Code:
/ 4.0 / 4.0 / DEVDIV_TFS / Dev10 / Releases / RTMRel / ndp / clr / src / BCL / System / Security / Policy / PEFileEvidenceFactory.cs / 1305376 / PEFileEvidenceFactory.cs
// ==++== // // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== //[....] // using System; using System.Collections; using System.Collections.Generic; using System.Diagnostics.Contracts; using System.IO; using System.Reflection; using System.Runtime.CompilerServices; using System.Runtime.ConstrainedExecution; using System.Runtime.InteropServices; using System.Runtime.Serialization.Formatters.Binary; using System.Security; using System.Security.Cryptography.X509Certificates; using System.Security.Policy; using System.Security.Permissions; using Microsoft.Win32.SafeHandles; namespace System.Security.Policy { ////// Arguments to the ETW evidence generation event. This enumeration should be kept in [....] with /// the VM enumeration EvidenceType in SecurityPolicy.h. /// internal enum EvidenceTypeGenerated { AssemblySupplied, Gac, Hash, PermissionRequest, Publisher, Site, StrongName, Url, Zone } ////// Factory class which can create evidence on demand for a VM PEFile /// internal sealed class PEFileEvidenceFactory : IRuntimeEvidenceFactory { [System.Security.SecurityCritical /*auto-generated*/] private SafePEFileHandle m_peFile; private Listm_assemblyProvidedEvidence; // Since all three of these evidence objects are generated from the same source data, we'll generate // all three when we're asked for any one of them and save them around in case we're asked for the // others. bool m_generatedLocationEvidence; private Site m_siteEvidence; private Url m_urlEvidence; private Zone m_zoneEvidence; [SecurityCritical] private PEFileEvidenceFactory(SafePEFileHandle peFile) { Contract.Assert(peFile != null && !peFile.IsClosed && !peFile.IsInvalid); m_peFile = peFile; } /// /// PEFile * that we generate evidence for /// internal SafePEFileHandle PEFile { [SecurityCritical] get { return m_peFile; } } ////// Object the supplied evidence is for /// public IEvidenceFactory Target { // Since the CLR does not have a PEFile abstraction and this PEFile may not have an associated // assembly if we're early in runtime startup, there is no valid target object to return here. get { return null; } } ////// Generate an evidence collection the PE file. This is called from the the VM in /// SecurityDescriptor::GetEvidenceForPEFile. /// [SecurityCritical] private static Evidence CreateSecurityIdentity(SafePEFileHandle peFile, Evidence hostProvidedEvidence) { PEFileEvidenceFactory evidenceFactory = new PEFileEvidenceFactory(peFile); Evidence evidence = new Evidence(evidenceFactory); // If the host (caller of Assembly.Load) provided evidence, merge it with the evidence we've just // created. The host evidence takes priority. if (hostProvidedEvidence != null) { evidence.MergeWithNoDuplicates(hostProvidedEvidence); } return evidence; } [DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode)] [SecurityCritical] [SuppressUnmanagedCodeSecurity] private static extern void FireEvidenceGeneratedEvent(SafePEFileHandle peFile, EvidenceTypeGenerated type); ////// Fire an ETW event indicating that a piece of evidence has been generated. Evidence that is /// generated in the VM fires this event without a seperate call to this method, however /// evidence types generated in the BCL, such as GacInstalled, need to call this directly. /// [SecuritySafeCritical] internal void FireEvidenceGeneratedEvent(EvidenceTypeGenerated type) { FireEvidenceGeneratedEvent(m_peFile, type); } [DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode)] [SecurityCritical] [SuppressUnmanagedCodeSecurity] private static extern void GetAssemblySuppliedEvidence(SafePEFileHandle peFile, ObjectHandleOnStack retSerializedEvidence); ////// Get any evidence that was serialized into the PE File /// [SecuritySafeCritical] public IEnumerableGetFactorySuppliedEvidence() { if (m_assemblyProvidedEvidence == null) { byte[] serializedEvidence = null; GetAssemblySuppliedEvidence(m_peFile, JitHelpers.GetObjectHandleOnStack(ref serializedEvidence)); m_assemblyProvidedEvidence = new List (); if (serializedEvidence != null) { Evidence deserializedEvidence = new Evidence(); // Partial trust assemblies can provide their own evidence, so make sure that we have // permission to deserialize it new SecurityPermission(SecurityPermissionFlag.SerializationFormatter).Assert(); try { BinaryFormatter formatter = new BinaryFormatter(); using (MemoryStream ms = new MemoryStream(serializedEvidence)) { deserializedEvidence = (Evidence)formatter.Deserialize(ms); } } catch { /* Ignore any errors deserializing */ } CodeAccessPermission.RevertAssert(); // Enumerate the assembly evidence, ignoring any host evidence supplied. Since we // could be loading a Whidbey assembly, we need to use the old GetAssemblyEnumerator // API and deal with objects instead of EvidenceBases. if (deserializedEvidence != null) { IEnumerator enumerator = deserializedEvidence.GetAssemblyEnumerator(); while (enumerator.MoveNext()) { if (enumerator.Current != null) { // If this is a legacy evidence object, we need to wrap it before // returning it. EvidenceBase currentEvidence = enumerator.Current as EvidenceBase; if (currentEvidence == null) { currentEvidence = new LegacyEvidenceWrapper(enumerator.Current); } m_assemblyProvidedEvidence.Add(currentEvidence); } } } } } return m_assemblyProvidedEvidence; } [DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode)] [SecurityCritical] [SuppressUnmanagedCodeSecurity] private static extern void GetLocationEvidence(SafePEFileHandle peFile, [Out] out SecurityZone zone, StringHandleOnStack retUrl); [DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode)] [SecurityCritical] [SuppressUnmanagedCodeSecurity] private static extern void GetPublisherCertificate(SafePEFileHandle peFile, ObjectHandleOnStack retCertificate); /// /// Called to generate different types of evidence on demand /// public EvidenceBase GenerateEvidence(Type evidenceType) { if (evidenceType == typeof(Site)) { return GenerateSiteEvidence(); } else if (evidenceType == typeof(Url)) { return GenerateUrlEvidence(); } else if (evidenceType == typeof(Zone)) { return GenerateZoneEvidence(); } else if (evidenceType == typeof(Publisher)) { return GeneratePublisherEvidence(); } return null; } ////// Generate Site, Url, and Zone evidence for this file. /// [SecuritySafeCritical] private void GenerateLocationEvidence() { if (!m_generatedLocationEvidence) { SecurityZone securityZone = SecurityZone.NoZone; string url = null; GetLocationEvidence(m_peFile, out securityZone, JitHelpers.GetStringHandleOnStack(ref url)); if (securityZone != SecurityZone.NoZone) { m_zoneEvidence = new Zone(securityZone); } if (!String.IsNullOrEmpty(url)) { m_urlEvidence = new Url(url, true); // We only create site evidence if the URL does not with file: if (!url.StartsWith("file:", StringComparison.OrdinalIgnoreCase)) { m_siteEvidence = Site.CreateFromUrl(url); } } m_generatedLocationEvidence = true; } } ////// Generate evidence for the file's Authenticode signature /// [SecuritySafeCritical] private Publisher GeneratePublisherEvidence() { byte[] certificate = null; GetPublisherCertificate(m_peFile, JitHelpers.GetObjectHandleOnStack(ref certificate)); if (certificate == null) { return null; } return new Publisher(new X509Certificate(certificate)); } ////// Generate evidence for the site this file was loaded from /// private Site GenerateSiteEvidence() { if (m_siteEvidence == null) { GenerateLocationEvidence(); } return m_siteEvidence; } ////// Generate evidence for the URL this file was loaded from /// private Url GenerateUrlEvidence() { if (m_urlEvidence == null) { GenerateLocationEvidence(); } return m_urlEvidence; } ////// Generate evidence for the zone this file was loaded from /// private Zone GenerateZoneEvidence() { if (m_zoneEvidence == null) { GenerateLocationEvidence(); } return m_zoneEvidence; } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007. // ==++== // // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== //[....] // using System; using System.Collections; using System.Collections.Generic; using System.Diagnostics.Contracts; using System.IO; using System.Reflection; using System.Runtime.CompilerServices; using System.Runtime.ConstrainedExecution; using System.Runtime.InteropServices; using System.Runtime.Serialization.Formatters.Binary; using System.Security; using System.Security.Cryptography.X509Certificates; using System.Security.Policy; using System.Security.Permissions; using Microsoft.Win32.SafeHandles; namespace System.Security.Policy { ////// Arguments to the ETW evidence generation event. This enumeration should be kept in [....] with /// the VM enumeration EvidenceType in SecurityPolicy.h. /// internal enum EvidenceTypeGenerated { AssemblySupplied, Gac, Hash, PermissionRequest, Publisher, Site, StrongName, Url, Zone } ////// Factory class which can create evidence on demand for a VM PEFile /// internal sealed class PEFileEvidenceFactory : IRuntimeEvidenceFactory { [System.Security.SecurityCritical /*auto-generated*/] private SafePEFileHandle m_peFile; private Listm_assemblyProvidedEvidence; // Since all three of these evidence objects are generated from the same source data, we'll generate // all three when we're asked for any one of them and save them around in case we're asked for the // others. bool m_generatedLocationEvidence; private Site m_siteEvidence; private Url m_urlEvidence; private Zone m_zoneEvidence; [SecurityCritical] private PEFileEvidenceFactory(SafePEFileHandle peFile) { Contract.Assert(peFile != null && !peFile.IsClosed && !peFile.IsInvalid); m_peFile = peFile; } /// /// PEFile * that we generate evidence for /// internal SafePEFileHandle PEFile { [SecurityCritical] get { return m_peFile; } } ////// Object the supplied evidence is for /// public IEvidenceFactory Target { // Since the CLR does not have a PEFile abstraction and this PEFile may not have an associated // assembly if we're early in runtime startup, there is no valid target object to return here. get { return null; } } ////// Generate an evidence collection the PE file. This is called from the the VM in /// SecurityDescriptor::GetEvidenceForPEFile. /// [SecurityCritical] private static Evidence CreateSecurityIdentity(SafePEFileHandle peFile, Evidence hostProvidedEvidence) { PEFileEvidenceFactory evidenceFactory = new PEFileEvidenceFactory(peFile); Evidence evidence = new Evidence(evidenceFactory); // If the host (caller of Assembly.Load) provided evidence, merge it with the evidence we've just // created. The host evidence takes priority. if (hostProvidedEvidence != null) { evidence.MergeWithNoDuplicates(hostProvidedEvidence); } return evidence; } [DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode)] [SecurityCritical] [SuppressUnmanagedCodeSecurity] private static extern void FireEvidenceGeneratedEvent(SafePEFileHandle peFile, EvidenceTypeGenerated type); ////// Fire an ETW event indicating that a piece of evidence has been generated. Evidence that is /// generated in the VM fires this event without a seperate call to this method, however /// evidence types generated in the BCL, such as GacInstalled, need to call this directly. /// [SecuritySafeCritical] internal void FireEvidenceGeneratedEvent(EvidenceTypeGenerated type) { FireEvidenceGeneratedEvent(m_peFile, type); } [DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode)] [SecurityCritical] [SuppressUnmanagedCodeSecurity] private static extern void GetAssemblySuppliedEvidence(SafePEFileHandle peFile, ObjectHandleOnStack retSerializedEvidence); ////// Get any evidence that was serialized into the PE File /// [SecuritySafeCritical] public IEnumerableGetFactorySuppliedEvidence() { if (m_assemblyProvidedEvidence == null) { byte[] serializedEvidence = null; GetAssemblySuppliedEvidence(m_peFile, JitHelpers.GetObjectHandleOnStack(ref serializedEvidence)); m_assemblyProvidedEvidence = new List (); if (serializedEvidence != null) { Evidence deserializedEvidence = new Evidence(); // Partial trust assemblies can provide their own evidence, so make sure that we have // permission to deserialize it new SecurityPermission(SecurityPermissionFlag.SerializationFormatter).Assert(); try { BinaryFormatter formatter = new BinaryFormatter(); using (MemoryStream ms = new MemoryStream(serializedEvidence)) { deserializedEvidence = (Evidence)formatter.Deserialize(ms); } } catch { /* Ignore any errors deserializing */ } CodeAccessPermission.RevertAssert(); // Enumerate the assembly evidence, ignoring any host evidence supplied. Since we // could be loading a Whidbey assembly, we need to use the old GetAssemblyEnumerator // API and deal with objects instead of EvidenceBases. if (deserializedEvidence != null) { IEnumerator enumerator = deserializedEvidence.GetAssemblyEnumerator(); while (enumerator.MoveNext()) { if (enumerator.Current != null) { // If this is a legacy evidence object, we need to wrap it before // returning it. EvidenceBase currentEvidence = enumerator.Current as EvidenceBase; if (currentEvidence == null) { currentEvidence = new LegacyEvidenceWrapper(enumerator.Current); } m_assemblyProvidedEvidence.Add(currentEvidence); } } } } } return m_assemblyProvidedEvidence; } [DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode)] [SecurityCritical] [SuppressUnmanagedCodeSecurity] private static extern void GetLocationEvidence(SafePEFileHandle peFile, [Out] out SecurityZone zone, StringHandleOnStack retUrl); [DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode)] [SecurityCritical] [SuppressUnmanagedCodeSecurity] private static extern void GetPublisherCertificate(SafePEFileHandle peFile, ObjectHandleOnStack retCertificate); /// /// Called to generate different types of evidence on demand /// public EvidenceBase GenerateEvidence(Type evidenceType) { if (evidenceType == typeof(Site)) { return GenerateSiteEvidence(); } else if (evidenceType == typeof(Url)) { return GenerateUrlEvidence(); } else if (evidenceType == typeof(Zone)) { return GenerateZoneEvidence(); } else if (evidenceType == typeof(Publisher)) { return GeneratePublisherEvidence(); } return null; } ////// Generate Site, Url, and Zone evidence for this file. /// [SecuritySafeCritical] private void GenerateLocationEvidence() { if (!m_generatedLocationEvidence) { SecurityZone securityZone = SecurityZone.NoZone; string url = null; GetLocationEvidence(m_peFile, out securityZone, JitHelpers.GetStringHandleOnStack(ref url)); if (securityZone != SecurityZone.NoZone) { m_zoneEvidence = new Zone(securityZone); } if (!String.IsNullOrEmpty(url)) { m_urlEvidence = new Url(url, true); // We only create site evidence if the URL does not with file: if (!url.StartsWith("file:", StringComparison.OrdinalIgnoreCase)) { m_siteEvidence = Site.CreateFromUrl(url); } } m_generatedLocationEvidence = true; } } ////// Generate evidence for the file's Authenticode signature /// [SecuritySafeCritical] private Publisher GeneratePublisherEvidence() { byte[] certificate = null; GetPublisherCertificate(m_peFile, JitHelpers.GetObjectHandleOnStack(ref certificate)); if (certificate == null) { return null; } return new Publisher(new X509Certificate(certificate)); } ////// Generate evidence for the site this file was loaded from /// private Site GenerateSiteEvidence() { if (m_siteEvidence == null) { GenerateLocationEvidence(); } return m_siteEvidence; } ////// Generate evidence for the URL this file was loaded from /// private Url GenerateUrlEvidence() { if (m_urlEvidence == null) { GenerateLocationEvidence(); } return m_urlEvidence; } ////// Generate evidence for the zone this file was loaded from /// private Zone GenerateZoneEvidence() { if (m_zoneEvidence == null) { GenerateLocationEvidence(); } return m_zoneEvidence; } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- WebServiceHandler.cs
- EntitySetDataBindingList.cs
- XPathAncestorQuery.cs
- DataGridTextBox.cs
- WCFModelStrings.Designer.cs
- ConfigurationStrings.cs
- ConfigXmlCDataSection.cs
- ResourceExpressionBuilder.cs
- FileNotFoundException.cs
- ImmComposition.cs
- FormParameter.cs
- SafeRightsManagementHandle.cs
- PropertyOverridesDialog.cs
- WeakEventTable.cs
- UnsignedPublishLicense.cs
- NotifyInputEventArgs.cs
- TCEAdapterGenerator.cs
- XmlArrayItemAttributes.cs
- EraserBehavior.cs
- EditBehavior.cs
- TrustSection.cs
- CriticalHandle.cs
- HtmlShimManager.cs
- WorkflowLayouts.cs
- EventlogProvider.cs
- TextTreeInsertElementUndoUnit.cs
- ToolboxDataAttribute.cs
- XmlUtil.cs
- ServiceHttpModule.cs
- XmlUTF8TextReader.cs
- WindowCollection.cs
- SRGSCompiler.cs
- ReferenceSchema.cs
- ProjectionPlan.cs
- CheckBoxList.cs
- TextEditorDragDrop.cs
- SqlConnectionPoolProviderInfo.cs
- RegexParser.cs
- Ipv6Element.cs
- ToolStripContentPanel.cs
- NetTcpBinding.cs
- SystemFonts.cs
- VirtualDirectoryMapping.cs
- UdpChannelListener.cs
- StagingAreaInputItem.cs
- _CommandStream.cs
- MaterialCollection.cs
- DataTemplateSelector.cs
- EventLogPermission.cs
- StateRuntime.cs
- DistinctQueryOperator.cs
- BasicExpressionVisitor.cs
- HtmlShim.cs
- SequentialUshortCollection.cs
- ConfigurationConverterBase.cs
- RouteItem.cs
- XmlSchemaAnnotation.cs
- CompilerGeneratedAttribute.cs
- MessageAction.cs
- EndpointDiscoveryElement.cs
- UserControlCodeDomTreeGenerator.cs
- ToolStripMenuItem.cs
- SerializationException.cs
- BamlBinaryWriter.cs
- DomainLiteralReader.cs
- FontInfo.cs
- ScriptResourceInfo.cs
- CacheEntry.cs
- Stack.cs
- SynchronizationLockException.cs
- precedingquery.cs
- SpecialNameAttribute.cs
- Buffer.cs
- HttpCookiesSection.cs
- WebSysDescriptionAttribute.cs
- Grant.cs
- InstallerTypeAttribute.cs
- InvalidFilterCriteriaException.cs
- SafeFileMappingHandle.cs
- DiscardableAttribute.cs
- Font.cs
- NullPackagingPolicy.cs
- DataGridViewTextBoxEditingControl.cs
- RIPEMD160Managed.cs
- HyperLinkField.cs
- BrushMappingModeValidation.cs
- ColorMap.cs
- Baml2006KnownTypes.cs
- HttpServerVarsCollection.cs
- FacetChecker.cs
- RenderOptions.cs
- LowerCaseStringConverter.cs
- PropertyInformationCollection.cs
- LambdaCompiler.cs
- BaseTransportHeaders.cs
- ActivityCodeDomSerializer.cs
- GACIdentityPermission.cs
- SecurityPermission.cs
- ButtonBase.cs
- SecurityBindingElement.cs