AssemblyFilter.cs source code in C# .NET

                        
Code:
                         / 4.0 / 4.0 / untmp / DEVDIV_TFS / Dev10 / Releases / RTMRel / wpf / src / Framework / MS / Internal / AppModel / AssemblyFilter.cs / 1305600 / AssemblyFilter.cs
                        

                        
                            //---------------------------------------------------------------------------- 
//
// 
//    Copyright (C) Microsoft Corporation.  All rights reserved.
//  
//
// Description: 
//              This class is used to filter assemblies as they are loaded into an application domain. 
//              The intent is to bring the AppDomain down in the case that one of these is on a disallowed list
//              similar to the kill bit for Activex 
//
// History:
//  11/15/05: akaza     Created.
//--------------------------------------------------------------------------- 

using System; 
using System.Windows; 
using MS.Internal.PresentationFramework;
using System.Collections.Generic; 
using MS.Win32;
using Microsoft.Win32;
using System.Security;
using System.Security.Permissions; 
using System.Reflection;
using System.Text; 
using MS.Internal.AppModel; 
using MS.Internal;
using System.Windows.Resources; 
using System.Diagnostics;
using System.Runtime.InteropServices;

 
namespace MS.Internal
{ 
 
    internal class AssemblyFilter
    { 
        /// 
        ///     Critical: This code sets the allowed assemblies on AssemblyList
        ///     TreatAsSafe: Initializing the data is ok since it does not expose anything
        ///  
        [SecurityCritical,SecurityTreatAsSafe]
        static  AssemblyFilter() 
        { 
            _disallowedListExtracted = new SecurityCriticalDataForSet(false);
            _assemblyList = new SecurityCriticalDataForSet>(new System.Collections.Generic.List()); 
        }

        /// 
        ///     Critical: This code calls into unmanaged Api that has a SUC on this (IAssemblCache related) 
        /// 
        [SecurityCritical] 
        internal void FilterCallback(Object sender, AssemblyLoadEventArgs args) 
        {
            // This code is reentrant 
            lock (_lock)
            {
                // Extract assembly
                Assembly a = args.LoadedAssembly; 
                // xmlns cache loads assemblies as reflection only and we cannot inspect these using the code below
                // so we ignore also keeping this first is super important because the first time cost is really high 
                // other wise also we cannot do any processing on a reflection only assembly aside from reflection based actions 
                if (!a.ReflectionOnly)
                { 
                    // check if it is in the Gac , this ensures that we eliminate any non GAC assembly which are of no risk
                    if (a.GlobalAssemblyCache)
                    {
                        object[] aptca = a.GetCustomAttributes(typeof(AllowPartiallyTrustedCallersAttribute), false); 
                        // if the dll has APTCA
                        if (aptca.Length > 0 && aptca[0] is AllowPartiallyTrustedCallersAttribute) 
                        { 
                            string assemblyName = AssemblyNameWithFileVersion(a);
                            // If we are on the disallowed list kill the application domain 
                            if (AssemblyOnDisallowedList(assemblyName))
                            {
                                // Kill the application domain
                                UnsafeNativeMethods.ProcessUnhandledException_DLL(SR.Get(SRID.KillBitEnforcedShutdown) + assemblyName); 
                                // I want to ensure that the process really dies
                                new SecurityPermission(SecurityPermissionFlag.UnmanagedCode).Assert();//BlessedAssert 
                                try 
                                {
                                    System.Environment.Exit(-1); 
                                }
                                finally
                                {
                                    SecurityPermission.RevertAssert(); 
                                    Debug.Fail("Environment.Exit() failed.");
                                } 
                            } 
                        }
                    } 
                }
            }
        }
 
        //appends assembly name with file version to generate a unique entry for the assembly lookup process
        ///  
        ///     Critical: This code elevates to extract assembly name 
        /// 
        [SecurityCritical] 
        private string AssemblyNameWithFileVersion(Assembly a)
        {
            FileVersionInfo fileVersionInfo;
            StringBuilder sb = new StringBuilder(a.FullName); 
            // we need unrestricted here because the location is demands too.
            (new FileIOPermission(PermissionState.Unrestricted)).Assert();//BlessedAssert 
            try 
            {
                fileVersionInfo = FileVersionInfo.GetVersionInfo(a.Location); 
            }
            finally
            {
                FileIOPermission.RevertAssert(); 
            }
            if (fileVersionInfo != null && fileVersionInfo.ProductVersion != null) 
            { 
                sb.Append(FILEVERSION_STRING + fileVersionInfo.ProductVersion);
            } 
            return ((sb.ToString()).ToLower(System.Globalization.CultureInfo.InvariantCulture)).Trim();
        }

        ///  
        ///     Critical: This code populates _assemblyList with Disallowed Elements and sets the bit that dictates whether to repopulate it
        ///  
        [SecurityCritical] 
        private bool AssemblyOnDisallowedList(String assemblyToCheck)
        { 
            bool retVal = false;
            // if the list disallowed list is not populated populate it once
            if (_disallowedListExtracted.Value == false)
            { 
                // hit the registry one time and read
                ExtractDisallowedRegistryList(); 
                _disallowedListExtracted.Value = true; 
            }
            if (_assemblyList.Value.Contains(assemblyToCheck)) 
            {
                retVal = true;
            }
            return retVal; 
        }
 
        ///  
        ///     Critical: This code opens an HKLM registry location and reads it. We do not want
        ///     to call this over and over as it could cause performance issues 
        /// 
        [SecurityCritical]
        private  void ExtractDisallowedRegistryList()
        { 
            string[] disallowedAssemblies;
            RegistryKey featureKey; 
            //Assert for read access to HKLM\Software\Microsoft\.NetFramework\Policy\APTCA 
            (new RegistryPermission(RegistryPermissionAccess.Read, KILL_BIT_REGISTRY_HIVE + KILL_BIT_REGISTRY_LOCATION)).Assert();//BlessedAssert
            try 
            {
                // open the key and read the value
                featureKey = Registry.LocalMachine.OpenSubKey(KILL_BIT_REGISTRY_LOCATION);
                if (featureKey != null) 
                {
                    // Enumerate through all keys and populate dictionary 
                    disallowedAssemblies = featureKey.GetSubKeyNames(); 
                    // iterate over this list and for each extract the APTCA_FLAG value and set it in the
                    // dictionary 
                    foreach (string assemblyName in disallowedAssemblies)
                    {
                        featureKey = Registry.LocalMachine.OpenSubKey(KILL_BIT_REGISTRY_LOCATION + @"\" + assemblyName);
                        object keyValue = featureKey.GetValue(SUBKEY_VALUE); 
                        // if there exists a value and it is 1 add to hash table
                        if ((keyValue != null) && (int)(keyValue) == 1) 
                        { 
                            if (!_assemblyList.Value.Contains(assemblyName))
                            { 
                                _assemblyList.Value.Add(assemblyName.ToLower(System.Globalization.CultureInfo.InvariantCulture).Trim());
                            }
                        }
                    } 

                } 
            } 
            finally
            { 
                RegistryPermission.RevertAssert();
            }
        }
 
        /// 
        ///     Critical: This holds a list of assemblies that are on an allowed and disallowed list and can be exploited to load 
        ///     unsafe dll's into appdomain 
        /// 
        static SecurityCriticalDataForSet> _assemblyList; 

        /// 
        ///     Critical: This bit determines whether we need to hit the registry and load the disallowed elements.
        ///     We would like to see this happen only once per appdomain and delay it as much as possible 
        /// 
        static SecurityCriticalDataForSet _disallowedListExtracted; 
 
        static object _lock = new object();
 
        private const string FILEVERSION_STRING = @", FileVersion=";
        // This is the location in the registry where all the keys are stored
        private const string KILL_BIT_REGISTRY_HIVE = @"HKEY_LOCAL_MACHINE\";
        private const string KILL_BIT_REGISTRY_LOCATION = @"Software\Microsoft\.NetFramework\policy\APTCA"; 
        private const string SUBKEY_VALUE = @"APTCA_FLAG";
    } 
 
}

// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
// Copyright (c) Microsoft Corporation. All rights reserved.


                        

                        

                        
                        

Link Menu

This book is available now!
Buy at Amazon US or
Buy at Amazon UK

• TextHidden.cs
• PageThemeCodeDomTreeGenerator.cs
• NonParentingControl.cs
• WebResourceAttribute.cs
• ToolStripStatusLabel.cs
• ISessionStateStore.cs
• HandlerBase.cs
• CodeSubDirectoriesCollection.cs
• SmtpNetworkElement.cs
• ByteAnimationUsingKeyFrames.cs
• SelectionChangedEventArgs.cs
• AppDomainAttributes.cs
• Buffer.cs
• _ChunkParse.cs
• ControlIdConverter.cs
• LinearKeyFrames.cs
• TemplateComponentConnector.cs
• Row.cs
• TextModifier.cs
• StateMachineExecutionState.cs
• CommandValueSerializer.cs
• FormViewModeEventArgs.cs
• StringValidator.cs
• CodeTryCatchFinallyStatement.cs
• CriticalExceptions.cs
• BamlLocalizer.cs
• DeviceSpecificChoice.cs
• NestPullup.cs
• ToolStripItemTextRenderEventArgs.cs
• WebBrowserSiteBase.cs
• PersistenceTypeAttribute.cs
• PolicyLevel.cs
• Permission.cs
• ListSourceHelper.cs
• DataSourceView.cs
• Stopwatch.cs
• CancellationTokenRegistration.cs
• DbSetClause.cs
• SizeConverter.cs
• AutoGeneratedFieldProperties.cs
• BitmapFrameDecode.cs
• LineServicesRun.cs
• DocumentAutomationPeer.cs
• HtmlHistory.cs
• SocketInformation.cs
• SqlConnectionPoolProviderInfo.cs
• DomNameTable.cs
• IpcChannel.cs
• SecurityHeaderElementInferenceEngine.cs
• Help.cs
• SafeNativeMethods.cs
• SocketPermission.cs
• ContractHandle.cs
• UnknownBitmapDecoder.cs
• RemoteCryptoSignHashRequest.cs
• ResourceDisplayNameAttribute.cs
• DataControlCommands.cs
• TraceContextRecord.cs
• BuildResultCache.cs
• StyleReferenceConverter.cs
• PersonalizationEntry.cs
• StringFormat.cs
• LogAppendAsyncResult.cs
• ObfuscateAssemblyAttribute.cs
• ConnectionsZoneAutoFormat.cs
• SiteIdentityPermission.cs
• Formatter.cs
• XPathDocumentNavigator.cs
• GetPageNumberCompletedEventArgs.cs
• CfgArc.cs
• TreeNodeBindingCollection.cs
• Transform.cs
• ParameterToken.cs
• FieldDescriptor.cs
• ReflectionPermission.cs
• DisplayNameAttribute.cs
• ComboBoxDesigner.cs
• XmlAttributeCache.cs
• CompilationSection.cs
• FlowDocumentFormatter.cs
• ProcessRequestArgs.cs
• DeclaredTypeValidatorAttribute.cs
• CodeCastExpression.cs
• TreeNodeMouseHoverEvent.cs
• ExpressionBuilder.cs
• DataControlReferenceCollection.cs
• BitmapSourceSafeMILHandle.cs
• sqlstateclientmanager.cs
• PageThemeCodeDomTreeGenerator.cs
• FixedSOMPage.cs
• PageResolution.cs
• NavigatorInput.cs
• ClientScriptManagerWrapper.cs
• connectionpool.cs
• LinkButton.cs
• listitem.cs
• WebPartConnectionsConfigureVerb.cs
• ConditionedDesigner.cs
• SafePointer.cs
• TranslateTransform3D.cs