Code:
/ 4.0 / 4.0 / DEVDIV_TFS / Dev10 / Releases / RTMRel / ndp / clr / src / BCL / System / Security / PermissionListSet.cs / 1305376 / PermissionListSet.cs
// ==++==
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
// ==--==
/*==============================================================================
**
** Class: PermissionListSet.cs
**
** [....]
** [....]
**
** Purpose: Holds state about A/G/R permissionsets in a callstack or appdomain
** (Replacement for PermissionListSet)
**
=============================================================================*/
namespace System.Security
{
using System.Globalization;
using System.Reflection;
using System.Runtime.InteropServices;
using System.Security;
using System.Security.Permissions;
using System.Threading;
using System.Collections;
using System.Collections.Generic;
using System.Diagnostics.Contracts;
[Serializable]
sealed internal class PermissionListSet
{
// Only internal (public) methods are creation methods and demand evaluation methods.
// Scroll down to the end to see them.
private PermissionSetTriple m_firstPermSetTriple;
private ArrayList m_permSetTriples;
#if FEATURE_COMPRESSEDSTACK
private ArrayList m_zoneList;
private ArrayList m_originList;
#endif // FEATURE_COMPRESSEDSTACK
internal PermissionListSet() {}
private void EnsureTriplesListCreated()
{
if (m_permSetTriples == null)
{
m_permSetTriples = new ArrayList();
if (m_firstPermSetTriple != null)
{
m_permSetTriples.Add(m_firstPermSetTriple);
m_firstPermSetTriple = null;
}
}
}
#if FEATURE_PLS
[System.Security.SecurityCritical] // auto-generated
internal void UpdateDomainPLS (PermissionListSet adPLS) {
if (adPLS != null && adPLS.m_firstPermSetTriple != null)
UpdateDomainPLS(adPLS.m_firstPermSetTriple.GrantSet, adPLS.m_firstPermSetTriple.RefusedSet);
}
[System.Security.SecurityCritical] // auto-generated
internal void UpdateDomainPLS (PermissionSet grantSet, PermissionSet deniedSet) {
Contract.Assert(m_permSetTriples == null, "m_permSetTriples != null");
if (m_firstPermSetTriple == null)
m_firstPermSetTriple = new PermissionSetTriple();
// update the grant and denied sets
m_firstPermSetTriple.UpdateGrant(grantSet);
m_firstPermSetTriple.UpdateRefused(deniedSet);
}
#endif // FEATURE_PLS
private void Terminate(PermissionSetTriple currentTriple)
{
UpdateTripleListAndCreateNewTriple(currentTriple, null);
}
[System.Security.SecurityCritical] // auto-generated
private void Terminate(PermissionSetTriple currentTriple, PermissionListSet pls)
{
#if FEATURE_COMPRESSEDSTACK
this.UpdateZoneAndOrigin(pls);
#endif // FEATURE_COMPRESSEDSTACK
this.UpdatePermissions(currentTriple, pls);
this.UpdateTripleListAndCreateNewTriple(currentTriple, null);
}
[System.Security.SecurityCritical] // auto-generated
private bool Update(PermissionSetTriple currentTriple, PermissionListSet pls)
{
#if FEATURE_COMPRESSEDSTACK
this.UpdateZoneAndOrigin(pls);
#endif // FEATURE_COMPRESSEDSTACK
return this.UpdatePermissions(currentTriple, pls);
}
[System.Security.SecurityCritical] // auto-generated
private bool Update(PermissionSetTriple currentTriple, FrameSecurityDescriptor fsd)
{
// check imperative
bool fHalt = Update2(currentTriple, fsd, false);
if (!fHalt)
{
// then declarative
fHalt = Update2(currentTriple, fsd, true);
}
return fHalt;
}
[System.Security.SecurityCritical] // auto-generated
private bool Update2(PermissionSetTriple currentTriple, FrameSecurityDescriptor fsd, bool fDeclarative)
{
// Deny
PermissionSet deniedPset = fsd.GetDenials(fDeclarative);
if (deniedPset != null)
{
currentTriple.UpdateRefused(deniedPset);
}
// permit only
PermissionSet permitOnlyPset = fsd.GetPermitOnly(fDeclarative);
if (permitOnlyPset != null)
{
currentTriple.UpdateGrant(permitOnlyPset);
}
// Assert all possible
if (fsd.GetAssertAllPossible())
{
// If we have no grant set, it means that the only assembly we've seen on the stack so
// far is mscorlib. Since mscorlib will always be fully trusted, the grant set of the
// compressed stack is also FullTrust.
if (currentTriple.GrantSet == null)
currentTriple.GrantSet = PermissionSet.s_fullTrust;
return true; // halt the construction
}
// Assert
PermissionSet assertPset = fsd.GetAssertions(fDeclarative);
if (assertPset != null)
{
if (assertPset.IsUnrestricted())
{
// If we have no grant set, it means that the only assembly we've seen on the stack so
// far is mscorlib. Since mscorlib will always be fully trusted, the grant set of the
// compressed stack is also FullTrust.
if (currentTriple.GrantSet == null)
currentTriple.GrantSet = PermissionSet.s_fullTrust;
return true; // halt the construction
}
PermissionSetTriple retTriple = currentTriple.UpdateAssert(assertPset);
if (retTriple != null)
{
EnsureTriplesListCreated();
m_permSetTriples.Add(retTriple);
}
}
return false;
}
[System.Security.SecurityCritical] // auto-generated
private void Update(PermissionSetTriple currentTriple, PermissionSet in_g, PermissionSet in_r)
{
#if FEATURE_COMPRESSEDSTACK
ZoneIdentityPermission z;
UrlIdentityPermission u;
currentTriple.UpdateGrant(in_g, out z, out u);
currentTriple.UpdateRefused(in_r);
AppendZoneOrigin(z, u);
#else // !FEATURE_COMPRESEDSTACK
currentTriple.UpdateGrant(in_g);
currentTriple.UpdateRefused(in_r);
#endif // FEATURE_COMPRESSEDSTACK
}
// Called from the VM for HG CS construction
[System.Security.SecurityCritical] // auto-generated
private void Update(PermissionSet in_g)
{
if (m_firstPermSetTriple == null)
m_firstPermSetTriple = new PermissionSetTriple();
Update(m_firstPermSetTriple, in_g, null);
}
#if FEATURE_COMPRESSEDSTACK
private void UpdateZoneAndOrigin(PermissionListSet pls)
{
if (pls != null)
{
if (this.m_zoneList == null && pls.m_zoneList != null && pls.m_zoneList.Count > 0)
this.m_zoneList = new ArrayList();
UpdateArrayList(this.m_zoneList, pls.m_zoneList);
if (this.m_originList == null && pls.m_originList != null && pls.m_originList.Count > 0)
this.m_originList = new ArrayList();
UpdateArrayList(this.m_originList, pls.m_originList);
}
}
#endif // FEATURE_COMPRESSEDSTACK
[System.Security.SecurityCritical] // auto-generated
private bool UpdatePermissions(PermissionSetTriple currentTriple, PermissionListSet pls)
{
if (pls != null)
{
if (pls.m_permSetTriples != null)
{
// DCS has an AGR List. So we need to add the AGR List
UpdateTripleListAndCreateNewTriple(currentTriple,pls.m_permSetTriples);
}
else
{
// Common case: One AGR set
PermissionSetTriple tmp_psTriple = pls.m_firstPermSetTriple;
PermissionSetTriple retTriple;
// First try and update currentTriple. Return value indicates if we can stop construction
if (currentTriple.Update(tmp_psTriple, out retTriple))
return true;
// If we got a non-null retTriple, what it means is that compression failed,
// and we now have 2 triples to deal with: retTriple and currentTriple.
// retTriple has to be appended first. then currentTriple.
if (retTriple != null)
{
EnsureTriplesListCreated();
// we just created a new triple...add the previous one (returned) to the list
m_permSetTriples.Add(retTriple);
}
}
}
else
{
// pls can be null only outside the loop in CreateCompressedState
UpdateTripleListAndCreateNewTriple(currentTriple, null);
}
return false;
}
private void UpdateTripleListAndCreateNewTriple(PermissionSetTriple currentTriple, ArrayList tripleList)
{
if (!currentTriple.IsEmpty())
{
if (m_firstPermSetTriple == null && m_permSetTriples == null)
{
m_firstPermSetTriple = new PermissionSetTriple(currentTriple);
}
else
{
EnsureTriplesListCreated();
m_permSetTriples.Add(new PermissionSetTriple(currentTriple));
}
currentTriple.Reset();
}
if (tripleList != null)
{
EnsureTriplesListCreated();
m_permSetTriples.AddRange(tripleList);
}
}
private static void UpdateArrayList(ArrayList current, ArrayList newList)
{
if (newList == null)
return;
for(int i=0;i < newList.Count; i++)
{
if (!current.Contains(newList[i]))
current.Add(newList[i]);
}
}
#if FEATURE_COMPRESSEDSTACK
private void AppendZoneOrigin(ZoneIdentityPermission z, UrlIdentityPermission u)
{
if (z != null)
{
if (m_zoneList == null)
m_zoneList = new ArrayList();
z.AppendZones(m_zoneList);
}
if (u != null)
{
if (m_originList == null)
m_originList = new ArrayList();
u.AppendOrigin(m_originList);
}
}
[System.Security.SecurityCritical] // auto-generated
[System.Runtime.InteropServices.ComVisible(true)]
// public(internal) interface begins...
// Creation functions
static internal PermissionListSet CreateCompressedState(CompressedStack cs, CompressedStack innerCS)
{
// function that completes the construction of the compressed stack if not done so already (bottom half for demand evaluation)
bool bHaltConstruction = false;
if (cs.CompressedStackHandle == null)
return null; // FT case or Security off
PermissionListSet pls = new PermissionListSet();
PermissionSetTriple currentTriple = new PermissionSetTriple();
int numDomains = CompressedStack.GetDCSCount(cs.CompressedStackHandle);
for (int i=numDomains-1; (i >= 0 && !bHaltConstruction) ; i--)
{
DomainCompressedStack dcs = CompressedStack.GetDomainCompressedStack(cs.CompressedStackHandle, i);
if (dcs == null)
continue; // we hit a FT Domain
if (dcs.PLS == null)
{
// We failed on some DCS
throw new SecurityException(String.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic")));
}
pls.UpdateZoneAndOrigin(dcs.PLS);
pls.Update(currentTriple, dcs.PLS);
bHaltConstruction = dcs.ConstructionHalted;
}
if (!bHaltConstruction)
{
PermissionListSet tmp_pls = null;
// Construction did not halt.
if (innerCS != null)
{
innerCS.CompleteConstruction(null);
tmp_pls = innerCS.PLS;
}
pls.Terminate(currentTriple, tmp_pls);
}
else
{
pls.Terminate(currentTriple);
}
return pls;
}
[System.Security.SecurityCritical] // auto-generated
static internal PermissionListSet CreateCompressedState(IntPtr unmanagedDCS, out bool bHaltConstruction)
{
PermissionListSet pls = new PermissionListSet();
PermissionSetTriple currentTriple = new PermissionSetTriple();
PermissionSet tmp_g, tmp_r;
// Construct the descriptor list
int descCount = DomainCompressedStack.GetDescCount(unmanagedDCS);
bHaltConstruction = false;
for(int i=0; (i < descCount && !bHaltConstruction); i++)
{
FrameSecurityDescriptor fsd;
Assembly assembly;
if (DomainCompressedStack.GetDescriptorInfo(unmanagedDCS, i, out tmp_g, out tmp_r, out assembly, out fsd))
{
// Got an FSD
bHaltConstruction = pls.Update(currentTriple, fsd);
}
else
{
pls.Update(currentTriple, tmp_g, tmp_r);
}
}
if (!bHaltConstruction)
{
// domain
if (!DomainCompressedStack.IgnoreDomain(unmanagedDCS))
{
DomainCompressedStack.GetDomainPermissionSets(unmanagedDCS, out tmp_g, out tmp_r);
pls.Update(currentTriple, tmp_g, tmp_r);
}
}
pls.Terminate(currentTriple);
// return the created object
return pls;
}
[System.Security.SecurityCritical] // auto-generated
static internal PermissionListSet CreateCompressedState_HG()
{
PermissionListSet pls = new PermissionListSet();
CompressedStack.GetHomogeneousPLS(pls);
return pls;
}
#endif // #if FEATURE_COMPRESSEDSTACK
// Private Demand evaluation functions - only called from the VM
[System.Security.SecurityCritical] // auto-generated
internal bool CheckDemandNoThrow(CodeAccessPermission demand)
{
// AppDomain permissions - no asserts. So there should only be one triple to work with
Contract.Assert(m_permSetTriples == null && m_firstPermSetTriple != null, "More than one PermissionSetTriple encountered in AD PermissionListSet");
PermissionToken permToken = null;
if (demand != null)
permToken = PermissionToken.GetToken(demand);
return m_firstPermSetTriple.CheckDemandNoThrow(demand, permToken);
}
[System.Security.SecurityCritical] // auto-generated
internal bool CheckSetDemandNoThrow(PermissionSet pSet)
{
// AppDomain permissions - no asserts. So there should only be one triple to work with
Contract.Assert(m_permSetTriples == null && m_firstPermSetTriple != null, "More than one PermissionSetTriple encountered in AD PermissionListSet");
return m_firstPermSetTriple.CheckSetDemandNoThrow(pSet);
}
// Demand evauation functions
[System.Security.SecurityCritical] // auto-generated
internal bool CheckDemand(CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandleInternal rmh)
{
bool bRet = SecurityRuntime.StackContinue;
if (m_permSetTriples != null)
{
for (int i=0; (i < m_permSetTriples.Count && bRet != SecurityRuntime.StackHalt) ; i++)
{
PermissionSetTriple psTriple = (PermissionSetTriple)m_permSetTriples[i];
bRet = psTriple.CheckDemand(demand, permToken, rmh);
}
}
else if (m_firstPermSetTriple != null)
{
bRet = m_firstPermSetTriple.CheckDemand(demand, permToken, rmh);
}
return SecurityRuntime.StackHalt; // CS demand check always terminates the stackwalk
}
[System.Security.SecurityCritical] // auto-generated
internal bool CheckSetDemand(PermissionSet pset , RuntimeMethodHandleInternal rmh)
{
bool bRet = SecurityRuntime.StackContinue;
PermissionSet demandSet = pset;
PermissionSet alteredDemandSet;
if (m_permSetTriples != null)
{
for (int i=0; (i < m_permSetTriples.Count && bRet != SecurityRuntime.StackHalt) ; i++)
{
PermissionSetTriple psTriple = (PermissionSetTriple)m_permSetTriples[i];
bRet = psTriple.CheckSetDemand(demandSet, out alteredDemandSet, rmh);
if (alteredDemandSet != null)
demandSet = alteredDemandSet;
}
}
else if (m_firstPermSetTriple != null)
{
bRet = m_firstPermSetTriple.CheckSetDemand(demandSet, out alteredDemandSet, rmh);
}
return SecurityRuntime.StackHalt; // CS demand check always terminates the stackwalk
}
///
/// Check to see if the PLS satisfies a demand for the special permissions encoded in flags
///
/// set of flags to check (See PermissionType)
[System.Security.SecurityCritical] // auto-generated
private bool CheckFlags(int flags)
{
Contract.Assert(flags != 0, "Invalid permission flag demand");
bool check = true;
if (m_permSetTriples != null)
{
for (int i = 0; i < m_permSetTriples.Count && check && flags != 0; i++)
{
check &= ((PermissionSetTriple)m_permSetTriples[i]).CheckFlags(ref flags);
}
}
else if (m_firstPermSetTriple != null)
{
check = m_firstPermSetTriple.CheckFlags(ref flags);
}
return check;
}
///
/// Demand which succeeds if either a set of special permissions or a permission set is granted
/// to the call stack
///
/// set of flags to check (See PermissionType)
/// alternate permission set to check
[System.Security.SecurityCritical] // auto-generated
internal void DemandFlagsOrGrantSet(int flags, PermissionSet grantSet)
{
if (CheckFlags(flags))
return;
CheckSetDemand(grantSet, RuntimeMethodHandleInternal.EmptyHandle);
}
#if FEATURE_COMPRESSEDSTACK
internal void GetZoneAndOrigin(ArrayList zoneList, ArrayList originList, PermissionToken zoneToken, PermissionToken originToken)
{
if (m_zoneList != null)
zoneList.AddRange(m_zoneList);
if (m_originList != null)
originList.AddRange(m_originList);
}
#endif
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
// ==++==
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
// ==--==
/*==============================================================================
**
** Class: PermissionListSet.cs
**
** [....]
** [....]
**
** Purpose: Holds state about A/G/R permissionsets in a callstack or appdomain
** (Replacement for PermissionListSet)
**
=============================================================================*/
namespace System.Security
{
using System.Globalization;
using System.Reflection;
using System.Runtime.InteropServices;
using System.Security;
using System.Security.Permissions;
using System.Threading;
using System.Collections;
using System.Collections.Generic;
using System.Diagnostics.Contracts;
[Serializable]
sealed internal class PermissionListSet
{
// Only internal (public) methods are creation methods and demand evaluation methods.
// Scroll down to the end to see them.
private PermissionSetTriple m_firstPermSetTriple;
private ArrayList m_permSetTriples;
#if FEATURE_COMPRESSEDSTACK
private ArrayList m_zoneList;
private ArrayList m_originList;
#endif // FEATURE_COMPRESSEDSTACK
internal PermissionListSet() {}
private void EnsureTriplesListCreated()
{
if (m_permSetTriples == null)
{
m_permSetTriples = new ArrayList();
if (m_firstPermSetTriple != null)
{
m_permSetTriples.Add(m_firstPermSetTriple);
m_firstPermSetTriple = null;
}
}
}
#if FEATURE_PLS
[System.Security.SecurityCritical] // auto-generated
internal void UpdateDomainPLS (PermissionListSet adPLS) {
if (adPLS != null && adPLS.m_firstPermSetTriple != null)
UpdateDomainPLS(adPLS.m_firstPermSetTriple.GrantSet, adPLS.m_firstPermSetTriple.RefusedSet);
}
[System.Security.SecurityCritical] // auto-generated
internal void UpdateDomainPLS (PermissionSet grantSet, PermissionSet deniedSet) {
Contract.Assert(m_permSetTriples == null, "m_permSetTriples != null");
if (m_firstPermSetTriple == null)
m_firstPermSetTriple = new PermissionSetTriple();
// update the grant and denied sets
m_firstPermSetTriple.UpdateGrant(grantSet);
m_firstPermSetTriple.UpdateRefused(deniedSet);
}
#endif // FEATURE_PLS
private void Terminate(PermissionSetTriple currentTriple)
{
UpdateTripleListAndCreateNewTriple(currentTriple, null);
}
[System.Security.SecurityCritical] // auto-generated
private void Terminate(PermissionSetTriple currentTriple, PermissionListSet pls)
{
#if FEATURE_COMPRESSEDSTACK
this.UpdateZoneAndOrigin(pls);
#endif // FEATURE_COMPRESSEDSTACK
this.UpdatePermissions(currentTriple, pls);
this.UpdateTripleListAndCreateNewTriple(currentTriple, null);
}
[System.Security.SecurityCritical] // auto-generated
private bool Update(PermissionSetTriple currentTriple, PermissionListSet pls)
{
#if FEATURE_COMPRESSEDSTACK
this.UpdateZoneAndOrigin(pls);
#endif // FEATURE_COMPRESSEDSTACK
return this.UpdatePermissions(currentTriple, pls);
}
[System.Security.SecurityCritical] // auto-generated
private bool Update(PermissionSetTriple currentTriple, FrameSecurityDescriptor fsd)
{
// check imperative
bool fHalt = Update2(currentTriple, fsd, false);
if (!fHalt)
{
// then declarative
fHalt = Update2(currentTriple, fsd, true);
}
return fHalt;
}
[System.Security.SecurityCritical] // auto-generated
private bool Update2(PermissionSetTriple currentTriple, FrameSecurityDescriptor fsd, bool fDeclarative)
{
// Deny
PermissionSet deniedPset = fsd.GetDenials(fDeclarative);
if (deniedPset != null)
{
currentTriple.UpdateRefused(deniedPset);
}
// permit only
PermissionSet permitOnlyPset = fsd.GetPermitOnly(fDeclarative);
if (permitOnlyPset != null)
{
currentTriple.UpdateGrant(permitOnlyPset);
}
// Assert all possible
if (fsd.GetAssertAllPossible())
{
// If we have no grant set, it means that the only assembly we've seen on the stack so
// far is mscorlib. Since mscorlib will always be fully trusted, the grant set of the
// compressed stack is also FullTrust.
if (currentTriple.GrantSet == null)
currentTriple.GrantSet = PermissionSet.s_fullTrust;
return true; // halt the construction
}
// Assert
PermissionSet assertPset = fsd.GetAssertions(fDeclarative);
if (assertPset != null)
{
if (assertPset.IsUnrestricted())
{
// If we have no grant set, it means that the only assembly we've seen on the stack so
// far is mscorlib. Since mscorlib will always be fully trusted, the grant set of the
// compressed stack is also FullTrust.
if (currentTriple.GrantSet == null)
currentTriple.GrantSet = PermissionSet.s_fullTrust;
return true; // halt the construction
}
PermissionSetTriple retTriple = currentTriple.UpdateAssert(assertPset);
if (retTriple != null)
{
EnsureTriplesListCreated();
m_permSetTriples.Add(retTriple);
}
}
return false;
}
[System.Security.SecurityCritical] // auto-generated
private void Update(PermissionSetTriple currentTriple, PermissionSet in_g, PermissionSet in_r)
{
#if FEATURE_COMPRESSEDSTACK
ZoneIdentityPermission z;
UrlIdentityPermission u;
currentTriple.UpdateGrant(in_g, out z, out u);
currentTriple.UpdateRefused(in_r);
AppendZoneOrigin(z, u);
#else // !FEATURE_COMPRESEDSTACK
currentTriple.UpdateGrant(in_g);
currentTriple.UpdateRefused(in_r);
#endif // FEATURE_COMPRESSEDSTACK
}
// Called from the VM for HG CS construction
[System.Security.SecurityCritical] // auto-generated
private void Update(PermissionSet in_g)
{
if (m_firstPermSetTriple == null)
m_firstPermSetTriple = new PermissionSetTriple();
Update(m_firstPermSetTriple, in_g, null);
}
#if FEATURE_COMPRESSEDSTACK
private void UpdateZoneAndOrigin(PermissionListSet pls)
{
if (pls != null)
{
if (this.m_zoneList == null && pls.m_zoneList != null && pls.m_zoneList.Count > 0)
this.m_zoneList = new ArrayList();
UpdateArrayList(this.m_zoneList, pls.m_zoneList);
if (this.m_originList == null && pls.m_originList != null && pls.m_originList.Count > 0)
this.m_originList = new ArrayList();
UpdateArrayList(this.m_originList, pls.m_originList);
}
}
#endif // FEATURE_COMPRESSEDSTACK
[System.Security.SecurityCritical] // auto-generated
private bool UpdatePermissions(PermissionSetTriple currentTriple, PermissionListSet pls)
{
if (pls != null)
{
if (pls.m_permSetTriples != null)
{
// DCS has an AGR List. So we need to add the AGR List
UpdateTripleListAndCreateNewTriple(currentTriple,pls.m_permSetTriples);
}
else
{
// Common case: One AGR set
PermissionSetTriple tmp_psTriple = pls.m_firstPermSetTriple;
PermissionSetTriple retTriple;
// First try and update currentTriple. Return value indicates if we can stop construction
if (currentTriple.Update(tmp_psTriple, out retTriple))
return true;
// If we got a non-null retTriple, what it means is that compression failed,
// and we now have 2 triples to deal with: retTriple and currentTriple.
// retTriple has to be appended first. then currentTriple.
if (retTriple != null)
{
EnsureTriplesListCreated();
// we just created a new triple...add the previous one (returned) to the list
m_permSetTriples.Add(retTriple);
}
}
}
else
{
// pls can be null only outside the loop in CreateCompressedState
UpdateTripleListAndCreateNewTriple(currentTriple, null);
}
return false;
}
private void UpdateTripleListAndCreateNewTriple(PermissionSetTriple currentTriple, ArrayList tripleList)
{
if (!currentTriple.IsEmpty())
{
if (m_firstPermSetTriple == null && m_permSetTriples == null)
{
m_firstPermSetTriple = new PermissionSetTriple(currentTriple);
}
else
{
EnsureTriplesListCreated();
m_permSetTriples.Add(new PermissionSetTriple(currentTriple));
}
currentTriple.Reset();
}
if (tripleList != null)
{
EnsureTriplesListCreated();
m_permSetTriples.AddRange(tripleList);
}
}
private static void UpdateArrayList(ArrayList current, ArrayList newList)
{
if (newList == null)
return;
for(int i=0;i < newList.Count; i++)
{
if (!current.Contains(newList[i]))
current.Add(newList[i]);
}
}
#if FEATURE_COMPRESSEDSTACK
private void AppendZoneOrigin(ZoneIdentityPermission z, UrlIdentityPermission u)
{
if (z != null)
{
if (m_zoneList == null)
m_zoneList = new ArrayList();
z.AppendZones(m_zoneList);
}
if (u != null)
{
if (m_originList == null)
m_originList = new ArrayList();
u.AppendOrigin(m_originList);
}
}
[System.Security.SecurityCritical] // auto-generated
[System.Runtime.InteropServices.ComVisible(true)]
// public(internal) interface begins...
// Creation functions
static internal PermissionListSet CreateCompressedState(CompressedStack cs, CompressedStack innerCS)
{
// function that completes the construction of the compressed stack if not done so already (bottom half for demand evaluation)
bool bHaltConstruction = false;
if (cs.CompressedStackHandle == null)
return null; // FT case or Security off
PermissionListSet pls = new PermissionListSet();
PermissionSetTriple currentTriple = new PermissionSetTriple();
int numDomains = CompressedStack.GetDCSCount(cs.CompressedStackHandle);
for (int i=numDomains-1; (i >= 0 && !bHaltConstruction) ; i--)
{
DomainCompressedStack dcs = CompressedStack.GetDomainCompressedStack(cs.CompressedStackHandle, i);
if (dcs == null)
continue; // we hit a FT Domain
if (dcs.PLS == null)
{
// We failed on some DCS
throw new SecurityException(String.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic")));
}
pls.UpdateZoneAndOrigin(dcs.PLS);
pls.Update(currentTriple, dcs.PLS);
bHaltConstruction = dcs.ConstructionHalted;
}
if (!bHaltConstruction)
{
PermissionListSet tmp_pls = null;
// Construction did not halt.
if (innerCS != null)
{
innerCS.CompleteConstruction(null);
tmp_pls = innerCS.PLS;
}
pls.Terminate(currentTriple, tmp_pls);
}
else
{
pls.Terminate(currentTriple);
}
return pls;
}
[System.Security.SecurityCritical] // auto-generated
static internal PermissionListSet CreateCompressedState(IntPtr unmanagedDCS, out bool bHaltConstruction)
{
PermissionListSet pls = new PermissionListSet();
PermissionSetTriple currentTriple = new PermissionSetTriple();
PermissionSet tmp_g, tmp_r;
// Construct the descriptor list
int descCount = DomainCompressedStack.GetDescCount(unmanagedDCS);
bHaltConstruction = false;
for(int i=0; (i < descCount && !bHaltConstruction); i++)
{
FrameSecurityDescriptor fsd;
Assembly assembly;
if (DomainCompressedStack.GetDescriptorInfo(unmanagedDCS, i, out tmp_g, out tmp_r, out assembly, out fsd))
{
// Got an FSD
bHaltConstruction = pls.Update(currentTriple, fsd);
}
else
{
pls.Update(currentTriple, tmp_g, tmp_r);
}
}
if (!bHaltConstruction)
{
// domain
if (!DomainCompressedStack.IgnoreDomain(unmanagedDCS))
{
DomainCompressedStack.GetDomainPermissionSets(unmanagedDCS, out tmp_g, out tmp_r);
pls.Update(currentTriple, tmp_g, tmp_r);
}
}
pls.Terminate(currentTriple);
// return the created object
return pls;
}
[System.Security.SecurityCritical] // auto-generated
static internal PermissionListSet CreateCompressedState_HG()
{
PermissionListSet pls = new PermissionListSet();
CompressedStack.GetHomogeneousPLS(pls);
return pls;
}
#endif // #if FEATURE_COMPRESSEDSTACK
// Private Demand evaluation functions - only called from the VM
[System.Security.SecurityCritical] // auto-generated
internal bool CheckDemandNoThrow(CodeAccessPermission demand)
{
// AppDomain permissions - no asserts. So there should only be one triple to work with
Contract.Assert(m_permSetTriples == null && m_firstPermSetTriple != null, "More than one PermissionSetTriple encountered in AD PermissionListSet");
PermissionToken permToken = null;
if (demand != null)
permToken = PermissionToken.GetToken(demand);
return m_firstPermSetTriple.CheckDemandNoThrow(demand, permToken);
}
[System.Security.SecurityCritical] // auto-generated
internal bool CheckSetDemandNoThrow(PermissionSet pSet)
{
// AppDomain permissions - no asserts. So there should only be one triple to work with
Contract.Assert(m_permSetTriples == null && m_firstPermSetTriple != null, "More than one PermissionSetTriple encountered in AD PermissionListSet");
return m_firstPermSetTriple.CheckSetDemandNoThrow(pSet);
}
// Demand evauation functions
[System.Security.SecurityCritical] // auto-generated
internal bool CheckDemand(CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandleInternal rmh)
{
bool bRet = SecurityRuntime.StackContinue;
if (m_permSetTriples != null)
{
for (int i=0; (i < m_permSetTriples.Count && bRet != SecurityRuntime.StackHalt) ; i++)
{
PermissionSetTriple psTriple = (PermissionSetTriple)m_permSetTriples[i];
bRet = psTriple.CheckDemand(demand, permToken, rmh);
}
}
else if (m_firstPermSetTriple != null)
{
bRet = m_firstPermSetTriple.CheckDemand(demand, permToken, rmh);
}
return SecurityRuntime.StackHalt; // CS demand check always terminates the stackwalk
}
[System.Security.SecurityCritical] // auto-generated
internal bool CheckSetDemand(PermissionSet pset , RuntimeMethodHandleInternal rmh)
{
bool bRet = SecurityRuntime.StackContinue;
PermissionSet demandSet = pset;
PermissionSet alteredDemandSet;
if (m_permSetTriples != null)
{
for (int i=0; (i < m_permSetTriples.Count && bRet != SecurityRuntime.StackHalt) ; i++)
{
PermissionSetTriple psTriple = (PermissionSetTriple)m_permSetTriples[i];
bRet = psTriple.CheckSetDemand(demandSet, out alteredDemandSet, rmh);
if (alteredDemandSet != null)
demandSet = alteredDemandSet;
}
}
else if (m_firstPermSetTriple != null)
{
bRet = m_firstPermSetTriple.CheckSetDemand(demandSet, out alteredDemandSet, rmh);
}
return SecurityRuntime.StackHalt; // CS demand check always terminates the stackwalk
}
///
/// Check to see if the PLS satisfies a demand for the special permissions encoded in flags
///
/// set of flags to check (See PermissionType)
[System.Security.SecurityCritical] // auto-generated
private bool CheckFlags(int flags)
{
Contract.Assert(flags != 0, "Invalid permission flag demand");
bool check = true;
if (m_permSetTriples != null)
{
for (int i = 0; i < m_permSetTriples.Count && check && flags != 0; i++)
{
check &= ((PermissionSetTriple)m_permSetTriples[i]).CheckFlags(ref flags);
}
}
else if (m_firstPermSetTriple != null)
{
check = m_firstPermSetTriple.CheckFlags(ref flags);
}
return check;
}
///
/// Demand which succeeds if either a set of special permissions or a permission set is granted
/// to the call stack
///
/// set of flags to check (See PermissionType)
/// alternate permission set to check
[System.Security.SecurityCritical] // auto-generated
internal void DemandFlagsOrGrantSet(int flags, PermissionSet grantSet)
{
if (CheckFlags(flags))
return;
CheckSetDemand(grantSet, RuntimeMethodHandleInternal.EmptyHandle);
}
#if FEATURE_COMPRESSEDSTACK
internal void GetZoneAndOrigin(ArrayList zoneList, ArrayList originList, PermissionToken zoneToken, PermissionToken originToken)
{
if (m_zoneList != null)
zoneList.AddRange(m_zoneList);
if (m_originList != null)
originList.AddRange(m_originList);
}
#endif
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- CachedTypeface.cs
- ReaderContextStackData.cs
- WorkBatch.cs
- StylusPointPropertyInfoDefaults.cs
- UnorderedHashRepartitionStream.cs
- TraceProvider.cs
- Console.cs
- SurrogateEncoder.cs
- UrlPropertyAttribute.cs
- FileLogRecordStream.cs
- PageStatePersister.cs
- XdrBuilder.cs
- GridViewSortEventArgs.cs
- TextTreeFixupNode.cs
- FormViewPagerRow.cs
- StdValidatorsAndConverters.cs
- WaitForChangedResult.cs
- RenameRuleObjectDialog.Designer.cs
- EventLogInformation.cs
- DesignerWidgets.cs
- SynchronizedInputHelper.cs
- ParserOptions.cs
- ArrangedElement.cs
- LongCountAggregationOperator.cs
- Brush.cs
- NamedPipeActivation.cs
- LocationUpdates.cs
- AlphaSortedEnumConverter.cs
- CollectionBase.cs
- EnumMember.cs
- ItemMap.cs
- MenuItemBinding.cs
- ZipFileInfo.cs
- ButtonField.cs
- GradientStop.cs
- MultiDataTrigger.cs
- XmlSerializerAssemblyAttribute.cs
- ApplicationDirectory.cs
- SoapInteropTypes.cs
- GeometryModel3D.cs
- IIS7UserPrincipal.cs
- CodeSpit.cs
- SBCSCodePageEncoding.cs
- ViewPort3D.cs
- ApplicationHost.cs
- PageCache.cs
- ApplicationServicesHostFactory.cs
- RelationshipEndCollection.cs
- WebPartTransformerAttribute.cs
- XPathNode.cs
- EventManager.cs
- MenuBase.cs
- SmiEventSink_DeferedProcessing.cs
- ConsoleCancelEventArgs.cs
- NestPullup.cs
- BaseComponentEditor.cs
- SqlGenericUtil.cs
- ViewStateException.cs
- _IPv6Address.cs
- Validator.cs
- ReaderContextStackData.cs
- TdsParserSafeHandles.cs
- SurrogateChar.cs
- ListViewDataItem.cs
- TypeHelpers.cs
- TdsParser.cs
- ChangesetResponse.cs
- XmlSyndicationContent.cs
- DataPagerField.cs
- AttachedPropertyMethodSelector.cs
- ManagementInstaller.cs
- Timer.cs
- ProtocolsConfigurationHandler.cs
- UIElement3DAutomationPeer.cs
- RepeatButtonAutomationPeer.cs
- VBIdentifierDesigner.xaml.cs
- ControlBindingsConverter.cs
- DataGridColumnCollection.cs
- VariableDesigner.xaml.cs
- WebPartMovingEventArgs.cs
- ContextDataSourceContextData.cs
- TraceHandlerErrorFormatter.cs
- KeysConverter.cs
- RouteTable.cs
- SynchronizationScope.cs
- WebSysDisplayNameAttribute.cs
- _TLSstream.cs
- SQLBytesStorage.cs
- MethodBody.cs
- FocusWithinProperty.cs
- RenderCapability.cs
- XPathMultyIterator.cs
- RepeatInfo.cs
- EndpointInfoCollection.cs
- BoundField.cs
- QuaternionAnimationBase.cs
- DefaultParameterValueAttribute.cs
- WorkflowInstanceExtensionManager.cs
- HttpCacheVary.cs
- AssemblyCache.cs