/metasig.h | 58 - src/vm/mscorlib.cpp | 20 - src/vm/mscorlib.h | 297 --- src/vm/newcompressedstack.cpp | 1074 --------- src/vm/newcompressedstack.h | 197 -- src/vm/object.h | 211 -- src/vm/reflectioninvocation.cpp | 21 - src/vm/security.h | 2 - src/vm/security.inl | 18 +- src/vm/securityattributes.cpp | 1282 ---------- src/vm/securitydeclarative.cpp | 150 -- src/vm/securitydeclarative.h | 3 - src/vm/securitydeclarative.inl | 6 - src/vm/securitydescriptor.cpp | 54 +- src/vm/securitydescriptorappdomain.cpp | 412 ---- src/vm/securitydescriptorassembly.cpp | 153 -- src/vm/securityhostprotection.cpp | 102 - src/vm/securityhostprotection.h | 14 - src/vm/securityimperative.cpp | 119 - src/vm/securityimperative.h | 36 - src/vm/securitymeta.cpp | 1 - src/vm/securitypolicy.h | 17 - src/vm/securityprincipal.cpp | 227 -- src/vm/securityprincipal.h | 33 - src/vm/securitystackwalk.cpp | 2439 -------------------- src/vm/securitytransparentassembly.cpp | 6 +- src/vm/stackcompressor.cpp | 378 --- src/vm/stackcompressor.h | 39 - src/vm/vars.cpp | 4 - src/vm/vars.hpp | 8 - 126 files changed, 1194 insertions(+), 19980 deletions(-) delete mode 100644 src/classlibnative/bcltype/console.cpp delete mode 100644 src/classlibnative/bcltype/console.h delete mode 100644 src/mscorlib/mscorlib.shared.sources.props create mode 100644 src/mscorlib/src/CleanupToDoList.cs delete mode 100644 src/mscorlib/src/System/Security/AccessControl/Enums.cs delete mode 100644 src/mscorlib/src/System/Security/CodeAccessPermission.cs delete mode 100644 src/mscorlib/src/System/Security/CodeAccessSecurityEngine.cs delete mode 100644 src/mscorlib/src/System/Security/FrameSecurityDescriptor.cs delete mode 100644 src/mscorlib/src/System/Security/IPermission.cs delete mode 100644 src/mscorlib/src/System/Security/NamedPermissionSet.cs delete mode 100644 src/mscorlib/src/System/Security/PermissionListSet.cs delete mode 100644 src/mscorlib/src/System/Security/PermissionSet.cs delete mode 100644 src/mscorlib/src/System/Security/PermissionSetEnumerator.cs delete mode 100644 src/mscorlib/src/System/Security/PermissionSetTriple.cs delete mode 100644 src/mscorlib/src/System/Security/PermissionToken.cs delete mode 100644 src/mscorlib/src/System/Security/Permissions/EnvironmentPermission.cs delete mode 100644 src/mscorlib/src/System/Security/Permissions/FileDialogPermission.cs delete mode 100644 src/mscorlib/src/System/Security/Permissions/FileIOPermission.cs delete mode 100644 src/mscorlib/src/System/Security/Permissions/HostProtectionPermission.cs delete mode 100644 src/mscorlib/src/System/Security/Permissions/IBuiltInPermission.cs delete mode 100644 src/mscorlib/src/System/Security/Permissions/IUnrestrictedPermission.cs delete mode 100644 src/mscorlib/src/System/Security/Permissions/PermissionAttributes.cs delete mode 100644 src/mscorlib/src/System/Security/Permissions/PermissionState.cs delete mode 100644 src/mscorlib/src/System/Security/Permissions/ReflectionPermission.cs delete mode 100644 src/mscorlib/src/System/Security/Permissions/RegistryPermission.cs delete mode 100644 src/mscorlib/src/System/Security/Permissions/SecurityPermission.cs delete mode 100644 src/mscorlib/src/System/Security/Permissions/StrongNamePublicKeyBlob.cs delete mode 100644 src/mscorlib/src/System/Security/Permissions/UIPermission.cs delete mode 100644 src/mscorlib/src/System/Security/Policy/ApplicationTrust.cs delete mode 100644 src/mscorlib/src/System/Security/Policy/Evidence.cs delete mode 100644 src/mscorlib/src/System/Security/Policy/EvidenceBase.cs delete mode 100644 src/mscorlib/src/System/Security/Policy/PolicyStatement.cs delete mode 100644 src/mscorlib/src/System/Security/Policy/StrongName.cs delete mode 100644 src/mscorlib/src/System/Security/Principal/IIdentity.cs delete mode 100644 src/mscorlib/src/System/Security/Principal/IPrincipal.cs delete mode 100644 src/mscorlib/src/System/Security/Principal/TokenImpersonationLevel.cs delete mode 100644 src/mscorlib/src/System/Security/SecurityContext.cs delete mode 100644 src/mscorlib/src/System/Security/SecurityManager.cs delete mode 100644 src/mscorlib/src/System/Security/SecurityRuntime.cs delete mode 100644 src/mscorlib/src/System/Security/SecurityZone.cs delete mode 100644 src/mscorlib/src/System/Security/Util/Hex.cs delete mode 100644 src/mscorlib/src/System/Security/Util/StringExpressionSet.cs delete mode 100644 src/mscorlib/src/System/Security/Util/TokenBasedSet.cs delete mode 100644 src/mscorlib/src/System/Security/Util/TokenBasedSetEnumerator.cs delete mode 100644 src/mscorlib/src/System/Security/Util/sitestring.cs delete mode 100644 src/vm/certificatecache.cpp delete mode 100644 src/vm/certificatecache.h delete mode 100644 src/vm/confighelper.cpp delete mode 100644 src/vm/confighelper.h delete mode 100644 src/vm/newcompressedstack.cpp delete mode 100644 src/vm/newcompressedstack.h delete mode 100644 src/vm/securityhostprotection.cpp delete mode 100644 src/vm/securityhostprotection.h delete mode 100644 src/vm/securityimperative.cpp delete mode 100644 src/vm/securityimperative.h delete mode 100644 src/vm/securityprincipal.cpp delete mode 100644 src/vm/securityprincipal.h delete mode 100644 src/vm/securitystackwalk.cpp delete mode 100644 src/vm/stackcompressor.cpp delete mode 100644 src/vm/stackcompressor.h diff --git a/src/classlibnative/bcltype/CMakeLists.txt b/src/classlibnative/bcltype/CMakeLists.txt index 4df909a..7999c0c 100644 --- a/src/classlibnative/bcltype/CMakeLists.txt +++ b/src/classlibnative/bcltype/CMakeLists.txt @@ -7,7 +7,6 @@ endif(PerfCountersSupportedBuild) set(BCLTYPE_SOURCES arraynative.cpp arrayhelpers.cpp - console.cpp currency.cpp decimal.cpp windowsruntimebufferhelper.cpp diff --git a/src/classlibnative/bcltype/console.cpp b/src/classlibnative/bcltype/console.cpp deleted file mode 100644 index 7dfb30a..0000000 --- a/src/classlibnative/bcltype/console.cpp +++ /dev/null @@ -1,152 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. -// -// File: Console.cpp -// - -// -// Purpose: Native methods on System.Console -// -// - -#ifndef FEATURE_CORECLR - -#include "common.h" -#include "sbuffer.h" -#include -#include "console.h" - -// GetConsoleTitle sometimes interprets the second parameter (nSize) as number of bytes and sometimes as the number of chars. -// Instead of doing complicated and dangerous logic to determine if this may or may not occur, -// we simply assume the worst and reserve a bigger buffer. This way we may use a bit more memory, -// but we will always be safe. This macro helps us doing that: -#define ADJUST_NUM_CHARS(numChars) ((numChars) * 2) - -#define BUFF_SIZE(numChars) ( ((numChars) + 1) * sizeof(TCHAR) ) - -// A buffer of size ConsoleNative::MaxConsoleTitleLength is quite big. -// First, we try allocating a smaller buffer because most often, the console title is short. -// If it turns out that the short buffer size is insufficient, we try again using a larger buffer. -INT32 QCALLTYPE ConsoleNative::GetTitle(QCall::StringHandleOnStack outTitle, INT32& outTitleLen) { - - QCALL_CONTRACT; - - INT32 result = 0; - - BEGIN_QCALL; - - // Reserve buffer: - InlineSBuffer< ADJUST_NUM_CHARS(BUFF_SIZE(ShortConsoleTitleLength)) > titleBuff; - - // Hold last error: - DWORD lastError; - - // Read console title, get length of the title: - - BYTE *buffPtr = titleBuff.OpenRawBuffer( ADJUST_NUM_CHARS(BUFF_SIZE(ShortConsoleTitleLength)) ); - - SetLastError(0); - DWORD len = GetConsoleTitle((TCHAR *) buffPtr, ADJUST_NUM_CHARS(ShortConsoleTitleLength + 1)); - lastError = GetLastError(); - - titleBuff.CloseRawBuffer(); - - // If the title length is larger than supported maximum, do not bother reading it, just return the length: - if (len > MaxConsoleTitleLength) { - - outTitleLen = len; - outTitle.Set(W("")); - result = 0; - - // If title length is within valid range: - } else { - - // If the title is longer than the short buffer, but can fit in the max supported length, - // read it again with the long buffer: - if (len > ShortConsoleTitleLength) { - - COUNT_T buffSize = ADJUST_NUM_CHARS(BUFF_SIZE(len)); - titleBuff.SetSize(buffSize); - - BYTE *buffPtr = titleBuff.OpenRawBuffer(buffSize); - - SetLastError(0); - len = GetConsoleTitle((TCHAR *) buffPtr, ADJUST_NUM_CHARS(len + 1)); - lastError = GetLastError(); - - titleBuff.CloseRawBuffer(); - } - - // Zero may indicate error or empty title. Check for error: - result = (INT32) (0 == len ? lastError : 0); - - // If no error, set title and length: - if (0 == result) { - const BYTE *cBuffPtr = (const BYTE *) titleBuff; - outTitle.Set((TCHAR *) cBuffPtr); - outTitleLen = (INT32) len; - - // If error, set to empty: - } else { - outTitleLen = (INT32) -1; - // No need to set the title string if we have an error anyway. - } - } // if title length is within valid range. - - END_QCALL; - - return result; -} - -// Block waiting for data to become available on the console stream indicated by the safe file handle passed. -// Ensure that the thread remains abortable in the process. -FCIMPL2(void, ConsoleStreamHelper::WaitForAvailableConsoleInput, SafeHandle* refThisUNSAFE, CLR_BOOL bIsPipe) -{ - FCALL_CONTRACT; - - SAFEHANDLEREF refConsoleHandle(refThisUNSAFE); - - HELPER_METHOD_FRAME_BEGIN_1(refConsoleHandle); - - // Prevent the console handle being closed under our feet. - SafeHandleHolder shh(&refConsoleHandle); - - // Don't pass the address of the native handle within the safe handle to DoAppropriateWait since the safe - // handle is on the GC heap and could be moved. Instead copy the native handle out into a stack location - // (this is safe because we've ref-counted the safe handle to prevent it being disposed on us). - HANDLE hNativeConsoleHandle = refConsoleHandle->GetHandle(); - - bool skipWait = false; - - // If we are reading from a pipe and the other end of the pipe was closed, then do not block. No one can write to it. - // Also we can skip blocking if we do have data available. We should block if nothing is available, with the assumption - // that Windows is smart enough to handle pipes where the other end is closed. - if (bIsPipe) - { - DWORD cBytesRead, cTotalBytesAvailable, cBytesLeftThisMessage; - int r = PeekNamedPipe(hNativeConsoleHandle, NULL, 0, &cBytesRead, &cTotalBytesAvailable, &cBytesLeftThisMessage); - if (r != 0) - { - skipWait = cTotalBytesAvailable > 0; - } - else - { - // Windows returns ERROR_BROKEN_PIPE if the other side of a pipe is closed. However, we've seen - // pipes return ERROR_NO_DATA and ERROR_PIPE_NOT_CONNECTED. Check for those too. - int errorCode = GetLastError(); - skipWait = errorCode == ERROR_BROKEN_PIPE || errorCode == ERROR_NO_DATA || errorCode == ERROR_PIPE_NOT_CONNECTED; - } - } - - // Perform the wait (DoAppropriateWait automatically handles thread aborts). - if (!skipWait) - { - GetThread()->DoAppropriateWait(1, &hNativeConsoleHandle, TRUE, INFINITE, WaitMode_Alertable); - } - - HELPER_METHOD_FRAME_END(); -} -FCIMPLEND - -#endif // ifndef FEATURE_CORECLR diff --git a/src/classlibnative/bcltype/console.h b/src/classlibnative/bcltype/console.h deleted file mode 100644 index b3772f2..0000000 --- a/src/classlibnative/bcltype/console.h +++ /dev/null @@ -1,45 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. -// -// File: Console.h -// - -// -// Purpose: Native methods on System.Console -// - -// -#ifndef _CONSOLE_H_ -#define _CONSOLE_H_ - -#ifndef FEATURE_CORECLR - -#include "qcall.h" - -class ConsoleNative { - -private: - - // Short buffer len to try using first: - static const INT32 ShortConsoleTitleLength = 200; - -public: - - // This value is copied from Console.cs. There is said: - // MSDN says console titles can be up to 64KB in length. - // But there is an exception if the buffer lengths longer than - // ~24500 Unicode characters are used. Oh well. - static const INT32 MaxConsoleTitleLength = 24500; - - static INT32 QCALLTYPE GetTitle(QCall::StringHandleOnStack outTitle, INT32& outTitleLen); -}; - -class ConsoleStreamHelper { -public: - static FCDECL2(void, WaitForAvailableConsoleInput, SafeHandle* refThisUNSAFE, CLR_BOOL bIsPipe); -}; - -#endif // ifndef FEATURE_CORECLR - -#endif // _CONSOLE_H_ diff --git a/src/mscorlib/System.Private.CoreLib.csproj b/src/mscorlib/System.Private.CoreLib.csproj index fb8f337..45abd64 100644 --- a/src/mscorlib/System.Private.CoreLib.csproj +++ b/src/mscorlib/System.Private.CoreLib.csproj @@ -45,7 +45,7 @@ true true - $(DefineConstants);_USE_NLS_PLUS_TABLE;RESOURCE_SATELLITE_CONFIG;INSIDE_CLR;CODE_ANALYSIS_BASELINE + $(DefineConstants);CORECLR;_USE_NLS_PLUS_TABLE;RESOURCE_SATELLITE_CONFIG;INSIDE_CLR;CODE_ANALYSIS_BASELINE @@ -152,7 +152,1077 @@ - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -164,6 +1234,9 @@ + + + diff --git a/src/mscorlib/facade/project.json b/src/mscorlib/facade/project.json index 37f8c1b..b0b39a1 100644 --- a/src/mscorlib/facade/project.json +++ b/src/mscorlib/facade/project.json @@ -4,6 +4,7 @@ "System.IO": "4.1.0", "System.Security.Cryptography.Primitives": "4.0.0", "System.Security.Claims": "4.0.0", + "System.Security.Principal": "4.0.0" }, "frameworks": { "netstandard1.3": { diff --git a/src/mscorlib/model.xml b/src/mscorlib/model.xml index a9b3777..679ab89 100644 --- a/src/mscorlib/model.xml +++ b/src/mscorlib/model.xml @@ -3998,8 +3998,6 @@ - - @@ -9437,41 +9435,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -10923,24 +10886,7 @@ - - - - - - - - - - - - - - - - - @@ -10951,45 +10897,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/src/mscorlib/mscorlib.shared.sources.props b/src/mscorlib/mscorlib.shared.sources.props deleted file mode 100644 index 7e15d79..0000000 --- a/src/mscorlib/mscorlib.shared.sources.props +++ /dev/null @@ -1,1181 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/src/mscorlib/src/CleanupToDoList.cs b/src/mscorlib/src/CleanupToDoList.cs new file mode 100644 index 0000000..fe7e814 --- /dev/null +++ b/src/mscorlib/src/CleanupToDoList.cs @@ -0,0 +1,52 @@ +// Licensed to the .NET Foundation under one or more agreements. +// The .NET Foundation licenses this file to you under the MIT license. +// See the LICENSE file in the project root for more information. + +// +// Stubbed out types to be cleanup from CoreLib +// + +namespace System.Security +{ + internal enum SecurityContextSource + { + CurrentAppDomain = 0, + CurrentAssembly + } + + internal sealed class PermissionSet + { + } +} + +namespace System.Security.Permissions +{ + internal class HostProtectionAttribute : Attribute + { + public bool MayLeakOnAbort { get; set; } + } + + internal enum PermissionState + { + Unrestricted = 1, + None = 0, + } +} + +namespace System.Security.Policy +{ + internal sealed class Evidence + { + } + + internal sealed class ApplicationTrust + { + } +} + +namespace System.Security.Principal +{ + internal interface IPrincipal + { + } +} diff --git a/src/mscorlib/src/Microsoft/Win32/RegistryKey.cs b/src/mscorlib/src/Microsoft/Win32/RegistryKey.cs index 090be82..3a797db 100644 --- a/src/mscorlib/src/Microsoft/Win32/RegistryKey.cs +++ b/src/mscorlib/src/Microsoft/Win32/RegistryKey.cs @@ -1047,301 +1047,9 @@ namespace Microsoft.Win32 } - // - // Read/Write/Create SubKey Permission - // - private void GetSubKeyReadPermission(string subkeyName, out RegistryPermissionAccess access, out string path) { - access = RegistryPermissionAccess.Read; - path = keyName + "\\" + subkeyName + "\\."; - } - private void GetSubKeyWritePermission(string subkeyName, out RegistryPermissionAccess access, out string path) { - // If we want to open a subkey of a read-only key as writeable, we need to do the check. - access = RegistryPermissionAccess.Write; - path = keyName + "\\" + subkeyName + "\\."; - } - private void GetSubKeyCreatePermission(string subkeyName, out RegistryPermissionAccess access, out string path) { - access = RegistryPermissionAccess.Create; - path = keyName + "\\" + subkeyName + "\\."; - } - - // - // Read/Write/ReadWrite SubTree Permission - // - private void GetSubTreeReadPermission(string subkeyName, out RegistryPermissionAccess access, out string path) { - access = RegistryPermissionAccess.Read; - path = keyName + "\\" + subkeyName + "\\"; - } - private void GetSubTreeWritePermission(string subkeyName, out RegistryPermissionAccess access, out string path) { - access = RegistryPermissionAccess.Write; - path = keyName + "\\" + subkeyName + "\\"; - } - private void GetSubTreeReadWritePermission(string subkeyName, out RegistryPermissionAccess access, out string path) { - access = RegistryPermissionAccess.Write | RegistryPermissionAccess.Read; - path = keyName + "\\" + subkeyName; - } - - // - // Read/Write/Create Value Permission - // - private void GetValueReadPermission(string valueName, out RegistryPermissionAccess access, out string path) { - access = RegistryPermissionAccess.Read; - path = keyName+"\\"+valueName; - } - private void GetValueWritePermission(string valueName, out RegistryPermissionAccess access, out string path) { - access = RegistryPermissionAccess.Write; - path = keyName+"\\"+valueName; - } - private void GetValueCreatePermission(string valueName, out RegistryPermissionAccess access, out string path) { - access = RegistryPermissionAccess.Create; - path = keyName+"\\"+valueName; - } - - // Read Key Permission - private void GetKeyReadPermission(out RegistryPermissionAccess access, out string path) { - access = RegistryPermissionAccess.Read; - path = keyName + "\\."; - } - private void CheckPermission(RegistryInternalCheck check, string item, bool subKeyWritable, RegistryKeyPermissionCheck subKeyCheck) { - bool demand = false; - RegistryPermissionAccess access = RegistryPermissionAccess.NoAccess; - string path = null; - - switch (check) { - // - // Read/Write/Create SubKey Permission - // - case RegistryInternalCheck.CheckSubKeyReadPermission: - if (remoteKey) { - CheckUnmanagedCodePermission(); - } - else { - BCLDebug.Assert(checkMode == RegistryKeyPermissionCheck.Default, "Should be called from a key opened under default mode only!"); - BCLDebug.Assert(subKeyWritable == false, "subKeyWritable should be false (unused)"); - BCLDebug.Assert(subKeyCheck == RegistryKeyPermissionCheck.Default, "subKeyCheck should be Default (unused)"); - demand = true; - GetSubKeyReadPermission(item, out access, out path); - } - break; - case RegistryInternalCheck.CheckSubKeyWritePermission: - if (remoteKey) { - CheckUnmanagedCodePermission(); - } - else { - BCLDebug.Assert(checkMode != RegistryKeyPermissionCheck.ReadSubTree, "We shouldn't allow creating sub key under read-only key!"); - BCLDebug.Assert(subKeyWritable == false, "subKeyWritable should be false (unused)"); - BCLDebug.Assert(subKeyCheck == RegistryKeyPermissionCheck.Default, "subKeyCheck should be Default (unused)"); - if( checkMode == RegistryKeyPermissionCheck.Default) { - demand = true; - GetSubKeyWritePermission(item, out access, out path); - } - } - break; - case RegistryInternalCheck.CheckSubKeyCreatePermission: - if (remoteKey) { - CheckUnmanagedCodePermission(); - } - else { - BCLDebug.Assert(checkMode != RegistryKeyPermissionCheck.ReadSubTree, "We shouldn't allow creating sub key under read-only key!"); - BCLDebug.Assert(subKeyWritable == false, "subKeyWritable should be false (unused)"); - BCLDebug.Assert(subKeyCheck == RegistryKeyPermissionCheck.Default, "subKeyCheck should be Default (unused)"); - if( checkMode == RegistryKeyPermissionCheck.Default) { - demand = true; - GetSubKeyCreatePermission(item, out access, out path); - } - } - break; - // - // Read/Write/ReadWrite SubTree Permission - // - case RegistryInternalCheck.CheckSubTreeReadPermission: - if (remoteKey) { - CheckUnmanagedCodePermission(); - } - else { - BCLDebug.Assert(subKeyWritable == false, "subKeyWritable should be false (unused)"); - BCLDebug.Assert(subKeyCheck == RegistryKeyPermissionCheck.Default, "subKeyCheck should be Default (unused)"); - if( checkMode == RegistryKeyPermissionCheck.Default) { - demand = true; - GetSubTreeReadPermission(item, out access, out path); - } - } - break; - case RegistryInternalCheck.CheckSubTreeWritePermission: - if (remoteKey) { - CheckUnmanagedCodePermission(); - } - else { - BCLDebug.Assert(checkMode != RegistryKeyPermissionCheck.ReadSubTree, "We shouldn't allow writing value to read-only key!"); - BCLDebug.Assert(subKeyWritable == false, "subKeyWritable should be false (unused)"); - BCLDebug.Assert(subKeyCheck == RegistryKeyPermissionCheck.Default, "subKeyCheck should be Default (unused)"); - if( checkMode == RegistryKeyPermissionCheck.Default) { - demand = true; - GetSubTreeWritePermission(item, out access, out path); - } - } - break; - case RegistryInternalCheck.CheckSubTreeReadWritePermission: - if (remoteKey) { - CheckUnmanagedCodePermission(); - } - else { - BCLDebug.Assert(subKeyWritable == false, "subKeyWritable should be false (unused)"); - BCLDebug.Assert(subKeyCheck == RegistryKeyPermissionCheck.Default, "subKeyCheck should be Default (unused)"); - // If we want to open a subkey of a read-only key as writeable, we need to do the check. - demand = true; - GetSubTreeReadWritePermission(item, out access, out path); - } - break; - // - // Read/Write/Create Value Permission - // - case RegistryInternalCheck.CheckValueReadPermission: - ///*** no remoteKey check ***/// - BCLDebug.Assert(subKeyWritable == false, "subKeyWritable should be false (unused)"); - BCLDebug.Assert(subKeyCheck == RegistryKeyPermissionCheck.Default, "subKeyCheck should be Default (unused)"); - if( checkMode == RegistryKeyPermissionCheck.Default) { - // only need to check for default mode (dynamice check) - demand = true; - GetValueReadPermission(item, out access, out path); - } - break; - case RegistryInternalCheck.CheckValueWritePermission: - if (remoteKey) { - CheckUnmanagedCodePermission(); - } - else { - BCLDebug.Assert(checkMode != RegistryKeyPermissionCheck.ReadSubTree, "We shouldn't allow writing value to read-only key!"); - BCLDebug.Assert(subKeyWritable == false, "subKeyWritable should be false (unused)"); - BCLDebug.Assert(subKeyCheck == RegistryKeyPermissionCheck.Default, "subKeyCheck should be Default (unused)"); - // skip the security check if the key is opened under write mode - if( checkMode == RegistryKeyPermissionCheck.Default) { - demand = true; - GetValueWritePermission(item, out access, out path); - } - } - break; - case RegistryInternalCheck.CheckValueCreatePermission: - if (remoteKey) { - CheckUnmanagedCodePermission(); - } - else { - BCLDebug.Assert(checkMode != RegistryKeyPermissionCheck.ReadSubTree, "We shouldn't allow creating value under read-only key!"); - BCLDebug.Assert(subKeyWritable == false, "subKeyWritable should be false (unused)"); - BCLDebug.Assert(subKeyCheck == RegistryKeyPermissionCheck.Default, "subKeyCheck should be Default (unused)"); - // skip the security check if the key is opened under write mode - if( checkMode == RegistryKeyPermissionCheck.Default) { - demand = true; - GetValueCreatePermission(item, out access, out path); - } - } - break; - // - // CheckKeyReadPermission - // - case RegistryInternalCheck.CheckKeyReadPermission: - ///*** no remoteKey check ***/// - if( checkMode == RegistryKeyPermissionCheck.Default) { - BCLDebug.Assert(item == null, "CheckKeyReadPermission should never have a non-null item parameter!"); - BCLDebug.Assert(subKeyWritable == false, "subKeyWritable should be false (unused)"); - BCLDebug.Assert(subKeyCheck == RegistryKeyPermissionCheck.Default, "subKeyCheck should be Default (unused)"); - - // only need to check for default mode (dynamice check) - demand = true; - GetKeyReadPermission(out access, out path); - } - break; - // - // CheckSubTreePermission - // - case RegistryInternalCheck.CheckSubTreePermission: - BCLDebug.Assert(subKeyWritable == false, "subKeyWritable should be false (unused)"); - if( subKeyCheck == RegistryKeyPermissionCheck.ReadSubTree) { - if( checkMode == RegistryKeyPermissionCheck.Default) { - if( remoteKey) { - CheckUnmanagedCodePermission(); - } - else { - demand = true; - GetSubTreeReadPermission(item, out access, out path); - } - } - } - else if(subKeyCheck == RegistryKeyPermissionCheck.ReadWriteSubTree) { - if( checkMode != RegistryKeyPermissionCheck.ReadWriteSubTree) { - if( remoteKey) { - CheckUnmanagedCodePermission(); - } - else { - demand = true; - GetSubTreeReadWritePermission(item, out access, out path); - } - } - } - break; - - // - // CheckOpenSubKeyWithWritablePermission uses the 'subKeyWritable' parameter - // - case RegistryInternalCheck.CheckOpenSubKeyWithWritablePermission: - BCLDebug.Assert(subKeyCheck == RegistryKeyPermissionCheck.Default, "subKeyCheck should be Default (unused)"); - // If the parent key is not opened under default mode, we have access already. - // If the parent key is opened under default mode, we need to check for permission. - if(checkMode == RegistryKeyPermissionCheck.Default) { - if( remoteKey) { - CheckUnmanagedCodePermission(); - } - else { - demand = true; - GetSubKeyReadPermission(item, out access, out path); - } - break; - } - if( subKeyWritable && (checkMode == RegistryKeyPermissionCheck.ReadSubTree)) { - if( remoteKey) { - CheckUnmanagedCodePermission(); - } - else { - demand = true; - GetSubTreeReadWritePermission(item, out access, out path); - } - break; - } - break; - - // - // CheckOpenSubKeyPermission uses the 'subKeyCheck' parameter - // - case RegistryInternalCheck.CheckOpenSubKeyPermission: - BCLDebug.Assert(subKeyWritable == false, "subKeyWritable should be false (unused)"); - if(subKeyCheck == RegistryKeyPermissionCheck.Default) { - if( checkMode == RegistryKeyPermissionCheck.Default) { - if(remoteKey) { - CheckUnmanagedCodePermission(); - } - else { - demand = true; - GetSubKeyReadPermission(item, out access, out path); - } - } - } - break; - - default: - BCLDebug.Assert(false, "CheckPermission default switch case should never be hit!"); - break; - } - - if (demand) { - new RegistryPermission(access, path).Demand(); - } - } - - static private void CheckUnmanagedCodePermission() { -#pragma warning disable 618 - new SecurityPermission(SecurityPermissionFlag.UnmanagedCode).Demand(); -#pragma warning restore 618 + // TODO: Cleanup } private bool ContainsRegistryValue(string name) { diff --git a/src/mscorlib/src/System/Activator.cs b/src/mscorlib/src/System/Activator.cs index 67f525b..c6cfb16 100644 --- a/src/mscorlib/src/System/Activator.cs +++ b/src/mscorlib/src/System/Activator.cs @@ -258,7 +258,7 @@ namespace System { // Classic managed type assembly = RuntimeAssembly.InternalLoadAssemblyName( assemblyName, securityInfo, null, ref stackMark, - true /*thrownOnFileNotFound*/, false /*forIntrospection*/, false /*suppressSecurityChecks*/); + true /*thrownOnFileNotFound*/, false /*forIntrospection*/); } } diff --git a/src/mscorlib/src/System/AppDomain.cs b/src/mscorlib/src/System/AppDomain.cs index b7506cd..433bd79 100644 --- a/src/mscorlib/src/System/AppDomain.cs +++ b/src/mscorlib/src/System/AppDomain.cs @@ -22,7 +22,6 @@ namespace System using System.Security; using System.Security.Permissions; using System.Security.Policy; - using System.Security.Util; using System.Collections; using System.Collections.Generic; using System.Threading; @@ -159,7 +158,6 @@ namespace System if (Info==null) return null; AppDomainInitializer retVal=null; - new ReflectionPermission(ReflectionPermissionFlag.MemberAccess).Assert(); for (int i=0;i _LocalStore; + private Dictionary _LocalStore; private AppDomainSetup _FusionStore; private Evidence _SecurityIdentity; #pragma warning disable 169 @@ -423,9 +421,7 @@ namespace System { try { - new PermissionSet(PermissionState.Unrestricted).Assert(); _domainManager = CreateInstanceAndUnwrap(domainManagerAssembly, domainManagerType) as AppDomainManager; - CodeAccessPermission.RevertAssert(); } catch (FileNotFoundException e) { @@ -785,27 +781,22 @@ namespace System internal static extern void PublishAnonymouslyHostedDynamicMethodsAssembly(RuntimeAssembly assemblyHandle); public void SetData (string name, object data) { - SetDataHelper(name, data, null); - } - - private void SetDataHelper (string name, object data, IPermission permission) - { if (name == null) throw new ArgumentNullException(nameof(name)); Contract.EndContractBlock(); // SetData should only be used to set values that don't already exist. - object[] currentVal; + object currentVal; lock (((ICollection)LocalStore).SyncRoot) { LocalStore.TryGetValue(name, out currentVal); } - if (currentVal != null && currentVal[0] != null) + if (currentVal != null) { throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_SetData_OnlyOnce")); } lock (((ICollection)LocalStore).SyncRoot) { - LocalStore[name] = new object[] {data, permission}; + LocalStore[name] = data; } } @@ -823,17 +814,13 @@ namespace System return FusionStore.LoaderOptimization; else { - object[] data; + object data; lock (((ICollection)LocalStore).SyncRoot) { LocalStore.TryGetValue(name, out data); } if (data == null) return null; - if (data[1] != null) { - IPermission permission = (IPermission) data[1]; - permission.Demand(); - } - return data[0]; + return data; } } else { @@ -1060,13 +1047,13 @@ namespace System return null; } - private Dictionary LocalStore + private Dictionary LocalStore { get { if (_LocalStore != null) return _LocalStore; else { - _LocalStore = new Dictionary(); + _LocalStore = new Dictionary(); return _LocalStore; } } @@ -1246,11 +1233,11 @@ namespace System if(values == null) throw new ArgumentNullException(propertyNames[i]); - ad.SetDataHelper(propertyNames[i], NormalizeAppPaths(values), null); + ad.SetData(propertyNames[i], NormalizeAppPaths(values)); } else if(propertyNames[i]!= null) { - ad.SetDataHelper(propertyNames[i],propertyValues[i],null); // just propagate + ad.SetData(propertyNames[i],propertyValues[i]); // just propagate } } } @@ -1412,10 +1399,7 @@ namespace System { get { - PermissionSet grantSet = null; - GetGrantSet(GetNativeHandle(), JitHelpers.GetObjectHandleOnStack(ref grantSet)); - - return grantSet == null || grantSet.IsUnrestricted(); + return true; } } diff --git a/src/mscorlib/src/System/AppDomainSetup.cs b/src/mscorlib/src/System/AppDomainSetup.cs index eb4894e..92b8af9 100644 --- a/src/mscorlib/src/System/AppDomainSetup.cs +++ b/src/mscorlib/src/System/AppDomainSetup.cs @@ -548,7 +548,7 @@ namespace System internal ApplicationTrust InternalGetApplicationTrust() { if (_ApplicationTrust == null) return null; - ApplicationTrust grantSet = new ApplicationTrust(NamedPermissionSet.GetBuiltInSet(_ApplicationTrust)); + ApplicationTrust grantSet = new ApplicationTrust(); return grantSet; } diff --git a/src/mscorlib/src/System/DelegateSerializationHolder.cs b/src/mscorlib/src/System/DelegateSerializationHolder.cs index 83fe35a..b48910b 100644 --- a/src/mscorlib/src/System/DelegateSerializationHolder.cs +++ b/src/mscorlib/src/System/DelegateSerializationHolder.cs @@ -25,10 +25,7 @@ namespace System if (method == null) throw new ArgumentNullException(nameof(method)); Contract.EndContractBlock(); - - if (!method.IsPublic || (method.DeclaringType != null && !method.DeclaringType.IsVisible)) - new ReflectionPermission(ReflectionPermissionFlag.MemberAccess).Demand(); - + Type c = delegateType.BaseType; if (c == null || (c != typeof(Delegate) && c != typeof(MulticastDelegate))) @@ -231,9 +228,6 @@ namespace System else d = Delegate.CreateDelegate(type, targetType, de.methodName); } - - if ((d.Method != null && !d.Method.IsPublic) || (d.Method.DeclaringType != null && !d.Method.DeclaringType.IsVisible)) - new ReflectionPermission(ReflectionPermissionFlag.MemberAccess).Demand(); } catch (Exception e) { diff --git a/src/mscorlib/src/System/Diagnostics/Debugger.cs b/src/mscorlib/src/System/Diagnostics/Debugger.cs index 8ebbc0a..b738c01 100644 --- a/src/mscorlib/src/System/Diagnostics/Debugger.cs +++ b/src/mscorlib/src/System/Diagnostics/Debugger.cs @@ -34,42 +34,12 @@ namespace System.Diagnostics // debugger is launched. public static void Break() { - if (!Debugger.IsAttached) - { - // Try and demand UnmanagedCodePermission. This is done in a try block because if this - // fails we want to be able to silently eat the exception and just return so - // that the call to Break does not possibly cause an unhandled exception. - // The idea here is that partially trusted code shouldn't be able to launch a debugger - // without the user going through Watson. - try - { -#pragma warning disable 618 - new SecurityPermission(SecurityPermissionFlag.UnmanagedCode).Demand(); -#pragma warning restore 618 - } - - // If we enter this block, we do not have permission to break into the debugger - // and so we just return. - catch (SecurityException) - { - return; - } - } - // Causing a break is now allowed. BreakInternal(); } static void BreakCanThrow() { - if (!Debugger.IsAttached) - { -#pragma warning disable 618 - new SecurityPermission(SecurityPermissionFlag.UnmanagedCode).Demand(); -#pragma warning restore 618 - } - - // Causing a break is now allowed. BreakInternal(); } @@ -84,25 +54,6 @@ namespace System.Diagnostics if (Debugger.IsAttached) return (true); - // Try and demand UnmanagedCodePermission. This is done in a try block because if this - // fails we want to be able to silently eat the exception and just return so - // that the call to Break does not possibly cause an unhandled exception. - // The idea here is that partially trusted code shouldn't be able to launch a debugger - // without the user going through Watson. - try - { -#pragma warning disable 618 - new SecurityPermission(SecurityPermissionFlag.UnmanagedCode).Demand(); -#pragma warning restore 618 - } - - // If we enter this block, we do not have permission to break into the debugger - // and so we just return. - catch (SecurityException) - { - return (false); - } - // Causing the debugger to launch is now allowed. return (LaunchInternal()); } diff --git a/src/mscorlib/src/System/Diagnostics/Eventing/EventProvider.cs b/src/mscorlib/src/System/Diagnostics/Eventing/EventProvider.cs index 175f0f1..af8d9cf 100644 --- a/src/mscorlib/src/System/Diagnostics/Eventing/EventProvider.cs +++ b/src/mscorlib/src/System/Diagnostics/Eventing/EventProvider.cs @@ -559,7 +559,9 @@ namespace System.Diagnostics.Tracing string valueName = "ControllerData_Session_" + etwSessionId.ToString(CultureInfo.InvariantCulture); // we need to assert this permission for partial trust scenarios +#if !CORECLR (new RegistryPermission(RegistryPermissionAccess.Read, regKey)).Assert(); +#endif data = Microsoft.Win32.Registry.GetValue(regKey, valueName, null) as byte[]; if (data != null) { diff --git a/src/mscorlib/src/System/Diagnostics/Eventing/EventSource.cs b/src/mscorlib/src/System/Diagnostics/Eventing/EventSource.cs index 74bd6bb..dcf14d4 100644 --- a/src/mscorlib/src/System/Diagnostics/Eventing/EventSource.cs +++ b/src/mscorlib/src/System/Diagnostics/Eventing/EventSource.cs @@ -3803,7 +3803,9 @@ namespace System.Diagnostics.Tracing // RET // // If we find this pattern we return the XXX. Otherwise we return -1. +#if !CORECLR (new ReflectionPermission(ReflectionPermissionFlag.MemberAccess)).Assert(); +#endif byte[] instrs = method.GetMethodBody().GetILAsByteArray(); int retVal = -1; for (int idx = 0; idx < instrs.Length;) diff --git a/src/mscorlib/src/System/Diagnostics/Stackframe.cs b/src/mscorlib/src/System/Diagnostics/Stackframe.cs index bdfd1e0..cf13617 100644 --- a/src/mscorlib/src/System/Diagnostics/Stackframe.cs +++ b/src/mscorlib/src/System/Diagnostics/Stackframe.cs @@ -181,17 +181,6 @@ namespace System.Diagnostics { // public virtual String GetFileName() { - if (strFileName != null) - { - // This isn't really correct, but we don't have - // a permission that protects discovery of potentially - // local urls so we'll use this. - - FileIOPermission perm = new FileIOPermission( PermissionState.None ); - perm.AllFiles = FileIOPermissionAccess.PathDiscovery; - perm.Demand(); - } - return strFileName; } @@ -256,24 +245,6 @@ namespace System.Diagnostics { bool useFileName = (strFileName != null); - if (useFileName) - { - try - { - // This isn't really correct, but we don't have - // a permission that protects discovery of potentially - // local urls so we'll use this. - - FileIOPermission perm = new FileIOPermission(PermissionState.None); - perm.AllFiles = FileIOPermissionAccess.PathDiscovery; - perm.Demand(); - } - catch (System.Security.SecurityException) - { - useFileName = false; - } - } - if (!useFileName) sb.Append(""); else diff --git a/src/mscorlib/src/System/Environment.cs b/src/mscorlib/src/System/Environment.cs index 425087f..f71476e 100644 --- a/src/mscorlib/src/System/Environment.cs +++ b/src/mscorlib/src/System/Environment.cs @@ -373,7 +373,6 @@ namespace System { ==============================================================================*/ public static String[] GetCommandLineArgs() { - new EnvironmentPermission(EnvironmentPermissionAccess.Read, "Path").Demand(); /* * There are multiple entry points to a hosted app. * The host could use ::ExecuteAssembly() or ::CreateDelegate option @@ -448,7 +447,7 @@ namespace System { return block; } - + /*===================================NewLine==================================== **Action: A property which returns the appropriate newline string for the given ** platform. @@ -485,7 +484,6 @@ namespace System { } } - /*==================================OSVersion=================================== **Action: **Returns: @@ -554,7 +552,6 @@ namespace System { get { Contract.Ensures(Contract.Result() != null); - new EnvironmentPermission(PermissionState.Unrestricted).Demand(); return GetStackTrace(null, true); } } @@ -673,146 +670,6 @@ namespace System { return true; } } - - internal static string UnsafeGetFolderPath(SpecialFolder folder) - { - return InternalGetFolderPath(folder, SpecialFolderOption.None, suppressSecurityChecks: true); - } - - private static string InternalGetFolderPath(SpecialFolder folder, SpecialFolderOption option, bool suppressSecurityChecks = false) - { - // This is currently customized for Windows Phone since CoreSystem doesn't support - // SHGetFolderPath. The allowed folder values are based on the version of .NET CF WP7 was using. - switch (folder) - { - case SpecialFolder.System: - return SystemDirectory; - case SpecialFolder.ApplicationData: - case SpecialFolder.Favorites: - case SpecialFolder.Programs: - case SpecialFolder.StartMenu: - case SpecialFolder.Startup: - case SpecialFolder.Personal: - throw new PlatformNotSupportedException(); - default: - throw new PlatformNotSupportedException(); - } - } - - internal enum SpecialFolderOption { - None = 0, - Create = Win32Native.CSIDL_FLAG_CREATE, - DoNotVerify = Win32Native.CSIDL_FLAG_DONT_VERIFY, - } - -//////!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!//////// -//////!!!!!! Keep the following locations synchronized !!!!!!//////// -//////!!!!!! 1) ndp\clr\src\BCL\Microsoft\Win32\Win32Native.cs !!!!!!//////// -//////!!!!!! 2) ndp\clr\src\BCL\System\Environment.cs !!!!!!//////// -//////!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!//////// - [ComVisible(true)] - internal enum SpecialFolder { - // - // Represents the file system directory that serves as a common repository for - // application-specific data for the current, roaming user. - // A roaming user works on more than one computer on a network. A roaming user's - // profile is kept on a server on the network and is loaded onto a system when the - // user logs on. - // - ApplicationData = Win32Native.CSIDL_APPDATA, - // - // Represents the file system directory that serves as a common repository for application-specific data that - // is used by all users. - // - CommonApplicationData = Win32Native.CSIDL_COMMON_APPDATA, - // - // Represents the file system directory that serves as a common repository for application specific data that - // is used by the current, non-roaming user. - // - LocalApplicationData = Win32Native.CSIDL_LOCAL_APPDATA, - // - // Represents the file system directory that serves as a common repository for Internet - // cookies. - // - Cookies = Win32Native.CSIDL_COOKIES, - Desktop = Win32Native.CSIDL_DESKTOP, - // - // Represents the file system directory that serves as a common repository for the user's - // favorite items. - // - Favorites = Win32Native.CSIDL_FAVORITES, - // - // Represents the file system directory that serves as a common repository for Internet - // history items. - // - History = Win32Native.CSIDL_HISTORY, - // - // Represents the file system directory that serves as a common repository for temporary - // Internet files. - // - InternetCache = Win32Native.CSIDL_INTERNET_CACHE, - // - // Represents the file system directory that contains - // the user's program groups. - // - Programs = Win32Native.CSIDL_PROGRAMS, - MyComputer = Win32Native.CSIDL_DRIVES, - MyMusic = Win32Native.CSIDL_MYMUSIC, - MyPictures = Win32Native.CSIDL_MYPICTURES, - // "My Videos" folder - MyVideos = Win32Native.CSIDL_MYVIDEO, - // - // Represents the file system directory that contains the user's most recently used - // documents. - // - Recent = Win32Native.CSIDL_RECENT, - // - // Represents the file system directory that contains Send To menu items. - // - SendTo = Win32Native.CSIDL_SENDTO, - // - // Represents the file system directory that contains the Start menu items. - // - StartMenu = Win32Native.CSIDL_STARTMENU, - // - // Represents the file system directory that corresponds to the user's Startup program group. The system - // starts these programs whenever any user logs on to Windows NT, or - // starts Windows 95 or Windows 98. - // - Startup = Win32Native.CSIDL_STARTUP, - // - // System directory. - // - System = Win32Native.CSIDL_SYSTEM, - // - // Represents the file system directory that serves as a common repository for document - // templates. - // - Templates = Win32Native.CSIDL_TEMPLATES, - // - // Represents the file system directory used to physically store file objects on the desktop. - // This should not be confused with the desktop folder itself, which is - // a virtual folder. - // - DesktopDirectory = Win32Native.CSIDL_DESKTOPDIRECTORY, - // - // Represents the file system directory that serves as a common repository for documents. - // - Personal = Win32Native.CSIDL_PERSONAL, - // - // "MyDocuments" is a better name than "Personal" - // - MyDocuments = Win32Native.CSIDL_PERSONAL, - // - // Represents the program files folder. - // - ProgramFiles = Win32Native.CSIDL_PROGRAM_FILES, - // - // Represents the folder for components that are shared across applications. - // - CommonProgramFiles = Win32Native.CSIDL_PROGRAM_FILES_COMMON, - } - public static int CurrentManagedThreadId { [ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)] diff --git a/src/mscorlib/src/System/Exception.cs b/src/mscorlib/src/System/Exception.cs index eb513af..6608606 100644 --- a/src/mscorlib/src/System/Exception.cs +++ b/src/mscorlib/src/System/Exception.cs @@ -770,19 +770,6 @@ namespace System { // and create a corresponding CrossAppDomainMarshaledException internal virtual String InternalToString() { - try - { -#pragma warning disable 618 - SecurityPermission sp= new SecurityPermission(SecurityPermissionFlag.ControlEvidence | SecurityPermissionFlag.ControlPolicy); -#pragma warning restore 618 - sp.Assert(); - } - catch - { - //under normal conditions there should be no exceptions - //however if something wrong happens we still can call the usual ToString - } - // Get the current stack trace string. return ToString(true, true); } diff --git a/src/mscorlib/src/System/Globalization/JapaneseCalendar.cs b/src/mscorlib/src/System/Globalization/JapaneseCalendar.cs index aeb60be..86b6158 100644 --- a/src/mscorlib/src/System/Globalization/JapaneseCalendar.cs +++ b/src/mscorlib/src/System/Globalization/JapaneseCalendar.cs @@ -167,10 +167,6 @@ namespace System.Globalization { try { - // Need to access registry - PermissionSet permSet = new PermissionSet(PermissionState.None); - permSet.AddPermission(new RegistryPermission(RegistryPermissionAccess.Read, c_japaneseErasHivePermissionList)); - permSet.Assert(); RegistryKey key = Registry.LocalMachine.OpenSubKey(c_japaneseErasHive, writable: false); // Abort if we didn't find anything diff --git a/src/mscorlib/src/System/IO/PinnedBufferMemoryStream.cs b/src/mscorlib/src/System/IO/PinnedBufferMemoryStream.cs index 23c2902..2cbd14f 100644 --- a/src/mscorlib/src/System/IO/PinnedBufferMemoryStream.cs +++ b/src/mscorlib/src/System/IO/PinnedBufferMemoryStream.cs @@ -43,7 +43,7 @@ namespace System.IO { // Now the byte[] is pinned for the lifetime of this instance. // But I also need to get a pointer to that block of memory... fixed(byte* ptr = &_array[0]) - Initialize(ptr, len, len, FileAccess.Read, true); + Initialize(ptr, len, len, FileAccess.Read); } ~PinnedBufferMemoryStream() diff --git a/src/mscorlib/src/System/IO/UnmanagedMemoryStream.cs b/src/mscorlib/src/System/IO/UnmanagedMemoryStream.cs index 3a89dff..d5f315f 100644 --- a/src/mscorlib/src/System/IO/UnmanagedMemoryStream.cs +++ b/src/mscorlib/src/System/IO/UnmanagedMemoryStream.cs @@ -108,18 +108,14 @@ namespace System.IO { } public UnmanagedMemoryStream(SafeBuffer buffer, long offset, long length) { - Initialize(buffer, offset, length, FileAccess.Read, false); + Initialize(buffer, offset, length, FileAccess.Read); } public UnmanagedMemoryStream(SafeBuffer buffer, long offset, long length, FileAccess access) { - Initialize(buffer, offset, length, access, false); + Initialize(buffer, offset, length, access); } protected void Initialize(SafeBuffer buffer, long offset, long length, FileAccess access) { - Initialize(buffer, offset, length, access, false); - } - - internal void Initialize(SafeBuffer buffer, long offset, long length, FileAccess access, bool skipSecurityCheck) { if (buffer == null) { throw new ArgumentNullException(nameof(buffer)); } @@ -140,11 +136,6 @@ namespace System.IO { if (_isOpen) { throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_CalledTwice")); } - if (!skipSecurityCheck) { -#pragma warning disable 618 - new SecurityPermission(SecurityPermissionFlag.UnmanagedCode).Demand(); -#pragma warning restore 618 - } // check for wraparound unsafe { @@ -174,31 +165,18 @@ namespace System.IO { [CLSCompliant(false)] public unsafe UnmanagedMemoryStream(byte* pointer, long length) { - Initialize(pointer, length, length, FileAccess.Read, false); + Initialize(pointer, length, length, FileAccess.Read); } [CLSCompliant(false)] public unsafe UnmanagedMemoryStream(byte* pointer, long length, long capacity, FileAccess access) { - Initialize(pointer, length, capacity, access, false); - } - - // We must create one of these without doing a security check. This - // class is created while security is trying to start up. Plus, doing - // a Demand from Assembly.GetManifestResourceStream isn't useful. - internal unsafe UnmanagedMemoryStream(byte* pointer, long length, long capacity, FileAccess access, bool skipSecurityCheck) - { - Initialize(pointer, length, capacity, access, skipSecurityCheck); + Initialize(pointer, length, capacity, access); } [CLSCompliant(false)] protected unsafe void Initialize(byte* pointer, long length, long capacity, FileAccess access) { - Initialize(pointer, length, capacity, access, false); - } - - internal unsafe void Initialize(byte* pointer, long length, long capacity, FileAccess access, bool skipSecurityCheck) - { if (pointer == null) throw new ArgumentNullException(nameof(pointer)); if (length < 0 || capacity < 0) @@ -214,12 +192,6 @@ namespace System.IO { if (_isOpen) throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_CalledTwice")); - if (!skipSecurityCheck) { -#pragma warning disable 618 - new SecurityPermission(SecurityPermissionFlag.UnmanagedCode).Demand(); -#pragma warning restore 618 - } - _mem = pointer; _offset = 0; _length = length; diff --git a/src/mscorlib/src/System/Reflection/Assembly.cs b/src/mscorlib/src/System/Reflection/Assembly.cs index da94492..5378118 100644 --- a/src/mscorlib/src/System/Reflection/Assembly.cs +++ b/src/mscorlib/src/System/Reflection/Assembly.cs @@ -129,7 +129,6 @@ namespace System.Reflection null, // hashValue AssemblyHashAlgorithm.None, false,// forIntrospection); - false,// suppressSecurityChecks ref stackMark); } @@ -183,7 +182,7 @@ namespace System.Reflection assembly = RuntimeAssembly.InternalLoadAssemblyName( assemblyName, null, null, ref stackMark, - true /*thrownOnFileNotFound*/, false /*forIntrospection*/, false /*suppressSecurityChecks*/); + true /*thrownOnFileNotFound*/, false /*forIntrospection*/); } return assembly.GetType(typeName, true /*throwOnError*/, false /*ignoreCase*/); } @@ -215,7 +214,7 @@ namespace System.Reflection } StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller; - return RuntimeAssembly.InternalLoadAssemblyName(assemblyRef, null, null, ref stackMark, true /*thrownOnFileNotFound*/, false /*forIntrospection*/, false /*suppressSecurityChecks*/); + return RuntimeAssembly.InternalLoadAssemblyName(assemblyRef, null, null, ref stackMark, true /*thrownOnFileNotFound*/, false /*forIntrospection*/); } // Locate an assembly by its name. The name can be strong or @@ -232,7 +231,7 @@ namespace System.Reflection } StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller; - return RuntimeAssembly.InternalLoadAssemblyName(assemblyRef, null, null, ref stackMark, true /*thrownOnFileNotFound*/, false /*forIntrospection*/, false /*suppressSecurityChecks*/, ptrLoadContextBinder); + return RuntimeAssembly.InternalLoadAssemblyName(assemblyRef, null, null, ref stackMark, true /*thrownOnFileNotFound*/, false /*forIntrospection*/, ptrLoadContextBinder); } [Obsolete("This method has been deprecated. Please use Assembly.Load() instead. http://go.microsoft.com/fwlink/?linkid=14202")] @@ -866,7 +865,6 @@ namespace System.Reflection { get { String codeBase = GetCodeBase(false); - VerifyCodeBaseDiscovery(codeBase); return codeBase; } } @@ -884,7 +882,6 @@ namespace System.Reflection AssemblyName an = new AssemblyName(); String codeBase = GetCodeBase(copiedName); - VerifyCodeBaseDiscovery(codeBase); an.Init(GetSimpleName(), GetPublicKey(), @@ -1082,7 +1079,6 @@ namespace System.Reflection byte[] hashValue, AssemblyHashAlgorithm hashAlgorithm, bool forIntrospection, - bool suppressSecurityChecks, ref StackCrawlMark stackMark) { if (assemblyFile == null) @@ -1094,7 +1090,7 @@ namespace System.Reflection an.CodeBase = assemblyFile; an.SetHashControl(hashValue, hashAlgorithm); // The stack mark is used for MDA filtering - return InternalLoadAssemblyName(an, securityEvidence, null, ref stackMark, true /*thrownOnFileNotFound*/, forIntrospection, suppressSecurityChecks); + return InternalLoadAssemblyName(an, securityEvidence, null, ref stackMark, true /*thrownOnFileNotFound*/, forIntrospection); } // Wrapper function to wrap the typical use of InternalLoad. @@ -1123,7 +1119,7 @@ namespace System.Reflection return InternalLoadAssemblyName(an, assemblySecurity, null, ref stackMark, pPrivHostBinder, - true /*thrownOnFileNotFound*/, forIntrospection, false /* suppressSecurityChecks */); + true /*thrownOnFileNotFound*/, forIntrospection); } // Creates AssemblyName. Fills assembly if AssemblyResolve event has been raised. @@ -1159,10 +1155,9 @@ namespace System.Reflection ref StackCrawlMark stackMark, bool throwOnFileNotFound, bool forIntrospection, - bool suppressSecurityChecks, IntPtr ptrLoadContextBinder = default(IntPtr)) { - return InternalLoadAssemblyName(assemblyRef, assemblySecurity, reqAssembly, ref stackMark, IntPtr.Zero, true /*throwOnError*/, forIntrospection, suppressSecurityChecks, ptrLoadContextBinder); + return InternalLoadAssemblyName(assemblyRef, assemblySecurity, reqAssembly, ref stackMark, IntPtr.Zero, true /*throwOnError*/, forIntrospection, ptrLoadContextBinder); } internal static RuntimeAssembly InternalLoadAssemblyName( @@ -1173,7 +1168,6 @@ namespace System.Reflection IntPtr pPrivHostBinder, bool throwOnFileNotFound, bool forIntrospection, - bool suppressSecurityChecks, IntPtr ptrLoadContextBinder = default(IntPtr)) { @@ -1193,34 +1187,11 @@ namespace System.Reflection assemblyRef.ProcessorArchitecture = ProcessorArchitecture.None; } - if (assemblySecurity != null) - { - if (!suppressSecurityChecks) - { -#pragma warning disable 618 - new SecurityPermission(SecurityPermissionFlag.ControlEvidence).Demand(); -#pragma warning restore 618 - } - } - String codeBase = VerifyCodeBase(assemblyRef.CodeBase); - if (codeBase != null && !suppressSecurityChecks) - { - if (String.Compare( codeBase, 0, s_localFilePrefix, 0, 5, StringComparison.OrdinalIgnoreCase) != 0) - { - // Of all the binders, Fusion is the only one that understands Web locations - throw new ArgumentException(Environment.GetResourceString("Arg_InvalidFileName"), "assemblyRef.CodeBase"); - } - else - { - System.Security.Util.URLString urlString = new System.Security.Util.URLString( codeBase, true ); - new FileIOPermission( FileIOPermissionAccess.PathDiscovery | FileIOPermissionAccess.Read , urlString.GetFileName() ).Demand(); - } - } return nLoad(assemblyRef, codeBase, assemblySecurity, reqAssembly, ref stackMark, pPrivHostBinder, - throwOnFileNotFound, forIntrospection, suppressSecurityChecks, ptrLoadContextBinder); + throwOnFileNotFound, forIntrospection, ptrLoadContextBinder); } // These are the framework assemblies that does reflection invocation @@ -1268,11 +1239,11 @@ namespace System.Reflection IntPtr pPrivHostBinder, bool throwOnFileNotFound, bool forIntrospection, - bool suppressSecurityChecks, IntPtr ptrLoadContextBinder = default(IntPtr)) + IntPtr ptrLoadContextBinder = default(IntPtr)) { return _nLoad(fileName, codeBase, assemblySecurity, locationHint, ref stackMark, pPrivHostBinder, - throwOnFileNotFound, forIntrospection, suppressSecurityChecks, ptrLoadContextBinder); + throwOnFileNotFound, forIntrospection, true /* suppressSecurityChecks */, ptrLoadContextBinder); } [MethodImplAttribute(MethodImplOptions.InternalCall)] @@ -1394,9 +1365,6 @@ namespace System.Reflection GetLocation(GetNativeHandle(), JitHelpers.GetStringHandleOnStack(ref location)); - if (location != null) - new FileIOPermission( FileIOPermissionAccess.PathDiscovery, location ).Demand(); - return location; } } @@ -1503,7 +1471,7 @@ namespace System.Reflection if (length > Int64.MaxValue) throw new NotImplementedException(Environment.GetResourceString("NotImplemented_ResourcesLongerThan2^63")); - return new UnmanagedMemoryStream(pbInMemoryResource, (long)length, (long)length, FileAccess.Read, true); + return new UnmanagedMemoryStream(pbInMemoryResource, (long)length, (long)length, FileAccess.Read); } //Console.WriteLine("GetManifestResourceStream: Blob "+name+" not found..."); @@ -1551,15 +1519,6 @@ namespace System.Reflection } } - private void VerifyCodeBaseDiscovery(String codeBase) - { - if ((codeBase != null) && - (String.Compare( codeBase, 0, s_localFilePrefix, 0, 5, StringComparison.OrdinalIgnoreCase) == 0)) { - System.Security.Util.URLString urlString = new System.Security.Util.URLString( codeBase, true ); - new FileIOPermission( FileIOPermissionAccess.PathDiscovery, urlString.GetFileName() ).Demand(); - } - } - [DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode)] [SuppressUnmanagedCodeSecurity] private static extern void GetSimpleName(RuntimeAssembly assembly, StringHandleOnStack retSimpleName); @@ -1681,7 +1640,7 @@ namespace System.Reflection RuntimeAssembly retAssembly = nLoad(an, null, null, this, ref stackMark, IntPtr.Zero, - throwOnFileNotFound, false, false); + throwOnFileNotFound, false); if (retAssembly == this || (retAssembly == null && throwOnFileNotFound)) { diff --git a/src/mscorlib/src/System/Reflection/AssemblyName.cs b/src/mscorlib/src/System/Reflection/AssemblyName.cs index 93f8022..c20b8f0 100644 --- a/src/mscorlib/src/System/Reflection/AssemblyName.cs +++ b/src/mscorlib/src/System/Reflection/AssemblyName.cs @@ -189,7 +189,6 @@ namespace System.Reflection { // Assembly.GetNameInternal() will not demand path discovery // permission, so do that first. string fullPath = Path.GetFullPath(assemblyFile); - new FileIOPermission( FileIOPermissionAccess.PathDiscovery, fullPath ).Demand(); return nGetFileInformation(fullPath); } diff --git a/src/mscorlib/src/System/Reflection/ConstructorInfo.cs b/src/mscorlib/src/System/Reflection/ConstructorInfo.cs index 72115e9..8e6822e 100644 --- a/src/mscorlib/src/System/Reflection/ConstructorInfo.cs +++ b/src/mscorlib/src/System/Reflection/ConstructorInfo.cs @@ -512,11 +512,7 @@ namespace System.Reflection } return RuntimeMethodHandle.InvokeMethod(obj, null, sig, false); } - -#pragma warning disable 618 - [ReflectionPermission(SecurityAction.Demand, Flags = ReflectionPermissionFlag.MemberAccess)] -#pragma warning restore 618 public override MethodBody GetMethodBody() { MethodBody mb = RuntimeMethodHandle.GetMethodBody(this, ReflectedTypeInternal); diff --git a/src/mscorlib/src/System/Reflection/CustomAttribute.cs b/src/mscorlib/src/System/Reflection/CustomAttribute.cs index e568a17..91a4ef2 100644 --- a/src/mscorlib/src/System/Reflection/CustomAttribute.cs +++ b/src/mscorlib/src/System/Reflection/CustomAttribute.cs @@ -1106,24 +1106,6 @@ namespace System.Reflection #endregion } - // Note: This is a managed representation of a frame type defined in vm\frames.h; please ensure the layout remains - // synchronized. - [StructLayout(LayoutKind.Sequential)] - internal struct SecurityContextFrame - { - IntPtr m_GSCookie; // This is actually at a negative offset in the real frame definition - IntPtr __VFN_table; // This is the real start of the SecurityContextFrame - IntPtr m_Next; - IntPtr m_Assembly; - - [MethodImplAttribute(MethodImplOptions.InternalCall)] - public extern void Push(RuntimeAssembly assembly); - - [MethodImplAttribute(MethodImplOptions.InternalCall)] - [ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)] - public extern void Pop(); - } - [Serializable] [StructLayout(LayoutKind.Auto)] internal struct CustomAttributeType @@ -1621,16 +1603,6 @@ namespace System.Reflection object[] attributes = CreateAttributeArrayHelper(arrayType, car.Length); int cAttributes = 0; - // Custom attribute security checks are done with respect to the assembly *decorated* with the - // custom attribute as opposed to the *caller of GetCustomAttributes*. - // Since this assembly might not be on the stack and the attribute ctor or property setters we're about to invoke may - // make security demands, we push a frame on the stack as a proxy for the decorated assembly (this frame will be picked - // up an interpreted by the security stackwalker). - // Once we push the frame it will be automatically popped in the event of an exception, so no need to use CERs or the - // like. - SecurityContextFrame frame = new SecurityContextFrame(); - frame.Push(decoratedModule.GetRuntimeAssembly()); - // Optimization for the case where attributes decorate entities in the same assembly in which case // we can cache the successful APTCA check between the decorated and the declared assembly. Assembly lastAptcaOkAssembly = null; @@ -1780,10 +1752,6 @@ namespace System.Reflection attributes[cAttributes++] = attribute; } - // The frame will be popped automatically if we take an exception any time after we pushed it. So no need of a catch or - // finally or CERs here. - frame.Pop(); - if (cAttributes == car.Length && pcaCount == 0) return attributes; @@ -2069,9 +2037,8 @@ namespace System.Reflection #region Internal Static internal static bool IsSecurityAttribute(RuntimeType type) { -#pragma warning disable 618 - return type == (RuntimeType)typeof(SecurityAttribute) || type.IsSubclassOf(typeof(SecurityAttribute)); -#pragma warning restore 618 + // TODO: Cleanup + return false; } internal static Attribute[] GetCustomAttributes(RuntimeType type, RuntimeType caType, bool includeSecCa, out int count) diff --git a/src/mscorlib/src/System/Reflection/Emit/AssemblyBuilder.cs b/src/mscorlib/src/System/Reflection/Emit/AssemblyBuilder.cs index aed61f6..ecaf168 100644 --- a/src/mscorlib/src/System/Reflection/Emit/AssemblyBuilder.cs +++ b/src/mscorlib/src/System/Reflection/Emit/AssemblyBuilder.cs @@ -264,18 +264,6 @@ namespace System.Reflection.Emit // Clone the name in case the caller modifies it underneath us. name = (AssemblyName)name.Clone(); - // If the caller is trusted they can supply identity - // evidence for the new assembly. Otherwise we copy the - // current grant and deny sets from the caller's assembly, - // inject them into the new assembly and mark policy as - // resolved. If/when the assembly is persisted and - // reloaded, the normal rules for gathering evidence will - // be used. - if (evidence != null) -#pragma warning disable 618 - new SecurityPermission(SecurityPermissionFlag.ControlEvidence).Demand(); -#pragma warning restore 618 - // Scan the assembly level attributes for any attributes which modify how we create the // assembly. Currently, we look for any attribute which modifies the security transparency // of the assembly. @@ -522,12 +510,6 @@ namespace System.Reflection.Emit if (emitSymbolInfo) { writer = SymWrapperCore.SymWriter.CreateSymWriter(); - // Set the underlying writer for the managed writer - // that we're using. Note that this function requires - // unmanaged code access. -#pragma warning disable 618 - new SecurityPermission(SecurityPermissionFlag.UnmanagedCode).Assert(); -#pragma warning restore 618 String fileName = "Unused"; // this symfile is never written to disk so filename does not matter. diff --git a/src/mscorlib/src/System/Reflection/Emit/ModuleBuilder.cs b/src/mscorlib/src/System/Reflection/Emit/ModuleBuilder.cs index a7e06b2..0dc5ab8 100644 --- a/src/mscorlib/src/System/Reflection/Emit/ModuleBuilder.cs +++ b/src/mscorlib/src/System/Reflection/Emit/ModuleBuilder.cs @@ -764,11 +764,6 @@ namespace System.Reflection.Emit fullyQualifiedName = Path.Combine(ContainingAssemblyBuilder.m_assemblyData.m_strDir, fullyQualifiedName); fullyQualifiedName = Path.GetFullPath(fullyQualifiedName); } - - if (ContainingAssemblyBuilder.m_assemblyData.m_strDir != null && fullyQualifiedName != null) - { - new FileIOPermission( FileIOPermissionAccess.PathDiscovery, fullyQualifiedName ).Demand(); - } return fullyQualifiedName; } diff --git a/src/mscorlib/src/System/Reflection/MethodBase.cs b/src/mscorlib/src/System/Reflection/MethodBase.cs index e1fd1db..14a73c6 100644 --- a/src/mscorlib/src/System/Reflection/MethodBase.cs +++ b/src/mscorlib/src/System/Reflection/MethodBase.cs @@ -222,9 +222,6 @@ namespace System.Reflection } } -#pragma warning disable 618 - [ReflectionPermissionAttribute(SecurityAction.Demand, Flags=ReflectionPermissionFlag.MemberAccess)] -#pragma warning restore 618 public virtual MethodBody GetMethodBody() { throw new InvalidOperationException(); diff --git a/src/mscorlib/src/System/Reflection/Module.cs b/src/mscorlib/src/System/Reflection/Module.cs index c8e7ccb..ec75e38 100644 --- a/src/mscorlib/src/System/Reflection/Module.cs +++ b/src/mscorlib/src/System/Reflection/Module.cs @@ -1005,22 +1005,7 @@ namespace System.Reflection { get { - String fullyQualifiedName = GetFullyQualifiedName(); - - if (fullyQualifiedName != null) { - bool checkPermission = true; - try { - Path.GetFullPath(fullyQualifiedName); - } - catch(ArgumentException) { - checkPermission = false; - } - if (checkPermission) { - new FileIOPermission( FileIOPermissionAccess.PathDiscovery, fullyQualifiedName ).Demand(); - } - } - - return fullyQualifiedName; + return GetFullyQualifiedName(); } } diff --git a/src/mscorlib/src/System/Resources/FileBasedResourceGroveler.cs b/src/mscorlib/src/System/Resources/FileBasedResourceGroveler.cs index 76bf000..c5e9216 100644 --- a/src/mscorlib/src/System/Resources/FileBasedResourceGroveler.cs +++ b/src/mscorlib/src/System/Resources/FileBasedResourceGroveler.cs @@ -47,36 +47,28 @@ namespace System.Resources { ResourceSet rs = null; // Don't use Assembly manifest, but grovel on disk for a file. - try - { - new System.Security.Permissions.FileIOPermission(System.Security.Permissions.PermissionState.Unrestricted).Assert(); - // Create new ResourceSet, if a file exists on disk for it. - String tempFileName = _mediator.GetResourceFileName(culture); - fileName = FindResourceFile(culture, tempFileName); - if (fileName == null) + // Create new ResourceSet, if a file exists on disk for it. + String tempFileName = _mediator.GetResourceFileName(culture); + fileName = FindResourceFile(culture, tempFileName); + if (fileName == null) + { + if (tryParents) { - if (tryParents) + // If we've hit top of the Culture tree, return. + if (culture.HasInvariantCultureName) { - // If we've hit top of the Culture tree, return. - if (culture.HasInvariantCultureName) - { - // We really don't think this should happen - we always - // expect the neutral locale's resources to be present. - throw new MissingManifestResourceException(Environment.GetResourceString("MissingManifestResource_NoNeutralDisk") + Environment.NewLine + "baseName: " + _mediator.BaseNameField + " locationInfo: " + (_mediator.LocationInfo == null ? "" : _mediator.LocationInfo.FullName) + " fileName: " + _mediator.GetResourceFileName(culture)); - } + // We really don't think this should happen - we always + // expect the neutral locale's resources to be present. + throw new MissingManifestResourceException(Environment.GetResourceString("MissingManifestResource_NoNeutralDisk") + Environment.NewLine + "baseName: " + _mediator.BaseNameField + " locationInfo: " + (_mediator.LocationInfo == null ? "" : _mediator.LocationInfo.FullName) + " fileName: " + _mediator.GetResourceFileName(culture)); } } - else - { - rs = CreateResourceSet(fileName); - } - return rs; } - finally + else { - System.Security.CodeAccessPermission.RevertAssert(); + rs = CreateResourceSet(fileName); } + return rs; } // Given a CultureInfo, it generates the path &; file name for diff --git a/src/mscorlib/src/System/Resources/ResourceReader.cs b/src/mscorlib/src/System/Resources/ResourceReader.cs index c520112..aaccea7 100644 --- a/src/mscorlib/src/System/Resources/ResourceReader.cs +++ b/src/mscorlib/src/System/Resources/ResourceReader.cs @@ -707,7 +707,7 @@ namespace System.Resources { // For the case that we've memory mapped in the .resources // file, just return a Stream pointing to that block of memory. unsafe { - return new UnmanagedMemoryStream(_ums.PositionPointer, len, len, FileAccess.Read, true); + return new UnmanagedMemoryStream(_ums.PositionPointer, len, len, FileAccess.Read); } } diff --git a/src/mscorlib/src/System/RtType.cs b/src/mscorlib/src/System/RtType.cs index cbf7ebf..147e3e3 100644 --- a/src/mscorlib/src/System/RtType.cs +++ b/src/mscorlib/src/System/RtType.cs @@ -4755,33 +4755,6 @@ namespace System throw new MissingMethodException(Environment.GetResourceString("MissingConstructor_Name", FullName)); } - // If we're creating a delegate, we're about to call a - // constructor taking an integer to represent a target - // method. Since this is very difficult (and expensive) - // to verify, we're just going to demand UnmanagedCode - // permission before allowing this. Partially trusted - // clients can instead use Delegate.CreateDelegate, - // which allows specification of the target method via - // name or MethodInfo. - //if (isDelegate) - if (RuntimeType.DelegateType.IsAssignableFrom(invokeMethod.DeclaringType)) - { - // In CoreCLR, CAS is not exposed externally. So what we really are looking - // for is to see if the external caller of this API is transparent or not. - // We get that information from the fact that a Demand will succeed only if - // the external caller is not transparent. - try - { -#pragma warning disable 618 - new SecurityPermission(SecurityPermissionFlag.UnmanagedCode).Demand(); -#pragma warning restore 618 - } - catch - { - throw new NotSupportedException(String.Format(CultureInfo.CurrentCulture, Environment.GetResourceString("NotSupported_DelegateCreationFromPT"))); - } - } - if (invokeMethod.GetParametersNoCopy().Length == 0) { if (args.Length != 0) @@ -4839,17 +4812,8 @@ namespace System readonly ActivatorCacheEntry[] cache = new ActivatorCacheEntry[CACHE_SIZE]; volatile ConstructorInfo delegateCtorInfo; - volatile PermissionSet delegateCreatePermissions; private void InitializeDelegateCreator() { - // No synchronization needed here. In the worst case we create extra garbage - PermissionSet ps = new PermissionSet(PermissionState.None); - ps.AddPermission(new ReflectionPermission(ReflectionPermissionFlag.MemberAccess)); -#pragma warning disable 618 - ps.AddPermission(new SecurityPermission(SecurityPermissionFlag.UnmanagedCode)); -#pragma warning restore 618 - delegateCreatePermissions = ps; - ConstructorInfo ctorInfo = typeof(CtorDelegate).GetConstructor(new Type[] {typeof(Object), typeof(IntPtr)}); delegateCtorInfo = ctorInfo; // this assignment should be last } @@ -4862,7 +4826,6 @@ namespace System if (delegateCtorInfo == null) InitializeDelegateCreator(); - delegateCreatePermissions.Assert(); // No synchronization needed here. In the worst case we create extra garbage CtorDelegate ctor = (CtorDelegate)delegateCtorInfo.Invoke(new Object[] { null, RuntimeMethodHandle.GetFunctionPointer(ace.m_hCtorMethodHandle) }); diff --git a/src/mscorlib/src/System/Security/AccessControl/Enums.cs b/src/mscorlib/src/System/Security/AccessControl/Enums.cs deleted file mode 100644 index 0a66ec0..0000000 --- a/src/mscorlib/src/System/Security/AccessControl/Enums.cs +++ /dev/null @@ -1,13 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -using System.Runtime.InteropServices; - -namespace System.Security.AccessControl -{ - [Flags] - internal enum AccessControlActions { - None = 0 - } -} diff --git a/src/mscorlib/src/System/Security/CodeAccessPermission.cs b/src/mscorlib/src/System/Security/CodeAccessPermission.cs deleted file mode 100644 index 3dbcb33..0000000 --- a/src/mscorlib/src/System/Security/CodeAccessPermission.cs +++ /dev/null @@ -1,155 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -namespace System.Security -{ - using System.IO; - using System.Threading; - using System.Security; - using System.Security.Util; - using System.Security.Permissions; - using System.Runtime.CompilerServices; - using System.Collections; - using System.Text; - using System; - using System.Diagnostics; - using System.Diagnostics.Contracts; - using IUnrestrictedPermission = System.Security.Permissions.IUnrestrictedPermission; - - [Serializable] - [System.Runtime.InteropServices.ComVisible(true)] - internal abstract class CodeAccessPermission - : IPermission - { - // Static methods for manipulation of stack - [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable - public static void RevertAssert() - { - StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller; - SecurityRuntime.RevertAssert(ref stackMark); - } - - // - // Standard implementation of IPermission methods for - // code-access permissions. - // - - // Mark this method as requiring a security object on the caller's frame - // so the caller won't be inlined (which would mess up stack crawling). - [DynamicSecurityMethodAttribute()] - [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable - public void Demand() - { - if (!this.CheckDemand( null )) - { - StackCrawlMark stackMark = StackCrawlMark.LookForMyCallersCaller; - CodeAccessSecurityEngine.Check(this, ref stackMark); - } - } - - // Metadata for this method should be flaged with REQ_SQ so that - // EE can allocate space on the stack frame for FrameSecurityDescriptor - - [DynamicSecurityMethodAttribute()] - [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable - public void Assert() - { - StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller; - CodeAccessSecurityEngine.Assert(this, ref stackMark); - } - - // IPermission interfaces - - // We provide a default implementation of Union here. - // Any permission that doesn't provide its own representation - // of Union will get this one and trigger CompoundPermission - // We can take care of simple cases here... - - public virtual IPermission Union(IPermission other) { - // The other guy could be null - if (other == null) return(this.Copy()); - - // otherwise we don't support it. - throw new NotSupportedException(Environment.GetResourceString( "NotSupported_SecurityPermissionUnion" )); - } - - // - // HELPERS FOR IMPLEMENTING ABSTRACT METHODS - // - - // - // Protected helper - // - - internal bool VerifyType(IPermission perm) - { - // if perm is null, then obviously not of the same type - if ((perm == null) || (perm.GetType() != this.GetType())) { - return(false); - } else { - return(true); - } - } - - // The IPermission Interface - public abstract IPermission Copy(); - public abstract IPermission Intersect(IPermission target); - public abstract bool IsSubsetOf(IPermission target); - - [System.Runtime.InteropServices.ComVisible(false)] - public override bool Equals(Object obj) - { - IPermission perm = obj as IPermission; - if(obj != null && perm == null) - return false; - try { - if(!this.IsSubsetOf(perm)) - return false; - if(perm != null && !perm.IsSubsetOf(this)) - return false; - } - catch (ArgumentException) - { - // Any argument exception implies inequality - // Note that we require a try/catch block here because we have to deal with - // custom permissions that may throw exceptions indiscriminately. - return false; - } - return true; - } - - [System.Runtime.InteropServices.ComVisible(false)] - public override int GetHashCode() - { - // This implementation is only to silence a compiler warning. - return base.GetHashCode(); - } - - - internal bool CheckDemand(CodeAccessPermission grant) - { - Debug.Assert( grant == null || grant.GetType().Equals( this.GetType() ), "CheckDemand not defined for permissions of different type" ); - return IsSubsetOf( grant ); - } - - internal bool CheckPermitOnly(CodeAccessPermission permitted) - { - Debug.Assert( permitted == null || permitted.GetType().Equals( this.GetType() ), "CheckPermitOnly not defined for permissions of different type" ); - return IsSubsetOf( permitted ); - } - - internal bool CheckDeny(CodeAccessPermission denied) - { - Debug.Assert( denied == null || denied.GetType().Equals( this.GetType() ), "CheckDeny not defined for permissions of different type" ); - IPermission intersectPerm = Intersect(denied); - return (intersectPerm == null || intersectPerm.IsSubsetOf(null)); - } - - internal bool CheckAssert(CodeAccessPermission asserted) - { - Debug.Assert( asserted == null || asserted.GetType().Equals( this.GetType() ), "CheckPermitOnly not defined for permissions of different type" ); - return IsSubsetOf( asserted ); - } - } -} diff --git a/src/mscorlib/src/System/Security/CodeAccessSecurityEngine.cs b/src/mscorlib/src/System/Security/CodeAccessSecurityEngine.cs deleted file mode 100644 index 1dd339b..0000000 --- a/src/mscorlib/src/System/Security/CodeAccessSecurityEngine.cs +++ /dev/null @@ -1,335 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -// - -namespace System.Security { - using System; - using System.Threading; - using System.Security.Util; - using System.Collections; - using System.Runtime.CompilerServices; - using System.Security.Permissions; - using System.Reflection; - using System.Globalization; - using System.Security.Policy; - using System.Runtime.Versioning; - using System.Diagnostics; - using System.Diagnostics.Contracts; - - // Used in DemandInternal, to remember the result of previous demands - // KEEP IN SYNC WITH DEFINITIONS IN SECURITYPOLICY.H - [Serializable] - internal enum PermissionType - { - // special flags - SecurityUnmngdCodeAccess = 0, - SecuritySkipVerification = 1, - ReflectionTypeInfo = 2, - SecurityAssert = 3, - ReflectionMemberAccess = 4, - SecuritySerialization = 5, - ReflectionRestrictedMemberAccess = 6, - FullTrust = 7, - SecurityBindingRedirects = 8, - - // special permissions - UIPermission = 9, - EnvironmentPermission = 10, - FileDialogPermission = 11, - FileIOPermission = 12, - ReflectionPermission = 13, - SecurityPermission = 14, - - // additional special flags - SecurityControlEvidence = 16, - SecurityControlPrincipal = 17 - } - - internal static class CodeAccessSecurityEngine - { - - internal static SecurityPermission AssertPermission; - internal static PermissionToken AssertPermissionToken; - - [System.Diagnostics.Conditional( "_DEBUG" )] - private static void DEBUG_OUT( String str ) - { -#if _DEBUG - if (debug) - Console.WriteLine( str ); -#endif - } - -#if _DEBUG - private static bool debug = false; - private const String file = "d:\\foo\\debug.txt"; -#endif - - // static default constructor. This will be called before any of the static members are accessed. - static CodeAccessSecurityEngine() - { -#pragma warning disable 618 - AssertPermission = new SecurityPermission(SecurityPermissionFlag.Assertion); -#pragma warning restore 618 - AssertPermissionToken = PermissionToken.GetToken(AssertPermission); - } - -#pragma warning disable 618 - private static void ThrowSecurityException(RuntimeAssembly asm, PermissionSet granted, PermissionSet refused, RuntimeMethodHandleInternal rmh, SecurityAction action, Object demand, IPermission permThatFailed) -#pragma warning restore 618 - { - AssemblyName asmName = null; - Evidence asmEvidence = null; - if (asm != null) - { - // Assert here because reflection will check grants and if we fail the check, - // there will be an infinite recursion that overflows the stack. - PermissionSet.s_fullTrust.Assert(); - asmName = asm.GetName(); - } - throw SecurityException.MakeSecurityException(asmName, asmEvidence, granted, refused, rmh, action, demand, permThatFailed); - } - -#pragma warning disable 618 - private static void ThrowSecurityException(Object assemblyOrString, PermissionSet granted, PermissionSet refused, RuntimeMethodHandleInternal rmh, SecurityAction action, Object demand, IPermission permThatFailed) -#pragma warning restore 618 - { - Debug.Assert((assemblyOrString == null || assemblyOrString is RuntimeAssembly || assemblyOrString is String), "Must pass in an Assembly object or String object here"); - - if (assemblyOrString == null || assemblyOrString is RuntimeAssembly) - ThrowSecurityException((RuntimeAssembly)assemblyOrString, granted, refused, rmh, action, demand, permThatFailed); - else - { - AssemblyName asmName = new AssemblyName((String)assemblyOrString); - throw SecurityException.MakeSecurityException(asmName, null, granted, refused, rmh, action, demand, permThatFailed); - } - } - -#pragma warning disable 618 - internal static void CheckSetHelper(Object notUsed, - PermissionSet grants, - PermissionSet refused, - PermissionSet demands, - RuntimeMethodHandleInternal rmh, - RuntimeAssembly asm, - SecurityAction action) -#pragma warning restore 618 - { - // To reduce the amount of ifdef-code-churn, a dummy arg is used for the first parameter - instead of a CompressedStack object, - // we use a System.Object that should always be null. If we tried to change the signature of the function, there will need to be - // corresponding changes in VM (metasig.h, mscorlib.h, securitystackwalk.cpp, number of elements in the arg array, etc.) - Debug.Assert(notUsed == null, "Should not reach here with a non-null first arg which is the CompressedStack"); - - CheckSetHelper(grants, refused, demands, rmh, (Object)asm, action, true); - } - - -#pragma warning disable 618 - internal static bool CheckSetHelper(PermissionSet grants, - PermissionSet refused, - PermissionSet demands, - RuntimeMethodHandleInternal rmh, - Object assemblyOrString, - SecurityAction action, - bool throwException) -#pragma warning restore 618 - { - Debug.Assert(demands != null, "Should not reach here with a null demand set"); - - IPermission permThatFailed = null; - if (grants != null) - grants.CheckDecoded(demands); - if (refused != null) - refused.CheckDecoded(demands); - - bool bThreadSecurity = SecurityManager._SetThreadSecurity(false); - - try - { - - // Check grant set - if (!demands.CheckDemand(grants, out permThatFailed)) - { - if (throwException) - ThrowSecurityException(assemblyOrString, grants, refused, rmh, action, demands, permThatFailed); - else - return false; - } - - // Check refused set - if (!demands.CheckDeny(refused, out permThatFailed)) - { - if (throwException) - ThrowSecurityException(assemblyOrString, grants, refused, rmh, action, demands, permThatFailed); - else - return false; - } - } - catch (SecurityException) - { - throw; - } - catch (Exception) - { - // Any exception besides a security exception in this code means that - // a permission was unable to properly handle what we asked of it. - // We will define this to mean that the demand failed. - if (throwException) - ThrowSecurityException(assemblyOrString, grants, refused, rmh, action, demands, permThatFailed); - else - return false; - } - finally - { - if (bThreadSecurity) - SecurityManager._SetThreadSecurity(true); - } - return true; - } -#pragma warning disable 618 - internal static void CheckHelper(Object notUsed, - PermissionSet grantedSet, - PermissionSet refusedSet, - CodeAccessPermission demand, - PermissionToken permToken, - RuntimeMethodHandleInternal rmh, - RuntimeAssembly asm, - SecurityAction action) -#pragma warning restore 618 - { - // To reduce the amount of ifdef-code-churn, a dummy arg is used for the first parameter - instead of a CompressedStack object, - // we use a System.Object that should always be null. If we tried to change the signature of the function, there will need to be - // corresponding changes in VM (metasig.h, mscorlib.h, securitystackwalk.cpp, number of elements in the arg array, etc.) - Debug.Assert(notUsed == null, "Should not reach here with a non-null first arg which is the CompressedStack"); - CheckHelper(grantedSet, refusedSet, demand, permToken, rmh, (Object)asm, action, true); - } -#pragma warning disable 618 - internal static bool CheckHelper(PermissionSet grantedSet, - PermissionSet refusedSet, - CodeAccessPermission demand, - PermissionToken permToken, - RuntimeMethodHandleInternal rmh, - Object assemblyOrString, - SecurityAction action, - bool throwException) -#pragma warning restore 618 - { - // We should never get here with a null demand - Debug.Assert(demand != null, "Should not reach here with a null demand"); - - if (permToken == null) - permToken = PermissionToken.GetToken(demand); - - if (grantedSet != null) - grantedSet.CheckDecoded(permToken.m_index); - if (refusedSet != null) - refusedSet.CheckDecoded(permToken.m_index); - - // If PermissionSet is null, then module does not have Permissions... Fail check. - - bool bThreadSecurity = SecurityManager._SetThreadSecurity(false); - - try - { - if (grantedSet == null) - { - if (throwException) - ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand); - else - return false; - } - - else if (!grantedSet.IsUnrestricted()) - { - // If we aren't unrestricted, there is a refused set, or our permission is not of the unrestricted - // variety, we need to do the proper callback. - - Debug.Assert(demand != null,"demand != null"); - - // Find the permission of matching type in the permission set. - - CodeAccessPermission grantedPerm = - (CodeAccessPermission)grantedSet.GetPermission(permToken); - - // Make sure the demand has been granted - if (!demand.CheckDemand( grantedPerm )) - { - if (throwException) - ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand); - else - return false; - } - } - - // Make the sure the permission is not refused. - - if (refusedSet != null) - { - CodeAccessPermission refusedPerm = - (CodeAccessPermission)refusedSet.GetPermission(permToken); - if (refusedPerm != null) - { - if (!refusedPerm.CheckDeny(demand)) - { - #if _DEBUG - if (debug) - DEBUG_OUT( "Permission found in refused set" ); - #endif - if (throwException) - ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand); - else - return false; - - } - } - - if (refusedSet.IsUnrestricted()) - { - if (throwException) - ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand); - else - return false; - } - } - } - catch (SecurityException) - { - throw; - } - catch (Exception) - { - // Any exception besides a security exception in this code means that - // a permission was unable to properly handle what we asked of it. - // We will define this to mean that the demand failed. - if (throwException) - ThrowSecurityException(assemblyOrString, grantedSet, refusedSet, rmh, action, demand, demand); - else - return false; - } - finally - { - if (bThreadSecurity) - SecurityManager._SetThreadSecurity(true); - } - - DEBUG_OUT( "Check passed" ); - return true; - } - - internal static void Check(CodeAccessPermission cap, ref StackCrawlMark stackMark) - { - } - - - internal static void Check(PermissionSet permSet, ref StackCrawlMark stackMark) - { - } - - internal static void Assert(CodeAccessPermission cap, ref StackCrawlMark stackMark) - { - } - - } -} diff --git a/src/mscorlib/src/System/Security/FrameSecurityDescriptor.cs b/src/mscorlib/src/System/Security/FrameSecurityDescriptor.cs deleted file mode 100644 index bf544a5..0000000 --- a/src/mscorlib/src/System/Security/FrameSecurityDescriptor.cs +++ /dev/null @@ -1,351 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -namespace System.Security { - using System.Text; - using System.Runtime.CompilerServices; - using System.Threading; - using System; - using System.Collections; - using System.Security.Permissions; - using System.Globalization; - using System.Runtime.ConstrainedExecution; - using System.Runtime.Versioning; - using System.Diagnostics; - using System.Diagnostics.Contracts; -#if !FEATURE_PAL - using Microsoft.Win32.SafeHandles; -#endif - //FrameSecurityDescriptor.cs - // - // Internal use only. - // DO NOT DOCUMENT - // - - [Serializable] - internal class FrameSecurityDescriptor - { - - /* EE has native FrameSecurityDescriptorObject definition in object.h - Make sure to update that structure as well, if you make any changes here. - */ - private PermissionSet m_assertions; // imperative asserts - private PermissionSet m_denials; // imperative denials - private PermissionSet m_restriction; // imperative permitonlys - private PermissionSet m_DeclarativeAssertions; - private PermissionSet m_DeclarativeDenials; - private PermissionSet m_DeclarativeRestrictions; - - private bool m_AssertFT; - private bool m_assertAllPossible; -#pragma warning disable 169 - private bool m_declSecComputed; // set from the VM to indicate that the declarative A/PO/D on this frame has been populated - - - // Default constructor. - internal FrameSecurityDescriptor() - { - //m_flags = 0; - } - - internal PermissionSet GetAssertions(bool fDeclarative) - { - return (fDeclarative) ? m_DeclarativeAssertions : m_assertions; - } - - internal bool GetAssertAllPossible() - { - return m_assertAllPossible; - } - - internal PermissionSet GetDenials(bool fDeclarative) - { - return (fDeclarative) ? m_DeclarativeDenials: m_denials; - } - - internal PermissionSet GetPermitOnly(bool fDeclarative) - { - - return (fDeclarative) ? m_DeclarativeRestrictions : m_restriction; - } - - - //-----------------------------------------------------------+ - // Demand Evaluation - //-----------------------------------------------------------+ - - - // This will get called when we hit a FSD while evaluating a demand on the call stack or compressedstack - internal bool CheckDemand(CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandleInternal rmh) - { - // imperative security - bool fContinue = CheckDemand2(demand, permToken, rmh, false); - if (fContinue == SecurityRuntime.StackContinue) - { - // declarative security - fContinue = CheckDemand2(demand, permToken, rmh, true); - } - return fContinue; - } - - internal bool CheckDemand2(CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandleInternal rmh, bool fDeclarative) - { - PermissionSet permSet; - - // If the demand is null, there is no need to continue - Debug.Assert(demand != null && !demand.CheckDemand(null), "Empty demands should have been filtered out by this point"); - - // decode imperative - if (GetPermitOnly(fDeclarative) != null) - GetPermitOnly(fDeclarative).CheckDecoded(demand, permToken); - - if (GetDenials(fDeclarative) != null) - GetDenials(fDeclarative).CheckDecoded(demand, permToken); - - if (GetAssertions(fDeclarative) != null) - GetAssertions(fDeclarative).CheckDecoded(demand, permToken); - - // NOTE: See notes about exceptions and exception handling in FrameDescSetHelper - - bool bThreadSecurity = SecurityManager._SetThreadSecurity(false); - - // Check Reduction - - try - { - permSet = GetPermitOnly(fDeclarative); - if (permSet != null) - { - CodeAccessPermission perm = (CodeAccessPermission)permSet.GetPermission(demand); - - // If the permit only set does not contain the demanded permission, throw a security exception - if (perm == null) - { - if (!permSet.IsUnrestricted()) - throw new SecurityException(String.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), null, permSet, SecurityRuntime.GetMethodInfo(rmh), demand, demand); - } - else - { - bool bNeedToThrow = true; - - try - { - bNeedToThrow = !demand.CheckPermitOnly(perm); - } - catch (ArgumentException) - { - } - - if (bNeedToThrow) - throw new SecurityException(String.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), null, permSet, SecurityRuntime.GetMethodInfo(rmh), demand, demand); - } - } - - // Check Denials - - permSet = GetDenials(fDeclarative); - if (permSet != null) - { - CodeAccessPermission perm = (CodeAccessPermission)permSet.GetPermission(demand); - - // If an unrestricted set was denied and the demand implements IUnrestricted - if (permSet.IsUnrestricted()) - throw new SecurityException(String.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), permSet, null, SecurityRuntime.GetMethodInfo(rmh), demand, demand); - - // If the deny set does contain the demanded permission, throw a security exception - bool bNeedToThrow = true; - try - { - bNeedToThrow = !demand.CheckDeny(perm); - } - catch (ArgumentException) - { - } - if (bNeedToThrow) - throw new SecurityException(String.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"), demand.GetType().AssemblyQualifiedName), permSet, null, SecurityRuntime.GetMethodInfo(rmh), demand, demand); - } - - if (GetAssertAllPossible()) - { - return SecurityRuntime.StackHalt; - } - - permSet = GetAssertions(fDeclarative); - // Check Assertions - if (permSet != null) - { - - CodeAccessPermission perm = (CodeAccessPermission)permSet.GetPermission(demand); - - // If the assert set does contain the demanded permission, halt the stackwalk - - try - { - if (permSet.IsUnrestricted() || demand.CheckAssert(perm)) - { - return SecurityRuntime.StackHalt; - } - } - catch (ArgumentException) - { - } - } - - } - finally - { - if (bThreadSecurity) - SecurityManager._SetThreadSecurity(true); - } - - return SecurityRuntime.StackContinue; - } - - internal bool CheckSetDemand(PermissionSet demandSet, - out PermissionSet alteredDemandSet, - RuntimeMethodHandleInternal rmh) - { - // imperative security - PermissionSet altPset1 = null, altPset2 = null; - bool fContinue = CheckSetDemand2(demandSet, out altPset1, rmh, false); - if (altPset1 != null) - { - demandSet = altPset1; - } - - if (fContinue == SecurityRuntime.StackContinue) - { - // declarative security - fContinue = CheckSetDemand2(demandSet, out altPset2, rmh, true); - } - // Return the most recent altered set - // If both declarative and imperative asserts modified the demand set: return altPset2 - // Else if imperative asserts modified the demand set: return altPset1 - // else no alteration: return null - if (altPset2 != null) - alteredDemandSet = altPset2; - else if (altPset1 != null) - alteredDemandSet = altPset1; - else - alteredDemandSet = null; - - return fContinue; - } - - internal bool CheckSetDemand2(PermissionSet demandSet, - out PermissionSet alteredDemandSet, - RuntimeMethodHandleInternal rmh, bool fDeclarative) - { - PermissionSet permSet; - - // In the common case we are not going to alter the demand set, so just to - // be safe we'll set it to null up front. - alteredDemandSet = null; - - // There's some oddness in here to deal with exceptions. The general idea behind - // this is that we need some way of dealing with custom permissions that may not - // handle all possible scenarios of Union(), Intersect(), and IsSubsetOf() properly - // (they don't support it, throw null reference exceptions, etc.). - - // An empty demand always succeeds. - if (demandSet == null || demandSet.IsEmpty()) - return SecurityRuntime.StackHalt; - - if (GetPermitOnly(fDeclarative) != null) - GetPermitOnly(fDeclarative).CheckDecoded( demandSet ); - if (GetDenials(fDeclarative) != null) - GetDenials(fDeclarative).CheckDecoded( demandSet ); - if (GetAssertions(fDeclarative) != null) - GetAssertions(fDeclarative).CheckDecoded( demandSet ); - - - bool bThreadSecurity = SecurityManager._SetThreadSecurity(false); - - try - { - // In the case of permit only, we define an exception to be failure of the check - // and therefore we throw a security exception. - - permSet = GetPermitOnly(fDeclarative); - if (permSet != null) - { - IPermission permFailed = null; - bool bNeedToThrow = true; - - try - { - bNeedToThrow = !demandSet.CheckPermitOnly(permSet, out permFailed); - } - catch (ArgumentException) - { - } - if (bNeedToThrow) - throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"), null, permSet, SecurityRuntime.GetMethodInfo(rmh), demandSet, permFailed); - } - - // In the case of denial, we define an exception to be failure of the check - // and therefore we throw a security exception. - - permSet = GetDenials(fDeclarative); - - - if (permSet != null) - { - IPermission permFailed = null; - - bool bNeedToThrow = true; - - try - { - bNeedToThrow = !demandSet.CheckDeny(permSet, out permFailed); - } - catch (ArgumentException) - { - } - - if (bNeedToThrow) - throw new SecurityException(Environment.GetResourceString("Security_GenericNoType"), permSet, null, SecurityRuntime.GetMethodInfo(rmh), demandSet, permFailed); - } - - // The assert case is more complex. Since asserts have the ability to "bleed through" - // (where part of a demand is handled by an assertion, but the rest is passed on to - // continue the stackwalk), we need to be more careful in handling the "failure" case. - // Therefore, if an exception is thrown in performing any operation, we make sure to keep - // that permission in the demand set thereby continuing the demand for that permission - // walking down the stack. - - if (GetAssertAllPossible()) - { - return SecurityRuntime.StackHalt; - } - - permSet = GetAssertions(fDeclarative); - if (permSet != null) - { - // If this frame asserts a superset of the demand set we're done - - if (demandSet.CheckAssertion( permSet )) - return SecurityRuntime.StackHalt; - - // Determine whether any of the demand set asserted. We do this by - // copying the demand set and removing anything in it that is asserted. - - if (!permSet.IsUnrestricted()) - { - PermissionSet.RemoveAssertedPermissionSet(demandSet, permSet, out alteredDemandSet); - } - } - - } - finally - { - if (bThreadSecurity) - SecurityManager._SetThreadSecurity(true); - } - - return SecurityRuntime.StackContinue; - } - } - -} diff --git a/src/mscorlib/src/System/Security/IPermission.cs b/src/mscorlib/src/System/Security/IPermission.cs deleted file mode 100644 index cb86699..0000000 --- a/src/mscorlib/src/System/Security/IPermission.cs +++ /dev/null @@ -1,84 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -// -// -// Defines the interface that all Permission objects must support. -// - -namespace System.Security -{ - -[System.Runtime.InteropServices.ComVisible(true)] - internal interface IPermission - { - // NOTE: The constants that used to be defined here were moved to - // PermissionsEnum.cs due to CLS restrictions. - - // The integrity of the security system depends on a means to - // copy objects so that references to sensitive objects are not - // exposed outside of the runtime. Thus, all permissions must - // implement Copy. - // - // Makes an exact copy of the Permission. - IPermission Copy(); - - /* - * Methods to support the Installation, Registration, others... PolicyEngine - */ - - // Policy decisions and runtime mechanisms (for example, Deny) - // require a means to retrieve shared state between two - // permissions. If there is no shared state between two - // instances, then the method should return null. - // - // Could think of the method as GetCommonState, - // but leave it as Intersect to avoid gratuitous name changes. - // - // Returns a new permission with the permission-defined intersection - // of the two permissions. The intersection is generally defined as - // privilege parameters that are included by both 'this' and 'target'. - // Returns null if 'target' is null or is of wrong type. - // - IPermission Intersect(IPermission target); - - // The runtime policy manager also requires a means of combining the - // state contained within two permissions of the same type in a logical OR - // construct. (The Union of two permission of different type is not defined, - // except when one of the two is a CompoundPermission of internal type equal - // to the type of the other permission.) - // - - IPermission Union(IPermission target); - - // IsSubsetOf defines a standard mechanism for determining - // relative safety between two permission demands of the same type. - // If one demand x demands no more than some other demand y, then - // x.IsSubsetOf(y) should return true. In this case, if the - // demand for y is satisfied, then it is possible to assume that - // the demand for x would also be satisfied under the same - // circumstances. On the other hand, if x demands something that y - // does not, then x.IsSubsetOf(y) should return false; the fact - // that x is satisfied by the current security context does not - // also imply that the demand for y will also be satisfied. - // - // Returns true if 'this' Permission allows no more access than the - // argument. - // - bool IsSubsetOf(IPermission target); - - // The Demand method is the fundamental part of the IPermission - // interface from a component developer's perspective. The - // permission represents the demand that the developer wants - // satisfied, and Demand is the means to invoke the demand. - // For each type of permission, the mechanism to verify the - // demand will be different. However, to the developer, all - // permissions invoke that mechanism through the Demand interface. - // Mark this method as requiring a security object on the caller's frame - // so the caller won't be inlined (which would mess up stack crawling). - [DynamicSecurityMethodAttribute()] - void Demand(); - - } -} diff --git a/src/mscorlib/src/System/Security/NamedPermissionSet.cs b/src/mscorlib/src/System/Security/NamedPermissionSet.cs deleted file mode 100644 index b139302..0000000 --- a/src/mscorlib/src/System/Security/NamedPermissionSet.cs +++ /dev/null @@ -1,75 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -// -// -// Extends PermissionSet to allow an associated name and description -// - -namespace System.Security -{ - using System; - using System.Security.Permissions; - - [Serializable] - [System.Runtime.InteropServices.ComVisible(true)] - internal sealed class NamedPermissionSet : PermissionSet - { - internal static PermissionSet GetBuiltInSet(string name) - { - // Used by PermissionSetAttribute to create one of the built-in, - // immutable permission sets. - if (name == null) - return null; - else if (name.Equals("FullTrust")) - return CreateFullTrustSet(); - else if (name.Equals("Nothing")) - return CreateNothingSet(); - else if (name.Equals("Execution")) - return CreateExecutionSet(); - else if (name.Equals("SkipVerification")) - return CreateSkipVerificationSet(); - else if (name.Equals("Internet")) - return CreateInternetSet(); - else - return null; - } - - private static PermissionSet CreateFullTrustSet() { - return new PermissionSet(PermissionState.Unrestricted); - } - - private static PermissionSet CreateNothingSet() { - return new PermissionSet(PermissionState.None); - } - - private static PermissionSet CreateExecutionSet() { - PermissionSet permSet = new PermissionSet(PermissionState.None); -#pragma warning disable 618 - permSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); -#pragma warning restore 618 - return permSet; - } - - private static PermissionSet CreateSkipVerificationSet() { - PermissionSet permSet = new PermissionSet(PermissionState.None); -#pragma warning disable 618 - permSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.SkipVerification)); -#pragma warning restore 618 - return permSet; - } - - private static PermissionSet CreateInternetSet() { - PermissionSet permSet = new PermissionSet(PermissionState.None); - permSet.AddPermission(new FileDialogPermission(FileDialogPermissionAccess.Open)); -#pragma warning disable 618 - permSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution)); -#pragma warning restore 618 - permSet.AddPermission(new UIPermission(UIPermissionWindow.SafeTopLevelWindows, UIPermissionClipboard.OwnClipboard)); - return permSet; - - - } - } -} diff --git a/src/mscorlib/src/System/Security/PermissionListSet.cs b/src/mscorlib/src/System/Security/PermissionListSet.cs deleted file mode 100644 index e699608..0000000 --- a/src/mscorlib/src/System/Security/PermissionListSet.cs +++ /dev/null @@ -1,79 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -/*============================================================================= -** -** -** -** -** -** Purpose: Holds state about A/G/R permissionsets in a callstack or appdomain -** (Replacement for PermissionListSet) -** -=============================================================================*/ - -namespace System.Security -{ - using System.Globalization; - using System.Reflection; - using System.Runtime.InteropServices; - using System.Security; - using System.Security.Permissions; - using System.Threading; - using System.Collections; - using System.Collections.Generic; - using System.Diagnostics; - using System.Diagnostics.Contracts; - - [Serializable] - sealed internal class PermissionListSet - { - // Only internal (public) methods are creation methods and demand evaluation methods. - // Scroll down to the end to see them. - private PermissionSetTriple m_firstPermSetTriple; - private ArrayList m_permSetTriples; - - internal PermissionListSet() {} - private void Update(PermissionSetTriple currentTriple, PermissionSet in_g, PermissionSet in_r) - { - currentTriple.UpdateGrant(in_g); - currentTriple.UpdateRefused(in_r); - } - - // Called from the VM for HG CS construction - private void Update(PermissionSet in_g) - { - if (m_firstPermSetTriple == null) - m_firstPermSetTriple = new PermissionSetTriple(); - Update(m_firstPermSetTriple, in_g, null); - } - - // Private Demand evaluation functions - only called from the VM - internal bool CheckDemandNoThrow(CodeAccessPermission demand) - { - // AppDomain permissions - no asserts. So there should only be one triple to work with - Debug.Assert(m_permSetTriples == null && m_firstPermSetTriple != null, "More than one PermissionSetTriple encountered in AD PermissionListSet"); - - - - PermissionToken permToken = null; - if (demand != null) - permToken = PermissionToken.GetToken(demand); - - return m_firstPermSetTriple.CheckDemandNoThrow(demand, permToken); - - - } - internal bool CheckSetDemandNoThrow(PermissionSet pSet) - { - // AppDomain permissions - no asserts. So there should only be one triple to work with - Debug.Assert(m_permSetTriples == null && m_firstPermSetTriple != null, "More than one PermissionSetTriple encountered in AD PermissionListSet"); - - - return m_firstPermSetTriple.CheckSetDemandNoThrow(pSet); - } - - } - -} diff --git a/src/mscorlib/src/System/Security/PermissionSet.cs b/src/mscorlib/src/System/Security/PermissionSet.cs deleted file mode 100644 index f729722..0000000 --- a/src/mscorlib/src/System/Security/PermissionSet.cs +++ /dev/null @@ -1,1259 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -// - -namespace System.Security { - using System; - using System.Threading; - using System.Security.Util; - using System.Collections; - using System.IO; - using System.Security.Permissions; - using System.Runtime.CompilerServices; - using System.Security.Policy; - using BindingFlags = System.Reflection.BindingFlags; - using System.Runtime.Serialization; - using System.Text; - using System.Globalization; - using System.Runtime.Versioning; - using System.Diagnostics; - using System.Diagnostics.Contracts; - - [System.Runtime.InteropServices.ComVisible(true)] - internal class PermissionSet : ICollection - { -#if _DEBUG - internal static readonly bool debug; -#endif - - [System.Diagnostics.Conditional( "_DEBUG" )] - private static void DEBUG_WRITE(String str) { - #if _DEBUG - if (debug) Console.WriteLine(str); - #endif - } - - // These members are accessed from EE using their hardcoded offset. - // Please update the PermissionSetObject in object.h if you make any changes - // to the fields here. !dumpobj will show the field layout - - // First the fields that are serialized x-appdomain (for perf reasons) - private bool m_Unrestricted; - [OptionalField(VersionAdded = 2)] - private bool m_allPermissionsDecoded = false; - - [OptionalField(VersionAdded = 2)] - internal TokenBasedSet m_permSet = null; - - // This is a workaround so that SQL can operate under default policy without actually - // granting permissions in assemblies that they disallow. - - [OptionalField(VersionAdded = 2)] - private bool m_ignoreTypeLoadFailures = false; - - // This field will be populated only for non X-AD scenarios where we create a XML-ised string of the PermissionSet - [OptionalField(VersionAdded = 2)] - private String m_serializedPermissionSet; - - [NonSerialized] private bool m_CheckedForNonCas; - [NonSerialized] private bool m_ContainsCas; - [NonSerialized] private bool m_ContainsNonCas; - - // only used during non X-AD serialization to save the m_permSet value (which we dont want serialized) - [NonSerialized] private TokenBasedSet m_permSetSaved; - - // Following 4 fields are used only for serialization compat purposes: DO NOT USE THESE EVER! -#pragma warning disable 169 - private bool readableonly; - private TokenBasedSet m_unrestrictedPermSet; - private TokenBasedSet m_normalPermSet; - - [OptionalField(VersionAdded = 2)] - private bool m_canUnrestrictedOverride; -#pragma warning restore 169 - // END: Serialization-only fields - - internal static readonly PermissionSet s_fullTrust = new PermissionSet( true ); - -#if _DEBUG - [OnSerialized] - private void OnSerialized(StreamingContext context) - { - Debug.Assert(false, "PermissionSet does not support serialization on CoreCLR"); - } -#endif // _DEBUG - - internal PermissionSet() - { - Reset(); - m_Unrestricted = true; - } - - internal PermissionSet(bool fUnrestricted) - : this() - { - SetUnrestricted(fUnrestricted); - } - - public PermissionSet(PermissionState state) - : this() - { - if (state == PermissionState.Unrestricted) - { - SetUnrestricted( true ); - } - else if (state == PermissionState.None) - { - SetUnrestricted( false ); - } - else - { - throw new ArgumentException(Environment.GetResourceString("Argument_InvalidPermissionState")); - } - } - - public PermissionSet(PermissionSet permSet) - : this() - { - if (permSet == null) - { - Reset(); - return; - } - - m_Unrestricted = permSet.m_Unrestricted; - m_CheckedForNonCas = permSet.m_CheckedForNonCas; - m_ContainsCas = permSet.m_ContainsCas; - m_ContainsNonCas = permSet.m_ContainsNonCas; - m_ignoreTypeLoadFailures = permSet.m_ignoreTypeLoadFailures; - - if (permSet.m_permSet != null) - { - m_permSet = new TokenBasedSet(permSet.m_permSet); - - // now deep copy all permissions in set - for (int i = m_permSet.GetStartingIndex(); i <= m_permSet.GetMaxUsedIndex(); i++) - { - Object obj = m_permSet.GetItem(i); - IPermission perm = obj as IPermission; - - if (perm != null) - { - m_permSet.SetItem(i, perm.Copy()); - } - } - } - } - - public virtual void CopyTo(Array array, int index) - { - if (array == null) - throw new ArgumentNullException( nameof(array) ); - Contract.EndContractBlock(); - - PermissionSetEnumeratorInternal enumerator = new PermissionSetEnumeratorInternal(this); - - while (enumerator.MoveNext()) - { - array.SetValue(enumerator.Current , index++ ); - } - } - - - // Returns an object appropriate for synchronizing access to this - // Array. - public virtual Object SyncRoot - { get { return this; } } - - // Is this Array synchronized (i.e., thread-safe)? If you want a synchronized - // collection, you can use SyncRoot as an object to synchronize your - // collection with. You could also call GetSynchronized() - // to get a synchronized wrapper around the Array. - public virtual bool IsSynchronized - { get { return false; } } - - // Is this Collection ReadOnly? - public virtual bool IsReadOnly - { get {return false; } } - - // Reinitializes all state in PermissionSet - DO NOT null-out m_serializedPermissionSet - internal void Reset() - { - m_Unrestricted = false; - m_allPermissionsDecoded = true; - m_permSet = null; - - m_ignoreTypeLoadFailures = false; - - m_CheckedForNonCas = false; - m_ContainsCas = false; - m_ContainsNonCas = false; - m_permSetSaved = null; - - - } - - internal void CheckSet() - { - if (this.m_permSet == null) - this.m_permSet = new TokenBasedSet(); - } - - public bool IsEmpty() - { - if (m_Unrestricted) - return false; - - if (m_permSet == null || m_permSet.FastIsEmpty()) - return true; - - PermissionSetEnumeratorInternal enumerator = new PermissionSetEnumeratorInternal(this); - - while (enumerator.MoveNext()) - { - IPermission perm = (IPermission)enumerator.Current; - - if (!perm.IsSubsetOf( null )) - { - return false; - } - } - - return true; - } - - internal bool FastIsEmpty() - { - if (m_Unrestricted) - return false; - - if (m_permSet == null || m_permSet.FastIsEmpty()) - return true; - - return false; - } - - public virtual int Count - { - get - { - int count = 0; - - if (m_permSet != null) - count += m_permSet.GetCount(); - - return count; - } - } - - internal IPermission GetPermission(int index) - { - if (m_permSet == null) - return null; - Object obj = m_permSet.GetItem( index ); - if (obj == null) - return null; - return obj as IPermission; - } - - internal IPermission GetPermission(PermissionToken permToken) - { - if (permToken == null) - return null; - - return GetPermission( permToken.m_index ); - } - - internal IPermission GetPermission( IPermission perm ) - { - if (perm == null) - return null; - - return GetPermission(PermissionToken.GetToken( perm )); - } - - public IPermission SetPermission(IPermission perm) - { - return SetPermissionImpl(perm); - } - - // SetPermission overwrites a permission in a permissionset. - protected virtual IPermission SetPermissionImpl(IPermission perm) - { - // can't get token if perm is null - if (perm == null) - return null; - - PermissionToken permToken = PermissionToken.GetToken(perm); - - if ((permToken.m_type & PermissionTokenType.IUnrestricted) != 0) - { - // SetPermission Makes the Permission "Restricted" - m_Unrestricted = false; - } - - CheckSet(); - - IPermission currPerm = GetPermission( permToken.m_index ); - - m_CheckedForNonCas = false; - - // Should we copy here? - m_permSet.SetItem( permToken.m_index, perm ); - return perm; - } - - public IPermission AddPermission(IPermission perm) - { - return AddPermissionImpl(perm); - } - - protected virtual IPermission AddPermissionImpl(IPermission perm) - { - // can't get token if perm is null - if (perm == null) - return null; - - m_CheckedForNonCas = false; - - // If the permission set is unrestricted, then return an unrestricted instance - // of perm. - - PermissionToken permToken = PermissionToken.GetToken(perm); - - if (this.IsUnrestricted() && ((permToken.m_type & PermissionTokenType.IUnrestricted) != 0)) - { - Type perm_type = perm.GetType(); - Object[] objs = new Object[1]; - objs[0] = PermissionState.Unrestricted; - return (IPermission) Activator.CreateInstance(perm_type, BindingFlags.Instance | BindingFlags.Static | BindingFlags.Public, null, objs, null ); - } - - CheckSet(); - IPermission currPerm = GetPermission(permToken.m_index); - - // If a Permission exists in this slot, then union it with perm - // Otherwise, just add perm. - - if (currPerm != null) { - IPermission ip_union = currPerm.Union(perm); - m_permSet.SetItem( permToken.m_index, ip_union ); - return ip_union; - } else { - // Should we copy here? - m_permSet.SetItem( permToken.m_index, perm ); - return perm; - } - - } - - private IPermission RemovePermission( int index ) - { - IPermission perm = GetPermission(index); - if (perm == null) - return null; - return (IPermission)m_permSet.RemoveItem( index ); // this cast is safe because the call to GetPermission will guarantee it is an IPermission - } - - // Make this internal soon. - internal void SetUnrestricted(bool unrestricted) - { - m_Unrestricted = unrestricted; - if (unrestricted) - { - // if this is to be an unrestricted permset, null the m_permSet member - m_permSet = null; - } - } - - public bool IsUnrestricted() - { - return m_Unrestricted; - } - - internal enum IsSubsetOfType - { - Normal, - CheckDemand, - CheckPermitOnly, - CheckAssertion, - } - - internal bool IsSubsetOfHelper(PermissionSet target, IsSubsetOfType type, out IPermission firstPermThatFailed, bool ignoreNonCas) - { - #if _DEBUG - if (debug) - DEBUG_WRITE("IsSubsetOf\n" + - "Other:\n" + - (target == null ? "" : target.ToString()) + - "\nMe:\n" + - ToString()); - #endif - - firstPermThatFailed = null; - if (target == null || target.FastIsEmpty()) - { - if(this.IsEmpty()) - return true; - else - { - firstPermThatFailed = GetFirstPerm(); - return false; - } - } - else if (this.IsUnrestricted() && !target.IsUnrestricted()) - return false; - else if (this.m_permSet == null) - return true; - else - { - target.CheckSet(); - - for (int i = m_permSet.GetStartingIndex(); i <= this.m_permSet.GetMaxUsedIndex(); ++i) - { - IPermission thisPerm = this.GetPermission(i); - if (thisPerm == null || thisPerm.IsSubsetOf(null)) - continue; - - IPermission targetPerm = target.GetPermission(i); -#if _DEBUG - PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i ); - Debug.Assert(targetPerm == null || (token.m_type & PermissionTokenType.DontKnow) == 0, "Token not properly initialized"); -#endif - - if (target.m_Unrestricted) - continue; - - // targetPerm can be null here, but that is fine since it thisPerm is a subset - // of empty/null then we can continue in the loop. - CodeAccessPermission cap = thisPerm as CodeAccessPermission; - if(cap == null) - { - if (!ignoreNonCas && !thisPerm.IsSubsetOf( targetPerm )) - { - firstPermThatFailed = thisPerm; - return false; - } - } - else - { - firstPermThatFailed = thisPerm; - switch(type) - { - case IsSubsetOfType.Normal: - if (!thisPerm.IsSubsetOf( targetPerm )) - return false; - break; - case IsSubsetOfType.CheckDemand: - if (!cap.CheckDemand( (CodeAccessPermission)targetPerm )) - return false; - break; - case IsSubsetOfType.CheckPermitOnly: - if (!cap.CheckPermitOnly( (CodeAccessPermission)targetPerm )) - return false; - break; - case IsSubsetOfType.CheckAssertion: - if (!cap.CheckAssert( (CodeAccessPermission)targetPerm )) - return false; - break; - } - firstPermThatFailed = null; - } - } - } - - return true; - } - - internal bool CheckDemand(PermissionSet target, out IPermission firstPermThatFailed) - { - return IsSubsetOfHelper(target, IsSubsetOfType.CheckDemand, out firstPermThatFailed, true); - } - - internal bool CheckPermitOnly(PermissionSet target, out IPermission firstPermThatFailed) - { - return IsSubsetOfHelper(target, IsSubsetOfType.CheckPermitOnly, out firstPermThatFailed, true); - } - - internal bool CheckAssertion(PermissionSet target) - { - IPermission perm; - return IsSubsetOfHelper(target, IsSubsetOfType.CheckAssertion, out perm, true); - } - - internal bool CheckDeny(PermissionSet deniedSet, out IPermission firstPermThatFailed) - { - firstPermThatFailed = null; - if (deniedSet == null || deniedSet.FastIsEmpty() || this.FastIsEmpty()) - return true; - - if(this.m_Unrestricted && deniedSet.m_Unrestricted) - return false; - - CodeAccessPermission permThis, permThat; - PermissionSetEnumeratorInternal enumThis = new PermissionSetEnumeratorInternal(this); - - while (enumThis.MoveNext()) - { - permThis = enumThis.Current as CodeAccessPermission; - if(permThis == null || permThis.IsSubsetOf(null)) - continue; // ignore non-CAS permissions in the grant set. - if (deniedSet.m_Unrestricted) - { - firstPermThatFailed = permThis; - return false; - } - permThat = (CodeAccessPermission)deniedSet.GetPermission(enumThis.GetCurrentIndex()); - if (!permThis.CheckDeny(permThat)) - { - firstPermThatFailed = permThis; - return false; - } - } - if(this.m_Unrestricted) - { - PermissionSetEnumeratorInternal enumThat = new PermissionSetEnumeratorInternal(deniedSet); - while (enumThat.MoveNext()) - { - if(enumThat.Current is IPermission) - return false; - } - } - return true; - } - - internal void CheckDecoded( CodeAccessPermission demandedPerm, PermissionToken tokenDemandedPerm ) - { - Debug.Assert( demandedPerm != null, "Expected non-null value" ); - - if (this.m_allPermissionsDecoded || this.m_permSet == null) - return; - - if (tokenDemandedPerm == null) - tokenDemandedPerm = PermissionToken.GetToken( demandedPerm ); - - Debug.Assert( tokenDemandedPerm != null, "Unable to find token for demanded permission" ); - - CheckDecoded( tokenDemandedPerm.m_index ); - } - - internal void CheckDecoded( int index ) - { - if (this.m_allPermissionsDecoded || this.m_permSet == null) - return; - - GetPermission(index); - } - - internal void CheckDecoded(PermissionSet demandedSet) - { - Debug.Assert(demandedSet != null, "Expected non-null value"); - - if (this.m_allPermissionsDecoded || this.m_permSet == null) - return; - - PermissionSetEnumeratorInternal enumerator = demandedSet.GetEnumeratorInternal(); - - while (enumerator.MoveNext()) - { - CheckDecoded(enumerator.GetCurrentIndex()); - } - } - - internal void InplaceIntersect( PermissionSet other ) - { - Exception savedException = null; - - m_CheckedForNonCas = false; - - if (this == other) - return; - - if (other == null || other.FastIsEmpty()) - { - // If the other is empty or null, make this empty. - Reset(); - return; - } - - if (this.FastIsEmpty()) - return; - - int maxMax = this.m_permSet == null ? -1 : this.m_permSet.GetMaxUsedIndex(); - int otherMax = other.m_permSet == null ? -1 : other.m_permSet.GetMaxUsedIndex(); - - if (this.IsUnrestricted() && maxMax < otherMax) - { - maxMax = otherMax; - this.CheckSet(); - } - - if (other.IsUnrestricted()) - { - other.CheckSet(); - } - - for (int i = 0; i <= maxMax; ++i) - { - Object thisObj = this.m_permSet.GetItem( i ); - IPermission thisPerm = thisObj as IPermission; - - Object otherObj = other.m_permSet.GetItem( i ); - IPermission otherPerm = otherObj as IPermission; - - if (thisObj == null && otherObj == null) - continue; - - if (thisObj == null) - { - // There is no object in , so intersection is empty except for IUnrestrictedPermissions - if (this.IsUnrestricted()) - { - { - PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i ); - if ((token.m_type & PermissionTokenType.IUnrestricted) != 0) - { - this.m_permSet.SetItem( i, otherPerm.Copy() ); - Debug.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" ); - } - } - } - } - else if (otherObj == null) - { - if (other.IsUnrestricted()) - { - { - PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i ); - if ((token.m_type & PermissionTokenType.IUnrestricted) == 0) - this.m_permSet.SetItem( i, null ); - } - } - else - { - this.m_permSet.SetItem( i, null ); - } - } - else - { - try - { - IPermission intersectPerm; - if (thisPerm == null) - intersectPerm = otherPerm; - else if(otherPerm == null) - intersectPerm = thisPerm; - else - intersectPerm = thisPerm.Intersect( otherPerm ); - this.m_permSet.SetItem( i, intersectPerm ); - } - catch (Exception e) - { - if (savedException == null) - savedException = e; - } - } - } - - this.m_Unrestricted = this.m_Unrestricted && other.m_Unrestricted; - - if (savedException != null) - throw savedException; - } - - internal void InplaceUnion( PermissionSet other ) - { - // Unions the "other" PermissionSet into this one. It can be optimized to do less copies than - // need be done by the traditional union (and we don't have to create a new PermissionSet). - - if (this == other) - return; - - // Quick out conditions, union doesn't change this PermissionSet - if (other == null || other.FastIsEmpty()) - return; - - m_CheckedForNonCas = false; - - this.m_Unrestricted = this.m_Unrestricted || other.m_Unrestricted; - - if (this.m_Unrestricted) - { - // if the result of Union is unrestricted permset, null the m_permSet member - this.m_permSet = null; - return; - } - - - // If we reach here, result of Union is not unrestricted - // We have to union "normal" permission no matter what now. - int maxMax = -1; - if (other.m_permSet != null) - { - maxMax = other.m_permSet.GetMaxUsedIndex(); - this.CheckSet(); - } - // Save exceptions until the end - Exception savedException = null; - - for (int i = 0; i <= maxMax; ++i) - { - Object thisObj = this.m_permSet.GetItem( i ); - IPermission thisPerm = thisObj as IPermission; - - Object otherObj = other.m_permSet.GetItem( i ); - IPermission otherPerm = otherObj as IPermission; - - if (thisObj == null && otherObj == null) - continue; - - if (thisObj == null) - { - if (otherPerm != null) - { - PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i ); - if (((token.m_type & PermissionTokenType.IUnrestricted) == 0) || !this.m_Unrestricted) - { - this.m_permSet.SetItem( i, otherPerm.Copy() ); - } - } - } - else if (otherObj == null) - { - continue; - } - else - { - try - { - IPermission unionPerm; - if(thisPerm == null) - unionPerm = otherPerm; - else if(otherPerm == null) - unionPerm = thisPerm; - else - unionPerm = thisPerm.Union( otherPerm ); - this.m_permSet.SetItem( i, unionPerm ); - } - catch (Exception e) - { - if (savedException == null) - savedException = e; - } - } - } - - if (savedException != null) - throw savedException; - } - - public PermissionSet Union(PermissionSet other) - { - // if other is null or empty, return a clone of myself - if (other == null || other.FastIsEmpty()) - { - return this.Copy(); - } - - if (this.FastIsEmpty()) - { - return other.Copy(); - } - - int maxMax = -1; - - PermissionSet pset = new PermissionSet(); - pset.m_Unrestricted = this.m_Unrestricted || other.m_Unrestricted; - if (pset.m_Unrestricted) - { - // if the result of Union is unrestricted permset, just return - return pset; - } - - // degenerate case where we look at both this.m_permSet and other.m_permSet - this.CheckSet(); - other.CheckSet(); - maxMax = this.m_permSet.GetMaxUsedIndex() > other.m_permSet.GetMaxUsedIndex() ? this.m_permSet.GetMaxUsedIndex() : other.m_permSet.GetMaxUsedIndex(); - pset.m_permSet = new TokenBasedSet(); - - - - for (int i = 0; i <= maxMax; ++i) - { - Object thisObj = this.m_permSet.GetItem( i ); - IPermission thisPerm = thisObj as IPermission; - - Object otherObj = other.m_permSet.GetItem( i ); - IPermission otherPerm = otherObj as IPermission; - - if (thisObj == null && otherObj == null) - continue; - - if (thisObj == null) - { - if (otherPerm != null) - { - PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i ); - if (((token.m_type & PermissionTokenType.IUnrestricted) == 0) || !pset.m_Unrestricted) - { - pset.m_permSet.SetItem( i, otherPerm.Copy() ); - Debug.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" ); - } - } - } - else if (otherObj == null) - { - if (thisPerm != null) - { - PermissionToken token = (PermissionToken)PermissionToken.s_tokenSet.GetItem( i ); - if (((token.m_type & PermissionTokenType.IUnrestricted) == 0) || !pset.m_Unrestricted) - { - pset.m_permSet.SetItem( i, thisPerm.Copy() ); - Debug.Assert( PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" ); - } - } - } - else - { - IPermission unionPerm; - if(thisPerm == null) - unionPerm = otherPerm; - else if(otherPerm == null) - unionPerm = thisPerm; - else - unionPerm = thisPerm.Union( otherPerm ); - pset.m_permSet.SetItem( i, unionPerm ); - Debug.Assert( unionPerm == null || PermissionToken.s_tokenSet.GetItem( i ) != null, "PermissionToken should already be assigned" ); - } - } - - return pset; - } - - // Returns true if perm is contained in this - internal bool Contains(IPermission perm) - { - if (perm == null) - return true; - if (m_Unrestricted) - return true; - if (FastIsEmpty()) - return false; - - PermissionToken token = PermissionToken.GetToken(perm); - Object thisObj = this.m_permSet.GetItem( token.m_index ); - if (thisObj == null) - return perm.IsSubsetOf( null ); - - IPermission thisPerm = GetPermission(token.m_index); - if (thisPerm != null) - return perm.IsSubsetOf( thisPerm ); - else - return perm.IsSubsetOf( null ); - } - - [System.Runtime.InteropServices.ComVisible(false)] - public override bool Equals( Object obj ) - { - // Note: this method is designed to accept both PermissionSet and NamedPermissionSets. - // It will compare them based on the values in the base type, thereby ignoring the - // name and description of the named permission set. - - PermissionSet other = obj as PermissionSet; - - if (other == null) - return false; - - if (this.m_Unrestricted != other.m_Unrestricted) - return false; - - CheckSet(); - other.CheckSet(); - - DecodeAllPermissions(); - other.DecodeAllPermissions(); - - int maxIndex = Math.Max( this.m_permSet.GetMaxUsedIndex(), other.m_permSet.GetMaxUsedIndex() ); - - for (int i = 0; i <= maxIndex; ++i) - { - IPermission thisPerm = (IPermission)this.m_permSet.GetItem( i ); - IPermission otherPerm = (IPermission)other.m_permSet.GetItem( i ); - - if (thisPerm == null && otherPerm == null) - { - continue; - } - else if (thisPerm == null) - { - if (!otherPerm.IsSubsetOf( null )) - return false; - } - else if (otherPerm == null) - { - if (!thisPerm.IsSubsetOf( null )) - return false; - } - else - { - if (!thisPerm.Equals( otherPerm )) - return false; - } - } - - return true; - } - - [System.Runtime.InteropServices.ComVisible(false)] - public override int GetHashCode() - { - int accumulator; - - accumulator = this.m_Unrestricted ? -1 : 0; - - if (this.m_permSet != null) - { - DecodeAllPermissions(); - - int maxIndex = this.m_permSet.GetMaxUsedIndex(); - - for (int i = m_permSet.GetStartingIndex(); i <= maxIndex; ++i) - { - IPermission perm = (IPermission)this.m_permSet.GetItem( i ); - if (perm != null) - { - accumulator = accumulator ^ perm.GetHashCode(); - } - } - } - - return accumulator; - } - - // Mark this method as requiring a security object on the caller's frame - // so the caller won't be inlined (which would mess up stack crawling). - [DynamicSecurityMethodAttribute()] - [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable - public void Demand() - { - if (this.FastIsEmpty()) - return; // demanding the empty set always passes. - - ContainsNonCodeAccessPermissions(); - - if (m_ContainsCas) - { - StackCrawlMark stackMark = StackCrawlMark.LookForMyCallersCaller; - CodeAccessSecurityEngine.Check(GetCasOnlySet(), ref stackMark); - } - if (m_ContainsNonCas) - { - DemandNonCAS(); - } - } - - internal void DemandNonCAS() - { - ContainsNonCodeAccessPermissions(); - - if (m_ContainsNonCas) - { - if (this.m_permSet != null) - { - CheckSet(); - for (int i = m_permSet.GetStartingIndex(); i <= this.m_permSet.GetMaxUsedIndex(); ++i) - { - IPermission currPerm = GetPermission(i); - if (currPerm != null && !(currPerm is CodeAccessPermission)) - currPerm.Demand(); - } - } - } - } - - // Metadata for this method should be flaged with REQ_SQ so that - // EE can allocate space on the stack frame for FrameSecurityDescriptor - - [DynamicSecurityMethodAttribute()] - [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable - public void Assert() - { - StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller; - SecurityRuntime.Assert(this, ref stackMark); - } - - internal IPermission GetFirstPerm() - { - IEnumerator enumerator = GetEnumerator(); - if(!enumerator.MoveNext()) - return null; - return enumerator.Current as IPermission; - } - - // Returns a deep copy - public virtual PermissionSet Copy() - { - return new PermissionSet(this); - } - - public IEnumerator GetEnumerator() - { - return GetEnumeratorImpl(); - } - - protected virtual IEnumerator GetEnumeratorImpl() - { - return new PermissionSetEnumerator(this); - } - - internal PermissionSetEnumeratorInternal GetEnumeratorInternal() - { - return new PermissionSetEnumeratorInternal(this); - } - - private void DecodeAllPermissions() - { - if (m_permSet == null) - { - m_allPermissionsDecoded = true; - return; - } - - int maxIndex = m_permSet.GetMaxUsedIndex(); - for (int i = 0; i <= maxIndex; ++i) - { - // GetPermission has the side-effect of decoding the permission in the slot - GetPermission(i); - } - - m_allPermissionsDecoded = true; - } - - internal void FilterHostProtectionPermissions(HostProtectionResource fullTrustOnly, HostProtectionResource inaccessible) - { - HostProtectionPermission.protectedResources = fullTrustOnly; - HostProtectionPermission hpp = (HostProtectionPermission)GetPermission(HostProtectionPermission.GetTokenIndex()); - if(hpp == null) - return; - - HostProtectionPermission newHpp = (HostProtectionPermission)hpp.Intersect(new HostProtectionPermission(fullTrustOnly)); - if (newHpp == null) - { - RemovePermission(HostProtectionPermission.GetTokenIndex()); - } - else if (newHpp.Resources != hpp.Resources) - { - SetPermission(newHpp); - } - } - - // Determines whether the permission set contains any non-code access - // security permissions. - public bool ContainsNonCodeAccessPermissions() - { - if (m_CheckedForNonCas) - return m_ContainsNonCas; - - lock (this) - { - if (m_CheckedForNonCas) - return m_ContainsNonCas; - - m_ContainsCas = false; - m_ContainsNonCas = false; - - if (IsUnrestricted()) - m_ContainsCas = true; - - if (this.m_permSet != null) - { - PermissionSetEnumeratorInternal enumerator = new PermissionSetEnumeratorInternal(this); - - while (enumerator.MoveNext() && (!m_ContainsCas || !m_ContainsNonCas)) - { - IPermission perm = enumerator.Current as IPermission; - - if (perm != null) - { - if (perm is CodeAccessPermission) - m_ContainsCas = true; - else - m_ContainsNonCas = true; - } - } - } - - m_CheckedForNonCas = true; - } - - return m_ContainsNonCas; - } - - // Returns a permission set containing only CAS-permissions. If possible - // this is just the input set, otherwise a new set is allocated. - private PermissionSet GetCasOnlySet() - { - if (!m_ContainsNonCas) - return this; - - if (IsUnrestricted()) - return this; - - PermissionSet pset = new PermissionSet(false); - - PermissionSetEnumeratorInternal enumerator = new PermissionSetEnumeratorInternal(this); - - while (enumerator.MoveNext()) - { - IPermission perm = (IPermission)enumerator.Current; - - if (perm is CodeAccessPermission) - pset.AddPermission(perm); - } - - pset.m_CheckedForNonCas = true; - pset.m_ContainsCas = !pset.IsEmpty(); - pset.m_ContainsNonCas = false; - - return pset; - } - - // Internal routine used by CreateSerialized to add a permission to the set - private static void MergePermission(IPermission perm, bool separateCasFromNonCas, ref PermissionSet casPset, ref PermissionSet nonCasPset) - { - Debug.Assert(casPset == null || !casPset.IsReadOnly); - Debug.Assert(nonCasPset == null || !nonCasPset.IsReadOnly); - - if (perm == null) - return; - - if (!separateCasFromNonCas || perm is CodeAccessPermission) - { - if(casPset == null) - casPset = new PermissionSet(false); - IPermission oldPerm = casPset.GetPermission(perm); - IPermission unionPerm = casPset.AddPermission(perm); - if (oldPerm != null && !oldPerm.IsSubsetOf( unionPerm )) - throw new NotSupportedException( Environment.GetResourceString( "NotSupported_DeclarativeUnion" ) ); - } - else - { - if(nonCasPset == null) - nonCasPset = new PermissionSet(false); - IPermission oldPerm = nonCasPset.GetPermission(perm); - IPermission unionPerm = nonCasPset.AddPermission( perm ); - if (oldPerm != null && !oldPerm.IsSubsetOf( unionPerm )) - throw new NotSupportedException( Environment.GetResourceString( "NotSupported_DeclarativeUnion" ) ); - } - } - - // Converts an array of SecurityAttributes to a PermissionSet - private static byte[] CreateSerialized(Object[] attrs, - bool serialize, - ref byte[] nonCasBlob, - out PermissionSet casPset, - HostProtectionResource fullTrustOnlyResources, - bool allowEmptyPermissionSets) - { - // Create two new (empty) sets. - casPset = null; - PermissionSet nonCasPset = null; - - // Most security attributes generate a single permission. The - // PermissionSetAttribute class generates an entire permission set we - // need to merge, however. - for (int i = 0; i < attrs.Length; i++) - { -#pragma warning disable 618 - Debug.Assert(i == 0 || ((SecurityAttribute)attrs[i]).m_action == ((SecurityAttribute)attrs[i - 1]).m_action, "Mixed SecurityActions"); -#pragma warning restore 618 - if (attrs[i] is PermissionSetAttribute) - { - PermissionSet pset = ((PermissionSetAttribute)attrs[i]).CreatePermissionSet(); - if (pset == null) - throw new ArgumentException( Environment.GetResourceString( "Argument_UnableToGeneratePermissionSet" ) ); - - PermissionSetEnumeratorInternal enumerator = new PermissionSetEnumeratorInternal(pset); - - while (enumerator.MoveNext()) - { - IPermission perm = (IPermission)enumerator.Current; - MergePermission(perm, serialize, ref casPset, ref nonCasPset); - } - - if(casPset == null) - casPset = new PermissionSet(false); - if (pset.IsUnrestricted()) - casPset.SetUnrestricted(true); - } - else - { -#pragma warning disable 618 - IPermission perm = ((SecurityAttribute)attrs[i]).CreatePermission(); -#pragma warning restore 618 - MergePermission(perm, serialize, ref casPset, ref nonCasPset); - } - } - Debug.Assert(serialize || nonCasPset == null, "We shouldn't separate nonCAS permissions unless fSerialize is true"); - - // - // Filter HostProtection permission. In the VM, some optimizations are done based upon these - // declarative permission sets being NULL if they do not exist. When filtering the permission - // set if we end up with an empty set, we can the permission set NULL rather than returning the - // empty set in order to enable those optimizations. - // - - if(casPset != null) - { - casPset.FilterHostProtectionPermissions(fullTrustOnlyResources, HostProtectionResource.None); - casPset.ContainsNonCodeAccessPermissions(); // make sure all declarative PermissionSets are checked for non-CAS so we can just check the flag from native code - if (allowEmptyPermissionSets && casPset.IsEmpty()) - casPset = null; - } - if(nonCasPset != null) - { - nonCasPset.FilterHostProtectionPermissions(fullTrustOnlyResources, HostProtectionResource.None); - nonCasPset.ContainsNonCodeAccessPermissions(); // make sure all declarative PermissionSets are checked for non-CAS so we can just check the flag from native code - if (allowEmptyPermissionSets && nonCasPset.IsEmpty()) - nonCasPset = null; - } - - Debug.Assert(!serialize, "Cannot serialize permission sets on CoreCLR"); - return null; - } - - internal static void RemoveAssertedPermissionSet(PermissionSet demandSet, PermissionSet assertSet, out PermissionSet alteredDemandSet) - { - Debug.Assert(!assertSet.IsUnrestricted(), "Cannot call this function if assertSet is unrestricted"); - alteredDemandSet = null; - - PermissionSetEnumeratorInternal enumerator = new PermissionSetEnumeratorInternal(demandSet); - while (enumerator.MoveNext()) - { - CodeAccessPermission demandDerm = (CodeAccessPermission)enumerator.Current; - int i = enumerator.GetCurrentIndex(); - if (demandDerm != null) - { - CodeAccessPermission assertPerm - = (CodeAccessPermission)assertSet.GetPermission(i); - try - { - if (demandDerm.CheckAssert(assertPerm)) - { - if (alteredDemandSet == null) - alteredDemandSet = demandSet.Copy(); - - alteredDemandSet.RemovePermission(i); - } - } - catch (ArgumentException) - { - } - } - } - return; - } - } -} diff --git a/src/mscorlib/src/System/Security/PermissionSetEnumerator.cs b/src/mscorlib/src/System/Security/PermissionSetEnumerator.cs deleted file mode 100644 index 7b234e9..0000000 --- a/src/mscorlib/src/System/Security/PermissionSetEnumerator.cs +++ /dev/null @@ -1,89 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -// - -namespace System.Security -{ - //PermissionSetEnumerator.cs - - using System; - using System.Collections; - using TokenBasedSetEnumerator = System.Security.Util.TokenBasedSetEnumerator; - using TokenBasedSet = System.Security.Util.TokenBasedSet; - - internal class PermissionSetEnumerator : IEnumerator - { - PermissionSetEnumeratorInternal enm; - - public Object Current - { - get - { - return enm.Current; - } - } - - public bool MoveNext() - { - return enm.MoveNext(); - } - - public void Reset() - { - enm.Reset(); - } - - internal PermissionSetEnumerator(PermissionSet permSet) - { - enm = new PermissionSetEnumeratorInternal(permSet); - } - } - - internal struct PermissionSetEnumeratorInternal - { - private PermissionSet m_permSet; - private TokenBasedSetEnumerator enm; - - public Object Current - { - get - { - return enm.Current; - } - } - - internal PermissionSetEnumeratorInternal(PermissionSet permSet) - { - m_permSet = permSet; - enm = new TokenBasedSetEnumerator(permSet.m_permSet); - } - - public int GetCurrentIndex() - { - return enm.Index; - } - - public void Reset() - { - enm.Reset(); - } - - public bool MoveNext() - { - while (enm.MoveNext()) - { - Object obj = enm.Current; - IPermission perm = obj as IPermission; - if (perm != null) - { - enm.Current = perm; - return true; - } - } - return false; - } - } -} - diff --git a/src/mscorlib/src/System/Security/PermissionSetTriple.cs b/src/mscorlib/src/System/Security/PermissionSetTriple.cs deleted file mode 100644 index c04103b..0000000 --- a/src/mscorlib/src/System/Security/PermissionSetTriple.cs +++ /dev/null @@ -1,82 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -/*============================================================================= -** -** -** -** -** Purpose: Container class for holding an AppDomain's Grantset and Refused sets. -** Also used for CompressedStacks which brings in the third PermissionSet. -** Hence, the name PermissionSetTriple. -** -=============================================================================*/ - -namespace System.Security -{ - using IEnumerator = System.Collections.IEnumerator; - using System.Security; - using System.Security.Permissions; - using System.Runtime.InteropServices; - using System.Diagnostics; - using System.Diagnostics.Contracts; - - - [Serializable] - sealed internal class PermissionSetTriple - { - internal PermissionSet AssertSet; - internal PermissionSet GrantSet; - internal PermissionSet RefusedSet; - internal PermissionSetTriple() - { - Reset(); - } - internal void Reset() - { - AssertSet = null; - GrantSet = null; - RefusedSet = null; - } - - internal void UpdateGrant(PermissionSet in_g) - { - if (in_g != null) - { - if (GrantSet == null) - GrantSet = in_g.Copy(); - else - GrantSet.InplaceIntersect(in_g); - } - } - internal void UpdateRefused(PermissionSet in_r) - { - if (in_r != null) - { - if (RefusedSet == null) - RefusedSet = in_r.Copy(); - else - RefusedSet.InplaceUnion(in_r); - } - } - - internal bool CheckDemandNoThrow(CodeAccessPermission demand, PermissionToken permToken) - { - Debug.Assert(AssertSet == null, "AssertSet not null"); -#pragma warning disable 618 - return CodeAccessSecurityEngine.CheckHelper(GrantSet, RefusedSet, demand, permToken, RuntimeMethodHandleInternal.EmptyHandle, null, SecurityAction.Demand, false); -#pragma warning restore 618 - } - internal bool CheckSetDemandNoThrow(PermissionSet demandSet) - { - Debug.Assert(AssertSet == null, "AssertSet not null"); - -#pragma warning disable 618 - return CodeAccessSecurityEngine.CheckSetHelper(GrantSet, RefusedSet, demandSet, RuntimeMethodHandleInternal.EmptyHandle, null, SecurityAction.Demand, false); -#pragma warning restore 618 - } - } -} - - diff --git a/src/mscorlib/src/System/Security/PermissionToken.cs b/src/mscorlib/src/System/Security/PermissionToken.cs deleted file mode 100644 index e767446..0000000 --- a/src/mscorlib/src/System/Security/PermissionToken.cs +++ /dev/null @@ -1,284 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -namespace System.Security -{ - using System; - using System.Security.Util; - using System.Security.Permissions; - using System.Reflection; - using System.Collections; - using System.Threading; - using System.Globalization; - using System.Runtime.CompilerServices; - using System.Diagnostics; - using System.Diagnostics.Contracts; - - [Flags] - internal enum PermissionTokenType - { - Normal = 0x1, - IUnrestricted = 0x2, - DontKnow = 0x4, - BuiltIn = 0x8 - } - - [Serializable] - internal sealed class PermissionTokenKeyComparer : IEqualityComparer - { - private Comparer _caseSensitiveComparer; - private TextInfo _info; - - public PermissionTokenKeyComparer() - { - _caseSensitiveComparer = new Comparer(CultureInfo.InvariantCulture); - _info = CultureInfo.InvariantCulture.TextInfo; - } - - public int Compare(Object a, Object b) - { - String strA = a as String; - String strB = b as String; - - // if it's not a string then we just call the object comparer - if (strA == null || strB == null) - return _caseSensitiveComparer.Compare(a, b); - - int i = _caseSensitiveComparer.Compare(a,b); - if (i == 0) - return 0; - - if (SecurityManager.IsSameType(strA, strB)) - return 0; - - return i; - } - - public new bool Equals( Object a, Object b ) - { - if (a == b) return true; - if (a == null || b == null) return false; - return Compare( a, b ) == 0; - } - - // The data structure consuming this will be responsible for dealing with null objects as keys. - public int GetHashCode(Object obj) - { - if (obj == null) throw new ArgumentNullException(nameof(obj)); - Contract.EndContractBlock(); - - String str = obj as String; - - if (str == null) - return obj.GetHashCode(); - - int iComma = str.IndexOf( ',' ); - if (iComma == -1) - iComma = str.Length; - - int accumulator = 0; - for (int i = 0; i < iComma; ++i) - { - accumulator = (accumulator << 7) ^ str[i] ^ (accumulator >> 25); - } - - return accumulator; - } - } - - [Serializable] - internal sealed class PermissionToken - { - private static readonly PermissionTokenFactory s_theTokenFactory; - private const string c_mscorlibName = System.CoreLib.Name; - internal int m_index; - internal volatile PermissionTokenType m_type; - static internal TokenBasedSet s_tokenSet = new TokenBasedSet(); - - static PermissionToken() - { - s_theTokenFactory = new PermissionTokenFactory( 4 ); - } - - internal PermissionToken() - { - } - - internal PermissionToken(int index, PermissionTokenType type, String strTypeName) - { - m_index = index; - m_type = type; - } - - public static PermissionToken GetToken(IPermission perm) - { - if (perm == null) - return null; - - IBuiltInPermission ibPerm = perm as IBuiltInPermission; - - if (ibPerm != null) - return s_theTokenFactory.BuiltInGetToken( ibPerm.GetTokenIndex(), perm, null ); - else - return s_theTokenFactory.GetToken(perm.GetType(), perm); - } - } - - // Package access only - internal class PermissionTokenFactory - { - private volatile int m_size; - private volatile int m_index; - private volatile Hashtable m_tokenTable; // Cache of tokens by class string name - private volatile Hashtable m_handleTable; // Cache of tokens by type handle (IntPtr) - private volatile Hashtable m_indexTable; // Cache of tokens by index - - - // We keep an array of tokens for our built-in permissions. - // This is ordered in terms of unrestricted perms first, normals - // second. Of course, all the ordering is based on the individual - // permissions sticking to the deal, so we do some simple boundary - // checking but mainly leave it to faith. - - private volatile PermissionToken[] m_builtIn; - - private const String s_unrestrictedPermissionInferfaceName = "System.Security.Permissions.IUnrestrictedPermission"; - - internal PermissionTokenFactory( int size ) - { - m_builtIn = new PermissionToken[BuiltInPermissionIndex.NUM_BUILTIN_NORMAL + BuiltInPermissionIndex.NUM_BUILTIN_UNRESTRICTED]; - - m_size = size; - m_index = BuiltInPermissionIndex.NUM_BUILTIN_NORMAL + BuiltInPermissionIndex.NUM_BUILTIN_UNRESTRICTED; - m_tokenTable = null; - m_handleTable = new Hashtable(size); - m_indexTable = new Hashtable(size); - } - - internal PermissionToken GetToken(Type cls, IPermission perm) - { - Debug.Assert( cls != null, "Must pass in valid type" ); - - IntPtr typePtr = cls.TypeHandle.Value; - object tok = m_handleTable[typePtr]; - if (tok == null) - { - String typeStr = cls.AssemblyQualifiedName; - tok = m_tokenTable != null ? m_tokenTable[typeStr] : null; // Assumes asynchronous lookups are safe - - if (tok == null) - { - lock (this) - { - if (m_tokenTable != null) - { - tok = m_tokenTable[typeStr]; // Make sure it wasn't just added - } - else - m_tokenTable = new Hashtable(m_size, 1.0f, new PermissionTokenKeyComparer()); - - if (tok == null) - { - if (perm != null) - { - tok = new PermissionToken( m_index++, PermissionTokenType.IUnrestricted, typeStr ); - } - else - { - if (cls.GetInterface(s_unrestrictedPermissionInferfaceName) != null) - tok = new PermissionToken( m_index++, PermissionTokenType.IUnrestricted, typeStr ); - else - tok = new PermissionToken( m_index++, PermissionTokenType.Normal, typeStr ); - } - m_tokenTable.Add(typeStr, tok); - m_indexTable.Add(m_index - 1, tok); - PermissionToken.s_tokenSet.SetItem( ((PermissionToken)tok).m_index, tok ); - } - - if (!m_handleTable.Contains(typePtr)) - m_handleTable.Add( typePtr, tok ); - } - } - else - { - lock (this) - { - if (!m_handleTable.Contains(typePtr)) - m_handleTable.Add( typePtr, tok ); - } - } - } - - if ((((PermissionToken)tok).m_type & PermissionTokenType.DontKnow) != 0) - { - if (perm != null) - { - Debug.Assert( !(perm is IBuiltInPermission), "This should not be called for built-ins" ); - ((PermissionToken)tok).m_type = PermissionTokenType.IUnrestricted; - } - else - { - Debug.Assert( cls.GetInterface( "System.Security.Permissions.IBuiltInPermission" ) == null, "This shoudl not be called for built-ins" ); - if (cls.GetInterface(s_unrestrictedPermissionInferfaceName) != null) - ((PermissionToken)tok).m_type = PermissionTokenType.IUnrestricted; - else - ((PermissionToken)tok).m_type = PermissionTokenType.Normal; - } - } - - return (PermissionToken)tok; - } - - internal PermissionToken BuiltInGetToken( int index, IPermission perm, Type cls ) - { - PermissionToken token = Volatile.Read(ref m_builtIn[index]); - - if (token == null) - { - lock (this) - { - token = m_builtIn[index]; - - if (token == null) - { - PermissionTokenType permType = PermissionTokenType.DontKnow; - - if (perm != null) - { - permType = PermissionTokenType.IUnrestricted; - } - else if (cls != null) - { - permType = PermissionTokenType.IUnrestricted; - } - - token = new PermissionToken( index, permType | PermissionTokenType.BuiltIn, null ); - Volatile.Write(ref m_builtIn[index], token); - PermissionToken.s_tokenSet.SetItem( token.m_index, token ); - } - } - } - - if ((token.m_type & PermissionTokenType.DontKnow) != 0) - { - token.m_type = PermissionTokenType.BuiltIn; - - if (perm != null) - { - token.m_type |= PermissionTokenType.IUnrestricted; - } - else if (cls != null) - { - token.m_type |= PermissionTokenType.IUnrestricted; - } - else - { - token.m_type |= PermissionTokenType.DontKnow; - } - } - - return token; - } - } -} diff --git a/src/mscorlib/src/System/Security/Permissions/EnvironmentPermission.cs b/src/mscorlib/src/System/Security/Permissions/EnvironmentPermission.cs deleted file mode 100644 index 285e851..0000000 --- a/src/mscorlib/src/System/Security/Permissions/EnvironmentPermission.cs +++ /dev/null @@ -1,299 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -namespace System.Security.Permissions { - using System.Security; - using System; - using System.Security.Util; - using System.IO; - using System.Globalization; - using System.Diagnostics.Contracts; - - [Serializable] - [Flags] - [System.Runtime.InteropServices.ComVisible(true)] - internal enum EnvironmentPermissionAccess - { - NoAccess = 0x00, - Read = 0x01, - Write = 0x02, - AllAccess = 0x03, - } - - [Serializable] - internal class EnvironmentStringExpressionSet : StringExpressionSet - { - public EnvironmentStringExpressionSet() - : base( true, null, false ) - { - } - - protected override StringExpressionSet CreateNewEmpty() - { - return new EnvironmentStringExpressionSet(); - } - - protected override bool StringSubsetString( String left, String right, bool ignoreCase ) - { - return (ignoreCase?(String.Compare( left, right, StringComparison.OrdinalIgnoreCase) == 0): - (String.Compare( left, right, StringComparison.Ordinal) == 0)); - } - - protected override String ProcessWholeString( String str ) - { - return str; - } - - protected override String ProcessSingleString( String str ) - { - return str; - } - - public override string ToString() - { - // SafeCritical: we're not storing path information in the strings, so exposing them out is fine ... - // they're just the same strings that came in to the .ctor. - return base.UnsafeToString(); - } - } - -[System.Runtime.InteropServices.ComVisible(true)] - [Serializable] - sealed internal class EnvironmentPermission : CodeAccessPermission, IUnrestrictedPermission, IBuiltInPermission - { - private StringExpressionSet m_read; - private StringExpressionSet m_write; - private bool m_unrestricted; - - public EnvironmentPermission(PermissionState state) - { - if (state == PermissionState.Unrestricted) - m_unrestricted = true; - else if (state == PermissionState.None) - m_unrestricted = false; - else - throw new ArgumentException(Environment.GetResourceString("Argument_InvalidPermissionState")); - } - - public EnvironmentPermission( EnvironmentPermissionAccess flag, String pathList ) - { - SetPathList( flag, pathList ); - } - - public void SetPathList( EnvironmentPermissionAccess flag, String pathList ) - { - VerifyFlag( flag ); - - m_unrestricted = false; - - if ((flag & EnvironmentPermissionAccess.Read) != 0) - m_read = null; - - if ((flag & EnvironmentPermissionAccess.Write) != 0) - m_write = null; - - AddPathList( flag, pathList ); - } - - public void AddPathList( EnvironmentPermissionAccess flag, String pathList ) - { - VerifyFlag( flag ); - - if (FlagIsSet( flag, EnvironmentPermissionAccess.Read )) - { - if (m_read == null) - m_read = new EnvironmentStringExpressionSet(); - m_read.AddExpressions( pathList ); - } - - if (FlagIsSet( flag, EnvironmentPermissionAccess.Write )) - { - if (m_write == null) - m_write = new EnvironmentStringExpressionSet(); - m_write.AddExpressions( pathList ); - } - - } - - - private void VerifyFlag( EnvironmentPermissionAccess flag ) - { - if ((flag & ~EnvironmentPermissionAccess.AllAccess) != 0) - throw new ArgumentException(Environment.GetResourceString("Arg_EnumIllegalVal", (int)flag)); - Contract.EndContractBlock(); - } - - - private bool FlagIsSet( EnvironmentPermissionAccess flag, EnvironmentPermissionAccess question ) - { - return (flag & question) != 0; - } - - private bool IsEmpty() - { - return (!m_unrestricted && - (this.m_read == null || this.m_read.IsEmpty()) && - (this.m_write == null || this.m_write.IsEmpty())); - } - - //------------------------------------------------------ - // - // CODEACCESSPERMISSION IMPLEMENTATION - // - //------------------------------------------------------ - - public bool IsUnrestricted() - { - return m_unrestricted; - } - - //------------------------------------------------------ - // - // IPERMISSION IMPLEMENTATION - // - //------------------------------------------------------ - - public override bool IsSubsetOf(IPermission target) - { - if (target == null) - { - return this.IsEmpty(); - } - - try - { - EnvironmentPermission operand = (EnvironmentPermission)target; - if (operand.IsUnrestricted()) - return true; - else if (this.IsUnrestricted()) - return false; - else - return ((this.m_read == null || this.m_read.IsSubsetOf( operand.m_read )) && - (this.m_write == null || this.m_write.IsSubsetOf( operand.m_write ))); - } - catch (InvalidCastException) - { - throw new - ArgumentException( - Environment.GetResourceString("Argument_WrongType", this.GetType().FullName) - ); - } - } - - public override IPermission Intersect(IPermission target) - { - if (target == null) - { - return null; - } - else if (!VerifyType(target)) - { - throw new - ArgumentException( - Environment.GetResourceString("Argument_WrongType", this.GetType().FullName) - ); - } - else if (this.IsUnrestricted()) - { - return target.Copy(); - } - - EnvironmentPermission operand = (EnvironmentPermission)target; - - if (operand.IsUnrestricted()) - { - return this.Copy(); - } - - StringExpressionSet intersectRead = this.m_read == null ? null : this.m_read.Intersect( operand.m_read ); - StringExpressionSet intersectWrite = this.m_write == null ? null : this.m_write.Intersect( operand.m_write ); - - if ((intersectRead == null || intersectRead.IsEmpty()) && - (intersectWrite == null || intersectWrite.IsEmpty())) - { - return null; - } - - EnvironmentPermission intersectPermission = new EnvironmentPermission(PermissionState.None); - intersectPermission.m_unrestricted = false; - intersectPermission.m_read = intersectRead; - intersectPermission.m_write = intersectWrite; - - return intersectPermission; - } - - public override IPermission Union(IPermission other) - { - if (other == null) - { - return this.Copy(); - } - else if (!VerifyType(other)) - { - throw new - ArgumentException( - Environment.GetResourceString("Argument_WrongType", this.GetType().FullName) - ); - } - - EnvironmentPermission operand = (EnvironmentPermission)other; - - if (this.IsUnrestricted() || operand.IsUnrestricted()) - { - return new EnvironmentPermission( PermissionState.Unrestricted ); - } - - StringExpressionSet unionRead = this.m_read == null ? operand.m_read : this.m_read.Union( operand.m_read ); - StringExpressionSet unionWrite = this.m_write == null ? operand.m_write : this.m_write.Union( operand.m_write ); - - if ((unionRead == null || unionRead.IsEmpty()) && - (unionWrite == null || unionWrite.IsEmpty())) - { - return null; - } - - EnvironmentPermission unionPermission = new EnvironmentPermission(PermissionState.None); - unionPermission.m_unrestricted = false; - unionPermission.m_read = unionRead; - unionPermission.m_write = unionWrite; - - return unionPermission; - } - - public override IPermission Copy() - { - EnvironmentPermission copy = new EnvironmentPermission(PermissionState.None); - if (this.m_unrestricted) - { - copy.m_unrestricted = true; - } - else - { - copy.m_unrestricted = false; - if (this.m_read != null) - { - copy.m_read = this.m_read.Copy(); - } - if (this.m_write != null) - { - copy.m_write = this.m_write.Copy(); - } - - } - return copy; - } - - /// - int IBuiltInPermission.GetTokenIndex() - { - return EnvironmentPermission.GetTokenIndex(); - } - - internal static int GetTokenIndex() - { - return BuiltInPermissionIndex.EnvironmentPermissionIndex; - } - } - -} diff --git a/src/mscorlib/src/System/Security/Permissions/FileDialogPermission.cs b/src/mscorlib/src/System/Security/Permissions/FileDialogPermission.cs deleted file mode 100644 index 17182b7..0000000 --- a/src/mscorlib/src/System/Security/Permissions/FileDialogPermission.cs +++ /dev/null @@ -1,158 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -namespace System.Security.Permissions { - using System; - using System.Text; - using System.Security; - using System.Security.Util; - using System.IO; - using System.Runtime.Serialization; - using System.Reflection; - using System.Collections; - using System.Globalization; - using System.Diagnostics.Contracts; - -[Serializable] -[Flags] -[System.Runtime.InteropServices.ComVisible(true)] - internal enum FileDialogPermissionAccess { - None = 0x00, - - Open = 0x01, - - Save = 0x02, - - OpenSave = Open | Save - - } - - [Serializable] -[System.Runtime.InteropServices.ComVisible(true)] - internal sealed class FileDialogPermission : CodeAccessPermission, IUnrestrictedPermission, IBuiltInPermission { - FileDialogPermissionAccess access; - - public FileDialogPermission(PermissionState state) { - if (state == PermissionState.Unrestricted) { - SetUnrestricted(true); - } - else if (state == PermissionState.None) { - SetUnrestricted(false); - Reset(); - } - else { - throw new ArgumentException(Environment.GetResourceString("Argument_InvalidPermissionState")); - } - } - - public FileDialogPermission(FileDialogPermissionAccess access) { - VerifyAccess(access); - this.access = access; - } - - public FileDialogPermissionAccess Access { - get { - return access; - } - - set { - VerifyAccess(value); - access = value; - } - } - - public override IPermission Copy() { - return new FileDialogPermission(this.access); - } - - /// - int IBuiltInPermission.GetTokenIndex() { - return FileDialogPermission.GetTokenIndex(); - } - - internal static int GetTokenIndex() { - return BuiltInPermissionIndex.FileDialogPermissionIndex; - } - - public override IPermission Intersect(IPermission target) { - if (target == null) { - return null; - } - else if (!VerifyType(target)) { - throw new ArgumentException(Environment.GetResourceString("Argument_WrongType", this.GetType().FullName)); - } - - FileDialogPermission operand = (FileDialogPermission)target; - - FileDialogPermissionAccess intersectAccess = access & operand.Access; - - if (intersectAccess == FileDialogPermissionAccess.None) - return null; - else - return new FileDialogPermission(intersectAccess); - } - - public override bool IsSubsetOf(IPermission target) { - if (target == null) { - // Only safe subset if this is empty - return access == FileDialogPermissionAccess.None; - } - - try { - FileDialogPermission operand = (FileDialogPermission)target; - if (operand.IsUnrestricted()) { - return true; - } - else if (this.IsUnrestricted()) { - return false; - } - else { - int open = (int)(access & FileDialogPermissionAccess.Open); - int save = (int)(access & FileDialogPermissionAccess.Save); - int openTarget = (int)(operand.Access & FileDialogPermissionAccess.Open); - int saveTarget = (int)(operand.Access & FileDialogPermissionAccess.Save); - - return open <= openTarget && save <= saveTarget; - } - } - catch (InvalidCastException) { - throw new ArgumentException(Environment.GetResourceString("Argument_WrongType", this.GetType().FullName)); - } - - } - - public bool IsUnrestricted() { - return access == FileDialogPermissionAccess.OpenSave; - } - - void Reset() { - access = FileDialogPermissionAccess.None; - } - - void SetUnrestricted( bool unrestricted ) { - if (unrestricted) { - access = FileDialogPermissionAccess.OpenSave; - } - } - - public override IPermission Union(IPermission target) { - if (target == null) { - return this.Copy(); - } - else if (!VerifyType(target)) { - throw new ArgumentException(Environment.GetResourceString("Argument_WrongType", this.GetType().FullName)); - } - - FileDialogPermission operand = (FileDialogPermission)target; - return new FileDialogPermission(access | operand.Access); - } - - static void VerifyAccess(FileDialogPermissionAccess access) { - if ((access & ~FileDialogPermissionAccess.OpenSave) != 0 ) { - throw new ArgumentException(Environment.GetResourceString("Arg_EnumIllegalVal", (int)access)); - } - Contract.EndContractBlock(); - } - } -} diff --git a/src/mscorlib/src/System/Security/Permissions/FileIOPermission.cs b/src/mscorlib/src/System/Security/Permissions/FileIOPermission.cs deleted file mode 100644 index cd5209f..0000000 --- a/src/mscorlib/src/System/Security/Permissions/FileIOPermission.cs +++ /dev/null @@ -1,863 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -namespace System.Security.Permissions -{ - using System; - using System.Runtime.CompilerServices; - using System.Runtime.InteropServices; - using System.Security.AccessControl; - using System.Security.Util; - using System.IO; - using System.Collections; - using System.Globalization; - using System.Runtime.Serialization; - using System.Runtime.Versioning; - using System.Diagnostics; - using System.Diagnostics.Contracts; - - [Serializable] - [Flags] - [System.Runtime.InteropServices.ComVisible(true)] - internal enum FileIOPermissionAccess - { - NoAccess = 0x00, - Read = 0x01, - Write = 0x02, - Append = 0x04, - PathDiscovery = 0x08, - AllAccess = 0x0F, - } - - [System.Runtime.InteropServices.ComVisible(true)] - [Serializable] - internal sealed class FileIOPermission : CodeAccessPermission, IUnrestrictedPermission, IBuiltInPermission - { - private FileIOAccess m_read; - private FileIOAccess m_write; - private FileIOAccess m_append; - private FileIOAccess m_pathDiscovery; - [OptionalField(VersionAdded = 2)] - private FileIOAccess m_viewAcl; - [OptionalField(VersionAdded = 2)] - private FileIOAccess m_changeAcl; - private bool m_unrestricted; - - public FileIOPermission(PermissionState state) - { - if (state == PermissionState.Unrestricted) - { - m_unrestricted = true; - } - else if (state == PermissionState.None) - { - m_unrestricted = false; - } - else - { - throw new ArgumentException(Environment.GetResourceString("Argument_InvalidPermissionState")); - } - } - - public FileIOPermission( FileIOPermissionAccess access, String path ) - { - VerifyAccess( access ); - - String[] pathList = new String[] { path }; - AddPathList( access, pathList, false, true, false ); - } - - internal void AddPathList( FileIOPermissionAccess access, String[] pathListOrig, bool checkForDuplicates, bool needFullPath, bool copyPathList ) - { - AddPathList( access, AccessControlActions.None, pathListOrig, checkForDuplicates, needFullPath, copyPathList ); - } - - internal void AddPathList(FileIOPermissionAccess access, AccessControlActions control, String[] pathListOrig, bool checkForDuplicates, bool needFullPath, bool copyPathList) - { - if (pathListOrig == null) - { - throw new ArgumentNullException( "pathList" ); - } - if (pathListOrig.Length == 0) - { - throw new ArgumentException( Environment.GetResourceString("Argument_EmptyPath" )); - } - Contract.EndContractBlock(); - - VerifyAccess(access); - - if (m_unrestricted) - return; - - String[] pathList = pathListOrig; - if(copyPathList) - { - // Make a copy of pathList (in case its value changes after we check for illegal chars) - pathList = new String[pathListOrig.Length]; - Array.Copy(pathListOrig, pathList, pathListOrig.Length); - } - - ArrayList pathArrayList = StringExpressionSet.CreateListFromExpressions(pathList, needFullPath); - - // If we need the full path the standard illegal characters will be checked in StringExpressionSet. - CheckIllegalCharacters(pathList, onlyCheckExtras: needFullPath); - - // StringExpressionSet will do minor normalization, trimming spaces and replacing alternate - // directory separators. It will make an attemt to expand short file names and will check - // for standard colon placement. - // - // If needFullPath is true it will call NormalizePath- which performs short name expansion - // and does the normal validity checks. - - if ((access & FileIOPermissionAccess.Read) != 0) - { - if (m_read == null) - { - m_read = new FileIOAccess(); - } - m_read.AddExpressions( pathArrayList, checkForDuplicates); - } - - if ((access & FileIOPermissionAccess.Write) != 0) - { - if (m_write == null) - { - m_write = new FileIOAccess(); - } - m_write.AddExpressions( pathArrayList, checkForDuplicates); - } - - if ((access & FileIOPermissionAccess.Append) != 0) - { - if (m_append == null) - { - m_append = new FileIOAccess(); - } - m_append.AddExpressions( pathArrayList, checkForDuplicates); - } - - if ((access & FileIOPermissionAccess.PathDiscovery) != 0) - { - if (m_pathDiscovery == null) - { - m_pathDiscovery = new FileIOAccess( true ); - } - m_pathDiscovery.AddExpressions( pathArrayList, checkForDuplicates); - } - } - - public FileIOPermissionAccess AllFiles - { - get - { - if (m_unrestricted) - return FileIOPermissionAccess.AllAccess; - - FileIOPermissionAccess access = FileIOPermissionAccess.NoAccess; - - if (m_read != null && m_read.AllFiles) - { - access |= FileIOPermissionAccess.Read; - } - - if (m_write != null && m_write.AllFiles) - { - access |= FileIOPermissionAccess.Write; - } - - if (m_append != null && m_append.AllFiles) - { - access |= FileIOPermissionAccess.Append; - } - - if (m_pathDiscovery != null && m_pathDiscovery.AllFiles) - { - access |= FileIOPermissionAccess.PathDiscovery; - } - - return access; - } - - set - { - if (value == FileIOPermissionAccess.AllAccess) - { - m_unrestricted = true; - return; - } - - if ((value & FileIOPermissionAccess.Read) != 0) - { - if (m_read == null) - m_read = new FileIOAccess(); - - m_read.AllFiles = true; - } - else - { - if (m_read != null) - m_read.AllFiles = false; - } - - if ((value & FileIOPermissionAccess.Write) != 0) - { - if (m_write == null) - m_write = new FileIOAccess(); - - m_write.AllFiles = true; - } - else - { - if (m_write != null) - m_write.AllFiles = false; - } - - if ((value & FileIOPermissionAccess.Append) != 0) - { - if (m_append == null) - m_append = new FileIOAccess(); - - m_append.AllFiles = true; - } - else - { - if (m_append != null) - m_append.AllFiles = false; - } - - if ((value & FileIOPermissionAccess.PathDiscovery) != 0) - { - if (m_pathDiscovery == null) - m_pathDiscovery = new FileIOAccess( true ); - - m_pathDiscovery.AllFiles = true; - } - else - { - if (m_pathDiscovery != null) - m_pathDiscovery.AllFiles = false; - } - - } - } - - [Pure] - private static void VerifyAccess( FileIOPermissionAccess access ) - { - if ((access & ~FileIOPermissionAccess.AllAccess) != 0) - throw new ArgumentException(Environment.GetResourceString("Arg_EnumIllegalVal", (int)access)); - } - - private static void CheckIllegalCharacters(String[] str, bool onlyCheckExtras) - { -#if !PLATFORM_UNIX - for (int i = 0; i < str.Length; ++i) - { - // FileIOPermission doesn't allow for normalizing across various volume names. This means "C:\" and - // "\\?\C:\" won't be considered correctly. In addition there are many other aliases for the volume - // besides "C:" such as (in one concrete example) "\\?\Harddisk0Partition2\", "\\?\HarddiskVolume6\", - // "\\?\Volume{d1655348-0000-0000-0000-f01500000000}\", etc. - // - // We'll continue to explicitly block extended syntax here by disallowing wildcards no matter where - // they occur in the string (e.g. \\?\ isn't ok) - if (CheckExtraPathCharacters(str[i])) - throw new ArgumentException(Environment.GetResourceString("Argument_InvalidPathChars")); - - if (!onlyCheckExtras) - PathInternal.CheckInvalidPathChars(str[i]); - } -#else - // There are no "extras" on Unix - if (onlyCheckExtras) - return; - - for (int i = 0; i < str.Length; ++i) - { - PathInternal.CheckInvalidPathChars(str[i]); - } -#endif - } - -#if !PLATFORM_UNIX - /// - /// Check for ?,* and null, ignoring extended syntax. - /// - [MethodImpl(MethodImplOptions.AggressiveInlining)] - private unsafe static bool CheckExtraPathCharacters(string path) - { - char currentChar; - for (int i = 0; i < path.Length; i++) - { - currentChar = path[i]; - - // We also check for null here as StringExpressionSet will trim it out. (Ensuring we still throw as we always have.) - if (currentChar == '*' || currentChar == '?' || currentChar == '\0') return true; - } - return false; - } - -#endif - - private bool IsEmpty() - { - return (!m_unrestricted && - (this.m_read == null || this.m_read.IsEmpty()) && - (this.m_write == null || this.m_write.IsEmpty()) && - (this.m_append == null || this.m_append.IsEmpty()) && - (this.m_pathDiscovery == null || this.m_pathDiscovery.IsEmpty()) && - (this.m_viewAcl == null || this.m_viewAcl.IsEmpty()) && - (this.m_changeAcl == null || this.m_changeAcl.IsEmpty())); - } - - //------------------------------------------------------ - // - // CODEACCESSPERMISSION IMPLEMENTATION - // - //------------------------------------------------------ - - public bool IsUnrestricted() - { - return m_unrestricted; - } - - //------------------------------------------------------ - // - // IPERMISSION IMPLEMENTATION - // - //------------------------------------------------------ - - public override bool IsSubsetOf(IPermission target) - { - if (target == null) - { - return this.IsEmpty(); - } - - FileIOPermission operand = target as FileIOPermission; - if (operand == null) - throw new ArgumentException(Environment.GetResourceString("Argument_WrongType", this.GetType().FullName)); - - if (operand.IsUnrestricted()) - return true; - else if (this.IsUnrestricted()) - return false; - else - return ((this.m_read == null || this.m_read.IsSubsetOf( operand.m_read )) && - (this.m_write == null || this.m_write.IsSubsetOf( operand.m_write )) && - (this.m_append == null || this.m_append.IsSubsetOf( operand.m_append )) && - (this.m_pathDiscovery == null || this.m_pathDiscovery.IsSubsetOf( operand.m_pathDiscovery )) && - (this.m_viewAcl == null || this.m_viewAcl.IsSubsetOf( operand.m_viewAcl )) && - (this.m_changeAcl == null || this.m_changeAcl.IsSubsetOf( operand.m_changeAcl ))); - } - - public override IPermission Intersect(IPermission target) - { - if (target == null) - { - return null; - } - - FileIOPermission operand = target as FileIOPermission; - - if (operand == null) - { - throw new ArgumentException(Environment.GetResourceString("Argument_WrongType", this.GetType().FullName)); - } - else if (this.IsUnrestricted()) - { - return target.Copy(); - } - - if (operand.IsUnrestricted()) - { - return this.Copy(); - } - - FileIOAccess intersectRead = this.m_read == null ? null : this.m_read.Intersect( operand.m_read ); - FileIOAccess intersectWrite = this.m_write == null ? null : this.m_write.Intersect( operand.m_write ); - FileIOAccess intersectAppend = this.m_append == null ? null : this.m_append.Intersect( operand.m_append ); - FileIOAccess intersectPathDiscovery = this.m_pathDiscovery == null ? null : this.m_pathDiscovery.Intersect( operand.m_pathDiscovery ); - FileIOAccess intersectViewAcl = this.m_viewAcl == null ? null : this.m_viewAcl.Intersect( operand.m_viewAcl ); - FileIOAccess intersectChangeAcl = this.m_changeAcl == null ? null : this.m_changeAcl.Intersect( operand.m_changeAcl ); - - if ((intersectRead == null || intersectRead.IsEmpty()) && - (intersectWrite == null || intersectWrite.IsEmpty()) && - (intersectAppend == null || intersectAppend.IsEmpty()) && - (intersectPathDiscovery == null || intersectPathDiscovery.IsEmpty()) && - (intersectViewAcl == null || intersectViewAcl.IsEmpty()) && - (intersectChangeAcl == null || intersectChangeAcl.IsEmpty())) - { - return null; - } - - FileIOPermission intersectPermission = new FileIOPermission(PermissionState.None); - intersectPermission.m_unrestricted = false; - intersectPermission.m_read = intersectRead; - intersectPermission.m_write = intersectWrite; - intersectPermission.m_append = intersectAppend; - intersectPermission.m_pathDiscovery = intersectPathDiscovery; - intersectPermission.m_viewAcl = intersectViewAcl; - intersectPermission.m_changeAcl = intersectChangeAcl; - - return intersectPermission; - } - - public override IPermission Union(IPermission other) - { - if (other == null) - { - return this.Copy(); - } - - FileIOPermission operand = other as FileIOPermission; - - if (operand == null) - { - throw new ArgumentException(Environment.GetResourceString("Argument_WrongType", this.GetType().FullName)); - } - - if (this.IsUnrestricted() || operand.IsUnrestricted()) - { - return new FileIOPermission( PermissionState.Unrestricted ); - } - - FileIOAccess unionRead = this.m_read == null ? operand.m_read : this.m_read.Union( operand.m_read ); - FileIOAccess unionWrite = this.m_write == null ? operand.m_write : this.m_write.Union( operand.m_write ); - FileIOAccess unionAppend = this.m_append == null ? operand.m_append : this.m_append.Union( operand.m_append ); - FileIOAccess unionPathDiscovery = this.m_pathDiscovery == null ? operand.m_pathDiscovery : this.m_pathDiscovery.Union( operand.m_pathDiscovery ); - FileIOAccess unionViewAcl = this.m_viewAcl == null ? operand.m_viewAcl : this.m_viewAcl.Union( operand.m_viewAcl ); - FileIOAccess unionChangeAcl = this.m_changeAcl == null ? operand.m_changeAcl : this.m_changeAcl.Union( operand.m_changeAcl ); - - if ((unionRead == null || unionRead.IsEmpty()) && - (unionWrite == null || unionWrite.IsEmpty()) && - (unionAppend == null || unionAppend.IsEmpty()) && - (unionPathDiscovery == null || unionPathDiscovery.IsEmpty()) && - (unionViewAcl == null || unionViewAcl.IsEmpty()) && - (unionChangeAcl == null || unionChangeAcl.IsEmpty())) - { - return null; - } - - FileIOPermission unionPermission = new FileIOPermission(PermissionState.None); - unionPermission.m_unrestricted = false; - unionPermission.m_read = unionRead; - unionPermission.m_write = unionWrite; - unionPermission.m_append = unionAppend; - unionPermission.m_pathDiscovery = unionPathDiscovery; - unionPermission.m_viewAcl = unionViewAcl; - unionPermission.m_changeAcl = unionChangeAcl; - - return unionPermission; - } - - public override IPermission Copy() - { - FileIOPermission copy = new FileIOPermission(PermissionState.None); - if (this.m_unrestricted) - { - copy.m_unrestricted = true; - } - else - { - copy.m_unrestricted = false; - if (this.m_read != null) - { - copy.m_read = this.m_read.Copy(); - } - if (this.m_write != null) - { - copy.m_write = this.m_write.Copy(); - } - if (this.m_append != null) - { - copy.m_append = this.m_append.Copy(); - } - if (this.m_pathDiscovery != null) - { - copy.m_pathDiscovery = this.m_pathDiscovery.Copy(); - } - if (this.m_viewAcl != null) - { - copy.m_viewAcl = this.m_viewAcl.Copy(); - } - if (this.m_changeAcl != null) - { - copy.m_changeAcl = this.m_changeAcl.Copy(); - } - } - return copy; - } - - /// - int IBuiltInPermission.GetTokenIndex() - { - return FileIOPermission.GetTokenIndex(); - } - - internal static int GetTokenIndex() - { - return BuiltInPermissionIndex.FileIOPermissionIndex; - } - - [System.Runtime.InteropServices.ComVisible(false)] - public override bool Equals(Object obj) - { - FileIOPermission perm = obj as FileIOPermission; - if(perm == null) - return false; - - if(m_unrestricted && perm.m_unrestricted) - return true; - if(m_unrestricted != perm.m_unrestricted) - return false; - - if(m_read == null) - { - if(perm.m_read != null && !perm.m_read.IsEmpty()) - return false; - } - else if(!m_read.Equals(perm.m_read)) - return false; - - if(m_write == null) - { - if(perm.m_write != null && !perm.m_write.IsEmpty()) - return false; - } - else if(!m_write.Equals(perm.m_write)) - return false; - - if(m_append == null) - { - if(perm.m_append != null && !perm.m_append.IsEmpty()) - return false; - } - else if(!m_append.Equals(perm.m_append)) - return false; - - if(m_pathDiscovery == null) - { - if(perm.m_pathDiscovery != null && !perm.m_pathDiscovery.IsEmpty()) - return false; - } - else if(!m_pathDiscovery.Equals(perm.m_pathDiscovery)) - return false; - - if(m_viewAcl == null) - { - if(perm.m_viewAcl != null && !perm.m_viewAcl.IsEmpty()) - return false; - } - else if(!m_viewAcl.Equals(perm.m_viewAcl)) - return false; - - if(m_changeAcl == null) - { - if(perm.m_changeAcl != null && !perm.m_changeAcl.IsEmpty()) - return false; - } - else if(!m_changeAcl.Equals(perm.m_changeAcl)) - return false; - - return true; - } - - [System.Runtime.InteropServices.ComVisible(false)] - public override int GetHashCode() - { - // This implementation is only to silence a compiler warning. - return base.GetHashCode(); - } - } - - [Serializable] - internal sealed class FileIOAccess - { - private bool m_ignoreCase = true; - - private StringExpressionSet m_set; - private bool m_allFiles; - private bool m_allLocalFiles; - private bool m_pathDiscovery; - - private const String m_strAllFiles = "*AllFiles*"; - private const String m_strAllLocalFiles = "*AllLocalFiles*"; - - public FileIOAccess() - { - m_set = new StringExpressionSet( m_ignoreCase, true ); - m_allFiles = false; - m_allLocalFiles = false; - m_pathDiscovery = false; - } - - public FileIOAccess( bool pathDiscovery ) - { - m_set = new StringExpressionSet( m_ignoreCase, true ); - m_allFiles = false; - m_allLocalFiles = false; - m_pathDiscovery = pathDiscovery; - } - - public FileIOAccess( bool allFiles, bool allLocalFiles, bool pathDiscovery ) - { - m_set = new StringExpressionSet( m_ignoreCase, true ); - m_allFiles = allFiles; - m_allLocalFiles = allLocalFiles; - m_pathDiscovery = pathDiscovery; - } - - public FileIOAccess( StringExpressionSet set, bool allFiles, bool allLocalFiles, bool pathDiscovery ) - { - m_set = set; - m_set.SetThrowOnRelative( true ); - m_allFiles = allFiles; - m_allLocalFiles = allLocalFiles; - m_pathDiscovery = pathDiscovery; - } - - private FileIOAccess( FileIOAccess operand ) - { - m_set = operand.m_set.Copy(); - m_allFiles = operand.m_allFiles; - m_allLocalFiles = operand.m_allLocalFiles; - m_pathDiscovery = operand.m_pathDiscovery; - } - - public void AddExpressions(ArrayList values, bool checkForDuplicates) - { - m_allFiles = false; - m_set.AddExpressions(values, checkForDuplicates); - } - - public bool AllFiles - { - get - { - return m_allFiles; - } - - set - { - m_allFiles = value; - } - } - - public bool IsEmpty() - { - return !m_allFiles && !m_allLocalFiles && (m_set == null || m_set.IsEmpty()); - } - - public FileIOAccess Copy() - { - return new FileIOAccess( this ); - } - - public FileIOAccess Union( FileIOAccess operand ) - { - if (operand == null) - { - return this.IsEmpty() ? null : this.Copy(); - } - - Debug.Assert( this.m_pathDiscovery == operand.m_pathDiscovery, "Path discovery settings must match" ); - - if (this.m_allFiles || operand.m_allFiles) - { - return new FileIOAccess( true, false, this.m_pathDiscovery ); - } - - return new FileIOAccess( this.m_set.Union( operand.m_set ), false, this.m_allLocalFiles || operand.m_allLocalFiles, this.m_pathDiscovery ); - } - - public FileIOAccess Intersect( FileIOAccess operand ) - { - if (operand == null) - { - return null; - } - - Debug.Assert( this.m_pathDiscovery == operand.m_pathDiscovery, "Path discovery settings must match" ); - - if (this.m_allFiles) - { - if (operand.m_allFiles) - { - return new FileIOAccess( true, false, this.m_pathDiscovery ); - } - else - { - return new FileIOAccess( operand.m_set.Copy(), false, operand.m_allLocalFiles, this.m_pathDiscovery ); - } - } - else if (operand.m_allFiles) - { - return new FileIOAccess( this.m_set.Copy(), false, this.m_allLocalFiles, this.m_pathDiscovery ); - } - - StringExpressionSet intersectionSet = new StringExpressionSet( m_ignoreCase, true ); - - if (this.m_allLocalFiles) - { - String[] expressions = operand.m_set.UnsafeToStringArray(); - - if (expressions != null) - { - for (int i = 0; i < expressions.Length; ++i) - { - String root = GetRoot( expressions[i] ); - if (root != null && IsLocalDrive( GetRoot( root ) ) ) - { - intersectionSet.AddExpressions( new String[] { expressions[i] }, true, false ); - } - } - } - } - - if (operand.m_allLocalFiles) - { - String[] expressions = this.m_set.UnsafeToStringArray(); - - if (expressions != null) - { - for (int i = 0; i < expressions.Length; ++i) - { - String root = GetRoot( expressions[i] ); - if (root != null && IsLocalDrive(GetRoot(root))) - { - intersectionSet.AddExpressions( new String[] { expressions[i] }, true, false ); - } - } - } - } - - String[] regularIntersection = this.m_set.Intersect( operand.m_set ).UnsafeToStringArray(); - - if (regularIntersection != null) - intersectionSet.AddExpressions( regularIntersection, !intersectionSet.IsEmpty(), false ); - - return new FileIOAccess( intersectionSet, false, this.m_allLocalFiles && operand.m_allLocalFiles, this.m_pathDiscovery ); - } - - public bool IsSubsetOf( FileIOAccess operand ) - { - if (operand == null) - { - return this.IsEmpty(); - } - - if (operand.m_allFiles) - { - return true; - } - - Debug.Assert( this.m_pathDiscovery == operand.m_pathDiscovery, "Path discovery settings must match" ); - - if (!((m_pathDiscovery && this.m_set.IsSubsetOfPathDiscovery( operand.m_set )) || this.m_set.IsSubsetOf( operand.m_set ))) - { - if (operand.m_allLocalFiles) - { - String[] expressions = m_set.UnsafeToStringArray(); - - for (int i = 0; i < expressions.Length; ++i) - { - String root = GetRoot( expressions[i] ); - if (root == null || !IsLocalDrive(GetRoot(root))) - { - return false; - } - } - } - else - { - return false; - } - } - - return true; - } - - private static String GetRoot( String path ) - { -#if !PLATFORM_UNIX - String str = path.Substring( 0, 3 ); - if (str.EndsWith( ":\\", StringComparison.Ordinal)) -#else - String str = path.Substring( 0, 1 ); - if(str == "/") -#endif // !PLATFORM_UNIX - { - return str; - } - else - { - return null; - } - } - - public override String ToString() - { - // SafeCritical: all string expression sets are constructed with the throwOnRelative bit set, so - // we're only exposing out the same paths that we took as input. - if (m_allFiles) - { - return m_strAllFiles; - } - else - { - if (m_allLocalFiles) - { - String retstr = m_strAllLocalFiles; - - String tempStr = m_set.UnsafeToString(); - - if (tempStr != null && tempStr.Length > 0) - retstr += ";" + tempStr; - - return retstr; - } - else - { - return m_set.UnsafeToString(); - } - } - } - - [DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode)] - [SuppressUnmanagedCodeSecurity] - internal static extern bool IsLocalDrive(String path); - - public override bool Equals(Object obj) - { - FileIOAccess operand = obj as FileIOAccess; - if(operand == null) - return (IsEmpty() && obj == null); - Debug.Assert( this.m_pathDiscovery == operand.m_pathDiscovery, "Path discovery settings must match" ); - if(m_pathDiscovery) - { - if(this.m_allFiles && operand.m_allFiles) - return true; - if(this.m_allLocalFiles == operand.m_allLocalFiles && - m_set.IsSubsetOf(operand.m_set) && - operand.m_set.IsSubsetOf(m_set)) // Watch Out: This calls StringExpressionSet.IsSubsetOf, unlike below - return true; - return false; - } - else - { - if(!this.IsSubsetOf(operand)) // Watch Out: This calls FileIOAccess.IsSubsetOf, unlike above - return false; - if(!operand.IsSubsetOf(this)) - return false; - return true; - } - } - - public override int GetHashCode() - { - // This implementation is only to silence a compiler warning. - return base.GetHashCode(); - } - } -} diff --git a/src/mscorlib/src/System/Security/Permissions/HostProtectionPermission.cs b/src/mscorlib/src/System/Security/Permissions/HostProtectionPermission.cs deleted file mode 100644 index 2288482..0000000 --- a/src/mscorlib/src/System/Security/Permissions/HostProtectionPermission.cs +++ /dev/null @@ -1,265 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -namespace System.Security.Permissions -{ - using System; - using System.IO; - using System.Security.Util; - using System.Text; - using System.Threading; - using System.Runtime.Remoting; - using System.Security; - using System.Runtime.Serialization; - using System.Reflection; - using System.Globalization; - using System.Diagnostics.Contracts; - - // Keep this enum in sync with tools\ngen\ngen.cpp and inc\mscoree.idl - -[Serializable] - [Flags] - [System.Runtime.InteropServices.ComVisible(true)] - internal enum HostProtectionResource - { - None = 0x0, - //-------------------------------- - Synchronization = 0x1, - SharedState = 0x2, - ExternalProcessMgmt = 0x4, - SelfAffectingProcessMgmt = 0x8, - ExternalThreading = 0x10, - SelfAffectingThreading = 0x20, - SecurityInfrastructure = 0x40, - UI = 0x80, - MayLeakOnAbort = 0x100, - //--------------------------------- - All = 0x1ff, - } - - [AttributeUsage(AttributeTargets.Method | AttributeTargets.Constructor | AttributeTargets.Class | AttributeTargets.Struct | AttributeTargets.Assembly | AttributeTargets.Delegate, AllowMultiple = true, Inherited = false )] - [System.Runtime.InteropServices.ComVisible(true)] - [Serializable] - // This needs to be in the asmmeta to enable SecAnnotate to successfully resolve and run the security rules. It gets marked - // as internal by BCLRewriter so we are simply marking it as FriendAccessAllowed so it stays in the asmmeta. - [System.Runtime.CompilerServices.FriendAccessAllowedAttribute] -#pragma warning disable 618 - sealed internal class HostProtectionAttribute : CodeAccessSecurityAttribute -#pragma warning restore 618 - { - private HostProtectionResource m_resources = HostProtectionResource.None; - - public HostProtectionAttribute() -#pragma warning disable 618 - : base( SecurityAction.LinkDemand ) -#pragma warning restore 618 - { - } - -#pragma warning disable 618 - public HostProtectionAttribute( SecurityAction action ) -#pragma warning restore 618 - : base( action ) - { -#pragma warning disable 618 - if (action != SecurityAction.LinkDemand) -#pragma warning restore 618 - throw new ArgumentException(Environment.GetResourceString("Argument_InvalidFlag")); - Contract.EndContractBlock(); - } - - public HostProtectionResource Resources { - get { return m_resources; } - set { m_resources = value; } - } - - public bool Synchronization { - get { return (m_resources & HostProtectionResource.Synchronization) != 0; } - set { m_resources = (value ? m_resources | HostProtectionResource.Synchronization : m_resources & ~HostProtectionResource.Synchronization); } - } - - public bool SharedState { - get { return (m_resources & HostProtectionResource.SharedState) != 0; } - set { m_resources = (value ? m_resources | HostProtectionResource.SharedState : m_resources & ~HostProtectionResource.SharedState); } - } - - public bool ExternalProcessMgmt { - get { return (m_resources & HostProtectionResource.ExternalProcessMgmt) != 0; } - set { m_resources = (value ? m_resources | HostProtectionResource.ExternalProcessMgmt : m_resources & ~HostProtectionResource.ExternalProcessMgmt); } - } - - public bool SelfAffectingProcessMgmt { - get { return (m_resources & HostProtectionResource.SelfAffectingProcessMgmt) != 0; } - set { m_resources = (value ? m_resources | HostProtectionResource.SelfAffectingProcessMgmt : m_resources & ~HostProtectionResource.SelfAffectingProcessMgmt); } - } - - public bool ExternalThreading { - get { return (m_resources & HostProtectionResource.ExternalThreading) != 0; } - set { m_resources = (value ? m_resources | HostProtectionResource.ExternalThreading : m_resources & ~HostProtectionResource.ExternalThreading); } - } - - public bool SelfAffectingThreading { - get { return (m_resources & HostProtectionResource.SelfAffectingThreading) != 0; } - set { m_resources = (value ? m_resources | HostProtectionResource.SelfAffectingThreading : m_resources & ~HostProtectionResource.SelfAffectingThreading); } - } - -[System.Runtime.InteropServices.ComVisible(true)] - public bool SecurityInfrastructure { - get { return (m_resources & HostProtectionResource.SecurityInfrastructure) != 0; } - set { m_resources = (value ? m_resources | HostProtectionResource.SecurityInfrastructure : m_resources & ~HostProtectionResource.SecurityInfrastructure); } - } - - public bool UI { - get { return (m_resources & HostProtectionResource.UI) != 0; } - set { m_resources = (value ? m_resources | HostProtectionResource.UI : m_resources & ~HostProtectionResource.UI); } - } - - public bool MayLeakOnAbort { - get { return (m_resources & HostProtectionResource.MayLeakOnAbort) != 0; } - set { m_resources = (value ? m_resources | HostProtectionResource.MayLeakOnAbort : m_resources & ~HostProtectionResource.MayLeakOnAbort); } - } - - public override IPermission CreatePermission() - { - if (m_unrestricted) - { - return new HostProtectionPermission( PermissionState.Unrestricted ); - } - else - { - return new HostProtectionPermission( m_resources ); - } - } - } - - [Serializable] - sealed internal class HostProtectionPermission : CodeAccessPermission, IUnrestrictedPermission, IBuiltInPermission - { - //------------------------------------------------------ - // - // GLOBALS - // - //------------------------------------------------------ - - // This value is set by PermissionSet.FilterHostProtectionPermissions. It is only used for - // constructing a HostProtectionException object. Changing it will not affect HostProtection. - internal static volatile HostProtectionResource protectedResources = HostProtectionResource.None; - - //------------------------------------------------------ - // - // MEMBERS - // - //------------------------------------------------------ - private HostProtectionResource m_resources; - - //------------------------------------------------------ - // - // CONSTRUCTORS - // - //------------------------------------------------------ - public HostProtectionPermission(PermissionState state) - { - if (state == PermissionState.Unrestricted) - Resources = HostProtectionResource.All; - else if (state == PermissionState.None) - Resources = HostProtectionResource.None; - else - throw new ArgumentException(Environment.GetResourceString("Argument_InvalidPermissionState")); - } - - public HostProtectionPermission(HostProtectionResource resources) - { - Resources = resources; - } - - //------------------------------------------------------ - // - // IPermission interface implementation - // - //------------------------------------------------------ - public bool IsUnrestricted() - { - return Resources == HostProtectionResource.All; - } - - //------------------------------------------------------ - // - // Properties - // - //------------------------------------------------------ - public HostProtectionResource Resources - { - set - { - if(value < HostProtectionResource.None || value > HostProtectionResource.All) - throw new ArgumentException(Environment.GetResourceString("Arg_EnumIllegalVal", (int)value)); - Contract.EndContractBlock(); - m_resources = value; - } - - get - { - return m_resources; - } - } - - //------------------------------------------------------ - // - // IPermission interface implementation - // - //------------------------------------------------------ - public override bool IsSubsetOf(IPermission target) - { - if (target == null) - return m_resources == HostProtectionResource.None; - if(this.GetType() != target.GetType()) - throw new ArgumentException( Environment.GetResourceString("Argument_WrongType", this.GetType().FullName) ); - return ((uint)this.m_resources & (uint)((HostProtectionPermission)target).m_resources) == (uint)this.m_resources; - } - - public override IPermission Union(IPermission target) - { - if (target == null) - return(this.Copy()); - if(this.GetType() != target.GetType()) - throw new ArgumentException( Environment.GetResourceString("Argument_WrongType", this.GetType().FullName) ); - HostProtectionResource newResources = (HostProtectionResource)((uint)this.m_resources | (uint)((HostProtectionPermission)target).m_resources); - return new HostProtectionPermission(newResources); - } - - public override IPermission Intersect(IPermission target) - { - if (target == null) - return null; - if(this.GetType() != target.GetType()) - throw new ArgumentException( Environment.GetResourceString("Argument_WrongType", this.GetType().FullName) ); - HostProtectionResource newResources = (HostProtectionResource)((uint)this.m_resources & (uint)((HostProtectionPermission)target).m_resources); - if(newResources == HostProtectionResource.None) - return null; - return new HostProtectionPermission(newResources); - } - - public override IPermission Copy() - { - return new HostProtectionPermission(m_resources); - } - - //------------------------------------------------------ - // - // OBJECT OVERRIDES - // - //------------------------------------------------------ - - /// - int IBuiltInPermission.GetTokenIndex() - { - return HostProtectionPermission.GetTokenIndex(); - } - - internal static int GetTokenIndex() - { - return BuiltInPermissionIndex.HostProtectionPermissionIndex; - } - } -} diff --git a/src/mscorlib/src/System/Security/Permissions/IBuiltInPermission.cs b/src/mscorlib/src/System/Security/Permissions/IBuiltInPermission.cs deleted file mode 100644 index 273ef30..0000000 --- a/src/mscorlib/src/System/Security/Permissions/IBuiltInPermission.cs +++ /dev/null @@ -1,39 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -namespace System.Security.Permissions -{ - internal interface IBuiltInPermission - { - int GetTokenIndex(); - } - - internal static class BuiltInPermissionIndex - { - internal const int NUM_BUILTIN_UNRESTRICTED = 10; - internal const int NUM_BUILTIN_NORMAL = 7; - - // Unrestricted permissions - - internal const int EnvironmentPermissionIndex = 0; - internal const int FileDialogPermissionIndex = 1; - internal const int FileIOPermissionIndex = 2; - internal const int IsolatedStorageFilePermissionIndex = 3; - internal const int ReflectionPermissionIndex = 4; - internal const int RegistryPermissionIndex = 5; - internal const int SecurityPermissionIndex = 6; - internal const int UIPermissionIndex = 7; - internal const int PrincipalPermissionIndex = 8; - internal const int HostProtectionPermissionIndex = 9; - - // Normal permissions - internal const int PublisherIdentityPermissionIndex = 0 + NUM_BUILTIN_UNRESTRICTED; - internal const int SiteIdentityPermissionIndex = 1 + NUM_BUILTIN_UNRESTRICTED; - internal const int StrongNameIdentityPermissionIndex = 2 + NUM_BUILTIN_UNRESTRICTED; - internal const int UrlIdentityPermissionIndex = 3 + NUM_BUILTIN_UNRESTRICTED; - internal const int ZoneIdentityPermissionIndex = 4 + NUM_BUILTIN_UNRESTRICTED; - internal const int GacIdentityPermissionIndex = 5 + NUM_BUILTIN_UNRESTRICTED; - internal const int KeyContainerPermissionIndex = 6 + NUM_BUILTIN_UNRESTRICTED; - } -} diff --git a/src/mscorlib/src/System/Security/Permissions/IUnrestrictedPermission.cs b/src/mscorlib/src/System/Security/Permissions/IUnrestrictedPermission.cs deleted file mode 100644 index d66ca4d..0000000 --- a/src/mscorlib/src/System/Security/Permissions/IUnrestrictedPermission.cs +++ /dev/null @@ -1,13 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -namespace System.Security.Permissions { - - using System; -[System.Runtime.InteropServices.ComVisible(true)] - internal interface IUnrestrictedPermission - { - bool IsUnrestricted(); - } -} diff --git a/src/mscorlib/src/System/Security/Permissions/PermissionAttributes.cs b/src/mscorlib/src/System/Security/Permissions/PermissionAttributes.cs deleted file mode 100644 index 3db0354..0000000 --- a/src/mscorlib/src/System/Security/Permissions/PermissionAttributes.cs +++ /dev/null @@ -1,159 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -namespace System.Security.Permissions -{ - - using System.Security.Util; - using System.IO; - using System.Security.Policy; - using System.Text; - using System.Threading; - using System.Runtime.InteropServices; - using System.Runtime.Remoting; - using System.Runtime.Serialization; - using System.Runtime.Versioning; - using System.Diagnostics.Contracts; - - [Serializable] - [System.Runtime.InteropServices.ComVisible(true)] - // The csharp compiler requires these types to be public, but they are not used elsewhere. - [Obsolete("SecurityAction is no longer accessible to application code.")] - internal enum SecurityAction - { - // Demand permission of all caller - Demand = 2, - - // Assert permission so callers don't need - Assert = 3, - - // Deny permissions so checks will fail - [Obsolete("Deny is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")] - Deny = 4, - - // Reduce permissions so check will fail - PermitOnly = 5, - - // Demand permission of caller - LinkDemand = 6, - - // Demand permission of a subclass - InheritanceDemand = 7, - - // Request minimum permissions to run - [Obsolete("Assembly level declarative security is obsolete and is no longer enforced by the CLR by default. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")] - RequestMinimum = 8, - - // Request optional additional permissions - [Obsolete("Assembly level declarative security is obsolete and is no longer enforced by the CLR by default. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")] - RequestOptional = 9, - - // Refuse to be granted these permissions - [Obsolete("Assembly level declarative security is obsolete and is no longer enforced by the CLR by default. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")] - RequestRefuse = 10, - } - - [Serializable] - [AttributeUsage(AttributeTargets.Method | AttributeTargets.Constructor | AttributeTargets.Class | AttributeTargets.Struct | AttributeTargets.Assembly, AllowMultiple = true, Inherited = false )] - [System.Runtime.InteropServices.ComVisible(true)] - // The csharp compiler requires these types to be public, but they are not used elsewhere. - [Obsolete("SecurityAttribute is no longer accessible to application code.")] - internal abstract class SecurityAttribute : System.Attribute - { - /// - internal SecurityAction m_action; - /// - internal bool m_unrestricted; - - protected SecurityAttribute( SecurityAction action ) - { - m_action = action; - } - - abstract public IPermission CreatePermission(); - } - - [Serializable] - [AttributeUsage(AttributeTargets.Method | AttributeTargets.Constructor | AttributeTargets.Class | AttributeTargets.Struct | AttributeTargets.Assembly, AllowMultiple = true, Inherited = false )] - [System.Runtime.InteropServices.ComVisible(true)] - [Obsolete("CodeAccessSecurityAttribute is no longer accessible to application code.")] - internal abstract class CodeAccessSecurityAttribute : SecurityAttribute - { - protected CodeAccessSecurityAttribute( SecurityAction action ) - : base( action ) - { - } - } - - [AttributeUsage(AttributeTargets.Method | AttributeTargets.Constructor | AttributeTargets.Class | AttributeTargets.Struct | AttributeTargets.Assembly, AllowMultiple = true, Inherited = false )] -[System.Runtime.InteropServices.ComVisible(true)] - [Serializable] -#pragma warning disable 618 - sealed internal class ReflectionPermissionAttribute : CodeAccessSecurityAttribute -#pragma warning restore 618 - { - private ReflectionPermissionFlag m_flag = ReflectionPermissionFlag.NoFlags; - - public ReflectionPermissionFlag Flags { - get { return m_flag; } - set { m_flag = value; } - } - -#pragma warning disable 618 - public ReflectionPermissionAttribute( SecurityAction action ) -#pragma warning restore 618 - : base( action ) - { - } - - public override IPermission CreatePermission() - { - if (m_unrestricted) - { - return new ReflectionPermission( PermissionState.Unrestricted ); - } - else - { - return new ReflectionPermission( m_flag ); - } - } - } - - [AttributeUsage(AttributeTargets.Method | AttributeTargets.Constructor | AttributeTargets.Class | AttributeTargets.Struct | AttributeTargets.Assembly, AllowMultiple = true, Inherited = false )] -[System.Runtime.InteropServices.ComVisible(true)] - [Serializable] -#pragma warning disable 618 - sealed internal class PermissionSetAttribute : CodeAccessSecurityAttribute -#pragma warning restore 618 - { - private String m_file; - private String m_name; - private bool m_unicode; - private String m_xml; - private String m_hex; - -#pragma warning disable 618 - public PermissionSetAttribute( SecurityAction action ) -#pragma warning restore 618 - : base( action ) - { - m_unicode = false; - } - - public override IPermission CreatePermission() - { - return null; - } - - public PermissionSet CreatePermissionSet() - { - if (m_unrestricted) - return new PermissionSet( PermissionState.Unrestricted ); - else if (m_name != null) - return NamedPermissionSet.GetBuiltInSet( m_name ); - else - return new PermissionSet( PermissionState.None ); - } - } -} diff --git a/src/mscorlib/src/System/Security/Permissions/PermissionState.cs b/src/mscorlib/src/System/Security/Permissions/PermissionState.cs deleted file mode 100644 index de3dbd1..0000000 --- a/src/mscorlib/src/System/Security/Permissions/PermissionState.cs +++ /dev/null @@ -1,21 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -// -// The Runtime policy manager. Maintains a set of IdentityMapper objects that map -// inbound evidence to groups. Resolves an identity into a set of permissions -// - -namespace System.Security.Permissions { - - using System; - [Serializable] -[System.Runtime.InteropServices.ComVisible(true)] - internal enum PermissionState - { - Unrestricted = 1, - None = 0, - } - -} diff --git a/src/mscorlib/src/System/Security/Permissions/ReflectionPermission.cs b/src/mscorlib/src/System/Security/Permissions/ReflectionPermission.cs deleted file mode 100644 index 288febb..0000000 --- a/src/mscorlib/src/System/Security/Permissions/ReflectionPermission.cs +++ /dev/null @@ -1,274 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -namespace System.Security.Permissions -{ - using System; - using System.IO; - using System.Security.Util; - using System.Text; - using System.Runtime.InteropServices; - using System.Runtime.Remoting; - using System.Security; - using System.Reflection; - using System.Globalization; - using System.Diagnostics.Contracts; - - [ComVisible(true)] - [Flags] - [Serializable] - internal enum ReflectionPermissionFlag - { - NoFlags = 0x00, - [Obsolete("This API has been deprecated. http://go.microsoft.com/fwlink/?linkid=14202")] - TypeInformation = 0x01, - MemberAccess = 0x02, - [Obsolete("This permission is no longer used by the CLR.")] - ReflectionEmit = 0x04, - [ComVisible(false)] - RestrictedMemberAccess = 0x08, - [Obsolete("This permission has been deprecated. Use PermissionState.Unrestricted to get full access.")] - AllFlags = 0x07 - } - - [ComVisible(true)] - [Serializable] - sealed internal class ReflectionPermission - : CodeAccessPermission, IUnrestrictedPermission, IBuiltInPermission - { - // ReflectionPermissionFlag.AllFlags doesn't contain the new value RestrictedMemberAccess, - // but we cannot change its value now because that will break apps that have that old value baked in. - // We should use this const that truely contains "all" flags instead of ReflectionPermissionFlag.AllFlags. -#pragma warning disable 618 - internal const ReflectionPermissionFlag AllFlagsAndMore = ReflectionPermissionFlag.AllFlags | ReflectionPermissionFlag.RestrictedMemberAccess; -#pragma warning restore 618 - - private ReflectionPermissionFlag m_flags; - - // - // Public Constructors - // - - public ReflectionPermission(PermissionState state) - { - if (state == PermissionState.Unrestricted) - { - SetUnrestricted( true ); - } - else if (state == PermissionState.None) - { - SetUnrestricted( false ); - } - else - { - throw new ArgumentException(Environment.GetResourceString("Argument_InvalidPermissionState")); - } - } - - // Parameters: - // - public ReflectionPermission(ReflectionPermissionFlag flag) - { - VerifyAccess(flag); - - SetUnrestricted(false); - m_flags = flag; - } - - //------------------------------------------------------ - // - // PRIVATE AND PROTECTED MODIFIERS - // - //------------------------------------------------------ - - - private void SetUnrestricted(bool unrestricted) - { - if (unrestricted) - { - m_flags = ReflectionPermission.AllFlagsAndMore; - } - else - { - Reset(); - } - } - - - private void Reset() - { - m_flags = ReflectionPermissionFlag.NoFlags; - } - - - public ReflectionPermissionFlag Flags - { - set - { - VerifyAccess(value); - - m_flags = value; - } - - get - { - return m_flags; - } - } - - - #if ZERO // Do not remove this code, useful for debugging - public override String ToString() - { - StringBuilder sb = new StringBuilder(); - sb.Append("ReflectionPermission("); - if (IsUnrestricted()) - { - sb.Append("Unrestricted"); - } - else - { - if (GetFlag(ReflectionPermissionFlag.TypeInformation)) - sb.Append("TypeInformation; "); - if (GetFlag(ReflectionPermissionFlag.MemberAccess)) - sb.Append("MemberAccess; "); -#pragma warning disable 618 - if (GetFlag(ReflectionPermissionFlag.ReflectionEmit)) - sb.Append("ReflectionEmit; "); -#pragma warning restore 618 - } - - sb.Append(")"); - return sb.ToString(); - } - #endif - - - // - // CodeAccessPermission implementation - // - - public bool IsUnrestricted() - { - return m_flags == ReflectionPermission.AllFlagsAndMore; - } - - // - // IPermission implementation - // - - public override IPermission Union(IPermission other) - { - if (other == null) - { - return this.Copy(); - } - else if (!VerifyType(other)) - { - throw new - ArgumentException( - Environment.GetResourceString("Argument_WrongType", this.GetType().FullName) - ); - } - - ReflectionPermission operand = (ReflectionPermission)other; - - if (this.IsUnrestricted() || operand.IsUnrestricted()) - { - return new ReflectionPermission( PermissionState.Unrestricted ); - } - else - { - ReflectionPermissionFlag flag_union = (ReflectionPermissionFlag)(m_flags | operand.m_flags); - return(new ReflectionPermission(flag_union)); - } - } - - - - public override bool IsSubsetOf(IPermission target) - { - if (target == null) - { - return m_flags == ReflectionPermissionFlag.NoFlags; - } - - try - { - ReflectionPermission operand = (ReflectionPermission)target; - if (operand.IsUnrestricted()) - return true; - else if (this.IsUnrestricted()) - return false; - else - return (((int)this.m_flags) & ~((int)operand.m_flags)) == 0; - } - catch (InvalidCastException) - { - throw new - ArgumentException( - Environment.GetResourceString("Argument_WrongType", this.GetType().FullName) - ); - } - - } - - public override IPermission Intersect(IPermission target) - { - if (target == null) - return null; - else if (!VerifyType(target)) - { - throw new - ArgumentException( - Environment.GetResourceString("Argument_WrongType", this.GetType().FullName) - ); - } - - ReflectionPermission operand = (ReflectionPermission)target; - - ReflectionPermissionFlag newFlags = operand.m_flags & this.m_flags; - - if (newFlags == ReflectionPermissionFlag.NoFlags) - return null; - else - return new ReflectionPermission( newFlags ); - } - - public override IPermission Copy() - { - if (this.IsUnrestricted()) - { - return new ReflectionPermission(PermissionState.Unrestricted); - } - else - { - return new ReflectionPermission((ReflectionPermissionFlag)m_flags); - } - } - - - // - // IEncodable Interface - - private - void VerifyAccess(ReflectionPermissionFlag type) - { - if ((type & ~ReflectionPermission.AllFlagsAndMore) != 0) - throw new ArgumentException(Environment.GetResourceString("Arg_EnumIllegalVal", (int)type)); - Contract.EndContractBlock(); - } - - /// - int IBuiltInPermission.GetTokenIndex() - { - return ReflectionPermission.GetTokenIndex(); - } - - internal static int GetTokenIndex() - { - return BuiltInPermissionIndex.ReflectionPermissionIndex; - } - } -} diff --git a/src/mscorlib/src/System/Security/Permissions/RegistryPermission.cs b/src/mscorlib/src/System/Security/Permissions/RegistryPermission.cs deleted file mode 100644 index 2eb254e..0000000 --- a/src/mscorlib/src/System/Security/Permissions/RegistryPermission.cs +++ /dev/null @@ -1,311 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -namespace System.Security.Permissions -{ - using System; - using System.Security.AccessControl; - using System.Security.Util; - using System.IO; - using System.Globalization; - using System.Runtime.Serialization; - -[Serializable] - [Flags] -[System.Runtime.InteropServices.ComVisible(true)] - internal enum RegistryPermissionAccess - { - NoAccess = 0x00, - Read = 0x01, - Write = 0x02, - Create = 0x04, - AllAccess = 0x07, - } - -[System.Runtime.InteropServices.ComVisible(true)] - [Serializable] - sealed internal class RegistryPermission : CodeAccessPermission, IUnrestrictedPermission, IBuiltInPermission - { - private StringExpressionSet m_read; - private StringExpressionSet m_write; - private StringExpressionSet m_create; - [OptionalField(VersionAdded = 2)] - private StringExpressionSet m_viewAcl; - [OptionalField(VersionAdded = 2)] - private StringExpressionSet m_changeAcl; - private bool m_unrestricted; - - - public RegistryPermission(PermissionState state) - { - if (state == PermissionState.Unrestricted) - { - m_unrestricted = true; - } - else if (state == PermissionState.None) - { - m_unrestricted = false; - } - else - { - throw new ArgumentException(Environment.GetResourceString("Argument_InvalidPermissionState")); - } - } - - public RegistryPermission( RegistryPermissionAccess access, String pathList ) - { - SetPathList( access, pathList ); - } - - public void SetPathList( RegistryPermissionAccess access, String pathList ) - { - VerifyAccess( access ); - - m_unrestricted = false; - - if ((access & RegistryPermissionAccess.Read) != 0) - m_read = null; - - if ((access & RegistryPermissionAccess.Write) != 0) - m_write = null; - - if ((access & RegistryPermissionAccess.Create) != 0) - m_create = null; - - AddPathList( access, pathList ); - } - - public void AddPathList( RegistryPermissionAccess access, String pathList ) - { - AddPathList( access, AccessControlActions.None, pathList ); - } - - public void AddPathList( RegistryPermissionAccess access, AccessControlActions control, String pathList ) - { - VerifyAccess( access ); - - if ((access & RegistryPermissionAccess.Read) != 0) - { - if (m_read == null) - m_read = new StringExpressionSet(); - m_read.AddExpressions( pathList ); - } - - if ((access & RegistryPermissionAccess.Write) != 0) - { - if (m_write == null) - m_write = new StringExpressionSet(); - m_write.AddExpressions( pathList ); - } - - if ((access & RegistryPermissionAccess.Create) != 0) - { - if (m_create == null) - m_create = new StringExpressionSet(); - m_create.AddExpressions( pathList ); - } - } - - private void VerifyAccess( RegistryPermissionAccess access ) - { - if ((access & ~RegistryPermissionAccess.AllAccess) != 0) - throw new ArgumentException(Environment.GetResourceString("Arg_EnumIllegalVal", (int)access)); - } - - private bool IsEmpty() - { - return (!m_unrestricted && - (this.m_read == null || this.m_read.IsEmpty()) && - (this.m_write == null || this.m_write.IsEmpty()) && - (this.m_create == null || this.m_create.IsEmpty()) && - (this.m_viewAcl == null || this.m_viewAcl.IsEmpty()) && - (this.m_changeAcl == null || this.m_changeAcl.IsEmpty())); - } - - //------------------------------------------------------ - // - // CODEACCESSPERMISSION IMPLEMENTATION - // - //------------------------------------------------------ - - public bool IsUnrestricted() - { - return m_unrestricted; - } - - //------------------------------------------------------ - // - // IPERMISSION IMPLEMENTATION - // - //------------------------------------------------------ - - public override bool IsSubsetOf(IPermission target) - { - if (target == null) - { - return this.IsEmpty(); - } - - RegistryPermission operand = target as RegistryPermission; - if (operand == null) - throw new ArgumentException(Environment.GetResourceString("Argument_WrongType", this.GetType().FullName)); - - if (operand.IsUnrestricted()) - return true; - else if (this.IsUnrestricted()) - return false; - else - return ((this.m_read == null || this.m_read.IsSubsetOf( operand.m_read )) && - (this.m_write == null || this.m_write.IsSubsetOf( operand.m_write )) && - (this.m_create == null || this.m_create.IsSubsetOf( operand.m_create )) && - (this.m_viewAcl == null || this.m_viewAcl.IsSubsetOf( operand.m_viewAcl )) && - (this.m_changeAcl == null || this.m_changeAcl.IsSubsetOf( operand.m_changeAcl ))); - } - - public override IPermission Intersect(IPermission target) - { - if (target == null) - { - return null; - } - else if (!VerifyType(target)) - { - throw new - ArgumentException( - Environment.GetResourceString("Argument_WrongType", this.GetType().FullName) - ); - } - else if (this.IsUnrestricted()) - { - return target.Copy(); - } - - RegistryPermission operand = (RegistryPermission)target; - if (operand.IsUnrestricted()) - { - return this.Copy(); - } - - - StringExpressionSet intersectRead = this.m_read == null ? null : this.m_read.Intersect( operand.m_read ); - StringExpressionSet intersectWrite = this.m_write == null ? null : this.m_write.Intersect( operand.m_write ); - StringExpressionSet intersectCreate = this.m_create == null ? null : this.m_create.Intersect( operand.m_create ); - StringExpressionSet intersectViewAcl = this.m_viewAcl == null ? null : this.m_viewAcl.Intersect( operand.m_viewAcl ); - StringExpressionSet intersectChangeAcl = this.m_changeAcl == null ? null : this.m_changeAcl.Intersect( operand.m_changeAcl ); - - if ((intersectRead == null || intersectRead.IsEmpty()) && - (intersectWrite == null || intersectWrite.IsEmpty()) && - (intersectCreate == null || intersectCreate.IsEmpty()) && - (intersectViewAcl == null || intersectViewAcl.IsEmpty()) && - (intersectChangeAcl == null || intersectChangeAcl.IsEmpty())) - { - return null; - } - - RegistryPermission intersectPermission = new RegistryPermission(PermissionState.None); - intersectPermission.m_unrestricted = false; - intersectPermission.m_read = intersectRead; - intersectPermission.m_write = intersectWrite; - intersectPermission.m_create = intersectCreate; - intersectPermission.m_viewAcl = intersectViewAcl; - intersectPermission.m_changeAcl = intersectChangeAcl; - - return intersectPermission; - } - - public override IPermission Union(IPermission other) - { - if (other == null) - { - return this.Copy(); - } - else if (!VerifyType(other)) - { - throw new - ArgumentException( - Environment.GetResourceString("Argument_WrongType", this.GetType().FullName) - ); - } - - RegistryPermission operand = (RegistryPermission)other; - - if (this.IsUnrestricted() || operand.IsUnrestricted()) - { - return new RegistryPermission( PermissionState.Unrestricted ); - } - - StringExpressionSet unionRead = this.m_read == null ? operand.m_read : this.m_read.Union( operand.m_read ); - StringExpressionSet unionWrite = this.m_write == null ? operand.m_write : this.m_write.Union( operand.m_write ); - StringExpressionSet unionCreate = this.m_create == null ? operand.m_create : this.m_create.Union( operand.m_create ); - StringExpressionSet unionViewAcl = this.m_viewAcl == null ? operand.m_viewAcl : this.m_viewAcl.Union( operand.m_viewAcl ); - StringExpressionSet unionChangeAcl = this.m_changeAcl == null ? operand.m_changeAcl : this.m_changeAcl.Union( operand.m_changeAcl ); - - if ((unionRead == null || unionRead.IsEmpty()) && - (unionWrite == null || unionWrite.IsEmpty()) && - (unionCreate == null || unionCreate.IsEmpty()) && - (unionViewAcl == null || unionViewAcl.IsEmpty()) && - (unionChangeAcl == null || unionChangeAcl.IsEmpty())) - { - return null; - } - - RegistryPermission unionPermission = new RegistryPermission(PermissionState.None); - unionPermission.m_unrestricted = false; - unionPermission.m_read = unionRead; - unionPermission.m_write = unionWrite; - unionPermission.m_create = unionCreate; - unionPermission.m_viewAcl = unionViewAcl; - unionPermission.m_changeAcl = unionChangeAcl; - - return unionPermission; - } - - - public override IPermission Copy() - { - RegistryPermission copy = new RegistryPermission(PermissionState.None); - if (this.m_unrestricted) - { - copy.m_unrestricted = true; - } - else - { - copy.m_unrestricted = false; - if (this.m_read != null) - { - copy.m_read = this.m_read.Copy(); - } - if (this.m_write != null) - { - copy.m_write = this.m_write.Copy(); - } - if (this.m_create != null) - { - copy.m_create = this.m_create.Copy(); - } - if (this.m_viewAcl != null) - { - copy.m_viewAcl = this.m_viewAcl.Copy(); - } - if (this.m_changeAcl != null) - { - copy.m_changeAcl = this.m_changeAcl.Copy(); - } - } - return copy; - } - - /// - int IBuiltInPermission.GetTokenIndex() - { - return RegistryPermission.GetTokenIndex(); - } - - internal static int GetTokenIndex() - { - return BuiltInPermissionIndex.RegistryPermissionIndex; - } - - } -} diff --git a/src/mscorlib/src/System/Security/Permissions/SecurityPermission.cs b/src/mscorlib/src/System/Security/Permissions/SecurityPermission.cs deleted file mode 100644 index b8e4275..0000000 --- a/src/mscorlib/src/System/Security/Permissions/SecurityPermission.cs +++ /dev/null @@ -1,269 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -namespace System.Security.Permissions -{ - using System; - using System.IO; - using System.Security.Util; - using System.Text; - using System.Threading; - using System.Runtime.Remoting; - using System.Security; - using System.Runtime.Serialization; - using System.Reflection; - using System.Globalization; - using System.Diagnostics.Contracts; - - [Serializable] - [Flags] - [System.Runtime.InteropServices.ComVisible(true)] - [Obsolete("SecurityPermissionFlag is no longer accessible to application code.")] - internal enum SecurityPermissionFlag - { - NoFlags = 0x00, - /* The following enum value is used in the EE (ASSERT_PERMISSION in security.cpp) - * Should this value change, make corresponding changes there - */ - Assertion = 0x01, - UnmanagedCode = 0x02, // Update vm\Security.h if you change this ! - SkipVerification = 0x04, // Update vm\Security.h if you change this ! - Execution = 0x08, - ControlThread = 0x10, - ControlEvidence = 0x20, - ControlPolicy = 0x40, - SerializationFormatter = 0x80, - ControlDomainPolicy = 0x100, - ControlPrincipal = 0x200, - ControlAppDomain = 0x400, - RemotingConfiguration = 0x800, - Infrastructure = 0x1000, - BindingRedirects = 0x2000, - AllFlags = 0x3fff, - } - -[System.Runtime.InteropServices.ComVisible(true)] - [Serializable] - sealed internal class SecurityPermission - : CodeAccessPermission, IUnrestrictedPermission, IBuiltInPermission - { -#pragma warning disable 618 - private SecurityPermissionFlag m_flags; -#pragma warning restore 618 - - // - // Public Constructors - // - - public SecurityPermission(PermissionState state) - { - if (state == PermissionState.Unrestricted) - { - SetUnrestricted( true ); - } - else if (state == PermissionState.None) - { - SetUnrestricted( false ); - Reset(); - } - else - { - throw new ArgumentException(Environment.GetResourceString("Argument_InvalidPermissionState")); - } - } - - - // SecurityPermission - // -#pragma warning disable 618 - public SecurityPermission(SecurityPermissionFlag flag) -#pragma warning restore 618 - { - VerifyAccess(flag); - - SetUnrestricted(false); - m_flags = flag; - } - - - //------------------------------------------------------ - // - // PRIVATE AND PROTECTED MODIFIERS - // - //------------------------------------------------------ - - - private void SetUnrestricted(bool unrestricted) - { - if (unrestricted) - { -#pragma warning disable 618 - m_flags = SecurityPermissionFlag.AllFlags; -#pragma warning restore 618 - } - } - - private void Reset() - { -#pragma warning disable 618 - m_flags = SecurityPermissionFlag.NoFlags; -#pragma warning restore 618 - } - - -#pragma warning disable 618 - public SecurityPermissionFlag Flags -#pragma warning restore 618 - { - set - { - VerifyAccess(value); - - m_flags = value; - } - - get - { - return m_flags; - } - } - - // - // CodeAccessPermission methods - // - - /* - * IPermission interface implementation - */ - - public override bool IsSubsetOf(IPermission target) - { - if (target == null) - { - return m_flags == 0; - } - - SecurityPermission operand = target as SecurityPermission; - if (operand != null) - { - return (((int)this.m_flags) & ~((int)operand.m_flags)) == 0; - } - else - { - throw new - ArgumentException( - Environment.GetResourceString("Argument_WrongType", this.GetType().FullName) - ); - } - - } - - public override IPermission Union(IPermission target) { - if (target == null) return(this.Copy()); - if (!VerifyType(target)) { - throw new - ArgumentException( - Environment.GetResourceString("Argument_WrongType", this.GetType().FullName) - ); - } - SecurityPermission sp_target = (SecurityPermission) target; - if (sp_target.IsUnrestricted() || IsUnrestricted()) { - return(new SecurityPermission(PermissionState.Unrestricted)); - } -#pragma warning disable 618 - SecurityPermissionFlag flag_union = (SecurityPermissionFlag)(m_flags | sp_target.m_flags); -#pragma warning restore 618 - return(new SecurityPermission(flag_union)); - } - - public override IPermission Intersect(IPermission target) - { - if (target == null) - return null; - else if (!VerifyType(target)) - { - throw new - ArgumentException( - Environment.GetResourceString("Argument_WrongType", this.GetType().FullName) - ); - } - - SecurityPermission operand = (SecurityPermission)target; -#pragma warning disable 618 - SecurityPermissionFlag isectFlags = SecurityPermissionFlag.NoFlags; -#pragma warning restore 618 - - if (operand.IsUnrestricted()) - { - if (this.IsUnrestricted()) - return new SecurityPermission(PermissionState.Unrestricted); - else -#pragma warning disable 618 - isectFlags = (SecurityPermissionFlag)this.m_flags; -#pragma warning restore 618 - } - else if (this.IsUnrestricted()) - { -#pragma warning disable 618 - isectFlags = (SecurityPermissionFlag)operand.m_flags; -#pragma warning restore 618 - } - else - { -#pragma warning disable 618 - isectFlags = (SecurityPermissionFlag)m_flags & (SecurityPermissionFlag)operand.m_flags; -#pragma warning restore 618 - } - - if (isectFlags == 0) - return null; - else - return new SecurityPermission(isectFlags); - } - - public override IPermission Copy() - { - if (IsUnrestricted()) - return new SecurityPermission(PermissionState.Unrestricted); - else -#pragma warning disable 618 - return new SecurityPermission((SecurityPermissionFlag)m_flags); -#pragma warning restore 618 - } - - public bool IsUnrestricted() - { -#pragma warning disable 618 - return m_flags == SecurityPermissionFlag.AllFlags; -#pragma warning restore 618 - } - - private -#pragma warning disable 618 - void VerifyAccess(SecurityPermissionFlag type) -#pragma warning restore 618 - { -#pragma warning disable 618 - if ((type & ~SecurityPermissionFlag.AllFlags) != 0) -#pragma warning restore 618 - throw new ArgumentException(Environment.GetResourceString("Arg_EnumIllegalVal", (int)type)); - Contract.EndContractBlock(); - } - - // - // Object Overrides - // - - /// - int IBuiltInPermission.GetTokenIndex() - { - return SecurityPermission.GetTokenIndex(); - } - - internal static int GetTokenIndex() - { - return BuiltInPermissionIndex.SecurityPermissionIndex; - } - } -} diff --git a/src/mscorlib/src/System/Security/Permissions/StrongNamePublicKeyBlob.cs b/src/mscorlib/src/System/Security/Permissions/StrongNamePublicKeyBlob.cs deleted file mode 100644 index e3ded7c..0000000 --- a/src/mscorlib/src/System/Security/Permissions/StrongNamePublicKeyBlob.cs +++ /dev/null @@ -1,79 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -namespace System.Security.Permissions -{ - using System; - using System.Security.Util; - using System.Diagnostics.Contracts; - - [System.Runtime.InteropServices.ComVisible(true)] - [Serializable] sealed internal class StrongNamePublicKeyBlob - { - internal byte[] PublicKey; - - internal StrongNamePublicKeyBlob() - { - } - - private static bool CompareArrays( byte[] first, byte[] second ) - { - if (first.Length != second.Length) - { - return false; - } - - int count = first.Length; - for (int i = 0; i < count; ++i) - { - if (first[i] != second[i]) - return false; - } - - return true; - } - - - internal bool Equals( StrongNamePublicKeyBlob blob ) - { - if (blob == null) - return false; - else - return CompareArrays( this.PublicKey, blob.PublicKey ); - } - - public override bool Equals( Object obj ) - { - if (obj == null || !(obj is StrongNamePublicKeyBlob)) - return false; - - return this.Equals( (StrongNamePublicKeyBlob)obj ); - } - - static private int GetByteArrayHashCode( byte[] baData ) - { - if (baData == null) - return 0; - - int accumulator = 0; - - for (int i = 0; i < baData.Length; ++i) - { - accumulator = (accumulator << 8) ^ (int)baData[i] ^ (accumulator >> 24); - } - - return accumulator; - } - - public override int GetHashCode() - { - return GetByteArrayHashCode( PublicKey ); - } - - public override String ToString() - { - return Hex.EncodeHexString( PublicKey ); - } - } -} diff --git a/src/mscorlib/src/System/Security/Permissions/UIPermission.cs b/src/mscorlib/src/System/Security/Permissions/UIPermission.cs deleted file mode 100644 index 14b2da3..0000000 --- a/src/mscorlib/src/System/Security/Permissions/UIPermission.cs +++ /dev/null @@ -1,247 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -namespace System.Security.Permissions -{ - using System; - using System.Security; - using System.Security.Util; - using System.IO; - using System.Runtime.Serialization; - using System.Reflection; - using System.Collections; - using System.Globalization; - using System.Diagnostics.Contracts; - - [Serializable] -[System.Runtime.InteropServices.ComVisible(true)] - internal enum UIPermissionWindow - { - // No window use allowed at all. - NoWindows = 0x0, - - // Only allow safe subwindow use (for embedded components). - SafeSubWindows = 0x01, - - // Safe top-level window use only (see specification for details). - SafeTopLevelWindows = 0x02, - - // All windows and all event may be used. - AllWindows = 0x03, - - } - - [Serializable] -[System.Runtime.InteropServices.ComVisible(true)] - internal enum UIPermissionClipboard - { - // No clipboard access is allowed. - NoClipboard = 0x0, - - // Paste from the same app domain only. - OwnClipboard = 0x1, - - // Any clipboard access is allowed. - AllClipboard = 0x2, - - } - - -[System.Runtime.InteropServices.ComVisible(true)] - [Serializable] - sealed internal class UIPermission - : CodeAccessPermission, IUnrestrictedPermission, IBuiltInPermission - { - //------------------------------------------------------ - // - // PRIVATE STATE DATA - // - //------------------------------------------------------ - - private UIPermissionWindow m_windowFlag; - private UIPermissionClipboard m_clipboardFlag; - - //------------------------------------------------------ - // - // PUBLIC CONSTRUCTORS - // - //------------------------------------------------------ - - public UIPermission(PermissionState state) - { - if (state == PermissionState.Unrestricted) - { - SetUnrestricted( true ); - } - else if (state == PermissionState.None) - { - SetUnrestricted( false ); - Reset(); - } - else - { - throw new ArgumentException(Environment.GetResourceString("Argument_InvalidPermissionState")); - } - } - - public UIPermission(UIPermissionWindow windowFlag, UIPermissionClipboard clipboardFlag ) - { - VerifyWindowFlag( windowFlag ); - VerifyClipboardFlag( clipboardFlag ); - - m_windowFlag = windowFlag; - m_clipboardFlag = clipboardFlag; - } - - //------------------------------------------------------ - // - // PRIVATE AND PROTECTED HELPERS FOR ACCESSORS AND CONSTRUCTORS - // - //------------------------------------------------------ - - private static void VerifyWindowFlag(UIPermissionWindow flag) - { - if (flag < UIPermissionWindow.NoWindows || flag > UIPermissionWindow.AllWindows) - { - throw new ArgumentException(Environment.GetResourceString("Arg_EnumIllegalVal", (int)flag)); - } - Contract.EndContractBlock(); - } - - private static void VerifyClipboardFlag(UIPermissionClipboard flag) - { - if (flag < UIPermissionClipboard.NoClipboard || flag > UIPermissionClipboard.AllClipboard) - { - throw new ArgumentException(Environment.GetResourceString("Arg_EnumIllegalVal", (int)flag)); - } - Contract.EndContractBlock(); - } - - private void Reset() - { - m_windowFlag = UIPermissionWindow.NoWindows; - m_clipboardFlag = UIPermissionClipboard.NoClipboard; - } - - private void SetUnrestricted( bool unrestricted ) - { - if (unrestricted) - { - m_windowFlag = UIPermissionWindow.AllWindows; - m_clipboardFlag = UIPermissionClipboard.AllClipboard; - } - } - - - //------------------------------------------------------ - // - // CODEACCESSPERMISSION IMPLEMENTATION - // - //------------------------------------------------------ - - public bool IsUnrestricted() - { - return m_windowFlag == UIPermissionWindow.AllWindows && m_clipboardFlag == UIPermissionClipboard.AllClipboard; - } - - //------------------------------------------------------ - // - // IPERMISSION IMPLEMENTATION - // - //------------------------------------------------------ - - public override bool IsSubsetOf(IPermission target) - { - if (target == null) - { - // Only safe subset if this is empty - return m_windowFlag == UIPermissionWindow.NoWindows && m_clipboardFlag == UIPermissionClipboard.NoClipboard; - } - - try - { - UIPermission operand = (UIPermission)target; - if (operand.IsUnrestricted()) - return true; - else if (this.IsUnrestricted()) - return false; - else - return this.m_windowFlag <= operand.m_windowFlag && this.m_clipboardFlag <= operand.m_clipboardFlag; - } - catch (InvalidCastException) - { - throw new - ArgumentException( - Environment.GetResourceString("Argument_WrongType", this.GetType().FullName) - ); - } - - } - - public override IPermission Intersect(IPermission target) - { - if (target == null) - { - return null; - } - else if (!VerifyType(target)) - { - throw new - ArgumentException( - Environment.GetResourceString("Argument_WrongType", this.GetType().FullName) - ); - } - - UIPermission operand = (UIPermission)target; - UIPermissionWindow isectWindowFlags = m_windowFlag < operand.m_windowFlag ? m_windowFlag : operand.m_windowFlag; - UIPermissionClipboard isectClipboardFlags = m_clipboardFlag < operand.m_clipboardFlag ? m_clipboardFlag : operand.m_clipboardFlag; - if (isectWindowFlags == UIPermissionWindow.NoWindows && isectClipboardFlags == UIPermissionClipboard.NoClipboard) - return null; - else - return new UIPermission(isectWindowFlags, isectClipboardFlags); - } - - public override IPermission Union(IPermission target) - { - if (target == null) - { - return this.Copy(); - } - else if (!VerifyType(target)) - { - throw new - ArgumentException( - Environment.GetResourceString("Argument_WrongType", this.GetType().FullName) - ); - } - - UIPermission operand = (UIPermission)target; - UIPermissionWindow isectWindowFlags = m_windowFlag > operand.m_windowFlag ? m_windowFlag : operand.m_windowFlag; - UIPermissionClipboard isectClipboardFlags = m_clipboardFlag > operand.m_clipboardFlag ? m_clipboardFlag : operand.m_clipboardFlag; - if (isectWindowFlags == UIPermissionWindow.NoWindows && isectClipboardFlags == UIPermissionClipboard.NoClipboard) - return null; - else - return new UIPermission(isectWindowFlags, isectClipboardFlags); - } - - public override IPermission Copy() - { - return new UIPermission(this.m_windowFlag, this.m_clipboardFlag); - } - - /// - int IBuiltInPermission.GetTokenIndex() - { - return UIPermission.GetTokenIndex(); - } - - internal static int GetTokenIndex() - { - return BuiltInPermissionIndex.UIPermissionIndex; - } - - } - - -} diff --git a/src/mscorlib/src/System/Security/Policy/ApplicationTrust.cs b/src/mscorlib/src/System/Security/Policy/ApplicationTrust.cs deleted file mode 100644 index 917582f..0000000 --- a/src/mscorlib/src/System/Security/Policy/ApplicationTrust.cs +++ /dev/null @@ -1,86 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -// -// This class encapsulates security decisions about an application. -// - -namespace System.Security.Policy -{ - using System.Collections; - using System.Collections.Generic; - using System.Globalization; - using System.IO; - using System.Runtime.InteropServices; - using System.Runtime.Versioning; - using System.Security.Permissions; - using System.Security.Util; - using System.Text; - using System.Threading; - using System.Diagnostics.Contracts; - - [System.Runtime.InteropServices.ComVisible(true)] - [Serializable] - internal sealed class ApplicationTrust : EvidenceBase - { - private PolicyStatement m_psDefaultGrant; - private IList m_fullTrustAssemblies; - - // Permission special flags for the default grant set in this ApplicationTrust. This should be - // updated in sync with any updates to the default grant set. - // - // In the general case, these values cannot be trusted - we only store a reference to the - // DefaultGrantSet, and return the reference directly, which means that code can update the - // permission set without our knowledge. That would lead to the flags getting out of sync with the - // grant set. - // - // However, we only care about these flags when we're creating a homogenous AppDomain, and in that - // case we control the ApplicationTrust object end-to-end, and know that the permission set will not - // change after the flags are calculated. - [NonSerialized] - private int m_grantSetSpecialFlags; - - public ApplicationTrust () : this (new PermissionSet(PermissionState.None)) - { - } - - internal ApplicationTrust (PermissionSet defaultGrantSet) - { - InitDefaultGrantSet(defaultGrantSet); - - m_fullTrustAssemblies = new List().AsReadOnly(); - } - - // Sets up the default grant set for all constructors. Extracted to avoid the cost of - // IEnumerable virtual dispatches on startup when there are no fullTrustAssemblies (CoreCLR) - private void InitDefaultGrantSet(PermissionSet defaultGrantSet) { - if (defaultGrantSet == null) { - throw new ArgumentNullException(nameof(defaultGrantSet)); - } - - // Creating a PolicyStatement copies the incoming permission set, so we don't have to worry - // about the PermissionSet parameter changing underneath us after we've calculated the - // permisison flags in the DefaultGrantSet setter. - DefaultGrantSet = new PolicyStatement(defaultGrantSet); - } - - public PolicyStatement DefaultGrantSet { - get { - if (m_psDefaultGrant == null) - return new PolicyStatement(new PermissionSet(PermissionState.None)); - return m_psDefaultGrant; - } - set { - if (value == null) { - m_psDefaultGrant = null; - m_grantSetSpecialFlags = 0; - } - else { - m_psDefaultGrant = value; - m_grantSetSpecialFlags = SecurityManager.GetSpecialFlags(m_psDefaultGrant.PermissionSet, null); - } - } - } - } -} diff --git a/src/mscorlib/src/System/Security/Policy/Evidence.cs b/src/mscorlib/src/System/Security/Policy/Evidence.cs deleted file mode 100644 index 783f8de..0000000 --- a/src/mscorlib/src/System/Security/Policy/Evidence.cs +++ /dev/null @@ -1,31 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -namespace System.Security.Policy -{ - using System.Runtime.InteropServices; - - /// - /// The Evidence class keeps track of information that can be used to make security decisions about - /// an assembly or an AppDomain. There are two types of evidence, one is supplied by the CLR or a - /// host, the other supplied by the assembly itself. - /// - /// We keep a dictionary that maps each type of possbile evidence to an EvidenceTypeDescriptor which - /// contains the evidence objects themselves if they exist as well as some extra metadata about that - /// type of evidence. This dictionary is fully populated with keys for host evidence at all times and - /// for assembly evidence the first time the application evidence is touched. This means that if a - /// Type key does not exist in the dictionary, then that particular type of evidence will never be - /// given to the assembly or AppDomain in question as host evidence. The only exception is if the - /// user later manually adds host evidence via the AddHostEvidence API. - /// - /// Assembly supplied evidence is created up front, however host supplied evidence may be lazily - /// created. In the lazy creation case, the Type will map to either an EvidenceTypeDescriptor that does - /// not contain any evidence data or null. As requests come in for that evidence, we'll populate the - /// EvidenceTypeDescriptor appropriately. - /// - [ComVisible(true)] - internal sealed class Evidence - { - } -} diff --git a/src/mscorlib/src/System/Security/Policy/EvidenceBase.cs b/src/mscorlib/src/System/Security/Policy/EvidenceBase.cs deleted file mode 100644 index 4acf282..0000000 --- a/src/mscorlib/src/System/Security/Policy/EvidenceBase.cs +++ /dev/null @@ -1,29 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -// - -using System; -using System.Collections; -using System.Collections.Generic; -using System.Diagnostics; -using System.Diagnostics.Contracts; -using System.IO; -using System.Runtime.InteropServices; -using System.Security.Permissions; - -namespace System.Security.Policy -{ - /// - /// Base class from which all objects to be used as Evidence must derive - /// - [ComVisible(true)] - [Serializable] - internal abstract class EvidenceBase - { - protected EvidenceBase() - { - } - } -} diff --git a/src/mscorlib/src/System/Security/Policy/PolicyStatement.cs b/src/mscorlib/src/System/Security/Policy/PolicyStatement.cs deleted file mode 100644 index 6acf7a7..0000000 --- a/src/mscorlib/src/System/Security/Policy/PolicyStatement.cs +++ /dev/null @@ -1,136 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -// -// Represents the policy associated with some piece of evidence -// -using System.Diagnostics.Contracts; -namespace System.Security.Policy { - - using System; - using System.Security; - using System.Security.Util; - using Math = System.Math; - using System.Collections; - using System.Collections.Generic; - using System.Security.Permissions; - using System.Text; - using System.Globalization; -[Serializable] - [Flags] -[System.Runtime.InteropServices.ComVisible(true)] - internal enum PolicyStatementAttribute - { - Nothing = 0x0, - Exclusive = 0x01, - LevelFinal = 0x02, - All = 0x03, - } - - [Serializable] - [System.Runtime.InteropServices.ComVisible(true)] - sealed internal class PolicyStatement - { - // The PermissionSet associated with this policy - internal PermissionSet m_permSet; - - // The bitfield of inheritance properties associated with this policy - internal PolicyStatementAttribute m_attributes; - - internal PolicyStatement() - { - m_permSet = null; - m_attributes = PolicyStatementAttribute.Nothing; - } - - public PolicyStatement( PermissionSet permSet ) - : this( permSet, PolicyStatementAttribute.Nothing ) - { - } - - public PolicyStatement( PermissionSet permSet, PolicyStatementAttribute attributes ) - { - if (permSet == null) - { - m_permSet = new PermissionSet( false ); - } - else - { - m_permSet = permSet.Copy(); - } - if (ValidProperties( attributes )) - { - m_attributes = attributes; - } - } - - public PermissionSet PermissionSet - { - get - { - lock (this) - { - return m_permSet.Copy(); - } - } - - set - { - lock (this) - { - if (value == null) - { - m_permSet = new PermissionSet( false ); - } - else - { - m_permSet = value.Copy(); - } - } - } - } - - private static bool ValidProperties( PolicyStatementAttribute attributes ) - { - if ((attributes & ~(PolicyStatementAttribute.All)) == 0) - { - return true; - } - else - { - throw new ArgumentException( Environment.GetResourceString( "Argument_InvalidFlag" ) ); - } - } - - [System.Runtime.InteropServices.ComVisible(false)] - public override bool Equals( Object obj ) - { - PolicyStatement other = obj as PolicyStatement; - - if (other == null) - return false; - - if (this.m_attributes != other.m_attributes) - return false; - - if (!Object.Equals( this.m_permSet, other.m_permSet )) - return false; - - return true; - } - - [System.Runtime.InteropServices.ComVisible(false)] - public override int GetHashCode() - { - int accumulator = (int)this.m_attributes; - - if (m_permSet != null) - accumulator = accumulator ^ m_permSet.GetHashCode(); - - return accumulator; - } - - } -} - diff --git a/src/mscorlib/src/System/Security/Policy/StrongName.cs b/src/mscorlib/src/System/Security/Policy/StrongName.cs deleted file mode 100644 index 41cd000..0000000 --- a/src/mscorlib/src/System/Security/Policy/StrongName.cs +++ /dev/null @@ -1,63 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -// - -// -// -// StrongName is an IIdentity representing strong names. -// - -namespace System.Security.Policy { - using System.IO; - using System.Reflection; - using System.Security.Util; - using System.Security.Permissions; - using System.Diagnostics.Contracts; - using CultureInfo = System.Globalization.CultureInfo; - - [Serializable] - [System.Runtime.InteropServices.ComVisible(true)] - internal sealed class StrongName : EvidenceBase - { - private StrongNamePublicKeyBlob m_publicKeyBlob; - private String m_name; - private Version m_version; - - // Delay evaluated evidence is for policy resolution only, so it doesn't make sense to save that - // state away and then try to evaluate the strong name later. - [NonSerialized] - private RuntimeAssembly m_assembly = null; - - [NonSerialized] - private bool m_wasUsed = false; - - internal StrongName() {} - - public override bool Equals( Object o ) - { - StrongName that = (o as StrongName); - return (that != null) && - Equals( this.m_publicKeyBlob, that.m_publicKeyBlob ) && - Equals( this.m_name, that.m_name ) && - Equals( this.m_version, that.m_version ); - } - - public override int GetHashCode() - { - if (m_publicKeyBlob != null) - { - return m_publicKeyBlob.GetHashCode(); - } - else if (m_name != null || m_version != null) - { - return (m_name == null ? 0 : m_name.GetHashCode()) + (m_version == null ? 0 : m_version.GetHashCode()); - } - else - { - return typeof( StrongName ).GetHashCode(); - } - } - } -} diff --git a/src/mscorlib/src/System/Security/Principal/IIdentity.cs b/src/mscorlib/src/System/Security/Principal/IIdentity.cs deleted file mode 100644 index 2bda6c6..0000000 --- a/src/mscorlib/src/System/Security/Principal/IIdentity.cs +++ /dev/null @@ -1,29 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -// - -// -// -// All identities will implement this interface -// - -namespace System.Security.Principal -{ - using System.Runtime.Remoting; - using System; - using System.Security.Util; - -[System.Runtime.InteropServices.ComVisible(true)] - public interface IIdentity { - // Access to the name string - string Name { get; } - - // Access to Authentication 'type' info - string AuthenticationType { get; } - - // Determine if this represents the unauthenticated identity - bool IsAuthenticated { get; } - } -} diff --git a/src/mscorlib/src/System/Security/Principal/IPrincipal.cs b/src/mscorlib/src/System/Security/Principal/IPrincipal.cs deleted file mode 100644 index 449cfb5..0000000 --- a/src/mscorlib/src/System/Security/Principal/IPrincipal.cs +++ /dev/null @@ -1,26 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -// - -// -// -// All roles will implement this interface -// - -namespace System.Security.Principal -{ - using System.Runtime.Remoting; - using System; - using System.Security.Util; - -[System.Runtime.InteropServices.ComVisible(true)] - public interface IPrincipal { - // Retrieve the identity object - IIdentity Identity { get; } - - // Perform a check for a specific role - bool IsInRole (string role); - } -} diff --git a/src/mscorlib/src/System/Security/Principal/TokenImpersonationLevel.cs b/src/mscorlib/src/System/Security/Principal/TokenImpersonationLevel.cs deleted file mode 100644 index 9eec46f..0000000 --- a/src/mscorlib/src/System/Security/Principal/TokenImpersonationLevel.cs +++ /dev/null @@ -1,15 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -namespace System.Security.Principal -{ - public enum TokenImpersonationLevel - { - None = 0, - Anonymous = 1, - Identification = 2, - Impersonation = 3, - Delegation = 4 - } -} diff --git a/src/mscorlib/src/System/Security/SecurityContext.cs b/src/mscorlib/src/System/Security/SecurityContext.cs deleted file mode 100644 index 2e978bb..0000000 --- a/src/mscorlib/src/System/Security/SecurityContext.cs +++ /dev/null @@ -1,38 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. -/*============================================================ -** -** -** -** -** -** Purpose: Capture security context for a thread -** -** -===========================================================*/ -namespace System.Security -{ - using Microsoft.Win32; - using Microsoft.Win32.SafeHandles; - using System.Threading; - using System.Runtime.Remoting; - using System.Collections; - using System.Runtime.Serialization; - using System.Security.Permissions; - using System.Runtime.InteropServices; - using System.Runtime.CompilerServices; - using System.Runtime.ExceptionServices; - using System.Runtime.ConstrainedExecution; - using System.Runtime.Versioning; - using System.Diagnostics; - using System.Diagnostics.Contracts; - - // This enum must be kept in sync with the SecurityContextSource enum in the VM - internal enum SecurityContextSource - { - CurrentAppDomain = 0, - CurrentAssembly - } - -} diff --git a/src/mscorlib/src/System/Security/SecurityException.cs b/src/mscorlib/src/System/Security/SecurityException.cs index 3530037..09264b1 100644 --- a/src/mscorlib/src/System/Security/SecurityException.cs +++ b/src/mscorlib/src/System/Security/SecurityException.cs @@ -24,7 +24,6 @@ namespace System.Security using System.Security.Policy; using System.IO; using System.Globalization; - using System.Security.Util; using System.Diagnostics.Contracts; [System.Runtime.InteropServices.ComVisible(true)] @@ -33,12 +32,11 @@ namespace System.Security { internal static string GetResString(string sResourceName) { - PermissionSet.s_fullTrust.Assert(); return Environment.GetResourceString(sResourceName); } #pragma warning disable 618 - internal static Exception MakeSecurityException(AssemblyName asmName, Evidence asmEvidence, PermissionSet granted, PermissionSet refused, RuntimeMethodHandleInternal rmh, SecurityAction action, Object demand, IPermission permThatFailed) + internal static Exception MakeSecurityException(AssemblyName asmName, Evidence asmEvidence, PermissionSet granted, PermissionSet refused, RuntimeMethodHandleInternal rmh, Object demand) #pragma warning restore 618 { return new SecurityException(GetResString("Arg_SecurityException")); @@ -63,9 +61,6 @@ namespace System.Security SetErrorCode(System.__HResults.COR_E_SECURITY); } - internal SecurityException(string message, Object deny, Object permitOnly, MethodInfo method, Object demanded, IPermission permThatFailed) - : this(){} - protected SecurityException(SerializationInfo info, StreamingContext context) : base(info, context) { if (info == null) diff --git a/src/mscorlib/src/System/Security/SecurityManager.cs b/src/mscorlib/src/System/Security/SecurityManager.cs deleted file mode 100644 index 521e678..0000000 --- a/src/mscorlib/src/System/Security/SecurityManager.cs +++ /dev/null @@ -1,143 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -// -// The SecurityManager class provides a general purpose API for interacting -// with the security system. -// - -namespace System.Security -{ - using System; - using System.Security.Permissions; - using System.Runtime.InteropServices; - using System.Runtime.CompilerServices; - - [System.Runtime.InteropServices.ComVisible(true)] - static internal class SecurityManager - { - private static int[][] s_BuiltInPermissionIndexMap = { - new int[] { BuiltInPermissionIndex.EnvironmentPermissionIndex, (int) PermissionType.EnvironmentPermission }, - new int[] { BuiltInPermissionIndex.FileDialogPermissionIndex, (int) PermissionType.FileDialogPermission }, - new int[] { BuiltInPermissionIndex.FileIOPermissionIndex, (int) PermissionType.FileIOPermission }, - new int[] { BuiltInPermissionIndex.ReflectionPermissionIndex, (int) PermissionType.ReflectionPermission }, - new int[] { BuiltInPermissionIndex.SecurityPermissionIndex, (int) PermissionType.SecurityPermission }, - new int[] { BuiltInPermissionIndex.UIPermissionIndex, (int) PermissionType.UIPermission } - }; - - private static CodeAccessPermission[] s_UnrestrictedSpecialPermissionMap = { - new EnvironmentPermission(PermissionState.Unrestricted), - new FileDialogPermission(PermissionState.Unrestricted), - new FileIOPermission(PermissionState.Unrestricted), - new ReflectionPermission(PermissionState.Unrestricted), - new SecurityPermission(PermissionState.Unrestricted), - new UIPermission(PermissionState.Unrestricted) - }; - - internal static int GetSpecialFlags (PermissionSet grantSet, PermissionSet deniedSet) { - if ((grantSet != null && grantSet.IsUnrestricted()) && (deniedSet == null || deniedSet.IsEmpty())) { - return -1; - } - else { - SecurityPermission securityPermission = null; -#pragma warning disable 618 - SecurityPermissionFlag securityPermissionFlags = SecurityPermissionFlag.NoFlags; -#pragma warning restore 618 - ReflectionPermission reflectionPermission = null; - ReflectionPermissionFlag reflectionPermissionFlags = ReflectionPermissionFlag.NoFlags; - - CodeAccessPermission[] specialPermissions = new CodeAccessPermission[6]; - if (grantSet != null) { - if (grantSet.IsUnrestricted()) { -#pragma warning disable 618 - securityPermissionFlags = SecurityPermissionFlag.AllFlags; -#pragma warning restore 618 - reflectionPermissionFlags = ReflectionPermission.AllFlagsAndMore; - for (int i = 0; i < specialPermissions.Length; i++) { - specialPermissions[i] = s_UnrestrictedSpecialPermissionMap[i]; - } - } - else { - securityPermission = grantSet.GetPermission(BuiltInPermissionIndex.SecurityPermissionIndex) as SecurityPermission; - if (securityPermission != null) - securityPermissionFlags = securityPermission.Flags; - reflectionPermission = grantSet.GetPermission(BuiltInPermissionIndex.ReflectionPermissionIndex) as ReflectionPermission; - if (reflectionPermission != null) - reflectionPermissionFlags = reflectionPermission.Flags; - for (int i = 0; i < specialPermissions.Length; i++) { - specialPermissions[i] = grantSet.GetPermission(s_BuiltInPermissionIndexMap[i][0]) as CodeAccessPermission; - } - } - } - - if (deniedSet != null) { - if (deniedSet.IsUnrestricted()) { -#pragma warning disable 618 - securityPermissionFlags = SecurityPermissionFlag.NoFlags; -#pragma warning restore 618 - reflectionPermissionFlags = ReflectionPermissionFlag.NoFlags; - for (int i = 0; i < s_BuiltInPermissionIndexMap.Length; i++) { - specialPermissions[i] = null; - } - } - else { - securityPermission = deniedSet.GetPermission(BuiltInPermissionIndex.SecurityPermissionIndex) as SecurityPermission; - if (securityPermission != null) - securityPermissionFlags &= ~securityPermission.Flags; - reflectionPermission = deniedSet.GetPermission(BuiltInPermissionIndex.ReflectionPermissionIndex) as ReflectionPermission; - if (reflectionPermission != null) - reflectionPermissionFlags &= ~reflectionPermission.Flags; - for (int i = 0; i < s_BuiltInPermissionIndexMap.Length; i++) { - CodeAccessPermission deniedSpecialPermission = deniedSet.GetPermission(s_BuiltInPermissionIndexMap[i][0]) as CodeAccessPermission; - if (deniedSpecialPermission != null && !deniedSpecialPermission.IsSubsetOf(null)) - specialPermissions[i] = null; // we don't care about the exact value here. - } - } - } - int flags = MapToSpecialFlags(securityPermissionFlags, reflectionPermissionFlags); - if (flags != -1) { - for (int i = 0; i < specialPermissions.Length; i++) { - if (specialPermissions[i] != null && ((IUnrestrictedPermission) specialPermissions[i]).IsUnrestricted()) - flags |= (1 << (int) s_BuiltInPermissionIndexMap[i][1]); - } - } - return flags; - } - } - -#pragma warning disable 618 - private static int MapToSpecialFlags (SecurityPermissionFlag securityPermissionFlags, ReflectionPermissionFlag reflectionPermissionFlags) { - int flags = 0; - if ((securityPermissionFlags & SecurityPermissionFlag.UnmanagedCode) == SecurityPermissionFlag.UnmanagedCode) - flags |= (1 << (int) PermissionType.SecurityUnmngdCodeAccess); - if ((securityPermissionFlags & SecurityPermissionFlag.SkipVerification) == SecurityPermissionFlag.SkipVerification) - flags |= (1 << (int) PermissionType.SecuritySkipVerification); - if ((securityPermissionFlags & SecurityPermissionFlag.Assertion) == SecurityPermissionFlag.Assertion) - flags |= (1 << (int) PermissionType.SecurityAssert); - if ((securityPermissionFlags & SecurityPermissionFlag.SerializationFormatter) == SecurityPermissionFlag.SerializationFormatter) - flags |= (1 << (int) PermissionType.SecuritySerialization); - if ((securityPermissionFlags & SecurityPermissionFlag.BindingRedirects) == SecurityPermissionFlag.BindingRedirects) - flags |= (1 << (int) PermissionType.SecurityBindingRedirects); - if ((securityPermissionFlags & SecurityPermissionFlag.ControlEvidence) == SecurityPermissionFlag.ControlEvidence) - flags |= (1 << (int) PermissionType.SecurityControlEvidence); - if ((securityPermissionFlags & SecurityPermissionFlag.ControlPrincipal) == SecurityPermissionFlag.ControlPrincipal) - flags |= (1 << (int) PermissionType.SecurityControlPrincipal); - - if ((reflectionPermissionFlags & ReflectionPermissionFlag.RestrictedMemberAccess) == ReflectionPermissionFlag.RestrictedMemberAccess) - flags |= (1 << (int)PermissionType.ReflectionRestrictedMemberAccess); - if ((reflectionPermissionFlags & ReflectionPermissionFlag.MemberAccess) == ReflectionPermissionFlag.MemberAccess) - flags |= (1 << (int) PermissionType.ReflectionMemberAccess); - - return flags; - } -#pragma warning restore 618 - - [DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode)] - [SuppressUnmanagedCodeSecurity] - internal static extern bool IsSameType(String strLeft, String strRight); - - [MethodImplAttribute(MethodImplOptions.InternalCall)] - internal static extern bool _SetThreadSecurity(bool bThreadSecurity); - } -} diff --git a/src/mscorlib/src/System/Security/SecurityRuntime.cs b/src/mscorlib/src/System/Security/SecurityRuntime.cs deleted file mode 100644 index 84a169a..0000000 --- a/src/mscorlib/src/System/Security/SecurityRuntime.cs +++ /dev/null @@ -1,85 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -// - -namespace System.Security -{ - using System; - using System.Globalization; - using System.Threading; - using System.Reflection; - using System.Collections; - using System.Runtime.CompilerServices; - using System.Security.Permissions; - using System.Runtime.Versioning; - using System.Diagnostics.Contracts; - - internal class SecurityRuntime - { - private SecurityRuntime(){} - - // Constants used to return status to native - internal const bool StackContinue = true; - internal const bool StackHalt = false; - - // this method is a big perf hit, so don't call unnecessarily - internal static MethodInfo GetMethodInfo(RuntimeMethodHandleInternal rmh) - { - if (rmh.IsNullHandle()) - return null; - -#if _DEBUG - try - { -#endif - // Assert here because reflection will check grants and if we fail the check, - // there will be an infinite recursion that overflows the stack. - PermissionSet.s_fullTrust.Assert(); - return (System.RuntimeType.GetMethodBase(RuntimeMethodHandle.GetDeclaringType(rmh), rmh) as MethodInfo); -#if _DEBUG - } - catch(Exception) - { - return null; - } -#endif - } - - private static bool FrameDescSetHelper(FrameSecurityDescriptor secDesc, - PermissionSet demandSet, - out PermissionSet alteredDemandSet, - RuntimeMethodHandleInternal rmh) - { - return secDesc.CheckSetDemand(demandSet, out alteredDemandSet, rmh); - } - - private static bool FrameDescHelper(FrameSecurityDescriptor secDesc, - IPermission demandIn, - PermissionToken permToken, - RuntimeMethodHandleInternal rmh) - { - return secDesc.CheckDemand((CodeAccessPermission) demandIn, permToken, rmh); - } - - - // - // API for PermissionSets - // - - internal static void Assert(PermissionSet permSet, ref StackCrawlMark stackMark) - { - } - - // - // Revert API - // - - internal static void RevertAssert(ref StackCrawlMark stackMark) - { - } - } -} - - diff --git a/src/mscorlib/src/System/Security/SecurityZone.cs b/src/mscorlib/src/System/Security/SecurityZone.cs deleted file mode 100644 index 6616cdc..0000000 --- a/src/mscorlib/src/System/Security/SecurityZone.cs +++ /dev/null @@ -1,14 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -// -// -// Enumeration of the zones code can come from -// - -namespace System.Security -{ - using System; - using System.Runtime.InteropServices; -} diff --git a/src/mscorlib/src/System/Security/Util/Hex.cs b/src/mscorlib/src/System/Security/Util/Hex.cs deleted file mode 100644 index 58dc20a..0000000 --- a/src/mscorlib/src/System/Security/Util/Hex.cs +++ /dev/null @@ -1,54 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -/* - * - * Operations to convert to and from Hex - * - */ - -namespace System.Security.Util -{ - using System; - using System.Security; - using System.Diagnostics.Contracts; - internal static class Hex - { - // converts number to hex digit. Does not do any range checks. - static char HexDigit(int num) { - return (char)((num < 10) ? (num + '0') : (num + ('A' - 10))); - } - - public static String EncodeHexString(byte[] sArray) - { - String result = null; - - if(sArray != null) { - char[] hexOrder = new char[sArray.Length * 2]; - - int digit; - for(int i = 0, j = 0; i < sArray.Length; i++) { - digit = (int)((sArray[i] & 0xf0) >> 4); - hexOrder[j++] = HexDigit(digit); - digit = (int)(sArray[i] & 0x0f); - hexOrder[j++] = HexDigit(digit); - } - result = new String(hexOrder); - } - return result; - } - - public static int ConvertHexDigit(Char val) - { - if (val <= '9' && val >= '0') - return (val - '0'); - else if (val >= 'a' && val <= 'f') - return ((val - 'a') + 10); - else if (val >= 'A' && val <= 'F') - return ((val - 'A') + 10); - else - throw new ArgumentException( Environment.GetResourceString( "ArgumentOutOfRange_Index" ) ); - } - } -} diff --git a/src/mscorlib/src/System/Security/Util/StringExpressionSet.cs b/src/mscorlib/src/System/Security/Util/StringExpressionSet.cs deleted file mode 100644 index 6d48f92..0000000 --- a/src/mscorlib/src/System/Security/Util/StringExpressionSet.cs +++ /dev/null @@ -1,746 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -namespace System.Security.Util { - using System.Text; - using System; - using System.Collections; - using System.Collections.Generic; - using System.Runtime.CompilerServices; - using System.Runtime.InteropServices; - using System.Globalization; - using System.Runtime.Versioning; - using System.IO; - using System.Diagnostics; - using System.Diagnostics.Contracts; - - [Serializable] - internal class StringExpressionSet - { - // This field, as well as the expressions fields below are critical since they may contain - // canonicalized full path data potentially built out of relative data passed as input to the - // StringExpressionSet. Full trust code using the string expression set needs to ensure that before - // exposing this data out to partial trust, they protect against this. Possibilities include: - // - // 1. Using the throwOnRelative flag - // 2. Ensuring that the partial trust code has permission to see full path data - // 3. Not using this set for paths (eg EnvironmentStringExpressionSet) - // - protected ArrayList m_list; - protected bool m_ignoreCase; - protected String m_expressions; - protected String[] m_expressionsArray; - - protected bool m_throwOnRelative; - - private const char Separator = ';'; -#if !PLATFORM_UNIX - protected static readonly char m_directorySeparator = '\\'; - protected static readonly char m_alternateDirectorySeparator = '/'; -#else - protected static readonly char m_directorySeparator = '/'; - protected static readonly char m_alternateDirectorySeparator = '\\'; -#endif // !PLATFORM_UNIX - - public StringExpressionSet() - : this( true, null, false ) - { - } - - public StringExpressionSet( bool ignoreCase, bool throwOnRelative ) - : this( ignoreCase, null, throwOnRelative ) - { - } - - public StringExpressionSet( bool ignoreCase, String str, bool throwOnRelative ) - { - m_list = null; - m_ignoreCase = ignoreCase; - m_throwOnRelative = throwOnRelative; - if (str == null) - m_expressions = null; - else - AddExpressions( str ); - } - - protected virtual StringExpressionSet CreateNewEmpty() - { - return new StringExpressionSet(); - } - - public virtual StringExpressionSet Copy() - { - // SafeCritical: just copying this value around, not leaking it - - StringExpressionSet copy = CreateNewEmpty(); - if (this.m_list != null) - copy.m_list = new ArrayList(this.m_list); - - copy.m_expressions = this.m_expressions; - copy.m_ignoreCase = this.m_ignoreCase; - copy.m_throwOnRelative = this.m_throwOnRelative; - return copy; - } - - public void SetThrowOnRelative( bool throwOnRelative ) - { - this.m_throwOnRelative = throwOnRelative; - } - - private static String StaticProcessWholeString( String str ) - { - return str.Replace( m_alternateDirectorySeparator, m_directorySeparator ); - } - - private static String StaticProcessSingleString( String str ) - { - return str.Trim(' '); - } - - protected virtual String ProcessWholeString( String str ) - { - return StaticProcessWholeString(str); - } - - protected virtual String ProcessSingleString( String str ) - { - return StaticProcessSingleString(str); - } - - public void AddExpressions( String str ) - { - if (str == null) - throw new ArgumentNullException( nameof(str) ); - Contract.EndContractBlock(); - if (str.Length == 0) - return; - - str = ProcessWholeString( str ); - - if (m_expressions == null) - m_expressions = str; - else - m_expressions = m_expressions + Separator + str; - - m_expressionsArray = null; - - // We have to parse the string and compute the list here. - // The logic in this class tries to delay this parsing but - // since operations like IsSubsetOf are called during - // demand evaluation, it is not safe to delay this step - // as that would cause concurring threads to update the object - // at the same time. The CheckList operation should ideally be - // removed from this class, but for the sake of keeping the - // changes to a minimum here, we simply make sure m_list - // cannot be null by parsing m_expressions eagerly. - - String[] arystr = Split( str ); - - if (m_list == null) - m_list = new ArrayList(); - - for (int index = 0; index < arystr.Length; ++index) - { - if (arystr[index] != null && !arystr[index].Equals( "" )) - { - String temp = ProcessSingleString( arystr[index] ); - int indexOfNull = temp.IndexOf( '\0' ); - - if (indexOfNull != -1) - temp = temp.Substring( 0, indexOfNull ); - - if (temp != null && !temp.Equals( "" )) - { - if (m_throwOnRelative) - { - if (PathInternal.IsPartiallyQualified(temp)) - { - throw new ArgumentException( Environment.GetResourceString( "Argument_AbsolutePathRequired" ) ); - } - - temp = CanonicalizePath( temp ); - } - - m_list.Add( temp ); - } - } - } - - Reduce(); - } - - public void AddExpressions( String[] str, bool checkForDuplicates, bool needFullPath ) - { - AddExpressions(CreateListFromExpressions(str, needFullPath), checkForDuplicates); - } - - public void AddExpressions( ArrayList exprArrayList, bool checkForDuplicates) - { - Debug.Assert( m_throwOnRelative, "This should only be called when throw on relative is set" ); - - m_expressionsArray = null; - m_expressions = null; - - if (m_list != null) - m_list.AddRange(exprArrayList); - else - m_list = new ArrayList(exprArrayList); - - if (checkForDuplicates) - Reduce(); - } - - - internal static ArrayList CreateListFromExpressions(String[] str, bool needFullPath) - { - if (str == null) - { - throw new ArgumentNullException( nameof(str) ); - } - Contract.EndContractBlock(); - ArrayList retArrayList = new ArrayList(); - for (int index = 0; index < str.Length; ++index) - { - if (str[index] == null) - throw new ArgumentNullException( nameof(str) ); - - // Replace alternate directory separators - String oneString = StaticProcessWholeString( str[index] ); - - if (oneString != null && oneString.Length != 0) - { - // Trim leading and trailing spaces - String temp = StaticProcessSingleString( oneString); - - int indexOfNull = temp.IndexOf( '\0' ); - - if (indexOfNull != -1) - temp = temp.Substring( 0, indexOfNull ); - - if (temp != null && temp.Length != 0) - { - if (PathInternal.IsPartiallyQualified(temp)) - { - throw new ArgumentException(Environment.GetResourceString( "Argument_AbsolutePathRequired" ) ); - } - - temp = CanonicalizePath( temp, needFullPath ); - - retArrayList.Add( temp ); - } - } - } - - return retArrayList; - } - - protected void CheckList() - { - if (m_list == null && m_expressions != null) - { - CreateList(); - } - } - - protected String[] Split( String expressions ) - { - if (m_throwOnRelative) - { - List tempList = new List(); - - String[] quoteSplit = expressions.Split( '\"' ); - - for (int i = 0; i < quoteSplit.Length; ++i) - { - if (i % 2 == 0) - { - String[] semiSplit = quoteSplit[i].Split( ';' ); - - for (int j = 0; j < semiSplit.Length; ++j) - { - if (semiSplit[j] != null && !semiSplit[j].Equals( "" )) - tempList.Add( semiSplit[j] ); - } - } - else - { - tempList.Add( quoteSplit[i] ); - } - } - - String[] finalArray = new String[tempList.Count]; - - IEnumerator enumerator = tempList.GetEnumerator(); - - int index = 0; - while (enumerator.MoveNext()) - { - finalArray[index++] = (String)enumerator.Current; - } - - return finalArray; - } - else - { - return expressions.Split(Separator); - } - } - - - protected void CreateList() - { - String[] expressionsArray = Split( m_expressions ); - - m_list = new ArrayList(); - - for (int index = 0; index < expressionsArray.Length; ++index) - { - if (expressionsArray[index] != null && !expressionsArray[index].Equals( "" )) - { - String temp = ProcessSingleString( expressionsArray[index] ); - - int indexOfNull = temp.IndexOf( '\0' ); - - if (indexOfNull != -1) - temp = temp.Substring( 0, indexOfNull ); - - if (temp != null && !temp.Equals( "" )) - { - if (m_throwOnRelative) - { - if (PathInternal.IsPartiallyQualified(temp)) - { - throw new ArgumentException( Environment.GetResourceString( "Argument_AbsolutePathRequired" ) ); - } - - temp = CanonicalizePath( temp ); - } - - m_list.Add( temp ); - } - } - } - } - - public bool IsEmpty() - { - // SafeCritical: we're just showing that the expressions are empty, the sensitive portion is their - // contents - not the existence of the contents - if (m_list == null) - { - return m_expressions == null; - } - else - { - return m_list.Count == 0; - } - } - - public bool IsSubsetOf( StringExpressionSet ses ) - { - if (this.IsEmpty()) - return true; - - if (ses == null || ses.IsEmpty()) - return false; - - CheckList(); - ses.CheckList(); - - for (int index = 0; index < this.m_list.Count; ++index) - { - if (!StringSubsetStringExpression( (String)this.m_list[index], ses, m_ignoreCase )) - { - return false; - } - } - return true; - } - - public bool IsSubsetOfPathDiscovery( StringExpressionSet ses ) - { - if (this.IsEmpty()) - return true; - - if (ses == null || ses.IsEmpty()) - return false; - - CheckList(); - ses.CheckList(); - - for (int index = 0; index < this.m_list.Count; ++index) - { - if (!StringSubsetStringExpressionPathDiscovery( (String)this.m_list[index], ses, m_ignoreCase )) - { - return false; - } - } - return true; - } - - - public StringExpressionSet Union( StringExpressionSet ses ) - { - // If either set is empty, the union represents a copy of the other. - - if (ses == null || ses.IsEmpty()) - return this.Copy(); - - if (this.IsEmpty()) - return ses.Copy(); - - CheckList(); - ses.CheckList(); - - // Perform the union - // note: insert smaller set into bigger set to reduce needed comparisons - - StringExpressionSet bigger = ses.m_list.Count > this.m_list.Count ? ses : this; - StringExpressionSet smaller = ses.m_list.Count <= this.m_list.Count ? ses : this; - - StringExpressionSet unionSet = bigger.Copy(); - - unionSet.Reduce(); - - for (int index = 0; index < smaller.m_list.Count; ++index) - { - unionSet.AddSingleExpressionNoDuplicates( (String)smaller.m_list[index] ); - } - - unionSet.GenerateString(); - - return unionSet; - } - - - public StringExpressionSet Intersect( StringExpressionSet ses ) - { - // If either set is empty, the intersection is empty - - if (this.IsEmpty() || ses == null || ses.IsEmpty()) - return CreateNewEmpty(); - - CheckList(); - ses.CheckList(); - - // Do the intersection for real - - StringExpressionSet intersectSet = CreateNewEmpty(); - - for (int this_index = 0; this_index < this.m_list.Count; ++this_index) - { - for (int ses_index = 0; ses_index < ses.m_list.Count; ++ses_index) - { - if (StringSubsetString( (String)this.m_list[this_index], (String)ses.m_list[ses_index], m_ignoreCase )) - { - if (intersectSet.m_list == null) - { - intersectSet.m_list = new ArrayList(); - } - intersectSet.AddSingleExpressionNoDuplicates( (String)this.m_list[this_index] ); - } - else if (StringSubsetString( (String)ses.m_list[ses_index], (String)this.m_list[this_index], m_ignoreCase )) - { - if (intersectSet.m_list == null) - { - intersectSet.m_list = new ArrayList(); - } - intersectSet.AddSingleExpressionNoDuplicates( (String)ses.m_list[ses_index] ); - } - } - } - - intersectSet.GenerateString(); - - return intersectSet; - } - - protected void GenerateString() - { - // SafeCritical - moves critical data around, but doesn't expose it out - if (m_list != null) - { - StringBuilder sb = new StringBuilder(); - - IEnumerator enumerator = this.m_list.GetEnumerator(); - bool first = true; - - while (enumerator.MoveNext()) - { - if (!first) - sb.Append(Separator); - else - first = false; - - String currentString = (String)enumerator.Current; - if (currentString != null) - { - int indexOfSeparator = currentString.IndexOf(Separator); - - if (indexOfSeparator != -1) - sb.Append( '\"' ); - - sb.Append( currentString ); - - if (indexOfSeparator != -1) - sb.Append( '\"' ); - } - } - - m_expressions = sb.ToString(); - } - else - { - m_expressions = null; - } - } - - // We don't override ToString since that API must be either transparent or safe citical. If the - // expressions contain paths that were canonicalized and expanded from the input that would cause - // information disclosure, so we instead only expose this out to trusted code that can ensure they - // either don't leak the information or required full path information. - public string UnsafeToString() - { - CheckList(); - - Reduce(); - - GenerateString(); - - return m_expressions; - } - - public String[] UnsafeToStringArray() - { - if (m_expressionsArray == null && m_list != null) - { - m_expressionsArray = (String[])m_list.ToArray(typeof(String)); - } - - return m_expressionsArray; - } - - - //------------------------------- - // protected static helper functions - //------------------------------- - - private bool StringSubsetStringExpression( String left, StringExpressionSet right, bool ignoreCase ) - { - for (int index = 0; index < right.m_list.Count; ++index) - { - if (StringSubsetString( left, (String)right.m_list[index], ignoreCase )) - { - return true; - } - } - return false; - } - - private static bool StringSubsetStringExpressionPathDiscovery( String left, StringExpressionSet right, bool ignoreCase ) - { - for (int index = 0; index < right.m_list.Count; ++index) - { - if (StringSubsetStringPathDiscovery( left, (String)right.m_list[index], ignoreCase )) - { - return true; - } - } - return false; - } - - - protected virtual bool StringSubsetString( String left, String right, bool ignoreCase ) - { - StringComparison strComp = (ignoreCase ? StringComparison.OrdinalIgnoreCase : StringComparison.Ordinal); - if (right == null || left == null || right.Length == 0 || left.Length == 0 || - right.Length > left.Length) - { - return false; - } - else if (right.Length == left.Length) - { - // if they are equal in length, just do a normal compare - return String.Compare( right, left, strComp) == 0; - } - else if (left.Length - right.Length == 1 && left[left.Length-1] == m_directorySeparator) - { - return String.Compare( left, 0, right, 0, right.Length, strComp) == 0; - } - else if (right[right.Length-1] == m_directorySeparator) - { - // right is definitely a directory, just do a substring compare - return String.Compare( right, 0, left, 0, right.Length, strComp) == 0; - } - else if (left[right.Length] == m_directorySeparator) - { - // left is hinting at being a subdirectory on right, do substring compare to make find out - return String.Compare( right, 0, left, 0, right.Length, strComp) == 0; - } - else - { - return false; - } - } - - protected static bool StringSubsetStringPathDiscovery( String left, String right, bool ignoreCase ) - { - StringComparison strComp = (ignoreCase ? StringComparison.OrdinalIgnoreCase : StringComparison.Ordinal); - if (right == null || left == null || right.Length == 0 || left.Length == 0) - { - return false; - } - else if (right.Length == left.Length) - { - // if they are equal in length, just do a normal compare - return String.Compare( right, left, strComp) == 0; - } - else - { - String shortString, longString; - - if (right.Length < left.Length) - { - shortString = right; - longString = left; - } - else - { - shortString = left; - longString = right; - } - - if (String.Compare( shortString, 0, longString, 0, shortString.Length, strComp) != 0) - { - return false; - } - -#if !PLATFORM_UNIX - if (shortString.Length == 3 && - shortString.EndsWith( ":\\", StringComparison.Ordinal ) && - ((shortString[0] >= 'A' && shortString[0] <= 'Z') || - (shortString[0] >= 'a' && shortString[0] <= 'z'))) -#else - if (shortString.Length == 1 && shortString[0]== m_directorySeparator) -#endif // !PLATFORM_UNIX - return true; - - return longString[shortString.Length] == m_directorySeparator; - } - } - - - //------------------------------- - // protected helper functions - //------------------------------- - - protected void AddSingleExpressionNoDuplicates( String expression ) - { - // SafeCritical: We're not exposing out the string sets, just allowing modification of them - int index = 0; - - m_expressionsArray = null; - m_expressions = null; - - if (this.m_list == null) - this.m_list = new ArrayList(); - - while (index < this.m_list.Count) - { - if (StringSubsetString( (String)this.m_list[index], expression, m_ignoreCase )) - { - this.m_list.RemoveAt( index ); - } - else if (StringSubsetString( expression, (String)this.m_list[index], m_ignoreCase )) - { - return; - } - else - { - index++; - } - } - this.m_list.Add( expression ); - } - - protected void Reduce() - { - CheckList(); - - if (this.m_list == null) - return; - - int j; - - for (int i = 0; i < this.m_list.Count - 1; i++) - { - j = i + 1; - - while (j < this.m_list.Count) - { - if (StringSubsetString( (String)this.m_list[j], (String)this.m_list[i], m_ignoreCase )) - { - this.m_list.RemoveAt( j ); - } - else if (StringSubsetString( (String)this.m_list[i], (String)this.m_list[j], m_ignoreCase )) - { - // write the value at j into position i, delete the value at position j and keep going. - this.m_list[i] = this.m_list[j]; - this.m_list.RemoveAt( j ); - j = i + 1; - } - else - { - j++; - } - } - } - } - - [DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode)] - [SuppressUnmanagedCodeSecurity] - internal static extern void GetLongPathName( String path, StringHandleOnStack retLongPath ); - - internal static String CanonicalizePath( String path ) - { - return CanonicalizePath( path, true ); - } - - internal static string CanonicalizePath(string path, bool needFullPath) - { - if (needFullPath) - { - string newPath = Path.GetFullPath(path); - if (path.EndsWith(m_directorySeparator + ".", StringComparison.Ordinal)) - { - if (newPath.EndsWith(m_directorySeparator)) - { - newPath += "."; - } - else - { - newPath += m_directorySeparator + "."; - } - } - path = newPath; - } -#if !PLATFORM_UNIX - else if (path.IndexOf('~') != -1) - { - // GetFullPathInternal() will expand 8.3 file names - string longPath = null; - GetLongPathName(path, JitHelpers.GetStringHandleOnStack(ref longPath)); - path = (longPath != null) ? longPath : path; - } - - // This blocks usage of alternate data streams and some extended syntax paths (\\?\C:\). Checking after - // normalization allows valid paths such as " C:\" to be considered ok (as it will become "C:\"). - if (path.IndexOf(':', 2) != -1) - throw new NotSupportedException(Environment.GetResourceString("Argument_PathFormatNotSupported")); -#endif // !PLATFORM_UNIX - - return path; - } - } -} diff --git a/src/mscorlib/src/System/Security/Util/TokenBasedSet.cs b/src/mscorlib/src/System/Security/Util/TokenBasedSet.cs deleted file mode 100644 index 4e85c23..0000000 --- a/src/mscorlib/src/System/Security/Util/TokenBasedSet.cs +++ /dev/null @@ -1,349 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -namespace System.Security.Util -{ - using System; - using System.Collections; - using System.Security.Permissions; - using System.Runtime.Serialization; - using System.Threading; - using System.Diagnostics; - using System.Diagnostics.Contracts; - using System.Diagnostics.CodeAnalysis; - - internal class TokenBasedSet - { - - - // Following 3 fields are used only for serialization compat purposes: DO NOT USE THESE EVER! -#pragma warning disable 414 - private int m_initSize = 24; - private int m_increment = 8; -#pragma warning restore 414 - private Object[] m_objSet; - // END -> Serialization only fields - - [OptionalField(VersionAdded = 2)] - private volatile Object m_Obj; - [OptionalField(VersionAdded = 2)] - private volatile Object[] m_Set; - - private int m_cElt; - private volatile int m_maxIndex; - - - [OnDeserialized] - private void OnDeserialized(StreamingContext ctx) - { - OnDeserializedInternal(); - } - private void OnDeserializedInternal() - { - if (m_objSet != null) //v1.x case - { - if (m_cElt == 1) - m_Obj = m_objSet[m_maxIndex]; - else - m_Set = m_objSet; - m_objSet = null; - } - // Nothing to do for the v2.0 and beyond case - } - - [OnSerializing] - private void OnSerializing(StreamingContext ctx) - { - - if ((ctx.State & ~(StreamingContextStates.Clone|StreamingContextStates.CrossAppDomain)) != 0) - { - //Nothing special for the v2 and beyond case - - // for the v1.x case, we need to create m_objSet if necessary - if (m_cElt == 1) - { - m_objSet = new Object[m_maxIndex+1]; - m_objSet[m_maxIndex] = m_Obj; - } - else if (m_cElt > 0) - { - // Array case: - m_objSet = m_Set; - } - - } - } - [OnSerialized] - private void OnSerialized(StreamingContext ctx) - { - if ((ctx.State & ~(StreamingContextStates.Clone|StreamingContextStates.CrossAppDomain)) != 0) - { - m_objSet = null; - - } - } - - - internal bool MoveNext(ref TokenBasedSetEnumerator e) - { - switch (m_cElt) - { - case 0: - return false; - - case 1: - if (e.Index == -1) - { - e.Index = m_maxIndex; - e.Current = m_Obj; - return true; - } - else - { - e.Index = (short)(m_maxIndex+1); - e.Current = null; - return false; - } - - default: - while (++e.Index <= m_maxIndex) - { - e.Current = Volatile.Read(ref m_Set[e.Index]); - - if (e.Current != null) - return true; - } - - e.Current = null; - return false; - } - } - - internal TokenBasedSet() - { - Reset(); - } - - [SuppressMessage("Microsoft.Concurrency", "CA8001", Justification = "Reviewed for thread safety")] - internal TokenBasedSet(TokenBasedSet tbSet) - { - if (tbSet == null) - { - Reset(); - return; - } - - if (tbSet.m_cElt > 1) - { - Object[] aObj = tbSet.m_Set; - int aLen = aObj.Length; - - Object[] aNew = new Object[aLen]; - System.Array.Copy(aObj, 0, aNew, 0, aLen); - - m_Set = aNew; - } - else - { - m_Obj = tbSet.m_Obj; - } - - m_cElt = tbSet.m_cElt; - m_maxIndex = tbSet.m_maxIndex; - } - - internal void Reset() - { - m_Obj = null; - m_Set = null; - m_cElt = 0; - m_maxIndex = -1; - } - - internal void SetItem(int index, Object item) - { - Object[] aObj = null; - - if (item == null) - { - RemoveItem(index); - return; - } - - switch (m_cElt) - { - case 0: - // on the first item, we don't create an array, we merely remember it's index and value - // this this the 99% case - m_cElt = 1; - m_maxIndex = (short)index; - m_Obj = item; - break; - - case 1: - // we have to decide if a 2nd item has indeed been added and create the array - // if it has - if (index == m_maxIndex) - { - // replacing the one existing item - m_Obj = item; - } - else - { - // adding a second distinct permission - Object objSaved = m_Obj; - int iMax = Math.Max(m_maxIndex, index); - - aObj = new Object[iMax+1]; - aObj[m_maxIndex] = objSaved; - aObj[index] = item; - m_maxIndex = (short)iMax; - m_cElt = 2; - m_Set = aObj; - m_Obj = null; - } - break; - - default: - // this is the general case code for when there is really an array - - aObj = m_Set; - - // we are now adding an item, check if we need to grow - - if (index >= aObj.Length) - { - Object[] newset = new Object[index+1]; - System.Array.Copy(aObj, 0, newset, 0, m_maxIndex+1); - m_maxIndex = (short)index; - newset[index] = item; - m_Set = newset; - m_cElt++; - } - else - { - if (aObj[index] == null) - m_cElt++; - - aObj[index] = item; - - if (index > m_maxIndex) - m_maxIndex = (short)index; - } - break; - } - } - - [SuppressMessage("Microsoft.Concurrency", "CA8001", Justification = "Reviewed for thread-safety")] - internal Object GetItem(int index) - { - switch (m_cElt) - { - case 0: - return null; - - case 1: - if (index == m_maxIndex) - return m_Obj; - else - return null; - default: - if (index < m_Set.Length) - return Volatile.Read(ref m_Set[index]); - else - return null; - } - } - - internal Object RemoveItem(int index) - { - Object ret = null; - - switch (m_cElt) - { - case 0: - ret = null; - break; - - case 1: - if (index != m_maxIndex) - { - // removing a permission we don't have ignore it - ret = null; - } - else - { - // removing the permission we have at the moment - ret = m_Obj; - Reset(); - } - break; - - default: - // this is the general case code for when there is really an array - - // we are removing an item - if (index < m_Set.Length && (ret = Volatile.Read(ref m_Set[index])) != null) - { - // ok we really deleted something at this point - - Volatile.Write(ref m_Set[index], null); - m_cElt--; - - if (index == m_maxIndex) - ResetMaxIndex(m_Set); - - // collapse the array - if (m_cElt == 1) - { - m_Obj = Volatile.Read(ref m_Set[m_maxIndex]); - m_Set = null; - } - } - break; - } - - return ret; - } - - private void ResetMaxIndex(Object[] aObj) - { - int i; - - // Start at the end of the array, and - // scan backwards for the first non-null - // slot. That is the new maxIndex. - for (i = aObj.Length - 1; i >= 0; i--) - { - if (aObj[i] != null) - { - m_maxIndex = (short)i; - return; - } - } - - m_maxIndex = -1; - } - internal int GetStartingIndex() - { - if (m_cElt <= 1) - return m_maxIndex; - return 0; - } - internal int GetCount() - { - return m_cElt; - } - - internal int GetMaxUsedIndex() - { - return m_maxIndex; - } - - internal bool FastIsEmpty() - { - return m_cElt == 0; - } - } -} diff --git a/src/mscorlib/src/System/Security/Util/TokenBasedSetEnumerator.cs b/src/mscorlib/src/System/Security/Util/TokenBasedSetEnumerator.cs deleted file mode 100644 index 9c868d3..0000000 --- a/src/mscorlib/src/System/Security/Util/TokenBasedSetEnumerator.cs +++ /dev/null @@ -1,36 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -namespace System.Security.Util -{ - using System; - using System.Collections; - - internal struct TokenBasedSetEnumerator - { - public Object Current; - public int Index; - - private TokenBasedSet _tb; - - public bool MoveNext() - { - return _tb != null ? _tb.MoveNext(ref this) : false; - } - - public void Reset() - { - Index = -1; - Current = null; - } - - public TokenBasedSetEnumerator(TokenBasedSet tb) - { - Index = -1; - Current = null; - _tb = tb; - } - } -} - diff --git a/src/mscorlib/src/System/Security/Util/URLString.cs b/src/mscorlib/src/System/Security/Util/URLString.cs index 11a969a..4ec3538 100644 --- a/src/mscorlib/src/System/Security/Util/URLString.cs +++ b/src/mscorlib/src/System/Security/Util/URLString.cs @@ -22,351 +22,8 @@ namespace System.Security.Util { using System.IO; using System.Diagnostics.Contracts; - internal sealed class URLString : SiteString + internal static class URLString { - private String m_protocol; - [OptionalField(VersionAdded = 2)] - private String m_userpass; - private SiteString m_siteString; - private int m_port; -#if !PLATFORM_UNIX - private LocalSiteString m_localSite; -#endif // !PLATFORM_UNIX - private DirectoryString m_directory; - - private const String m_defaultProtocol = "file"; - - [OptionalField(VersionAdded = 2)] - private bool m_parseDeferred; - [OptionalField(VersionAdded = 2)] - private String m_urlOriginal; - [OptionalField(VersionAdded = 2)] - private bool m_parsedOriginal; - - [OptionalField(VersionAdded = 3)] - private bool m_isUncShare; - - // legacy field from v1.x, not used in v2 and beyond. Retained purely for serialization compatibility. - private String m_fullurl; - - - [OnDeserialized] - public void OnDeserialized(StreamingContext ctx) - { - - if (m_urlOriginal == null) - { - // pre-v2 deserialization. Need to fix-up fields here - m_parseDeferred = false; - m_parsedOriginal = false; // Dont care what this value is - never used - m_userpass = ""; - m_urlOriginal = m_fullurl; - m_fullurl = null; - } - } - [OnSerializing] - private void OnSerializing(StreamingContext ctx) - { - - if ((ctx.State & ~(StreamingContextStates.Clone|StreamingContextStates.CrossAppDomain)) != 0) - { - DoDeferredParse(); - m_fullurl = m_urlOriginal; - } - } - [OnSerialized] - private void OnSerialized(StreamingContext ctx) - { - if ((ctx.State & ~(StreamingContextStates.Clone|StreamingContextStates.CrossAppDomain)) != 0) - { - m_fullurl = null; - } - } - - public URLString() - { - m_protocol = ""; - m_userpass = ""; - m_siteString = new SiteString(); - m_port = -1; -#if !PLATFORM_UNIX - m_localSite = null; -#endif // !PLATFORM_UNIX - m_directory = new DirectoryString(); - m_parseDeferred = false; - } - - private void DoDeferredParse() - { - if (m_parseDeferred) - { - ParseString(m_urlOriginal, m_parsedOriginal); - m_parseDeferred = false; - } - } - - public URLString(string url) : this(url, false, false) {} - public URLString(string url, bool parsed) : this(url, parsed, false) {} - - internal URLString(string url, bool parsed, bool doDeferredParsing) - { - m_port = -1; - m_userpass = ""; - DoFastChecks(url); - m_urlOriginal = url; - m_parsedOriginal = parsed; - m_parseDeferred = true; - if (doDeferredParsing) - DoDeferredParse(); - } - - // Converts %XX and %uYYYY to the actual characters (I.e. Unesacpes any escape characters present in the URL) - private String UnescapeURL(String url) - { - StringBuilder intermediate = StringBuilderCache.Acquire(url.Length); - int Rindex = 0; // index into temp that gives the rest of the string to be processed - int index; - int braIndex = -1; - int ketIndex = -1; - braIndex = url.IndexOf('[',Rindex); - if (braIndex != -1) - ketIndex = url.IndexOf(']', braIndex); - - do - { - index = url.IndexOf( '%', Rindex); - - if (index == -1) - { - intermediate = intermediate.Append(url, Rindex, (url.Length - Rindex)); - break; - } - // if we hit a '%' in the middle of an IPv6 address, dont process that - if (index > braIndex && index < ketIndex) - { - intermediate = intermediate.Append(url, Rindex, (ketIndex - Rindex+1)); - Rindex = ketIndex+1; - continue; - } - - if (url.Length - index < 2) // Check that there is at least 1 char after the '%' - throw new ArgumentException( Environment.GetResourceString( "Argument_InvalidUrl" ) ); - - if (url[index+1] == 'u' || url[index+1] == 'U') - { - if (url.Length - index < 6) // example: "%u004d" is 6 chars long - throw new ArgumentException( Environment.GetResourceString( "Argument_InvalidUrl" ) ); - - // We have a unicode character specified in hex - - try - { - char c = (char)(Hex.ConvertHexDigit( url[index+2] ) << 12 | - Hex.ConvertHexDigit( url[index+3] ) << 8 | - Hex.ConvertHexDigit( url[index+4] ) << 4 | - Hex.ConvertHexDigit( url[index+5] )); - intermediate = intermediate.Append(url, Rindex, index - Rindex); - intermediate = intermediate.Append(c); - } - catch(ArgumentException) // Hex.ConvertHexDigit can throw an "out of range" ArgumentException - { - throw new ArgumentException( Environment.GetResourceString( "Argument_InvalidUrl" ) ); - } - - Rindex = index + 6 ; //update the 'seen' length - } - else - { - // we have a hex character. - - if (url.Length - index < 3) // example: "%4d" is 3 chars long - throw new ArgumentException( Environment.GetResourceString( "Argument_InvalidUrl" ) ); - - try - { - char c = (char)(Hex.ConvertHexDigit( url[index+1] ) << 4 | Hex.ConvertHexDigit( url[index+2] )); - - intermediate = intermediate.Append(url, Rindex, index - Rindex); - intermediate = intermediate.Append(c); - } - catch(ArgumentException) // Hex.ConvertHexDigit can throw an "out of range" ArgumentException - { - throw new ArgumentException( Environment.GetResourceString( "Argument_InvalidUrl" ) ); - } - - Rindex = index + 3; // update the 'seen' length - } - - } - while (true); - return StringBuilderCache.GetStringAndRelease(intermediate); - } - - // Helper Function for ParseString: - // Search for the end of the protocol info and grab the actual protocol string - // ex. http://www.microsoft.com/complus would have a protocol string of http - private String ParseProtocol(String url) - { - String temp; - int index = url.IndexOf( ':' ); - - if (index == 0) - { - throw new ArgumentException( Environment.GetResourceString( "Argument_InvalidUrl" ) ); - } - else if (index == -1) - { - m_protocol = m_defaultProtocol; - temp = url; - } - else if (url.Length > index + 1) - { - if (index == m_defaultProtocol.Length && - String.Compare(url, 0, m_defaultProtocol, 0, index, StringComparison.OrdinalIgnoreCase) == 0) - { - m_protocol = m_defaultProtocol; - temp = url.Substring( index + 1 ); - - // Since an explicit file:// URL could be immediately followed by a host name, we will be - // conservative and assume that it is on a share rather than a potentally relative local - // URL. - m_isUncShare = true; - } - else if (url[index+1] != '\\') - { -#if !PLATFORM_UNIX - if (url.Length > index + 2 && - url[index+1] == '/' && - url[index+2] == '/') -#else - if (url.Length > index + 1 && - url[index+1] == '/' ) // UNIX style "file:/home/me" is allowed, so account for that -#endif // !PLATFORM_UNIX - { - m_protocol = url.Substring( 0, index ); - - for (int i = 0; i < m_protocol.Length; ++i) - { - char c = m_protocol[i]; - - if ((c >= 'a' && c <= 'z') || - (c >= 'A' && c <= 'Z') || - (c >= '0' && c <= '9') || - (c == '+') || - (c == '.') || - (c == '-')) - { - continue; - } - else - { - throw new ArgumentException( Environment.GetResourceString( "Argument_InvalidUrl" ) ); - } - } -#if !PLATFORM_UNIX - temp = url.Substring( index + 3 ); -#else - // In UNIX, we don't know how many characters we'll have to skip past. - // Skip past \, /, and : - // - for ( int j=index ; j= '0' && temp[portIndex+1] <= '9' ) - { - int tempIndex = temp.IndexOf( '/', Rindex); - - if (tempIndex == -1) - { - m_port = Int32.Parse( temp.Substring(portIndex + 1), CultureInfo.InvariantCulture ); - - if (m_port < 0) - throw new ArgumentException( Environment.GetResourceString( "Argument_InvalidUrl" ) ); - - temp = temp.Substring( Rindex, portIndex - Rindex ); - } - else if (tempIndex > portIndex) - { - m_port = Int32.Parse( temp.Substring(portIndex + 1, tempIndex - portIndex - 1), CultureInfo.InvariantCulture ); - temp = temp.Substring( Rindex, portIndex - Rindex ) + temp.Substring( tempIndex ); - } - else - throw new ArgumentException( Environment.GetResourceString( "Argument_InvalidUrl" ) ); - } - else - throw new ArgumentException( Environment.GetResourceString( "Argument_InvalidUrl" ) ); - } - else { - // Chop of the user/pass portion if any - temp = temp.Substring(Rindex); - } - - return temp; - } - internal static string PreProcessForExtendedPathRemoval(bool checkPathLength, string url, bool isFileUrl) { bool isUncShare = false; @@ -400,7 +57,8 @@ namespace System.Security.Util { } else { - if (isFileUrl) { + if (isFileUrl) + { // We need to handle an indefinite number of leading front slashes for file URLs since we could // get something like: // file://\\?\ @@ -432,14 +90,14 @@ namespace System.Security.Util { { int slashCount = 0; bool seenFirstBackslash = false; - + while (slashCount < modifiedUrl.Length && (modifiedUrl[slashCount] == '/' || modifiedUrl[slashCount] == '\\')) { // Look for sets of consecutive backslashes. We can't just look for these at the start // of the string, since file:// might come first. Instead, once we see the first \, look // for a second one following it. if (!seenFirstBackslash && modifiedUrl[slashCount] == '\\') - { + { seenFirstBackslash = true; if (slashCount + 1 < modifiedUrl.Length && modifiedUrl[slashCount + 1] == '\\') isUncShare = true; @@ -476,699 +134,5 @@ namespace System.Security.Util { throw new PathTooLongException(Environment.GetResourceString("IO.PathTooLong")); } } - - // Do any misc massaging of data in the URL - private String PreProcessURL(String url, bool isFileURL) - { - -#if !PLATFORM_UNIX - if (isFileURL) { - // Remove when the Path class supports "\\?\" - url = PreProcessForExtendedPathRemoval(url, true, ref m_isUncShare); - } - else { - url = url.Replace('\\', '/'); - } - return url; -#else - // Remove superfluous '/' - // For UNIX, the file path would look something like: - // file:///home/johndoe/here - // file:/home/johndoe/here - // file:../johndoe/here - // file:~/johndoe/here - String temp = url; - int nbSlashes = 0; - while(nbSlashes 2) - temp = temp.Substring(nbSlashes-1, temp.Length - (nbSlashes-1)); - else if (2 == nbSlashes) /* it's a relative path */ - temp = temp.Substring(nbSlashes, temp.Length - nbSlashes); - return temp; -#endif // !PLATFORM_UNIX - - } - - private void ParseFileURL(String url) - { - - String temp = url; -#if !PLATFORM_UNIX - int index = temp.IndexOf( '/'); - - if (index != -1 && - ((index == 2 && - temp[index-1] != ':' && - temp[index-1] != '|') || - index != 2) && - index != temp.Length - 1) - { - // Also, if it is a UNC share, we want m_localSite to - // be of the form "computername/share", so if the first - // fileEnd character found is a slash, do some more parsing - // to find the proper end character. - - int tempIndex = temp.IndexOf( '/', index+1); - - if (tempIndex != -1) - index = tempIndex; - else - index = -1; - } - - String localSite; - if (index == -1) - localSite = temp; - else - localSite = temp.Substring(0,index); - - if (localSite.Length == 0) - throw new ArgumentException( Environment.GetResourceString( "Argument_InvalidUrl" ) ); - - int i; - bool spacesAllowed; - - if (localSite[0] == '\\' && localSite[1] == '\\') - { - spacesAllowed = true; - i = 2; - } - else - { - i = 0; - spacesAllowed = false; - } - - bool useSmallCharToUpper = true; - - for (; i < localSite.Length; ++i) - { - char c = localSite[i]; - - if ((c >= 'A' && c <= 'Z') || - (c >= 'a' && c <= 'z') || - (c >= '0' && c <= '9') || - (c == '-') || (c == '/') || - (c == ':') || (c == '|') || - (c == '.') || (c == '*') || - (c == '$') || (spacesAllowed && c == ' ')) - { - continue; - } - else - { - useSmallCharToUpper = false; - break; - } - } - - if (useSmallCharToUpper) - localSite = String.SmallCharToUpper( localSite ); - else - localSite = localSite.ToUpper(CultureInfo.InvariantCulture); - - m_localSite = new LocalSiteString( localSite ); - - if (index == -1) - { - if (localSite[localSite.Length-1] == '*') - m_directory = new DirectoryString( "*", false ); - else - m_directory = new DirectoryString(); - } - else - { - String directoryString = temp.Substring( index + 1 ); - if (directoryString.Length == 0) - { - m_directory = new DirectoryString(); - } - else - { - m_directory = new DirectoryString( directoryString, true); - } - } -#else // !PLATFORM_UNIX - m_directory = new DirectoryString( temp, true); -#endif // !PLATFORM_UNIX - - m_siteString = null; - return; - } - - private void ParseNonFileURL(String url) - { - String temp = url; - int index = temp.IndexOf('/'); - - if (index == -1) - { -#if !PLATFORM_UNIX - m_localSite = null; // for drive letter -#endif // !PLATFORM_UNIX - m_siteString = new SiteString( temp ); - m_directory = new DirectoryString(); - } - else - { -#if !PLATFORM_UNIX - String site = temp.Substring( 0, index ); - m_localSite = null; - m_siteString = new SiteString( site ); - - String directoryString = temp.Substring( index + 1 ); - - if (directoryString.Length == 0) - { - m_directory = new DirectoryString(); - } - else - { - m_directory = new DirectoryString( directoryString, false ); - } -#else - String directoryString = temp.Substring( index + 1 ); - String site = temp.Substring( 0, index ); - m_directory = new DirectoryString( directoryString, false ); - m_siteString = new SiteString( site ); -#endif //!PLATFORM_UNIX - } - return; - } - - void DoFastChecks( String url ) - { - if (url == null) - { - throw new ArgumentNullException( nameof(url) ); - } - Contract.EndContractBlock(); - - if (url.Length == 0) - { - throw new FormatException(Environment.GetResourceString("Format_StringZeroLength")); - } - } - - // NOTE: - // 1. We support URLs that follow the common Internet scheme syntax - // (://user:pass@:/) and all windows file URLs. - // 2. In the general case we parse of the site and create a SiteString out of it - // (which supports our wildcarding scheme). In the case of files we don't support - // wildcarding and furthermore SiteString doesn't like ':' and '|' which can appear - // in file urls so we just keep that info in a separate string and set the - // SiteString to null. - // - // ex. http://www.microsoft.com/complus -> m_siteString = "www.microsoft.com" m_localSite = null - // ex. file:///c:/complus/mscorlib.dll -> m_siteString = null m_localSite = "c:" - // ex. file:///c|/complus/mscorlib.dll -> m_siteString = null m_localSite = "c:" - void ParseString( String url, bool parsed ) - { - // If there are any escaped hex or unicode characters in the url, translate those - // into the proper character. - - if (!parsed) - { - url = UnescapeURL(url); - } - - // Identify the protocol and strip the protocol info from the string, if present. - String temp = ParseProtocol(url); - - bool fileProtocol = (String.Compare( m_protocol, "file", StringComparison.OrdinalIgnoreCase) == 0); - - // handle any special preocessing...removing extra characters, etc. - temp = PreProcessURL(temp, fileProtocol); - - if (fileProtocol) - { - ParseFileURL(temp); - } - else - { - // Check if there is a port number and parse that out. - temp = ParsePort(temp); - ParseNonFileURL(temp); - // Note: that we allow DNS and Netbios names for non-file protocols (since sitestring will check - // that the hostname satisfies these two protocols. DNS-only checking can theoretically be added - // here but that would break all the programs that use '_' (which is fairly common, yet illegal). - // If this needs to be done at any point, add a call to m_siteString.IsLegalDNSName(). - } - - - } - - public String Host - { - get - { - DoDeferredParse(); - - if (m_siteString != null) - { - return m_siteString.ToString(); - } - else - { -#if !PLATFORM_UNIX - return m_localSite.ToString(); -#else - return ""; -#endif // !PLATFORM_UNIX - } - } - } - - public String Directory - { - get - { - DoDeferredParse(); - - return m_directory.ToString(); - } - } - - public String GetFileName() - { - DoDeferredParse(); - -#if !PLATFORM_UNIX - if (String.Compare( m_protocol, "file", StringComparison.OrdinalIgnoreCase) != 0) - return null; - - String intermediateDirectory = this.Directory.Replace( '/', '\\' ); - - String directory = this.Host.Replace( '/', '\\' ); - - int directorySlashIndex = directory.IndexOf( '\\' ); - if (directorySlashIndex == -1) - { - if (directory.Length != 2 || - !(directory[1] == ':' || directory[1] == '|')) - { - directory = "\\\\" + directory; - } - } - else if (directorySlashIndex != 2 || - (directorySlashIndex == 2 && directory[1] != ':' && directory[1] != '|')) - { - directory = "\\\\" + directory; - } - - directory += "\\" + intermediateDirectory; - - return directory; -#else - // In Unix, directory contains the full pathname - // (this is what we get in Win32) - if (String.Compare( m_protocol, "file", StringComparison.OrdinalIgnoreCase ) != 0) - return null; - - return this.Directory; -#endif // !PLATFORM_UNIX - } - - public override bool IsSubsetOf( SiteString site ) - { - if (site == null) - { - return false; - } - - URLString url = site as URLString; - - if (url == null) - { - return false; - } - - DoDeferredParse(); - url.DoDeferredParse(); - - URLString normalUrl1 = this.SpecialNormalizeUrl(); - URLString normalUrl2 = url.SpecialNormalizeUrl(); - - if (String.Compare( normalUrl1.m_protocol, normalUrl2.m_protocol, StringComparison.OrdinalIgnoreCase) == 0 && - normalUrl1.m_directory.IsSubsetOf( normalUrl2.m_directory )) - { -#if !PLATFORM_UNIX - if (normalUrl1.m_localSite != null) - { - // We do a little extra processing in here for local files since we allow - // both : and | forms of urls. - - return normalUrl1.m_localSite.IsSubsetOf( normalUrl2.m_localSite ); - } - else -#endif // !PLATFORM_UNIX - { - if (normalUrl1.m_port != normalUrl2.m_port) - return false; - - return normalUrl2.m_siteString != null && normalUrl1.m_siteString.IsSubsetOf( normalUrl2.m_siteString ); - } - } - else - { - return false; - } - } - - public override String ToString() - { - return m_urlOriginal; - } - - public override bool Equals(Object o) - { - DoDeferredParse(); - - if (o == null || !(o is URLString)) - return false; - else - return this.Equals( (URLString)o ); - } - - public override int GetHashCode() - { - DoDeferredParse(); - - TextInfo info = CultureInfo.InvariantCulture.TextInfo; - int accumulator = 0; - - if (this.m_protocol != null) - accumulator = info.GetCaseInsensitiveHashCode( this.m_protocol ); - -#if !PLATFORM_UNIX - if (this.m_localSite != null) - { - accumulator = accumulator ^ this.m_localSite.GetHashCode(); - } - else - { - accumulator = accumulator ^ this.m_siteString.GetHashCode(); - } - accumulator = accumulator ^ this.m_directory.GetHashCode(); -#else - accumulator = accumulator ^ info.GetCaseInsensitiveHashCode(this.m_urlOriginal); -#endif // !PLATFORM_UNIX - - - - return accumulator; - } - - public bool Equals( URLString url ) - { - return CompareUrls( this, url ); - } - - public static bool CompareUrls( URLString url1, URLString url2 ) - { - if (url1 == null && url2 == null) - return true; - - if (url1 == null || url2 == null) - return false; - - url1.DoDeferredParse(); - url2.DoDeferredParse(); - - URLString normalUrl1 = url1.SpecialNormalizeUrl(); - URLString normalUrl2 = url2.SpecialNormalizeUrl(); - - // Compare protocol (case insensitive) - - if (String.Compare( normalUrl1.m_protocol, normalUrl2.m_protocol, StringComparison.OrdinalIgnoreCase) != 0) - return false; - - // Do special processing for file urls - - if (String.Compare( normalUrl1.m_protocol, "file", StringComparison.OrdinalIgnoreCase) == 0) - { -#if !PLATFORM_UNIX - if (!normalUrl1.m_localSite.IsSubsetOf( normalUrl2.m_localSite ) || - !normalUrl2.m_localSite.IsSubsetOf( normalUrl1.m_localSite )) - return false; -#else - return url1.IsSubsetOf( url2 ) && - url2.IsSubsetOf( url1 ); -#endif // !PLATFORM_UNIX - } - else - { - if (String.Compare( normalUrl1.m_userpass, normalUrl2.m_userpass, StringComparison.Ordinal) != 0) - return false; - - if (!normalUrl1.m_siteString.IsSubsetOf( normalUrl2.m_siteString ) || - !normalUrl2.m_siteString.IsSubsetOf( normalUrl1.m_siteString )) - return false; - - if (url1.m_port != url2.m_port) - return false; - } - - if (!normalUrl1.m_directory.IsSubsetOf( normalUrl2.m_directory ) || - !normalUrl2.m_directory.IsSubsetOf( normalUrl1.m_directory )) - return false; - - return true; - } - -#if !PLATFORM_UNIX - internal URLString SpecialNormalizeUrl() - { - // Under WinXP, file protocol urls can be mapped to - // drives that aren't actually file protocol underneath - // due to drive mounting. This code attempts to figure - // out what a drive is mounted to and create the - // url is maps to. - - DoDeferredParse(); - if (String.Compare( m_protocol, "file", StringComparison.OrdinalIgnoreCase) != 0) - { - return this; - } - else - { - String localSite = m_localSite.ToString(); - - if (localSite.Length == 2 && - (localSite[1] == '|' || - localSite[1] == ':')) - { - String deviceName = null; - GetDeviceName(localSite, JitHelpers.GetStringHandleOnStack(ref deviceName)); - - if (deviceName != null) - { - if (deviceName.IndexOf( "://", StringComparison.Ordinal ) != -1) - { - URLString u = new URLString( deviceName + "/" + this.m_directory.ToString() ); - u.DoDeferredParse(); // Presumably the caller of SpecialNormalizeUrl wants a fully parsed URL - return u; - } - else - { - URLString u = new URLString( "file://" + deviceName + "/" + this.m_directory.ToString() ); - u.DoDeferredParse();// Presumably the caller of SpecialNormalizeUrl wants a fully parsed URL - return u; - } - } - else - return this; - } - else - { - return this; - } - } - } - - [DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode)] - [SuppressUnmanagedCodeSecurity] - private static extern void GetDeviceName( String driveLetter, StringHandleOnStack retDeviceName ); - -#else - internal URLString SpecialNormalizeUrl() - { - return this; - } -#endif // !PLATFORM_UNIX - - } - - - [Serializable] - internal class DirectoryString : SiteString - { - private bool m_checkForIllegalChars; - - // From KB #Q177506, file/folder illegal characters are \ / : * ? " < > | - protected static char[] m_illegalDirectoryCharacters = { '\\', ':', '*', '?', '"', '<', '>', '|' }; - - public DirectoryString() - { - m_site = ""; - m_separatedSite = new ArrayList(); - } - - public DirectoryString( String directory, bool checkForIllegalChars ) - { - m_site = directory; - m_checkForIllegalChars = checkForIllegalChars; - m_separatedSite = CreateSeparatedString(directory); - } - - private ArrayList CreateSeparatedString(String directory) - { - if (directory == null || directory.Length == 0) - { - throw new ArgumentException(Environment.GetResourceString("Argument_InvalidDirectoryOnUrl")); - } - Contract.EndContractBlock(); - - ArrayList list = new ArrayList(); - String[] separatedArray = directory.Split('/'); - - for (int index = 0; index < separatedArray.Length; ++index) - { - if (separatedArray[index] == null || separatedArray[index].Equals( "" )) - { - // this case is fine, we just ignore it the extra separators. - } - else if (separatedArray[index].Equals( "*" )) - { - if (index != separatedArray.Length-1) - { - throw new ArgumentException(Environment.GetResourceString("Argument_InvalidDirectoryOnUrl")); - } - list.Add( separatedArray[index] ); - } - else if (m_checkForIllegalChars && separatedArray[index].IndexOfAny( m_illegalDirectoryCharacters ) != -1) - { - throw new ArgumentException(Environment.GetResourceString("Argument_InvalidDirectoryOnUrl")); - } - else - { - list.Add( separatedArray[index] ); - } - } - - return list; - } - - public virtual bool IsSubsetOf( DirectoryString operand ) - { - return this.IsSubsetOf( operand, true ); - } - - public virtual bool IsSubsetOf( DirectoryString operand, bool ignoreCase ) - { - if (operand == null) - { - return false; - } - else if (operand.m_separatedSite.Count == 0) - { - return this.m_separatedSite.Count == 0 || this.m_separatedSite.Count > 0 && String.Compare((String)this.m_separatedSite[0], "*", StringComparison.Ordinal) == 0; - } - else if (this.m_separatedSite.Count == 0) - { - return String.Compare((String)operand.m_separatedSite[0], "*", StringComparison.Ordinal) == 0; - } - else - { - return base.IsSubsetOf( operand, ignoreCase ); - } - } - } - -#if !PLATFORM_UNIX - [Serializable] - internal class LocalSiteString : SiteString - { - public LocalSiteString( String site ) - { - m_site = site.Replace( '|', ':'); - - if (m_site.Length > 2 && m_site.IndexOf( ':' ) != -1) - throw new ArgumentException(Environment.GetResourceString("Argument_InvalidDirectoryOnUrl")); - - m_separatedSite = CreateSeparatedString(m_site); - } - - private ArrayList CreateSeparatedString(String directory) - { - if (directory == null || directory.Length == 0) - { - throw new ArgumentException(Environment.GetResourceString("Argument_InvalidDirectoryOnUrl")); - } - Contract.EndContractBlock(); - - ArrayList list = new ArrayList(); - String[] separatedArray = directory.Split('/'); - - for (int index = 0; index < separatedArray.Length; ++index) - { - if (separatedArray[index] == null || separatedArray[index].Equals( "" )) - { - if (index < 2 && - directory[index] == '/') - { - list.Add( "//" ); - } - else if (index != separatedArray.Length-1) - { - throw new ArgumentException(Environment.GetResourceString("Argument_InvalidDirectoryOnUrl")); - } - } - else if (separatedArray[index].Equals( "*" )) - { - if (index != separatedArray.Length-1) - { - throw new ArgumentException(Environment.GetResourceString("Argument_InvalidDirectoryOnUrl")); - } - list.Add( separatedArray[index] ); - } - else - { - list.Add( separatedArray[index] ); - } - } - - return list; - } - - public virtual bool IsSubsetOf( LocalSiteString operand ) - { - return this.IsSubsetOf( operand, true ); - } - - public virtual bool IsSubsetOf( LocalSiteString operand, bool ignoreCase ) - { - if (operand == null) - { - return false; - } - else if (operand.m_separatedSite.Count == 0) - { - return this.m_separatedSite.Count == 0 || this.m_separatedSite.Count > 0 && String.Compare((String)this.m_separatedSite[0], "*", StringComparison.Ordinal) == 0; - } - else if (this.m_separatedSite.Count == 0) - { - return String.Compare((String)operand.m_separatedSite[0], "*", StringComparison.Ordinal) == 0; - } - else - { - return base.IsSubsetOf( operand, ignoreCase ); - } - } } -#endif // !PLATFORM_UNIX } diff --git a/src/mscorlib/src/System/Security/Util/sitestring.cs b/src/mscorlib/src/System/Security/Util/sitestring.cs deleted file mode 100644 index ad9699e..0000000 --- a/src/mscorlib/src/System/Security/Util/sitestring.cs +++ /dev/null @@ -1,233 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -namespace System.Security.Util { - using System; - using System.Collections; - using System.Globalization; - using System.Diagnostics.Contracts; - - [Serializable] - internal class SiteString - { - protected String m_site; - protected ArrayList m_separatedSite; - - protected internal SiteString() - { - // Only call this in derived classes when you know what you're doing. - } - - public SiteString( String site ) - { - m_separatedSite = CreateSeparatedSite( site ); - m_site = site; - } - - private static ArrayList CreateSeparatedSite(String site) - { - if (site == null || site.Length == 0) - { - throw new ArgumentException( Environment.GetResourceString("Argument_InvalidSite" )); - } - Contract.EndContractBlock(); - - ArrayList list = new ArrayList(); - int braIndex = -1; - int ketIndex = -1; - braIndex = site.IndexOf('['); - if (braIndex == 0) - ketIndex = site.IndexOf(']', braIndex+1); - - if (ketIndex != -1) - { - // Found an IPv6 address. Special case that - String ipv6Addr = site.Substring(braIndex+1, ketIndex-braIndex-1); - list.Add(ipv6Addr); - return list; - } - - // Regular hostnames or IPv4 addresses - // We dont need to do this for IPv4 addresses, but it's easier to do it anyway - String[] separatedArray = site.Split('.'); - - for (int index = separatedArray.Length-1; index > -1; --index) - { - if (separatedArray[index] == null) - { - throw new ArgumentException( Environment.GetResourceString("Argument_InvalidSite" )); - } - else if (separatedArray[index].Equals( "" )) - { - if (index != separatedArray.Length-1) - { - throw new ArgumentException( Environment.GetResourceString("Argument_InvalidSite" )); - } - } - else if (separatedArray[index].Equals( "*" )) - { - if (index != 0) - { - throw new ArgumentException( Environment.GetResourceString("Argument_InvalidSite" )); - } - list.Add( separatedArray[index] ); - } - else if (!AllLegalCharacters( separatedArray[index] )) - { - throw new ArgumentException( Environment.GetResourceString("Argument_InvalidSite" )); - } - else - { - list.Add( separatedArray[index] ); - } - } - - return list; - } - - // KB# Q188997 - http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q188997& gives the list of allowed characters in - // a NETBIOS name. DNS names are a subset of that (alphanumeric or '-'). - private static bool AllLegalCharacters( String str ) - { - for (int i = 0; i < str.Length; ++i) - { - char c = str[i]; - - if (IsLegalDNSChar(c) || - IsNetbiosSplChar(c)) - { - continue; - } - else - { - return false; - } - } - - return true; - } - - private static bool IsLegalDNSChar(char c) - { - if ((c >= 'a' && c <= 'z') || - (c >= 'A' && c <= 'Z') || - (c >= '0' && c <= '9') || - (c == '-')) - return true; - else - return false; - } - private static bool IsNetbiosSplChar(char c) - { - // ! @ # $ % ^ & ( ) - _ ' { } . ~ are OK - switch (c) { - case '-': - case '_': - case '@': - case '!': - case '#': - case '$': - case '%': - case '^': - case '&': - case '(': - case ')': - case '\'': - case '{': - case '}': - case '.': - case '~': - return true; - default: - return false; - } - } - - public override String ToString() - { - return m_site; - } - - public override bool Equals(Object o) - { - if (o == null || !(o is SiteString)) - return false; - else - return this.Equals( (SiteString)o, true ); - } - - public override int GetHashCode() - { - TextInfo info = CultureInfo.InvariantCulture.TextInfo; - - return info.GetCaseInsensitiveHashCode( this.m_site ); - } - - internal bool Equals( SiteString ss, bool ignoreCase ) - { - if (this.m_site == null) - return ss.m_site == null; - if (ss.m_site == null) - return false; - return this.IsSubsetOf(ss, ignoreCase) && ss.IsSubsetOf(this, ignoreCase); - } - - public virtual bool IsSubsetOf( SiteString operand ) - { - return this.IsSubsetOf( operand, true ); - } - - public virtual bool IsSubsetOf( SiteString operand, bool ignoreCase ) - { - StringComparison strComp = (ignoreCase? StringComparison.OrdinalIgnoreCase : StringComparison.Ordinal); - if (operand == null) - { - return false; - } - else if (this.m_separatedSite.Count == operand.m_separatedSite.Count && - this.m_separatedSite.Count == 0) - { - return true; - } - else if (this.m_separatedSite.Count < operand.m_separatedSite.Count - 1) - { - return false; - } - else if (this.m_separatedSite.Count > operand.m_separatedSite.Count && - operand.m_separatedSite.Count > 0 && - !operand.m_separatedSite[operand.m_separatedSite.Count - 1].Equals("*")) - { - return false; - } - else if (String.Compare( this.m_site, operand.m_site, strComp) == 0) - { - return true; - } - - for (int index = 0; index < operand.m_separatedSite.Count - 1; ++index) - { - if (String.Compare((String)this.m_separatedSite[index], (String)operand.m_separatedSite[index], strComp) != 0) - { - return false; - } - } - - if (this.m_separatedSite.Count < operand.m_separatedSite.Count) - { - return operand.m_separatedSite[operand.m_separatedSite.Count - 1].Equals("*"); - } - else if (this.m_separatedSite.Count == operand.m_separatedSite.Count) - { - // last item must be the same or operand must have a * in its last item - return (String.Compare((String)this.m_separatedSite[this.m_separatedSite.Count - 1], - (String)operand.m_separatedSite[this.m_separatedSite.Count - 1], - strComp ) == 0 || - operand.m_separatedSite[operand.m_separatedSite.Count - 1].Equals("*")); - - } - else - return true; - } - } -} diff --git a/src/mscorlib/src/System/SharedStatics.cs b/src/mscorlib/src/System/SharedStatics.cs index d7bd75a..0f6dca1 100644 --- a/src/mscorlib/src/System/SharedStatics.cs +++ b/src/mscorlib/src/System/SharedStatics.cs @@ -16,7 +16,6 @@ namespace System using System.Threading; using System.Runtime.Remoting; using System.Security; - using System.Security.Util; using System.Runtime.CompilerServices; using System.Runtime.ConstrainedExecution; using System.Diagnostics; diff --git a/src/mscorlib/src/System/Threading/LockRecursionException.cs b/src/mscorlib/src/System/Threading/LockRecursionException.cs index ab95e70..40f04b0 100644 --- a/src/mscorlib/src/System/Threading/LockRecursionException.cs +++ b/src/mscorlib/src/System/Threading/LockRecursionException.cs @@ -19,7 +19,6 @@ namespace System.Threading using System.Runtime.CompilerServices; [Serializable] - [System.Security.Permissions.HostProtection(MayLeakOnAbort = true)] public class LockRecursionException : System.Exception { public LockRecursionException() { } diff --git a/src/mscorlib/src/System/TimeZoneInfo.Win32.cs b/src/mscorlib/src/System/TimeZoneInfo.Win32.cs index 057ea91..79ee535 100644 --- a/src/mscorlib/src/System/TimeZoneInfo.Win32.cs +++ b/src/mscorlib/src/System/TimeZoneInfo.Win32.cs @@ -794,7 +794,7 @@ namespace System int resourceId; // get the path to Windows\System32 - string system32 = Environment.UnsafeGetFolderPath(Environment.SpecialFolder.System); + string system32 = Environment.SystemDirectory; // trim the string "@tzres.dll" => "tzres.dll" string tzresDll = resources[0].TrimStart('@'); diff --git a/src/vm/CMakeLists.txt b/src/vm/CMakeLists.txt index 4a64fcf..79bd078 100644 --- a/src/vm/CMakeLists.txt +++ b/src/vm/CMakeLists.txt @@ -216,7 +216,6 @@ set(VM_SOURCES_WKS securitydeclarative.cpp securitydeclarativecache.cpp securitydescriptorappdomain.cpp - securityhostprotection.cpp securitymeta.cpp securitypolicy.cpp securitytransparentassembly.cpp @@ -294,7 +293,6 @@ list(APPEND VM_SOURCES_WKS rcwrefcache.cpp rtlfunctions.cpp runtimecallablewrapper.cpp - securityprincipal.cpp stacksampler.cpp stdinterfaces.cpp stdinterfaces_wrapper.cpp diff --git a/src/vm/appdomain.cpp b/src/vm/appdomain.cpp index 8be965b..040837a 100644 --- a/src/vm/appdomain.cpp +++ b/src/vm/appdomain.cpp @@ -75,7 +75,6 @@ #include "appdomain.inl" #include "typeparse.h" #include "mdaassistants.h" -#include "stackcompressor.h" #ifdef FEATURE_REMOTING #include "mscorcfg.h" #include "appdomainconfigfactory.hpp" diff --git a/src/vm/appdomainnative.cpp b/src/vm/appdomainnative.cpp index a96c643..85c828f 100644 --- a/src/vm/appdomainnative.cpp +++ b/src/vm/appdomainnative.cpp @@ -518,199 +518,6 @@ FCIMPL3(void, AppDomainNative::UpdateContextProperty, LPVOID fusionContext, Stri FCIMPLEND #endif // FEATURE_FUSION -/* static */ -INT32 AppDomainNative::ExecuteAssemblyHelper(Assembly* pAssembly, - BOOL bCreatedConsole, - PTRARRAYREF *pStringArgs) -{ - STATIC_CONTRACT_THROWS; - - struct Param - { - Assembly* pAssembly; - PTRARRAYREF *pStringArgs; - INT32 iRetVal; - } param; - param.pAssembly = pAssembly; - param.pStringArgs = pStringArgs; - param.iRetVal = 0; - - EE_TRY_FOR_FINALLY(Param *, pParam, ¶m) - { - pParam->iRetVal = pParam->pAssembly->ExecuteMainMethod(pParam->pStringArgs, FALSE /* waitForOtherThreads */); - } - EE_FINALLY - { -#ifndef FEATURE_PAL - if(bCreatedConsole) - FreeConsole(); -#endif // !FEATURE_PAL - } - EE_END_FINALLY - - return param.iRetVal; -} - -static void UpgradeLinkTimeCheckToLateBoundDemand(MethodDesc* pMeth) -{ - CONTRACTL - { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - } - CONTRACTL_END; - - BOOL isEveryoneFullyTrusted = FALSE; - - struct _gc - { - OBJECTREF refClassNonCasDemands; - OBJECTREF refClassCasDemands; - OBJECTREF refMethodNonCasDemands; - OBJECTREF refMethodCasDemands; - OBJECTREF refThrowable; - } gc; - ZeroMemory(&gc, sizeof(gc)); - - GCPROTECT_BEGIN(gc); - - isEveryoneFullyTrusted = Security::AllDomainsOnStackFullyTrusted(); - - // If all assemblies in the domain are fully trusted then we are not - // going to do any security checks anyway.. - if (isEveryoneFullyTrusted) - { - goto Exit1; - } - - - if (pMeth->RequiresLinktimeCheck()) - { - // Fetch link demand sets from all the places in metadata where we might - // find them (class and method). These might be split into CAS and non-CAS - // sets as well. - Security::RetrieveLinktimeDemands(pMeth, - &gc.refClassCasDemands, - &gc.refClassNonCasDemands, - &gc.refMethodCasDemands, - &gc.refMethodNonCasDemands); - - if (gc.refClassCasDemands == NULL && gc.refClassNonCasDemands == NULL && - gc.refMethodCasDemands == NULL && gc.refMethodNonCasDemands == NULL && - isEveryoneFullyTrusted) - { - // All code access security demands will pass anyway. - goto Exit1; - } - - // The following logic turns link demands on the target method into full - // stack walks in order to close security holes in poorly written - // reflection users. - -#ifdef FEATURE_APTCA - if (Security::IsUntrustedCallerCheckNeeded(pMeth) ) - { - // Check for untrusted caller - // It is possible that wrappers like VBHelper libraries that are - // fully trusted, make calls to public methods that do not have - // safe for Untrusted caller custom attribute set. - // Like all other link demand that gets transformed to a full stack - // walk for reflection, calls to public methods also gets - // converted to full stack walk - - // NOTE: this will always do the APTCA check, regardless of method caller - Security::DoUntrustedCallerChecks(NULL, pMeth, TRUE); - } -#endif - - // CAS Link Demands - if (gc.refClassCasDemands != NULL) - Security::DemandSet(SSWT_LATEBOUND_LINKDEMAND, gc.refClassCasDemands); - - if (gc.refMethodCasDemands != NULL) - Security::DemandSet(SSWT_LATEBOUND_LINKDEMAND, gc.refMethodCasDemands); - - // Non-CAS demands are not applied against a grant - // set, they're standalone. - if (gc.refClassNonCasDemands != NULL) - Security::CheckNonCasDemand(&gc.refClassNonCasDemands); - - if (gc.refMethodNonCasDemands != NULL) - Security::CheckNonCasDemand(&gc.refMethodNonCasDemands); - } - -Exit1:; - GCPROTECT_END(); -} - -FCIMPL3(INT32, AppDomainNative::ExecuteAssembly, AppDomainBaseObject* refThisUNSAFE, - AssemblyBaseObject* assemblyNameUNSAFE, PTRArray* stringArgsUNSAFE) -{ - FCALL_CONTRACT; - - INT32 iRetVal = 0; - - struct _gc - { - APPDOMAINREF refThis; - ASSEMBLYREF assemblyName; - PTRARRAYREF stringArgs; - } gc; - - gc.refThis = (APPDOMAINREF) refThisUNSAFE; - gc.assemblyName = (ASSEMBLYREF) assemblyNameUNSAFE; - gc.stringArgs = (PTRARRAYREF) stringArgsUNSAFE; - - HELPER_METHOD_FRAME_BEGIN_RET_PROTECT(gc); - - AppDomain* pDomain = ValidateArg(gc.refThis); - - if (gc.assemblyName == NULL) - COMPlusThrow(kArgumentNullException, W("ArgumentNull_Generic")); - - if((BaseDomain*) pDomain == SystemDomain::System()) - COMPlusThrow(kUnauthorizedAccessException, W("UnauthorizedAccess_SystemDomain")); - - Assembly* pAssembly = (Assembly*) gc.assemblyName->GetAssembly(); - - if (!pDomain->m_pRootAssembly) - pDomain->m_pRootAssembly = pAssembly; - - MethodDesc *pEntryPointMethod; - { - pEntryPointMethod = pAssembly->GetEntryPoint(); - if (pEntryPointMethod) - { - UpgradeLinkTimeCheckToLateBoundDemand(pEntryPointMethod); - } - } - - BOOL bCreatedConsole = FALSE; - -#ifndef FEATURE_PAL - if (pAssembly->GetManifestFile()->GetSubsystem() == IMAGE_SUBSYSTEM_WINDOWS_CUI) - { - { - GCX_COOP(); - Security::CheckBeforeAllocConsole(pDomain, pAssembly); - } - bCreatedConsole = AllocConsole(); - StackSString codebase; - pAssembly->GetManifestFile()->GetCodeBase(codebase); - SetConsoleTitle(codebase); - } -#endif // !FEATURE_PAL - - // This helper will call FreeConsole() - iRetVal = ExecuteAssemblyHelper(pAssembly, bCreatedConsole, &gc.stringArgs); - - HELPER_METHOD_FRAME_END(); - - return iRetVal; -} -FCIMPLEND - #ifdef FEATURE_VERSIONING FCIMPL1(void, AppDomainNative::CreateContext, diff --git a/src/vm/appdomainnative.hpp b/src/vm/appdomainnative.hpp index ee3af20..5aa781b 100644 --- a/src/vm/appdomainnative.hpp +++ b/src/vm/appdomainnative.hpp @@ -43,7 +43,6 @@ public: static FCDECL1(FC_BOOL_RET, IsDefaultAppDomainForEvidence, AppDomainBaseObject* refThisUNSAFE); static FCDECL2(Object*, GetAssemblies, AppDomainBaseObject* refThisUNSAFE, CLR_BOOL fForIntrospection); static FCDECL2(Object*, GetOrInternString, AppDomainBaseObject* refThisUNSAFE, StringObject* pStringUNSAFE); - static FCDECL3(INT32, ExecuteAssembly, AppDomainBaseObject* refThisUNSAFE, AssemblyBaseObject* assemblyNameUNSAFE, PTRArray* stringArgsUNSAFE); #ifdef FEATURE_VERSIONING static FCDECL1(void, CreateContext, AppDomainBaseObject *refThisUNSAFE); static void QCALLTYPE SetupBindingPaths(__in_z LPCWSTR wszTrustedPlatformAssemblies, __in_z LPCWSTR wszPlatformResourceRoots, __in_z LPCWSTR wszAppPaths, __in_z LPCWSTR wszAppNiPaths, __in_z LPCWSTR appLocalWinMD); diff --git a/src/vm/appdomainstack.cpp b/src/vm/appdomainstack.cpp index bb21c8e..7e55a8d 100644 --- a/src/vm/appdomainstack.cpp +++ b/src/vm/appdomainstack.cpp @@ -86,91 +86,6 @@ BOOL AppDomainStackEntry::HasFlagsOrFullyTrustedWithNoStackModifiers(DWORD flags return Security::CheckDomainWideSpecialFlag(currAppSecDesc, flags); } - -void AppDomainStackEntry::UpdateHomogeneousPLS(OBJECTREF* homogeneousPLS) -{ - - CONTRACTL - { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - } - CONTRACTL_END; - - AppDomainFromIDHolder domain(m_domainID, TRUE); - if (domain.IsUnloaded()) - return; - - IApplicationSecurityDescriptor *thisAppSecDesc = domain->GetSecurityDescriptor(); - - if (thisAppSecDesc->IsHomogeneous()) - { - // update the intersection with the current grant set - - NewArrayHolder pbtmpSerializedObject(NULL); - - struct gc - { - OBJECTREF refGrantSet; - } gc; - ZeroMemory( &gc, sizeof( gc ) ); - AppDomain* pCurrentDomain; - pCurrentDomain = GetAppDomain(); - - GCPROTECT_BEGIN( gc ); -#ifdef FEATURE_REMOTING // should not be possible without remoting - DWORD cbtmpSerializedObject = 0; - if (pCurrentDomain->GetId() != m_domainID) - { - // Unlikely scenario where we have another homogeneous AD on the callstack that's different from - // the current one. If there's another AD on the callstack, it's likely to be FT. - ENTER_DOMAIN_ID(m_domainID) - { - // Release the holder to allow GCs. This is safe because we've entered the AD, so it won't go away. - domain.Release(); - - gc.refGrantSet = thisAppSecDesc->GetGrantedPermissionSet(NULL); - AppDomainHelper::MarshalObject(GetAppDomain(), &gc.refGrantSet, &pbtmpSerializedObject, &cbtmpSerializedObject); - if (pbtmpSerializedObject == NULL) - { - // this is an error: possibly an OOM prevented the blob from getting created. - // We could return null and let the managed code use a fully restricted object or throw here. - // Let's throw here... - COMPlusThrow(kSecurityException); - } - gc.refGrantSet = NULL; - - } - END_DOMAIN_TRANSITION - AppDomainHelper::UnmarshalObject(pCurrentDomain,pbtmpSerializedObject, cbtmpSerializedObject, &gc.refGrantSet); - } - else -#else - _ASSERTE(pCurrentDomain->GetId() == m_domainID); -#endif //!FEATURE_CORECLR - { - // Release the holder to allow GCs. This is safe because we're running in this AD, so it won't go away. - domain.Release(); - gc.refGrantSet = thisAppSecDesc->GetGrantedPermissionSet(NULL); - } - - // At this point gc.refGrantSet has the grantSet of pDomain (thisAppSecDesc) in the current domain. - // We don't care about refused perms since we established there were - // none earlier for this call stack. - // Let's intersect with what we've already got. - - PREPARE_NONVIRTUAL_CALLSITE(METHOD__PERMISSION_LIST_SET__UPDATE); - DECLARE_ARGHOLDER_ARRAY(args, 2); - args[ARGNUM_0] = OBJECTREF_TO_ARGHOLDER(*homogeneousPLS); // arg 0 - args[ARGNUM_1] = OBJECTREF_TO_ARGHOLDER(gc.refGrantSet); // arg 1 - CALL_MANAGED_METHOD_NORET(args); - - GCPROTECT_END(); - } -} - - BOOL AppDomainStack::AllDomainsHomogeneousWithNoStackModifiers() { WRAPPER_NO_CONTRACT; diff --git a/src/vm/appdomainstack.h b/src/vm/appdomainstack.h index 1390364..fffabf9 100644 --- a/src/vm/appdomainstack.h +++ b/src/vm/appdomainstack.h @@ -45,9 +45,6 @@ struct AppDomainStackEntry BOOL IsFullyTrustedWithNoStackModifiers(void); BOOL IsHomogeneousWithNoStackModifiers(void); BOOL HasFlagsOrFullyTrustedWithNoStackModifiers(DWORD flags); -#ifndef DACCESS_COMPILE - void UpdateHomogeneousPLS(OBJECTREF* homogeneousPLS); -#endif }; class AppDomainStack diff --git a/src/vm/ceemain.cpp b/src/vm/ceemain.cpp index 0f455f1..ca819ec 100644 --- a/src/vm/ceemain.cpp +++ b/src/vm/ceemain.cpp @@ -3820,7 +3820,6 @@ BOOL STDMETHODCALLTYPE EEDllMain( // TRUE on success, FALSE on error. GetThreadUICultureId); InitEEPolicy(); - InitHostProtectionManager(); break; } diff --git a/src/vm/certificatecache.cpp b/src/vm/certificatecache.cpp deleted file mode 100644 index 21ee5a3..0000000 --- a/src/vm/certificatecache.cpp +++ /dev/null @@ -1,85 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. -// - -// - - -#include "common.h" - -#ifdef FEATURE_CAS_POLICY -#include "certificatecache.h" - -CertificateCache::CertificateCache () { - WRAPPER_NO_CONTRACT; - m_dwNumEntries = 0; - for (DWORD i=0; i < MAX_CACHED_CERTIFICATES; i++) { - m_Entry[i] = NULL; - } - m_CertificateCacheCrst.Init(CrstPublisherCertificate); -} - -CertificateCache::~CertificateCache () { - // Let the OS collect the memory allocated for the cached certificates. -} - -COR_TRUST* CertificateCache::GetEntry (DWORD index) { - LIMITED_METHOD_CONTRACT; - if (index < 0 || index >= MAX_CACHED_CERTIFICATES) - return NULL; - return m_Entry[index]; -} - -EnumCertificateAdditionFlags CertificateCache::AddEntry (COR_TRUST* pCertificate, DWORD* pIndex) { - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_PREEMPTIVE; - PRECONDITION(pIndex != NULL); - } CONTRACTL_END; - - *pIndex = FindEntry(pCertificate); - if (*pIndex < MAX_CACHED_CERTIFICATES) - return AlreadyExists; // the certificate is already cached. - if (m_dwNumEntries >= MAX_CACHED_CERTIFICATES) - return CacheSaturated; // the cache is full - - CrstHolder csh(&m_CertificateCacheCrst); - if (m_dwNumEntries >= MAX_CACHED_CERTIFICATES) - return CacheSaturated; - - // check again now that we have the lock. - *pIndex = FindEntry(pCertificate); - if (*pIndex < MAX_CACHED_CERTIFICATES) - return AlreadyExists; - - *pIndex = m_dwNumEntries; - m_Entry[m_dwNumEntries++] = pCertificate; - return Success; -} - -BOOL CertificateCache::Contains (COR_TRUST* pCertificate) { - WRAPPER_NO_CONTRACT; - DWORD index = FindEntry(pCertificate); - return (index < MAX_CACHED_CERTIFICATES && index >= 0); -} - -DWORD CertificateCache::FindEntry (COR_TRUST* pCertificate) { - CONTRACTL - { - MODE_ANY; - GC_NOTRIGGER; - NOTHROW; - }CONTRACTL_END; - - for (DWORD i=0; i < MAX_CACHED_CERTIFICATES; i++) { - if (m_Entry[i] != NULL) { - if ((pCertificate->cbSigner == m_Entry[i]->cbSigner) && - (memcmp(pCertificate->pbSigner, m_Entry[i]->pbSigner, m_Entry[i]->cbSigner) == 0)) - return i; - } - } - return 0xFFFFFFFF; -} -#endif // FEATURE_CAS_POLICY diff --git a/src/vm/certificatecache.h b/src/vm/certificatecache.h deleted file mode 100644 index bc6d92b..0000000 --- a/src/vm/certificatecache.h +++ /dev/null @@ -1,40 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. -// - -// - - -#ifndef _CERTIFICATECACHE_H_ -#define _CERTIFICATECACHE_H_ - -#include "corpermp.h" -#include "crst.h" - -#define MAX_CACHED_CERTIFICATES 10 - -enum EnumCertificateAdditionFlags { - Success = 0, - CacheSaturated = 1, - AlreadyExists = 2 -}; - -class CertificateCache { -public: - EnumCertificateAdditionFlags AddEntry (COR_TRUST* pCertificate, DWORD* pIndex); - COR_TRUST* GetEntry (DWORD index); - BOOL Contains (COR_TRUST* pCertificate); - - CertificateCache (); - ~CertificateCache (); - -private: - DWORD m_dwNumEntries; - COR_TRUST* m_Entry [MAX_CACHED_CERTIFICATES]; - CrstStatic m_CertificateCacheCrst; - - DWORD FindEntry (COR_TRUST* pCertificate); -}; - -#endif //_CERTIFICATECACHE_H_ diff --git a/src/vm/comsynchronizable.cpp b/src/vm/comsynchronizable.cpp index e62ec13..aa8b159 100644 --- a/src/vm/comsynchronizable.cpp +++ b/src/vm/comsynchronizable.cpp @@ -28,7 +28,6 @@ #include "remoting.h" #endif #include "eeconfig.h" -#include "stackcompressor.h" #ifdef FEATURE_REMOTING #include "appdomainhelper.h" #include "objectclone.h" diff --git a/src/vm/confighelper.cpp b/src/vm/confighelper.cpp deleted file mode 100644 index 815aac7..0000000 --- a/src/vm/confighelper.cpp +++ /dev/null @@ -1,309 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. -//***************************************************************************** -// ConfigHelper.cpp -// -//***************************************************************************** -// -// XML Helper so that NodeFactory can be implemented in Managed code -// - - - -#include "common.h" - -#include "confighelper.h" - -ConfigFactory::ConfigFactory(OBJECTREF *pFactory) -{ - CONTRACTL - { - NOTHROW; - MODE_COOPERATIVE; - GC_TRIGGERS; - } - CONTRACTL_END; - - _ASSERTE(pFactory != NULL); - Initialize(pFactory); - AddRef(); -} - -HRESULT STDMETHODCALLTYPE ConfigFactory::NotifyEvent( - /* [in] */ IXMLNodeSource __RPC_FAR *pSource, - /* [in] */ XML_NODEFACTORY_EVENT iEvt) -{ - CONTRACTL - { - GC_TRIGGERS; - MODE_ANY; - NOTHROW; - SO_TOLERANT; - } - CONTRACTL_END; - - HRESULT hr = S_OK; - - BEGIN_SO_INTOLERANT_CODE_NOTHROW(GetThread(), return COR_E_STACKOVERFLOW) - - EX_TRY - { - GetNotifyEventFunctionality()(iEvt); - } - EX_CATCH_HRESULT(hr); - - END_SO_INTOLERANT_CODE - - return hr; -} - -//--------------------------------------------------------------------------- -HRESULT STDMETHODCALLTYPE ConfigFactory::BeginChildren( - /* [in] */ IXMLNodeSource __RPC_FAR *pSource, - /* [in] */ XML_NODE_INFO __RPC_FAR *pNodeInfo) -{ - CONTRACTL - { - GC_TRIGGERS; - MODE_ANY; - NOTHROW; - SO_TOLERANT; - } - CONTRACTL_END; - - HRESULT hr = S_OK; - - BEGIN_SO_INTOLERANT_CODE_NOTHROW(GetThread(), return COR_E_STACKOVERFLOW) - EX_TRY - { - GetBeginChildrenFunctionality()(pNodeInfo->dwSize, - pNodeInfo->dwSubType, - pNodeInfo->dwType, - pNodeInfo->fTerminal, - pNodeInfo->pwcText, - pNodeInfo->ulLen, - pNodeInfo->ulNsPrefixLen); - } - EX_CATCH_HRESULT(hr); - - END_SO_INTOLERANT_CODE - - return hr; - -} - -//--------------------------------------------------------------------------- -HRESULT STDMETHODCALLTYPE ConfigFactory::EndChildren( - /* [in] */ IXMLNodeSource __RPC_FAR *pSource, - /* [in] */ BOOL fEmptyNode, - /* [in] */ XML_NODE_INFO __RPC_FAR *pNodeInfo) -{ - CONTRACTL - { - GC_TRIGGERS; - MODE_ANY; - NOTHROW; - SO_TOLERANT; - } - CONTRACTL_END; - - HRESULT hr = S_OK; - - BEGIN_SO_INTOLERANT_CODE_NOTHROW(GetThread(), return COR_E_STACKOVERFLOW) - - EX_TRY - { - GetEndChildrenFunctionality()(fEmptyNode, - pNodeInfo->dwSize, - pNodeInfo->dwSubType, - pNodeInfo->dwType, - pNodeInfo->fTerminal, - pNodeInfo->pwcText, - pNodeInfo->ulLen, - pNodeInfo->ulNsPrefixLen); - } - EX_CATCH_HRESULT(hr); - - END_SO_INTOLERANT_CODE - - return hr; -} - -//--------------------------------------------------------------------------- -HRESULT STDMETHODCALLTYPE ConfigFactory::CreateNode( - /* [in] */ IXMLNodeSource __RPC_FAR *pSource, - /* [in] */ PVOID pNode, - /* [in] */ USHORT cNumRecs, - /* [in] */ XML_NODE_INFO* __RPC_FAR * __RPC_FAR apNodeInfo) -{ - CONTRACTL - { - GC_TRIGGERS; - MODE_ANY; - NOTHROW; - SO_TOLERANT; - } - CONTRACTL_END; - - HRESULT hr = S_OK; - - BEGIN_SO_INTOLERANT_CODE_NOTHROW(GetThread(), return COR_E_STACKOVERFLOW) - - EX_TRY - { - DWORD i; - WCHAR wstr[128]; - WCHAR *pString = wstr; - DWORD dwString = sizeof(wstr)/sizeof(WCHAR); - - for( i = 0; i < cNumRecs; i++) { - if ( apNodeInfo[i]->ulLen >= dwString) { - dwString = apNodeInfo[i]->ulLen+1; - if(pString != wstr) delete [] pString; - pString = new(nothrow) WCHAR[dwString]; - IfNullGo(pString); - } - - pString[apNodeInfo[i]->ulLen] = W('\0'); - wcsncpy_s(pString, dwString, apNodeInfo[i]->pwcText, apNodeInfo[i]->ulLen); - - if(i == 0) { - GetCreateNodeFunctionality()(apNodeInfo[i]->dwSize, - apNodeInfo[i]->dwSubType, - apNodeInfo[i]->dwType, - apNodeInfo[i]->fTerminal, - pString, - apNodeInfo[i]->ulLen, - apNodeInfo[i]->ulNsPrefixLen); - } - else { - GetCreateAttributeFunctionality()(apNodeInfo[i]->dwSize, - apNodeInfo[i]->dwSubType, - apNodeInfo[i]->dwType, - apNodeInfo[i]->fTerminal, - pString, - apNodeInfo[i]->ulLen, - apNodeInfo[i]->ulNsPrefixLen); - } - - if (FAILED(hr)) - break; - } - if(pString != wstr) delete [] pString; -ErrExit:; - } - EX_CATCH_HRESULT(hr); - - END_SO_INTOLERANT_CODE - return hr; -} - - - -STDAPI GetXMLObjectEx(IXMLParser **ppv); - -// -//Helper routines to call into managed Node Factory -// - -HRESULT ConfigNative::RunInternal(OBJECTREF *pFactory, LPCWSTR filename) -{ - CONTRACTL - { - NOTHROW; - GC_TRIGGERS; - INJECT_FAULT(return E_OUTOFMEMORY;); - } - CONTRACTL_END - - HRESULT hr = S_OK; - SafeComHolder pIXMLParser; - SafeComHolder helperfactory; - SafeComHolder pFile; - if (!pFactory){ - return E_POINTER; - } - - hr = CreateConfigStreamHelper(filename,&pFile); - if(FAILED(hr)) - return hr; - - hr = GetXMLObjectEx(&pIXMLParser); - if(FAILED(hr)) - return hr; - - helperfactory = new (nothrow)ConfigFactory(pFactory); // RefCount = 1 - if ( ! helperfactory) { - return E_OUTOFMEMORY; - } - - hr = pIXMLParser->SetInput(pFile); // filestream's RefCount=2 - if(FAILED(hr)) - return hr; - - hr = pIXMLParser->SetFactory(helperfactory); // factory's RefCount=2 - if(FAILED(hr)) - return hr; - - // On X86, we emit a call to LogUMTransition which needs us to be in preemptive GC mode - // Since we are done dealing with REF's after the call to ConfigFactory constructor, - // it is safe to switch to preemptive mode here - { - GCX_PREEMP(); - hr = pIXMLParser->Run(-1); - } - - if (hr== (HRESULT) XML_E_MISSINGROOT) //empty file - hr=S_OK; - return hr; -} - -// -// Entrypoint to return an Helper interface which Managed code can call to build managed Node factory -// - -FCIMPL2(void, ConfigNative::RunParser, Object* refHandlerUNSAFE, StringObject* strFileNameUNSAFE) -{ - FCALL_CONTRACT; - - OBJECTREF refHandler = (OBJECTREF) refHandlerUNSAFE; - STRINGREF strFileName = (STRINGREF) strFileNameUNSAFE; - - HELPER_METHOD_FRAME_BEGIN_2(refHandler, strFileName); - - HRESULT hr; - WCHAR* pString; - int iString; - LPWSTR pFileName; - CQuickBytes qb; - - if (refHandler == NULL) { - COMPlusThrowArgumentNull(W("handler")); - } - - if (strFileName == NULL) { - COMPlusThrowArgumentNull(W("fileName")); - } - - //Get string data. - strFileName->RefInterpretGetStringValuesDangerousForGC(&pString, &iString); - - S_UINT32 bufSize = (S_UINT32(iString) + S_UINT32(1)) * S_UINT32(sizeof(WCHAR)); - _ASSERTE(!bufSize.IsOverflow()); - if(bufSize.IsOverflow()) - { - ThrowWin32(ERROR_ARITHMETIC_OVERFLOW); - } - - pFileName = (LPWSTR) qb.AllocThrows(bufSize.Value()); - memcpy(pFileName, pString, bufSize.Value()); - - hr = RunInternal(&refHandler, pFileName); - - if (FAILED(hr)) - COMPlusThrowHR(hr); - - HELPER_METHOD_FRAME_END(); -} -FCIMPLEND diff --git a/src/vm/confighelper.h b/src/vm/confighelper.h deleted file mode 100644 index 3784dfc..0000000 --- a/src/vm/confighelper.h +++ /dev/null @@ -1,203 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. -//***************************************************************************** -// ConfigHelper.h -// -//***************************************************************************** -// -// These are unmanaged definitions of interfaces used call Managed Node Factories -// If you make any changes please do corresponding changes in \src\bcl\system\__xmlparser.cs -// - - -#ifndef _CONFIGHELPER_H -#define _CONFIGHELPER_H - -#include -#include -#include -#include "unknwn.h" -#include "../xmlparser/_reference.h" -#include "../xmlparser/_unknown.h" -#include "comdelegate.h" - -class ConfigFactory : public _unknown -{ - #define ICONFIGHANDLER_CALLBACK_COUNT 6 - OBJECTREF *m_pManagedFactory; - LPVOID eventCallbacks[ICONFIGHANDLER_CALLBACK_COUNT]; - - // We assume the offsets as per the object layout of ConfigTreeParser defined in CfgParser.cs - // Any changes made at either place must be propagated to the other - LPVOID GetCallbackAtOffset(DWORD dwOffset) - { - CONTRACTL - { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - PRECONDITION(dwOffset < ICONFIGHANDLER_CALLBACK_COUNT); - } - CONTRACTL_END; - - PTRARRAYREF refAllDelegates = (PTRARRAYREF)ObjectToOBJECTREF((Object *)((*m_pManagedFactory)->GetPtrOffset(0))); - _ASSERTE(refAllDelegates->GetNumComponents()==ICONFIGHANDLER_CALLBACK_COUNT); - return COMDelegate::ConvertToCallback(refAllDelegates->GetAt(dwOffset)); - } - - void Initialize(OBJECTREF *pFactory) - { - CONTRACTL - { - NOTHROW; - GC_TRIGGERS; - MODE_COOPERATIVE; - PRECONDITION(pFactory != NULL); - } - CONTRACTL_END; - - m_pManagedFactory = pFactory; - EX_TRY - { - for(int i=0; i... section }; -extern CorHostProtectionManager s_CorHostProtectionManager; - class EEConfig { public: @@ -1332,24 +1330,6 @@ public: #endif -void InitHostProtectionManager(); - -extern BYTE g_CorHostProtectionManagerInstance[]; - -inline CorHostProtectionManager* GetHostProtectionManager() -{ - CONTRACTL - { - NOTHROW; - GC_NOTRIGGER; -// MODE_ANY; - SO_TOLERANT; - } - CONTRACTL_END; - - return (CorHostProtectionManager*)g_CorHostProtectionManagerInstance; -} - extern BOOL g_CLRPolicyRequested; // NGENImagesAllowed is the safe way to determine if NGEN Images are allowed to be loaded. (Defined as diff --git a/src/vm/eetoprofinterfaceimpl.cpp b/src/vm/eetoprofinterfaceimpl.cpp index 1ceed3d..e96a9e5 100644 --- a/src/vm/eetoprofinterfaceimpl.cpp +++ b/src/vm/eetoprofinterfaceimpl.cpp @@ -2370,18 +2370,6 @@ HRESULT EEToProfInterfaceImpl::SetEventMask(DWORD dwEventMask, DWORD dwEventMask } } - // Flags defined in COR_PRF_REQUIRE_PROFILE_IMAGE will force to JIT mscorlib if the - // user does not ngen mscorlib with /profiler. Similarly, the - // COR_PRF_DISABLE_ALL_NGEN_IMAGES flag always forces us to JIT mscorlib. Using the - // jitted version of mscorlib with HPA(Host Protection Attributes) enabled will cause - // stack overflow inside JIT. See Dev 10 Bug 637987 for the detail. - if (((dwEventMask & (COR_PRF_REQUIRE_PROFILE_IMAGE | COR_PRF_DISABLE_ALL_NGEN_IMAGES)) != 0) && - (GetHostProtectionManager() != NULL) && - (GetHostProtectionManager()->GetProtectedCategories() != eNoChecks)) - { - return CORPROF_E_INCONSISTENT_FLAGS_WITH_HOST_PROTECTION_SETTING; - } - // High event bits if (((dwEventMaskHigh & COR_PRF_HIGH_ADD_ASSEMBLY_REFERENCES) != 0) && diff --git a/src/vm/i386/excepx86.cpp b/src/vm/i386/excepx86.cpp index 0f05aa2..b860800 100644 --- a/src/vm/i386/excepx86.cpp +++ b/src/vm/i386/excepx86.cpp @@ -33,7 +33,6 @@ #include "eeconfig.h" #include "vars.hpp" #include "generics.h" -#include "securityprincipal.h" #include "asmconstants.h" #include "virtualcallstub.h" diff --git a/src/vm/metasig.h b/src/vm/metasig.h index a840461..5df7038 100644 --- a/src/vm/metasig.h +++ b/src/vm/metasig.h @@ -32,7 +32,6 @@ // r -- Ref -- a byref // Ret -- indicates function return type // -// PMS -- PermissionSet // Var -- Variant // // b -- Byte -- (unsigned) byte @@ -306,8 +305,6 @@ DEFINE_METASIG_T(SM(Exception_RetInt, C(EXCEPTION), i)) DEFINE_METASIG_T(SM(ContextBoundObject_RetObj, C(CONTEXT_BOUND_OBJECT), j)) #endif -DEFINE_METASIG_T(SM(PMS_PMS_RetInt, C(PERMISSION_SET) C(PERMISSION_SET), i)) - DEFINE_METASIG(SM(IntPtr_RetVoid, I, v)) DEFINE_METASIG(SM(IntPtr_Bool_RetVoid, I F, v)) DEFINE_METASIG(SM(IntPtr_UInt_IntPtr_RetVoid, I K I, v)) @@ -342,38 +339,6 @@ DEFINE_METASIG_T(SM(RefDateTimeOffset_RefDateTimeNative_RetVoid, r(g(DATE_TIME_O DEFINE_METASIG_T(SM(RealProxy_Class_RetBool, C(REAL_PROXY) C(CLASS), F)) #endif -DEFINE_METASIG_T(SM(IPermission_RetPermissionToken, C(IPERMISSION), C(PERMISSION_TOKEN))) -DEFINE_METASIG_T(SM(FrameSecurityDescriptor_IPermission_PermissionToken_RuntimeMethodHandleInternal_RetBool, \ - C(FRAME_SECURITY_DESCRIPTOR) C(IPERMISSION) C(PERMISSION_TOKEN) g(METHOD_HANDLE_INTERNAL), F)) -DEFINE_METASIG_T(SM(FrameSecurityDescriptor_PMS_OutPMS_RuntimeMethodHandleInternal_RetBool, \ - C(FRAME_SECURITY_DESCRIPTOR) C(PERMISSION_SET) r(C(PERMISSION_SET)) g(METHOD_HANDLE_INTERNAL), F)) -DEFINE_METASIG_T(SM(FrameSecurityDescriptor_RetInt, C(FRAME_SECURITY_DESCRIPTOR), i)) -DEFINE_METASIG_T(SM(DynamicResolver_IPermission_PermissionToken_RuntimeMethodHandleInternal_RetBool, \ - C(DYNAMICRESOLVER) C(IPERMISSION) C(PERMISSION_TOKEN) g(METHOD_HANDLE_INTERNAL), F)) -DEFINE_METASIG_T(SM(DynamicResolver_PMS_OutPMS_RuntimeMethodHandleInternal_RetBool, \ - C(DYNAMICRESOLVER) C(PERMISSION_SET) r(C(PERMISSION_SET)) g(METHOD_HANDLE_INTERNAL), F)) -DEFINE_METASIG_T(SM(PermissionListSet_PMS_PMS_RetPermissionListSet, \ - C(PERMISSION_LIST_SET) C(PERMISSION_SET) C(PERMISSION_SET), C(PERMISSION_LIST_SET))) -DEFINE_METASIG_T(SM(PMS_IntPtr_RuntimeMethodHandleInternal_Assembly_SecurityAction_RetVoid, C(PERMISSION_SET) I g(METHOD_HANDLE_INTERNAL) C(ASSEMBLY) g(SECURITY_ACTION), v)) -#ifdef FEATURE_COMPRESSEDSTACK -DEFINE_METASIG_T(SM(CS_PMS_PMS_CodeAccessPermission_PermissionToken_RuntimeMethodHandleInternal_Assembly_SecurityAction_RetVoid, \ - C(COMPRESSED_STACK) C(PERMISSION_SET) C(PERMISSION_SET) C(CODE_ACCESS_PERMISSION) C(PERMISSION_TOKEN) g(METHOD_HANDLE_INTERNAL) C(ASSEMBLY) g(SECURITY_ACTION), v)) -DEFINE_METASIG_T(SM(CS_PMS_PMS_PMS_RuntimeMethodHandleInternal_Assembly_SecurityAction_RetVoid, C(COMPRESSED_STACK) C(PERMISSION_SET) C(PERMISSION_SET) C(PERMISSION_SET) g(METHOD_HANDLE_INTERNAL) C(ASSEMBLY) g(SECURITY_ACTION), v)) -#else // #ifdef FEATURE_COMPRESSEDSTACK -DEFINE_METASIG_T(SM(CS_PMS_PMS_CodeAccessPermission_PermissionToken_RuntimeMethodHandleInternal_Assembly_SecurityAction_RetVoid, \ - j C(PERMISSION_SET) C(PERMISSION_SET) C(CODE_ACCESS_PERMISSION) C(PERMISSION_TOKEN) g(METHOD_HANDLE_INTERNAL) C(ASSEMBLY) g(SECURITY_ACTION), v)) -DEFINE_METASIG_T(SM(CS_PMS_PMS_PMS_RuntimeMethodHandleInternal_Assembly_SecurityAction_RetVoid, j C(PERMISSION_SET) C(PERMISSION_SET) C(PERMISSION_SET) g(METHOD_HANDLE_INTERNAL) C(ASSEMBLY) g(SECURITY_ACTION), v)) -#endif // #ifdef FEATURE_COMPRESSEDSTACK -DEFINE_METASIG_T(SM(Evidence_RefInt_Bool_RetPMS, C(EVIDENCE) r(i) F, C(PERMISSION_SET))) -#ifdef FEATURE_APTCA -DEFINE_METASIG_T(SM(Assembly_PMS_PMS_RuntimeMethodHandleInternal_SecurityAction_Obj_IPermission_RetVoid, C(ASSEMBLY) C(PERMISSION_SET) C(PERMISSION_SET) g(METHOD_HANDLE_INTERNAL) g(SECURITY_ACTION) j C(IPERMISSION), v)) -#endif // FEATURE_APTCA -DEFINE_METASIG_T(SM(Evidence_PMS_PMS_PMS_PMS_int_Bool_RetPMS, \ - C(EVIDENCE) C(PERMISSION_SET) C(PERMISSION_SET) C(PERMISSION_SET) r(C(PERMISSION_SET)) r(i) F, C(PERMISSION_SET))) -DEFINE_METASIG_T(SM(Int_PMS_RetVoid, i C(PERMISSION_SET), v)) -DEFINE_METASIG_T(SM(Int_PMS_Resolver_RetVoid, i C(PERMISSION_SET) C(RESOLVER), v)) -DEFINE_METASIG_T(SM(PMS_RetVoid, C(PERMISSION_SET), v)) - #ifndef FEATURE_CORECLR DEFINE_METASIG_T(SM(ExecutionContext_ContextCallback_Object_Bool_RetVoid, \ C(EXECUTIONCONTEXT) C(CONTEXTCALLBACK) j F, v)) @@ -402,7 +367,6 @@ DEFINE_METASIG(SM(ArrByte_RetObj, a(b), j)) DEFINE_METASIG(SM(ArrByte_Bool_RetObj, a(b) F, j)) DEFINE_METASIG(SM(ArrByte_ArrByte_RefObj_RetObj, a(b) a(b) r(j), j)) DEFINE_METASIG_T(SM(PtrSByt_Int_Int_Encoding_RetStr, P(B) i i C(ENCODING), s)) -DEFINE_METASIG_T(SM(ArrObj_Bool_RefArrByte_OutPMS_HostProtectionResource_Bool_RetArrByte, a(j) F r(a(b)) r(C(PERMISSION_SET)) g(HOST_PROTECTION_RESOURCE) F, a(b))) DEFINE_METASIG_T(SM(Evidence_RetEvidence, C(EVIDENCE), C(EVIDENCE))) #ifdef FEATURE_CAS_POLICY DEFINE_METASIG_T(SM(PEFile_Evidence_RetEvidence, C(SAFE_PEFILE_HANDLE) C(EVIDENCE), C(EVIDENCE))) @@ -413,14 +377,6 @@ DEFINE_METASIG_T(IM(Evidence_RetVoid, C(EVIDENCE), v)) DEFINE_METASIG_T(SM(Void_RetRuntimeTypeHandle, _, g(RT_TYPE_HANDLE))) DEFINE_METASIG(SM(Void_RetIntPtr, _, I)) -#ifdef FEATURE_CAS_POLICY -#ifdef FEATURE_NONGENERIC_COLLECTIONS -DEFINE_METASIG_T(SM(CS_PMS_PMS_ArrayList_ArrayList_RetVoid, \ - C(COMPRESSED_STACK) C(PERMISSION_SET) C(PERMISSION_SET) C(ARRAY_LIST) C(ARRAY_LIST), v)) -#else -#error Need replacement for GetZoneAndOriginHelper -#endif // FEATURE_NONGENERIC_COLLECTIONS -#endif // #ifdef FEATURE_CAS_POLICY DEFINE_METASIG_T(SM(UInt_UInt_PtrNativeOverlapped_RetVoid, K K P(g(NATIVEOVERLAPPED)), v)) #ifdef FEATURE_REMOTING DEFINE_METASIG_T(SM(CrossContextDelegate_ArrObj_RetObj, C(CROSS_CONTEXT_DELEGATE) a(j), j)) @@ -526,15 +482,8 @@ DEFINE_METASIG_T(IM(Obj_Obj_BindingFlags_Binder_CultureInfo_RetVoid, j j g(BINDI DEFINE_METASIG_T(IM(Obj_Obj_BindingFlags_Binder_ArrObj_CultureInfo_RetVoid, j j g(BINDING_FLAGS) C(BINDER) a(j) C(CULTURE_INFO), v)) DEFINE_METASIG_T(IM(Obj_BindingFlags_Binder_ArrObj_CultureInfo_RetObj, j g(BINDING_FLAGS) C(BINDER) a(j) C(CULTURE_INFO), j)) DEFINE_METASIG_T(IM(Obj_Type_CultureInfo_RetObj, j C(TYPE) C(CULTURE_INFO), j)) -DEFINE_METASIG_T(IM(IPrincipal_RetVoid, C(IPRINCIPAL), v)) DEFINE_METASIG_T(IM(MemberInfo_RetVoid, C(MEMBER), v)) DEFINE_METASIG(IM(IntPtr_ArrObj_Obj_RefArrObj_RetObj, I a(j) j r(a(j)), j)) -DEFINE_METASIG_T(IM(CodeAccessPermission_RetBool, C(CODE_ACCESS_PERMISSION), F)) -DEFINE_METASIG_T(IM(IPermission_RetIPermission, C(IPERMISSION), C(IPERMISSION))) -DEFINE_METASIG_T(IM(IPermission_RetBool, C(IPERMISSION), F)) -DEFINE_METASIG_T(IM(PMS_RetVoid, C(PERMISSION_SET), v)) -DEFINE_METASIG_T(IM(PMS_RetPMS, C(PERMISSION_SET), C(PERMISSION_SET))) -DEFINE_METASIG_T(IM(PMS_RetBool, C(PERMISSION_SET), F)) DEFINE_METASIG(IM(RefObject_RetBool, r(j), F)) DEFINE_METASIG_T(IM(Class_RetObj, C(CLASS), j)) DEFINE_METASIG(IM(Int_VoidPtr_RetVoid, i P(v), v)) @@ -592,7 +541,6 @@ DEFINE_METASIG_T(IM(BindingFlags_RetArrMemberInfo, g(BINDING_FLAGS), a(C(MEMBER) DEFINE_METASIG_T(IM(BindingFlags_RetArrMethodInfo, g(BINDING_FLAGS), a(C(METHOD_INFO)))) DEFINE_METASIG_T(IM(BindingFlags_RetArrPropertyInfo, g(BINDING_FLAGS), a(C(PROPERTY_INFO)))) DEFINE_METASIG(IM(ArrByte_RetVoid, a(b), v)) -DEFINE_METASIG_T(IM(ArrByte_HostProtectionResource_HostProtectionResource_RetBool, a(b) g(HOST_PROTECTION_RESOURCE) g(HOST_PROTECTION_RESOURCE), F)) DEFINE_METASIG(IM(ArrChar_RetVoid, a(u), v)) DEFINE_METASIG(IM(ArrChar_Int_Int_RetVoid, a(u) i i, v)) DEFINE_METASIG_T(IM(ArrType_ArrException_Str_RetVoid, a(C(TYPE)) a(C(EXCEPTION)) s, v)) @@ -602,10 +550,6 @@ DEFINE_METASIG_T(IM(RuntimeType_RetVoid, C(CLASS) , v)) DEFINE_METASIG_T(SM(ArrException_PtrInt_RetVoid, a(C(EXCEPTION)) P(i), v)) DEFINE_METASIG_T(IM(RuntimeArgumentHandle_PtrVoid_RetVoid, g(ARGUMENT_HANDLE) P(v), v)) -DEFINE_METASIG_T(IM(SecurityPermissionFlag_RetVoid, g(SECURITY_PERMISSION_FLAG), v)) -DEFINE_METASIG_T(IM(PermissionState_RetVoid, g(PERMISSION_STATE), v)) -DEFINE_METASIG_T(IM(SecurityAction_RetVoid, g(SECURITY_ACTION), v)) -DEFINE_METASIG_T(IM(ReflectionPermissionFlag_RetVoid, g(REFLECTION_PERMISSION_FLAG), v)) DEFINE_METASIG_T(IM(LicenseInteropHelper_GetCurrentContextInfo, r(i) r(I) g(RT_TYPE_HANDLE), v)) DEFINE_METASIG(IM(LicenseInteropHelper_SaveKeyInCurrentContext, I, v)) DEFINE_METASIG_T(SM(LicenseInteropHelper_AllocateAndValidateLicense, g(RT_TYPE_HANDLE) I i, j)) @@ -642,8 +586,6 @@ DEFINE_METASIG(SM(Obj_OutStr_OutStr_OutArrStr_OutArrObj_RetObj, j r(s) r(s) r(a( // Execution Context DEFINE_METASIG_T(SM(SyncCtx_ArrIntPtr_Bool_Int_RetInt, C(SYNCHRONIZATION_CONTEXT) a(I) F i, i)) #endif // #ifdef FEATURE_SYNCHRONIZATIONCONTEXT_WAIT -// HostProtectionException -DEFINE_METASIG_T(IM(HPR_HPR_RetVoid, g(HOST_PROTECTION_RESOURCE) g(HOST_PROTECTION_RESOURCE), v)) #ifdef FEATURE_COMINTEROP // The signature of the method System.Runtime.InteropServices.ICustomQueryInterface.GetInterface diff --git a/src/vm/mscorlib.cpp b/src/vm/mscorlib.cpp index b6fef9e..6fb2663 100644 --- a/src/vm/mscorlib.cpp +++ b/src/vm/mscorlib.cpp @@ -27,8 +27,6 @@ #include "arraynative.h" #include "stringnative.h" #include "stringbuffer.h" -#include "securityimperative.h" -#include "securitystackwalk.h" #include "objectnative.h" #include "comdelegate.h" #include "customattribute.h" @@ -71,34 +69,16 @@ #include "reflectioninvocation.h" #include "managedmdimport.hpp" #include "synchronizationcontextnative.h" -#include "newcompressedstack.h" #include "commemoryfailpoint.h" #include "typestring.h" #include "comdependenthandle.h" #include "weakreferencenative.h" #include "varargsnative.h" -#ifndef FEATURE_CORECLR -#include "confighelper.h" -#include "console.h" -#endif - #ifdef MDA_SUPPORTED #include "mdaassistants.h" #endif -#ifdef FEATURE_CRYPTO -#include "cryptography.h" -#endif // FEATURE_CRYPTO - -#ifndef FEATURE_CORECLR -#include "securityprincipal.h" -#endif // !FEATURE_CORECLR - -#ifdef FEATURE_X509 -#include "x509certificate.h" -#endif // FEATURE_X509 - #include "coverage.h" #ifdef FEATURE_COMINTEROP diff --git a/src/vm/mscorlib.h b/src/vm/mscorlib.h index bd40a7d..ca6b5e3 100644 --- a/src/vm/mscorlib.h +++ b/src/vm/mscorlib.h @@ -82,14 +82,7 @@ DEFINE_FIELD_U(ReflectionOnlyAssemblyResolve, AppDomainBaseObject, m_pReflectio #ifdef FEATURE_REMOTING DEFINE_FIELD_U(_DefaultContext, AppDomainBaseObject, m_pDefaultContext) #endif -#if defined(FEATURE_CLICKONCE) -DEFINE_FIELD_U(_activationContext, AppDomainBaseObject, m_pActivationContext) -DEFINE_FIELD_U(_applicationIdentity, AppDomainBaseObject, m_pApplicationIdentity) -#endif DEFINE_FIELD_U(_applicationTrust, AppDomainBaseObject, m_pApplicationTrust) -#ifdef FEATURE_IMPERSONATION -DEFINE_FIELD_U(_DefaultPrincipal, AppDomainBaseObject, m_pDefaultPrincipal) -#endif // FEATURE_IMPERSONATION #ifdef FEATURE_REMOTING DEFINE_FIELD_U(_RemotingData, AppDomainBaseObject, m_pURITable) #endif @@ -104,9 +97,6 @@ DEFINE_FIELD_U(_compatFlags, AppDomainBaseObject, m_compatFlags) DEFINE_FIELD_U(_firstChanceException, AppDomainBaseObject, m_pFirstChanceExceptionHandler) #endif // FEATURE_EXCEPTION_NOTIFICATIONS DEFINE_FIELD_U(_pDomain, AppDomainBaseObject, m_pDomain) -#ifdef FEATURE_CAS_POLICY -DEFINE_FIELD_U(_PrincipalPolicy, AppDomainBaseObject, m_iPrincipalPolicy) -#endif DEFINE_FIELD_U(_HasSetPolicy, AppDomainBaseObject, m_bHasSetPolicy) DEFINE_FIELD_U(_IsFastFullTrustDomain, AppDomainBaseObject, m_bIsFastFullTrustDomain) DEFINE_FIELD_U(_compatFlagsInitialized, AppDomainBaseObject, m_compatFlagsInitialized) @@ -135,9 +125,6 @@ DEFINE_METHOD(APP_DOMAIN, SET_DOMAIN_CONTEXT, InternalSetDomainCon #endif // FEATURE_FUSION #ifdef FEATURE_REMOTING DEFINE_METHOD(APP_DOMAIN, CREATE_DOMAIN, CreateDomain, SM_Str_Evidence_AppDomainSetup_RetAppDomain) -#ifdef FEATURE_CAS_POLICY -DEFINE_METHOD(APP_DOMAIN, CREATE_DOMAINEX, CreateDomain, SM_Str_Evidence_Str_Str_Bool_RetAppDomain) -#endif // FEATURE_CAS_POLICY DEFINE_METHOD(APP_DOMAIN, VAL_CREATE_DOMAIN, InternalCreateDomain, SM_Str_RetAppDomain) #endif #ifdef FEATURE_REMOTING @@ -152,10 +139,6 @@ DEFINE_METHOD(APP_DOMAIN, TURN_ON_BINDING_REDIRECTS, TurnOnBindingRedi DEFINE_METHOD(APP_DOMAIN, CREATE_APP_DOMAIN_MANAGER, CreateAppDomainManager, IM_RetVoid) DEFINE_METHOD(APP_DOMAIN, INITIALIZE_COMPATIBILITY_FLAGS, InitializeCompatibilityFlags, IM_RetVoid) DEFINE_METHOD(APP_DOMAIN, INITIALIZE_DOMAIN_SECURITY, InitializeDomainSecurity, IM_Evidence_Evidence_Bool_IntPtr_Bool_RetVoid) -#ifdef FEATURE_CLICKONCE -DEFINE_METHOD(APP_DOMAIN, SETUP_DEFAULT_CLICKONCE_DOMAIN, SetupDefaultClickOnceDomain, IM_Str_ArrStr_ArrStr_RetVoid) -DEFINE_METHOD(APP_DOMAIN, ACTIVATE_APPLICATION, ActivateApplication, IM_RetInt) -#endif // FEATURE_CLICKONCE #ifdef FEATURE_APTCA DEFINE_METHOD(APP_DOMAIN, IS_ASSEMBLY_ON_APTCA_VISIBLE_LIST, IsAssemblyOnAptcaVisibleList, IM_Assembly_RetBool) DEFINE_METHOD(APP_DOMAIN, IS_ASSEMBLY_ON_APTCA_VISIBLE_LIST_RAW, IsAssemblyOnAptcaVisibleListRaw, IM_PtrChar_Int_PtrByte_Int_RetBool) @@ -180,36 +163,12 @@ DEFINE_FIELD_U(typeKind, TypeNameNative, typeKind) #endif -DEFINE_CLASS_U(Policy, ApplicationTrust, ApplicationTrustObject) - -#ifdef FEATURE_CLICKONCE -DEFINE_FIELD_U(m_appId, ApplicationTrustObject, _appId) -DEFINE_FIELD_U(m_extraInfo, ApplicationTrustObject, _extraInfo) -DEFINE_FIELD_U(m_elExtraInfo, ApplicationTrustObject, _elExtraInfo) -#endif // FEATURE_CLICKONCE - -DEFINE_FIELD_U(m_psDefaultGrant, ApplicationTrustObject, _psDefaultGrant) -DEFINE_FIELD_U(m_fullTrustAssemblies, ApplicationTrustObject, _fullTrustAssemblies) -DEFINE_FIELD_U(m_grantSetSpecialFlags, ApplicationTrustObject, _grantSetSpecialFlags) - -#ifdef FEATURE_CLICKONCE -DEFINE_FIELD_U(m_appTrustedToRun, ApplicationTrustObject, _appTrustedToRun) -DEFINE_FIELD_U(m_persist, ApplicationTrustObject, _persist) -#endif // FEATURE_CLICKONCE - -DEFINE_CLASS_U(Policy, PolicyStatement, PolicyStatementObject) -DEFINE_FIELD_U(m_permSet, PolicyStatementObject, _permSet) -DEFINE_FIELD_U(m_attributes, PolicyStatementObject, _attributes) - DEFINE_CLASS(APPDOMAIN_SETUP, System, AppDomainSetup) DEFINE_CLASS_U(System, AppDomainSetup, AppDomainSetupObject) DEFINE_FIELD_U(_Entries, AppDomainSetupObject, m_Entries) DEFINE_FIELD_U(_AppBase, AppDomainSetupObject, m_AppBase) DEFINE_FIELD_U(_AppDomainInitializer, AppDomainSetupObject, m_AppDomainInitializer) DEFINE_FIELD_U(_AppDomainInitializerArguments, AppDomainSetupObject, m_AppDomainInitializerArguments) -#ifdef FEATURE_CLICKONCE -DEFINE_FIELD_U(_ActivationArguments, AppDomainSetupObject, m_ActivationArguments) -#endif // FEATURE_CLICKONCE DEFINE_FIELD_U(_ApplicationTrust, AppDomainSetupObject, m_ApplicationTrust) DEFINE_FIELD_U(_ConfigurationBytes, AppDomainSetupObject, m_ConfigurationBytes) DEFINE_FIELD_U(_AppDomainManagerAssembly, AppDomainSetupObject, m_AppDomainManagerAssembly) @@ -318,11 +277,6 @@ DEFINE_METHOD(ASSEMBLY, ON_MODULE_RESOLVE, OnModuleResolveEvent DEFINE_METHOD(ASSEMBLY, DEMAND_PERMISSION, DemandPermission, SM_Str_Bool_Int_RetV) #endif -#ifdef FEATURE_CAS_POLICY -DEFINE_CLASS(ASSEMBLY_EVIDENCE_FACTORY, Policy, AssemblyEvidenceFactory) -DEFINE_METHOD(ASSEMBLY_EVIDENCE_FACTORY, UPGRADE_SECURITY_IDENTITY, UpgradeSecurityIdentity, SM_Evidence_Asm_RetEvidence) -#endif // FEATURE_CAS_POLICY - #ifdef FEATURE_COMINTEROP_REGISTRATION DEFINE_CLASS(ASSEMBLY_REGISTRATION_FLAGS, Interop, AssemblyRegistrationFlags) #endif // FEATURE_COMINTEROP_REGISTRATION @@ -372,8 +326,6 @@ DEFINE_METHOD(CLASS, GET_PROPERTY_INFO, GetPropertyInfo, DEFINE_CLASS(CLASS_INTROSPECTION_ONLY, System, ReflectionOnlyType) -DEFINE_CLASS(CODE_ACCESS_PERMISSION, Security, CodeAccessPermission) - #ifdef FEATURE_COMINTEROP DEFINE_CLASS_U(System, __ComObject, ComObject) DEFINE_FIELD_U(m_ObjectToDataMap, ComObject, m_ObjectToDataMap) @@ -466,20 +418,6 @@ DEFINE_METHOD(CONTEXT, RESERVE_SLOT, ReserveSlot, DEFINE_CLASS(CONTEXT_BOUND_OBJECT, System, ContextBoundObject) #endif -#ifdef FEATURE_CRYPTO -DEFINE_CLASS(CSP_PARAMETERS, Cryptography, CspParameters) - -DEFINE_FIELD(CSP_PARAMETERS, PROVIDER_TYPE, ProviderType) -DEFINE_FIELD(CSP_PARAMETERS, PROVIDER_NAME, ProviderName) -DEFINE_FIELD(CSP_PARAMETERS, KEY_CONTAINER_NAME, KeyContainerName) -DEFINE_FIELD(CSP_PARAMETERS, FLAGS, m_flags) -#endif //FEATURE_CRYPTO - -#if defined(FEATURE_X509) || defined(FEATURE_CRYPTO) -DEFINE_CLASS(CRYPTO_EXCEPTION, Cryptography, CryptographicException) -DEFINE_METHOD(CRYPTO_EXCEPTION, THROW, ThrowCryptographicException, SM_Int_RetVoid) -#endif // FEATURE_X509 || FEATURE_CRYPTO - #ifndef FEATURE_CORECLR DEFINE_CLASS_U(Globalization, AppDomainSortingSetupInfo, AppDomainSortingSetupInfoObject) DEFINE_FIELD_U(_pfnIsNLSDefinedString, AppDomainSortingSetupInfoObject, m_pfnIsNLSDefinedString) @@ -685,11 +623,6 @@ DEFINE_CLASS(EVENT_HANDLERGENERIC, System, EventHandler`1) DEFINE_CLASS(EVENT_INFO, Reflection, EventInfo) DEFINE_CLASS(EVIDENCE, Policy, Evidence) -#ifdef FEATURE_CAS_POLICY -// .ctor support for ICorRuntimeHost::CreateEvidence -DEFINE_METHOD(EVIDENCE, CTOR, .ctor, IM_RetVoid) -DEFINE_METHOD(EVIDENCE, WAS_STRONGNAME_EVIDENCE_USED, WasStrongNameEvidenceUsed, IM_RetBool) -#endif // FEATURE_CAS_POLICY DEFINE_CLASS_U(System, Exception, ExceptionObject) DEFINE_FIELD_U(_className, ExceptionObject, _className) @@ -788,17 +721,6 @@ DEFINE_FIELD_U(_completedSynchronously, AsyncResultBase, _completedSynchronously DEFINE_CLASS(FILESTREAM_ASYNCRESULT, IO, FileStreamAsyncResult) #endif // !FEATURE_CORECLR -DEFINE_CLASS_U(Security, FrameSecurityDescriptor, FrameSecurityDescriptorBaseObject) -DEFINE_FIELD_U(m_assertions, FrameSecurityDescriptorBaseObject, m_assertions) -DEFINE_FIELD_U(m_denials, FrameSecurityDescriptorBaseObject, m_denials) -DEFINE_FIELD_U(m_restriction, FrameSecurityDescriptorBaseObject, m_restriction) -DEFINE_FIELD_U(m_AssertFT, FrameSecurityDescriptorBaseObject, m_assertFT) -DEFINE_FIELD_U(m_assertAllPossible,FrameSecurityDescriptorBaseObject, m_assertAllPossible) -DEFINE_FIELD_U(m_DeclarativeAssertions, FrameSecurityDescriptorBaseObject, m_DeclarativeAssertions) -DEFINE_FIELD_U(m_DeclarativeDenials, FrameSecurityDescriptorBaseObject, m_DeclarativeDenials) -DEFINE_FIELD_U(m_DeclarativeRestrictions, FrameSecurityDescriptorBaseObject, m_DeclarativeRestrictions) -DEFINE_CLASS(FRAME_SECURITY_DESCRIPTOR, Security, FrameSecurityDescriptor) - DEFINE_CLASS(GUID, System, Guid) #ifdef FEATURE_COMINTEROP @@ -880,10 +802,6 @@ DEFINE_CLASS(IEXPANDO, Expando, IExpando) DEFINE_METHOD(IEXPANDO, ADD_FIELD, AddField, IM_Str_RetFieldInfo) DEFINE_METHOD(IEXPANDO, REMOVE_MEMBER, RemoveMember, IM_MemberInfo_RetVoid) -DEFINE_CLASS(IPERMISSION, Security, IPermission) - -DEFINE_CLASS(IPRINCIPAL, Principal, IPrincipal) - DEFINE_CLASS(IREFLECT, Reflection, IReflect) DEFINE_METHOD(IREFLECT, GET_PROPERTIES, GetProperties, IM_BindingFlags_RetArrPropertyInfo) DEFINE_METHOD(IREFLECT, GET_FIELDS, GetFields, IM_BindingFlags_RetArrFieldInfo) @@ -1162,66 +1080,6 @@ DEFINE_CLASS(PARAMETER, Reflection, ParameterInfo) DEFINE_CLASS(PARAMETER_MODIFIER, Reflection, ParameterModifier) -// Keep this in sync with System.Security.PermissionSet -DEFINE_CLASS_U(Security, PermissionSet, PermissionSetObject) -DEFINE_FIELD_U(m_permSet, PermissionSetObject, _permSet) -DEFINE_FIELD_U(m_Unrestricted, PermissionSetObject, _Unrestricted) -DEFINE_FIELD_U(m_allPermissionsDecoded, PermissionSetObject, _allPermissionsDecoded) -#ifdef FEATURE_CAS_POLICY -DEFINE_FIELD_U(m_canUnrestrictedOverride,PermissionSetObject, _canUnrestrictedOverride) -#endif // FEATURE_CAS_POLICY -DEFINE_FIELD_U(m_ignoreTypeLoadFailures, PermissionSetObject, _ignoreTypeLoadFailures) -DEFINE_FIELD_U(m_CheckedForNonCas, PermissionSetObject, _CheckedForNonCas) -DEFINE_FIELD_U(m_ContainsCas, PermissionSetObject, _ContainsCas) -DEFINE_FIELD_U(m_ContainsNonCas, PermissionSetObject, _ContainsNonCas) - -DEFINE_CLASS(PERMISSION_SET, Security, PermissionSet) -DEFINE_METHOD(PERMISSION_SET, CTOR, .ctor, IM_Bool_RetVoid) -DEFINE_METHOD(PERMISSION_SET, CREATE_SERIALIZED, CreateSerialized, SM_ArrObj_Bool_RefArrByte_OutPMS_HostProtectionResource_Bool_RetArrByte) -#ifdef FEATURE_CAS_POLICY -DEFINE_METHOD(PERMISSION_SET, SETUP_SECURITY, SetupSecurity, SM_RetVoid) -#endif // FEATURE_CAS_POLICY -#ifdef FEATURE_CAS_POLICY -DEFINE_METHOD(PERMISSION_SET, DECODE_XML, DecodeXml, IM_ArrByte_HostProtectionResource_HostProtectionResource_RetBool) -DEFINE_METHOD(PERMISSION_SET, ENCODE_XML, EncodeXml, IM_RetArrByte) -#endif // FEATURE_CAS_POLICY -DEFINE_METHOD(PERMISSION_SET, CONTAINS, Contains, IM_IPermission_RetBool) -DEFINE_METHOD(PERMISSION_SET, DEMAND, Demand, IM_RetVoid) -DEFINE_METHOD(PERMISSION_SET, DEMAND_NON_CAS, DemandNonCAS, IM_RetVoid) -DEFINE_METHOD(PERMISSION_SET, IS_UNRESTRICTED, IsUnrestricted, IM_RetBool) -#ifdef FEATURE_CAS_POLICY -DEFINE_METHOD(PERMISSION_SET, IS_SUBSET_OF, IsSubsetOf, IM_PMS_RetBool) -DEFINE_METHOD(PERMISSION_SET, INTERSECT, Intersect, IM_PMS_RetPMS) -#endif // #ifdef FEATURE_CAS_POLICY -DEFINE_METHOD(PERMISSION_SET, INPLACE_UNION, InplaceUnion, IM_PMS_RetVoid) -DEFINE_METHOD(PERMISSION_SET, UNION, Union, IM_PMS_RetPMS) -DEFINE_METHOD(PERMISSION_SET, IS_EMPTY, IsEmpty, IM_RetBool) -DEFINE_METHOD(PERMISSION_SET, ADD_PERMISSION, AddPermission, IM_IPermission_RetIPermission) - -DEFINE_CLASS(NAMEDPERMISSION_SET, Security, NamedPermissionSet) - -#ifdef FEATURE_CAS_POLICY -DEFINE_CLASS(PEFILE_EVIDENCE_FACTORY, Policy, PEFileEvidenceFactory) -DEFINE_METHOD(PEFILE_EVIDENCE_FACTORY, CREATE_SECURITY_IDENTITY, CreateSecurityIdentity, SM_PEFile_Evidence_RetEvidence) -#endif // FEATURE_CAS_POLICY - -DEFINE_CLASS_U(Security, PermissionListSet, PermissionListSetObject) -DEFINE_FIELD_U(m_firstPermSetTriple, PermissionListSetObject, _firstPermSetTriple) -DEFINE_FIELD_U(m_permSetTriples, PermissionListSetObject, _permSetTriples) -#ifdef FEATURE_COMPRESSEDSTACK -DEFINE_FIELD_U(m_zoneList, PermissionListSetObject, _zoneList) -DEFINE_FIELD_U(m_originList, PermissionListSetObject, _originList) -#endif // FEAUTRE_COMPRESSEDSTACK -DEFINE_CLASS(PERMISSION_LIST_SET, Security, PermissionListSet) -DEFINE_METHOD(PERMISSION_LIST_SET, CTOR, .ctor, IM_RetVoid) -DEFINE_METHOD(PERMISSION_LIST_SET, CHECK_DEMAND_NO_THROW, CheckDemandNoThrow, IM_CodeAccessPermission_RetBool) -DEFINE_METHOD(PERMISSION_LIST_SET, CHECK_SET_DEMAND_NO_THROW, CheckSetDemandNoThrow, IM_PMS_RetBool) -DEFINE_METHOD(PERMISSION_LIST_SET, UPDATE, Update, IM_PMS_RetVoid) - -DEFINE_CLASS(PERMISSION_STATE, Permissions, PermissionState) - -DEFINE_CLASS(PERMISSION_TOKEN, Security, PermissionToken) - DEFINE_CLASS(POINTER, Reflection, Pointer) DEFINE_CLASS_U(Reflection, Pointer, ReflectionPointer) @@ -1260,11 +1118,6 @@ DEFINE_METHOD(REAL_PROXY, SUPPORTSINTERFACE, SupportsInterface, #endif // FEATURE_COMINTEROP #endif // FEATURE_REMOTING -DEFINE_CLASS(REFLECTION_PERMISSION, Permissions, ReflectionPermission) -DEFINE_METHOD(REFLECTION_PERMISSION, CTOR, .ctor, IM_ReflectionPermissionFlag_RetVoid) - -DEFINE_CLASS(REFLECTION_PERMISSION_FLAG, Permissions, ReflectionPermissionFlag) - #ifdef FEATURE_COMINTEROP_REGISTRATION DEFINE_CLASS(REGISTRATION_SERVICES, Interop, RegistrationServices) DEFINE_METHOD(REGISTRATION_SERVICES,REGISTER_ASSEMBLY, RegisterAssembly, IM_AssemblyBase_AssemblyRegistrationFlags_RetBool) @@ -1382,101 +1235,18 @@ DEFINE_METHOD(SAFE_HANDLE, RELEASE_HANDLE, ReleaseHandle, DEFINE_METHOD(SAFE_HANDLE, DISPOSE, Dispose, IM_RetVoid) DEFINE_METHOD(SAFE_HANDLE, DISPOSE_BOOL, Dispose, IM_Bool_RetVoid) -#ifdef FEATURE_CAS_POLICY -DEFINE_CLASS(SAFE_PEFILE_HANDLE, SafeHandles, SafePEFileHandle) -#endif // FEATURE_CAS_POLICY - #ifndef FEATURE_CORECLR DEFINE_CLASS(SAFE_TOKENHANDLE, SafeHandles, SafeAccessTokenHandle) #endif DEFINE_CLASS(SAFE_TYPENAMEPARSER_HANDLE, System, SafeTypeNameParserHandle) -#ifdef FEATURE_COMPRESSEDSTACK -DEFINE_CLASS(SAFE_CSHANDLE, Threading, SafeCompressedStackHandle) -#endif // #ifdef FEATURE_COMPRESSEDSTACK - - -DEFINE_CLASS(SECURITY_ACTION, Permissions, SecurityAction) -DEFINE_CLASS(HOST_PROTECTION_RESOURCE, Permissions, HostProtectionResource) - -#ifdef FEATURE_CAS_POLICY -DEFINE_CLASS(SECURITY_ATTRIBUTE, Permissions, SecurityAttribute) -DEFINE_METHOD(SECURITY_ATTRIBUTE, FIND_SECURITY_ATTRIBUTE_TYPE_HANDLE, FindSecurityAttributeTypeHandle, SM_Str_RetIntPtr) -#endif - -#ifdef FEATURE_CAS_POLICY -DEFINE_CLASS(SECURITY_ELEMENT, Security, SecurityElement) -DEFINE_METHOD(SECURITY_ELEMENT, TO_STRING, ToString, IM_RetStr) -#endif // FEATURE_CAS_POLICY - -DEFINE_CLASS(SECURITY_ENGINE, Security, CodeAccessSecurityEngine) -DEFINE_METHOD(SECURITY_ENGINE, CHECK_HELPER, CheckHelper, SM_CS_PMS_PMS_CodeAccessPermission_PermissionToken_RuntimeMethodHandleInternal_Assembly_SecurityAction_RetVoid) -DEFINE_METHOD(SECURITY_ENGINE, CHECK_SET_HELPER, CheckSetHelper, SM_CS_PMS_PMS_PMS_RuntimeMethodHandleInternal_Assembly_SecurityAction_RetVoid) -#ifdef FEATURE_APTCA -DEFINE_METHOD(SECURITY_ENGINE, THROW_SECURITY_EXCEPTION, ThrowSecurityException, SM_Assembly_PMS_PMS_RuntimeMethodHandleInternal_SecurityAction_Obj_IPermission_RetVoid) -#endif // FEATURE_APTCA -#ifdef FEATURE_CAS_POLICY -DEFINE_METHOD(SECURITY_ENGINE, RESOLVE_GRANT_SET, ResolveGrantSet, SM_Evidence_RefInt_Bool_RetPMS) -DEFINE_METHOD(SECURITY_ENGINE, PRE_RESOLVE, PreResolve, SM_RefBool_RefBool_RetVoid) -#endif // FEATURE_CAS_POLICY - -#ifdef FEATURE_PLS -DEFINE_METHOD(SECURITY_ENGINE, UPDATE_APPDOMAIN_PLS, UpdateAppDomainPLS, SM_PermissionListSet_PMS_PMS_RetPermissionListSet) -#endif // FEATURE_PLS - -#ifdef FEATURE_CAS_POLICY -#ifdef FEATURE_NONGENERIC_COLLECTIONS -DEFINE_METHOD(SECURITY_ENGINE, GET_ZONE_AND_ORIGIN_HELPER, GetZoneAndOriginHelper, SM_CS_PMS_PMS_ArrayList_ArrayList_RetVoid) -#else -#error Need replacement for GetZoneAndOriginHelper -#endif // FEATURE_NONGENERIC_COLLECTIONS -DEFINE_METHOD(SECURITY_ENGINE, REFLECTION_TARGET_DEMAND_HELPER, ReflectionTargetDemandHelper, SM_Int_PMS_RetVoid) -DEFINE_METHOD(SECURITY_ENGINE, REFLECTION_TARGET_DEMAND_HELPER_WITH_CONTEXT, ReflectionTargetDemandHelper, SM_Int_PMS_Resolver_RetVoid) -DEFINE_METHOD(SECURITY_ENGINE, CHECK_GRANT_SET_HELPER, CheckGrantSetHelper, SM_PMS_RetVoid) -#endif // FEATURE_CAS_POLICY - DEFINE_CLASS(SECURITY_EXCEPTION, Security, SecurityException) -#ifdef FEATURE_CAS_POLICY -DEFINE_METHOD(SECURITY_EXCEPTION, CTOR, .ctor, IM_Str_Type_Str_RetVoid) -#endif // FEATURE_CAS_POLICY - -#ifdef FEATURE_CAS_POLICY -DEFINE_CLASS(HOST_PROTECTION_EXCEPTION, Security, HostProtectionException) -DEFINE_METHOD(HOST_PROTECTION_EXCEPTION, CTOR, .ctor, IM_HPR_HPR_RetVoid) -#endif // FEATURE_CAS_POLICY - -DEFINE_CLASS(SECURITY_MANAGER, Security, SecurityManager) -#ifdef FEATURE_CAS_POLICY -DEFINE_METHOD(SECURITY_MANAGER, RESOLVE_CAS_POLICY, ResolveCasPolicy, SM_Evidence_PMS_PMS_PMS_PMS_int_Bool_RetPMS) -#endif - -DEFINE_CLASS(SECURITY_PERMISSION, Permissions, SecurityPermission) -DEFINE_METHOD(SECURITY_PERMISSION, CTOR, .ctor, IM_SecurityPermissionFlag_RetVoid) -#ifdef FEATURE_CAS_POLICY -DEFINE_METHOD(SECURITY_PERMISSION, TOXML, ToXml, IM_RetSecurityElement) -#endif // FEATURE_CAS_POLICY - -DEFINE_CLASS(SECURITY_PERMISSION_FLAG,Permissions, SecurityPermissionFlag) - -DEFINE_CLASS(SECURITY_RUNTIME, Security, SecurityRuntime) -DEFINE_METHOD(SECURITY_RUNTIME, FRAME_DESC_HELPER, FrameDescHelper, SM_FrameSecurityDescriptor_IPermission_PermissionToken_RuntimeMethodHandleInternal_RetBool) -DEFINE_METHOD(SECURITY_RUNTIME, FRAME_DESC_SET_HELPER, FrameDescSetHelper, SM_FrameSecurityDescriptor_PMS_OutPMS_RuntimeMethodHandleInternal_RetBool) -#ifdef FEATURE_COMPRESSEDSTACK -DEFINE_METHOD(SECURITY_RUNTIME, CHECK_DYNAMIC_METHOD_HELPER, CheckDynamicMethodHelper, SM_DynamicResolver_IPermission_PermissionToken_RuntimeMethodHandleInternal_RetBool) -DEFINE_METHOD(SECURITY_RUNTIME, CHECK_DYNAMIC_METHOD_SET_HELPER, CheckDynamicMethodSetHelper, SM_DynamicResolver_PMS_OutPMS_RuntimeMethodHandleInternal_RetBool) -#endif // FEATURE_COMPRESSEDSTACK #ifdef FEATURE_REMOTING DEFINE_CLASS(SERVER_IDENTITY, Remoting, ServerIdentity) DEFINE_FIELD(SERVER_IDENTITY, SERVER_CONTEXT, _srvCtx) #endif // FEATURE_REMOTING -#ifdef FEATURE_COMPRESSEDSTACK -DEFINE_CLASS(DOMAIN_COMPRESSED_STACK, Threading, DomainCompressedStack) -DEFINE_METHOD(DOMAIN_COMPRESSED_STACK, CREATE_MANAGED_OBJECT, CreateManagedObject, SM_IntPtr_RetDCS) -DEFINE_CLASS(COMPRESSED_STACK, Threading, CompressedStack) -DEFINE_METHOD(COMPRESSED_STACK, RUN, Run, SM_CompressedStack_ContextCallback_Object_RetVoid) -#endif // FEATURE_COMPRESSEDSTACK DEFINE_CLASS(SHARED_STATICS, System, SharedStatics) DEFINE_FIELD(SHARED_STATICS, SHARED_STATICS, _sharedStatics) @@ -1573,36 +1343,6 @@ DEFINE_METHOD(TCE_EVENT_ITF_INFO, CTOR, .ctor, DEFINE_CLASS(CONTEXTCALLBACK, Threading, ContextCallback) -#if defined(FEATURE_IMPERSONATION) || defined(FEATURE_COMPRESSEDSTACK) -DEFINE_CLASS_U(Security, SecurityContext, SecurityContextObject) -DEFINE_FIELD_U(_executionContext, SecurityContextObject, _executionContext) -#if defined(FEATURE_IMPERSONATION) -DEFINE_FIELD_U(_windowsIdentity, SecurityContextObject, _windowsIdentity) -#endif -DEFINE_FIELD_U(_compressedStack, SecurityContextObject, _compressedStack) -DEFINE_FIELD_U(_disableFlow, SecurityContextObject, _disableFlow) -DEFINE_FIELD_U(isNewCapture, SecurityContextObject, _isNewCapture) -DEFINE_CLASS(SECURITYCONTEXT, Security, SecurityContext) -DEFINE_METHOD(SECURITYCONTEXT, RUN, Run, SM_SecurityContext_ContextCallback_Object_RetVoid) -#endif // #if defined(FEATURE_IMPERSONATION) || defined(FEATURE_COMPRESSEDSTACK) - -#ifndef FEATURE_CORECLR -DEFINE_CLASS_U(Threading, ExecutionContext, ExecutionContextObject) -#ifdef FEATURE_CAS_POLICY -DEFINE_FIELD_U(_hostExecutionContext, ExecutionContextObject, _hostExecutionContext) -#endif // FEATURE_CAS_POLICY -DEFINE_FIELD_U(_syncContext, ExecutionContextObject, _syncContext) -#if defined(FEATURE_IMPERSONATION) || defined(FEATURE_COMPRESSEDSTACK) -DEFINE_FIELD_U(_securityContext, ExecutionContextObject, _securityContext) -#endif // #if defined(FEATURE_IMPERSONATION) || defined(FEATURE_COMPRESSEDSTACK) -#ifdef FEATURE_REMOTING -DEFINE_FIELD_U(_logicalCallContext, ExecutionContextObject, _logicalCallContext) -DEFINE_FIELD_U(_illogicalCallContext, ExecutionContextObject, _illogicalCallContext) -#endif // #ifdef FEATURE_REMOTING -DEFINE_CLASS(EXECUTIONCONTEXT, Threading, ExecutionContext) -DEFINE_METHOD(EXECUTIONCONTEXT, RUN, Run, SM_ExecutionContext_ContextCallback_Object_Bool_RetVoid) -#endif //FEATURE_CORECLR - #ifdef _DEBUG DEFINE_CLASS(STACKCRAWMARK, Threading, StackCrawlMark) #endif @@ -1630,9 +1370,6 @@ DEFINE_CLASS(THREAD, Threading, Thread) DEFINE_FIELD(THREAD, CULTURE, m_CurrentCulture) DEFINE_FIELD(THREAD, UI_CULTURE, m_CurrentUICulture) #endif -#ifdef FEATURE_IMPERSONATION -DEFINE_METHOD(THREAD, SET_PRINCIPAL_INTERNAL, SetPrincipalInternal, IM_IPrincipal_RetVoid) -#endif #ifdef FEATURE_REMOTING DEFINE_STATIC_PROPERTY(THREAD, CURRENT_CONTEXT, CurrentContext, Context) #endif @@ -1676,9 +1413,6 @@ DEFINE_PROPERTY(TYPE, IS_IMPORT, IsImport, DEFINE_CLASS(TYPE_DELEGATOR, Reflection, TypeDelegator) -DEFINE_CLASS(UI_PERMISSION, Permissions, UIPermission) -DEFINE_METHOD(UI_PERMISSION, CTOR, .ctor, IM_PermissionState_RetVoid) - DEFINE_CLASS(UNHANDLED_EVENTARGS, System, UnhandledExceptionEventArgs) DEFINE_METHOD(UNHANDLED_EVENTARGS, CTOR, .ctor, IM_Obj_Bool_RetVoid) @@ -1711,15 +1445,6 @@ DEFINE_CLASS(VALUE_TYPE, System, ValueType) DEFINE_CLASS(VARIANT_WRAPPER, Interop, VariantWrapper) #endif // FEATURE_COMINTEROP -#ifdef FEATURE_IMPERSONATION -DEFINE_CLASS(WINDOWS_IDENTITY, Principal, WindowsIdentity) -DEFINE_METHOD(WINDOWS_IDENTITY, SERIALIZATION_CTOR, .ctor, IM_SerInfo_RetVoid) -#endif -#ifdef FEATURE_X509 -DEFINE_CLASS(X509_CERTIFICATE, X509, X509Certificate) -DEFINE_METHOD(X509_CERTIFICATE, CTOR, .ctor, IM_ArrByte_RetVoid) -#endif // FEATURE_X509 - DEFINE_CLASS(GC, System, GC) DEFINE_METHOD(GC, KEEP_ALIVE, KeepAlive, SM_Obj_RetVoid) DEFINE_METHOD(GC, COLLECT, Collect, SM_RetVoid) @@ -2191,28 +1916,6 @@ DEFINE_FIELD_U(_Kind, ContractExceptionObject, _Kind) DEFINE_FIELD_U(_UserMessage, ContractExceptionObject, _UserMessage) DEFINE_FIELD_U(_Condition, ContractExceptionObject, _Condition) -// The COM interfaces for the reflection types. -#if defined(FEATURE_COMINTEROP) && !defined(FEATURE_CORECLR) -DEFINE_CLASS(IAPPDOMAIN, System, _AppDomain) -DEFINE_CLASS(ITYPE, InteropServices, _Type) -DEFINE_CLASS(IASSEMBLY, InteropServices, _Assembly) -DEFINE_CLASS(IMEMBERINFO, InteropServices, _MemberInfo) -DEFINE_CLASS(IMETHODBASE, InteropServices, _MethodBase) -DEFINE_CLASS(IMETHODINFO, InteropServices, _MethodInfo) -DEFINE_CLASS(ICONSTRUCTORINFO, InteropServices, _ConstructorInfo) -DEFINE_CLASS(IFIELDINFO, InteropServices, _FieldInfo) -DEFINE_CLASS(IPROPERTYINFO, InteropServices, _PropertyInfo) -DEFINE_CLASS(IEVENTINFO, InteropServices, _EventInfo) -DEFINE_CLASS(IPARAMETERINFO, InteropServices, _ParameterInfo) -DEFINE_CLASS(IMODULE, InteropServices, _Module) -#endif // FEATURE_COMINTEROP && !FEATURE_CORECLR - -#ifdef FEATURE_COMPRESSEDSTACK -DEFINE_CLASS_U(Security, FrameSecurityDescriptorWithResolver, FrameSecurityDescriptorWithResolverBaseObject) -DEFINE_FIELD_U(m_resolver, FrameSecurityDescriptorWithResolverBaseObject, m_resolver) -DEFINE_CLASS(FRAME_SECURITY_DESCRIPTOR_WITH_RESOLVER, Security, FrameSecurityDescriptorWithResolver) -#endif // FEATURE_COMPRESSEDSTACK - #ifdef FEATURE_COMINTEROP DEFINE_CLASS(ASYNC_TRACING_EVENT_ARGS, WindowsFoundationDiag, TracingStatusChangedEventArgs) DEFINE_CLASS(IASYNC_TRACING_EVENT_ARGS, WindowsFoundationDiag, ITracingStatusChangedEventArgs) diff --git a/src/vm/newcompressedstack.cpp b/src/vm/newcompressedstack.cpp deleted file mode 100644 index 5957dc3..0000000 --- a/src/vm/newcompressedstack.cpp +++ /dev/null @@ -1,1074 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. -// - - -// - -#include "common.h" -#ifdef FEATURE_COMPRESSEDSTACK - -#include "newcompressedstack.h" -#include "security.h" -#ifdef FEATURE_REMOTING -#include "appdomainhelper.h" -#endif -#include "securitystackwalk.h" -#include "appdomainstack.inl" -#include "appdomain.inl" - - -DomainCompressedStack::DomainCompressedStack(ADID domainID) -: m_DomainID(domainID), - m_ignoreAD(FALSE), - m_dwOverridesCount(0), - m_dwAssertCount(0), - m_Homogeneous(FALSE) -{ - WRAPPER_NO_CONTRACT; -} - -BOOL DomainCompressedStack::IsAssemblyPresent(ISharedSecurityDescriptor* ssd) -{ - CONTRACTL - { - MODE_ANY; - GC_NOTRIGGER; - NOTHROW; - }CONTRACTL_END; - - - // Only checks the first level and does not recurse into compressed stacks - void* pEntry = NULL; - - if (m_EntryList.GetCount() == 0) - return FALSE; - - // Quick check the last entry we added - common case - pEntry = m_EntryList.Get(m_EntryList.GetCount() - 1); - if (pEntry == (void *)SET_LOW_BIT(ssd)) - return TRUE; - - // Go thru the whole list now - is this optimal? - ArrayList::Iterator iter = m_EntryList.Iterate(); - - while (iter.Next()) - { - pEntry = iter.GetElement(); - if (pEntry == (void *)SET_LOW_BIT(ssd)) - return TRUE; - } - return FALSE; -} - -void DomainCompressedStack::AddEntry(void * ptr) -{ - CONTRACTL - { - THROWS; - GC_NOTRIGGER; - MODE_ANY; - } - CONTRACTL_END; - - IfFailThrow(m_EntryList.Append(ptr)); - -} -VOID FrameSecurityDescriptorCopyFrom(FRAMESECDESCREF newFsdRef, FRAMESECDESCREF fsd) -{ - CONTRACTL - { - NOTHROW; - GC_NOTRIGGER; - SO_TOLERANT; - MODE_COOPERATIVE; - } - CONTRACTL_END; - newFsdRef->SetImperativeAssertions(fsd->GetImperativeAssertions()); - newFsdRef->SetImperativeDenials(fsd->GetImperativeDenials()); - newFsdRef->SetImperativeRestrictions(fsd->GetImperativeRestrictions()); - newFsdRef->SetDeclarativeAssertions(fsd->GetDeclarativeAssertions()); - newFsdRef->SetDeclarativeDenials(fsd->GetDeclarativeDenials()); - newFsdRef->SetDeclarativeRestrictions(fsd->GetDeclarativeRestrictions()); - newFsdRef->SetAssertAllPossible(fsd->HasAssertAllPossible()); - newFsdRef->SetAssertFT(fsd->HasAssertFT()); -} - -void DomainCompressedStack::AddFrameEntry(AppDomain *pAppDomain, FRAMESECDESCREF fsdRef, BOOL bIsAHDMFrame, OBJECTREF dynamicResolverRef) -{ - CONTRACTL - { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - } - CONTRACTL_END; - - ENTER_DOMAIN_PTR(pAppDomain,ADV_RUNNINGIN) //have it on the stack - { - struct gc - { - OBJECTREF fsdRef; - OBJECTREF newFsdRef; - OBJECTREF dynamicResolverRef; - } gc; - ZeroMemory( &gc, sizeof( gc ) ); - gc.fsdRef = (OBJECTREF)fsdRef; - gc.dynamicResolverRef = dynamicResolverRef; - - GCPROTECT_BEGIN(gc); - - static MethodTable* pMethFrameSecDesc = NULL; - if (pMethFrameSecDesc == NULL) - pMethFrameSecDesc = MscorlibBinder::GetClass(CLASS__FRAME_SECURITY_DESCRIPTOR); - - static MethodTable* pMethFrameSecDescWCS = NULL; - if (pMethFrameSecDescWCS == NULL) - pMethFrameSecDescWCS = MscorlibBinder::GetClass(CLASS__FRAME_SECURITY_DESCRIPTOR_WITH_RESOLVER); - - if(!bIsAHDMFrame) - { - gc.newFsdRef = AllocateObject(pMethFrameSecDesc); - } - else - { - gc.newFsdRef = AllocateObject(pMethFrameSecDescWCS); - } - - // We will not call the ctor and instead patch up the object based on the fsdRef passed in - FRAMESECDESCREF newFsdRef = (FRAMESECDESCREF)gc.newFsdRef; - FRAMESECDESCREF fsdRef1 = (FRAMESECDESCREF)gc.fsdRef; - if(fsdRef1 != NULL) - { - FrameSecurityDescriptorCopyFrom(newFsdRef, fsdRef1); - } - if(bIsAHDMFrame) - { - _ASSERTE(gc.dynamicResolverRef != NULL); - ((FRAMESECDESWITHRESOLVERCREF)newFsdRef)->SetDynamicMethodResolver(gc.dynamicResolverRef); - } - OBJECTHANDLEHolder tmpHnd(pAppDomain->CreateHandle(gc.newFsdRef)); - - AddEntry((void*)tmpHnd); - tmpHnd.SuppressRelease(); - GCPROTECT_END(); - - } - END_DOMAIN_TRANSITION; - -} - - -void DomainCompressedStack::Destroy(void) -{ - CONTRACTL - { - NOTHROW; - GC_NOTRIGGER; - MODE_ANY; - } - CONTRACTL_END; - - // Clear Domain info (handles etc.) if the AD has not been unloaded. - ClearDomainInfo(); - return; -} - -FCIMPL1(DWORD, DomainCompressedStack::GetDescCount, DomainCompressedStack* dcs) -{ - FCALL_CONTRACT; - - FCUnique(0x42); - - return dcs->m_EntryList.GetCount(); -} -FCIMPLEND - -FCIMPL3(void, DomainCompressedStack::GetDomainPermissionSets, DomainCompressedStack* dcs, OBJECTREF* ppGranted, OBJECTREF* ppDenied) -{ - FCALL_CONTRACT; - - HELPER_METHOD_FRAME_BEGIN_0(); - - *ppGranted = NULL; - *ppDenied = NULL; - - AppDomain* appDomain = SystemDomain::GetAppDomainFromId(dcs->GetMyDomain(),ADV_RUNNINGIN); - if (appDomain == NULL) - { - // this might be the unloading AD - AppDomain *pUnloadingDomain = SystemDomain::System()->AppDomainBeingUnloaded(); - if (pUnloadingDomain && pUnloadingDomain->GetId() == dcs->m_DomainID) - { -#ifdef _DEBUG - CheckADValidity(pUnloadingDomain, ADV_RUNNINGIN); -#endif - appDomain = pUnloadingDomain; - } - } - _ASSERTE(appDomain != NULL); - if (appDomain != NULL) - { - IApplicationSecurityDescriptor * pAppSecDesc = appDomain->GetSecurityDescriptor(); - _ASSERTE(pAppSecDesc != NULL); - if (pAppSecDesc != NULL) - { - *ppGranted = pAppSecDesc->GetGrantedPermissionSet(ppDenied); - } - } - - HELPER_METHOD_FRAME_END(); -} -FCIMPLEND - -FCIMPL6(FC_BOOL_RET, DomainCompressedStack::GetDescriptorInfo, DomainCompressedStack* dcs, DWORD index, OBJECTREF* ppGranted, OBJECTREF* ppDenied, OBJECTREF* ppAssembly, OBJECTREF* ppFSD) -{ - FCALL_CONTRACT; - - _ASSERTE(dcs != NULL); - AppDomain* pCurrentDomain = GetAppDomain(); - BOOL bRetVal = FALSE; - - HELPER_METHOD_FRAME_BEGIN_RET_0() - *ppGranted = NULL; - *ppDenied = NULL; - *ppAssembly = NULL; - *ppFSD = NULL; - void* pEntry = dcs->m_EntryList.Get(index); - _ASSERTE(pEntry != NULL); - if (IS_LOW_BIT_SET(pEntry)) - { - // Assembly found - SharedSecurityDescriptor* pSharedSecDesc = (SharedSecurityDescriptor* )UNSET_LOW_BIT(pEntry); - Assembly* pAssembly = pSharedSecDesc->GetAssembly(); - IAssemblySecurityDescriptor* pAsmSecDesc = pAssembly->GetSecurityDescriptor( pCurrentDomain ); - *ppGranted = pAsmSecDesc->GetGrantedPermissionSet(ppDenied); - *ppAssembly = pAssembly->GetExposedObject(); - } - else - { - //FSD - OBJECTHANDLE objHnd = (OBJECTHANDLE)pEntry; - if (objHnd == NULL) - { - // throw an ADUnloaded exception which we will catch and then look at the serializedBlob - COMPlusThrow(kAppDomainUnloadedException); - } - *ppFSD = ObjectFromHandle(objHnd); - bRetVal = TRUE; - } - HELPER_METHOD_FRAME_END(); - - FC_RETURN_BOOL(bRetVal); -} -FCIMPLEND - -FCIMPL1(FC_BOOL_RET, DomainCompressedStack::IgnoreDomain, DomainCompressedStack* dcs) -{ - FCALL_CONTRACT; - - _ASSERTE(dcs != NULL); - - FC_RETURN_BOOL(dcs->IgnoreDomainInternal()); -} -FCIMPLEND - -BOOL DomainCompressedStack::IgnoreDomainInternal() -{ - CONTRACTL - { - NOTHROW; - GC_NOTRIGGER; - MODE_COOPERATIVE; - SO_TOLERANT; - } - CONTRACTL_END; - - if (m_ignoreAD) - return TRUE; - - AppDomainFromIDHolder appDomain(GetMyDomain(), TRUE); - if (!appDomain.IsUnloaded()) - { - IApplicationSecurityDescriptor *pAppSecDesc = appDomain->GetSecurityDescriptor(); - _ASSERTE(pAppSecDesc != NULL); - if (pAppSecDesc != NULL) - { - return pAppSecDesc->IsDefaultAppDomain() || pAppSecDesc->IsInitializationInProgress(); - } - } - - return FALSE; -} - - -/* - Note that this function is called only once: when the managed PLS is being created. - It's possible that 2 threads could race at that point: only downside of that is that they will both do the work. No races. - Also, we'll never be operating on a DCS whose domain is not on the current callstack. This eliminates all kinds of ADU/demand eval races. -*/ -OBJECTREF DomainCompressedStack::GetDomainCompressedStackInternal(AppDomain *pDomain) -{ - CONTRACTL - { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - } - CONTRACTL_END; - - // If we are going to skip this AppDomain, and there is nothing to compress, then we can skip building the DCS. - if (m_EntryList.GetCount() == 0 && IgnoreDomainInternal()) - return NULL; - - AppDomain* pCurrentDomain = GetAppDomain(); - - NewArrayHolder pbtmpSerializedObject(NULL); -#ifndef FEATURE_CORECLR - DWORD cbtmpSerializedObject = 0; -#endif - - struct gc - { - OBJECTREF refRetVal; - } gc; - ZeroMemory( &gc, sizeof( gc ) ); - - GCPROTECT_BEGIN( gc ); - - // Create object - ENTER_DOMAIN_ID (GetMyDomain()) //on the stack - { - - // Go ahead and create the object -#ifdef FEATURE_CORECLR // ignore other appdomains - if (GetAppDomain() == pCurrentDomain) -#endif - { - MethodDescCallSite createManagedObject(METHOD__DOMAIN_COMPRESSED_STACK__CREATE_MANAGED_OBJECT); - ARG_SLOT args[] = {PtrToArgSlot(this)}; - gc.refRetVal = createManagedObject.Call_RetOBJECTREF(args); - } - -#ifndef FEATURE_CORECLR - // Do we want to marshal this object also? - if (GetAppDomain() != pCurrentDomain) - { - // Serialize to a blob; - AppDomainHelper::MarshalObject(GetAppDomain(), &gc.refRetVal, &pbtmpSerializedObject, &cbtmpSerializedObject); - if (pbtmpSerializedObject == NULL) - { - // this is an error: possibly an OOM prevented the blob from getting created. - // We could return null and let the managed code use a fully restricted object or throw here. - // Let's throw here... - COMPlusThrow(kSecurityException); - } - } -#endif - - } - END_DOMAIN_TRANSITION - -#ifndef FEATURE_CORECLR // should never happen for core clr - if (GetMyDomain() != pCurrentDomain->GetId()) - { - AppDomainHelper::UnmarshalObject(pCurrentDomain,pbtmpSerializedObject, cbtmpSerializedObject, &gc.refRetVal); - } -#endif - - GCPROTECT_END(); - - return gc.refRetVal; -} - - -void DomainCompressedStack::ClearDomainInfo(void) -{ - CONTRACTL - { - NOTHROW; - GC_NOTRIGGER; - MODE_ANY; - } - CONTRACTL_END; - - - // So, assume mutual exclusion holds and no races occur here - - - // Now it is time to go NULL out any ObjectHandle we're using in the list of entries - ArrayList::Iterator iter = m_EntryList.Iterate(); - - while (iter.Next()) - { - void* pEntry = iter.GetElement(); - if (!IS_LOW_BIT_SET(pEntry)) - { - DestroyHandle((OBJECTHANDLE)pEntry); - } - pEntry = NULL; - } - - - // Always clear the index into the domain object list and the domainID. - m_DomainID = ADID(INVALID_APPDOMAIN_ID); - return; -} - -NewCompressedStack::NewCompressedStack() -: m_DCSListCount(0), - m_currentDCS(NULL), - m_pCtxTxFrame(NULL), - m_CSAD(ADID(INVALID_APPDOMAIN_ID)), - m_ADStack(GetThread()->GetAppDomainStack()), - m_dwOverridesCount(0), - m_dwAssertCount(0) -{ - CONTRACTL - { - THROWS; - GC_NOTRIGGER; - MODE_ANY; - } - CONTRACTL_END; - - _ASSERTE(m_ADStack.GetNumDomains() > 0); - m_ADStack.InitDomainIteration(&adStackIndex); - m_DCSList = new DomainCompressedStack*[m_ADStack.GetNumDomains()]; - memset(m_DCSList, 0, (m_ADStack.GetNumDomains()*sizeof(DomainCompressedStack*))); - -} - - -void NewCompressedStack::Destroy( CLR_BOOL bEntriesOnly ) -{ - CONTRACTL - { - NOTHROW; - GC_NOTRIGGER; - MODE_ANY; - } - CONTRACTL_END; - - if (m_DCSList != NULL) - { - m_currentDCS = NULL; - m_pCtxTxFrame = NULL; - for (DWORD i=0; i< m_ADStack.GetNumDomains(); i++) - { - DomainCompressedStack* dcs = m_DCSList[i]; - if (dcs != NULL) - { - dcs->Destroy(); - delete dcs; - } - } - delete[] m_DCSList; - m_DCSList = NULL; - } - if (!bEntriesOnly) - delete this; - -} - - -void NewCompressedStack::ProcessAppDomainTransition(void) -{ - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - } CONTRACTL_END; - - // Get the current adstack entry. Note that the first time we enter this function, adStackIndex will - // equal the size of the adstack array (similar to what happens in IEnumerator). - // So the initial pEntry will be NULL - AppDomainStackEntry *pEntry = - (adStackIndex == m_ADStack.GetNumDomains() ? NULL : m_ADStack.GetCurrentDomainEntryOnStack(adStackIndex)); - - // Updated the value on the ADStack for current domain - if (pEntry != NULL) - { - DWORD domainOverrides_measured = (m_currentDCS == NULL?0:m_currentDCS->GetOverridesCount()); - DWORD domainAsserts_measured = (m_currentDCS == NULL?0:m_currentDCS->GetAssertCount()); - if (pEntry->m_dwOverridesCount != domainOverrides_measured || pEntry->m_dwAsserts != domainAsserts_measured) - { - m_ADStack.UpdateDomainOnStack(adStackIndex, domainAsserts_measured, domainOverrides_measured); - GetThread()->UpdateDomainOnStack(adStackIndex, domainAsserts_measured, domainOverrides_measured); - } - } - - // Move the domain index forward if this is not the last entry - if (adStackIndex > 0) - m_ADStack.GetNextDomainEntryOnStack(&adStackIndex); - m_currentDCS = NULL; - - return; - -} -DWORD NewCompressedStack::ProcessFrame(AppDomain* pAppDomain, Assembly* pAssembly, MethodDesc* pFunc, ISharedSecurityDescriptor* pSsd, FRAMESECDESCREF* pFsdRef) -{ - // This function will be called each time we hit a new stack frame in a stack walk. - - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - PRECONDITION(CheckPointer(pAppDomain)); - PRECONDITION(CheckPointer(pSsd)); - } CONTRACTL_END; - - // Get the current adstack entry. Note that the first time we enter this function, adStackIndex will - // equal the size of the adstack array (similar to what happens in IEnumerator). - // So the initial pEntry will be NULL - AppDomainStackEntry *pEntry = - (adStackIndex == m_ADStack.GetNumDomains() ? NULL : m_ADStack.GetCurrentDomainEntryOnStack(adStackIndex)); - - - _ASSERTE(pEntry != NULL); - PREFIX_ASSUME(pEntry != NULL); - FRAMESECDESCREF FsdRef = (pFsdRef!=NULL?*pFsdRef:NULL); - DWORD dwFlags = 0; - if (FsdRef != NULL) - { - - if (FsdRef->HasAssertFT()) - dwFlags |= CORSEC_FT_ASSERT; - } - - BOOL bIsAHDMFrame = FALSE; - - if((pFunc != NULL) && !CLRConfig::GetConfigValue(CLRConfig::UNSUPPORTED_Security_DisableAnonymouslyHostedDynamicMethodCreatorSecurityCheck)) - { - ENTER_DOMAIN_PTR(pAppDomain, ADV_RUNNINGIN) - { - bIsAHDMFrame = SecurityStackWalk::MethodIsAnonymouslyHostedDynamicMethodWithCSToEvaluate(pFunc); - } - END_DOMAIN_TRANSITION; - } - - if (!bIsAHDMFrame && ((pEntry->IsFullyTrustedWithNoStackModifiers()) || - (m_currentDCS != NULL && m_currentDCS->m_Homogeneous))) - { - // Nothing to do in this entire AD. - return dwFlags; - } - - ADID dNewDomainID = pAppDomain->GetId(); - BOOL bAddSSD = (!pSsd->IsSystem() && !IsAssemblyPresent(dNewDomainID, pSsd)); - BOOL bHasStackModifiers = FALSE; - DWORD overridesCount = 0; - DWORD assertCount = 0; - - - if (FsdRef != NULL) - { - overridesCount += FsdRef->GetOverridesCount(); - assertCount += FsdRef->GetAssertCount(); - } - - // If this is an AHDM frame with a CS to evaluate, it may have overrides or asserts, - // so treat it as if it does - if(bIsAHDMFrame) - { - overridesCount++; - assertCount++; - } - - bHasStackModifiers = ( (assertCount + overridesCount) > 0); - - // - // We need to add a new DCS if we don't already have one for this AppDomain. If we've reached this - // point, either: - // * the AppDomain is partially trusted - // * the AppDomain is fully trusted, but may have stack modifiers in play - // * we're running in legacy mode where FullTrust doesn't mean FullTrust - // - // If the domain is partially trusted, we'll always need to capture it. If we got this far due to a - // fully trusted domain that might have stack modifiers, we only have to capture if there really were - // stack walk modifiers. In the legacy mode case, we need to capture the domain if we had stack - // modifiers or we needed to add the shared security descriptor. - // - - BOOL bCreateDCS = (m_currentDCS == NULL || m_currentDCS->m_DomainID != dNewDomainID); - if (pAppDomain->GetSecurityDescriptor()->IsFullyTrusted()) - { - bCreateDCS &= (bAddSSD || bHasStackModifiers); - } - - if (bCreateDCS) - { - CreateDCS(dNewDomainID); - } - - // Add the ISharedSecurityDescriptor (Assembly) to the list if it is not already present in the list - if (bAddSSD) - { - m_currentDCS->AddEntry((void*)SET_LOW_BIT(pSsd)); - if (pEntry->IsHomogeneousWithNoStackModifiers()) - m_currentDCS->m_Homogeneous = TRUE; - } - if (bHasStackModifiers) - { - OBJECTREF dynamicResolverRef = NULL; - if(bIsAHDMFrame) - { - _ASSERTE(pFunc->IsLCGMethod()); - dynamicResolverRef = pFunc->AsDynamicMethodDesc()->GetLCGMethodResolver()->GetManagedResolver(); - } - - // We need to add the FSD entry here - m_currentDCS->AddFrameEntry(pAppDomain, FsdRef, bIsAHDMFrame, dynamicResolverRef); - m_currentDCS->m_dwOverridesCount += overridesCount; - m_currentDCS->m_dwAssertCount += assertCount; - m_dwOverridesCount += overridesCount; - m_dwAssertCount += assertCount; - } - return dwFlags; -} - -// Build a CompressedStack given that all domains on the stack are homogeneous with no stack modifiers -FCIMPL1(void, NewCompressedStack::FCallGetHomogeneousPLS, Object* hgPLSUnsafe) -{ - FCALL_CONTRACT; - - OBJECTREF refHomogeneousPLS = (OBJECTREF)hgPLSUnsafe; - - HELPER_METHOD_FRAME_BEGIN_1(refHomogeneousPLS); - - - // Walk the adstack and update the grantSetUnion - AppDomainStack* pADStack = GetThread()->GetAppDomainStackPointer(); - DWORD dwAppDomainIndex; - pADStack->InitDomainIteration(&dwAppDomainIndex); - -#ifdef FEATURE_REMOTING // without remoting we need only current appdomain - while (dwAppDomainIndex != 0) -#endif - { - AppDomainStackEntry* pEntry = pADStack->GetNextDomainEntryOnStack(&dwAppDomainIndex); - _ASSERTE(pEntry != NULL); - - pEntry->UpdateHomogeneousPLS(&refHomogeneousPLS); - } - - - HELPER_METHOD_FRAME_END(); - return ; -} -FCIMPLEND; - -// Special case of ProcessFrame called with the CS at the base of the thread -void NewCompressedStack::ProcessCS(AppDomain* pAppDomain, COMPRESSEDSTACKREF csRef, Frame *pFrame) -{ - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - PRECONDITION(CheckPointer(pAppDomain)); - } CONTRACTL_END; - - _ASSERTE(csRef != NULL && "Shouldn't call this function if CS is NULL"); - ADID dNewDomainID = pAppDomain->GetId(); - NewCompressedStack* pCS = (NewCompressedStack* )csRef->GetUnmanagedCompressedStack(); - if (csRef->IsEmptyPLS() && (pCS == NULL || pCS->GetDCSListCount() == 0)) - { - // Do nothing - empty inner CS - return; - } - - // Let's special case the 1-domain CS that has no inner CSs here - // Check for: - // 1. == 1 DCS - // 2. DCS is in correct AD (it's possible that pCS is AD-X and it has only one DCS in AD-Y, because AD-X has only mscorlib frames - // 3. No inner CS - if ( pCS != NULL && - pCS->GetDCSListCount() == 1 && - pCS->m_DCSList != NULL && - pCS->m_currentDCS != NULL && - pCS->m_currentDCS->m_DomainID == dNewDomainID && - pCS->m_CSAD == ADID(INVALID_APPDOMAIN_ID)) - { - ProcessSingleDomainNCS(pCS, pAppDomain); - } - else - { - - // set flag to ignore Domain grant set if the current DCS is the same as the one with the CS - if (m_currentDCS != NULL && m_currentDCS->m_DomainID == dNewDomainID) - { - m_currentDCS->m_ignoreAD = TRUE; - } - - // Update overrides/asserts - if (pCS != NULL) - { - m_dwOverridesCount += pCS->GetOverridesCount(); - m_dwAssertCount += pCS->GetAssertCount(); - } - - - // Do we need to store the CtxTransitionFrame or did we get the CS from the thread? - if (pFrame != NULL) - { - _ASSERTE(csRef == SecurityStackWalk::GetCSFromContextTransitionFrame(pFrame)); - // Use data from the CtxTxFrame - m_pCtxTxFrame = pFrame; - } - m_CSAD = dNewDomainID; - } - -} -void NewCompressedStack::ProcessSingleDomainNCS(NewCompressedStack *pCS, AppDomain* pAppDomain) -{ - - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - PRECONDITION(CheckPointer(pAppDomain)); - } CONTRACTL_END; - - _ASSERTE(pCS->GetDCSListCount() <= 1 && pCS->m_CSAD == ADID(INVALID_APPDOMAIN_ID)); - ADID newDomainID = pAppDomain->GetId(); - DomainCompressedStack* otherDCS = pCS->m_currentDCS; - - if (otherDCS == NULL) - return; - if (m_currentDCS == NULL) - CreateDCS(newDomainID); - - - // Iterate thru the entryList in the current DCS - ArrayList::Iterator iter = otherDCS->m_EntryList.Iterate(); - while (iter.Next()) - { - void* pEntry = iter.GetElement(); - if (IS_LOW_BIT_SET(pEntry)) - { - if (!IsAssemblyPresent(newDomainID, (ISharedSecurityDescriptor*)UNSET_LOW_BIT(pEntry))) - { - //Add the assembly - m_currentDCS->AddEntry(pEntry); - } - } - else - { - // FrameSecurityDescriptor - OBJECTHANDLE objHnd = (OBJECTHANDLE)pEntry; - OBJECTREF fsdRef = ObjectFromHandle(objHnd); - OBJECTHANDLEHolder tmpHnd(pAppDomain->CreateHandle(fsdRef)); - - m_currentDCS->AddEntry((void*)tmpHnd); - tmpHnd.SuppressRelease(); - - } - - } - - m_currentDCS->m_dwOverridesCount += pCS->m_dwOverridesCount; - m_currentDCS->m_dwAssertCount += pCS->m_dwAssertCount; - m_dwOverridesCount += pCS->m_dwOverridesCount; - m_dwAssertCount += pCS->m_dwAssertCount; -} -void NewCompressedStack::CreateDCS(ADID domainID) -{ - CONTRACTL { - THROWS; - GC_NOTRIGGER; - MODE_ANY; - } CONTRACTL_END; - - _ASSERTE(adStackIndex < m_ADStack.GetNumDomains()); - _ASSERTE (m_DCSList != NULL); - m_DCSList[adStackIndex] = new DomainCompressedStack(domainID); - m_currentDCS = m_DCSList[adStackIndex]; - m_DCSListCount++; - - return; -} - - -BOOL NewCompressedStack::IsAssemblyPresent(ADID domainID, ISharedSecurityDescriptor* pSsd) -{ - CONTRACTL - { - NOTHROW; - GC_NOTRIGGER; - MODE_ANY; - } - CONTRACTL_END; - - _ASSERTE(domainID != ADID(INVALID_APPDOMAIN_ID) && "Don't pass invalid domain"); - - BOOL bEntryPresent = FALSE; - - for(DWORD i=0; i < m_ADStack.GetNumDomains(); i++) - { - - DomainCompressedStack* pTmpDCS = m_DCSList[i]; - - if (pTmpDCS != NULL && pTmpDCS->m_DomainID == domainID && pTmpDCS->IsAssemblyPresent(pSsd)) - { - bEntryPresent = TRUE; - break; - } - } - return bEntryPresent; -} - - -BOOL NewCompressedStack::IsDCSContained(DomainCompressedStack *pDCS) -{ - CONTRACTL - { - NOTHROW; - GC_NOTRIGGER; - MODE_ANY; - } - CONTRACTL_END; - - // return FALSE if no DCS or DCS is for a domain that has been unloaded - if (pDCS == NULL || pDCS->m_DomainID == ADID(INVALID_APPDOMAIN_ID)) - return FALSE; - - - - // Iterate thru the entryList in the current DCS - ArrayList::Iterator iter = pDCS->m_EntryList.Iterate(); - while (iter.Next()) - { - void* pEntry = iter.GetElement(); - if (IS_LOW_BIT_SET(pEntry)) - { - // We only check Assemblies. - if (!IsAssemblyPresent(pDCS->m_DomainID, (ISharedSecurityDescriptor*)UNSET_LOW_BIT(pEntry))) - return FALSE; - } - } - return TRUE; -} - -BOOL NewCompressedStack::IsNCSContained(NewCompressedStack *pCS) -{ - CONTRACTL - { - NOTHROW; - GC_NOTRIGGER; - MODE_ANY; - } - CONTRACTL_END; - - // Check if the first level of pCS is contained in this. - if (pCS == NULL) - return TRUE; - - // Return FALSE if there are any overrides or asserts - if (pCS->GetOverridesCount() > 0) - return FALSE; - // Return FALSE if there is an inner CS - if (pCS->m_CSAD != ADID(INVALID_APPDOMAIN_ID)) - return FALSE; - - for(DWORD i=0; i < m_ADStack.GetNumDomains(); i++) - { - DomainCompressedStack *pDCS = (DomainCompressedStack *) m_DCSList[i]; - if (!IsDCSContained(pDCS)) - return FALSE; - } - return TRUE; - -} - - -// If there is a compressed stack present in the captured CompressedStack, return that CS in the current domain -OBJECTREF NewCompressedStack::GetCompressedStackInner() -{ - _ASSERTE(m_CSAD != ADID(INVALID_APPDOMAIN_ID)); - - AppDomain* pCurrentDomain = GetAppDomain(); - NewArrayHolder pbtmpSerializedObject(NULL); - - - OBJECTREF refRetVal = NULL; - - if (pCurrentDomain->GetId()== m_CSAD) - { - // we're in the right domain already - if (m_pCtxTxFrame == NULL) - { - // Get CS from the thread - refRetVal = GetThread()->GetCompressedStack(); - } - else - { - // Get CS from a Ctx transition frame - refRetVal = (OBJECTREF)SecurityStackWalk::GetCSFromContextTransitionFrame(m_pCtxTxFrame); - _ASSERTE(refRetVal != NULL); //otherwise we would not have saved the frame in the CB data - } - } - else -#ifndef FEATURE_CORECLR // should never happen for core clr - { - DWORD cbtmpSerializedObject = 0; - GCPROTECT_BEGIN (refRetVal); - // need to marshal the CS over into the current AD - ENTER_DOMAIN_ID(m_CSAD); - { - if (m_pCtxTxFrame == NULL) - { - - // Get CS from the thread - refRetVal = GetThread()->GetCompressedStack(); - } - else - { - // Get CS from a Ctx transition frame - refRetVal = (OBJECTREF)SecurityStackWalk::GetCSFromContextTransitionFrame(m_pCtxTxFrame); - _ASSERTE(refRetVal != NULL); //otherwise we would not have saved the frame in the CB data - } - AppDomainHelper::MarshalObject(GetAppDomain(), &refRetVal, &pbtmpSerializedObject, &cbtmpSerializedObject); - } - END_DOMAIN_TRANSITION - refRetVal = NULL; - AppDomainHelper::UnmarshalObject(pCurrentDomain,pbtmpSerializedObject, cbtmpSerializedObject, &refRetVal); - GCPROTECT_END (); - _ASSERTE(refRetVal != NULL); //otherwise we would not have saved the frame in the CB data - } -#else - { - UNREACHABLE(); - } -#endif // !FEATURE_CORECLR - - return refRetVal; - -} - -// == Now begin the functions used in building Demand evaluation of a compressed stack -FCIMPL1(DWORD, NewCompressedStack::FCallGetDCSCount, SafeHandle* hcsUNSAFE) -{ - FCALL_CONTRACT; - - DWORD dwRet = 0; - if (hcsUNSAFE != NULL) - { - SAFEHANDLE hcsSAFE = (SAFEHANDLE) hcsUNSAFE; - - HELPER_METHOD_FRAME_BEGIN_RET_1(hcsSAFE); - - NewCompressedStack* ncs = (NewCompressedStack *)hcsSAFE->GetHandle(); - - dwRet = ncs->m_ADStack.GetNumDomains(); - HELPER_METHOD_FRAME_END(); - } - - return dwRet; - -} -FCIMPLEND - - -FCIMPL2(FC_BOOL_RET, NewCompressedStack::FCallIsImmediateCompletionCandidate, SafeHandle* hcsUNSAFE, OBJECTREF *innerCS) -{ - FCALL_CONTRACT; - - BOOL bRet = FALSE; - if (hcsUNSAFE != NULL) - { - SAFEHANDLE hcsSAFE = (SAFEHANDLE) hcsUNSAFE; - - HELPER_METHOD_FRAME_BEGIN_RET_1(hcsSAFE); - - *innerCS = NULL; - - NewCompressedStack* ncs = (NewCompressedStack *)hcsSAFE->GetHandle(); - - if (ncs != NULL) - { - // Non-FT case - - // Is there an inner CS? - BOOL bHasCS = (ncs->m_CSAD != ADID(INVALID_APPDOMAIN_ID)); - - // Is there is a DCS not in the current AD - BOOL bHasOtherAppDomain = FALSE; - if (ncs->m_DCSList != NULL) - { - for(DWORD i=0; i < ncs->m_ADStack.GetNumDomains(); i++) - { - DomainCompressedStack* dcs = ncs->m_DCSList[i]; - if (dcs != NULL && dcs->GetMyDomain() != GetAppDomain()->GetId()) - { - bHasOtherAppDomain = TRUE; - break; - } - } - } - if (bHasCS) - { - - - *innerCS = ncs->GetCompressedStackInner(); - ncs->m_pCtxTxFrame = NULL; // Clear the CtxTxFrame ASAP - - } - bRet = bHasOtherAppDomain||bHasCS; - } - - HELPER_METHOD_FRAME_END(); - } - - FC_RETURN_BOOL(bRet); -} -FCIMPLEND - - -FCIMPL2(Object*, NewCompressedStack::GetDomainCompressedStack, SafeHandle* hcsUNSAFE, DWORD index) -{ - FCALL_CONTRACT; - - OBJECTREF refRetVal = NULL; - if (hcsUNSAFE != NULL) - { - SAFEHANDLE hcsSAFE = (SAFEHANDLE) hcsUNSAFE; - - HELPER_METHOD_FRAME_BEGIN_RET_2(refRetVal, hcsSAFE); - - - - NewCompressedStack* ncs = (NewCompressedStack *)hcsSAFE->GetHandle(); - - // First we check to see if the DCS at index i has a blob. If so, deserialize it into the current AD and return it. Else try create it - DomainCompressedStack* dcs = ncs->m_DCSList[index]; - if (dcs != NULL) - { - refRetVal = dcs->GetDomainCompressedStackInternal(NULL); - } - - HELPER_METHOD_FRAME_END(); - } - - return OBJECTREFToObject(refRetVal); - -} -FCIMPLEND - -FCIMPL1(void, NewCompressedStack::DestroyDCSList, SafeHandle* hcsUNSAFE) -{ - FCALL_CONTRACT; - - SAFEHANDLE hcsSAFE = (SAFEHANDLE) hcsUNSAFE; - - HELPER_METHOD_FRAME_BEGIN_1(hcsSAFE); - - NewCompressedStack* ncs = (NewCompressedStack *)hcsSAFE->GetHandle(); - - ncs->Destroy(TRUE); - - HELPER_METHOD_FRAME_END(); - -} -FCIMPLEND -#endif // #ifdef FEATURE_COMPRESSEDSTACK diff --git a/src/vm/newcompressedstack.h b/src/vm/newcompressedstack.h deleted file mode 100644 index e3a6393..0000000 --- a/src/vm/newcompressedstack.h +++ /dev/null @@ -1,197 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. -// - - -// - -#ifndef __newcompressedstack_h__ -#define __newcompressedstack_h__ -#ifdef FEATURE_COMPRESSEDSTACK - -#include "objectlist.h" -// Returns true if the low bit in the ptr argument is set to 1 -#define IS_LOW_BIT_SET(ptr) (((UINT_PTR)ptr) & 1) -// Sets the low bit in the ptr passed in -#define SET_LOW_BIT(ptr) (((UINT_PTR)ptr)|1) -// Reset the low bit to 0 -#define UNSET_LOW_BIT(ptr) (((UINT_PTR)ptr)& ~((size_t)1)) - -class DomainCompressedStack; -class NewCompressedStack; - - - -// This is the class that will contain an array of entries. -// All the entries will be for a single AppDomain -class DomainCompressedStack -{ - friend class NewCompressedStack; -public: - ADID GetMyDomain() - { - // It is OK if m_DomainID gets set to -1 by ADU code and we return a valid AD. - // (what that means is that tmp_adid is not invalid, but m_DomainID is set to invalid by ADU code - // after we cached it) - // Two cases: - // 1. AD has set NoEnter - // 1.a) current thread is finalizer: it will be allowed to enter the AD, but Destroy() takes a lock and checks again. So we're good - // 1.b) current thread is not finalizer: it will not be allowed to enter AD and the value returned here will be NULL - // 2. AD has not set NoEnter, but is in the process of CS processing at ADU - // A valid AD pointer is returned, which is all that this function is required to do. Since ADU unload is done handling this DCS, we'll not - // enter that AD, but use the blob in the DCS. - CONTRACTL - { - NOTHROW; - GC_NOTRIGGER; - MODE_COOPERATIVE; - SO_TOLERANT; - } - CONTRACTL_END; - - return m_DomainID; - } - // Construction and maintenence - DomainCompressedStack(ADID domainID); //ctor - BOOL IsAssemblyPresent(ISharedSecurityDescriptor* ssd); - void AddEntry(void *ptr); -#ifndef DACCESS_COMPILE - void AddFrameEntry(AppDomain * pAppDomain, FRAMESECDESCREF fsdRef, BOOL bIsAHDMFrame, OBJECTREF dynamicResolverRef); -#endif - void Destroy(void); - - // Demand evaluation - static FCDECL1(DWORD, GetDescCount, DomainCompressedStack* dcs); - static FCDECL3(void, GetDomainPermissionSets, DomainCompressedStack* dcs, OBJECTREF* ppGranted, OBJECTREF* ppDenied); - static FCDECL6(FC_BOOL_RET, GetDescriptorInfo, DomainCompressedStack* dcs, DWORD index, OBJECTREF* ppGranted, OBJECTREF* ppDenied, OBJECTREF* ppAssembly, OBJECTREF* ppFSD); - static FCDECL1(FC_BOOL_RET, IgnoreDomain, DomainCompressedStack* dcs); - OBJECTREF GetDomainCompressedStackInternal(AppDomain *pDomain); - - // AppDomain unload - void ClearDomainInfo(void); - static void AllHandleAppDomainUnload(AppDomain* pDomain, ADID domainId, ObjectList* list ); - static void ReleaseDomainCompressedStack( DomainCompressedStack* dcs ) { - WRAPPER_NO_CONTRACT; - dcs->Destroy(); - }; - static DomainCompressedStack* GetNextEntryFromADList(AppDomain* pDomain, ObjectList::Iterator iter); - void AppDomainUnloadDone(AppDomain* pDomain); - - - -private: - ArrayList m_EntryList; - ADID m_DomainID; // either a valid domain ID or INVALID_APPDOMAIN_ID (set by unloading AppDomain to that value) - BOOL m_ignoreAD; // Do not look at domain grant set since we have a CS at the threadbaseobject. - DWORD m_dwOverridesCount; - DWORD m_dwAssertCount; - BOOL m_Homogeneous; - - DWORD GetOverridesCount( void ) - { - LIMITED_METHOD_CONTRACT; - return m_dwOverridesCount; - } - - DWORD GetAssertCount( void ) - { - LIMITED_METHOD_CONTRACT; - return m_dwAssertCount; - } - - BOOL IgnoreDomainInternal(); -}; -typedef Holder, DomainCompressedStack::ReleaseDomainCompressedStack > DomainCompressedStackHolder; - -class NewCompressedStack -{ - -private: - DomainCompressedStack** m_DCSList; - DWORD m_DCSListCount; - DomainCompressedStack *m_currentDCS; - Frame *m_pCtxTxFrame; // Be super careful where you use this. Remember that this is a stack location and is not always valid. - ADID m_CSAD; - AppDomainStack m_ADStack; - DWORD adStackIndex; - DWORD m_dwOverridesCount; - DWORD m_dwAssertCount; - - - void CreateDCS(ADID domainID); - BOOL IsAssemblyPresent(ADID domainID, ISharedSecurityDescriptor* pSsd); - BOOL IsDCSContained(DomainCompressedStack *pDCS); - BOOL IsNCSContained(NewCompressedStack *pCS); - void ProcessSingleDomainNCS(NewCompressedStack *pCS, AppDomain* pAppDomain); -public: - DWORD GetDCSListCount(void) - { - // Returns # of non-NULL DCSList entries; - LIMITED_METHOD_CONTRACT; - return m_DCSListCount; - } - void Destroy( CLR_BOOL bEntriesOnly = FALSE); - - static void DestroyCompressedStack( NewCompressedStack* stack ) { - WRAPPER_NO_CONTRACT; - stack->Destroy(); - }; - - AppDomainStack& GetAppDomainStack( void ) - { - LIMITED_METHOD_CONTRACT; - return m_ADStack; - } - - DWORD GetOverridesCount( void ) - { - LIMITED_METHOD_CONTRACT; - return m_dwOverridesCount; - } - - DWORD GetAssertCount( void ) - { - LIMITED_METHOD_CONTRACT; - return m_dwAssertCount; - } - DWORD GetInnerAppDomainOverridesCount(void) - { - WRAPPER_NO_CONTRACT; - return m_ADStack.GetInnerAppDomainOverridesCount(); - } - DWORD GetInnerAppDomainAssertCount(void) - { - WRAPPER_NO_CONTRACT; - return m_ADStack.GetInnerAppDomainAssertCount(); - } - - // This is called every time we hit a stack frame on a stack walk. it will be called with ASD, SSD, FSDs and this func will determine what - // (if any) action needs to be performed. - // For example: - // on seeing a new SSD, we'll add an entry to the current DCS - // on seeing an SSD we've already seen, we'll do nothing - // on seeing a new ASD, a new DCS will be created on this CS -#ifndef DACCESS_COMPILE - void ProcessAppDomainTransition(void); - DWORD ProcessFrame(AppDomain* pAppDomain, Assembly* pAssembly, MethodDesc* pFunc, ISharedSecurityDescriptor* pSsd, FRAMESECDESCREF* pFsdRef); - void ProcessCS(AppDomain* pAppDomain, COMPRESSEDSTACKREF csRef, Frame *pFrame); - -#endif - // ctor - NewCompressedStack(); - OBJECTREF GetCompressedStackInner(); - - // FCALLS - static FCDECL1(DWORD, FCallGetDCSCount, SafeHandle* hcsUNSAFE); - static FCDECL2(FC_BOOL_RET, FCallIsImmediateCompletionCandidate, SafeHandle* hcsUNSAFE, OBJECTREF *innerCS); - static FCDECL2(Object*, GetDomainCompressedStack, SafeHandle* hcsUNSAFE, DWORD index); - static FCDECL1(void, DestroyDCSList, SafeHandle* hcsUNSAFE); - static FCDECL1(void, FCallGetHomogeneousPLS, Object* hgPLSUnsafe); - -}; -typedef Holder, NewCompressedStack::DestroyCompressedStack > NewCompressedStackHolder; -#endif // #ifdef FEATURE_COMPRESSEDSTACK -#endif /* __newcompressedstack_h__ */ - - diff --git a/src/vm/object.h b/src/vm/object.h index 9a2c817..cb11789 100644 --- a/src/vm/object.h +++ b/src/vm/object.h @@ -3803,217 +3803,6 @@ typedef REF DELEGATEREF; typedef DelegateObject* DELEGATEREF; #endif // USE_CHECKED_OBJECTREFS -// This class corresponds to PermissionSet on the managed side. -class PermissionSetObject : public Object -{ - friend class MscorlibBinder; - -public: - BOOL AllPermissionsDecoded() - { - LIMITED_METHOD_CONTRACT; - return _allPermissionsDecoded == TRUE; - } - - BOOL ContainsCas() - { - LIMITED_METHOD_CONTRACT; - return _ContainsCas == TRUE; - } - - BOOL ContainsNonCas() - { - LIMITED_METHOD_CONTRACT; - return _ContainsNonCas == TRUE; - } - - BOOL CheckedForNonCas() - { - LIMITED_METHOD_CONTRACT; - return _CheckedForNonCas == TRUE; - } - - BOOL IsUnrestricted() - { - LIMITED_METHOD_CONTRACT; - return _Unrestricted == TRUE; - } - - OBJECTREF GetTokenBasedSet() - { - LIMITED_METHOD_CONTRACT; - return _permSet; - } - - - // README: - // If you modify the order of these fields, make sure to update the definition in - // BCL for this object. -private: - // Order of the fields is important as it mirrors the layout of PermissionSet - // to access the fields directly from unmanaged code given an OBJECTREF. - // Please keep them in sync when you make changes to the fields. - OBJECTREF _permSet; - STRINGREF _serializedPermissionSet; - OBJECTREF _permSetSaved; - OBJECTREF _unrestrictedPermSet; - OBJECTREF _normalPermSet; - CLR_BOOL _Unrestricted; - CLR_BOOL _allPermissionsDecoded; - CLR_BOOL _ignoreTypeLoadFailures; - CLR_BOOL _CheckedForNonCas; - CLR_BOOL _ContainsCas; - CLR_BOOL _ContainsNonCas; - CLR_BOOL _Readable; -#ifdef FEATURE_CAS_POLICY - CLR_BOOL _canUnrestrictedOverride; -#endif // FEATURE_CAS_POLICY -}; - -#ifdef USE_CHECKED_OBJECTREFS -typedef REF PERMISSIONSETREF; -#else // USE_CHECKED_OBJECTREFS -typedef PermissionSetObject* PERMISSIONSETREF; -#endif // USE_CHECKED_OBJECTREFS - -// This class corresponds to TokenBasedSet on the managed side. -class TokenBasedSetObject : public Object -{ -public: - INT32 GetNumElements () { - LIMITED_METHOD_CONTRACT; - return _cElt; - } - - OBJECTREF GetPermSet () { - LIMITED_METHOD_CONTRACT; - return _Obj; - } - -private: - // If you modify the order of these fields, make sure - // to update the definition in BCL for this object. - OBJECTREF _objSet; - OBJECTREF _Obj; - OBJECTREF _Set; - INT32 _initSize; - INT32 _increment; - INT32 _cElt; - INT32 _maxIndex; -}; - -#ifdef USE_CHECKED_OBJECTREFS -typedef REF TOKENBASEDSETREF; -#else // USE_CHECKED_OBJECTREFS -typedef TokenBasedSetObject* TOKENBASEDSETREF; -#endif // USE_CHECKED_OBJECTREFS - -// This class corresponds to PolicyStatement on the managed side. -class PolicyStatementObject : public Object -{ - friend class MscorlibBinder; -private: - PERMISSIONSETREF _permSet; -#ifdef FEATURE_CAS_POLICY - OBJECTREF _dependentEvidence; -#endif // FEATURE_CAS_POLICY - INT32 _attributes; - -public: - PERMISSIONSETREF GetPermissionSet() - { - LIMITED_METHOD_CONTRACT; - return _permSet; - } -}; -#ifdef USE_CHECKED_OBJECTREFS -typedef REF POLICYSTATEMENTREF; -#else // USE_CHECKED_OBJECTREFS -typedef PolicyStatementObject* POLICYSTATEMENTREF; -#endif // USE_CHECKED_OBJECTREFS - -// This class corresponds to ApplicationTrust on the managed side. -class ApplicationTrustObject : public Object -{ - friend class MscorlibBinder; -private: -#ifdef FEATURE_CLICKONCE - OBJECTREF _appId; - OBJECTREF _extraInfo; - OBJECTREF _elExtraInfo; -#endif // FEATURE_CLICKONCE - POLICYSTATEMENTREF _psDefaultGrant; - OBJECTREF _fullTrustAssemblies; - DWORD _grantSetSpecialFlags; -#ifdef FEATURE_CLICKONCE - CLR_BOOL _appTrustedToRun; - CLR_BOOL _persist; -#endif // FEATURE_CLICKONCE - -public: - POLICYSTATEMENTREF GetPolicyStatement() - { - LIMITED_METHOD_CONTRACT; - return _psDefaultGrant; - } - - // The grant set special flags are mapped in the BCL for the DefaultGrantSet of the ApplicationTrust. - // Since ApplicationTrust provides a reference to its DefaultGrantSet rather than a copy, the flags may - // not be in sync if user code can ever get a hold of the ApplicationTrust object. Therefore, these - // flags should only be used in code paths where we are sure that only trusted code can ever get a - // reference to the ApplicationTrust (such as the ApplicationTrust created when setting up a homogenous - // AppDomain). - DWORD GetGrantSetSpecialFlags() - { - LIMITED_METHOD_CONTRACT; - return _grantSetSpecialFlags; - } -}; -#ifdef USE_CHECKED_OBJECTREFS -typedef REF APPLICATIONTRUSTREF; -#else // USE_CHECKED_OBJECTREFS -typedef ApplicationTrustObject* APPLICATIONTRUSTREF; -#endif // USE_CHECKED_OBJECTREFS - -// This class corresponds to SecurityPermission on the managed side. -class SecurityPermissionObject : public Object -{ -public: - DWORD GetFlags () { - LIMITED_METHOD_CONTRACT; - return _flags; - } - -private: - // If you modify the order of these fields, make sure - // to update the definition in BCL for this object. - DWORD _flags; -}; - -#ifdef USE_CHECKED_OBJECTREFS -typedef REF SECURITYPERMISSIONREF; -#else // USE_CHECKED_OBJECTREFS -typedef SecurityPermissionObject* SECURITYPERMISSIONREF; -#endif // USE_CHECKED_OBJECTREFS - -// This class corresponds to ReflectionPermission on the managed side. -class ReflectionPermissionObject : public Object -{ -public: - DWORD GetFlags () { - LIMITED_METHOD_CONTRACT; - return _flags; - } - -private: - DWORD _flags; -}; - -#ifdef USE_CHECKED_OBJECTREFS -typedef REF REFLECTIONPERMISSIONREF; -#else // USE_CHECKED_OBJECTREFS -typedef ReflectionPermissionObject* REFLECTIONPERMISSIONREF; -#endif // USE_CHECKED_OBJECTREFS struct StackTraceElement; class ClrDataAccess; diff --git a/src/vm/reflectioninvocation.cpp b/src/vm/reflectioninvocation.cpp index 4edecdd..4a2be35 100644 --- a/src/vm/reflectioninvocation.cpp +++ b/src/vm/reflectioninvocation.cpp @@ -3333,27 +3333,6 @@ FCIMPL1(Object*, ReflectionSerialization::GetSafeUninitializedObject, ReflectCla COMPlusThrow(kNotSupportedException, W("NotSupported_ManagedActivation")); #endif // FEATURE_COMINTEROP -#ifdef FEATURE_APTCA - if (!pMT->GetAssembly()->AllowUntrustedCaller()) { - OBJECTREF permSet = NULL; - Security::GetPermissionInstance(&permSet, SECURITY_FULL_TRUST); - Security::DemandSet(SSWT_LATEBOUND_LINKDEMAND, permSet); - } -#endif // FEATURE_APTCA - -#ifdef FEATURE_CAS_POLICY - if (pMT->GetClass()->RequiresLinktimeCheck()) { - OBJECTREF refClassNonCasDemands = NULL; - OBJECTREF refClassCasDemands = NULL; - - refClassCasDemands = TypeSecurityDescriptor::GetLinktimePermissions(pMT, &refClassNonCasDemands); - - if (refClassCasDemands != NULL) - Security::DemandSet(SSWT_LATEBOUND_LINKDEMAND, refClassCasDemands); - - } -#endif // FEATURE_CAS_POLICY - // If it is a nullable, return the underlying type instead. if (Nullable::IsNullableType(pMT)) pMT = pMT->GetInstantiation()[0].GetMethodTable(); diff --git a/src/vm/security.h b/src/vm/security.h index 2238279..da02515 100644 --- a/src/vm/security.h +++ b/src/vm/security.h @@ -14,7 +14,6 @@ #include "securityattributes.h" #include "securitydeclarativecache.h" #include "securitydeclarative.h" -#include "securityimperative.h" #include "securitytransparentassembly.h" #ifdef FEATURE_APTCA @@ -126,7 +125,6 @@ namespace Security #endif // #ifndef DACCESS_COMPILE inline BOOL MethodIsVisibleOutsideItsAssembly(MethodDesc * pMD); inline BOOL MethodIsVisibleOutsideItsAssembly(DWORD dwMethodAttr, DWORD dwClassAttr, BOOL fIsGlobalClass); - inline void CheckBeforeAllocConsole(AppDomain* pDomain, Assembly* pAssembly); // ---------------------------------------- // SecurityStackWalk diff --git a/src/vm/security.inl b/src/vm/security.inl index 2f1f96c..fe11589 100644 --- a/src/vm/security.inl +++ b/src/vm/security.inl @@ -181,7 +181,9 @@ inline void Security::CheckLinkDemandAgainstAppDomain(MethodDesc *pMD) inline void Security::LinktimeCheckMethod(Assembly *pCaller, MethodDesc *pCallee) { WRAPPER_NO_CONTRACT; - SecurityDeclarative::LinktimeCheckMethod(pCaller, pCallee); +#ifdef FEATURE_CAS_POLICY + SecurityDeclarative::LinktimeCheckMethod(pCaller, pCallee); +#endif } inline void Security::ClassInheritanceCheck(MethodTable *pClass, MethodTable *pParent) @@ -196,12 +198,6 @@ inline void Security::MethodInheritanceCheck(MethodDesc *pMethod, MethodDesc *pP SecurityDeclarative::MethodInheritanceCheck(pMethod, pParent); } -inline void Security::GetPermissionInstance(OBJECTREF *perm, int index) -{ - WRAPPER_NO_CONTRACT; - SecurityDeclarative::GetPermissionInstance(perm, index); -} - inline void Security::DoDeclarativeActions(MethodDesc *pMD, DeclActionInfo *pActions, LPVOID pSecObj, MethodSecurityDescriptor *pMSD) { WRAPPER_NO_CONTRACT; @@ -232,14 +228,6 @@ inline BOOL Security::MethodIsVisibleOutsideItsAssembly(DWORD dwMethodAttr, DWOR return SecurityDeclarative::MethodIsVisibleOutsideItsAssembly(dwMethodAttr, dwClassAttr, fIsGlobalClass); } -inline void Security::CheckBeforeAllocConsole(AppDomain* pDomain, Assembly* pAssembly) -{ - WRAPPER_NO_CONTRACT; -#ifdef FEATURE_CAS_POLICY - SecurityRuntime::CheckBeforeAllocConsole(pDomain, pAssembly); -#endif -} - // ---------------------------------------- // SecurityStackWalk // ---------------------------------------- diff --git a/src/vm/securityattributes.cpp b/src/vm/securityattributes.cpp index 0facbbb..1f8e3e1 100644 --- a/src/vm/securityattributes.cpp +++ b/src/vm/securityattributes.cpp @@ -21,133 +21,6 @@ HRESULT BlobToAttributeSet(BYTE* pBuffer, ULONG cbBuffer, CORSEC_ATTRSET* pAttrS #ifndef CROSSGEN_COMPILE -OBJECTREF SecurityAttributes::CreatePermissionSet(BOOL fTrusted) -{ - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - } CONTRACTL_END; - - OBJECTREF pPermSet = NULL; - GCPROTECT_BEGIN(pPermSet); - - MethodTable* pMT = MscorlibBinder::GetClass(CLASS__PERMISSION_SET); - pPermSet = (OBJECTREF) AllocateObject(pMT); - - ARG_SLOT fStatus = (fTrusted) ? 1 : 0; - - MethodDescCallSite ctor(METHOD__PERMISSION_SET__CTOR); - - ARG_SLOT arg[2] = { - ObjToArgSlot(pPermSet), - BoolToArgSlot(fStatus) - }; - ctor.Call(arg); - - GCPROTECT_END(); - - return pPermSet; -} - -#ifdef FEATURE_CAS_POLICY - -// todo: remove the non-cas parameters (because they're bogus now anyway) -void SecurityAttributes::XmlToPermissionSet(PBYTE pbXmlBlob, - DWORD cbXmlBlob, - OBJECTREF* pPermSet, - OBJECTREF* pEncoding, - PBYTE pbNonCasXmlBlob, - DWORD cbNonCasXmlBlob, - OBJECTREF* pNonCasPermSet, - OBJECTREF* pNonCasEncoding) -{ - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - PRECONDITION(IsProtectedByGCFrame (pPermSet)); - PRECONDITION(IsProtectedByGCFrame (pEncoding)); - PRECONDITION(IsProtectedByGCFrame (pNonCasPermSet)); - PRECONDITION(IsProtectedByGCFrame (pNonCasEncoding)); - } CONTRACTL_END; - - // Get Host Protection Flags - EApiCategories eProtectedCategories = GetHostProtectionManager()->GetProtectedCategories(); - - MethodDescCallSite decodeXML(METHOD__PERMISSION_SET__DECODE_XML, pPermSet); // can trigger GC - - // Deserialize the CAS PermissionSet - if(pbXmlBlob && cbXmlBlob > 0) - { - _ASSERTE(*pbXmlBlob != LAZY_DECL_SEC_FLAG); - - // Create a new (empty) permission set. - *pPermSet = SecurityAttributes::CreatePermissionSet(FALSE); - - // Buffer in managed space. - SecurityAttributes::CopyEncodingToByteArray(pbXmlBlob, cbXmlBlob, pEncoding); - - ARG_SLOT args[] = { - ObjToArgSlot(*pPermSet), - ObjToArgSlot(*pEncoding), - (ARG_SLOT)eProtectedCategories, - (ARG_SLOT)0, - }; - - // Deserialize into a managed object. - BOOL success = FALSE; - EX_TRY - { - // Elevate thread's allowed loading level. This can cause load failures if assemblies loaded from this point on require - // any assemblies currently being loaded. - OVERRIDE_LOAD_LEVEL_LIMIT(FILE_ACTIVE); - OVERRIDE_TYPE_LOAD_LEVEL_LIMIT(CLASS_LOADED); - success = decodeXML.Call_RetBool(args); - } - EX_SWALLOW_NONTERMINAL - - if (!success) - COMPlusThrow(kSecurityException, IDS_ENCODEDPERMSET_DECODEFAILURE); - } - - // Deserialize the non-CAS PermissionSet - if(pbNonCasXmlBlob && cbNonCasXmlBlob > 0) - { - _ASSERTE(*pbNonCasXmlBlob != LAZY_DECL_SEC_FLAG); - - // Create a new (empty) permission set. - *pNonCasPermSet = SecurityAttributes::CreatePermissionSet(FALSE); - - // Buffer in managed space. - SecurityAttributes::CopyEncodingToByteArray(pbNonCasXmlBlob, cbNonCasXmlBlob, pNonCasEncoding); - - ARG_SLOT args[] = { - ObjToArgSlot(*pNonCasPermSet), - ObjToArgSlot(*pNonCasEncoding), - (ARG_SLOT)eProtectedCategories, - (ARG_SLOT)0, - }; - - // Deserialize into a managed object. - BOOL success = FALSE; - EX_TRY - { - // Elevate thread's allowed loading level. This can cause load failures if assemblies loaded from this point on require - // any assemblies currently being loaded. - OVERRIDE_LOAD_LEVEL_LIMIT(FILE_ACTIVE); - OVERRIDE_TYPE_LOAD_LEVEL_LIMIT(CLASS_LOADED); - success = decodeXML.Call_RetBool(args); - } - EX_SWALLOW_NONTERMINAL - - if (!success) - COMPlusThrow(kSecurityException, IDS_ENCODEDPERMSET_DECODEFAILURE); - } -} - -#endif // FEATURE_CAS_POLICY - // // Determine if a security action allows an optimization where an empty permission set can be represented as // NULL. Some VM optimizations kick in if an empty permission set can be represented as NULL; however since @@ -177,70 +50,6 @@ bool SecurityAttributes::ActionAllowsNullPermissionSet(CorDeclSecurity action) return action != dclPermitOnly && action != dclRequestOptional; } -#ifdef FEATURE_CAS_POLICY - -PsetCacheEntry* SecurityAttributes::MergePermissionSets(IN PsetCacheEntry *pPCE1, IN PsetCacheEntry *pPCE2, IN bool fIntersect, DWORD dwAction) -{ - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - } CONTRACTL_END; - - SecurityDeclarativeCache *pSDC; - PsetCacheEntry* pMergedPCE; - - struct _gc { - OBJECTREF orSet1; - OBJECTREF orSet2; - OBJECTREF orMergedSet; - } gc; - memset(&gc, '\0', sizeof(gc)); - GCPROTECT_BEGIN(gc); - { - // Union or Intersect the two PermissionSets - gc.orSet1 = pPCE1->CreateManagedPsetObject (dwAction); - - if(gc.orSet1 == NULL) - pMergedPCE = fIntersect ? pPCE1 : pPCE2; - else - { - gc.orSet2 = pPCE2->CreateManagedPsetObject (dwAction); - if(gc.orSet2 == NULL) - pMergedPCE = fIntersect ? pPCE2 : pPCE1; - else - { - BinderMethodID methID = (fIntersect ? METHOD__PERMISSION_SET__INTERSECT : METHOD__PERMISSION_SET__UNION); - MethodDescCallSite mergeMethod(methID, &gc.orSet1); - - ARG_SLOT args[2] = { - ObjToArgSlot(gc.orSet1), - ObjToArgSlot(gc.orSet2), - }; - gc.orMergedSet = mergeMethod.Call_RetOBJECTREF(args); - - if(gc.orMergedSet == NULL) - gc.orMergedSet = CreatePermissionSet(false); - - // Convert to XML blob - PBYTE pbData; - DWORD cbData; - EncodePermissionSet(&gc.orMergedSet, &pbData, &cbData); - - // Store XML blob and obtain an index to reference it - pSDC = &(GetAppDomain()->m_pSecContext->m_pSecurityDeclarativeCache); - pMergedPCE = pSDC->CreateAndCachePset (pbData, cbData); - - } - } - } - GCPROTECT_END(); - - return pMergedPCE; -} - -#endif // FEATURE_CAS_POLICY - void SecurityAttributes::CopyEncodingToByteArray(IN PBYTE pbData, IN DWORD cbData, OUT OBJECTREF* pArray) @@ -280,1077 +89,6 @@ void SecurityAttributes::CopyByteArrayToEncoding(IN U1ARRAYREF* pArray, CopyMemory(*ppbData, (*pArray)->GetDirectPointerToNonObjectElements(), size); } -#ifdef FEATURE_CAS_POLICY -void SecurityAttributes::EncodePermissionSet(IN OBJECTREF* pRef, - OUT PBYTE* ppbData, - OUT DWORD* pcbData) -{ - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - PRECONDITION(IsProtectedByGCFrame (pRef)); - } CONTRACTL_END; - - MethodDescCallSite encodeXML(METHOD__PERMISSION_SET__ENCODE_XML); - - // Encode up the result - ARG_SLOT args1[1]; - args1[0] = ObjToArgSlot(*pRef); - OBJECTREF pByteArray = NULL; - pByteArray = encodeXML.Call_RetOBJECTREF(args1); - - SecurityAttributes::CopyByteArrayToEncoding((U1ARRAYREF*) &pByteArray, - ppbData, - pcbData); -} - -static void SetupRestrictSecAttributes() -{ - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - } CONTRACTL_END; - - EX_TRY - { - MethodDescCallSite setupSecurity(METHOD__PERMISSION_SET__SETUP_SECURITY); - - setupSecurity.Call(NULL); - } - EX_CATCH - { - // There is a possibility that we've already set the appdomain policy - // level for this process. In that case we'll get a policy exception - // that we are free to ignore. - OBJECTREF pThrowable = GET_THROWABLE(); - DefineFullyQualifiedNameForClassOnStack(); - LPCUTF8 szClass = GetFullyQualifiedNameForClass(pThrowable->GetMethodTable()); - if (strcmp(g_PolicyExceptionClassName, szClass) != 0) - COMPlusThrow(pThrowable); - } - EX_END_CATCH(RethrowTerminalExceptions) -} - -Assembly* SecurityAttributes::LoadAssemblyFromToken(IMetaDataAssemblyImport *pImport, mdAssemblyRef tkAssemblyRef) -{ - CONTRACTL - { - THROWS; - GC_TRIGGERS; - MODE_ANY; - } - CONTRACTL_END; - - _ASSERTE(TypeFromToken(tkAssemblyRef) == mdtAssemblyRef); - - // Find all the details needed to name an assembly for loading. - ASSEMBLYMETADATA sContext; - BYTE *pbPublicKeyOrToken; - DWORD cbPublicKeyOrToken; - DWORD dwFlags; - LPWSTR wszName; - DWORD cchName; - - // Initialize ASSEMBLYMETADATA structure. - ZeroMemory(&sContext, sizeof(ASSEMBLYMETADATA)); - - // Retrieve size of assembly name. - HRESULT hr = pImport->GetAssemblyRefProps(tkAssemblyRef, // [IN] The AssemblyRef for which to get the properties. - NULL, // [OUT] Pointer to the public key or token. - NULL, // [OUT] Count of bytes in the public key or token. - NULL, // [OUT] Buffer to fill with name. - NULL, // [IN] Size of buffer in wide chars. - &cchName, // [OUT] Actual # of wide chars in name. - &sContext, // [OUT] Assembly MetaData. - NULL, // [OUT] Hash blob. - NULL, // [OUT] Count of bytes in the hash blob. - NULL); // [OUT] Flags. - _ASSERTE(SUCCEEDED(hr)); - - // Allocate the necessary buffers. - wszName = (LPWSTR)_alloca(cchName * sizeof(WCHAR)); - sContext.szLocale = (LPWSTR)_alloca(sContext.cbLocale * sizeof(WCHAR)); - sContext.rProcessor = (DWORD *)_alloca(sContext.ulProcessor * sizeof(DWORD)); - sContext.rOS = (OSINFO *)_alloca(sContext.ulOS * sizeof(OSINFO)); - - // Get the assembly name and rest of naming properties. - hr = pImport->GetAssemblyRefProps(tkAssemblyRef, - (const void **)&pbPublicKeyOrToken, - &cbPublicKeyOrToken, - wszName, - cchName, - &cchName, - &sContext, - NULL, - NULL, - &dwFlags); - _ASSERTE(SUCCEEDED(hr)); - - // We've got the details of the assembly, just need to load it. - - // Convert assembly name to UTF8. - MAKE_UTF8PTR_FROMWIDE(uszAssemblyName, wszName); - - // Unfortunately we've got an ASSEMBLYMETADATA structure, but we need - // an AssemblyMetaDataInternal - AssemblyMetaDataInternal internalContext; - - // Initialize the structure. - ZeroMemory(&internalContext, sizeof(AssemblyMetaDataInternal)); - - internalContext.usMajorVersion = sContext.usMajorVersion; - internalContext.usMinorVersion = sContext.usMinorVersion; - internalContext.usBuildNumber = sContext.usBuildNumber; - internalContext.usRevisionNumber = sContext.usRevisionNumber; - internalContext.rProcessor = sContext.rProcessor; - internalContext.ulProcessor = sContext.ulProcessor; - internalContext.rOS = sContext.rOS; - internalContext.ulOS = sContext.ulOS; - if(sContext.cbLocale) - { - MAKE_UTF8PTR_FROMWIDE(pLocale, sContext.szLocale); - internalContext.szLocale = pLocale; - } - else - { - internalContext.szLocale = ""; - } - - Assembly* pAssembly = NULL; - { - // Elevate thread's allowed loading level. This can cause load failures if assemblies loaded from this point on require - // any assemblies currently being loaded. - OVERRIDE_LOAD_LEVEL_LIMIT(FILE_ACTIVE); - pAssembly = AssemblySpec::LoadAssembly(uszAssemblyName, - &internalContext, - pbPublicKeyOrToken, - cbPublicKeyOrToken, - dwFlags); - } - - // @todo: Add CORSECATTR_E_ASSEMBLY_LOAD_FAILED_EX context to this exception path? - - return pAssembly; -} - -TypeHandle FindSecurityAttributeHandle(LPCWSTR wszTypeName) -{ - CONTRACTL { - THROWS; - GC_TRIGGERS; - } CONTRACTL_END; - - TypeHandle hType; - MethodDescCallSite findSecurityAttributeTypeHandle(METHOD__SECURITY_ATTRIBUTE__FIND_SECURITY_ATTRIBUTE_TYPE_HANDLE); - - struct _gc { - STRINGREF str; - } gc; - - ZeroMemory(&gc, sizeof(gc)); - - GCPROTECT_BEGIN(gc); - gc.str = StringObject::NewString(wszTypeName); - ARG_SLOT arg[1] = { - ObjToArgSlot(gc.str) - }; - - TypeHandle th = TypeHandle::FromPtr(findSecurityAttributeTypeHandle.Call_RetLPVOID(arg)); - hType = th; - GCPROTECT_END(); - - return hType; -} - -// @TODO: replace this method with a call to the reflection code that decodes CA blobs -// and instantiates managed attribute objects. Currently the most significant perf -// cost of this method is due to TypeName::GetTypeWorker which it calls via -// GetTypeFromAssemblyQualifiedName, and GetTypeUsingCASearchRules -HRESULT SecurityAttributes::AttributeSetToManaged(OBJECTREF* /*OUT*/obj, CORSEC_ATTRSET* pAttrSet, OBJECTREF* pThrowable, DWORD* pdwErrorIndex, bool bLazy) -{ - CONTRACTL { - THROWS; - GC_TRIGGERS; - // Assumption: if the first obj is protected, the whole array is protected - if (pAttrSet->dwAttrCount > 0) {PRECONDITION(IsProtectedByGCFrame (obj));} - } CONTRACTL_END; - - HRESULT hr = S_OK; - DWORD i; - TypeHandle hType; - MethodTable *pMT = NULL; - MethodDesc *pMD = NULL; - - // Elevate the allowed loading level - // Elevate thread's allowed loading level. This can cause load failures if assemblies loaded from this point on require any assemblies currently being loaded. - OVERRIDE_LOAD_LEVEL_LIMIT(FILE_ACTIVE); - OVERRIDE_TYPE_LOAD_LEVEL_LIMIT(CLASS_LOADED); - - for (i = 0; i < pAttrSet->dwAttrCount; i++) - { - CORSEC_ATTRIBUTE *pAttr = &pAttrSet->pAttrs[i]; - - if (pdwErrorIndex) - *pdwErrorIndex = pAttr->dwIndex; - - // Find the assembly that contains the security attribute class. - _ASSERTE(pAttr->pName); - Assembly *pAssembly; - - if (bLazy) - { - // Convert type name to Unicode - MAKE_WIDEPTR_FROMUTF8(wszTypeName, pAttr->pName); - - { - // Load the type - { - DWORD error = (DWORD)-1; - NewHolder pTypeName = new TypeName(wszTypeName, &error); - - if (error == (DWORD)(-1) && !(pTypeName->GetAssembly()->IsEmpty())) - { - hType = pTypeName->GetTypeFromAsm(FALSE); - } - else - { - hType = TypeName::GetTypeFromAssembly(wszTypeName, SystemDomain::SystemAssembly()); - } - } - - // Special workaround for if the compile-time version of the attribute is no longer available - if (hType.IsNull() || hType.GetMethodTable() == NULL) - hType = FindSecurityAttributeHandle(wszTypeName); - } - } - else - { - if (!IsNilToken(pAttr->tkAssemblyRef) && TypeFromToken(pAttr->tkAssemblyRef) == mdtAssemblyRef) - { - // Load from AssemblyRef token stored in the CORSEC_ATTRSET - pAssembly = LoadAssemblyFromToken(pAttrSet->pImport, pAttr->tkAssemblyRef); - } - else - { - // Load from MSCORLIB. - pAssembly = SystemDomain::SystemAssembly(); - } - _ASSERTE(pAssembly && "Failed to find assembly with declarative attribute"); - - EX_TRY - { - hType = ClassLoader::LoadTypeByNameThrowing(pAssembly, NULL, pAttr->pName); - } - EX_CATCH_THROWABLE(pThrowable); - } - - // Load the security attribute class. - if (hType.IsNull() || (pMT = hType.GetMethodTable()) == NULL) - { - MAKE_WIDEPTR_FROMUTF8(wszTemp, pAttr->pName); - SString sMessage; - GetExceptionMessage(*pThrowable, sMessage); - if (!sMessage.IsEmpty()) - hr = VMPostError(CORSECATTR_E_TYPE_LOAD_FAILED_EX, wszTemp, sMessage.GetUnicode()); - else - hr = VMPostError(CORSECATTR_E_TYPE_LOAD_FAILED, wszTemp); - return hr; - } - - // Make sure it's not abstract. - if (pMT->IsAbstract()) - return VMPostError(CORSECATTR_E_ABSTRACT); - -#ifdef _DEBUG - // Make sure it's really a security attribute class - /*{ - MethodTable *pParentMT = pMT->GetParentMethodTable(); - CHAR *szClass; - DefineFullyQualifiedNameForClassOnStack(); - while (pParentMT) { - szClass = GetFullyQualifiedNameForClass(pParentMT->GetClass()); - if (stricmpUTF8(szClass, COR_BASE_SECURITY_ATTRIBUTE_CLASS_ANSI) == 0) - break; - pParentMT = pParentMT->GetParentMethodTable(); - } - _ASSERTE(pParentMT && "Security attribute not derived from COR_BASE_SECURITY_ATTRIBUTE_CLASS"); - }*/ -#endif - - // Instantiate an instance. - obj[i] = pMT->Allocate(); - - // Find and call the constructor. - pMD = MemberLoader::FindConstructor(pMT, &gsig_IM_SecurityAction_RetVoid); - if (pMD == NULL) - return VMPostError(CORSECATTR_E_MISSING_CONSTRUCTOR); - MethodDescCallSite ctor(pMD); - ARG_SLOT args[] = { - ObjToArgSlot(obj[i]), - (ARG_SLOT)pAttrSet->dwAction - }; - ctor.Call(args); - - // Set the attributes and properties - hr = SetAttrFieldsAndProperties(pAttr, pThrowable, pMT, &obj[i]); - if (FAILED(hr)) - return hr; - } - - return hr; -} - - -HRESULT SecurityAttributes::SetAttrFieldsAndProperties(CORSEC_ATTRIBUTE *pAttr, OBJECTREF* pThrowable, MethodTable* pMT, OBJECTREF* pObj) -{ - // Setup fields and properties on the object, as specified by the - // serialized data passed to us. - BYTE *pbBuffer = pAttr->pbValues; - SIZE_T cbBuffer = pAttr->cbValues; - BYTE *pbBufferEnd = pbBuffer + cbBuffer; - DWORD j; - HRESULT hr = S_OK; - - EX_TRY - { - for (j = 0; j < pAttr->wValues; j++) - { - DWORD dwType = 0; - BOOL bIsField = FALSE; - BYTE *pbName; - DWORD cbName; - DWORD dwLength; - NewArrayHolder szName(NULL); - TypeHandle hEnum; - CorElementType eEnumType = ELEMENT_TYPE_END; - - // Check we've got at least the field/property specifier and the - // type code. - if(cbBuffer < (sizeof(BYTE) + sizeof(BYTE))) - { - hr = VMPostError(CORSECATTR_E_TRUNCATED); - goto Error; - } - - // Grab the field/property specifier. - bIsField = *(BYTE*)pbBuffer == SERIALIZATION_TYPE_FIELD; - if(!bIsField && *(BYTE*)pbBuffer != SERIALIZATION_TYPE_PROPERTY) - { - hr = VMPostError(CORSECATTR_E_TRUNCATED); - goto Error; - } - pbBuffer += sizeof(BYTE); - cbBuffer -= sizeof(BYTE); - - // Grab the value type. - dwType = *(BYTE*)pbBuffer; - pbBuffer += sizeof(BYTE); - cbBuffer -= sizeof(BYTE); - - // If it's a type that needs further specification, get that information - switch (dwType) - { - case SERIALIZATION_TYPE_ENUM: - // Immediately after the enum type token is the fully - // qualified name of the value type used to represent - // the enum. - if (FAILED(CPackedLen::SafeGetData((BYTE const *)pbBuffer, - (BYTE const *)pbBufferEnd, - &cbName, - (BYTE const **)&pbName))) - { - hr = VMPostError(CORSECATTR_E_TRUNCATED); - goto Error; - } - - // SafeGetData ensured that the name is within the buffer - _ASSERTE(FitsIn((pbName - pbBuffer) + cbName)); - dwLength = static_cast((pbName - pbBuffer) + cbName); - pbBuffer += dwLength; - cbBuffer -= dwLength; - - // Buffer the name and nul terminate it. - szName = new (nothrow) CHAR[cbName + 1]; - if (szName == NULL) - { - hr = E_OUTOFMEMORY; - goto Error; - } - memcpy(szName, pbName, cbName); - szName[cbName] = '\0'; - - // Lookup the type (possibly loading an assembly containing - // the type). - hEnum = TypeName::GetTypeUsingCASearchRules(szName, NULL); - - //If we couldn't find the type, post an error - if (hEnum.IsNull()) - { - MAKE_WIDEPTR_FROMUTF8(wszTemp, szName); - SString sMessage; - GetExceptionMessage(*pThrowable, sMessage); - if (!sMessage.IsEmpty()) - hr = VMPostError(CORSECATTR_E_TYPE_LOAD_FAILED_EX, wszTemp, sMessage.GetUnicode()); - else - hr = VMPostError(CORSECATTR_E_TYPE_LOAD_FAILED, wszTemp); - goto Error; - } - - // Calculate the underlying primitive type of the - // enumeration. - eEnumType = hEnum.GetInternalCorElementType(); - break; - case SERIALIZATION_TYPE_SZARRAY: - case SERIALIZATION_TYPE_TYPE: - // Can't deal with these yet. - hr = VMPostError(CORSECATTR_E_UNSUPPORTED_TYPE); - goto Error; - } - - // Grab the field/property name and length. - if (FAILED(CPackedLen::SafeGetData((BYTE const *)pbBuffer, - (BYTE const *)pbBufferEnd, - &cbName, - (BYTE const **)&pbName))) - { - hr = VMPostError(CORSECATTR_E_TRUNCATED); - goto Error; - } - - // SafeGetData ensured that the name is within the buffer - _ASSERTE(FitsIn((pbName - pbBuffer) + cbName)); - dwLength = static_cast((pbName - pbBuffer) + cbName); - pbBuffer += dwLength; - cbBuffer -= dwLength; - - // Buffer the name and null terminate it. - szName = new (nothrow) CHAR[cbName + 1]; - if (szName == NULL) - { - hr = E_OUTOFMEMORY; - goto Error; - } - memcpy(szName, pbName, cbName); - szName[cbName] = '\0'; - - // Set the field or property - if (bIsField) - hr = SetAttrField(&pbBuffer, &cbBuffer, dwType, hEnum, pMT, szName, pObj, dwLength, pbName, cbName, eEnumType); - else - hr = SetAttrProperty(&pbBuffer, &cbBuffer, pMT, dwType, szName, pObj, dwLength, pbName, cbName, eEnumType); - } - } -Error:; - EX_CATCH - { - hr = GET_EXCEPTION()->GetHR(); - if (pThrowable) - { - *pThrowable = GET_THROWABLE(); - } - } - EX_END_CATCH(SwallowAllExceptions); - return hr; -} - -HRESULT SecurityAttributes::SetAttrField(BYTE** ppbBuffer, SIZE_T* pcbBuffer, DWORD dwType, TypeHandle hEnum, MethodTable* pMT, __in_z LPSTR szName, OBJECTREF* pObj, DWORD dwLength, BYTE* pbName, DWORD cbName, CorElementType eEnumType) -{ - DWORD cbSig = 0; - NewArrayHolder pbSig(new (nothrow) BYTE[128]); - if (pbSig == NULL) - return E_OUTOFMEMORY; - - BYTE *pbBufferEnd = *ppbBuffer + *pcbBuffer; - - // Build the field signature. - cbSig += CorSigCompressData((ULONG)IMAGE_CEE_CS_CALLCONV_FIELD, &pbSig[cbSig]); - switch (dwType) - { - case SERIALIZATION_TYPE_BOOLEAN: - case SERIALIZATION_TYPE_I1: - case SERIALIZATION_TYPE_I2: - case SERIALIZATION_TYPE_I4: - case SERIALIZATION_TYPE_I8: - case SERIALIZATION_TYPE_U1: - case SERIALIZATION_TYPE_U2: - case SERIALIZATION_TYPE_U4: - case SERIALIZATION_TYPE_U8: - case SERIALIZATION_TYPE_R4: - case SERIALIZATION_TYPE_R8: - case SERIALIZATION_TYPE_CHAR: - static_assert_no_msg(SERIALIZATION_TYPE_BOOLEAN == (CorSerializationType)ELEMENT_TYPE_BOOLEAN); - static_assert_no_msg(SERIALIZATION_TYPE_I1 == (CorSerializationType)ELEMENT_TYPE_I1); - static_assert_no_msg(SERIALIZATION_TYPE_I2 == (CorSerializationType)ELEMENT_TYPE_I2); - static_assert_no_msg(SERIALIZATION_TYPE_I4 == (CorSerializationType)ELEMENT_TYPE_I4); - static_assert_no_msg(SERIALIZATION_TYPE_I8 == (CorSerializationType)ELEMENT_TYPE_I8); - static_assert_no_msg(SERIALIZATION_TYPE_U1 == (CorSerializationType)ELEMENT_TYPE_U1); - static_assert_no_msg(SERIALIZATION_TYPE_U2 == (CorSerializationType)ELEMENT_TYPE_U2); - static_assert_no_msg(SERIALIZATION_TYPE_U4 == (CorSerializationType)ELEMENT_TYPE_U4); - static_assert_no_msg(SERIALIZATION_TYPE_U8 == (CorSerializationType)ELEMENT_TYPE_U8); - static_assert_no_msg(SERIALIZATION_TYPE_R4 == (CorSerializationType)ELEMENT_TYPE_R4); - static_assert_no_msg(SERIALIZATION_TYPE_R8 == (CorSerializationType)ELEMENT_TYPE_R8); - static_assert_no_msg(SERIALIZATION_TYPE_CHAR == (CorSerializationType)ELEMENT_TYPE_CHAR); - cbSig += CorSigCompressData(dwType, &pbSig[cbSig]); - break; - case SERIALIZATION_TYPE_STRING: - cbSig += CorSigCompressData((ULONG)ELEMENT_TYPE_STRING, &pbSig[cbSig]); - break; - case SERIALIZATION_TYPE_ENUM: - // To avoid problems when the field and enum are defined - // in different scopes (we'd have to go hunting for - // typerefs), we build a signature with a special type - // (ELEMENT_TYPE_INTERNAL, which contains a TypeHandle). - // This compares loaded types for indentity. - cbSig += CorSigCompressData((ULONG)ELEMENT_TYPE_INTERNAL, &pbSig[cbSig]); - cbSig += CorSigCompressPointer(hEnum.AsPtr(), &pbSig[cbSig]); - break; - default: - return VMPostError(CORSECATTR_E_UNSUPPORTED_TYPE); - } - - - // Locate a field desc. - FieldDesc* pFD = MemberLoader::FindField(pMT, szName, (PCCOR_SIGNATURE)pbSig, - cbSig, pMT->GetModule()); - if (pFD == NULL) - { - MAKE_WIDEPTR_FROMUTF8(wszTemp, szName); - return VMPostError(CORSECATTR_E_NO_FIELD, wszTemp); - } - - // Set the field value. - LPSTR szString; - switch (dwType) - { - case SERIALIZATION_TYPE_BOOLEAN: - case SERIALIZATION_TYPE_I1: - case SERIALIZATION_TYPE_U1: - if(*pcbBuffer < sizeof(BYTE)) - return VMPostError(CORSECATTR_E_TRUNCATED); - pFD->SetValue8(*pObj, *(BYTE*)(*ppbBuffer)); - (*ppbBuffer) += sizeof(BYTE); - (*pcbBuffer) -= sizeof(BYTE); - break; - case SERIALIZATION_TYPE_CHAR: - case SERIALIZATION_TYPE_I2: - case SERIALIZATION_TYPE_U2: - if(*pcbBuffer < sizeof(WORD)) - return VMPostError(CORSECATTR_E_TRUNCATED); - pFD->SetValue16(*pObj, GET_UNALIGNED_VAL16(*ppbBuffer)); - (*ppbBuffer) += sizeof(WORD); - (*pcbBuffer) -= sizeof(WORD); - break; - case SERIALIZATION_TYPE_I4: - case SERIALIZATION_TYPE_U4: - case SERIALIZATION_TYPE_R4: - if(*pcbBuffer < sizeof(DWORD)) - return VMPostError(CORSECATTR_E_TRUNCATED); - pFD->SetValue32(*pObj, GET_UNALIGNED_VAL32(*ppbBuffer)); - (*ppbBuffer) += sizeof(DWORD); - (*pcbBuffer) -= sizeof(DWORD); - break; - case SERIALIZATION_TYPE_I8: - case SERIALIZATION_TYPE_U8: - case SERIALIZATION_TYPE_R8: - if(*pcbBuffer < sizeof(INT64)) - return VMPostError(CORSECATTR_E_TRUNCATED); - pFD->SetValue64(*pObj, GET_UNALIGNED_VAL64(*ppbBuffer)); - (*ppbBuffer) += sizeof(INT64); - (*pcbBuffer) -= sizeof(INT64); - break; - case SERIALIZATION_TYPE_STRING: - // Ensures special case 'null' check below does not overrun buffer - if(*ppbBuffer >= pbBufferEnd) { - return VMPostError(CORSECATTR_E_TRUNCATED); - } - // Special case 'null' (represented as a length byte of '0xFF'). - if (*(*ppbBuffer) == 0xFF) { - szString = NULL; - dwLength = sizeof(BYTE); - } else { - if (FAILED(CPackedLen::SafeGetData((BYTE const *)*ppbBuffer, - (BYTE const *)pbBufferEnd, - &cbName, - (BYTE const **)&pbName))) - { - return VMPostError(CORSECATTR_E_TRUNCATED); - } - - // SafeGetData will ensure the name is within the buffer - _ASSERTE(FitsIn((pbName - *ppbBuffer) + cbName)); - dwLength = static_cast((pbName - *ppbBuffer) + cbName); - - DWORD allocLen = cbName + 1; - // Buffer and nul terminate it. - szString = (LPSTR)_alloca(allocLen); - memcpy(szString, pbName, cbName); - szString[cbName] = '\0'; - - } - - // Allocate and initialize a managed version of the string. - { - STRINGREF orString; - if (szString) - { - orString = StringObject::NewString(szString, cbName); - if (orString == NULL) - COMPlusThrowOM(); - } - else - orString = NULL; - - pFD->SetRefValue(*pObj, (OBJECTREF)orString); - } - - (*ppbBuffer) += dwLength; - (*pcbBuffer) -= dwLength; - break; - case SERIALIZATION_TYPE_ENUM: - // Get the underlying primitive type. - switch (eEnumType) - { - case ELEMENT_TYPE_I1: - case ELEMENT_TYPE_U1: - if(*pcbBuffer < sizeof(BYTE)) - return VMPostError(CORSECATTR_E_TRUNCATED); - pFD->SetValue8(*pObj, *(BYTE*)(*ppbBuffer)); - (*ppbBuffer) += sizeof(BYTE); - (*pcbBuffer) -= sizeof(BYTE); - break; - case ELEMENT_TYPE_I2: - case ELEMENT_TYPE_U2: - if(*pcbBuffer < sizeof(WORD)) - return VMPostError(CORSECATTR_E_TRUNCATED); - pFD->SetValue16(*pObj, GET_UNALIGNED_VAL16(*ppbBuffer)); - (*ppbBuffer) += sizeof(WORD); - (*pcbBuffer) -= sizeof(WORD); - break; - case ELEMENT_TYPE_I4: - case ELEMENT_TYPE_U4: - if(*pcbBuffer < sizeof(DWORD)) - return VMPostError(CORSECATTR_E_TRUNCATED); - pFD->SetValue32(*pObj, GET_UNALIGNED_VAL32(*ppbBuffer)); - (*ppbBuffer) += sizeof(DWORD); - (*pcbBuffer) -= sizeof(DWORD); - break; - default: - return VMPostError(CORSECATTR_E_UNSUPPORTED_ENUM_TYPE); - } - break; - default: - return VMPostError(CORSECATTR_E_UNSUPPORTED_TYPE); - } - return S_OK; -} - -HRESULT SecurityAttributes::SetAttrProperty(BYTE** ppbBuffer, SIZE_T* pcbBuffer, MethodTable* pMT, DWORD dwType, __in_z LPSTR szName, OBJECTREF* pObj, DWORD dwLength, BYTE* pbName, DWORD cbName, CorElementType eEnumType) -{ - CONTRACTL { - THROWS; - GC_TRIGGERS; - PRECONDITION(IsProtectedByGCFrame (pObj)); - } CONTRACTL_END; - - // Locate the property setter. - MethodDesc* pMD = MemberLoader::FindPropertyMethod(pMT, szName, PropertySet); - if (pMD == NULL) - { - MAKE_WIDEPTR_FROMUTF8(wszTemp, szName); - return VMPostError(CORSECATTR_E_NO_PROPERTY, wszTemp); - } - - MethodDescCallSite propSet(pMD); - - // Build the argument list. - ARG_SLOT args[2] = { NULL, NULL }; - LPSTR szString; - NewHolder tmpLargeStringHolder (NULL); - - switch (dwType) - { - case SERIALIZATION_TYPE_BOOLEAN: - case SERIALIZATION_TYPE_I1: - case SERIALIZATION_TYPE_U1: - if(*pcbBuffer < sizeof(BYTE)) - return VMPostError(CORSECATTR_E_TRUNCATED); - args[1] = (ARG_SLOT)*(BYTE*)(*ppbBuffer); - (*ppbBuffer) += sizeof(BYTE); - (*pcbBuffer) -= sizeof(BYTE); - break; - case SERIALIZATION_TYPE_CHAR: - case SERIALIZATION_TYPE_I2: - case SERIALIZATION_TYPE_U2: - if(*pcbBuffer < sizeof(WORD)) - return VMPostError(CORSECATTR_E_TRUNCATED); - args[1] = (ARG_SLOT)GET_UNALIGNED_VAL16(*ppbBuffer); - (*ppbBuffer) += sizeof(WORD); - (*pcbBuffer) -= sizeof(WORD); - break; - case SERIALIZATION_TYPE_I4: - case SERIALIZATION_TYPE_U4: - case SERIALIZATION_TYPE_R4: - if(*pcbBuffer < sizeof(DWORD)) - return VMPostError(CORSECATTR_E_TRUNCATED); - args[1] = (ARG_SLOT)GET_UNALIGNED_VAL32(*ppbBuffer); - (*ppbBuffer) += sizeof(DWORD); - (*pcbBuffer) -= sizeof(DWORD); - break; - case SERIALIZATION_TYPE_I8: - case SERIALIZATION_TYPE_U8: - case SERIALIZATION_TYPE_R8: - if(*pcbBuffer < sizeof(INT64)) - return VMPostError(CORSECATTR_E_TRUNCATED); - args[1] = (ARG_SLOT)GET_UNALIGNED_VAL64(*ppbBuffer); - (*ppbBuffer) += sizeof(INT64); - (*pcbBuffer) -= sizeof(INT64); - break; - case SERIALIZATION_TYPE_STRING: - // Ensures special case 'null' check below does not overrun buffer - if(*pcbBuffer < sizeof(BYTE)) { - return VMPostError(CORSECATTR_E_TRUNCATED); - } - // Special case 'null' (represented as a length byte of '0xFF'). - if (*(*ppbBuffer) == 0xFF) { - szString = NULL; - dwLength = sizeof(BYTE); - if(*pcbBuffer < sizeof(BYTE)) - return VMPostError(CORSECATTR_E_TRUNCATED); - } else { - - if (FAILED(CPackedLen::SafeGetData((BYTE const *)(*ppbBuffer), - (BYTE const *)(*ppbBuffer + *pcbBuffer), - &cbName, - (BYTE const **)&pbName))) - { - return VMPostError(CORSECATTR_E_TRUNCATED); - } - - // Used below - SafeGetData ensures that name is within the buffer - _ASSERTE(FitsIn((pbName - *ppbBuffer) + cbName)); - dwLength = static_cast((pbName - *ppbBuffer) + cbName); - - DWORD allocLen = cbName + 1; - - // - // For smaller size strings allocate from stack, use heap otherwise - // - - if ((pbName - *ppbBuffer) < 4) { - // Buffer and nul terminate it. - szString = (LPSTR)_alloca(allocLen); - } else { - tmpLargeStringHolder = new BYTE[allocLen]; - szString = (LPSTR) ((BYTE*)tmpLargeStringHolder); - } - - memcpy(szString, pbName, cbName); - szString[cbName] = '\0'; - } - - // Allocate and initialize a managed version of the string. - { - STRINGREF orString; - - if (szString) { - orString = StringObject::NewString(szString, cbName); - if (orString == NULL) - COMPlusThrowOM(); - } else - orString = NULL; - - args[1] = ObjToArgSlot(orString); - } - - (*ppbBuffer) += dwLength; - (*pcbBuffer) -= dwLength; - break; - case SERIALIZATION_TYPE_ENUM: - // Get the underlying primitive type. - switch (eEnumType) - { - case ELEMENT_TYPE_I1: - case ELEMENT_TYPE_U1: - if(*pcbBuffer < sizeof(BYTE)) - return VMPostError(CORSECATTR_E_TRUNCATED); - args[1] = (ARG_SLOT)*(BYTE*)(*ppbBuffer); - (*ppbBuffer) += sizeof(BYTE); - (*pcbBuffer) -= sizeof(BYTE); - break; - case ELEMENT_TYPE_I2: - case ELEMENT_TYPE_U2: - if(*pcbBuffer < sizeof(WORD)) - return VMPostError(CORSECATTR_E_TRUNCATED); - args[1] = (ARG_SLOT)GET_UNALIGNED_VAL16(*ppbBuffer); - (*ppbBuffer) += sizeof(WORD); - (*pcbBuffer) -= sizeof(WORD); - break; - case ELEMENT_TYPE_I4: - case ELEMENT_TYPE_U4: - if(*pcbBuffer < sizeof(DWORD)) - return VMPostError(CORSECATTR_E_TRUNCATED); - args[1] = (ARG_SLOT)GET_UNALIGNED_VAL32(*ppbBuffer); - (*ppbBuffer) += sizeof(DWORD); - (*pcbBuffer) -= sizeof(DWORD); - break; - default: - return VMPostError(CORSECATTR_E_UNSUPPORTED_ENUM_TYPE); - } - break; - default: - return VMPostError(CORSECATTR_E_UNSUPPORTED_TYPE); - } - - - // ! don't move this up, StringObject::NewString - // ! inside the switch causes a GC - args[0] = ObjToArgSlot(*pObj); - - // Call the setter. - propSet.Call(args); - - return S_OK; -} - - -void SecurityAttributes::AttrSetBlobToPermissionSets( - IN BYTE* pbRawPermissions, - IN DWORD cbRawPermissions, - OUT OBJECTREF* pObj, - DWORD dwAction) -{ - CONTRACTL { - THROWS; - GC_TRIGGERS; - } CONTRACTL_END; - - _ASSERTE(pbRawPermissions); - _ASSERTE(cbRawPermissions > 0); - _ASSERTE(pbRawPermissions[0] == LAZY_DECL_SEC_FLAG); - - HRESULT hr = S_OK; - CORSEC_ATTRSET pset; - - // Deserialize the CORSEC_ATTRSET - hr = BlobToAttributeSet(pbRawPermissions, cbRawPermissions, &pset, dwAction); - if(FAILED(hr)) - COMPlusThrowHR(hr); - - OBJECTREF throwable = NULL; - GCPROTECT_BEGIN(throwable); - { - // allocate and GC-protect an array of objectrefs to reference the permissions - OBJECTREF* attrArray = (OBJECTREF*)_alloca(pset.dwAttrCount * sizeof(OBJECTREF)); - memset(attrArray, 0, pset.dwAttrCount * sizeof(OBJECTREF)); - GCPROTECT_ARRAY_BEGIN(*attrArray, pset.dwAttrCount); - { - // Convert to a managed array of attribute objects - DWORD dwErrorIndex; - hr = AttributeSetToManaged(/*OUT*/attrArray, &pset, &throwable, &dwErrorIndex, true); - - // Convert the array of attribute objects to a serialized PermissionSet - if (SUCCEEDED(hr)) - { - BYTE* pbXmlBlob = NULL; - DWORD cbXmlBlob = 0; - BYTE* pbNonCasXmlBlob = NULL; - DWORD cbNonCasXmlBlob = 0; - - AttrArrayToPermissionSet(attrArray, - false, - pset.dwAttrCount, - &pbXmlBlob, - &cbXmlBlob, - &pbNonCasXmlBlob, - &cbNonCasXmlBlob, - ActionAllowsNullPermissionSet(static_cast(dwAction)), - pObj); - - _ASSERTE(pbXmlBlob == NULL && cbXmlBlob == 0 && pbNonCasXmlBlob == NULL && cbNonCasXmlBlob == 0); - } - } - GCPROTECT_END(); - } - GCPROTECT_END(); - - if(FAILED(hr)) - COMPlusThrowHR(hr); -} - -HRESULT SecurityAttributes::TranslateSecurityAttributesHelper( - CORSEC_ATTRSET *pAttrSet, - BYTE **ppbOutput, - DWORD *pcbOutput, - BYTE **ppbNonCasOutput, - DWORD *pcbNonCasOutput, - DWORD *pdwErrorIndex) -{ - CONTRACTL { - NOTHROW; - GC_TRIGGERS; - MODE_COOPERATIVE; - } CONTRACTL_END; - - HRESULT hr = S_OK; - OBJECTREF *attrArray; - DWORD dwGlobalError = 0; - - EX_TRY - { - if (pdwErrorIndex) - dwGlobalError = *pdwErrorIndex; - - // Get into the context of the special compilation appdomain (which has an - // AppBase set to the current directory). - ComCallWrapper *pWrap = ComCallWrapper::GetWrapperFromIP(pAttrSet->pAppDomain); - - ENTER_DOMAIN_ID(pWrap->GetDomainID()) - { - struct _gc { - OBJECTREF throwable; - OBJECTREF orPermSet; - } gc; - ZeroMemory(&gc, sizeof(gc)); - GCPROTECT_BEGIN(gc); - { - // we need to setup special security settings that we use during compilation - SetupRestrictSecAttributes(); - - // allocate and protect an array of objectrefs to reference the permissions - attrArray = (OBJECTREF*)_alloca(pAttrSet->dwAttrCount * sizeof(OBJECTREF)); - memset(attrArray, 0, pAttrSet->dwAttrCount * sizeof(OBJECTREF)); - GCPROTECT_ARRAY_BEGIN(*attrArray, pAttrSet->dwAttrCount); - { - // Convert to an array of attributes, and then serialize to XML - hr = AttributeSetToManaged(/*OUT*/attrArray, pAttrSet, &gc.throwable, pdwErrorIndex, false); - if (SUCCEEDED(hr)) - { - if (pdwErrorIndex) - *pdwErrorIndex = dwGlobalError; - - // Convert the array of attribute objects to a serialized PermissionSet or PermissionSetCollection - AttrArrayToPermissionSet(attrArray, - true, - pAttrSet->dwAttrCount, - ppbOutput, - pcbOutput, - ppbNonCasOutput, - pcbNonCasOutput, - ActionAllowsNullPermissionSet(static_cast(pAttrSet->dwAction)), - &gc.orPermSet); - } - } - GCPROTECT_END(); - } - GCPROTECT_END(); // for throwable - } - END_DOMAIN_TRANSITION; - } - EX_CATCH_HRESULT(hr); - return hr; -} - -// Call into managed code to group permissions into a PermissionSet and serialize it to XML -void SecurityAttributes::AttrArrayToPermissionSet(OBJECTREF* attrArray, - bool fSerialize, - DWORD attrCount, - BYTE **ppbOutput, - DWORD *pcbOutput, - BYTE **ppbNonCasOutput, - DWORD *pcbNonCasOutput, - bool fAllowEmptyPermissionSet, - OBJECTREF* pPermSet) -{ - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - } CONTRACTL_END; - - EApiCategories eProtectedCategories = (EApiCategories)(GetHostProtectionManager()->GetProtectedCategories()); - - MethodDescCallSite createSerialized(METHOD__PERMISSION_SET__CREATE_SERIALIZED); - - // Allocate a managed array of security attribute objects for input to the function. - PTRARRAYREF orInput = (PTRARRAYREF) AllocateObjectArray(attrCount, g_pObjectClass); - - // Copy over the permission objects references. - DWORD i; - for (i = 0; i < attrCount; i++) - { - orInput->SetAt(i, attrArray[i]); - } - - // Call the routine. - struct _gc { - U1ARRAYREF orNonCasOutput; - } gc; - ZeroMemory(&gc, sizeof(gc)); - GCPROTECT_BEGIN(gc); - - ARG_SLOT args[] = { - ObjToArgSlot(orInput), - BoolToArgSlot(fSerialize), - PtrToArgSlot(&gc.orNonCasOutput), - PtrToArgSlot(pPermSet), - (ARG_SLOT)eProtectedCategories, - BoolToArgSlot(fAllowEmptyPermissionSet) - }; - U1ARRAYREF orOutput = NULL; - - { - // Elevate the allowed loading level - // Elevate thread's allowed loading level. This can cause load failures if assemblies loaded from this point on require any assemblies currently being loaded. - OVERRIDE_LOAD_LEVEL_LIMIT(FILE_ACTIVE); - OVERRIDE_TYPE_LOAD_LEVEL_LIMIT(CLASS_LOADED); - - orOutput = (U1ARRAYREF) createSerialized.Call_RetOBJECTREF(args); - } - - // Buffer the managed output in a native binary blob. - // Special case the empty blob. We might get a second blob output if - // there were any non-CAS permissions present. - NewArrayHolder TempOutput(NULL); - NewArrayHolder TempNonCasOutput(NULL); - - if (orOutput == NULL) - { - *pcbOutput = 0; - } - else - { - BYTE *pbArray = orOutput->GetDataPtr(); - DWORD cbArray = orOutput->GetNumComponents(); - TempOutput = new BYTE[cbArray]; - memcpy(TempOutput, pbArray, cbArray); - *pcbOutput = cbArray; - } - - if (gc.orNonCasOutput == NULL) - { - *pcbNonCasOutput = 0; - } - else - { - BYTE *pbArray = gc.orNonCasOutput->GetDataPtr(); - DWORD cbArray = gc.orNonCasOutput->GetNumComponents(); - TempNonCasOutput = new BYTE[cbArray]; - memcpy(TempNonCasOutput, pbArray, cbArray); - *pcbNonCasOutput = cbArray; - } - - *ppbOutput = TempOutput; - *ppbNonCasOutput = TempNonCasOutput; - - TempOutput.SuppressRelease(); - TempNonCasOutput.SuppressRelease(); - - GCPROTECT_END(); -} -#endif // FEATURE_CAS_POLICY - // // This is a public exported method // @@ -1363,27 +101,7 @@ HRESULT STDMETHODCALLTYPE TranslateSecurityAttributes(CORSEC_ATTRSET *pAttrSe DWORD *pcbNonCasOutput, DWORD *pdwErrorIndex) { -#ifdef FEATURE_CAS_POLICY - CONTRACTL { - NOTHROW; - GC_TRIGGERS; - ENTRY_POINT; - MODE_ANY; - } CONTRACTL_END; - HRESULT hr = S_OK; - - BEGIN_ENTRYPOINT_NOTHROW; - - GCX_COOP(); // because it calls into managed code to instantiate the PermissionSet objects - hr = SecurityAttributes::TranslateSecurityAttributesHelper(pAttrSet, ppbOutput, pcbOutput, - ppbNonCasOutput, pcbNonCasOutput, pdwErrorIndex); - - END_ENTRYPOINT_NOTHROW; - - return hr; -#else return E_NOTIMPL; -#endif } diff --git a/src/vm/securitydeclarative.cpp b/src/vm/securitydeclarative.cpp index 25418d0..e0aff16 100644 --- a/src/vm/securitydeclarative.cpp +++ b/src/vm/securitydeclarative.cpp @@ -596,109 +596,6 @@ void SecurityDeclarative::MethodInheritanceCheck(MethodDesc *pMethod, MethodDesc MDSecDesc.InvokeInheritanceChecks(pMethod); } -//--------------------------------------------------------- -// Invoke linktime checks on the caller if demands exist -// for the callee. -//--------------------------------------------------------- -/*static*/ -void SecurityDeclarative::LinktimeCheckMethod(Assembly *pCaller, MethodDesc *pCallee) -{ - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_ANY; - INJECT_FAULT(COMPlusThrowOM();); - } CONTRACTL_END; - -#ifdef FEATURE_CAS_POLICY - // Do a fulltrust check on the caller if the callee is fully trusted - if (FullTrustCheckForLinkOrInheritanceDemand(pCaller)) - { - return; - } - -#ifdef CROSSGEN_COMPILE - CrossGenNotSupported("SecurityDeclarative::LinktimeCheckMethod"); -#else - GCX_COOP(); - - MethodTable *pTargetMT = pCallee->GetMethodTable(); - - // If it's a delegate BeginInvoke, we need to perform a HostProtection check for synchronization - if(pTargetMT->IsDelegate()) - { - DelegateEEClass* pDelegateClass = (DelegateEEClass*)pTargetMT->GetClass(); - if(pCallee == pDelegateClass->m_pBeginInvokeMethod) - { - EApiCategories eProtectedCategories = GetHostProtectionManager()->GetProtectedCategories(); - if((eProtectedCategories & eSynchronization) == eSynchronization) - { - if(!pCaller->GetSecurityDescriptor()->IsFullyTrusted()) - { - ThrowHPException(eProtectedCategories, eSynchronization); - } - } - } - } - - // the rest of the LinkDemand checks - { - // Track perfmon counters. Linktime security checkes. - COUNTER_ONLY(GetPerfCounters().m_Security.cLinkChecks++); - -#ifdef FEATURE_APTCA - // APTCA check - SecurityDeclarative::DoUntrustedCallerChecks(pCaller, pCallee, FALSE); -#endif // FEATURE_APTCA - - // If the class has its own linktime checks, do them first... - if (pTargetMT->GetClass()->RequiresLinktimeCheck()) - { - TypeSecurityDescriptor::InvokeLinktimeChecks(pTargetMT, pCaller); - } - - // If the previous check passed, check the method for - // method-specific linktime checks... - if (IsMdHasSecurity(pCallee->GetAttrs()) && - (TokenMightHaveDeclarations(pTargetMT->GetMDImport(), - pCallee->GetMemberDef(), - dclLinktimeCheck) || - TokenMightHaveDeclarations(pTargetMT->GetMDImport(), - pCallee->GetMemberDef(), - dclNonCasLinkDemand) )) - { - MethodSecurityDescriptor::InvokeLinktimeChecks(pCallee, pCaller); - } - - // We perform automatic linktime checks for UnmanagedCode in three cases: - // o P/Invoke calls - // o Calls through an interface that have a suppress runtime check - // attribute on them (these are almost certainly interop calls). - // o Interop calls made through method impls. - if (pCallee->IsNDirect() || - (pTargetMT->IsInterface() && - (pTargetMT->GetMDImport()->GetCustomAttributeByName(pTargetMT->GetCl(), - COR_SUPPRESS_UNMANAGED_CODE_CHECK_ATTRIBUTE_ANSI, - NULL, - NULL) == S_OK || - pTargetMT->GetMDImport()->GetCustomAttributeByName(pCallee->GetMemberDef(), - COR_SUPPRESS_UNMANAGED_CODE_CHECK_ATTRIBUTE_ANSI, - NULL, - NULL) == S_OK) ) || - (pCallee->IsComPlusCall() && !pCallee->IsInterface())) - { - if (!pCaller->GetSecurityDescriptor()->CanCallUnmanagedCode()) - { - Security::ThrowSecurityException(g_SecurityPermissionClassName, SPFLAGSUNMANAGEDCODE); - } - } - } - -#endif // !CROSSGEN_COMPILE - -#endif // FEATURE_CAS_POLICY -} - #ifndef CROSSGEN_COMPILE //----------------------------------------------------------------------------- // @@ -708,53 +605,6 @@ void SecurityDeclarative::LinktimeCheckMethod(Assembly *pCaller, MethodDesc *pCa // //----------------------------------------------------------------------------- -void SecurityDeclarative::_GetSharedPermissionInstance(OBJECTREF *perm, int index) -{ - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - } CONTRACTL_END; - - _ASSERTE(index < (int) NUM_PERM_OBJECTS); - - AppDomain *pDomain = GetAppDomain(); - SharedPermissionObjects *pShared = &pDomain->m_pSecContext->m_rPermObjects[index]; - - if (pShared->hPermissionObject == NULL) { - pShared->hPermissionObject = pDomain->CreateHandle(NULL); - *perm = NULL; - } - else - *perm = ObjectFromHandle(pShared->hPermissionObject); - - if (*perm == NULL) - { - MethodTable *pMT = NULL; - OBJECTREF p = NULL; - - GCPROTECT_BEGIN(p); - - pMT = MscorlibBinder::GetClass(pShared->idClass); - MethodDescCallSite ctor(pShared->idConstructor); - - p = AllocateObject(pMT); - - ARG_SLOT argInit[2] = - { - ObjToArgSlot(p), - (ARG_SLOT) pShared->dwPermissionFlag - }; - - ctor.Call(argInit); - - StoreObjectInHandle(pShared->hPermissionObject, p); - *perm = p; - - GCPROTECT_END(); - } -} - #ifdef FEATURE_APTCA void DECLSPEC_NORETURN SecurityDeclarative::ThrowAPTCAException(Assembly *pCaller, MethodDesc *pCallee) { diff --git a/src/vm/securitydeclarative.h b/src/vm/securitydeclarative.h index 625e684..151d094 100644 --- a/src/vm/securitydeclarative.h +++ b/src/vm/securitydeclarative.h @@ -42,9 +42,6 @@ inline LinktimeCheckReason operator&=(LinktimeCheckReason &lhs, LinktimeCheckRea namespace SecurityDeclarative { - // Returns an instance of a well-known permission. (It caches them, so each permission is created only once.) - void _GetSharedPermissionInstance(OBJECTREF *perm, int index); - // Perform the declarative actions // Callers: // DoDeclarativeSecurity diff --git a/src/vm/securitydeclarative.inl b/src/vm/securitydeclarative.inl index f4034bf..1d14c98 100644 --- a/src/vm/securitydeclarative.inl +++ b/src/vm/securitydeclarative.inl @@ -38,12 +38,6 @@ inline LinktimeCheckReason operator&=(LinktimeCheckReason &lhs, LinktimeCheckRea return lhs; } -inline void SecurityDeclarative::GetPermissionInstance(OBJECTREF *perm, int index) -{ - WRAPPER_NO_CONTRACT; - _GetSharedPermissionInstance(perm, index); -} - inline BOOL SecurityDeclarative::FullTrustCheckForLinkOrInheritanceDemand(Assembly *pAssembly) { WRAPPER_NO_CONTRACT; diff --git a/src/vm/securitydescriptor.cpp b/src/vm/securitydescriptor.cpp index a91022f..a14095a 100644 --- a/src/vm/securitydescriptor.cpp +++ b/src/vm/securitydescriptor.cpp @@ -404,59 +404,7 @@ void PEFileSecurityDescriptor::ResolveWorker() } CONTRACTL_END; - if (NingenEnabled()) { - SetGrantedPermissionSet(NULL, NULL, 0xFFFFFFFF); - } - -#ifndef CROSSGEN_COMPILE - struct _gc - { - OBJECTREF evidence; // Object containing evidence - OBJECTREF granted; // Policy based Granted Permission - OBJECTREF grantdenied; // Policy based explicitly Denied Permissions - } - gc; - ZeroMemory(&gc, sizeof(gc)); - - GCPROTECT_BEGIN(gc); - - DWORD dwSpecialFlags = 0; - if (QuickIsFullyTrusted()) - { - Security::GetPermissionInstance(&gc.granted, SECURITY_FULL_TRUST); - dwSpecialFlags = 0xFFFFFFFF; - } - else - { - if (IsEvidenceComputed()) - { - gc.evidence = ObjectFromLazyHandle(m_hAdditionalEvidence, m_pLoaderAllocator); - } - else - { - gc.evidence = GetEvidence(); - } - - if (!m_pAppDomain->GetSecurityDescriptor()->IsLegacyCasPolicyEnabled()) - { - gc.granted = SecurityPolicy::ResolveGrantSet(gc.evidence, &dwSpecialFlags, FALSE); - } - else - { - gc.granted = SecurityPolicy::ResolveCasPolicy(gc.evidence, - NULL, - NULL, - NULL, - &gc.grantdenied, - &dwSpecialFlags, - FALSE); - } - } - - SetGrantedPermissionSet(gc.granted, NULL, dwSpecialFlags); - - GCPROTECT_END(); -#endif // CROSSGEN_COMPILE + SetGrantedPermissionSet(NULL, NULL, 0xFFFFFFFF); } BOOL PEFileSecurityDescriptor::AllowBindingRedirects() diff --git a/src/vm/securitydescriptorappdomain.cpp b/src/vm/securitydescriptorappdomain.cpp index bf51d1d..fecb6a5 100644 --- a/src/vm/securitydescriptorappdomain.cpp +++ b/src/vm/securitydescriptorappdomain.cpp @@ -16,83 +16,6 @@ #ifndef DACCESS_COMPILE -#ifndef FEATURE_CORECLR -BOOL ApplicationSecurityDescriptor::QuickIsFullyTrusted() -{ - CONTRACTL - { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - } - CONTRACTL_END; - -#ifdef CROSSGEN_COMPILE - return TRUE; -#else - if (IsDefaultAppDomain()) - { - return TRUE; - } - - // NGEN is always done in full trust - if (m_pAppDomain->IsCompilationDomain()) - { - return TRUE; - } - - // Check if we need to call the HostSecurityManager. - if (CallHostSecurityManager()) - { - return FALSE; - } - - APPDOMAINREF adRef = static_cast(m_pAppDomain->GetExposedObject()); - - // - If this AppDomain is a standard domain (full trust homogeneous), we are full trust - // - If this is a homogeneous case, get the PermissionSet from managed code - // - If CAS policy is not enabled, then we are fully trusted - // - Otherwise, check the quick cache - if (adRef->GetIsFastFullTrustDomain()) - { - return TRUE; - } - else if (IsHomogeneous()) - { - // A homogenous domain will be fully trusted if its grant set is full trust - APPLICATIONTRUSTREF appTrustRef = static_cast(adRef->GetApplicationTrust()); - POLICYSTATEMENTREF psRef = static_cast(appTrustRef->GetPolicyStatement()); - PERMISSIONSETREF grantSetRef = psRef->GetPermissionSet(); - return grantSetRef->IsUnrestricted(); - } - else if (!IsLegacyCasPolicyEnabled()) - { - return TRUE; - } - else - { - return CheckQuickCache(SecurityConfig::FullTrustAll, GetZone()); - } -#endif // CROSSGEN_COMPILE -} -#endif // FEATURE_CORECLR - -#ifdef FEATURE_CAS_POLICY -OBJECTREF ApplicationSecurityDescriptor::GetEvidence() -{ - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_ANY; - PRECONDITION(m_pAppDomain == GetAppDomain()); - INJECT_FAULT(COMPlusThrowOM();); - } CONTRACTL_END; - - OBJECTREF retval = ObjectFromLazyHandle(m_hAdditionalEvidence, m_pLoaderAllocator); - return retval; -} -#endif // FEATURE_CAS_POLICY - void ApplicationSecurityDescriptor::Resolve() { CONTRACTL { @@ -106,200 +29,10 @@ void ApplicationSecurityDescriptor::Resolve() if (IsResolved()) return; -#ifndef CROSSGEN_COMPILE - ResolveWorker(); -#else SetGrantedPermissionSet(NULL, NULL, 0xFFFFFFFF); -#endif } #ifndef CROSSGEN_COMPILE -void ApplicationSecurityDescriptor::ResolveWorker() -{ - CONTRACTL - { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - INJECT_FAULT(COMPlusThrowOM();); - } CONTRACTL_END; - - struct _gc - { - OBJECTREF evidence; // Object containing evidence - OBJECTREF granted; // Policy based Granted Permission - OBJECTREF grantdenied; // Policy based explicitly Denied Permissions - } - gc; - ZeroMemory(&gc, sizeof(gc)); - - GCPROTECT_BEGIN(gc); - DWORD dwSpecialFlags; - - // On debug builds do a pre-resolution so that we can validate pre-resolve and post-resolve match up - // assuming no host interference. -#ifdef _DEBUG - // We shouldn't be causing the first pre-resolution if we needed to cache this state for the host - _ASSERTE(m_fIsPreResolved || - (GetAppDomain()->GetAppDomainManagerInitializeNewDomainFlags() & eInitializeNewDomainFlags_NoSecurityChanges) == eInitializeNewDomainFlags_None); - - BOOL fPreResolveFullTrust = FALSE; - BOOL fPreResolveHomogeneous = FALSE; - PreResolve(&fPreResolveFullTrust, &fPreResolveHomogeneous); -#endif // _DEBUG - -#ifdef FEATURE_CORECLR - // coreclr has 2 kinds of AppDomains - sandboxed or not. If sandboxed, then the homogeneous flag is set. If not, then it is a full-trust appdomain. - if (!IsHomogeneous()) - { - Security::GetPermissionInstance(&gc.granted, SECURITY_FULL_TRUST); - dwSpecialFlags = 0xFFFFFFFF; - } - else - { - APPDOMAINREF adRef = (APPDOMAINREF)m_pAppDomain->GetExposedObject(); - if (adRef->GetIsFastFullTrustDomain()) - { - Security::GetPermissionInstance(&gc.granted, SECURITY_FULL_TRUST); - dwSpecialFlags = 0xFFFFFFFF; - } - else - { - APPLICATIONTRUSTREF appTrustRef = (APPLICATIONTRUSTREF)adRef->GetApplicationTrust(); - POLICYSTATEMENTREF psRef = appTrustRef->GetPolicyStatement(); - gc.granted = (OBJECTREF)psRef->GetPermissionSet(); - - // We can trust the grant set special flags, since only mscorlib can access the root - // ApplicationTrust reference. - dwSpecialFlags = appTrustRef->GetGrantSetSpecialFlags(); - } - } - -#else - if (QuickIsFullyTrusted()) - { - Security::GetPermissionInstance(&gc.granted, SECURITY_FULL_TRUST); - dwSpecialFlags = 0xFFFFFFFF; - } - // We need to check the homogeneous flag directly rather than going through the accessor method, since - // that method also considers the presence of a HostSecurityManager. The HostSecurityManager should not - // affect the domain's grant set at this point however, as it does not have any domain policy resolution - // callbacks and if it wanted customize the homogenous domain grant set it needed to do that when we called - // its InitializeNewDomain. Longer term IsHomogenous should not consider the HostSecurityManager at all. - else if (m_fHomogeneous) - { - // Homogeneous AppDomain case - - APPDOMAINREF adRef = (APPDOMAINREF)m_pAppDomain->GetExposedObject(); - _ASSERTE( adRef != NULL); - - if (adRef->GetIsFastFullTrustDomain()) - { - Security::GetPermissionInstance(&gc.granted, SECURITY_FULL_TRUST); - dwSpecialFlags = 0xFFFFFFFF; - } - else - { - APPLICATIONTRUSTREF appTrustRef = (APPLICATIONTRUSTREF)adRef->GetApplicationTrust(); - _ASSERTE(appTrustRef != NULL); - POLICYSTATEMENTREF psRef = appTrustRef->GetPolicyStatement(); - _ASSERTE(psRef != NULL); - gc.granted = (OBJECTREF)psRef->GetPermissionSet(); - - // We can trust the grant set special flags, since only mscorlib can access the root - // ApplicationTrust reference. - dwSpecialFlags = appTrustRef->GetGrantSetSpecialFlags(); - } - } - else - { - // Regular AppDomain policy resolution based on AppDomain evidence - if (IsEvidenceComputed()) - { - gc.evidence = ObjectFromLazyHandle(m_hAdditionalEvidence, m_pLoaderAllocator); - } - else - { - gc.evidence = GetEvidence(); - } - - if (!IsLegacyCasPolicyEnabled()) - { - // Either we have a host security manager or a homogenous AppDomain that could make this domain be - // partially trusted. Call out to managed to get the grant set. - gc.granted = SecurityPolicy::ResolveGrantSet(gc.evidence, &dwSpecialFlags, FALSE); - } - else - { - // Legacy CAS policy is enabled, so do a full CAS resolve - gc.granted = SecurityPolicy::ResolveCasPolicy(gc.evidence, - NULL, - NULL, - NULL, - &gc.grantdenied, - &dwSpecialFlags, - FALSE); - } - } -#endif - - SetGrantedPermissionSet(gc.granted, NULL, dwSpecialFlags); - -#ifdef FEATURE_CAS_POLICY - // If the host promised not to modify the security of the AppDomain, throw an InvalidOperationException - // if it did. We specifically want to check the cached version of this state on the security - // descriptor, rather than any version calculated earlier on in this method since the domain manager has - // already run by the time ResolveWorker is entered. - if (GetAppDomain()->GetAppDomainManagerInitializeNewDomainFlags() & eInitializeNewDomainFlags_NoSecurityChanges) - { - _ASSERTE(m_fIsPreResolved); - - if (!!m_fPreResolutionFullTrust != !!IsFullyTrusted()) - { - COMPlusThrow(kInvalidOperationException, W("InvalidOperation_HostModifiedSecurityState")); - } - - if (!!m_fPreResolutionHomogeneous != !!IsHomogeneous()) - { - COMPlusThrow(kInvalidOperationException, W("InvalidOperation_HostModifiedSecurityState")); - } - } -#endif // FEATURE_CAS_POLICY - -#if defined(_DEBUG) && !defined(FEATURE_CORECLR) - // Make sure that that our PreResolve routine is consistent with our actual resolution results. This is - // only required to be true in the absence of an AppDomainManager. - // - // If any assert fires in this block, it means that PreResolve isn't correctly figuring out what the - // incoming security state of an AppDomain is going to resolve into. - if (!GetAppDomain()->HasAppDomainManagerInfo()) - { -#ifdef FEATURE_CLICKONCE - if (GetAppDomain()->IsClickOnceAppDomain()) - { - _ASSERTE(!!IsHomogeneous() == !!fPreResolveHomogeneous); - // We don't check grant set since we don't attempt to pre-resolve that - pre-resolution should - // have always come back partial trust - _ASSERTE(!fPreResolveFullTrust); - } - else -#endif // FEATURE_CLICKONCE - if (IsHomogeneous()) - { - _ASSERTE(!!IsHomogeneous() == !!fPreResolveHomogeneous); - _ASSERTE(!!IsFullyTrusted() == !!fPreResolveFullTrust); - } - else - { - _ASSERTE(!!IsHomogeneous() == !!fPreResolveHomogeneous); - // We don't check grant sets on heterogeneous domains since they are never attempted to be pre-resolved. - } - } -#endif // _DEBUG && !FEATURE_CORECLR - - GCPROTECT_END(); -} - //--------------------------------------------------------------------------------------- // // Determine the security state of an AppDomain before the domain is fully configured. @@ -332,140 +65,16 @@ void ApplicationSecurityDescriptor::PreResolve(BOOL *pfIsFullyTrusted, BOOL *pfI GCX_COOP(); -#ifdef FEATURE_CORECLR // On CoreCLR all domains are partial trust homogenous m_fPreResolutionFullTrust = FALSE; m_fPreResolutionHomogeneous = TRUE; -#else // !FEATURE_CORECLR - if (GetAppDomain()->IsClickOnceAppDomain()) - { - // In the ClickOnce case we can't pre-resolve the grant set because it's entirely in the control of - // the ApplicationSecurityManager. We conservatively assume that it will be partial trust; however - // we always know that the domain will be homogenous - m_fPreResolutionFullTrust = FALSE; - m_fPreResolutionHomogeneous = TRUE; - } - else if (GetAppDomain()->IsCompilationDomain()) - { - // NGEN is always full trust and homogenous - m_fPreResolutionFullTrust = TRUE; - m_fPreResolutionHomogeneous = TRUE; - } - else if (GetAppDomain()->IsDefaultDomain()) - { - // Barring any shenanigans from the AppDomainManager, we know that the default domain will be fully - // trusted and homogenous in the standard case, but heterogenous in the legacy CAS policy case. - m_fPreResolutionFullTrust = TRUE; - m_fPreResolutionHomogeneous = !Security::IsProcessWideLegacyCasPolicyEnabled(); - } - else - { - // In all other AppDomains we need to consult the incoming AppDomainSetup in order to figure out if - // the domain is being setup as full or partial trust. - CLR_BOOL fPreResolutionFullTrust = FALSE; - CLR_BOOL fPreResolutionHomogeneous = FALSE; - - MethodDescCallSite preResolve(METHOD__SECURITY_ENGINE__PRE_RESOLVE); - - ARG_SLOT args[] = - { - PtrToArgSlot(&fPreResolutionFullTrust), - PtrToArgSlot(&fPreResolutionHomogeneous) - }; - - preResolve.Call(args); - - m_fPreResolutionFullTrust = !!fPreResolutionFullTrust; - m_fPreResolutionHomogeneous = !!fPreResolutionHomogeneous; - } -#endif // FEATURE_CORECLR - *pfIsFullyTrusted = m_fPreResolutionFullTrust; *pfIsHomogeneous = m_fPreResolutionHomogeneous; m_fIsPreResolved = TRUE; } #endif // CROSSGEN_COMPILE -#ifdef FEATURE_CAS_POLICY -//--------------------------------------------------------------------------------------- -// -// Determine if an AppDomain should allow an assembly to be LoadFrom-ed a remote location. -// Since pre-v4 versions of the CLR would implicitly sandbox this load, we only want to -// allow this if the application has either acknowledged it to be safe, or if the application -// has taken control of sandboxing itself. -// -// This method returns true if the load should be allowed, false if it should be blocked -// from a remote location. -// - -BOOL ApplicationSecurityDescriptor::AllowsLoadsFromRemoteSources() -{ - CONTRACTL - { - GC_TRIGGERS; - THROWS; - MODE_ANY; - } - CONTRACTL_END; - - // If the application has explicitly enabled remote LoadFroms then we should allow the load - if (Security::CanLoadFromRemoteSources()) - { - return true; - } - - // Otherwise, we only allow the load if the assembly is going to be sandboxed (or explicitly not sandboxed - // by a host). That can happen if we've got legacy CAS polcy enabled, if we're in a homogenous AppDomain, - // or if there is a HostSecurityManager that cares about assembly policy. - // - // Note that we don't allow LoadFrom a remote source in a domain that had its ApplicationTrust supplied by - // the CLR, since that domain would have implicitly sandboxed the LoadFrom in CLR v2. Instead, these - // domains require that there be a HostSecurityManager present which setup the sandbox. - - if (IsHomogeneous() && !m_fRuntimeSuppliedHomogenousGrantSet) - { - return true; - } - - if (IsLegacyCasPolicyEnabled()) - { - return true; - } - - return false; -} - -DWORD ApplicationSecurityDescriptor::GetZone() -{ - CONTRACTL - { - THROWS; - GC_TRIGGERS; - MODE_ANY; - INJECT_FAULT(COMPlusThrowOM();); - PRECONDITION(IsLegacyCasPolicyEnabled()); - } - CONTRACTL_END; - - SecZone dwZone = NoZone; - if (m_pAppDomain->GetRootAssembly() != NULL && m_pAppDomain->IsDefaultDomain()) - { - LPCWSTR wszAsmPath = m_pAppDomain->GetRootAssembly()->GetManifestFile()->GetPath(); - - if (wszAsmPath) - { - StackSString ssPath( W("file://") ); - ssPath.Append( wszAsmPath ); - - dwZone = SecurityPolicy::MapUrlToZone(ssPath.GetUnicode()); - } - } - - return dwZone; -} -#endif // FEATURE_CAS_POLICY - // // PLS (PermissionListSet) optimization Implementation @@ -737,27 +346,6 @@ BOOL ApplicationSecurityDescriptor::ContainsAnyRefusedPermissions() return m_fContainsAnyRefusedPermissions; } -#ifdef FEATURE_CAS_POLICY -void ApplicationSecurityDescriptor::SetLegacyCasPolicyEnabled() -{ - STANDARD_VM_CONTRACT; - - // APPX precludes the use of legacy CAS policy - if (!AppX::IsAppXProcess()) - { - SecurityPolicy::InitPolicyConfig(); - m_fLegacyCasPolicy = TRUE; - } -} - -BOOL ApplicationSecurityDescriptor::IsLegacyCasPolicyEnabled() -{ - LIMITED_METHOD_CONTRACT; - return m_fLegacyCasPolicy && !AppX::IsAppXProcess(); -} - -#endif // FEATURE_CAS_POLICY - // Is it possible for the AppDomain to contain partial trust code. This method may return true even if the // domain does not currently have partial trust code in it - a true value simply means that it is possible // for partial trust code to eventually end up in the domain. diff --git a/src/vm/securitydescriptorassembly.cpp b/src/vm/securitydescriptorassembly.cpp index c2aef22..b5a412e 100644 --- a/src/vm/securitydescriptorassembly.cpp +++ b/src/vm/securitydescriptorassembly.cpp @@ -485,160 +485,7 @@ void AssemblySecurityDescriptor::ResolveWorker() INJECT_FAULT(COMPlusThrowOM();); } CONTRACTL_END; -#ifdef FEATURE_CORECLR SetGrantedPermissionSet(NULL, NULL, 0xFFFFFFFF); -#else - if (CanSkipPolicyResolution() || NingenEnabled()) { - SetGrantedPermissionSet(NULL, NULL, 0xFFFFFFFF); - m_pAssem->GetFile()->SetStrongNameBypassed(); - return; - } - -#ifndef CROSSGEN_COMPILE - struct _gc { - OBJECTREF reqdPset; // Required Requested Permissions - OBJECTREF optPset; // Optional Requested Permissions - OBJECTREF denyPset; // Denied Permissions - OBJECTREF evidence; // Object containing evidence - OBJECTREF granted; // Policy based Granted Permission - OBJECTREF grantdenied; // Policy based explicitly Denied Permissions - } gc; - ZeroMemory(&gc, sizeof(gc)); - - // Policy resolution can cause string comparisons that trigger .nlp module loads. (Specifically, - // FileIOPermission can trigger this). At this point mscorlib is already loaded, so we can - // override the load levels here to allow the .nlp module loads. - OVERRIDE_LOAD_LEVEL_LIMIT(FILE_ACTIVE); - OVERRIDE_TYPE_LOAD_LEVEL_LIMIT(CLASS_LOADED); - - // Resolve is one of the few SecurityDescriptor routines that may be called - // from the wrong appdomain context. If that's the case we will transition - // into the correct appdomain for the duration of the call. - - ENTER_DOMAIN_PTR_PREDICATED(m_pAppDomain,ADV_RUNNINGIN,!IsSystem()) - { - GCPROTECT_BEGIN(gc); - - // - // GAC assemblies with no RequestRefuse get FullTrust - // Also AppDomains with an AppTrust that are fully trusted are - // homogeneous and so every assembly that does not have a RequestRefuse - // will also get FullTrust. - // - - DWORD dwSpecialFlags; - - if (QuickIsFullyTrusted()) - { - Security::GetPermissionInstance(&gc.granted, SECURITY_FULL_TRUST); - dwSpecialFlags = 0xFFFFFFFF; - } - else - { - // We couldn't quickly figure out that the assembly was fully trusted, so gather its evidence and - // call managed code to get the final grant set. - if (IsEvidenceComputed()) - { - gc.evidence = ObjectFromLazyHandle(m_hAdditionalEvidence, m_pLoaderAllocator); - } - else - { - gc.evidence = GetEvidence(); - } - - if (!m_pAppDomain->GetSecurityDescriptor()->IsLegacyCasPolicyEnabled()) - { - // Either we have a host security manager or a homogenous AppDomain that could make this - // assembly be partially trusted. Call out to managed to get the grant set. - gc.granted = SecurityPolicy::ResolveGrantSet(gc.evidence, &dwSpecialFlags, TRUE); - } - else - { - // Legacy CAS policy is enabled, so do a full CAS resolve - gc.reqdPset = GetRequestedPermissionSet(&gc.optPset, &gc.denyPset); - gc.granted = SecurityPolicy::ResolveCasPolicy(gc.evidence, - gc.reqdPset, - gc.optPset, - gc.denyPset, - &gc.grantdenied, - &dwSpecialFlags, - TRUE); - } - } - - SetGrantedPermissionSet(gc.granted, gc.denyPset, dwSpecialFlags); - -#ifdef FEATURE_CAS_POLICY - // If we're delaying verification of the assembly's strong name, check to see if we need to force a - // verification at this point. - if (!m_pAssem->IsSystem() && - !m_pAssem->GetFile()->IsSourceGAC() && - !m_pAssem->GetFile()->IsStrongNameVerified()) - { - // - // #StrongNameBypass - // - // If the application has opted into the strong name bypass feature, then we will attempt to - // load its assemblies without verifying their strong names. We can get away with avoiding the - // strong name verification in the case where all of the following apply. - // - // 1. The application has asked for strong name bypass - // 2. The machine administrator has not disabled strong name bypass for the machine - // 3. The assembly being loaded is fully trusted, and this trust is not soley based upon its - // strong name. - // 4. The AppDomain the assembly is being loaded into is fully trusted - // 5. The assembly is fully signed - // 6. The appdomain is not attempting to run ngen. - // - // Condition #3 requires that the grant set of the assembly not be obtained via the strong name - // evidence of the assembly. Note that this requirement does not forbid matching a code group - // with a strong name membership condition, as long as that code group and any children code - // groups produce a grant set which was less than or equal to the grant set produced by other - // code groups. For instance, in standard security policy: - // - // 1.1 MyComputer -> FullTrust - // 1.1.1 Microsoft Strong Name -> FullTrust - // - // In this case, an assembly loaded from the local machine with the Microsoft strong name is - // still eligable for strong name bypass via condition #3, since the MyComputer FullTrust grant - // set unioned with the StrongName FullTrust grant set will produce the same results as if we - // didn't evaluate the StrongName code group. - // - // Note that strong name bypass is not the same thing as strong name skip verification. Skip - // verification is a development time feature which enables developers to test privately built - // assemblies that do not have a full signature yet. It is not intended for use at runtime on - // non-developer machines, nor is it intended for use on assemblies with valid strong names. - // - // In contrast strong name bypass is intended to be used on assemblies with valid strong names - // that are deployed to end users machines. It's a performance feature which enables assemblies - // that were not gaining any benefit from having their strong name validated to avoid having to - // pay the expense of a full signature verification. This is why ngen does not skip. There - // are potential ways to use the ngen cache to skip strong name verification if ngen participates - // in strong name bypass, and the startup performance concern of the application is not a concern - // when running at ngen time. - // - - if (IsFullyTrusted() && - GetDomain()->GetSecurityDescriptor()->IsFullyTrusted() && - !SecurityPolicy::WasStrongNameEvidenceUsed(gc.evidence) && - DontNeedToFlagAccidentalDelaySigning(m_pAssem->GetFile()) && - !IsCompilationProcess()) - { - m_pAssem->GetFile()->SetStrongNameBypassed(); - } - else - { - m_pAssem->GetFile()->VerifyStrongName(); - } - } -#endif // FEATURE_CAS_POLICY - - GCPROTECT_END(); - } - END_DOMAIN_TRANSITION; -#endif // CROSSGEN_COMPILE - -#endif // FEATURE_CORECLR } void AssemblySecurityDescriptor::ResolvePolicy(ISharedSecurityDescriptor *pSharedSecDesc, BOOL fShouldSkipPolicyResolution) diff --git a/src/vm/securityhostprotection.cpp b/src/vm/securityhostprotection.cpp deleted file mode 100644 index 4582513..0000000 --- a/src/vm/securityhostprotection.cpp +++ /dev/null @@ -1,102 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. -// - -// - - -#include "common.h" -#include "securityattributes.h" -#include "security.h" -#include "eeconfig.h" -#include "corhost.h" - -CorHostProtectionManager::CorHostProtectionManager() -{ - CONTRACTL - { - MODE_ANY; - GC_NOTRIGGER; - NOTHROW; - }CONTRACTL_END; - - m_eProtectedCategories = eNoChecks; - m_fEagerSerializeGrantSet = false; - m_fFrozen = false; -} - -HRESULT CorHostProtectionManager::QueryInterface(REFIID id, void **pInterface) -{ - WRAPPER_NO_CONTRACT; - STATIC_CONTRACT_SO_TOLERANT; -#ifdef FEATURE_INCLUDE_ALL_INTERFACES - if (id == IID_ICLRHostProtectionManager) - { - *pInterface = GetHostProtectionManager(); - return S_OK; - } -#endif // FEATURE_INCLUDE_ALL_INTERFACES - return E_NOINTERFACE; -} - -ULONG CorHostProtectionManager::AddRef() -{ - LIMITED_METHOD_CONTRACT; - return 1; -} - -ULONG CorHostProtectionManager::Release() -{ - LIMITED_METHOD_CONTRACT; - return 1; -} - -void CorHostProtectionManager::Freeze() -{ - LIMITED_METHOD_CONTRACT; - m_fFrozen = true; -} - -HRESULT CorHostProtectionManager::SetProtectedCategories(EApiCategories eProtectedCategories) -{ - LIMITED_METHOD_CONTRACT; - STATIC_CONTRACT_SO_TOLERANT; - - if(m_fFrozen) - return E_FAIL; - if((eProtectedCategories | eAll) != eAll) - return E_FAIL; - m_eProtectedCategories = eProtectedCategories; - return S_OK; -} - -EApiCategories CorHostProtectionManager::GetProtectedCategories() -{ - WRAPPER_NO_CONTRACT; - - Freeze(); - return m_eProtectedCategories; -} - -bool CorHostProtectionManager::GetEagerSerializeGrantSets() const -{ - LIMITED_METHOD_CONTRACT; - - // To provide more context about this flag in the hosting API, this is the case where, - // during the unload of an appdomain, we need to serialize a grant set for a shared assembly - // that has resolved policy in order to maintain the invariant that the same assembly loaded - // into another appdomain created in the future will be granted the same permissions - // (since the current policy is potentially burned into the jitted code of the shared assembly already). - - return m_fEagerSerializeGrantSet; -} - -HRESULT CorHostProtectionManager::SetEagerSerializeGrantSets() -{ - LIMITED_METHOD_CONTRACT; - STATIC_CONTRACT_SO_TOLERANT; - - m_fEagerSerializeGrantSet = true; - return S_OK; -} diff --git a/src/vm/securityhostprotection.h b/src/vm/securityhostprotection.h deleted file mode 100644 index 11e814a..0000000 --- a/src/vm/securityhostprotection.h +++ /dev/null @@ -1,14 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. -// - -// - - -#ifndef __SECURITYHOSTPROTECTION_H__ -#define __SECURITYHOSTPROTECTION_H__ - -class CorHostProtectionManager; - -#endif // __SECURITYHOSTPROTECTION_H__ diff --git a/src/vm/securityimperative.cpp b/src/vm/securityimperative.cpp deleted file mode 100644 index 677fd3c..0000000 --- a/src/vm/securityimperative.cpp +++ /dev/null @@ -1,119 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. -// - - -// - -#include "common.h" -#include "security.h" - -//-----------------------------------------------------------+ -// P R I V A T E H E L P E R S -//-----------------------------------------------------------+ - -LPVOID GetSecurityObjectForFrameInternal(StackCrawlMark *stackMark, INT32 create, OBJECTREF *pRefSecDesc) -{ - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - } CONTRACTL_END; - - // This is a package protected method. Assumes correct usage. - - Thread *pThread = GetThread(); - AppDomain * pAppDomain = pThread->GetDomain(); - - if (pRefSecDesc == NULL) - { - if (!Security::SkipAndFindFunctionInfo(stackMark, NULL, &pRefSecDesc, &pAppDomain)) - return NULL; - } - - if (pRefSecDesc == NULL) - return NULL; - - // Is security object frame in a different context? - bool fSwitchContext; - fSwitchContext = pAppDomain != pThread->GetDomain(); - - if (create && *pRefSecDesc == NULL) - { - // If necessary, shift to correct context to allocate security object. - _ASSERTE(pAppDomain == GetAppDomain()); - MethodTable* pMethFrameSecDesc = MscorlibBinder::GetClass(CLASS__FRAME_SECURITY_DESCRIPTOR); - *pRefSecDesc = AllocateObject(pMethFrameSecDesc); - } - - // If we found or created a security object in a different context, make a - // copy in the current context. - LPVOID rv; - if (fSwitchContext && *pRefSecDesc != NULL) - *((OBJECTREF*)&rv) = AppDomainHelper::CrossContextCopyFrom(pAppDomain, pRefSecDesc); - else - *((OBJECTREF*)&rv) = *pRefSecDesc; - - return rv; -} - -FCIMPL2(Object*, SecurityRuntime::GetSecurityObjectForFrame, StackCrawlMark* stackMark, CLR_BOOL create) -{ - FCALL_CONTRACT; - - OBJECTREF refRetVal = NULL; - - HELPER_METHOD_FRAME_BEGIN_RET_0(); - - refRetVal = ObjectToOBJECTREF((Object*)GetSecurityObjectForFrameInternal(stackMark, create, NULL)); - - HELPER_METHOD_FRAME_END(); - return OBJECTREFToObject(refRetVal); -} -FCIMPLEND - -void SecurityRuntime::CheckBeforeAllocConsole(AppDomain* pDomain, Assembly* pAssembly) -{ - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - } CONTRACTL_END; - - // Tell the debugger not to start on any managed code that we call in this method - FrameWithCookie __dbgSecFrame; - - // Check that the assembly is granted unrestricted UIPermission - IAssemblySecurityDescriptor* pSecDesc = pAssembly->GetSecurityDescriptor(pDomain); - _ASSERTE(pSecDesc != NULL); - if (!pSecDesc->HasUnrestrictedUIPermission()) - { - struct _gc { - OBJECTREF orDemand; - OBJECTREF orRefused; - OBJECTREF orGranted; - } gc; - ZeroMemory(&gc, sizeof(_gc)); - GCPROTECT_BEGIN(gc); - { - // Get the necessary managed objects - gc.orGranted = pSecDesc->GetGrantedPermissionSet(&gc.orRefused); - SecurityDeclarative::_GetSharedPermissionInstance(&gc.orDemand, UI_PERMISSION); - - // Check that the assembly is granted the necessary permission - SecurityStackWalk sw(SSWT_DEMAND_FROM_NATIVE, NULL); - sw.m_objects.SetObjects(gc.orDemand, NULL); - sw.CheckPermissionAgainstGrants(NULL, gc.orGranted, gc.orRefused, pDomain, NULL, pAssembly); - } - GCPROTECT_END(); - } - - // Now do a demand against everything on the stack for unrestricted UIPermission - Security::SpecialDemand(SSWT_DEMAND_FROM_NATIVE, UI_PERMISSION); - - // Pop the debugger frame - __dbgSecFrame.Pop(); -} - - diff --git a/src/vm/securityimperative.h b/src/vm/securityimperative.h deleted file mode 100644 index f161f57..0000000 --- a/src/vm/securityimperative.h +++ /dev/null @@ -1,36 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. -// - - -// - - -#ifndef __ComSecurityRuntime_h__ -#define __ComSecurityRuntime_h__ - -#include "common.h" - -#include "object.h" -#include "util.hpp" - -// Forward declarations to avoid pulling in too many headers. -class Frame; -enum StackWalkAction; - -//----------------------------------------------------------- -// The SecurityRuntime implements all the native methods -// for the managed class System.Security.SecurityRuntime -//----------------------------------------------------------- -namespace SecurityRuntime -{ -//public: - // private helper for getting a security object - FCDECL2(Object*, GetSecurityObjectForFrame, StackCrawlMark* stackMark, CLR_BOOL create); -//protected: - void CheckBeforeAllocConsole(AppDomain* pDomain, Assembly* pAssembly); -}; - -#endif /* __ComSecurityRuntime_h__ */ - diff --git a/src/vm/securitymeta.cpp b/src/vm/securitymeta.cpp index 980958d..ff286dd 100644 --- a/src/vm/securitymeta.cpp +++ b/src/vm/securitymeta.cpp @@ -34,7 +34,6 @@ #include "objectclone.h" #endif //FEATURE_REMOTING #include "typestring.h" -#include "stackcompressor.h" #include "securitydeclarative.h" #include "customattribute.h" #include "../md/compiler/custattr.h" diff --git a/src/vm/securitypolicy.h b/src/vm/securitypolicy.h index ba77bcb..d22eceb 100644 --- a/src/vm/securitypolicy.h +++ b/src/vm/securitypolicy.h @@ -234,20 +234,6 @@ struct SharedPermissionObjects // PermissionState.Unrestricted #define PERMISSION_STATE_UNRESTRICTED 1 // PermissionState.cs -SELECTANY const SharedPermissionObjects g_rPermObjectsTemplate[] = -{ - {NULL, CLASS__SECURITY_PERMISSION, METHOD__SECURITY_PERMISSION__CTOR, SECURITY_PERMISSION_UNMANAGEDCODE }, - {NULL, CLASS__SECURITY_PERMISSION, METHOD__SECURITY_PERMISSION__CTOR, SECURITY_PERMISSION_SKIPVERIFICATION }, - {NULL, CLASS__REFLECTION_PERMISSION, METHOD__REFLECTION_PERMISSION__CTOR, REFLECTION_PERMISSION_TYPEINFO }, - {NULL, CLASS__SECURITY_PERMISSION, METHOD__SECURITY_PERMISSION__CTOR, SECURITY_PERMISSION_ASSERTION }, - {NULL, CLASS__REFLECTION_PERMISSION, METHOD__REFLECTION_PERMISSION__CTOR, REFLECTION_PERMISSION_MEMBERACCESS }, - {NULL, CLASS__SECURITY_PERMISSION, METHOD__SECURITY_PERMISSION__CTOR, SECURITY_PERMISSION_SERIALIZATIONFORMATTER}, - {NULL, CLASS__REFLECTION_PERMISSION, METHOD__REFLECTION_PERMISSION__CTOR, REFLECTION_PERMISSION_RESTRICTEDMEMBERACCESS}, - {NULL, CLASS__PERMISSION_SET, METHOD__PERMISSION_SET__CTOR, PERMISSION_STATE_UNRESTRICTED}, - {NULL, CLASS__SECURITY_PERMISSION, METHOD__SECURITY_PERMISSION__CTOR, SECURITY_PERMISSION_BINDINGREDIRECTS }, - {NULL, CLASS__UI_PERMISSION, METHOD__UI_PERMISSION__CTOR, PERMISSION_STATE_UNRESTRICTED }, -}; - // Array index in SharedPermissionObjects array // Note: these should all be permissions that implement IUnrestrictedPermission. // Any changes to these must be reflected in bcl\system\security\codeaccesssecurityengine.cs and the above table @@ -282,8 +268,6 @@ SELECTANY const SharedPermissionObjects g_rPermObjectsTemplate[] = // Class holding a grab bag of security stuff we need on a per-appdomain basis. struct SecurityContext { - SharedPermissionObjects m_rPermObjects[NUM_PERM_OBJECTS]; - // Cached declarative permissions per method EEPtrHashTable m_pCachedMethodPermissionsHash; SimpleRWLock * m_prCachedMethodPermissionsLock; @@ -299,7 +283,6 @@ struct SecurityContext GC_TRIGGERS; MODE_ANY; } CONTRACTL_END; - memcpy(m_rPermObjects, g_rPermObjectsTemplate, sizeof(m_rPermObjects)); // initialize cache of method-level declarative security permissions // Note that the method-level permissions are stored elsewhere diff --git a/src/vm/securityprincipal.cpp b/src/vm/securityprincipal.cpp deleted file mode 100644 index 5f31d3a..0000000 --- a/src/vm/securityprincipal.cpp +++ /dev/null @@ -1,227 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -#include "common.h" - -#include "securityprincipal.h" -#include "corhost.h" -#include "security.h" - -#ifndef FEATURE_CORECLR -INT32 QCALLTYPE COMPrincipal::ImpersonateLoggedOnUser(HANDLE hToken) -{ - QCALL_CONTRACT; - - HRESULT hr = S_OK; - - BEGIN_QCALL; - -#ifdef FEATURE_INCLUDE_ALL_INTERFACES - IHostSecurityManager *pSM = CorHost2::GetHostSecurityManager(); - if (pSM) { - BEGIN_SO_TOLERANT_CODE_CALLING_HOST(GetThread()); - hr = pSM->ImpersonateLoggedOnUser(hToken); - END_SO_TOLERANT_CODE_CALLING_HOST; - } - else -#endif // FEATURE_INCLUDE_ALL_INTERFACES - { - if (!::ImpersonateLoggedOnUser(hToken)) - hr = HRESULT_FROM_GetLastError(); - } - - STRESS_LOG2(LF_SECURITY, LL_INFO100, "COMPrincipal::ImpersonateLoggedOnUser called with hTokenSAFE = %d. Returning 0x%x\n",hToken,hr); - - END_QCALL; - - return hr; -} - -FCIMPL3(INT32, COMPrincipal::OpenThreadToken, DWORD dwDesiredAccess, DWORD dwOpenAs, SafeHandle** phThreadTokenUNSAFE) -{ - CONTRACTL { - FCALL_CHECK; - PRECONDITION(CheckPointer(phThreadTokenUNSAFE)); - } CONTRACTL_END; - - HRESULT hr = S_OK; - HELPER_METHOD_FRAME_BEGIN_RET_0(); - - SafeHandle** phThreadTokenSAFE = phThreadTokenUNSAFE; - GCPROTECT_BEGININTERIOR(phThreadTokenSAFE); - - *phThreadTokenUNSAFE = NULL; - HandleHolder hThreadToken; - { - GCX_PREEMP(); - BOOL bOpenAsSelf = TRUE; -#ifdef FEATURE_INCLUDE_ALL_INTERFACES - IHostSecurityManager *pSM = CorHost2::GetHostSecurityManager(); - if (pSM) { - if (dwOpenAs == WINSECURITYCONTEXT_THREAD) - bOpenAsSelf = FALSE; - - BEGIN_SO_TOLERANT_CODE_CALLING_HOST(GetThread()); - hr = pSM->OpenThreadToken(dwDesiredAccess, bOpenAsSelf, &hThreadToken); - END_SO_TOLERANT_CODE_CALLING_HOST; - if (FAILED(hr) && dwOpenAs == WINSECURITYCONTEXT_BOTH) { - bOpenAsSelf = FALSE; - BEGIN_SO_TOLERANT_CODE_CALLING_HOST(GetThread()); - hr = pSM->OpenThreadToken(dwDesiredAccess, bOpenAsSelf, &hThreadToken); - END_SO_TOLERANT_CODE_CALLING_HOST; - } - } - else -#endif // FEATURE_INCLUDE_ALL_INTERFACES - { - if (dwOpenAs == WINSECURITYCONTEXT_THREAD) - bOpenAsSelf = FALSE; - - if (!::OpenThreadToken(::GetCurrentThread(), dwDesiredAccess, bOpenAsSelf, &hThreadToken)) { - if (dwOpenAs == WINSECURITYCONTEXT_BOTH) { - bOpenAsSelf = FALSE; - hr = S_OK; - if (!::OpenThreadToken(::GetCurrentThread(), dwDesiredAccess, bOpenAsSelf, &hThreadToken)) - hr = HRESULT_FROM_GetLastError(); - } - else - hr = HRESULT_FROM_GetLastError(); - } - } - } - - if (SUCCEEDED(hr)) { - struct _gc { - SAFEHANDLE pSafeTokenHandle; - } gc; - gc.pSafeTokenHandle = NULL; - - GCPROTECT_BEGIN(gc); - // Allocate a SafeHandle here - MethodTable *pMT = MscorlibBinder::GetClass(CLASS__SAFE_TOKENHANDLE); - gc.pSafeTokenHandle = (SAFEHANDLE) AllocateObject(pMT); - CallDefaultConstructor(gc.pSafeTokenHandle); - gc.pSafeTokenHandle->SetHandle((void*) hThreadToken); - hThreadToken.SuppressRelease(); - - SetObjectReference((OBJECTREF*) phThreadTokenSAFE, (OBJECTREF) gc.pSafeTokenHandle, gc.pSafeTokenHandle->GetAppDomain()); - GCPROTECT_END(); - } - - GCPROTECT_END(); - - HELPER_METHOD_FRAME_END(); - return hr; -} -FCIMPLEND - -INT32 QCALLTYPE COMPrincipal::RevertToSelf() -{ - QCALL_CONTRACT; - - HRESULT hr = S_OK; - - BEGIN_QCALL; - -#ifdef FEATURE_INCLUDE_ALL_INTERFACES - IHostSecurityManager *pSM = CorHost2::GetHostSecurityManager(); - if (pSM) { - BEGIN_SO_TOLERANT_CODE_CALLING_HOST(GetThread()); - hr = pSM->RevertToSelf(); - END_SO_TOLERANT_CODE_CALLING_HOST; - } - else -#endif // FEATURE_INCLUDE_ALL_INTERFACES - { - if (!::RevertToSelf()) - hr = HRESULT_FROM_GetLastError(); - } - - STRESS_LOG1(LF_SECURITY, LL_INFO100, "COMPrincipal::RevertToSelf returning 0x%x\n",hr); - - END_QCALL; - - return hr; -} - -INT32 QCALLTYPE COMPrincipal::SetThreadToken(HANDLE hToken) -{ - QCALL_CONTRACT; - - HRESULT hr = S_OK; - - BEGIN_QCALL; - -#ifdef FEATURE_INCLUDE_ALL_INTERFACES - IHostSecurityManager *pSM = CorHost2::GetHostSecurityManager(); - if (pSM) - { - BEGIN_SO_TOLERANT_CODE_CALLING_HOST(GetThread()); - hr = pSM->SetThreadToken(hToken); - END_SO_TOLERANT_CODE_CALLING_HOST; - } - else -#endif // FEATURE_INCLUDE_ALL_INTERFACES - { - if (!::SetThreadToken(NULL, hToken)) - hr = HRESULT_FROM_GetLastError(); - } - - END_QCALL; - - return hr; -} -#endif // !FEATURE_CORECLR - -void COMPrincipal::CLR_ImpersonateLoggedOnUser(HANDLE hToken) -{ - CONTRACTL { - NOTHROW; - GC_TRIGGERS; - MODE_ANY; - } CONTRACTL_END; - - HRESULT hr = S_OK; - - { - GCX_PREEMP(); -#ifdef FEATURE_INCLUDE_ALL_INTERFACES - IHostSecurityManager *pSM = CorHost2::GetHostSecurityManager(); - if (pSM) { - hr = pSM->RevertToSelf(); - if (hr != S_OK) - { - // FailFast - STRESS_LOG2(LF_EH, LL_INFO100, "CLR_ImpersonateLoggedOnUser failed for hImpersonateToken = %d with error:0x%x\n",hToken, hr); - EEPOLICY_HANDLE_FATAL_ERROR(COR_E_SECURITY); - } - if (hToken != NULL) - hr = pSM->ImpersonateLoggedOnUser(hToken); - } - else -#endif // FEATURE_INCLUDE_ALL_INTERFACES - { - if (!::RevertToSelf()) - hr = HRESULT_FROM_GetLastError(); - if (hr != S_OK) - { - // FailFast - STRESS_LOG2(LF_EH, LL_INFO100, "CLR_ImpersonateLoggedOnUser failed for hImpersonateToken = %d with error:0x%x\n",hToken, hr); - EEPOLICY_HANDLE_FATAL_ERROR(COR_E_SECURITY); - } - if (hToken != NULL && !::ImpersonateLoggedOnUser(hToken)) - hr = HRESULT_FROM_GetLastError(); - } - - if (hr != S_OK) - { - // FailFast - STRESS_LOG2(LF_EH, LL_INFO100, "CLR_ImpersonateLoggedOnUser failed for hImpersonateToken = %d with error:0x%x\n",hToken, hr); - EEPOLICY_HANDLE_FATAL_ERROR(COR_E_SECURITY); - } - } - - return; -} - diff --git a/src/vm/securityprincipal.h b/src/vm/securityprincipal.h deleted file mode 100644 index 5d6b522..0000000 --- a/src/vm/securityprincipal.h +++ /dev/null @@ -1,33 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. - -#pragma once - -// keep in sync with windowsidentity.cs -#define WINSECURITYCONTEXT_THREAD 1 -#define WINSECURITYCONTEXT_PROCESS 2 -#define WINSECURITYCONTEXT_BOTH 3 - - - -#ifndef FEATURE_PAL -class COMPrincipal -{ -public: -#ifndef FEATURE_CORECLR - static - INT32 QCALLTYPE ImpersonateLoggedOnUser(HANDLE hToken); - - static FCDECL3(INT32, OpenThreadToken, DWORD dwDesiredAccess, DWORD dwOpenAs, SafeHandle** phThreadTokenUNSAFE); - - static - INT32 QCALLTYPE RevertToSelf(); - - static - INT32 QCALLTYPE SetThreadToken(HANDLE hToken); -#endif // !FEATURE_CORECLR - - static void CLR_ImpersonateLoggedOnUser(HANDLE hToken); -}; -#endif // FEATURE_PAL diff --git a/src/vm/securitystackwalk.cpp b/src/vm/securitystackwalk.cpp deleted file mode 100644 index 9b8b150..0000000 --- a/src/vm/securitystackwalk.cpp +++ /dev/null @@ -1,2439 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. -// - - -// - - -#include "common.h" - -#include "security.h" -#include "perfcounters.h" -#include "stackcompressor.h" -#ifdef FEATURE_REMOTING -#include "crossdomaincalls.h" -#else -#include "callhelpers.h" -#endif -#include "appdomain.inl" -#include "appdomainstack.inl" - -COUNTER_ONLY(PERF_COUNTER_TIMER_PRECISION g_TotalTimeInSecurityRuntimeChecks = 0); -COUNTER_ONLY(PERF_COUNTER_TIMER_PRECISION g_LastTimeInSecurityRuntimeChecks = 0); -COUNTER_ONLY(UINT32 g_SecurityChecksIterations=0); - -bool SecurityStackWalk::IsSpecialRunFrame(MethodDesc* pMeth) -{ - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_ANY; - INJECT_FAULT(COMPlusThrowOM();); - } CONTRACTL_END; - -#ifndef FEATURE_CORECLR - if (pMeth == MscorlibBinder::GetMethod(METHOD__EXECUTIONCONTEXT__RUN)) - return true; - -#if defined(FEATURE_IMPERSONATION) || defined(FEATURE_COMPRESSEDSTACK) - if (pMeth == MscorlibBinder::GetMethod(METHOD__SECURITYCONTEXT__RUN)) - return true; -#endif // #if defined(FEATURE_IMPERSONATION) || defined(FEATURE_COMPRESSEDSTACK) - -#ifdef FEATURE_COMPRESSEDSTACK - if (pMeth == MscorlibBinder::GetMethod(METHOD__COMPRESSED_STACK__RUN)) - return true; -#endif // FEATURE_COMPRESSEDSTACK - -#endif // !FEATURE_CORECLR - - return false; -} - -void SecurityStackWalk::CheckPermissionAgainstGrants(OBJECTREF refCS, OBJECTREF refGrants, OBJECTREF refRefused, AppDomain *pDomain, MethodDesc* pMethod, Assembly* pAssembly) -{ - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - } CONTRACTL_END; - - struct _gc { - OBJECTREF orCS; - OBJECTREF orGranted; - OBJECTREF orRefused; - OBJECTREF orDemand; - OBJECTREF orToken; - OBJECTREF orAssembly; - } gc; - ZeroMemory(&gc, sizeof(gc)); - gc.orCS = refCS; - gc.orGranted = refGrants; - gc.orRefused = refRefused; - - GCPROTECT_BEGIN(gc); - - // Switch into the destination context if necessary. - ENTER_DOMAIN_PTR(pDomain,ADV_RUNNINGIN) //have it on the stack - { - // Fetch input objects that might originate from a different appdomain, - // marshalling if necessary. - gc.orDemand = m_objects.GetObjects(pDomain, &gc.orToken); - if(pAssembly) - gc.orAssembly = pAssembly->GetExposedObject(); - - PREPARE_NONVIRTUAL_CALLSITE(METHOD__SECURITY_ENGINE__CHECK_HELPER); - - DECLARE_ARGHOLDER_ARRAY(helperArgs, 8); - helperArgs[ARGNUM_0] = OBJECTREF_TO_ARGHOLDER(gc.orCS); - helperArgs[ARGNUM_1] = OBJECTREF_TO_ARGHOLDER(gc.orGranted); - helperArgs[ARGNUM_2] = OBJECTREF_TO_ARGHOLDER(gc.orRefused); - helperArgs[ARGNUM_3] = OBJECTREF_TO_ARGHOLDER(gc.orDemand); - helperArgs[ARGNUM_4] = OBJECTREF_TO_ARGHOLDER(gc.orToken); - helperArgs[ARGNUM_5] = PTR_TO_ARGHOLDER(pMethod); - helperArgs[ARGNUM_6] = OBJECTREF_TO_ARGHOLDER(gc.orAssembly); - helperArgs[ARGNUM_7] = DWORD_TO_ARGHOLDER(dclDemand); - - CATCH_HANDLER_FOUND_NOTIFICATION_CALLSITE; - CALL_MANAGED_METHOD_NORET(helperArgs); - - } - END_DOMAIN_TRANSITION; - - GCPROTECT_END(); -} - - -void SecurityStackWalk::CheckSetAgainstGrants(OBJECTREF refCS, OBJECTREF refGrants, OBJECTREF refRefused, AppDomain *pDomain, MethodDesc* pMethod, Assembly* pAssembly) -{ - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - } CONTRACTL_END; - - struct _gc { - OBJECTREF orCS; - OBJECTREF orGranted; - OBJECTREF orRefused; - OBJECTREF orDemand; - OBJECTREF orAssembly; - } gc; - ZeroMemory(&gc, sizeof(gc)); - gc.orCS = refCS; - gc.orGranted = refGrants; - gc.orRefused = refRefused; - - GCPROTECT_BEGIN(gc); - - // Switch into the destination context if necessary. - ENTER_DOMAIN_PTR(pDomain,ADV_RUNNINGIN) //have it on the stack - { - // Fetch input objects that might originate from a different appdomain, - // marshalling if necessary. - gc.orDemand = m_objects.GetObject(pDomain); - if(pAssembly) - gc.orAssembly = pAssembly->GetExposedObject(); - - PREPARE_NONVIRTUAL_CALLSITE(METHOD__SECURITY_ENGINE__CHECK_SET_HELPER); - - DECLARE_ARGHOLDER_ARRAY(helperArgs, 7); - helperArgs[ARGNUM_0] = OBJECTREF_TO_ARGHOLDER(gc.orCS); - helperArgs[ARGNUM_1] = OBJECTREF_TO_ARGHOLDER(gc.orGranted); - helperArgs[ARGNUM_2] = OBJECTREF_TO_ARGHOLDER(gc.orRefused); - helperArgs[ARGNUM_3] = OBJECTREF_TO_ARGHOLDER(gc.orDemand); - helperArgs[ARGNUM_4] = PTR_TO_ARGHOLDER(pMethod); - helperArgs[ARGNUM_5] = OBJECTREF_TO_ARGHOLDER(gc.orAssembly); - helperArgs[ARGNUM_6] = DWORD_TO_ARGHOLDER(dclDemand); - - CATCH_HANDLER_FOUND_NOTIFICATION_CALLSITE; - CALL_MANAGED_METHOD_NORET(helperArgs); - } - END_DOMAIN_TRANSITION; - - GCPROTECT_END(); -} - -void SecurityStackWalk::GetZoneAndOriginGrants(OBJECTREF refCS, OBJECTREF refGrants, OBJECTREF refRefused, AppDomain *pDomain, MethodDesc* pMethod, Assembly* pAssembly) -{ - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - } CONTRACTL_END; - - Thread *pThread = GetThread(); - - struct _gc { - OBJECTREF orCS; - OBJECTREF orGranted; - OBJECTREF orRefused; - OBJECTREF orZoneList; - OBJECTREF orOriginList; - } gc; - ZeroMemory(&gc, sizeof(gc)); - gc.orCS = refCS; - gc.orGranted = refGrants; - gc.orRefused = refRefused; - - GCPROTECT_BEGIN(gc); - - // Fetch input objects that might originate from a different appdomain, - // marshalling if necessary. - gc.orZoneList = m_objects.GetObjects(pDomain, &gc.orOriginList); - - // Switch into the destination context if necessary. - ENTER_DOMAIN_PTR(pDomain,ADV_RUNNINGIN) //have it on the stack - { - - BOOL inProgress = pThread->IsSecurityStackwalkInProgess(); - - // We turn security stackwalk in progress off which turns security back - // on for a thread. This means that if the managed call throws an exception - // we are already in the proper state so we don't need to do anything. - - if (inProgress) - pThread->SetSecurityStackwalkInProgress(FALSE); - - MethodDescCallSite getZoneAndOriginHelper(METHOD__SECURITY_ENGINE__GET_ZONE_AND_ORIGIN_HELPER); - - ARG_SLOT helperArgs[5]; - - helperArgs[0] = ObjToArgSlot(gc.orCS); - helperArgs[1] = ObjToArgSlot(gc.orGranted); - helperArgs[2] = ObjToArgSlot(gc.orRefused); - helperArgs[3] = ObjToArgSlot(gc.orZoneList); - helperArgs[4] = ObjToArgSlot(gc.orOriginList); - - getZoneAndOriginHelper.Call(&(helperArgs[0])); - - if (inProgress) - pThread->SetSecurityStackwalkInProgress(TRUE); - } - END_DOMAIN_TRANSITION; - - GCPROTECT_END(); -} - -BOOL SecurityStackWalk::CheckPermissionAgainstFrameData(OBJECTREF refFrameData, AppDomain* pDomain, MethodDesc* pMethod) -{ - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - } CONTRACTL_END; - - CLR_BOOL ret = FALSE; - - struct _gc { - OBJECTREF orFrameData; - OBJECTREF orDemand; - OBJECTREF orToken; - } gc; - ZeroMemory(&gc, sizeof(gc)); - gc.orFrameData = refFrameData; - - GCPROTECT_BEGIN(gc); - - // Fetch input objects that might originate from a different appdomain, - // marshalling if necessary. - gc.orDemand = m_objects.GetObjects(pDomain, &gc.orToken); - - // Switch into the destination context if necessary. - ENTER_DOMAIN_PTR(pDomain,ADV_RUNNINGIN) //have it on the stack - { - PREPARE_NONVIRTUAL_CALLSITE(METHOD__SECURITY_RUNTIME__FRAME_DESC_HELPER); - - DECLARE_ARGHOLDER_ARRAY(args, 4); - args[ARGNUM_0] = OBJECTREF_TO_ARGHOLDER(gc.orFrameData); // arg 0 - args[ARGNUM_1] = OBJECTREF_TO_ARGHOLDER(gc.orDemand); // arg 1 - args[ARGNUM_2] = OBJECTREF_TO_ARGHOLDER(gc.orToken); // arg 2 - args[ARGNUM_3] = PTR_TO_ARGHOLDER(pMethod); // arg 3 - - CATCH_HANDLER_FOUND_NOTIFICATION_CALLSITE; - CALL_MANAGED_METHOD(ret, CLR_BOOL, args); - - } - END_DOMAIN_TRANSITION; - - GCPROTECT_END(); - - return ret; -} - -BOOL SecurityStackWalk::CheckSetAgainstFrameData(OBJECTREF refFrameData, AppDomain* pDomain, MethodDesc* pMethod) -{ - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - } CONTRACTL_END; - - CLR_BOOL ret = FALSE; - - struct _gc { - OBJECTREF orFrameData; - OBJECTREF orDemand; - OBJECTREF orPermSetOut; - } gc; - ZeroMemory(&gc, sizeof(gc)); - gc.orFrameData = refFrameData; - - GCPROTECT_BEGIN(gc); - - // Fetch input objects that might originate from a different appdomain, - // marshalling if necessary. - gc.orDemand = m_objects.GetObject(pDomain); - - // Switch into the destination context if necessary. - ENTER_DOMAIN_PTR(pDomain,ADV_RUNNINGIN) //have it on the stack - { - PREPARE_NONVIRTUAL_CALLSITE(METHOD__SECURITY_RUNTIME__FRAME_DESC_SET_HELPER); - - DECLARE_ARGHOLDER_ARRAY(args, 4); - args[ARGNUM_0] = OBJECTREF_TO_ARGHOLDER(gc.orFrameData); - args[ARGNUM_1] = OBJECTREF_TO_ARGHOLDER(gc.orDemand); - args[ARGNUM_2] = PTR_TO_ARGHOLDER(&gc.orPermSetOut); - args[ARGNUM_3] = PTR_TO_ARGHOLDER(pMethod); - - CATCH_HANDLER_FOUND_NOTIFICATION_CALLSITE; - CALL_MANAGED_METHOD(ret, CLR_BOOL, args); - - if (gc.orPermSetOut != NULL) { - // Update the cached object. - m_objects.UpdateObject(pDomain, gc.orPermSetOut); - } - } - END_DOMAIN_TRANSITION; - - GCPROTECT_END(); - - return ret; -} - - - - - - - - - - - - - - - - - - -// ------------------------------------------------------------------------------- -// -// DemandStackWalk -// -// ------------------------------------------------------------------------------- - -class DemandStackWalk : public SecurityStackWalk -{ -public: - enum DemandType - { - DT_PERMISSION = 1, - DT_SET = 2, - DT_ZONE_AND_URL = 3, - }; - -protected: - Frame* m_pCtxTxFrame; - AppDomain * m_pPrevAppDomain; - AppDomain* m_pSkipAppDomain; - Assembly * m_pPrevAssembly; - StackCrawlMark * m_pStackMark; - DemandType m_eDemandType; - bool m_bHaveFoundStartingFrameYet; - BOOL m_bFoundStackMark; - DWORD m_dwdemandFlags; - DWORD m_adStackIndex; - AppDomainStack* m_pThreadADStack; - -public: - DemandStackWalk(SecurityStackWalkType eType, DWORD flags, StackCrawlMark* stackMark, DemandType eDemandType, DWORD demandFlags) - : SecurityStackWalk(eType, flags) - { - WRAPPER_NO_CONTRACT; - m_pCtxTxFrame = NULL; - m_pPrevAppDomain = NULL; - m_pSkipAppDomain = NULL; - m_pPrevAssembly = NULL; - m_eDemandType = eDemandType; - m_bHaveFoundStartingFrameYet = false; - m_pStackMark = stackMark; - m_bFoundStackMark = FALSE; - m_dwdemandFlags = demandFlags; - m_pThreadADStack = GetThread()->GetAppDomainStackPointer(); - m_pThreadADStack->InitDomainIteration(&m_adStackIndex); - } - - void DoStackWalk(); - StackWalkAction WalkFrame(CrawlFrame* pCf); - -protected: - bool IsStartingFrame(CrawlFrame* pCf); - bool IsSpecialRunFrame(MethodDesc* pMeth) - { - return SecurityStackWalk::IsSpecialRunFrame(pMeth); - } - void CheckGrant(OBJECTREF refCS, OBJECTREF refGrants, OBJECTREF refRefused, AppDomain *pDomain, MethodDesc* pMethod, Assembly* pAssembly); - BOOL CheckFrame(OBJECTREF refFrameData, AppDomain* pDomain, MethodDesc* pMethod); - -private: - FORCEINLINE BOOL QuickCheck(OBJECTREF refCS, OBJECTREF refGrants, OBJECTREF refRefused) - { - if (refCS == NULL && refRefused == NULL && refGrants != NULL) - { - // if we have a FT grant and nothing else, and our demand is for something that FT can satisfy, we're done - PERMISSIONSETREF permSetRef = (PERMISSIONSETREF)refGrants; - return permSetRef->IsUnrestricted(); - } - return FALSE; - } - void ProcessAppDomainTransition(AppDomain * pAppDomain, bool bCheckPrevAppDomain); -#ifdef _DEBUG - BOOL IsValidReturnFromWalkFrame(StackWalkAction retVal, CrawlFrame* pCF) - { - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_ANY; - } CONTRACTL_END; - - // This function checks that when we hit a Special frame, we are indeed returning the action to stop the stackwalk - MethodDesc *pFunc = pCF->GetFunction(); - if (pFunc != NULL && IsSpecialRunFrame(pFunc)) - { - return (retVal == SWA_ABORT); - } - return TRUE; - } -#endif // _DEBUG - -#ifdef FEATURE_COMPRESSEDSTACK - BOOL CheckAnonymouslyHostedDynamicMethodCompressedStack(OBJECTREF refDynamicResolver, AppDomain* pDomain, MethodDesc* pMethod); - BOOL CheckAnonymouslyHostedDynamicMethodCompressedStackPermission(OBJECTREF refDynamicResolver, AppDomain* pDomain, MethodDesc* pMethod); - BOOL CheckAnonymouslyHostedDynamicMethodCompressedStackPermissionSet(OBJECTREF refDynamicResolver, AppDomain* pDomain, MethodDesc* pMethod); -#endif // FEATURE_COMPRESSEDSTACK -}; - -void DemandStackWalk::CheckGrant(OBJECTREF refCS, OBJECTREF refGrants, OBJECTREF refRefused, AppDomain *pDomain, MethodDesc* pMethod, Assembly* pAssembly) -{ - CONTRACTL - { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - } - CONTRACTL_END; - switch(m_eDemandType) - { - case DT_PERMISSION: - // Test early out scenario (quickcheck) before calling into managed code - if (!QuickCheck(refCS, refGrants, refRefused)) - CheckPermissionAgainstGrants(refCS, refGrants, refRefused, pDomain, pMethod, pAssembly); - break; - - case DT_SET: - // Test early out scenario (quickcheck) before calling into managed code - if (!QuickCheck(refCS, refGrants, refRefused)) - CheckSetAgainstGrants(refCS, refGrants, refRefused, pDomain, pMethod, pAssembly); - break; - case DT_ZONE_AND_URL: - GetZoneAndOriginGrants(refCS, refGrants, refRefused, pDomain, pMethod, pAssembly); - break; - default: - _ASSERTE(!"unexpected demand type"); - break; - } -} - -BOOL DemandStackWalk::CheckFrame(OBJECTREF refFrameData, AppDomain* pDomain, MethodDesc* pMethod) -{ - CONTRACTL - { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - } - CONTRACTL_END; - switch(m_eDemandType) - { - case DT_PERMISSION: - return CheckPermissionAgainstFrameData(refFrameData, pDomain, pMethod); - - case DT_SET: - return CheckSetAgainstFrameData(refFrameData, pDomain, pMethod); - case DT_ZONE_AND_URL: - return TRUE; //Nothing to do here since CS cannot live on a Frame anymore. - default: - _ASSERTE(!"unexpected demand type"); - } - return TRUE; -} - -bool DemandStackWalk::IsStartingFrame(CrawlFrame* pCf) -{ - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_ANY; - INJECT_FAULT(COMPlusThrowOM();); - } CONTRACTL_END; - - switch(m_eStackWalkType) - { - case SSWT_DECLARATIVE_DEMAND: // Begin after the security stub(s) - _ASSERTE(m_pStackMark == NULL); - // skip the current method that has decl sec - if (m_bFoundStackMark) - return true; - else - { - m_bFoundStackMark = true; - return false; - } - - case SSWT_IMPERATIVE_DEMAND: // Begin where the StackMark says to - case SSWT_GET_ZONE_AND_URL: // Begin where the StackMark says to - _ASSERTE(*m_pStackMark == LookForMyCaller || *m_pStackMark == LookForMyCallersCaller); - - // See if we've passed the stack mark yet - if (!pCf->IsInCalleesFrames(m_pStackMark)) - return false; - - // Skip the frame after the stack mark as well. - if(*m_pStackMark == LookForMyCallersCaller && !m_bFoundStackMark) - { - m_bFoundStackMark = TRUE; - return false; - } - - return true; - - case SSWT_LATEBOUND_LINKDEMAND: // Begin immediately - case SSWT_DEMAND_FROM_NATIVE: - _ASSERTE(m_pStackMark == NULL); - return true; - - default: - _ASSERTE(FALSE); // Unexpected stack walk type - break; - } - return true; -} -void DemandStackWalk::ProcessAppDomainTransition(AppDomain* pAppDomain, bool bCheckPrevAppDomain) -{ - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - } CONTRACTL_END; - _ASSERTE(pAppDomain != m_pPrevAppDomain); - - if (m_pPrevAppDomain != NULL && bCheckPrevAppDomain) - { - // We have not checked the previous AppDomain. Check it now. - if (m_pSkipAppDomain != m_pPrevAppDomain) - { - ApplicationSecurityDescriptor *pSecDesc = - static_cast(m_pPrevAppDomain->GetSecurityDescriptor()); - - // Only process AppDomains which have completed security initialization. If the domain is not - // yet fully initialized then only fully trusted code can be running in the domain, so we're - // safe to ignore the transition. The domain may also not yet have a sane grant set setup on it - // yet if the demand is coming out of AppDomainManager code. - if (pSecDesc && !pSecDesc->IsInitializationInProgress()) - { - DBG_TRACE_STACKWALK(" Checking appdomain...\n", true); - - if (!pSecDesc->IsDefaultAppDomain() && - !pSecDesc->IsFullyTrusted() && - !pSecDesc->CheckSpecialFlag(m_dwdemandFlags)) - { - OBJECTREF orRefused; - OBJECTREF orGranted = pSecDesc->GetGrantedPermissionSet(&orRefused); - CheckGrant(NULL, orGranted, orRefused, m_pPrevAppDomain, NULL, m_pPrevAssembly); - } - } - else - { - DBG_TRACE_STACKWALK(" Skipping appdomain...\n", true); - } - } - } - // Move the domain index forward - m_pThreadADStack->GetNextDomainEntryOnStack(&m_adStackIndex); - - // At the end of the stack walk, do a check on the grants of - // the m_pPrevAppDomain by the stackwalk caller if needed. - m_pPrevAppDomain = pAppDomain; - - // Check if we can skip the entire pAppDomain. If so, assign m_pSkipAppDomain - // TODO: Can Check the AppDomain PLS also here. - if ((m_pThreadADStack->GetCurrentDomainEntryOnStack(m_adStackIndex))->HasFlagsOrFullyTrustedWithNoStackModifiers(m_dwdemandFlags)) - m_pSkipAppDomain = pAppDomain; - else - m_pSkipAppDomain = NULL; - - - -} -StackWalkAction DemandStackWalk::WalkFrame(CrawlFrame* pCf) -{ - CONTRACT (StackWalkAction) { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - POSTCONDITION(IsValidReturnFromWalkFrame(RETVAL, pCf)); - } CONTRACT_END; - - StackWalkAction ret = SWA_CONTINUE; - -#ifdef FEATURE_REMOTING -#ifdef FEATURE_COMPRESSEDSTACK - - // Save the CtxTxFrame if this is one - if (m_pCtxTxFrame == NULL) - { - Frame *pFrame = pCf->GetFrame(); - if (SecurityStackWalk::IsContextTransitionFrameWithCS(pFrame)) - { - - m_pCtxTxFrame = pFrame; - } - } -#endif // #ifdef FEATURE_COMPRESSEDSTACK -#endif // FEATURE_REMOTING - - MethodDesc * pFunc = pCf->GetFunction(); - Assembly * pAssem = pCf->GetAssembly(); - // Get the current app domain. - AppDomain *pAppDomain = pCf->GetAppDomain(); - if (pAppDomain != m_pPrevAppDomain) - { -#ifndef FEATURE_REMOTING - BOOL bRealAppDomainTransition = (m_pPrevAppDomain != NULL); -#endif - ProcessAppDomainTransition(pAppDomain, m_bHaveFoundStartingFrameYet); - -#ifndef FEATURE_REMOTING - // The first AppDomain transition is the transition from NULL to current domain. We should not stop on that. - // We should stop on the first "real" appdomain transition - which is a transition out of the current domain. - if (bRealAppDomainTransition) - { - // without remoting other appdomains do not matter (can be only createdomain call anyhow) so stop the stack walk - m_dwFlags |= CORSEC_STACKWALK_HALTED; - RETURN SWA_ABORT; - } -#endif - } - - if ((pFunc == NULL && pAssem == NULL) || (pFunc && pFunc->IsILStub())) - RETURN ret; // Not a function - - // Skip until the frame where the stackwalk should begin - if (!m_bHaveFoundStartingFrameYet) - { - if (IsStartingFrame(pCf)) - m_bHaveFoundStartingFrameYet = true; - else - RETURN ret; - } - - // - // Now check the current frame! - // - // If this is a *.Run method, then we need to terminate the stackwalk after considering this frame - if (pFunc && IsSpecialRunFrame(pFunc)) - { - DBG_TRACE_STACKWALK(" Halting stackwalk for .Run.\n", false); - // Dont mark the CORSEC_STACKWALK_HALTED in m_dwFlags because we still need to look at the CS - ret = SWA_ABORT; - } - - DBG_TRACE_STACKWALK(" Checking granted permissions for current method...\n", true); - - // Reached here imples we walked atleast a single frame. - COUNTER_ONLY(GetPerfCounters().m_Security.stackWalkDepth++); - - - // Get the previous assembly - Assembly *pPrevAssem = m_pPrevAssembly; - - - // Check if we can skip the entire appdomain - if (m_pSkipAppDomain == pAppDomain) - { - RETURN ret; - } - - // Keep track of the last module checked. If we have just checked the - // permissions on the module, we don't need to do it again. - if (pAssem != pPrevAssem) - { - DBG_TRACE_STACKWALK(" Checking grants for current assembly.\n", true); - - // Get the security descriptor for the current assembly and pass it to - // the interpreted helper. - AssemblySecurityDescriptor * pSecDesc = static_cast(pAssem->GetSecurityDescriptor(pAppDomain)); - _ASSERTE(pSecDesc != NULL); - - // We have to check the permissions if we are not fully trusted or - // we cannot be overrided by full trust. Plus we always skip checks - // on system classes. - if (!pSecDesc->IsSystem() && - !pSecDesc->IsFullyTrusted() && - !pSecDesc->CheckSpecialFlag(m_dwdemandFlags)) - { - OBJECTREF orRefused; - OBJECTREF orGranted = pSecDesc->GetGrantedPermissionSet(&orRefused); - CheckGrant(NULL, orGranted, orRefused, pAppDomain, pFunc, pAssem); - } - - m_pPrevAssembly = pAssem; - } - else - { - DBG_TRACE_STACKWALK(" Current assembly same as previous. Skipping check.\n", true); - } - - - // Passed initial check. See if there is security info on this frame. - OBJECTREF *pFrameObjectSlot = pCf->GetAddrOfSecurityObject(); - if (pFrameObjectSlot != NULL) - { - SecurityDeclarative::DoDeclarativeSecurityAtStackWalk(pFunc, pAppDomain, pFrameObjectSlot); - if (*pFrameObjectSlot != NULL) - { - DBG_TRACE_STACKWALK(" + Frame-specific security info found. Checking...\n", false); - - if(!CheckFrame(*pFrameObjectSlot, pAppDomain, pFunc)) - { - DBG_TRACE_STACKWALK(" Halting stackwalk for assert.\n", false); - m_dwFlags |= CORSEC_STACKWALK_HALTED; - ret = SWA_ABORT; - } - } - } - -#if FEATURE_COMPRESSEDSTACK - // If this frame is an anonymously hosted dynamic assembly, we need to run the demand against its compressed stack - // to ensure the creator had the permissions for this demand - if(pAssem != NULL && pAppDomain != NULL && pAssem->GetDomainAssembly(pAppDomain) == pAppDomain->GetAnonymouslyHostedDynamicMethodsAssembly() && - !CLRConfig::GetConfigValue(CLRConfig::UNSUPPORTED_Security_DisableAnonymouslyHostedDynamicMethodCreatorSecurityCheck)) - { - _ASSERTE(pFunc->IsLCGMethod()); - OBJECTREF dynamicResolver = pFunc->AsDynamicMethodDesc()->GetLCGMethodResolver()->GetManagedResolver(); - if(!CheckAnonymouslyHostedDynamicMethodCompressedStack(dynamicResolver, pAppDomain, pFunc)) - { - m_dwFlags |= CORSEC_STACKWALK_HALTED; - ret = SWA_ABORT; - } - } -#endif // FEATURE_COMPRESSEDSTACK - - DBG_TRACE_STACKWALK(" Check passes for this method.\n", true); - - - // Passed all the checks, return current value of ret (could be SWA_ABORT of SWA_CONTINUE based on above checks) - RETURN ret; -} - -static -StackWalkAction CodeAccessCheckStackWalkCB(CrawlFrame* pCf, VOID* pData) -{ - WRAPPER_NO_CONTRACT; - DemandStackWalk *pCBdata = (DemandStackWalk*)pData; - return pCBdata->WalkFrame(pCf); -} - -void DemandStackWalk::DoStackWalk() -{ - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - } CONTRACTL_END; - - // Get the current thread. - Thread *pThread = GetThread(); - _ASSERTE(pThread != NULL); - - // Don't allow recursive security stackwalks. Note that this implies that - // *no* untrusted code must ever be called during a security stackwalk. - if (pThread->IsSecurityStackwalkInProgess()) - return; - - // NOTE: Initialize the stack depth. Note that if more that one thread tries - // to perform stackwalk then these counters gets stomped upon. - COUNTER_ONLY(GetPerfCounters().m_Security.stackWalkDepth = 0); - - // Walk the thread. - EX_TRY - { - pThread->SetSecurityStackwalkInProgress( TRUE ); - - DBG_TRACE_STACKWALK("Code-access security check invoked.\n", false); - // LIGHTUNWIND flag: allow using stackwalk cache for security stackwalks - pThread->StackWalkFrames(CodeAccessCheckStackWalkCB, this, SKIPFUNCLETS | LIGHTUNWIND); - DBG_TRACE_STACKWALK("\tCode-access stackwalk completed.\n", false); - - // check the last app domain or CompressedStack at the thread base - if (((m_dwFlags & CORSEC_STACKWALK_HALTED) == 0) /*&& m_cCheck != 0*/) - { - AppDomain *pAppDomain = m_pPrevAppDomain; -#ifdef FEATURE_COMPRESSEDSTACK - OBJECTREF orCS = pThread->GetCompressedStack(); - - if (orCS == NULL) - { - // There may have been an AD transition and we shd look at the CB data to see if this is the case - if (m_pCtxTxFrame != NULL) - { - orCS = (OBJECTREF)SecurityStackWalk::GetCSFromContextTransitionFrame(m_pCtxTxFrame); - pAppDomain = m_pCtxTxFrame->GetReturnDomain(); - } - } - - - if (orCS != NULL) - { - // We have a CS at the thread base - just look at that. Dont look at the last AD - DBG_TRACE_STACKWALK("\tChoosing CompressedStack check.\n", true); - DBG_TRACE_STACKWALK("\tChecking CompressedStack...\n", true); - - CheckGrant(orCS, NULL, NULL, pAppDomain, NULL, NULL); - DBG_TRACE_STACKWALK("\tCompressedStack check passed.\n", true); - } - else -#endif // FEATURE_COMPRESSEDSTACK - { - // No CS at thread base - must look at the last AD - DBG_TRACE_STACKWALK("\tChoosing appdomain check.\n", true); - - ApplicationSecurityDescriptor *pSecDesc = static_cast(pAppDomain->GetSecurityDescriptor()); - - if (pSecDesc != NULL) - { - // Note: the order of these calls is important since you have to have done a - // GetEvidence() on the security descriptor before you check for the - // CORSEC_DEFAULT_APPDOMAIN property. IsFullyTrusted calls Resolve so - // we're all good. - if (!pSecDesc->IsDefaultAppDomain() && - !pSecDesc->IsFullyTrusted() && - !pSecDesc->CheckSpecialFlag(m_dwdemandFlags)) - { - DBG_TRACE_STACKWALK("\tChecking appdomain...\n", true); - OBJECTREF orRefused; - OBJECTREF orGranted = pSecDesc->GetGrantedPermissionSet(&orRefused); - CheckGrant(NULL, orGranted, orRefused, pAppDomain, NULL, NULL); - DBG_TRACE_STACKWALK("\tappdomain check passed.\n", true); - } - } - else - { - DBG_TRACE_STACKWALK("\tSkipping appdomain check.\n", true); - } - } - } - else - { - DBG_TRACE_STACKWALK("\tSkipping CS/appdomain check.\n", true); - } - - pThread->SetSecurityStackwalkInProgress( FALSE ); - } - EX_CATCH - { - // We catch exceptions and rethrow like this to ensure that we've - // established an exception handler on the fs:[0] chain (managed - // exception handlers won't do this). This in turn guarantees that - // managed exception filters in any of our callers won't be found, - // otherwise they could get to execute untrusted code with security - // turned off. - pThread->SetSecurityStackwalkInProgress( FALSE ); - - EX_RETHROW; - } - EX_END_CATCH_UNREACHABLE - - - DBG_TRACE_STACKWALK("Code-access check passed.\n", false); -} - -#ifdef FEATURE_COMPRESSEDSTACK -BOOL DemandStackWalk::CheckAnonymouslyHostedDynamicMethodCompressedStack(OBJECTREF refDynamicResolver, AppDomain* pDomain, MethodDesc* pMethod) -{ - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - } CONTRACTL_END; - - BOOL ret = TRUE; - - switch(m_eDemandType) - { - case DT_PERMISSION: - ret = CheckAnonymouslyHostedDynamicMethodCompressedStackPermission(refDynamicResolver, pDomain, pMethod); - break; - - case DT_SET: - ret = CheckAnonymouslyHostedDynamicMethodCompressedStackPermissionSet(refDynamicResolver, pDomain, pMethod); - break; - - case DT_ZONE_AND_URL: - // Not needed for compressed stack - break; - - default: - _ASSERTE(!"unexpected demand type"); - break; - } - - return ret; -} - -BOOL DemandStackWalk::CheckAnonymouslyHostedDynamicMethodCompressedStackPermissionSet(OBJECTREF refDynamicResolver, AppDomain* pDomain, MethodDesc* pMethod) -{ - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - } CONTRACTL_END; - - CLR_BOOL ret = FALSE; - - - struct _gc { - OBJECTREF orDynamicResolver; - OBJECTREF orDemandSet; - OBJECTREF orPermSetOut; - } gc; - ZeroMemory(&gc, sizeof(gc)); - gc.orDynamicResolver = refDynamicResolver; - - GCPROTECT_BEGIN(gc); - - // Fetch input objects that might originate from a different appdomain, - // marshalling if necessary. - gc.orDemandSet = m_objects.GetObject(pDomain); - - // Switch into the destination context if necessary. - ENTER_DOMAIN_PTR(pDomain,ADV_RUNNINGIN) //have it on the stack - { - PREPARE_NONVIRTUAL_CALLSITE(METHOD__SECURITY_RUNTIME__CHECK_DYNAMIC_METHOD_SET_HELPER); - - DECLARE_ARGHOLDER_ARRAY(args, 4); - args[ARGNUM_0] = OBJECTREF_TO_ARGHOLDER(gc.orDynamicResolver); - args[ARGNUM_1] = OBJECTREF_TO_ARGHOLDER(gc.orDemandSet); - args[ARGNUM_2] = PTR_TO_ARGHOLDER(&gc.orPermSetOut); - args[ARGNUM_3] = PTR_TO_ARGHOLDER(pMethod); - - CATCH_HANDLER_FOUND_NOTIFICATION_CALLSITE; - CALL_MANAGED_METHOD(ret, CLR_BOOL, args); - - if (gc.orPermSetOut != NULL) { - // Update the cached object. - m_objects.UpdateObject(pDomain, gc.orPermSetOut); - } - } - END_DOMAIN_TRANSITION; - - GCPROTECT_END(); - - return ret; -} - - -BOOL DemandStackWalk::CheckAnonymouslyHostedDynamicMethodCompressedStackPermission(OBJECTREF refDynamicResolver, AppDomain* pDomain, MethodDesc* pMethod) -{ - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - } CONTRACTL_END; - - CLR_BOOL ret = FALSE; - - - struct _gc { - OBJECTREF orDynamicResolver; - OBJECTREF orDemand; - OBJECTREF orToken; - } gc; - ZeroMemory(&gc, sizeof(gc)); - gc.orDynamicResolver = refDynamicResolver; - - GCPROTECT_BEGIN(gc); - - // Fetch input objects that might originate from a different appdomain, - // marshalling if necessary. - gc.orDemand = m_objects.GetObjects(pDomain, &gc.orToken); - - // Switch into the destination context if necessary. - ENTER_DOMAIN_PTR(pDomain,ADV_RUNNINGIN) //have it on the stack - { - PREPARE_NONVIRTUAL_CALLSITE(METHOD__SECURITY_RUNTIME__CHECK_DYNAMIC_METHOD_HELPER); - - DECLARE_ARGHOLDER_ARRAY(args, 4); - args[ARGNUM_0] = OBJECTREF_TO_ARGHOLDER(gc.orDynamicResolver); - args[ARGNUM_1] = OBJECTREF_TO_ARGHOLDER(gc.orDemand); - args[ARGNUM_2] = OBJECTREF_TO_ARGHOLDER(gc.orToken); - args[ARGNUM_3] = PTR_TO_ARGHOLDER(pMethod); - - CATCH_HANDLER_FOUND_NOTIFICATION_CALLSITE; - CALL_MANAGED_METHOD(ret, CLR_BOOL, args); - } - END_DOMAIN_TRANSITION; - - GCPROTECT_END(); - - return ret; -} -#endif // FEATURE_COMPRESSEDSTACK - - - - -// ------------------------------------------------------------------------------- -// -// AssertStackWalk -// -// ------------------------------------------------------------------------------- - -class AssertStackWalk : public SecurityStackWalk -{ -protected: - StackCrawlMark * m_pStackMark; - bool m_bHaveFoundStartingFrameYet; - INT_PTR m_cCheck; - -public: - OBJECTREF* m_pSecurityObject; - AppDomain* m_pSecurityObjectDomain; - - AssertStackWalk(SecurityStackWalkType eType, DWORD dwFlags, StackCrawlMark* stackMark) - : SecurityStackWalk(eType, dwFlags) - { - LIMITED_METHOD_CONTRACT; - m_pStackMark = stackMark; - m_bHaveFoundStartingFrameYet = false; - m_cCheck = 1; - m_pSecurityObject = NULL; - m_pSecurityObjectDomain = NULL; - } - - void DoStackWalk(); - StackWalkAction WalkFrame(CrawlFrame* pCf); -}; - -StackWalkAction AssertStackWalk::WalkFrame(CrawlFrame* pCf) -{ - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - } CONTRACTL_END; - - DBG_TRACE_METHOD(pCf); - - MethodDesc * pFunc = pCf->GetFunction(); - _ASSERTE(pFunc != NULL); // we requested functions only! - _ASSERTE(m_eStackWalkType == SSWT_IMPERATIVE_ASSERT); - _ASSERTE(*m_pStackMark == LookForMyCaller); - - // Skip until we pass the StackMark - if (!m_bHaveFoundStartingFrameYet) - { - if (pCf->IsInCalleesFrames(m_pStackMark)) - m_bHaveFoundStartingFrameYet = true; - else - return SWA_CONTINUE; - } - - // Check if we've visited the maximum number of frames - if (m_cCheck >= 0) - { - if (m_cCheck == 0) - { - m_dwFlags |= CORSEC_STACKWALK_HALTED; - return SWA_ABORT; - } - else - --m_cCheck; - } - - // Reached here imples we walked atleast a single frame. - COUNTER_ONLY(GetPerfCounters().m_Security.stackWalkDepth++); - - DBG_TRACE_STACKWALK(" Checking grants for current assembly.\n", true); - - // Get the security descriptor for the current assembly and pass it to - // the interpreted helper. - // Get the current assembly - Assembly *pAssem = pFunc->GetModule()->GetAssembly(); - AppDomain *pAppDomain = pCf->GetAppDomain(); - IAssemblySecurityDescriptor * pSecDesc = pAssem->GetSecurityDescriptor(pAppDomain); - _ASSERTE(pSecDesc != NULL); - - - if (!SecurityTransparent::IsAllowedToAssert(pFunc)) - { - // Transparent method can't have the permission to Assert - COMPlusThrow(kInvalidOperationException,W("InvalidOperation_AssertTransparentCode")); - } - - if (!pSecDesc->IsSystem() && !pSecDesc->IsFullyTrusted()) - { - OBJECTREF orRefused; - OBJECTREF orGranted = pSecDesc->GetGrantedPermissionSet(&orRefused); - CheckPermissionAgainstGrants(NULL, orGranted, orRefused, pAppDomain, pFunc, pAssem); - } - - // Passed initial check. See if there is security info on this frame. - m_pSecurityObject = pCf->GetAddrOfSecurityObject(); - m_pSecurityObjectDomain = pAppDomain; - - DBG_TRACE_STACKWALK(" Check Immediate passes for this method.\n", true); - - // Passed all the checks, so continue. - return SWA_ABORT; -} - -static -StackWalkAction CheckNReturnSOStackWalkCB(CrawlFrame* pCf, VOID* pData) -{ - WRAPPER_NO_CONTRACT; - AssertStackWalk *pCBdata = (AssertStackWalk*)pData; - return pCBdata->WalkFrame(pCf); -} - -FCIMPL4(Object*, SecurityStackWalk::CheckNReturnSO, Object* permTokenUNSAFE, Object* permUNSAFE, StackCrawlMark* stackMark, INT32 create) -{ - FCALL_CONTRACT; - - OBJECTREF refRetVal = NULL; - OBJECTREF permToken = (OBJECTREF) permTokenUNSAFE; - OBJECTREF perm = (OBJECTREF) permUNSAFE; - HELPER_METHOD_FRAME_BEGIN_RET_2(permToken, perm); - - _ASSERTE((permToken != NULL) && (perm != NULL)); - - // Track perfmon counters. Runtime security checkes. - IncrementSecurityPerfCounter(); - -#if defined(ENABLE_PERF_COUNTERS) - // Perf Counter "%Time in Runtime check" support - PERF_COUNTER_TIMER_PRECISION _startPerfCounterTimer = GET_CYCLE_COUNT(); -#endif - - // Initialize callback data. - DWORD dwFlags = 0; - AssertStackWalk walkData(SSWT_IMPERATIVE_ASSERT, dwFlags, stackMark); - walkData.m_objects.SetObjects(perm, permToken); - - // Protect the object references in the callback data. - GCPROTECT_BEGIN(walkData.m_objects.m_sGC); - - walkData.DoStackWalk(); - - GCPROTECT_END(); - -#if defined(ENABLE_PERF_COUNTERS) - // Accumulate the counter - PERF_COUNTER_TIMER_PRECISION _stopPerfCounterTimer = GET_CYCLE_COUNT(); - g_TotalTimeInSecurityRuntimeChecks += _stopPerfCounterTimer - _startPerfCounterTimer; - - // Report the accumulated counter only after NUM_OF_TERATIONS - if (g_SecurityChecksIterations++ > PERF_COUNTER_NUM_OF_ITERATIONS) - { - GetPerfCounters().m_Security.timeRTchecks = static_cast(g_TotalTimeInSecurityRuntimeChecks); - GetPerfCounters().m_Security.timeRTchecksBase = static_cast(_stopPerfCounterTimer - g_LastTimeInSecurityRuntimeChecks); - - g_TotalTimeInSecurityRuntimeChecks = 0; - g_LastTimeInSecurityRuntimeChecks = _stopPerfCounterTimer; - g_SecurityChecksIterations = 0; - } -#endif // #if defined(ENABLE_PERF_COUNTERS) - - if (walkData.m_pSecurityObject == NULL) - { - goto lExit; - } - - // Is security object frame in a different context? - Thread *pThread; - pThread = GetThread(); - bool fSwitchContext; - - fSwitchContext = walkData.m_pSecurityObjectDomain != pThread->GetDomain(); - if (create && *walkData.m_pSecurityObject == NULL) - { - // If necessary, shift to correct context to allocate security object. - ENTER_DOMAIN_PTR(walkData.m_pSecurityObjectDomain,ADV_RUNNINGIN) //on the stack - { - MethodTable* pMethFrameSecDesc = MscorlibBinder::GetClass(CLASS__FRAME_SECURITY_DESCRIPTOR); - - *walkData.m_pSecurityObject = AllocateObject(pMethFrameSecDesc); - } - END_DOMAIN_TRANSITION; - } - - // If we found or created a security object in a different context, make a - // copy in the current context. -#ifndef FEATURE_CORECLR // should not happen in core clr - if (fSwitchContext && *walkData.m_pSecurityObject != NULL) - refRetVal = AppDomainHelper::CrossContextCopyFrom(walkData.m_pSecurityObjectDomain, - walkData.m_pSecurityObject); - else -#else - _ASSERTE(!fSwitchContext); -#endif - - refRetVal = *walkData.m_pSecurityObject; - -lExit: ; - HELPER_METHOD_FRAME_END(); - return OBJECTREFToObject(refRetVal); -} -FCIMPLEND - - -void AssertStackWalk::DoStackWalk() -{ - // Get the current thread. - Thread *pThread = GetThread(); - _ASSERTE(pThread != NULL); - - // NOTE: Initialize the stack depth. Note that if more that one thread tries - // to perform stackwalk then these counters gets stomped upon. - COUNTER_ONLY(GetPerfCounters().m_Security.stackWalkDepth = 0); - - // Walk the thread. - DBG_TRACE_STACKWALK("Code-access security check immediate invoked.\n", false); - // LIGHTUNWIND flag: allow using stackwalk cache for security stackwalks - pThread->StackWalkFrames(CheckNReturnSOStackWalkCB, this, FUNCTIONSONLY | SKIPFUNCLETS | LIGHTUNWIND); - - DBG_TRACE_STACKWALK("\tCode-access stackwalk completed.\n", false); -} - - - - - - - - - - - - - - - - - - -// ------------------------------------------------------------------------------- -// -// CountOverridesStackWalk -// -// ------------------------------------------------------------------------------- - -typedef struct _SkipFunctionsData -{ - INT32 cSkipFunctions; - StackCrawlMark* pStackMark; - BOOL bUseStackMark; - BOOL bFoundCaller; - MethodDesc* pFunction; - OBJECTREF* pSecurityObject; - AppDomain* pSecurityObjectAppDomain; -} SkipFunctionsData; - -static StackWalkAction SkipFunctionsCB(CrawlFrame* pCf, VOID* pData) -{ - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_ANY; - INJECT_FAULT(COMPlusThrowOM();); - } CONTRACTL_END; - SkipFunctionsData *skipData = (SkipFunctionsData*)pData; - _ASSERTE(skipData != NULL); - - MethodDesc *pFunc = pCf->GetFunction(); - -#ifdef _DEBUG - // Get the interesting info now, so we can get a trace - // while debugging... - OBJECTREF *pSecObj; - pSecObj = pCf->GetAddrOfSecurityObject(); -#endif - - _ASSERTE(skipData->bUseStackMark && "you must specify a stackmark"); - - // First check if the walk has skipped the required frames. The check - // here is between the address of a local variable (the stack mark) and a - // pointer to the EIP for a frame (which is actually the pointer to the - // return address to the function from the previous frame). So we'll - // actually notice which frame the stack mark was in one frame later. This - // is fine for our purposes since we're always looking for the frame of the - // caller of the method that actually created the stack mark. - if ((skipData->pStackMark != NULL) && - !pCf->IsInCalleesFrames(skipData->pStackMark)) - - return SWA_CONTINUE; - - skipData->pFunction = pFunc; - skipData->pSecurityObject = pCf->GetAddrOfSecurityObject(); - skipData->pSecurityObjectAppDomain = pCf->GetAppDomain(); - return SWA_ABORT; // This actually indicates success. -} - -// Version of the above method that looks for a stack mark (the address of a -// local variable in a frame called by the target frame). -BOOL SecurityStackWalk::SkipAndFindFunctionInfo(StackCrawlMark* stackMark, MethodDesc ** ppFunc, OBJECTREF ** ppObj, AppDomain ** ppAppDomain) -{ - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_ANY; - INJECT_FAULT(COMPlusThrowOM();); - } CONTRACTL_END; - _ASSERTE(ppFunc != NULL || ppObj != NULL || !"Why was this function called?!"); - - SkipFunctionsData walkData; - walkData.pStackMark = stackMark; - walkData.bUseStackMark = TRUE; - walkData.bFoundCaller = FALSE; - walkData.pFunction = NULL; - walkData.pSecurityObject = NULL; - // LIGHTUNWIND flag: allow using stackwalk cache for security stackwalks - StackWalkAction action = GetThread()->StackWalkFrames(SkipFunctionsCB, &walkData, FUNCTIONSONLY | SKIPFUNCLETS | LIGHTUNWIND); - if (action == SWA_ABORT) - { - if (ppFunc != NULL) - *ppFunc = walkData.pFunction; - if (ppObj != NULL) - { - *ppObj = walkData.pSecurityObject; - if (ppAppDomain != NULL) - *ppAppDomain = walkData.pSecurityObjectAppDomain; - } - return TRUE; - } - else - { - return FALSE; - } -} - - - - - - - - - - - - - - - - - - - - - - - -// ------------------------------------------------------------------------------- -// -// CountOverridesStackWalk -// -// ------------------------------------------------------------------------------- - -class CountOverridesStackWalk -{ -public: - DWORD numOverrides; // Can be removed - DWORD numAsserts; // Can be removed - DWORD numDomainOverrides; - DWORD numDomainAsserts; - AppDomain* prev_AppDomain; - Frame* pCtxTxFrame; - DWORD adStackIndex; - - CountOverridesStackWalk() - { - LIMITED_METHOD_CONTRACT; - numOverrides = 0; - numAsserts = 0; - numDomainAsserts = 0; - numDomainOverrides = 0; - prev_AppDomain = NULL; - pCtxTxFrame = NULL; - GetThread()->InitDomainIteration(&adStackIndex); - } - bool IsSpecialRunFrame(MethodDesc* pMeth) - { - return SecurityStackWalk::IsSpecialRunFrame(pMeth); - } -}; - -static -StackWalkAction UpdateOverridesCountCB(CrawlFrame* pCf, void *pData) -{ - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - } CONTRACTL_END; - - DBG_TRACE_METHOD(pCf); - - CountOverridesStackWalk *pCBdata = static_cast(pData); - - - // First check if the walk has skipped the required frames. The check - // here is between the address of a local variable (the stack mark) and a - // pointer to the EIP for a frame (which is actually the pointer to the - // return address to the function from the previous frame). So we'll - // actually notice which frame the stack mark was in one frame later. This - // is fine for our purposes since we're always looking for the frame of the - // caller (or the caller's caller) of the method that actually created the - // stack mark. - -#ifdef FEATURE_REMOTING -#ifdef FEATURE_COMPRESSEDSTACK - - // Save the CtxTxFrame if this is one - if (pCBdata->pCtxTxFrame == NULL) - { - Frame *pFrame = pCf->GetFrame(); - if (SecurityStackWalk::IsContextTransitionFrameWithCS(pFrame)) - { - pCBdata->pCtxTxFrame = pFrame; - } - } -#endif // #ifdef FEATURE_COMPRESSEDSTACK -#endif // FEATURE_REMOTING - MethodDesc* pMeth = pCf->GetFunction(); - if (pMeth == NULL || pMeth->IsILStub()) - return SWA_CONTINUE; // not a function frame and not a security stub. - // Since we were just looking for CtxTransitionFrames, resume the stackwalk... - - - - - AppDomain* pAppDomain = pCf->GetAppDomain(); - if (pCBdata->prev_AppDomain == NULL) - { - pCBdata->prev_AppDomain = pAppDomain; //innermost AD - } - else if (pCBdata->prev_AppDomain != pAppDomain) - { - // AppDomain Transition - // Update the values in the ADStack for the current AD - Thread *t = GetThread(); - t->GetNextDomainOnStack(&pCBdata->adStackIndex, NULL, NULL); - t->UpdateDomainOnStack(pCBdata->adStackIndex, pCBdata->numDomainAsserts, pCBdata->numDomainOverrides); - - // Update CBdata values - pCBdata->numAsserts+= pCBdata->numDomainAsserts; - pCBdata->numOverrides += pCBdata->numDomainOverrides; - pCBdata->numDomainAsserts = 0; - pCBdata->numDomainOverrides = 0; - pCBdata->prev_AppDomain = pAppDomain; - - } - // Get the security object for this function... - OBJECTREF* pRefSecDesc = pCf->GetAddrOfSecurityObject(); - if (pRefSecDesc != NULL) - { - SecurityDeclarative::DoDeclarativeSecurityAtStackWalk(pMeth, pAppDomain, pRefSecDesc); - FRAMESECDESCREF refFSD = *((FRAMESECDESCREF*)pRefSecDesc); - if (refFSD != NULL) - { - - INT32 ret = refFSD->GetOverridesCount(); - pCBdata->numDomainAsserts+= refFSD->GetAssertCount(); - - if (ret > 0) - { - DBG_TRACE_STACKWALK(" SecurityDescriptor with overrides FOUND.\n", false); - pCBdata->numDomainOverrides += ret; - } - else - { - DBG_TRACE_STACKWALK(" SecurityDescriptor with no override found.\n", false); - } - } - - } - -#ifdef FEATURE_COMPRESSEDSTACK - if(SecurityStackWalk::MethodIsAnonymouslyHostedDynamicMethodWithCSToEvaluate(pMeth)) - { - pCBdata->numDomainAsserts++; - pCBdata->numDomainOverrides++; - } -#endif // FEATURE_COMPRESSEDSTACK - - // If this is a *.Run method, - // or if it has a CompressedStack then we need to terminate the stackwalk - if (pCBdata->IsSpecialRunFrame(pMeth)) - { - DBG_TRACE_STACKWALK(" Halting stackwalk for .Run.\n", false); - return SWA_ABORT; - } - - return SWA_CONTINUE; -} - -VOID SecurityStackWalk::UpdateOverridesCount() -{ - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - } CONTRACTL_END; - - // - // Initialize the callback data on the stack. - // - - CountOverridesStackWalk walkData; - - // Get the current thread that we're to walk. - Thread * t = GetThread(); - - - // Don't allow recursive security stackwalks. Note that this implies that - // *no* untrusted code must ever be called during a security stackwalk. - if (t->IsSecurityStackwalkInProgess()) - return; - - EX_TRY - { - t->SetSecurityStackwalkInProgress( TRUE ); - - // - // Begin the stack walk - // - DBG_TRACE_STACKWALK(" Update Overrides Count invoked .\n", false); - // LIGHTUNWIND flag: allow using stackwalk cache for security stackwalks - t->StackWalkFrames(UpdateOverridesCountCB, &walkData, SKIPFUNCLETS | LIGHTUNWIND); -#ifdef FEATURE_COMPRESSEDSTACK - COMPRESSEDSTACKREF csRef = (COMPRESSEDSTACKREF)t->GetCompressedStack(); - - // There may have been an AD transition and we shd look at the CB data to see if this is the case - if (csRef == NULL && walkData.pCtxTxFrame != NULL) - { - csRef = SecurityStackWalk::GetCSFromContextTransitionFrame(walkData.pCtxTxFrame); - } - - // Use CS if found - if (csRef != NULL) - { - - walkData.numDomainOverrides += StackCompressor::GetCSInnerAppDomainOverridesCount(csRef); - walkData.numDomainAsserts += StackCompressor::GetCSInnerAppDomainAssertCount(csRef); - } -#endif // #ifdef FEATURE_COMPRESSEDSTACK - t->GetNextDomainOnStack(&walkData.adStackIndex, NULL, NULL); - t->UpdateDomainOnStack(walkData.adStackIndex, walkData.numDomainAsserts, walkData.numDomainOverrides); - walkData.numAsserts += walkData.numDomainAsserts; - walkData.numOverrides += walkData.numDomainOverrides; - - t->SetSecurityStackwalkInProgress( FALSE ); - } - EX_CATCH - { - // We catch exceptions and rethrow like this to ensure that we've - // established an exception handler on the fs:[0] chain (managed - // exception handlers won't do this). This in turn guarantees that - // managed exception filters in any of our callers won't be found, - // otherwise they could get to execute untrusted code with security - // turned off. - t->SetSecurityStackwalkInProgress( FALSE ); - - EX_RETHROW; - } - EX_END_CATCH_UNREACHABLE - - - - -} - - - - - - - - - - - - - - - - - - - - - - - - - - - -// ------------------------------------------------------------------------------- -// -// COMCodeAccessSecurityEngine -// -// ------------------------------------------------------------------------------- -#ifdef FEATURE_COMPRESSEDSTACK -COMPRESSEDSTACKREF SecurityStackWalk::GetCSFromContextTransitionFrame(Frame *pFrame) -{ - CONTRACTL - { - NOTHROW; - GC_NOTRIGGER; - SO_TOLERANT; - MODE_COOPERATIVE; - } - CONTRACTL_END; - EXECUTIONCONTEXTREF ecRef = NULL; - - if (pFrame != NULL) - ecRef = (EXECUTIONCONTEXTREF)pFrame->GetReturnExecutionContext(); - if (ecRef != NULL) - return (ecRef->GetCompressedStack()); - - return NULL; -} - -#endif // #ifdef FEATURE_COMPRESSEDSTACK - -//-----------------------------------------------------------+ -// Helper used to check a demand set against a provided grant -// and possibly denied set. Grant and denied set might be from -// another domain. -//-----------------------------------------------------------+ -void SecurityStackWalk::CheckSetHelper(OBJECTREF *prefDemand, - OBJECTREF *prefGrant, - OBJECTREF *prefRefused, - AppDomain *pGrantDomain, - MethodDesc *pMethod, - OBJECTREF *pAssembly, - CorDeclSecurity action) -{ - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - PRECONDITION(IsProtectedByGCFrame (prefDemand)); - PRECONDITION(IsProtectedByGCFrame (prefGrant)); - PRECONDITION(IsProtectedByGCFrame (prefRefused)); - PRECONDITION(IsProtectedByGCFrame (pAssembly)); - } CONTRACTL_END; - - // We might need to marshal the grant and denied sets into the current - // domain. -#ifndef FEATURE_CORECLR // should not happen in core clr - if (pGrantDomain != GetAppDomain()) - { - *prefGrant = AppDomainHelper::CrossContextCopyFrom(pGrantDomain, prefGrant); - if (*prefRefused != NULL) - *prefRefused = AppDomainHelper::CrossContextCopyFrom(pGrantDomain, prefRefused); - } -#else - _ASSERTE(pGrantDomain == GetAppDomain()); -#endif - MethodDescCallSite checkSetHelper(METHOD__SECURITY_ENGINE__CHECK_SET_HELPER); - - ARG_SLOT args[] = { - ObjToArgSlot(NULL), - ObjToArgSlot(*prefGrant), - ObjToArgSlot(*prefRefused), - ObjToArgSlot(*prefDemand), - PtrToArgSlot(pMethod), - ObjToArgSlot(*pAssembly), - (ARG_SLOT)action - }; - - checkSetHelper.Call(args); -} - - - - - -FCIMPL0(FC_BOOL_RET, SecurityStackWalk::FCallQuickCheckForAllDemands) -{ - FCALL_CONTRACT; - // This function collides with SecurityPolicy::IsDefaultThreadSecurityInfo - FCUnique(0x17); - FC_RETURN_BOOL(QuickCheckForAllDemands(0)); - -} -FCIMPLEND - -FCIMPL0(FC_BOOL_RET, SecurityStackWalk::FCallAllDomainsHomogeneousWithNoStackModifiers) -{ - FCALL_CONTRACT; - - Thread* t = GetThread(); - FC_RETURN_BOOL(t->AllDomainsHomogeneousWithNoStackModifiers()); - -} -FCIMPLEND - -//----------------------------------------------------------- -// Native implementation for code-access security check. -// Checks that callers on the stack have the permission -// specified in the arguments or checks for unrestricted -// access if the permission is null. -//----------------------------------------------------------- -FCIMPL3(void, SecurityStackWalk::Check, Object* permOrPermSetUNSAFE, StackCrawlMark* stackMark, CLR_BOOL isPermSet) -{ - FCALL_CONTRACT; - - if (QuickCheckForAllDemands(0)) - return; - - FC_INNER_RETURN_VOID(CheckFramed(permOrPermSetUNSAFE, stackMark, isPermSet)); -} -FCIMPLEND - -NOINLINE void SecurityStackWalk::CheckFramed(Object* permOrPermSetUNSAFE, - StackCrawlMark* stackMark, - CLR_BOOL isPermSet) -{ - CONTRACTL { - THROWS; - DISABLED(GC_TRIGGERS); // FCALLS with HELPER frames have issues with GC_TRIGGERS - MODE_COOPERATIVE; - SO_TOLERANT; - } CONTRACTL_END; - - FC_INNER_PROLOG(SecurityStackWalk::Check); - - OBJECTREF permOrPermSet = (OBJECTREF) permOrPermSetUNSAFE; - HELPER_METHOD_FRAME_BEGIN_ATTRIB_1(Frame::FRAME_ATTR_CAPTURE_DEPTH_2, permOrPermSet); - - Check_PLS_SW(isPermSet, SSWT_IMPERATIVE_DEMAND, &permOrPermSet, stackMark); - - HELPER_METHOD_FRAME_END(); - FC_INNER_EPILOG(); -} - - -void SecurityStackWalk::Check_PLS_SW(BOOL isPermSet, - SecurityStackWalkType eType, - OBJECTREF* permOrPermSet, - StackCrawlMark* stackMark) -{ - - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - } CONTRACTL_END; - - if (!PreCheck(permOrPermSet, isPermSet)) - { - Check_StackWalk(eType, permOrPermSet, stackMark, isPermSet); - } -} -void SecurityStackWalk::Check_PLS_SW_GC( BOOL isPermSet, - SecurityStackWalkType eType, - OBJECTREF permOrPermSet, - StackCrawlMark* stackMark) -{ - CONTRACTL - { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - } - CONTRACTL_END; - GCPROTECT_BEGIN(permOrPermSet); - Check_PLS_SW(isPermSet, eType, &permOrPermSet, stackMark); - GCPROTECT_END(); -} - -void SecurityStackWalk::Check_StackWalk(SecurityStackWalkType eType, - OBJECTREF* pPermOrPermSet, - StackCrawlMark* stackMark, - BOOL isPermSet) -{ - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - PRECONDITION(*pPermOrPermSet != NULL); - } CONTRACTL_END; - -#if defined(ENABLE_PERF_COUNTERS) - // Perf Counter "%Time in Runtime check" support - PERF_COUNTER_TIMER_PRECISION _startPerfCounterTimer = GET_CYCLE_COUNT(); -#endif - - if (GetThread()->GetOverridesCount() != 0) - { - // First let's make sure the overrides count is OK. - UpdateOverridesCount(); - // Once the overrides count has been fixes, let's see if we really need to stackwalk - // This is an additional cost if we do need to walk, but can remove an unnecessary SW otherwise. - // Pick your poison. - if (QuickCheckForAllDemands(0)) - return; // - } - // Initialize callback data. - DWORD dwFlags = 0; - DWORD demandFlags = GetPermissionSpecialFlags(pPermOrPermSet); - - DemandStackWalk walkData(eType, dwFlags, stackMark, (isPermSet?DemandStackWalk::DT_SET:DemandStackWalk::DT_PERMISSION), demandFlags); - walkData.m_objects.SetObject(*pPermOrPermSet); - - // Protect the object references in the callback data. - GCPROTECT_BEGIN(walkData.m_objects.m_sGC); - - walkData.DoStackWalk(); - - GCPROTECT_END(); - -#if defined(ENABLE_PERF_COUNTERS) - // Accumulate the counter - PERF_COUNTER_TIMER_PRECISION _stopPerfCounterTimer = GET_CYCLE_COUNT(); - g_TotalTimeInSecurityRuntimeChecks += _stopPerfCounterTimer - _startPerfCounterTimer; - - // Report the accumulated counter only after NUM_OF_TERATIONS - if (g_SecurityChecksIterations++ > PERF_COUNTER_NUM_OF_ITERATIONS) - { - GetPerfCounters().m_Security.timeRTchecks = static_cast(g_TotalTimeInSecurityRuntimeChecks); - GetPerfCounters().m_Security.timeRTchecksBase = static_cast(_stopPerfCounterTimer - g_LastTimeInSecurityRuntimeChecks); - - g_TotalTimeInSecurityRuntimeChecks = 0; - g_LastTimeInSecurityRuntimeChecks = _stopPerfCounterTimer; - g_SecurityChecksIterations = 0; - } -#endif // #if defined(ENABLE_PERF_COUNTERS) -} - -FCIMPL3(void, SecurityStackWalk::GetZoneAndOrigin, Object* pZoneListUNSAFE, Object* pOriginListUNSAFE, StackCrawlMark* stackMark) -{ - FCALL_CONTRACT; - - OBJECTREF zoneList = (OBJECTREF) pZoneListUNSAFE; - OBJECTREF originList = (OBJECTREF) pOriginListUNSAFE; - HELPER_METHOD_FRAME_BEGIN_2(zoneList, originList); - - // Initialize callback data. - DWORD dwFlags = 0; - DemandStackWalk walkData(SSWT_GET_ZONE_AND_URL, dwFlags, stackMark, DemandStackWalk::DT_ZONE_AND_URL, 0); - walkData.m_objects.SetObjects(zoneList, originList); - - GCPROTECT_BEGIN(walkData.m_objects.m_sGC); - - walkData.DoStackWalk(); - - GCPROTECT_END(); - - HELPER_METHOD_FRAME_END(); -} -FCIMPLEND - - -#ifdef FEATURE_COMPRESSEDSTACK -FCIMPL1(VOID, SecurityStackWalk::FcallDestroyDelayedCompressedStack, void *compressedStack) -{ - FCALL_CONTRACT; - - HELPER_METHOD_FRAME_BEGIN_0(); - - StackCompressor::Destroy(compressedStack); - - HELPER_METHOD_FRAME_END(); -} -FCIMPLEND -#endif // FEATURE_COMPRESSEDSTACK -// -// This method checks a few special demands in case we can -// avoid looking at the real PLS object. -// - -DWORD SecurityStackWalk::GetPermissionSpecialFlags (OBJECTREF* orDemand) -{ - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - INJECT_FAULT(COMPlusThrowOM();); - } CONTRACTL_END; - - MethodTable* pMethPermissionSet = MscorlibBinder::GetClass(CLASS__PERMISSION_SET); - MethodTable* pMethNamedPermissionSet = MscorlibBinder::GetClass(CLASS__NAMEDPERMISSION_SET); - MethodTable* pMethReflectionPermission = MscorlibBinder::GetClass(CLASS__REFLECTION_PERMISSION); - MethodTable* pMethSecurityPermission = MscorlibBinder::GetClass(CLASS__SECURITY_PERMISSION); - - DWORD dwSecurityPermissionFlags = 0, dwReflectionPermissionFlags = 0; - MethodTable* pMeth = (*orDemand)->GetMethodTable(); - if (pMeth == pMethPermissionSet || pMeth == pMethNamedPermissionSet) { - // NamedPermissionSet derives from PermissionSet and we're interested only - // in the fields in PermissionSet: so it's OK to cast to the unmanaged - // equivalent of PermissionSet even for a NamedPermissionSet object - PERMISSIONSETREF permSet = (PERMISSIONSETREF) *orDemand; - - if (permSet->IsUnrestricted()) { - return (1 << SECURITY_FULL_TRUST); - } - TOKENBASEDSETREF tokenBasedSet = (TOKENBASEDSETREF) permSet->GetTokenBasedSet(); - if (tokenBasedSet != NULL && tokenBasedSet->GetNumElements() == 1 && tokenBasedSet->GetPermSet() != NULL) { - pMeth = (tokenBasedSet->GetPermSet())->GetMethodTable(); - - if (pMeth == pMethReflectionPermission) { - dwReflectionPermissionFlags = ((REFLECTIONPERMISSIONREF) tokenBasedSet->GetPermSet())->GetFlags(); - } - else if (pMeth == pMethSecurityPermission) { - dwSecurityPermissionFlags = ((SECURITYPERMISSIONREF) tokenBasedSet->GetPermSet())->GetFlags(); - } - } - } - else { - if (pMeth == pMethReflectionPermission) - dwReflectionPermissionFlags = ((REFLECTIONPERMISSIONREF) (*orDemand))->GetFlags(); - else if (pMeth == pMethSecurityPermission) - dwSecurityPermissionFlags = ((SECURITYPERMISSIONREF) (*orDemand))->GetFlags(); - } - - if (pMeth == pMethReflectionPermission) { - switch (dwReflectionPermissionFlags) { - case REFLECTION_PERMISSION_TYPEINFO: - return (1 << REFLECTION_TYPE_INFO); - case REFLECTION_PERMISSION_MEMBERACCESS: - return (1 << REFLECTION_MEMBER_ACCESS); - case REFLECTION_PERMISSION_RESTRICTEDMEMBERACCESS: - return (1 << REFLECTION_RESTRICTED_MEMBER_ACCESS); - default: - return 0; // There is no mapping for this reflection permission flag - } - } else if (pMeth == pMethSecurityPermission) { - switch (dwSecurityPermissionFlags) { - case SECURITY_PERMISSION_ASSERTION: - return (1 << SECURITY_ASSERT); - case SECURITY_PERMISSION_UNMANAGEDCODE: - return (1 << SECURITY_UNMANAGED_CODE); - case SECURITY_PERMISSION_SKIPVERIFICATION: - return (1 << SECURITY_SKIP_VER); - case SECURITY_PERMISSION_SERIALIZATIONFORMATTER: - return (1 << SECURITY_SERIALIZATION); - case SECURITY_PERMISSION_BINDINGREDIRECTS: - return (1 << SECURITY_BINDING_REDIRECTS); - case SECURITY_PERMISSION_CONTROLEVIDENCE: - return (1 << SECURITY_CONTROL_EVIDENCE); - case SECURITY_PERMISSION_CONTROLPRINCIPAL: - return (1 << SECURITY_CONTROL_PRINCIPAL); - default: - return 0; // There is no mapping for this security permission flag - } - } - - // We couldn't find an exact match for the permission, so we'll just return no flags. - return 0; -} - -// check is a stackwalk is needed to evaluate the demand -BOOL SecurityStackWalk::PreCheck (OBJECTREF* orDemand, BOOL fDemandSet) -{ - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - } CONTRACTL_END; - - // Track perfmon counters. Runtime security checks. - IncrementSecurityPerfCounter(); - - Thread* pThread = GetThread(); - // The PLS optimization does not support overrides. - if (pThread->GetOverridesCount() > 0) - return FALSE; - - DWORD dwDemandSpecialFlags = GetPermissionSpecialFlags(orDemand); - - // If we were able to map the demand to an exact permission special flag, and we know that all code on - // this stack has been granted that permission, then we can take the fast path and allow the demand to - // succeed. - if (dwDemandSpecialFlags != 0) - { - return SecurityStackWalk::HasFlagsOrFullyTrustedIgnoreMode(dwDemandSpecialFlags); - } - -#ifdef FEATURE_PLS - // If we know there is only one AppDomain, then there is - // no need to walk the AppDomainStack structure. - if (pThread->GetNumAppDomainsOnThread() == 1) - { - ApplicationSecurityDescriptor* pASD = static_cast(GetAppDomain()->GetSecurityDescriptor()); - return pASD->CheckPLS(orDemand, dwDemandSpecialFlags, fDemandSet); - } - - // Walk all AppDomains in the stack and check the PLS on each one of them - DWORD dwAppDomainIndex = 0; - pThread->InitDomainIteration(&dwAppDomainIndex); - _ASSERT(SystemDomain::System() && "SystemDomain not yet created!"); - while (dwAppDomainIndex != 0) { - AppDomainFromIDHolder appDomain(pThread->GetNextDomainOnStack(&dwAppDomainIndex, NULL, NULL), FALSE); - if (appDomain.IsUnloaded()) - // appdomain has been unloaded, so we can just continue on the loop - continue; - - ApplicationSecurityDescriptor* pAppSecDesc = static_cast(appDomain->GetSecurityDescriptor()); - appDomain.Release(); - - if (!pAppSecDesc->CheckPLS(orDemand, dwDemandSpecialFlags, fDemandSet)) - return FALSE; - } - return TRUE; -#else - return FALSE; -#endif // FEATURE_PLS -} - -//-----------------------------------------------------------+ -// Unmanaged version of CodeAccessSecurityEngine.Demand() in BCL -// Any change there may have to be propagated here -// This call has to be virtual, unlike DemandSet -//-----------------------------------------------------------+ -void -SecurityStackWalk::Demand(SecurityStackWalkType eType, OBJECTREF demand) -{ - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - } CONTRACTL_END; - - if (QuickCheckForAllDemands(0)) - return; - - Check_PLS_SW_GC(FALSE, eType, demand, NULL); -} - -// -// Demand which succeeds if either a demand for a single well known permission or restricted member access is -// granted and a demand for the permission set of the target of a reflection operation would have suceeded. -// -// Arguments: -// dwPermission - Permission input to the demand (See SecurityPolicy.h) -// psdTarget - Security descriptor for the target assembly -// -// Return Value: -// None, a SecurityException is thrown if the demands fail. -// -// Notes: -// This is used by Reflection to implement partial trust reflection, where demands should succeed if either -// a single permission demand, such as MemberAccess, would succeed for compatibility reasons, or if a -// demand for the permission set of the target assembly would succeed. -// -// The intent is to allow reflection in partial trust when reflecting within the same permission set. Note -// that this is inexact, since in the face of RequestRefuse, the target assembly may fail the demand even -// within the same permission set. - -// static -void SecurityStackWalk::ReflectionTargetDemand(DWORD dwPermission, - AssemblySecurityDescriptor *psdTarget) -{ - CONTRACTL - { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - PRECONDITION(dwPermission != 0); - PRECONDITION(CheckPointer(psdTarget)); - } - CONTRACTL_END; - - // If everybody on the stack has the special permission, the disjunctive demand will succeed. - if (QuickCheckForAllDemands(1 << dwPermission)) - return; - - // In the simple sandbox case, we know the disjunctive demand will succeed if: - // * we are granted restricted member access - // * we are not reflecting on a FullTrust assembly - // * every other AppDomain in the call stack is fully trusted - Thread *pCurrentThread = GetThread(); - AppDomainStack appDomains = pCurrentThread->GetAppDomainStack(); - - if (QuickCheckForAllDemands(1 << REFLECTION_RESTRICTED_MEMBER_ACCESS) && - !psdTarget->IsFullyTrusted() && - pCurrentThread->GetDomain()->GetSecurityDescriptor()->IsHomogeneous() && - !pCurrentThread->GetDomain()->GetSecurityDescriptor()->ContainsAnyRefusedPermissions() && - appDomains.GetOverridesCount() == 0) - { - DWORD dwCurrentDomain; - appDomains.InitDomainIteration(&dwCurrentDomain); - - bool fFullTrustStack = true; - while (dwCurrentDomain != 0 && fFullTrustStack) - { - AppDomainStackEntry *pCurrentDomain = appDomains.GetNextDomainEntryOnStack(&dwCurrentDomain); - fFullTrustStack = pCurrentDomain->m_domainID == pCurrentThread->GetDomain()->GetId() || - pCurrentDomain->IsFullyTrustedWithNoStackModifiers(); - } - - if (fFullTrustStack) - return; - } - - OBJECTREF objTargetRefusedSet; - OBJECTREF objTargetGrantSet = psdTarget->GetGrantedPermissionSet(&objTargetRefusedSet); - - GCPROTECT_BEGIN(objTargetGrantSet); - - MethodDescCallSite reflectionTargetDemandHelper(METHOD__SECURITY_ENGINE__REFLECTION_TARGET_DEMAND_HELPER); - ARG_SLOT ilargs[] = - { - static_cast(dwPermission), - ObjToArgSlot(objTargetGrantSet) - }; - - reflectionTargetDemandHelper.Call(ilargs); - - GCPROTECT_END(); -} - -// -// Similar to a standard refelection target demand, however the demand is done against a captured compressed -// stack instead of the current callstack -// -// Arguments: -// dwPermission - Permission input to the demand (See SecurityPolicy.h) -// psdTarget - Security descriptor for the target assembly -// securityContext - Compressed stack to perform the demand against -// -// Return Value: -// None, a SecurityException is thrown if the demands fail. -// - -// static -void SecurityStackWalk::ReflectionTargetDemand(DWORD dwPermission, - AssemblySecurityDescriptor *psdTarget, - DynamicResolver * pAccessContext) -{ - CONTRACTL - { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - PRECONDITION(dwPermission >= 0 && dwPermission < 32); - PRECONDITION(CheckPointer(psdTarget)); - } - CONTRACTL_END; - - struct - { - OBJECTREF objTargetRefusedSet; - OBJECTREF objTargetGrantSet; - OBJECTREF objAccessContextObject; - } gc; - ZeroMemory(&gc, sizeof(gc)); - - GCPROTECT_BEGIN(gc); - - gc.objTargetGrantSet = psdTarget->GetGrantedPermissionSet(&(gc.objTargetRefusedSet)); - - _ASSERTE(pAccessContext->GetDynamicMethod()->IsLCGMethod()); - gc.objAccessContextObject = ((LCGMethodResolver *)pAccessContext)->GetManagedResolver(); - - MethodDescCallSite reflectionTargetDemandHelper(METHOD__SECURITY_ENGINE__REFLECTION_TARGET_DEMAND_HELPER_WITH_CONTEXT); - ARG_SLOT ilargs[] = - { - static_cast(dwPermission), - ObjToArgSlot(gc.objTargetGrantSet), - ObjToArgSlot(gc.objAccessContextObject) - }; - - reflectionTargetDemandHelper.Call(ilargs); - - GCPROTECT_END(); -} - -//-----------------------------------------------------------+ -// Special case of Demand(). This remembers the result of the -// previous demand, and reuses it if new assemblies have not -// been added since then -//-----------------------------------------------------------+ -void SecurityStackWalk::SpecialDemand(SecurityStackWalkType eType, DWORD whatPermission, StackCrawlMark* stackMark) -{ - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - } CONTRACTL_END; - - if (QuickCheckForAllDemands(1<CheckedForNonCas() && !((PERMISSIONSETREF)demand)->ContainsCas()) - return; - - Check_PLS_SW_GC(TRUE, eType, demand, NULL); -} - -void SecurityStackWalk::DemandSet(SecurityStackWalkType eType, PsetCacheEntry *pPCE, DWORD dwAction) -{ - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - } CONTRACTL_END; - - - // Though the PermissionSet may contain non-CAS permissions, we are considering it as a CAS permission set only - // at this point and so it's safe to check for the FT and if FTmeansFT and return - if (QuickCheckForAllDemands(0)) - return; - - OBJECTREF refPermSet = pPCE->CreateManagedPsetObject (dwAction); - - if(refPermSet != NULL) - { - // Do further checks (PLS/SW) only if this set contains CAS perms - if(((PERMISSIONSETREF)refPermSet)->CheckedForNonCas() && !((PERMISSIONSETREF)refPermSet)->ContainsCas()) - return; - - Check_PLS_SW_GC(TRUE, eType, refPermSet, NULL); - - } -} - -// -// Demand for the grant set of an assembly, without any identity permissions -// -// Arguments: -// psdAssembly - assembly security descriptor to demand the grant set of -// -// Return Value: -// None, a SecurityException is thrown if the demands fail. -// - -// static -void SecurityStackWalk::DemandGrantSet(AssemblySecurityDescriptor *psdAssembly) -{ - CONTRACTL - { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - PRECONDITION(CheckPointer(psdAssembly)); - } - CONTRACTL_END; - - OBJECTREF objRefusedSet; - OBJECTREF objGrantSet = psdAssembly->GetGrantedPermissionSet(&objRefusedSet); - - GCPROTECT_BEGIN(objGrantSet); - - if (OBJECTREFToObject(objGrantSet) != NULL) - { - MethodDescCallSite checkWithoutIdentityPermissions(METHOD__SECURITY_ENGINE__CHECK_GRANT_SET_HELPER); - ARG_SLOT ilargs[] = - { - ObjToArgSlot(objGrantSet) - }; - - checkWithoutIdentityPermissions.Call(ilargs); - } - else - { - // null grant set means full trust (mscorlib or anything created by it) - StackCrawlMark scm = LookForMyCaller; - SpecialDemand(SSWT_IMPERATIVE_DEMAND, SECURITY_FULL_TRUST, &scm); - } - - GCPROTECT_END(); -} - -//-----------------------------------------------------------+ -// L I N K /I N H E R I T A N C E T I M E C H E C K -//-----------------------------------------------------------+ -void SecurityStackWalk::LinkOrInheritanceCheck(IAssemblySecurityDescriptor *pSecDesc, OBJECTREF refDemands, Assembly* pAssembly, CorDeclSecurity action) -{ - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - } CONTRACTL_END; - - // MSCORLIB is not subject to inheritance checks - if (pAssembly->IsSystem()) - return; - - struct _gc { - OBJECTREF refDemands; - OBJECTREF refExposedAssemblyObject; - OBJECTREF refRefused; - OBJECTREF refGranted; - } gc; - ZeroMemory(&gc, sizeof(gc)); - - gc.refDemands = refDemands; - gc.refExposedAssemblyObject = NULL; - - GCPROTECT_BEGIN(gc); - - - OVERRIDE_TYPE_LOAD_LEVEL_LIMIT(CLASS_LOADED); - - // We only do LinkDemands if the assembly is not fully trusted or if the demand contains permissions that don't implement IUnrestricted - if (!pAssembly->GetSecurityDescriptor()->IsFullyTrusted()) - { - if (pAssembly) - gc.refExposedAssemblyObject = pAssembly->GetExposedObject(); - - if (!pSecDesc->IsFullyTrusted()) - { - MethodDescCallSite checkSetHelper(METHOD__SECURITY_ENGINE__CHECK_SET_HELPER); - gc.refGranted = pSecDesc->GetGrantedPermissionSet(&(gc.refRefused)); - ARG_SLOT ilargs[7]; - ilargs[0] = ObjToArgSlot(NULL); - ilargs[1] = ObjToArgSlot(gc.refGranted); - ilargs[2] = ObjToArgSlot(gc.refRefused); - ilargs[3] = ObjToArgSlot(gc.refDemands); - ilargs[4] = PtrToArgSlot(NULL); - ilargs[5] = ObjToArgSlot(gc.refExposedAssemblyObject); - ilargs[6] = (ARG_SLOT)action; - checkSetHelper.Call(ilargs); - } - } - GCPROTECT_END(); -} - - -//-----------------------------------------------------------+ -// S T A C K C O M P R E S S I O N FCALLS -//-----------------------------------------------------------+ - - - -#ifdef FEATURE_COMPRESSEDSTACK -FCIMPL2(Object*, SecurityStackWalk::EcallGetDelayedCompressedStack, StackCrawlMark* stackMark, CLR_BOOL fWalkStack) -{ - FCALL_CONTRACT; - - OBJECTREF rv = NULL; - - // No need to GC-protect stackMark as it a byref on the stack - _ASSERTE(PVOID(stackMark) < GetThread()->GetCachedStackBase() && - PVOID(stackMark) > PVOID(&rv)); - - HELPER_METHOD_FRAME_BEGIN_RET_0(); - - rv = StackCompressor::GetCompressedStack(stackMark, fWalkStack); - - HELPER_METHOD_FRAME_END(); - return OBJECTREFToObject(rv); - -} -FCIMPLEND -#endif // #ifdef FEATURE_COMPRESSEDSTACK - -#ifdef FEATURE_COMPRESSEDSTACK -BOOL SecurityStackWalk::MethodIsAnonymouslyHostedDynamicMethodWithCSToEvaluate(MethodDesc* pMeth) -{ - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_ANY; - } CONTRACTL_END; - - if (!pMeth->IsLCGMethod()) - { - return FALSE; - } - Assembly* pAssembly = pMeth->GetAssembly(); - AppDomain* pAppDomain = GetAppDomain(); - if(pAssembly != NULL && pAppDomain != NULL && pAssembly->GetDomainAssembly(pAppDomain) == pAppDomain->GetAnonymouslyHostedDynamicMethodsAssembly()) - { - GCX_COOP(); - DynamicResolver::SecurityControlFlags dwSecurityFlags = DynamicResolver::Default; - TypeHandle dynamicOwner; // not used - pMeth->AsDynamicMethodDesc()->GetLCGMethodResolver()->GetJitContextCoop(&dwSecurityFlags, &dynamicOwner); - if((dwSecurityFlags & DynamicResolver::CanSkipCSEvaluation) == 0) - { - return TRUE; - } - } - - return FALSE; -} -#endif // FEATURE_COMPRESSEDSTACK diff --git a/src/vm/securitytransparentassembly.cpp b/src/vm/securitytransparentassembly.cpp index 4a23c27..be13cab 100644 --- a/src/vm/securitytransparentassembly.cpp +++ b/src/vm/securitytransparentassembly.cpp @@ -690,11 +690,7 @@ CorInfoIsAccessAllowedResult SecurityTransparent::RequiresTransparentCodeChecks( // Check to see if the callee has a LinkDemand, if so we may need to intercept the call. if (pCalleeMD->RequiresLinktimeCheck()) { - if (pCalleeMD->RequiresLinkTimeCheckHostProtectionOnly() -#ifndef CROSSGEN_COMPILE - && GetHostProtectionManager()->GetProtectedCategories() == eNoChecks -#endif // CROSSGEN_COMPILE - ) + if (pCalleeMD->RequiresLinkTimeCheckHostProtectionOnly()) { // exclude HPA which are marked as LinkDemand and there is no HostProtection enabled currently return CORINFO_ACCESS_ALLOWED; diff --git a/src/vm/stackcompressor.cpp b/src/vm/stackcompressor.cpp deleted file mode 100644 index 01f2a3d..0000000 --- a/src/vm/stackcompressor.cpp +++ /dev/null @@ -1,378 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. -// - - -// - - -#include "common.h" - -#ifdef FEATURE_COMPRESSEDSTACK - -#include "stackcompressor.h" -#include "securitystackwalk.h" -#include "appdomainstack.inl" -#include "comdelegate.h" - -//----------------------------------------------------------- -// Stack walk callback data structure for stack compress. -//----------------------------------------------------------- -typedef struct _StackCompressData -{ - void* compressedStack; - StackCrawlMark * stackMark; - DWORD dwFlags; - Assembly * prevAssembly; // Previously checked assembly. - AppDomain * prevAppDomain; - Frame* pCtxTxFrame; -} StackCompressData; - - -void TurnSecurityStackWalkProgressOn( Thread* pThread ) -{ - WRAPPER_NO_CONTRACT; - pThread->SetSecurityStackwalkInProgress( TRUE ); -} -void TurnSecurityStackWalkProgressOff( Thread* pThread ) -{ - WRAPPER_NO_CONTRACT; - pThread->SetSecurityStackwalkInProgress( FALSE ); -} -typedef Holder< Thread*, TurnSecurityStackWalkProgressOn, TurnSecurityStackWalkProgressOff > StackWalkProgressEnableHolder; - - - -DWORD StackCompressor::GetCSInnerAppDomainOverridesCount(COMPRESSEDSTACKREF csRef) -{ - CONTRACTL - { - NOTHROW; - GC_NOTRIGGER; - SO_TOLERANT; - MODE_COOPERATIVE; - } - CONTRACTL_END; - //csRef can be NULL - that implies that we set the CS, then crossed an AD. So we would already have counted the overrides when we hit the - // ctxTxFrame. Nothing to do here - if (csRef != NULL) - { - NewCompressedStack* cs = (NewCompressedStack*)csRef->GetUnmanagedCompressedStack(); - if (cs != NULL) - return cs->GetInnerAppDomainOverridesCount(); - } - return 0; -} -DWORD StackCompressor::GetCSInnerAppDomainAssertCount(COMPRESSEDSTACKREF csRef) -{ - CONTRACTL - { - NOTHROW; - GC_NOTRIGGER; - SO_TOLERANT; - MODE_COOPERATIVE; - } - CONTRACTL_END; - //csRef can be NULL - that implies that we set the CS, then crossed an AD. So we would already have counted the overrides when we hit the - // ctxTxFrame. Nothing to do here - if (csRef != NULL) - { - NewCompressedStack* cs = (NewCompressedStack*)csRef->GetUnmanagedCompressedStack(); - if (cs != NULL) - return cs->GetInnerAppDomainAssertCount(); - } - return 0; -} - -void* StackCompressor::SetAppDomainStack(Thread* pThread, void* curr) -{ - CONTRACTL - { - MODE_ANY; - GC_NOTRIGGER; - THROWS; - } CONTRACTL_END; - - NewCompressedStack* unmanagedCompressedStack = (NewCompressedStack *)curr; - - AppDomainStack* pRetADStack = NULL; - - if (unmanagedCompressedStack != NULL) - { - pRetADStack = new AppDomainStack(pThread->GetAppDomainStack()); - pThread->SetAppDomainStack(unmanagedCompressedStack->GetAppDomainStack() ); - } - else - { - if (!pThread->IsDefaultSecurityInfo()) /* Do nothing for the single domain/FT/no overrides case */ - { - pRetADStack = new AppDomainStack(pThread->GetAppDomainStack()); - pThread->ResetSecurityInfo(); - } - } - return (void*)pRetADStack; -} - -void StackCompressor::RestoreAppDomainStack(Thread* pThread, void* appDomainStack) -{ - WRAPPER_NO_CONTRACT; - _ASSERTE(appDomainStack != NULL); - AppDomainStack* pADStack = (AppDomainStack*)appDomainStack; - pThread->SetAppDomainStack(*pADStack); - delete pADStack; -} - -void StackCompressor::Destroy(void *stack) -{ - WRAPPER_NO_CONTRACT; - _ASSERTE(stack != NULL && "Don't pass NULL"); - NewCompressedStack* ncs = (NewCompressedStack*)stack; - ncs->Destroy(); -} - - -/* Forward declarations of the new CS stackwalking implementation */ -static void NCS_GetCompressedStackWorker(Thread *t, void *pData); -static StackWalkAction NCS_CompressStackCB(CrawlFrame* pCf, void *pData); - -OBJECTREF StackCompressor::GetCompressedStack( StackCrawlMark* stackMark, BOOL fWalkStack ) -{ - - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - SO_INTOLERANT;// Not an entry point - } CONTRACTL_END; - - // Get the current thread that we're to walk. - Thread * t = GetThread(); - - NewCompressedStackHolder csHolder(new NewCompressedStack()); - - - if (fWalkStack) - { - // - // Initialize the callback data on the stack... - // - - StackCompressData walkData; - - walkData.dwFlags = 0; - walkData.prevAssembly = NULL; - walkData.prevAppDomain = NULL; - walkData.stackMark = stackMark; - walkData.pCtxTxFrame = NULL; - - - walkData.compressedStack = (void*)csHolder.GetValue(); - NCS_GetCompressedStackWorker(t, &walkData); - } - - struct _gc { - SAFEHANDLE pSafeCSHandle; - } gc; - gc.pSafeCSHandle = NULL; - - GCPROTECT_BEGIN(gc); - - gc.pSafeCSHandle = (SAFEHANDLE) AllocateObject(MscorlibBinder::GetClass(CLASS__SAFE_CSHANDLE)); - CallDefaultConstructor(gc.pSafeCSHandle); - gc.pSafeCSHandle->SetHandle((void*) csHolder.GetValue()); - csHolder.SuppressRelease(); - - GCPROTECT_END(); - return (OBJECTREF) gc.pSafeCSHandle; -} - - -void NCS_GetCompressedStackWorker(Thread *t, void *pData) -{ - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - } CONTRACTL_END; - - StackCompressData *pWalkData = (StackCompressData*)pData; - NewCompressedStack* compressedStack = (NewCompressedStack*) pWalkData->compressedStack; - - _ASSERTE( t != NULL ); - - { - StackWalkProgressEnableHolder holder( t ); - - // - // Begin the stack walk... - // - // LIGHTUNWIND flag: allow using stackwalk cache for security stackwalks - // SKIPFUNCLETS flag: stop processing the stack after completing the current funclet (for instance - // only process the catch block on x64, not the throw block) - t->StackWalkFrames(NCS_CompressStackCB, pWalkData, SKIPFUNCLETS | LIGHTUNWIND); - - - // Ignore CS (if present) when we hit a FT assert - if (pWalkData->dwFlags & CORSEC_FT_ASSERT) - return; - - // Check if there is a CS at the top of the thread - COMPRESSEDSTACKREF csRef = (COMPRESSEDSTACKREF)t->GetCompressedStack(); - AppDomain *pAppDomain = t->GetDomain(); - Frame *pFrame = NULL; -#ifdef FEATURE_REMOTING - if (csRef == NULL) - { - // There may have been an AD transition and we shd look at the CB data to see if this is the case - if (pWalkData->pCtxTxFrame != NULL) - { - pFrame = pWalkData->pCtxTxFrame; - csRef = Security::GetCSFromContextTransitionFrame(pFrame); - _ASSERTE(csRef != NULL); //otherwise we would not have saved the frame in the CB data - pAppDomain = pWalkData->pCtxTxFrame->GetReturnDomain(); - } - } -#endif // FEATURE_REMOTING - - if (csRef != NULL) - { - - - compressedStack->ProcessCS(pAppDomain, csRef, pFrame); - } - else - { - compressedStack->ProcessAppDomainTransition(); // just to update domain overrides/assert count at the end of stackwalk - } - - - } - - return; -} - -StackWalkAction NCS_CompressStackCB(CrawlFrame* pCf, void *pData) -{ - CONTRACTL { - THROWS; - GC_TRIGGERS; - MODE_COOPERATIVE; - } CONTRACTL_END; - - StackCompressData *pCBdata = (StackCompressData*)pData; - NewCompressedStack* compressedStack = (NewCompressedStack*) pCBdata->compressedStack; - - // First check if the walk has skipped the required frames. The check - // here is between the address of a local variable (the stack mark) and a - // pointer to the EIP for a frame (which is actually the pointer to the - // return address to the function from the previous frame). So we'll - // actually notice which frame the stack mark was in one frame later. This - // is fine for our purposes since we're always looking for the frame of the - // caller of the method that actually created the stack mark. - _ASSERTE((pCBdata->stackMark == NULL) || (*pCBdata->stackMark == LookForMyCaller)); - if ((pCBdata->stackMark != NULL) && - !pCf->IsInCalleesFrames(pCBdata->stackMark)) - return SWA_CONTINUE; - - Frame *pFrame = pCf->GetFrame(); - -#ifdef FEATURE_REMOTING - // Save the CtxTxFrame if this is one - if (pCBdata->pCtxTxFrame == NULL) - { - if (Security::IsContextTransitionFrameWithCS(pFrame)) - { - pCBdata->pCtxTxFrame = pFrame; - } - } -#endif // FEATURE_REMOTING - - // Handle AppDomain transitions: - AppDomain *pAppDomain = pCf->GetAppDomain(); - if (pCBdata->prevAppDomain != pAppDomain) - { -#ifndef FEATURE_REMOTING - BOOL bRealAppDomainTransition = (pCBdata->prevAppDomain != NULL); - - // For a "real" appdomain transition, we can stop the stackwalk since there's no managed AD transitions - // without remoting. The "real" here denotes that this is not the first appdomain transition (from NULL to current) - // that happens on the first crawlframe we see on a stackwalk. Also don't do the final ad transition here (that'll happen - // outside the callback) - if (bRealAppDomainTransition) - { - return SWA_ABORT; - } - else -#endif // !FEATURE_REMOTING - { - compressedStack->ProcessAppDomainTransition(); - pCBdata->prevAppDomain = pAppDomain; - } - - } - - - if (pCf->GetFunction() == NULL) - return SWA_CONTINUE; // not a function frame, so we were just looking for CtxTransitionFrames. Resume the stackwalk... - - // Get the security object for this function... - OBJECTREF* pRefSecDesc = pCf->GetAddrOfSecurityObject(); - - MethodDesc * pFunc = pCf->GetFunction(); - - _ASSERTE(pFunc != NULL); // we requested methods! - - Assembly * pAssem = pCf->GetAssembly(); - _ASSERTE(pAssem != NULL); - PREFIX_ASSUME(pAssem != NULL); - - - - - if (pRefSecDesc != NULL) - SecurityDeclarative::DoDeclarativeSecurityAtStackWalk(pFunc, pAppDomain, pRefSecDesc); - - - - if (pFunc->GetMethodTable()->IsDelegate()) - { - DelegateEEClass* delegateCls = (DelegateEEClass*) pFunc->GetMethodTable()->GetClass(); - if (pFunc == delegateCls->m_pBeginInvokeMethod) - { - // Async delegate case: we may need to insert the creator frame into the CS - DELEGATEREF dRef = (DELEGATEREF) ((FramedMethodFrame *)pFrame)->GetThis(); - _ASSERTE(dRef); - if (COMDelegate::IsSecureDelegate(dRef)) - { - if (!dRef->IsWrapperDelegate()) - { - MethodDesc* pCreatorMethod = (MethodDesc*) dRef->GetMethodPtrAux(); - Assembly* pCreatorAssembly = pCreatorMethod->GetAssembly(); - compressedStack->ProcessFrame(pAppDomain, - NULL, - NULL, - pCreatorAssembly->GetSharedSecurityDescriptor(), - NULL) ; // ignore return value - No FSD being passed in. - } - } - - } - } - - - DWORD retFlags = compressedStack->ProcessFrame(pAppDomain, - pAssem, - pFunc, - pAssem->GetSharedSecurityDescriptor(), - (FRAMESECDESCREF *) pRefSecDesc) ; - - pCBdata->dwFlags |= (retFlags & CORSEC_FT_ASSERT); - // ProcessFrame returns TRUE if we should stop stackwalking - if (retFlags != 0 || Security::IsSpecialRunFrame(pFunc)) - return SWA_ABORT; - - return SWA_CONTINUE; - -} -#endif // #ifdef FEATURE_COMPRESSEDSTACK diff --git a/src/vm/stackcompressor.h b/src/vm/stackcompressor.h deleted file mode 100644 index 062d2f4..0000000 --- a/src/vm/stackcompressor.h +++ /dev/null @@ -1,39 +0,0 @@ -// Licensed to the .NET Foundation under one or more agreements. -// The .NET Foundation licenses this file to you under the MIT license. -// See the LICENSE file in the project root for more information. -// - - -// - - -#ifndef __stackcompressor_h__ -#define __stackcompressor_h__ -#ifdef FEATURE_COMPRESSEDSTACK - -#include "common.h" - - -#include "newcompressedstack.h" - -#ifndef DACCESS_COMPILE - -class StackCompressor -{ - -public: - static DWORD StackCompressor::GetCSInnerAppDomainAssertCount(COMPRESSEDSTACKREF csRef); - static DWORD StackCompressor::GetCSInnerAppDomainOverridesCount(COMPRESSEDSTACKREF csRef); - static void* SetAppDomainStack(Thread* pThread, void* curr); - static void RestoreAppDomainStack(Thread* pThread, void* appDomainStack); - - static void Destroy(void *stack); - static OBJECTREF GetCompressedStack( StackCrawlMark* stackMark = NULL, BOOL fWalkStack = TRUE ); - - -}; -#endif // DACCESS_COMPILE -#endif // #ifdef FEATURE_COMPRESSEDSTACK - -#endif // __stackcompressor_h__ - diff --git a/src/vm/vars.cpp b/src/vm/vars.cpp index 2ca77ae..cc1662b 100644 --- a/src/vm/vars.cpp +++ b/src/vm/vars.cpp @@ -151,10 +151,6 @@ OBJECTHANDLE g_pPreallocatedThreadAbortException; OBJECTHANDLE g_pPreallocatedSentinelObject; OBJECTHANDLE g_pPreallocatedBaseException; -#ifdef FEATURE_CAS_POLICY -CertificateCache *g_pCertificateCache = NULL; -#endif - // // // Global System Info diff --git a/src/vm/vars.hpp b/src/vm/vars.hpp index 167d8e0..cad41d7 100644 --- a/src/vm/vars.hpp +++ b/src/vm/vars.hpp @@ -73,10 +73,6 @@ typedef unsigned short wchar_t; #include "eeprofinterfaces.h" #include "eehash.h" -#ifdef FEATURE_CAS_POLICY -#include "certificatecache.h" -#endif - #include "profilepriv.h" class ClassLoader; @@ -493,10 +489,6 @@ typedef DPTR(RCWCleanupList) PTR_RCWCleanupList; GPTR_DECL(RCWCleanupList,g_pRCWCleanupList); #endif // FEATURE_COMINTEROP -#ifdef FEATURE_CAS_POLICY -EXTERN CertificateCache *g_pCertificateCache; -#endif - #ifdef FEATURE_IPCMAN // support for IPCManager typedef DPTR(IPCWriterInterface) PTR_IPCWriterInterface; -- 2.7.4