From 8670ab584a004bc76f0a6edb11ef395cd6c40de6 Mon Sep 17 00:00:00 2001 From: danmosemsft Date: Mon, 23 Jan 2017 09:47:29 -0800 Subject: [PATCH] Remove disabled FEATURE_COMPRESSEDSTACK Commit migrated from https://github.com/dotnet/coreclr/commit/b863b4af9fc7eb94138c82801674a98d3e679d7f --- src/coreclr/clr.defines.targets | 2 - src/coreclr/clr.desktop.props | 1 - .../System/Reflection/Emit/DynamicILGenerator.cs | 17 - .../src/System/Reflection/Emit/DynamicMethod.cs | 6 - .../src/mscorlib/src/System/RuntimeHandles.cs | 3 - .../System/Security/CodeAccessSecurityEngine.cs | 33 -- .../src/System/Security/FrameSecurityDescriptor.cs | 16 - .../src/System/Security/PermissionListSet.cs | 170 -------- .../src/System/Security/SecurityContext.cs | 433 --------------------- .../src/System/Security/SecurityRuntime.cs | 38 -- .../src/mscorlib/src/System/Threading/Thread.cs | 23 -- 11 files changed, 742 deletions(-) diff --git a/src/coreclr/clr.defines.targets b/src/coreclr/clr.defines.targets index 3d7b800..f02b96d 100644 --- a/src/coreclr/clr.defines.targets +++ b/src/coreclr/clr.defines.targets @@ -22,7 +22,6 @@ $(CDefines);FEATURE_COMINTEROP_TLB_SUPPORT $(CDefines);FEATURE_COMINTEROP_UNMANAGED_ACTIVATION $(CDefines);FEATURE_COMINTEROP_WINRT_MANAGED_ACTIVATION - $(CDefines);FEATURE_COMPRESSEDSTACK $(CDefines);FEATURE_COREFX_GLOBALIZATION $(CDefines);FEATURE_CRYPTO $(CDefines);FEATURE_DBGIPC_TRANSPORT_DI @@ -119,7 +118,6 @@ $(DefineConstants);FEATURE_COMINTEROP_APARTMENT_SUPPORT $(DefineConstants);FEATURE_COMINTEROP_UNMANAGED_ACTIVATION $(DefineConstants);FEATURE_COMINTEROP_WINRT_MANAGED_ACTIVATION - $(DefineConstants);FEATURE_COMPRESSEDSTACK $(DefineConstants);FEATURE_COREFX_GLOBALIZATION $(DefineConstants);FEATURE_CRYPTO $(DefineConstants);FEATURE_DISPLAY_CULTURE_INFO diff --git a/src/coreclr/clr.desktop.props b/src/coreclr/clr.desktop.props index bebc100..c773599 100644 --- a/src/coreclr/clr.desktop.props +++ b/src/coreclr/clr.desktop.props @@ -20,7 +20,6 @@ true true true - true true true true diff --git a/src/coreclr/src/mscorlib/src/System/Reflection/Emit/DynamicILGenerator.cs b/src/coreclr/src/mscorlib/src/System/Reflection/Emit/DynamicILGenerator.cs index ed3ab07..84994ae 100644 --- a/src/coreclr/src/mscorlib/src/System/Reflection/Emit/DynamicILGenerator.cs +++ b/src/coreclr/src/mscorlib/src/System/Reflection/Emit/DynamicILGenerator.cs @@ -807,17 +807,6 @@ namespace System.Reflection.Emit typeOwner = m_method.m_typeOwner; -#if FEATURE_COMPRESSEDSTACK - if (m_method.m_creationContext != null) - { - flags |= SecurityControlFlags.HasCreationContext; - if(m_method.m_creationContext.CanSkipEvaluation) - { - flags |= SecurityControlFlags.CanSkipCSEvaluation; - } - } - -#endif // FEATURE_COMPRESSEDSTACK securityControlFlags = (int)flags; @@ -900,12 +889,6 @@ namespace System.Reflection.Emit internal override String GetStringLiteral(int token) { return m_scope.GetString(token); } -#if FEATURE_COMPRESSEDSTACK - internal override CompressedStack GetSecurityContext() - { - return m_method.m_creationContext; - } -#endif // FEATURE_COMPRESSEDSTACK internal override void ResolveToken(int token, out IntPtr typeHandle, out IntPtr methodHandle, out IntPtr fieldHandle) { diff --git a/src/coreclr/src/mscorlib/src/System/Reflection/Emit/DynamicMethod.cs b/src/coreclr/src/mscorlib/src/System/Reflection/Emit/DynamicMethod.cs index 1b8c97d..7af6ff3 100644 --- a/src/coreclr/src/mscorlib/src/System/Reflection/Emit/DynamicMethod.cs +++ b/src/coreclr/src/mscorlib/src/System/Reflection/Emit/DynamicMethod.cs @@ -58,9 +58,6 @@ namespace System.Reflection.Emit // We capture the creation context so that we can do the checks against the same context, // irrespective of when the method gets compiled. Note that the DynamicMethod does not know when // it is ready for use since there is not API which indictates that IL generation has completed. -#if FEATURE_COMPRESSEDSTACK - internal CompressedStack m_creationContext; -#endif // FEATURE_COMPRESSEDSTACK private static volatile InternalModuleBuilder s_anonymouslyHostedDynamicMethodsModule; private static readonly object s_anonymouslyHostedDynamicMethodsModuleLock = new object(); @@ -330,9 +327,6 @@ namespace System.Reflection.Emit m_restrictedSkipVisibility = true; } -#if FEATURE_COMPRESSEDSTACK - m_creationContext = CompressedStack.Capture(); -#endif // FEATURE_COMPRESSEDSTACK } else { diff --git a/src/coreclr/src/mscorlib/src/System/RuntimeHandles.cs b/src/coreclr/src/mscorlib/src/System/RuntimeHandles.cs index a47ebc3..2938dd0 100644 --- a/src/coreclr/src/mscorlib/src/System/RuntimeHandles.cs +++ b/src/coreclr/src/mscorlib/src/System/RuntimeHandles.cs @@ -1836,9 +1836,6 @@ namespace System internal abstract byte[] ResolveSignature(int token, int fromMethod); // internal abstract MethodInfo GetDynamicMethod(); -#if FEATURE_COMPRESSEDSTACK - internal abstract CompressedStack GetSecurityContext(); -#endif } } diff --git a/src/coreclr/src/mscorlib/src/System/Security/CodeAccessSecurityEngine.cs b/src/coreclr/src/mscorlib/src/System/Security/CodeAccessSecurityEngine.cs index d86897c..5324cef 100644 --- a/src/coreclr/src/mscorlib/src/System/Security/CodeAccessSecurityEngine.cs +++ b/src/coreclr/src/mscorlib/src/System/Security/CodeAccessSecurityEngine.cs @@ -110,21 +110,6 @@ namespace System.Security { } } -#if FEATURE_COMPRESSEDSTACK - internal static void CheckSetHelper(CompressedStack cs, - PermissionSet grants, - PermissionSet refused, - PermissionSet demands, - RuntimeMethodHandleInternal rmh, - RuntimeAssembly asm, - SecurityAction action) - { - if (cs != null) - cs.CheckSetDemand(demands, rmh); - else - CheckSetHelper(grants, refused, demands, rmh, (Object)asm, action, true); - } -#else // FEATURE_COMPRESSEDSTACK #pragma warning disable 618 internal static void CheckSetHelper(Object notUsed, PermissionSet grants, @@ -143,7 +128,6 @@ namespace System.Security { CheckSetHelper(grants, refused, demands, rmh, (Object)asm, action, true); } -#endif // FEATURE_COMPRESSEDSTACK #pragma warning disable 618 internal static bool CheckSetHelper(PermissionSet grants, @@ -207,22 +191,6 @@ namespace System.Security { } return true; } -#if FEATURE_COMPRESSEDSTACK - internal static void CheckHelper(CompressedStack cs, - PermissionSet grantedSet, - PermissionSet refusedSet, - CodeAccessPermission demand, - PermissionToken permToken, - RuntimeMethodHandleInternal rmh, - RuntimeAssembly asm, - SecurityAction action) - { - if (cs != null) - cs.CheckDemand(demand, permToken, rmh); - else - CheckHelper(grantedSet, refusedSet, demand, permToken, rmh, (Object)asm, action, true); - } -#else // FEATURE_COMPRESSEDSTACK #pragma warning disable 618 internal static void CheckHelper(Object notUsed, PermissionSet grantedSet, @@ -240,7 +208,6 @@ namespace System.Security { Debug.Assert(notUsed == null, "Should not reach here with a non-null first arg which is the CompressedStack"); CheckHelper(grantedSet, refusedSet, demand, permToken, rmh, (Object)asm, action, true); } -#endif // FEATURE_COMPRESSEDSTACK #pragma warning disable 618 internal static bool CheckHelper(PermissionSet grantedSet, PermissionSet refusedSet, diff --git a/src/coreclr/src/mscorlib/src/System/Security/FrameSecurityDescriptor.cs b/src/coreclr/src/mscorlib/src/System/Security/FrameSecurityDescriptor.cs index 2a765ab..0b482c8 100644 --- a/src/coreclr/src/mscorlib/src/System/Security/FrameSecurityDescriptor.cs +++ b/src/coreclr/src/mscorlib/src/System/Security/FrameSecurityDescriptor.cs @@ -499,20 +499,4 @@ namespace System.Security { } } -#if FEATURE_COMPRESSEDSTACK - // Used by the stack compressor to communicate a DynamicResolver to managed code during a stackwalk. - // The JIT will not actually place these on frames. - internal class FrameSecurityDescriptorWithResolver : FrameSecurityDescriptor - { - private System.Reflection.Emit.DynamicResolver m_resolver; - - public System.Reflection.Emit.DynamicResolver Resolver - { - get - { - return m_resolver; - } - } - } -#endif // FEATURE_COMPRESSEDSTACK } diff --git a/src/coreclr/src/mscorlib/src/System/Security/PermissionListSet.cs b/src/coreclr/src/mscorlib/src/System/Security/PermissionListSet.cs index 093542a..d2990b4 100644 --- a/src/coreclr/src/mscorlib/src/System/Security/PermissionListSet.cs +++ b/src/coreclr/src/mscorlib/src/System/Security/PermissionListSet.cs @@ -33,10 +33,6 @@ namespace System.Security // Scroll down to the end to see them. private PermissionSetTriple m_firstPermSetTriple; private ArrayList m_permSetTriples; -#if FEATURE_COMPRESSEDSTACK - private ArrayList m_zoneList; - private ArrayList m_originList; -#endif // FEATURE_COMPRESSEDSTACK internal PermissionListSet() {} @@ -77,30 +73,17 @@ namespace System.Security private void Terminate(PermissionSetTriple currentTriple, PermissionListSet pls) { -#if FEATURE_COMPRESSEDSTACK - this.UpdateZoneAndOrigin(pls); -#endif // FEATURE_COMPRESSEDSTACK this.UpdatePermissions(currentTriple, pls); this.UpdateTripleListAndCreateNewTriple(currentTriple, null); } private bool Update(PermissionSetTriple currentTriple, PermissionListSet pls) { -#if FEATURE_COMPRESSEDSTACK - this.UpdateZoneAndOrigin(pls); -#endif // FEATURE_COMPRESSEDSTACK return this.UpdatePermissions(currentTriple, pls); } private bool Update(PermissionSetTriple currentTriple, FrameSecurityDescriptor fsd) { -#if FEATURE_COMPRESSEDSTACK - FrameSecurityDescriptorWithResolver fsdWithResolver = fsd as FrameSecurityDescriptorWithResolver; - if (fsdWithResolver != null) - { - return Update2(currentTriple, fsdWithResolver); - } -#endif // FEATURE_COMPRESSEDSTACK // check imperative bool fHalt = Update2(currentTriple, fsd, false); @@ -112,15 +95,6 @@ namespace System.Security return fHalt; } -#if FEATURE_COMPRESSEDSTACK - private bool Update2(PermissionSetTriple currentTriple, FrameSecurityDescriptorWithResolver fsdWithResolver) - { - System.Reflection.Emit.DynamicResolver resolver = fsdWithResolver.Resolver; - CompressedStack dynamicCompressedStack = resolver.GetSecurityContext(); - dynamicCompressedStack.CompleteConstruction(null); - return this.Update(currentTriple, dynamicCompressedStack.PLS); - } -#endif // FEATURE_COMPRESSEDSTACK private bool Update2(PermissionSetTriple currentTriple, FrameSecurityDescriptor fsd, bool fDeclarative) { @@ -183,16 +157,8 @@ namespace System.Security } private void Update(PermissionSetTriple currentTriple, PermissionSet in_g, PermissionSet in_r) { -#if FEATURE_COMPRESSEDSTACK - ZoneIdentityPermission z; - UrlIdentityPermission u; - currentTriple.UpdateGrant(in_g, out z, out u); - currentTriple.UpdateRefused(in_r); - AppendZoneOrigin(z, u); -#else // !FEATURE_COMPRESEDSTACK currentTriple.UpdateGrant(in_g); currentTriple.UpdateRefused(in_r); -#endif // FEATURE_COMPRESSEDSTACK } // Called from the VM for HG CS construction @@ -203,20 +169,6 @@ namespace System.Security Update(m_firstPermSetTriple, in_g, null); } -#if FEATURE_COMPRESSEDSTACK - private void UpdateZoneAndOrigin(PermissionListSet pls) - { - if (pls != null) - { - if (this.m_zoneList == null && pls.m_zoneList != null && pls.m_zoneList.Count > 0) - this.m_zoneList = new ArrayList(); - UpdateArrayList(this.m_zoneList, pls.m_zoneList); - if (this.m_originList == null && pls.m_originList != null && pls.m_originList.Count > 0) - this.m_originList = new ArrayList(); - UpdateArrayList(this.m_originList, pls.m_originList); - } - } -#endif // FEATURE_COMPRESSEDSTACK private bool UpdatePermissions(PermissionSetTriple currentTriple, PermissionListSet pls) { @@ -294,119 +246,6 @@ namespace System.Security } -#if FEATURE_COMPRESSEDSTACK - private void AppendZoneOrigin(ZoneIdentityPermission z, UrlIdentityPermission u) - { - - if (z != null) - { - if (m_zoneList == null) - m_zoneList = new ArrayList(); - z.AppendZones(m_zoneList); - } - - if (u != null) - { - if (m_originList == null) - m_originList = new ArrayList(); - u.AppendOrigin(m_originList); - } - } - -[System.Runtime.InteropServices.ComVisible(true)] - // public(internal) interface begins... - // Creation functions - static internal PermissionListSet CreateCompressedState(CompressedStack cs, CompressedStack innerCS) - { - // function that completes the construction of the compressed stack if not done so already (bottom half for demand evaluation) - - bool bHaltConstruction = false; - if (cs.CompressedStackHandle == null) - return null; // FT case or Security off - - PermissionListSet pls = new PermissionListSet(); - PermissionSetTriple currentTriple = new PermissionSetTriple(); - int numDomains = CompressedStack.GetDCSCount(cs.CompressedStackHandle); - for (int i=numDomains-1; (i >= 0 && !bHaltConstruction) ; i--) - { - DomainCompressedStack dcs = CompressedStack.GetDomainCompressedStack(cs.CompressedStackHandle, i); - if (dcs == null) - continue; // we hit a FT Domain - if (dcs.PLS == null) - { - // We failed on some DCS - throw new SecurityException(String.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"))); - } - pls.UpdateZoneAndOrigin(dcs.PLS); - pls.Update(currentTriple, dcs.PLS); - bHaltConstruction = dcs.ConstructionHalted; - } - if (!bHaltConstruction) - { - PermissionListSet tmp_pls = null; - // Construction did not halt. - if (innerCS != null) - { - innerCS.CompleteConstruction(null); - tmp_pls = innerCS.PLS; - } - pls.Terminate(currentTriple, tmp_pls); - } - else - { - pls.Terminate(currentTriple); - } - - return pls; - } - - static internal PermissionListSet CreateCompressedState(IntPtr unmanagedDCS, out bool bHaltConstruction) - { - PermissionListSet pls = new PermissionListSet(); - PermissionSetTriple currentTriple = new PermissionSetTriple(); - - PermissionSet tmp_g, tmp_r; - // Construct the descriptor list - int descCount = DomainCompressedStack.GetDescCount(unmanagedDCS); - bHaltConstruction = false; - for(int i=0; (i < descCount && !bHaltConstruction); i++) - { - FrameSecurityDescriptor fsd; - Assembly assembly; - if (DomainCompressedStack.GetDescriptorInfo(unmanagedDCS, i, out tmp_g, out tmp_r, out assembly, out fsd)) - { - // Got an FSD - bHaltConstruction = pls.Update(currentTriple, fsd); - } - else - { - pls.Update(currentTriple, tmp_g, tmp_r); - } - - } - if (!bHaltConstruction) - { - // domain - if (!DomainCompressedStack.IgnoreDomain(unmanagedDCS)) - { - DomainCompressedStack.GetDomainPermissionSets(unmanagedDCS, out tmp_g, out tmp_r); - pls.Update(currentTriple, tmp_g, tmp_r); - } - } - pls.Terminate(currentTriple); - - - // return the created object - return pls; - - } - static internal PermissionListSet CreateCompressedState_HG() - { - PermissionListSet pls = new PermissionListSet(); - CompressedStack.GetHomogeneousPLS(pls); - return pls; - } -#endif // #if FEATURE_COMPRESSEDSTACK // Private Demand evaluation functions - only called from the VM internal bool CheckDemandNoThrow(CodeAccessPermission demand) { @@ -521,15 +360,6 @@ namespace System.Security CheckSetDemand(grantSet, RuntimeMethodHandleInternal.EmptyHandle); } -#if FEATURE_COMPRESSEDSTACK - internal void GetZoneAndOrigin(ArrayList zoneList, ArrayList originList, PermissionToken zoneToken, PermissionToken originToken) - { - if (m_zoneList != null) - zoneList.AddRange(m_zoneList); - if (m_originList != null) - originList.AddRange(m_originList); - } -#endif } } diff --git a/src/coreclr/src/mscorlib/src/System/Security/SecurityContext.cs b/src/coreclr/src/mscorlib/src/System/Security/SecurityContext.cs index 96c72d9..df94957 100644 --- a/src/coreclr/src/mscorlib/src/System/Security/SecurityContext.cs +++ b/src/coreclr/src/mscorlib/src/System/Security/SecurityContext.cs @@ -42,437 +42,4 @@ namespace System.Security All = 0x3FFF } -#if FEATURE_COMPRESSEDSTACK - internal struct SecurityContextSwitcher: IDisposable - { - internal SecurityContext.Reader prevSC; // prev SC that we restore on an Undo - internal SecurityContext currSC; //current SC - SetSecurityContext that created the switcher set this on the Thread - internal ExecutionContext currEC; // current ExecutionContext on Thread - internal CompressedStackSwitcher cssw; - - public void Dispose() - { - Undo(); - } - - [ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)] - [HandleProcessCorruptedStateExceptions] - internal bool UndoNoThrow() - { - try - { - Undo(); - } - catch - { - return false; - } - return true; - } - - [ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)] - [HandleProcessCorruptedStateExceptions] - public void Undo() - { - if (currSC == null) - { - return; // mutiple Undo()s called on this switcher object - } - - if (currEC != null) - { - Debug.Assert(currEC == Thread.CurrentThread.GetMutableExecutionContext(), "SecurityContextSwitcher used from another thread"); - Debug.Assert(currSC == currEC.SecurityContext, "SecurityContextSwitcher context mismatch"); - - // restore the saved security context - currEC.SecurityContext = prevSC.DangerousGetRawSecurityContext(); - } - else - { - // caller must have already restored the ExecutionContext - Debug.Assert(Thread.CurrentThread.GetExecutionContextReader().SecurityContext.IsSame(prevSC)); - } - - currSC = null; // this will prevent the switcher object being used again - - bool bNoException = true; - - bNoException &= cssw.UndoNoThrow(); - - - if (!bNoException) - { - // Failfast since we can't continue safely... - System.Environment.FailFast(Environment.GetResourceString("ExecutionContext_UndoFailed")); - } - - } - } - - public sealed class SecurityContext : IDisposable - { - /*========================================================================= - ** Data accessed from managed code that needs to be defined in - ** SecurityContextObject to maintain alignment between the two classes. - ** DON'T CHANGE THESE UNLESS YOU MODIFY SecurityContextObject in vm\object.h - =========================================================================*/ - - private ExecutionContext _executionContext; - private volatile CompressedStack _compressedStack; - static private volatile SecurityContext _fullTrustSC; - - internal volatile bool isNewCapture = false; - internal volatile SecurityContextDisableFlow _disableFlow = SecurityContextDisableFlow.Nothing; - - [ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)] - internal SecurityContext() - { - } - - internal struct Reader - { - SecurityContext m_sc; - - public Reader(SecurityContext sc) { m_sc = sc; } - - public SecurityContext DangerousGetRawSecurityContext() { return m_sc; } - - public bool IsNull { get { return m_sc == null; } } - public bool IsSame(SecurityContext sc) { return m_sc == sc; } - public bool IsSame(SecurityContext.Reader sc) { return m_sc == sc.m_sc; } - - [MethodImpl(MethodImplOptions.AggressiveInlining)] - public bool IsFlowSuppressed(SecurityContextDisableFlow flags) - { - return (m_sc == null) ? false : ((m_sc._disableFlow & flags) == flags); - } - - public CompressedStack CompressedStack { get { return IsNull ? null : m_sc.CompressedStack; } } - - public WindowsIdentity WindowsIdentity - { - [MethodImpl(MethodImplOptions.AggressiveInlining)] - get { return IsNull ? null : m_sc.WindowsIdentity; } - } - } - - - static internal SecurityContext FullTrustSecurityContext - { - get - { - if (_fullTrustSC == null) - _fullTrustSC = CreateFullTrustSecurityContext(); - return _fullTrustSC; - } - } - - // link the security context to an ExecutionContext - internal ExecutionContext ExecutionContext - { - [ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)] - set - { - _executionContext = value; - } - } - - internal CompressedStack CompressedStack - { - get - { - return _compressedStack; - } - [ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)] - set - { - _compressedStack = value; - } - } - - public void Dispose() - { - } - - public static AsyncFlowControl SuppressFlow() - { - return SuppressFlow(SecurityContextDisableFlow.All); - } - - public static AsyncFlowControl SuppressFlowWindowsIdentity() - { - return SuppressFlow(SecurityContextDisableFlow.WI); - } - - internal static AsyncFlowControl SuppressFlow(SecurityContextDisableFlow flags) - { - if (IsFlowSuppressed(flags)) - { - throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_CannotSupressFlowMultipleTimes")); - } - - ExecutionContext ec = Thread.CurrentThread.GetMutableExecutionContext(); - if (ec.SecurityContext == null) - ec.SecurityContext = new SecurityContext(); - AsyncFlowControl afc = new AsyncFlowControl(); - afc.Setup(flags); - return afc; - } - - public static void RestoreFlow() - { - SecurityContext sc = Thread.CurrentThread.GetMutableExecutionContext().SecurityContext; - if (sc == null || sc._disableFlow == SecurityContextDisableFlow.Nothing) - { - throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_CannotRestoreUnsupressedFlow")); - } - sc._disableFlow = SecurityContextDisableFlow.Nothing; - } - - public static bool IsFlowSuppressed() - { - return SecurityContext.IsFlowSuppressed(SecurityContextDisableFlow.All); - } - - internal static bool IsFlowSuppressed(SecurityContextDisableFlow flags) - { - return Thread.CurrentThread.GetExecutionContextReader().SecurityContext.IsFlowSuppressed(flags); - } - - // This method is special from a security perspective - the VM will not allow a stack walk to - // continue past the call to SecurityContext.Run. If you change the signature to this method, or - // provide an alternate way to do a SecurityContext.Run make sure to update - // SecurityStackWalk::IsSpecialRunFrame in the VM to search for the new method. - [DynamicSecurityMethodAttribute()] - [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable - public static void Run(SecurityContext securityContext, ContextCallback callback, Object state) - { - if (securityContext == null ) - { - throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_NullContext")); - } - Contract.EndContractBlock(); - - StackCrawlMark stackMark = StackCrawlMark.LookForMe; - - if (!securityContext.isNewCapture) - { - throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_NotNewCaptureContext")); - } - - securityContext.isNewCapture = false; - - ExecutionContext.Reader ec = Thread.CurrentThread.GetExecutionContextReader(); - - // Optimization: do the callback directly if both the current and target contexts are equal to the - // default full-trust security context - if ( SecurityContext.CurrentlyInDefaultFTSecurityContext(ec) - && securityContext.IsDefaultFTSecurityContext()) - { - callback(state); - - if (GetCurrentWI(Thread.CurrentThread.GetExecutionContextReader()) != null) - { - // If we enter here it means the callback did an impersonation - // that we need to revert. - // We don't need to revert any other security state since it is stack-based - // and automatically goes away when the callback returns. - WindowsIdentity.SafeRevertToSelf(ref stackMark); - // Ensure we have reverted to the state we entered in. - Debug.Assert(GetCurrentWI(Thread.CurrentThread.GetExecutionContextReader()) == null); - } - } - else - { - RunInternal(securityContext, callback, state); - } - - } - internal static void RunInternal(SecurityContext securityContext, ContextCallback callBack, Object state) - { - if (cleanupCode == null) - { - tryCode = new RuntimeHelpers.TryCode(runTryCode); - cleanupCode = new RuntimeHelpers.CleanupCode(runFinallyCode); - } - SecurityContextRunData runData = new SecurityContextRunData(securityContext, callBack, state); - RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(tryCode, cleanupCode, runData); - - } - - internal class SecurityContextRunData - { - internal SecurityContext sc; - internal ContextCallback callBack; - internal Object state; - internal SecurityContextSwitcher scsw; - internal SecurityContextRunData(SecurityContext securityContext, ContextCallback cb, Object state) - { - this.sc = securityContext; - this.callBack = cb; - this.state = state; - this.scsw = new SecurityContextSwitcher(); - } - } - - static internal void runTryCode(Object userData) - { - SecurityContextRunData rData = (SecurityContextRunData) userData; - rData.scsw = SetSecurityContext(rData.sc, Thread.CurrentThread.GetExecutionContextReader().SecurityContext, modifyCurrentExecutionContext: true); - rData.callBack(rData.state); - - } - - [PrePrepareMethod] - static internal void runFinallyCode(Object userData, bool exceptionThrown) - { - SecurityContextRunData rData = (SecurityContextRunData) userData; - rData.scsw.Undo(); - } - - static volatile internal RuntimeHelpers.TryCode tryCode; - static volatile internal RuntimeHelpers.CleanupCode cleanupCode; - - - - // Internal API that gets called from public SetSecurityContext and from SetExecutionContext - [ReliabilityContract(Consistency.WillNotCorruptState, Cer.MayFail)] - [DynamicSecurityMethodAttribute()] - [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable - internal static SecurityContextSwitcher SetSecurityContext(SecurityContext sc, SecurityContext.Reader prevSecurityContext, bool modifyCurrentExecutionContext) - { - StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller; - return SetSecurityContext(sc, prevSecurityContext, modifyCurrentExecutionContext, ref stackMark); - } - - [HandleProcessCorruptedStateExceptions] - internal static SecurityContextSwitcher SetSecurityContext(SecurityContext sc, SecurityContext.Reader prevSecurityContext, bool modifyCurrentExecutionContext, ref StackCrawlMark stackMark) - { - // Save the flow state at capture and reset it in the SC. - SecurityContextDisableFlow _capturedFlowState = sc._disableFlow; - sc._disableFlow = SecurityContextDisableFlow.Nothing; - - //Set up the switcher object - SecurityContextSwitcher scsw = new SecurityContextSwitcher(); - scsw.currSC = sc; - scsw.prevSC = prevSecurityContext; - - if (modifyCurrentExecutionContext) - { - // save the current Execution Context - ExecutionContext currEC = Thread.CurrentThread.GetMutableExecutionContext(); - scsw.currEC = currEC; - currEC.SecurityContext = sc; - } - - if (sc != null) - { - RuntimeHelpers.PrepareConstrainedRegions(); - try - { - scsw.cssw = CompressedStack.SetCompressedStack(sc.CompressedStack, prevSecurityContext.CompressedStack); - } - catch - { - scsw.UndoNoThrow(); - throw; - } - } - return scsw; - } - - /// - public SecurityContext CreateCopy() - { - if (!isNewCapture) - { - throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_NotNewCaptureContext")); - } - - SecurityContext sc = new SecurityContext(); - sc.isNewCapture = true; - sc._disableFlow = _disableFlow; - - if (_compressedStack != null) - sc._compressedStack = _compressedStack.CreateCopy(); - - return sc; - } - - /// - internal SecurityContext CreateMutableCopy() - { - Debug.Assert(!this.isNewCapture); - - SecurityContext sc = new SecurityContext(); - sc._disableFlow = this._disableFlow; - - if (this._compressedStack != null) - sc._compressedStack = this._compressedStack.CreateCopy(); - - return sc; - } - - [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable - public static SecurityContext Capture( ) - { - // check to see if Flow is suppressed - if (IsFlowSuppressed()) - return null; - - StackCrawlMark stackMark= StackCrawlMark.LookForMyCaller; - SecurityContext sc = SecurityContext.Capture(Thread.CurrentThread.GetExecutionContextReader(), ref stackMark); - if (sc == null) - sc = CreateFullTrustSecurityContext(); - return sc; - } - - // create a clone from a non-existing SecurityContext - [MethodImpl(MethodImplOptions.AggressiveInlining)] - static internal SecurityContext Capture(ExecutionContext.Reader currThreadEC, ref StackCrawlMark stackMark) - { - // check to see if Flow is suppressed - if (currThreadEC.SecurityContext.IsFlowSuppressed(SecurityContextDisableFlow.All)) - return null; - - // If we're in FT right now, return null - if (CurrentlyInDefaultFTSecurityContext(currThreadEC)) - return null; - - return CaptureCore(currThreadEC, ref stackMark); - } - - static private SecurityContext CaptureCore(ExecutionContext.Reader currThreadEC, ref StackCrawlMark stackMark) - { - SecurityContext sc = new SecurityContext(); - sc.isNewCapture = true; - - // Force create CompressedStack - sc.CompressedStack = CompressedStack.GetCompressedStack(ref stackMark); - return sc; - } - - static internal SecurityContext CreateFullTrustSecurityContext() - { - SecurityContext sc = new SecurityContext(); - sc.isNewCapture = true; - - // Force create CompressedStack - sc.CompressedStack = new CompressedStack(null); - return sc; - } - - internal bool IsDefaultFTSecurityContext() - { - return (CompressedStack == null || CompressedStack.CompressedStackHandle == null); - } - static internal bool CurrentlyInDefaultFTSecurityContext(ExecutionContext threadEC) - { - return (IsDefaultThreadSecurityInfo()); - } - - [MethodImplAttribute(MethodImplOptions.InternalCall), ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)] - internal extern static bool IsDefaultThreadSecurityInfo(); - } -#endif // FEATURE_COMPRESSEDSTACK } diff --git a/src/coreclr/src/mscorlib/src/System/Security/SecurityRuntime.cs b/src/coreclr/src/mscorlib/src/System/Security/SecurityRuntime.cs index d037fe9..76835ff 100644 --- a/src/coreclr/src/mscorlib/src/System/Security/SecurityRuntime.cs +++ b/src/coreclr/src/mscorlib/src/System/Security/SecurityRuntime.cs @@ -75,44 +75,6 @@ namespace System.Security return secDesc.CheckDemand((CodeAccessPermission) demandIn, permToken, rmh); } -#if FEATURE_COMPRESSEDSTACK - private static bool CheckDynamicMethodSetHelper(System.Reflection.Emit.DynamicResolver dynamicResolver, - PermissionSet demandSet, - out PermissionSet alteredDemandSet, - RuntimeMethodHandleInternal rmh) - { - System.Threading.CompressedStack creationStack = dynamicResolver.GetSecurityContext(); - bool result; - try - { - result = creationStack.CheckSetDemandWithModificationNoHalt(demandSet, out alteredDemandSet, rmh); - } - catch (SecurityException ex) - { - throw new SecurityException(Environment.GetResourceString("Security_AnonymouslyHostedDynamicMethodCheckFailed"), ex); - } - - return result; - } - - private static bool CheckDynamicMethodHelper(System.Reflection.Emit.DynamicResolver dynamicResolver, - IPermission demandIn, - PermissionToken permToken, - RuntimeMethodHandleInternal rmh) - { - System.Threading.CompressedStack creationStack = dynamicResolver.GetSecurityContext(); - bool result; - try - { - result = creationStack.CheckDemandNoHalt((CodeAccessPermission)demandIn, permToken, rmh); - } - catch (SecurityException ex) - { - throw new SecurityException(Environment.GetResourceString("Security_AnonymouslyHostedDynamicMethodCheckFailed"), ex); - } - return result; - } -#endif // FEATURE_COMPRESSEDSTACK // // API for PermissionSets diff --git a/src/coreclr/src/mscorlib/src/System/Threading/Thread.cs b/src/coreclr/src/mscorlib/src/System/Threading/Thread.cs index b2c559d..5f84a8c 100644 --- a/src/coreclr/src/mscorlib/src/System/Threading/Thread.cs +++ b/src/coreclr/src/mscorlib/src/System/Threading/Thread.cs @@ -334,29 +334,6 @@ namespace System.Threading { [MethodImplAttribute(MethodImplOptions.InternalCall)] private extern void StartInternal(IPrincipal principal, ref StackCrawlMark stackMark); -#if FEATURE_COMPRESSEDSTACK - /// - [DynamicSecurityMethodAttribute()] - [Obsolete("Thread.SetCompressedStack is no longer supported. Please use the System.Threading.CompressedStack class")] - public void SetCompressedStack( CompressedStack stack ) - { - throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_ThreadAPIsNotSupported")); - } - - [MethodImplAttribute(MethodImplOptions.InternalCall), ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)] - internal extern IntPtr SetAppDomainStack( SafeCompressedStackHandle csHandle); - - [MethodImplAttribute(MethodImplOptions.InternalCall), ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)] - internal extern void RestoreAppDomainStack( IntPtr appDomainStack); - - - /// - [Obsolete("Thread.GetCompressedStack is no longer supported. Please use the System.Threading.CompressedStack class")] - public CompressedStack GetCompressedStack() - { - throw new InvalidOperationException(Environment.GetResourceString("InvalidOperation_ThreadAPIsNotSupported")); - } -#endif // #if FEATURE_COMPRESSEDSTACK // Helper method to get a logical thread ID for StringBuilder (for -- 2.7.4