Code:
/ FXUpdate3074 / FXUpdate3074 / 1.1 / untmp / whidbey / QFE / ndp / clr / src / BCL / System / Security / PermissionSetTriple.cs / 4 / PermissionSetTriple.cs
// ==++== // // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== /*============================================================================== ** ** Class: PermissionSetTriple ** ** Purpose: Container class for holding an AppDomain's Grantset and Refused sets. ** Also used for CompressedStacks which brings in the third PermissionSet. ** Hence, the name PermissionSetTriple. ** =============================================================================*/ namespace System.Security { using IEnumerator = System.Collections.IEnumerator; using System.Security; using System.Security.Permissions; using System.Runtime.InteropServices; [Serializable()] sealed internal class PermissionSetTriple { unsafe static private RuntimeMethodHandle s_emptyRMH = new RuntimeMethodHandle(null); static private PermissionToken s_zoneToken; static private PermissionToken s_urlToken; internal PermissionSet AssertSet; internal PermissionSet GrantSet; internal PermissionSet RefusedSet; internal PermissionSetTriple() { Reset(); } internal PermissionSetTriple(PermissionSetTriple triple) { this.AssertSet = triple.AssertSet; this.GrantSet = triple.GrantSet; this.RefusedSet = triple.RefusedSet; } internal void Reset() { AssertSet = null; GrantSet = null; RefusedSet = null; } internal bool IsEmpty() { return (AssertSet == null && GrantSet == null && RefusedSet == null); } private PermissionToken ZoneToken { get { if (s_zoneToken == null) s_zoneToken = PermissionToken.GetToken(typeof(ZoneIdentityPermission)); return s_zoneToken; } } private PermissionToken UrlToken { get { if (s_urlToken == null) s_urlToken = PermissionToken.GetToken(typeof(UrlIdentityPermission)); return s_urlToken; } } internal bool Update(PermissionSetTriple psTriple, out PermissionSetTriple retTriple) { retTriple = null; // Special case: unrestricted assertt. Note: dcs.Assert.IsUnrestricted => dcs.Grant.IsUnrestricted if (psTriple.AssertSet != null && psTriple.AssertSet.IsUnrestricted()) { return true; // stop construction } retTriple = UpdateAssert(psTriple.AssertSet); UpdateGrant(psTriple.GrantSet); UpdateRefused(psTriple.RefusedSet); return false; } internal PermissionSetTriple UpdateAssert(PermissionSet in_a) { PermissionSetTriple retTriple = null; if (in_a != null) { BCLDebug.Assert((!in_a.IsUnrestricted()), "Cannot be unrestricted here"); // if we're already assertting in_a, nothing to do if (in_a.IsSubsetOf(AssertSet)) return null; PermissionSet retPs; if (GrantSet != null) retPs = in_a.Intersect(GrantSet); // Restrict the assertt to what we've already been granted else { GrantSet = new PermissionSet(true); retPs = in_a.Copy(); // Currently unrestricted Grant: assertt the whole assertt set } bool bFailedToCompress; // removes anything that is already in the refused set from the assertt set retPs = PermissionSet.RemoveRefusedPermissionSet(retPs, RefusedSet, out bFailedToCompress); if (!bFailedToCompress) bFailedToCompress = PermissionSet.IsIntersectingAssertedPermissions(retPs, AssertSet); if (bFailedToCompress) { retTriple = new PermissionSetTriple(this); this.Reset(); this.GrantSet = retTriple.GrantSet.Copy(); } if (AssertSet == null) AssertSet = retPs; else AssertSet.InplaceUnion(retPs); } return retTriple; } internal void UpdateGrant(PermissionSet in_g, out ZoneIdentityPermission z,out UrlIdentityPermission u) { z = null; u = null; if (in_g != null) { if (GrantSet == null) GrantSet = in_g.Copy(); else GrantSet.InplaceIntersect(in_g); z = (ZoneIdentityPermission)in_g.GetPermission(ZoneToken); u = (UrlIdentityPermission)in_g.GetPermission(UrlToken); } } internal void UpdateGrant(PermissionSet in_g) { if (in_g != null) { if (GrantSet == null) GrantSet = in_g.Copy(); else GrantSet.InplaceIntersect(in_g); } } internal void UpdateRefused(PermissionSet in_r) { if (in_r != null) { if (RefusedSet == null) RefusedSet = in_r.Copy(); else RefusedSet.InplaceUnion(in_r); } } static bool CheckAssert(PermissionSet pSet, CodeAccessPermission demand, PermissionToken permToken) { if (pSet != null) { pSet.CheckDecoded(demand, permToken); CodeAccessPermission perm = (CodeAccessPermission)pSet.GetPermission(demand); // If the assertt set does contain the demanded permission, halt the stackwalk try { if ((pSet.IsUnrestricted() && demand.CanUnrestrictedOverride()) || demand.CheckAssert(perm)) { return SecurityRuntime.StackHalt; } } catch (ArgumentException) { } } return SecurityRuntime.StackContinue; } static bool CheckAssert(PermissionSet asserttPset, PermissionSet demandSet, out PermissionSet newDemandSet) { newDemandSet = null; if (asserttPset!= null) { asserttPset.CheckDecoded(demandSet); // If this frame assertts a superset of the demand set we're done if (demandSet.CheckAssertion(asserttPset)) return SecurityRuntime.StackHalt; PermissionSet.RemoveAssertedPermissionSet(demandSet, asserttPset, out newDemandSet); } return SecurityRuntime.StackContinue; } internal bool CheckDemand(CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandle rmh) { if (CheckAssert(AssertSet, demand, permToken) == SecurityRuntime.StackHalt) return SecurityRuntime.StackHalt; CodeAccessSecurityEngine.CheckHelper(GrantSet, RefusedSet, demand, permToken, rmh, null, SecurityAction.Demand, true); return SecurityRuntime.StackContinue; } internal bool CheckSetDemand(PermissionSet demandSet , out PermissionSet alteredDemandset, RuntimeMethodHandle rmh) { alteredDemandset = null; if (CheckAssert(AssertSet, demandSet, out alteredDemandset) == SecurityRuntime.StackHalt) return SecurityRuntime.StackHalt; if (alteredDemandset != null) demandSet = alteredDemandset; // CodeAccessSecurityEngine.CheckSetHelper(GrantSet, RefusedSet, demandSet, rmh, null, SecurityAction.Demand, true); return SecurityRuntime.StackContinue; } internal bool CheckDemandNoThrow(CodeAccessPermission demand, PermissionToken permToken) { BCLDebug.Assert(AssertSet == null, "AssertSet not null"); return CodeAccessSecurityEngine.CheckHelper(GrantSet, RefusedSet, demand, permToken, s_emptyRMH, null, SecurityAction.Demand, false); } internal bool CheckSetDemandNoThrow(PermissionSet demandSet) { BCLDebug.Assert(AssertSet == null, "AssertSet not null"); return CodeAccessSecurityEngine.CheckSetHelper(GrantSet, RefusedSet, demandSet, s_emptyRMH, null, SecurityAction.Demand, false); } ////// Check to see if the triple satisfies a demand for the permission represented by the flag. /// ////// If the triple assertts for one of the bits in the flags, it is zeroed out. /// /// set of flags to internal bool CheckFlags(ref int flags) { if (AssertSet != null) { // remove any permissions which were assertted for int asserttFlags = SecurityManager.GetSpecialFlags(AssertSet, null); if ((flags & asserttFlags) != 0) flags = flags & ~asserttFlags; } return (SecurityManager.GetSpecialFlags(GrantSet, RefusedSet) & flags) == flags; } } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007. // Copyright (c) Microsoft Corporation. All rights reserved.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- CloudCollection.cs
- LockedBorderGlyph.cs
- DiscoveryClientChannelBase.cs
- StylusCollection.cs
- ArgumentNullException.cs
- AuthenticationConfig.cs
- WindowsProgressbar.cs
- SQLMoney.cs
- AssemblyAttributesGoHere.cs
- safemediahandle.cs
- WebServiceEnumData.cs
- ToolStripTextBox.cs
- QueryTaskGroupState.cs
- HtmlAnchor.cs
- SoapProtocolReflector.cs
- XmlReturnWriter.cs
- ContravarianceAdapter.cs
- UrlEncodedParameterWriter.cs
- PenThreadPool.cs
- PropagatorResult.cs
- _UncName.cs
- UnsafeNativeMethods.cs
- X509SecurityTokenAuthenticator.cs
- SafeArrayTypeMismatchException.cs
- WebServiceMethodData.cs
- XmlWriter.cs
- HostVisual.cs
- Clock.cs
- RemotingHelper.cs
- StorageConditionPropertyMapping.cs
- Control.cs
- CheckPair.cs
- MemberDescriptor.cs
- DataBindingExpressionBuilder.cs
- ServicePointManagerElement.cs
- BooleanExpr.cs
- BoundField.cs
- EntityContainerAssociationSet.cs
- StatusBarPanel.cs
- DataViewManager.cs
- ExcludePathInfo.cs
- DataSvcMapFile.cs
- NodeInfo.cs
- CompiledIdentityConstraint.cs
- SQLInt16Storage.cs
- DataSourceGroupCollection.cs
- ReferencedAssembly.cs
- ObjectListTitleAttribute.cs
- DataServiceRequestException.cs
- BoolLiteral.cs
- SocketConnection.cs
- KeyGestureValueSerializer.cs
- BinaryCommonClasses.cs
- UnionCqlBlock.cs
- updateconfighost.cs
- AutomationPropertyInfo.cs
- ChannelServices.cs
- FormViewInsertedEventArgs.cs
- Script.cs
- EncryptedReference.cs
- ConvertEvent.cs
- ToolStripPanelRenderEventArgs.cs
- WinEventTracker.cs
- DataGridViewHeaderCell.cs
- XmlCustomFormatter.cs
- HttpDebugHandler.cs
- XPathSelfQuery.cs
- InfoCardRSACryptoProvider.cs
- AspProxy.cs
- XmlQualifiedNameTest.cs
- ItemDragEvent.cs
- FileSystemWatcher.cs
- ScriptReferenceBase.cs
- SafeFileMappingHandle.cs
- ResourcePermissionBaseEntry.cs
- StandardOleMarshalObject.cs
- ReturnEventArgs.cs
- XmlExpressionDumper.cs
- BufferBuilder.cs
- DesignerAdRotatorAdapter.cs
- MessageQueuePermissionAttribute.cs
- C14NUtil.cs
- ExpandableObjectConverter.cs
- ToolStripHighContrastRenderer.cs
- LambdaCompiler.Unary.cs
- MessageLoggingElement.cs
- WindowsTab.cs
- CompilerError.cs
- SimplePropertyEntry.cs
- XmlWellformedWriter.cs
- TokenBasedSet.cs
- Rotation3DAnimationUsingKeyFrames.cs
- FormViewCommandEventArgs.cs
- TextServicesManager.cs
- SqlConnectionHelper.cs
- ResourceKey.cs
- XmlSerializerVersionAttribute.cs
- SqlFlattener.cs
- RedirectionProxy.cs
- EdmItemError.cs