Code:
/ 4.0 / 4.0 / untmp / DEVDIV_TFS / Dev10 / Releases / RTMRel / ndp / clr / src / BCL / System / Security / Policy / PEFileEvidenceFactory.cs / 1305376 / PEFileEvidenceFactory.cs
// ==++==
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
// ==--==
// [....]
//
using System;
using System.Collections;
using System.Collections.Generic;
using System.Diagnostics.Contracts;
using System.IO;
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.ConstrainedExecution;
using System.Runtime.InteropServices;
using System.Runtime.Serialization.Formatters.Binary;
using System.Security;
using System.Security.Cryptography.X509Certificates;
using System.Security.Policy;
using System.Security.Permissions;
using Microsoft.Win32.SafeHandles;
namespace System.Security.Policy
{
///
/// Arguments to the ETW evidence generation event. This enumeration should be kept in [....] with
/// the VM enumeration EvidenceType in SecurityPolicy.h.
///
internal enum EvidenceTypeGenerated
{
AssemblySupplied,
Gac,
Hash,
PermissionRequest,
Publisher,
Site,
StrongName,
Url,
Zone
}
///
/// Factory class which can create evidence on demand for a VM PEFile
///
internal sealed class PEFileEvidenceFactory : IRuntimeEvidenceFactory
{
[System.Security.SecurityCritical /*auto-generated*/]
private SafePEFileHandle m_peFile;
private List m_assemblyProvidedEvidence;
// Since all three of these evidence objects are generated from the same source data, we'll generate
// all three when we're asked for any one of them and save them around in case we're asked for the
// others.
bool m_generatedLocationEvidence;
private Site m_siteEvidence;
private Url m_urlEvidence;
private Zone m_zoneEvidence;
[SecurityCritical]
private PEFileEvidenceFactory(SafePEFileHandle peFile)
{
Contract.Assert(peFile != null &&
!peFile.IsClosed &&
!peFile.IsInvalid);
m_peFile = peFile;
}
///
/// PEFile * that we generate evidence for
///
internal SafePEFileHandle PEFile
{
[SecurityCritical]
get { return m_peFile; }
}
///
/// Object the supplied evidence is for
///
public IEvidenceFactory Target
{
// Since the CLR does not have a PEFile abstraction and this PEFile may not have an associated
// assembly if we're early in runtime startup, there is no valid target object to return here.
get { return null; }
}
///
/// Generate an evidence collection the PE file. This is called from the the VM in
/// SecurityDescriptor::GetEvidenceForPEFile.
///
[SecurityCritical]
private static Evidence CreateSecurityIdentity(SafePEFileHandle peFile,
Evidence hostProvidedEvidence)
{
PEFileEvidenceFactory evidenceFactory = new PEFileEvidenceFactory(peFile);
Evidence evidence = new Evidence(evidenceFactory);
// If the host (caller of Assembly.Load) provided evidence, merge it with the evidence we've just
// created. The host evidence takes priority.
if (hostProvidedEvidence != null)
{
evidence.MergeWithNoDuplicates(hostProvidedEvidence);
}
return evidence;
}
[DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode)]
[SecurityCritical]
[SuppressUnmanagedCodeSecurity]
private static extern void FireEvidenceGeneratedEvent(SafePEFileHandle peFile,
EvidenceTypeGenerated type);
///
/// Fire an ETW event indicating that a piece of evidence has been generated. Evidence that is
/// generated in the VM fires this event without a seperate call to this method, however
/// evidence types generated in the BCL, such as GacInstalled, need to call this directly.
///
[SecuritySafeCritical]
internal void FireEvidenceGeneratedEvent(EvidenceTypeGenerated type)
{
FireEvidenceGeneratedEvent(m_peFile, type);
}
[DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode)]
[SecurityCritical]
[SuppressUnmanagedCodeSecurity]
private static extern void GetAssemblySuppliedEvidence(SafePEFileHandle peFile,
ObjectHandleOnStack retSerializedEvidence);
///
/// Get any evidence that was serialized into the PE File
///
[SecuritySafeCritical]
public IEnumerable GetFactorySuppliedEvidence()
{
if (m_assemblyProvidedEvidence == null)
{
byte[] serializedEvidence = null;
GetAssemblySuppliedEvidence(m_peFile, JitHelpers.GetObjectHandleOnStack(ref serializedEvidence));
m_assemblyProvidedEvidence = new List();
if (serializedEvidence != null)
{
Evidence deserializedEvidence = new Evidence();
// Partial trust assemblies can provide their own evidence, so make sure that we have
// permission to deserialize it
new SecurityPermission(SecurityPermissionFlag.SerializationFormatter).Assert();
try
{
BinaryFormatter formatter = new BinaryFormatter();
using (MemoryStream ms = new MemoryStream(serializedEvidence))
{
deserializedEvidence = (Evidence)formatter.Deserialize(ms);
}
}
catch { /* Ignore any errors deserializing */ }
CodeAccessPermission.RevertAssert();
// Enumerate the assembly evidence, ignoring any host evidence supplied. Since we
// could be loading a Whidbey assembly, we need to use the old GetAssemblyEnumerator
// API and deal with objects instead of EvidenceBases.
if (deserializedEvidence != null)
{
IEnumerator enumerator = deserializedEvidence.GetAssemblyEnumerator();
while (enumerator.MoveNext())
{
if (enumerator.Current != null)
{
// If this is a legacy evidence object, we need to wrap it before
// returning it.
EvidenceBase currentEvidence = enumerator.Current as EvidenceBase;
if (currentEvidence == null)
{
currentEvidence = new LegacyEvidenceWrapper(enumerator.Current);
}
m_assemblyProvidedEvidence.Add(currentEvidence);
}
}
}
}
}
return m_assemblyProvidedEvidence;
}
[DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode)]
[SecurityCritical]
[SuppressUnmanagedCodeSecurity]
private static extern void GetLocationEvidence(SafePEFileHandle peFile,
[Out] out SecurityZone zone,
StringHandleOnStack retUrl);
[DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode)]
[SecurityCritical]
[SuppressUnmanagedCodeSecurity]
private static extern void GetPublisherCertificate(SafePEFileHandle peFile,
ObjectHandleOnStack retCertificate);
///
/// Called to generate different types of evidence on demand
///
public EvidenceBase GenerateEvidence(Type evidenceType)
{
if (evidenceType == typeof(Site))
{
return GenerateSiteEvidence();
}
else if (evidenceType == typeof(Url))
{
return GenerateUrlEvidence();
}
else if (evidenceType == typeof(Zone))
{
return GenerateZoneEvidence();
}
else if (evidenceType == typeof(Publisher))
{
return GeneratePublisherEvidence();
}
return null;
}
///
/// Generate Site, Url, and Zone evidence for this file.
///
[SecuritySafeCritical]
private void GenerateLocationEvidence()
{
if (!m_generatedLocationEvidence)
{
SecurityZone securityZone = SecurityZone.NoZone;
string url = null;
GetLocationEvidence(m_peFile, out securityZone, JitHelpers.GetStringHandleOnStack(ref url));
if (securityZone != SecurityZone.NoZone)
{
m_zoneEvidence = new Zone(securityZone);
}
if (!String.IsNullOrEmpty(url))
{
m_urlEvidence = new Url(url, true);
// We only create site evidence if the URL does not with file:
if (!url.StartsWith("file:", StringComparison.OrdinalIgnoreCase))
{
m_siteEvidence = Site.CreateFromUrl(url);
}
}
m_generatedLocationEvidence = true;
}
}
///
/// Generate evidence for the file's Authenticode signature
///
[SecuritySafeCritical]
private Publisher GeneratePublisherEvidence()
{
byte[] certificate = null;
GetPublisherCertificate(m_peFile, JitHelpers.GetObjectHandleOnStack(ref certificate));
if (certificate == null)
{
return null;
}
return new Publisher(new X509Certificate(certificate));
}
///
/// Generate evidence for the site this file was loaded from
///
private Site GenerateSiteEvidence()
{
if (m_siteEvidence == null)
{
GenerateLocationEvidence();
}
return m_siteEvidence;
}
///
/// Generate evidence for the URL this file was loaded from
///
private Url GenerateUrlEvidence()
{
if (m_urlEvidence == null)
{
GenerateLocationEvidence();
}
return m_urlEvidence;
}
///
/// Generate evidence for the zone this file was loaded from
///
private Zone GenerateZoneEvidence()
{
if (m_zoneEvidence == null)
{
GenerateLocationEvidence();
}
return m_zoneEvidence;
}
}
}
// File provided for Reference Use Only by Microsoft Corporation (c) 2007.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- GlyphCache.cs
- HttpPostProtocolImporter.cs
- SiteMapHierarchicalDataSourceView.cs
- WhereQueryOperator.cs
- DomainUpDown.cs
- WbemException.cs
- RedBlackList.cs
- WebPageTraceListener.cs
- ImageCodecInfo.cs
- ServiceReference.cs
- CancellationHandler.cs
- UniqueSet.cs
- MDIControlStrip.cs
- PathFigureCollectionConverter.cs
- Transform.cs
- DocumentAutomationPeer.cs
- QueryOptionExpression.cs
- RangeValidator.cs
- ObjectParameterCollection.cs
- MaskDesignerDialog.cs
- MultipartContentParser.cs
- ListViewCommandEventArgs.cs
- CultureMapper.cs
- WrappedKeySecurityToken.cs
- StateMachineWorkflowDesigner.cs
- SchemaCollectionCompiler.cs
- UnsafeMethods.cs
- ComponentCodeDomSerializer.cs
- WebServiceHostFactory.cs
- CompiledRegexRunnerFactory.cs
- FileInfo.cs
- cryptoapiTransform.cs
- X509CertificateCollection.cs
- Triplet.cs
- HttpBrowserCapabilitiesWrapper.cs
- WindowsSecurityTokenAuthenticator.cs
- NumberAction.cs
- PersistenceContextEnlistment.cs
- SessionStateModule.cs
- CalendarDay.cs
- FontWeights.cs
- HwndKeyboardInputProvider.cs
- CodeExpressionStatement.cs
- WebPartUtil.cs
- TitleStyle.cs
- UserPersonalizationStateInfo.cs
- DataGridViewRowPrePaintEventArgs.cs
- ArgumentOutOfRangeException.cs
- OrderedDictionary.cs
- ConfigXmlAttribute.cs
- WsdlInspector.cs
- UnaryNode.cs
- AssociationType.cs
- MenuEventArgs.cs
- DataTableClearEvent.cs
- AsyncPostBackErrorEventArgs.cs
- InvalidAsynchronousStateException.cs
- _NativeSSPI.cs
- ModelToObjectValueConverter.cs
- QilVisitor.cs
- CalendarKeyboardHelper.cs
- XamlHostingSectionGroup.cs
- BaseCAMarshaler.cs
- SqlClientWrapperSmiStreamChars.cs
- RadioButtonList.cs
- DataGridCommandEventArgs.cs
- CodeDelegateCreateExpression.cs
- basecomparevalidator.cs
- PackUriHelper.cs
- QuadraticBezierSegment.cs
- MonthCalendar.cs
- GZipStream.cs
- GetPolicyDetailsRequest.cs
- NamedPipeTransportBindingElement.cs
- Certificate.cs
- OracleConnectionStringBuilder.cs
- OleDbEnumerator.cs
- ping.cs
- DefaultMemberAttribute.cs
- PrinterResolution.cs
- SerializationIncompleteException.cs
- FeatureSupport.cs
- FixedSOMTable.cs
- SystemColorTracker.cs
- DataSourceCache.cs
- ExpressionWriter.cs
- MetadataSerializer.cs
- ModifierKeysValueSerializer.cs
- HostDesigntimeLicenseContext.cs
- SHA384Managed.cs
- WorkflowOwnershipException.cs
- MembershipUser.cs
- HitTestResult.cs
- EntityDataSourceColumn.cs
- securitycriticaldataClass.cs
- XmlNodeReader.cs
- SqlGatherProducedAliases.cs
- EventProxy.cs
- DesignerActionItemCollection.cs
- recordstatefactory.cs