Code:
/ 4.0 / 4.0 / DEVDIV_TFS / Dev10 / Releases / RTMRel / ndp / clr / src / BCL / System / Security / PermissionSetTriple.cs / 1305376 / PermissionSetTriple.cs
// ==++== // // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== /*============================================================================== ** ** Class: PermissionSetTriple ** **[....] ** ** Purpose: Container class for holding an AppDomain's Grantset and Refused sets. ** Also used for CompressedStacks which brings in the third PermissionSet. ** Hence, the name PermissionSetTriple. ** =============================================================================*/ namespace System.Security { using IEnumerator = System.Collections.IEnumerator; using System.Security; using System.Security.Permissions; using System.Runtime.InteropServices; using System.Diagnostics.Contracts; [Serializable] sealed internal class PermissionSetTriple { static private PermissionToken s_zoneToken; static private PermissionToken s_urlToken; internal PermissionSet AssertSet; internal PermissionSet GrantSet; internal PermissionSet RefusedSet; internal PermissionSetTriple() { Reset(); } internal PermissionSetTriple(PermissionSetTriple triple) { this.AssertSet = triple.AssertSet; this.GrantSet = triple.GrantSet; this.RefusedSet = triple.RefusedSet; } internal void Reset() { AssertSet = null; GrantSet = null; RefusedSet = null; } internal bool IsEmpty() { return (AssertSet == null && GrantSet == null && RefusedSet == null); } private PermissionToken ZoneToken { [System.Security.SecurityCritical] // auto-generated get { if (s_zoneToken == null) s_zoneToken = PermissionToken.GetToken(typeof(ZoneIdentityPermission)); return s_zoneToken; } } private PermissionToken UrlToken { [System.Security.SecurityCritical] // auto-generated get { if (s_urlToken == null) s_urlToken = PermissionToken.GetToken(typeof(UrlIdentityPermission)); return s_urlToken; } } [System.Security.SecurityCritical] // auto-generated internal bool Update(PermissionSetTriple psTriple, out PermissionSetTriple retTriple) { retTriple = null; // Special case: unrestricted assert. Note: dcs.Assert.IsUnrestricted => dcs.Grant.IsUnrestricted if (psTriple.AssertSet != null && psTriple.AssertSet.IsUnrestricted()) { return true; // stop construction } retTriple = UpdateAssert(psTriple.AssertSet); UpdateGrant(psTriple.GrantSet); UpdateRefused(psTriple.RefusedSet); return false; } [System.Security.SecurityCritical] // auto-generated internal PermissionSetTriple UpdateAssert(PermissionSet in_a) { PermissionSetTriple retTriple = null; if (in_a != null) { Contract.Assert((!in_a.IsUnrestricted()), "Cannot be unrestricted here"); // if we're already asserting in_a, nothing to do if (in_a.IsSubsetOf(AssertSet)) return null; PermissionSet retPs; if (GrantSet != null) retPs = in_a.Intersect(GrantSet); // Restrict the assert to what we've already been granted else { GrantSet = new PermissionSet(true); retPs = in_a.Copy(); // Currently unrestricted Grant: assert the whole assert set } bool bFailedToCompress; // removes anything that is already in the refused set from the assert set retPs = PermissionSet.RemoveRefusedPermissionSet(retPs, RefusedSet, out bFailedToCompress); if (!bFailedToCompress) bFailedToCompress = PermissionSet.IsIntersectingAssertedPermissions(retPs, AssertSet); if (bFailedToCompress) { retTriple = new PermissionSetTriple(this); this.Reset(); this.GrantSet = retTriple.GrantSet.Copy(); } if (AssertSet == null) AssertSet = retPs; else AssertSet.InplaceUnion(retPs); } return retTriple; } [System.Security.SecurityCritical] // auto-generated internal void UpdateGrant(PermissionSet in_g, out ZoneIdentityPermission z,out UrlIdentityPermission u) { z = null; u = null; if (in_g != null) { if (GrantSet == null) GrantSet = in_g.Copy(); else GrantSet.InplaceIntersect(in_g); z = (ZoneIdentityPermission)in_g.GetPermission(ZoneToken); u = (UrlIdentityPermission)in_g.GetPermission(UrlToken); } } [System.Security.SecurityCritical] // auto-generated internal void UpdateGrant(PermissionSet in_g) { if (in_g != null) { if (GrantSet == null) GrantSet = in_g.Copy(); else GrantSet.InplaceIntersect(in_g); } } internal void UpdateRefused(PermissionSet in_r) { if (in_r != null) { if (RefusedSet == null) RefusedSet = in_r.Copy(); else RefusedSet.InplaceUnion(in_r); } } [System.Security.SecurityCritical] // auto-generated static bool CheckAssert(PermissionSet pSet, CodeAccessPermission demand, PermissionToken permToken) { if (pSet != null) { pSet.CheckDecoded(demand, permToken); CodeAccessPermission perm = (CodeAccessPermission)pSet.GetPermission(demand); // If the assert set does contain the demanded permission, halt the stackwalk try { if (pSet.IsUnrestricted() || demand.CheckAssert(perm)) { return SecurityRuntime.StackHalt; } } catch (ArgumentException) { } } return SecurityRuntime.StackContinue; } [System.Security.SecurityCritical] // auto-generated static bool CheckAssert(PermissionSet assertPset, PermissionSet demandSet, out PermissionSet newDemandSet) { newDemandSet = null; if (assertPset!= null) { assertPset.CheckDecoded(demandSet); // If this frame asserts a superset of the demand set we're done if (demandSet.CheckAssertion(assertPset)) return SecurityRuntime.StackHalt; PermissionSet.RemoveAssertedPermissionSet(demandSet, assertPset, out newDemandSet); } return SecurityRuntime.StackContinue; } [System.Security.SecurityCritical] // auto-generated internal bool CheckDemand(CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandleInternal rmh) { if (CheckAssert(AssertSet, demand, permToken) == SecurityRuntime.StackHalt) return SecurityRuntime.StackHalt; CodeAccessSecurityEngine.CheckHelper(GrantSet, RefusedSet, demand, permToken, rmh, null, SecurityAction.Demand, true); return SecurityRuntime.StackContinue; } [System.Security.SecurityCritical] // auto-generated internal bool CheckSetDemand(PermissionSet demandSet , out PermissionSet alteredDemandset, RuntimeMethodHandleInternal rmh) { alteredDemandset = null; if (CheckAssert(AssertSet, demandSet, out alteredDemandset) == SecurityRuntime.StackHalt) return SecurityRuntime.StackHalt; if (alteredDemandset != null) demandSet = alteredDemandset; // note that this does not modify demandSet external to this function. CodeAccessSecurityEngine.CheckSetHelper(GrantSet, RefusedSet, demandSet, rmh, null, SecurityAction.Demand, true); return SecurityRuntime.StackContinue; } [System.Security.SecurityCritical] // auto-generated internal bool CheckDemandNoThrow(CodeAccessPermission demand, PermissionToken permToken) { Contract.Assert(AssertSet == null, "AssertSet not null"); return CodeAccessSecurityEngine.CheckHelper(GrantSet, RefusedSet, demand, permToken, RuntimeMethodHandleInternal.EmptyHandle, null, SecurityAction.Demand, false); } [System.Security.SecurityCritical] // auto-generated internal bool CheckSetDemandNoThrow(PermissionSet demandSet) { Contract.Assert(AssertSet == null, "AssertSet not null"); return CodeAccessSecurityEngine.CheckSetHelper(GrantSet, RefusedSet, demandSet, RuntimeMethodHandleInternal.EmptyHandle, null, SecurityAction.Demand, false); } ////// Check to see if the triple satisfies a demand for the permission represented by the flag. /// ////// If the triple asserts for one of the bits in the flags, it is zeroed out. /// /// set of flags to check (See PermissionType) [System.Security.SecurityCritical] // auto-generated internal bool CheckFlags(ref int flags) { if (AssertSet != null) { // remove any permissions which were asserted for int assertFlags = SecurityManager.GetSpecialFlags(AssertSet, null); if ((flags & assertFlags) != 0) flags = flags & ~assertFlags; } return (SecurityManager.GetSpecialFlags(GrantSet, RefusedSet) & flags) == flags; } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007. // ==++== // // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== /*============================================================================== ** ** Class: PermissionSetTriple ** **[....] ** ** Purpose: Container class for holding an AppDomain's Grantset and Refused sets. ** Also used for CompressedStacks which brings in the third PermissionSet. ** Hence, the name PermissionSetTriple. ** =============================================================================*/ namespace System.Security { using IEnumerator = System.Collections.IEnumerator; using System.Security; using System.Security.Permissions; using System.Runtime.InteropServices; using System.Diagnostics.Contracts; [Serializable] sealed internal class PermissionSetTriple { static private PermissionToken s_zoneToken; static private PermissionToken s_urlToken; internal PermissionSet AssertSet; internal PermissionSet GrantSet; internal PermissionSet RefusedSet; internal PermissionSetTriple() { Reset(); } internal PermissionSetTriple(PermissionSetTriple triple) { this.AssertSet = triple.AssertSet; this.GrantSet = triple.GrantSet; this.RefusedSet = triple.RefusedSet; } internal void Reset() { AssertSet = null; GrantSet = null; RefusedSet = null; } internal bool IsEmpty() { return (AssertSet == null && GrantSet == null && RefusedSet == null); } private PermissionToken ZoneToken { [System.Security.SecurityCritical] // auto-generated get { if (s_zoneToken == null) s_zoneToken = PermissionToken.GetToken(typeof(ZoneIdentityPermission)); return s_zoneToken; } } private PermissionToken UrlToken { [System.Security.SecurityCritical] // auto-generated get { if (s_urlToken == null) s_urlToken = PermissionToken.GetToken(typeof(UrlIdentityPermission)); return s_urlToken; } } [System.Security.SecurityCritical] // auto-generated internal bool Update(PermissionSetTriple psTriple, out PermissionSetTriple retTriple) { retTriple = null; // Special case: unrestricted assert. Note: dcs.Assert.IsUnrestricted => dcs.Grant.IsUnrestricted if (psTriple.AssertSet != null && psTriple.AssertSet.IsUnrestricted()) { return true; // stop construction } retTriple = UpdateAssert(psTriple.AssertSet); UpdateGrant(psTriple.GrantSet); UpdateRefused(psTriple.RefusedSet); return false; } [System.Security.SecurityCritical] // auto-generated internal PermissionSetTriple UpdateAssert(PermissionSet in_a) { PermissionSetTriple retTriple = null; if (in_a != null) { Contract.Assert((!in_a.IsUnrestricted()), "Cannot be unrestricted here"); // if we're already asserting in_a, nothing to do if (in_a.IsSubsetOf(AssertSet)) return null; PermissionSet retPs; if (GrantSet != null) retPs = in_a.Intersect(GrantSet); // Restrict the assert to what we've already been granted else { GrantSet = new PermissionSet(true); retPs = in_a.Copy(); // Currently unrestricted Grant: assert the whole assert set } bool bFailedToCompress; // removes anything that is already in the refused set from the assert set retPs = PermissionSet.RemoveRefusedPermissionSet(retPs, RefusedSet, out bFailedToCompress); if (!bFailedToCompress) bFailedToCompress = PermissionSet.IsIntersectingAssertedPermissions(retPs, AssertSet); if (bFailedToCompress) { retTriple = new PermissionSetTriple(this); this.Reset(); this.GrantSet = retTriple.GrantSet.Copy(); } if (AssertSet == null) AssertSet = retPs; else AssertSet.InplaceUnion(retPs); } return retTriple; } [System.Security.SecurityCritical] // auto-generated internal void UpdateGrant(PermissionSet in_g, out ZoneIdentityPermission z,out UrlIdentityPermission u) { z = null; u = null; if (in_g != null) { if (GrantSet == null) GrantSet = in_g.Copy(); else GrantSet.InplaceIntersect(in_g); z = (ZoneIdentityPermission)in_g.GetPermission(ZoneToken); u = (UrlIdentityPermission)in_g.GetPermission(UrlToken); } } [System.Security.SecurityCritical] // auto-generated internal void UpdateGrant(PermissionSet in_g) { if (in_g != null) { if (GrantSet == null) GrantSet = in_g.Copy(); else GrantSet.InplaceIntersect(in_g); } } internal void UpdateRefused(PermissionSet in_r) { if (in_r != null) { if (RefusedSet == null) RefusedSet = in_r.Copy(); else RefusedSet.InplaceUnion(in_r); } } [System.Security.SecurityCritical] // auto-generated static bool CheckAssert(PermissionSet pSet, CodeAccessPermission demand, PermissionToken permToken) { if (pSet != null) { pSet.CheckDecoded(demand, permToken); CodeAccessPermission perm = (CodeAccessPermission)pSet.GetPermission(demand); // If the assert set does contain the demanded permission, halt the stackwalk try { if (pSet.IsUnrestricted() || demand.CheckAssert(perm)) { return SecurityRuntime.StackHalt; } } catch (ArgumentException) { } } return SecurityRuntime.StackContinue; } [System.Security.SecurityCritical] // auto-generated static bool CheckAssert(PermissionSet assertPset, PermissionSet demandSet, out PermissionSet newDemandSet) { newDemandSet = null; if (assertPset!= null) { assertPset.CheckDecoded(demandSet); // If this frame asserts a superset of the demand set we're done if (demandSet.CheckAssertion(assertPset)) return SecurityRuntime.StackHalt; PermissionSet.RemoveAssertedPermissionSet(demandSet, assertPset, out newDemandSet); } return SecurityRuntime.StackContinue; } [System.Security.SecurityCritical] // auto-generated internal bool CheckDemand(CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandleInternal rmh) { if (CheckAssert(AssertSet, demand, permToken) == SecurityRuntime.StackHalt) return SecurityRuntime.StackHalt; CodeAccessSecurityEngine.CheckHelper(GrantSet, RefusedSet, demand, permToken, rmh, null, SecurityAction.Demand, true); return SecurityRuntime.StackContinue; } [System.Security.SecurityCritical] // auto-generated internal bool CheckSetDemand(PermissionSet demandSet , out PermissionSet alteredDemandset, RuntimeMethodHandleInternal rmh) { alteredDemandset = null; if (CheckAssert(AssertSet, demandSet, out alteredDemandset) == SecurityRuntime.StackHalt) return SecurityRuntime.StackHalt; if (alteredDemandset != null) demandSet = alteredDemandset; // note that this does not modify demandSet external to this function. CodeAccessSecurityEngine.CheckSetHelper(GrantSet, RefusedSet, demandSet, rmh, null, SecurityAction.Demand, true); return SecurityRuntime.StackContinue; } [System.Security.SecurityCritical] // auto-generated internal bool CheckDemandNoThrow(CodeAccessPermission demand, PermissionToken permToken) { Contract.Assert(AssertSet == null, "AssertSet not null"); return CodeAccessSecurityEngine.CheckHelper(GrantSet, RefusedSet, demand, permToken, RuntimeMethodHandleInternal.EmptyHandle, null, SecurityAction.Demand, false); } [System.Security.SecurityCritical] // auto-generated internal bool CheckSetDemandNoThrow(PermissionSet demandSet) { Contract.Assert(AssertSet == null, "AssertSet not null"); return CodeAccessSecurityEngine.CheckSetHelper(GrantSet, RefusedSet, demandSet, RuntimeMethodHandleInternal.EmptyHandle, null, SecurityAction.Demand, false); } ////// Check to see if the triple satisfies a demand for the permission represented by the flag. /// ////// If the triple asserts for one of the bits in the flags, it is zeroed out. /// /// set of flags to check (See PermissionType) [System.Security.SecurityCritical] // auto-generated internal bool CheckFlags(ref int flags) { if (AssertSet != null) { // remove any permissions which were asserted for int assertFlags = SecurityManager.GetSpecialFlags(AssertSet, null); if ((flags & assertFlags) != 0) flags = flags & ~assertFlags; } return (SecurityManager.GetSpecialFlags(GrantSet, RefusedSet) & flags) == flags; } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- MetadataPropertyCollection.cs
- AsyncStreamReader.cs
- UnsafeNativeMethods.cs
- AvtEvent.cs
- AttributedMetaModel.cs
- XmlSubtreeReader.cs
- SortedDictionary.cs
- PolicyAssertionCollection.cs
- ReaderWriterLock.cs
- SessionSwitchEventArgs.cs
- SemanticResultValue.cs
- CompositeKey.cs
- CompoundFileStorageReference.cs
- PointCollection.cs
- BrowserDefinitionCollection.cs
- storepermission.cs
- EmptyEnumerator.cs
- ContractMapping.cs
- DropShadowBitmapEffect.cs
- Scheduler.cs
- SmiMetaDataProperty.cs
- DrawListViewColumnHeaderEventArgs.cs
- DrawingCollection.cs
- BordersPage.cs
- VirtualDirectoryMappingCollection.cs
- FlowDocumentReader.cs
- WindowsPen.cs
- HostingPreferredMapPath.cs
- GridViewCancelEditEventArgs.cs
- ApplicationFileParser.cs
- UserThread.cs
- ObjectListDesigner.cs
- PagePropertiesChangingEventArgs.cs
- BamlResourceContent.cs
- TraceHandlerErrorFormatter.cs
- System.Data_BID.cs
- ButtonField.cs
- XmlCDATASection.cs
- WindowsFormsHostPropertyMap.cs
- SqlClientWrapperSmiStreamChars.cs
- RequestQueryProcessor.cs
- XmlArrayItemAttributes.cs
- SnapshotChangeTrackingStrategy.cs
- ColumnCollection.cs
- ObjectAnimationUsingKeyFrames.cs
- UnionCodeGroup.cs
- AnchoredBlock.cs
- ChangeInterceptorAttribute.cs
- NamespaceDisplayAutomationPeer.cs
- DataContractJsonSerializerOperationBehavior.cs
- HierarchicalDataSourceControl.cs
- LostFocusEventManager.cs
- BackgroundWorker.cs
- HtmlInputPassword.cs
- SafeFileMappingHandle.cs
- DataColumnPropertyDescriptor.cs
- CaseInsensitiveComparer.cs
- Sequence.cs
- PropertyExpression.cs
- SvcMapFileLoader.cs
- Parser.cs
- Journaling.cs
- LiteralControl.cs
- XmlNodeChangedEventManager.cs
- Constant.cs
- SqlDataSourceSelectingEventArgs.cs
- AudioSignalProblemOccurredEventArgs.cs
- CompiledELinqQueryState.cs
- ValidationRule.cs
- TransferMode.cs
- PropertyValidationContext.cs
- DefaultValueTypeConverter.cs
- WizardStepBase.cs
- SHA512Managed.cs
- MultitargetUtil.cs
- UserCancellationException.cs
- StorageInfo.cs
- CodeStatementCollection.cs
- FixUp.cs
- NameValueSectionHandler.cs
- XMLUtil.cs
- ObjectAssociationEndMapping.cs
- ToolZone.cs
- DataGridPageChangedEventArgs.cs
- HttpListenerException.cs
- SortableBindingList.cs
- PropertyChange.cs
- GroupItemAutomationPeer.cs
- _DigestClient.cs
- DataControlImageButton.cs
- TdsParserStateObject.cs
- RenderDataDrawingContext.cs
- DataAdapter.cs
- FontWeightConverter.cs
- SortDescriptionCollection.cs
- ThaiBuddhistCalendar.cs
- DataSourceHelper.cs
- CLRBindingWorker.cs
- Debugger.cs
- RtfToken.cs