Code:
/ 4.0 / 4.0 / DEVDIV_TFS / Dev10 / Releases / RTMRel / ndp / clr / src / BCL / System / Security / PermissionListSet.cs / 1305376 / PermissionListSet.cs
// ==++== // // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== /*============================================================================== ** ** Class: PermissionListSet.cs ** **[....] **[....] ** ** Purpose: Holds state about A/G/R permissionsets in a callstack or appdomain ** (Replacement for PermissionListSet) ** =============================================================================*/ namespace System.Security { using System.Globalization; using System.Reflection; using System.Runtime.InteropServices; using System.Security; using System.Security.Permissions; using System.Threading; using System.Collections; using System.Collections.Generic; using System.Diagnostics.Contracts; [Serializable] sealed internal class PermissionListSet { // Only internal (public) methods are creation methods and demand evaluation methods. // Scroll down to the end to see them. private PermissionSetTriple m_firstPermSetTriple; private ArrayList m_permSetTriples; #if FEATURE_COMPRESSEDSTACK private ArrayList m_zoneList; private ArrayList m_originList; #endif // FEATURE_COMPRESSEDSTACK internal PermissionListSet() {} private void EnsureTriplesListCreated() { if (m_permSetTriples == null) { m_permSetTriples = new ArrayList(); if (m_firstPermSetTriple != null) { m_permSetTriples.Add(m_firstPermSetTriple); m_firstPermSetTriple = null; } } } #if FEATURE_PLS [System.Security.SecurityCritical] // auto-generated internal void UpdateDomainPLS (PermissionListSet adPLS) { if (adPLS != null && adPLS.m_firstPermSetTriple != null) UpdateDomainPLS(adPLS.m_firstPermSetTriple.GrantSet, adPLS.m_firstPermSetTriple.RefusedSet); } [System.Security.SecurityCritical] // auto-generated internal void UpdateDomainPLS (PermissionSet grantSet, PermissionSet deniedSet) { Contract.Assert(m_permSetTriples == null, "m_permSetTriples != null"); if (m_firstPermSetTriple == null) m_firstPermSetTriple = new PermissionSetTriple(); // update the grant and denied sets m_firstPermSetTriple.UpdateGrant(grantSet); m_firstPermSetTriple.UpdateRefused(deniedSet); } #endif // FEATURE_PLS private void Terminate(PermissionSetTriple currentTriple) { UpdateTripleListAndCreateNewTriple(currentTriple, null); } [System.Security.SecurityCritical] // auto-generated private void Terminate(PermissionSetTriple currentTriple, PermissionListSet pls) { #if FEATURE_COMPRESSEDSTACK this.UpdateZoneAndOrigin(pls); #endif // FEATURE_COMPRESSEDSTACK this.UpdatePermissions(currentTriple, pls); this.UpdateTripleListAndCreateNewTriple(currentTriple, null); } [System.Security.SecurityCritical] // auto-generated private bool Update(PermissionSetTriple currentTriple, PermissionListSet pls) { #if FEATURE_COMPRESSEDSTACK this.UpdateZoneAndOrigin(pls); #endif // FEATURE_COMPRESSEDSTACK return this.UpdatePermissions(currentTriple, pls); } [System.Security.SecurityCritical] // auto-generated private bool Update(PermissionSetTriple currentTriple, FrameSecurityDescriptor fsd) { // check imperative bool fHalt = Update2(currentTriple, fsd, false); if (!fHalt) { // then declarative fHalt = Update2(currentTriple, fsd, true); } return fHalt; } [System.Security.SecurityCritical] // auto-generated private bool Update2(PermissionSetTriple currentTriple, FrameSecurityDescriptor fsd, bool fDeclarative) { // Deny PermissionSet deniedPset = fsd.GetDenials(fDeclarative); if (deniedPset != null) { currentTriple.UpdateRefused(deniedPset); } // permit only PermissionSet permitOnlyPset = fsd.GetPermitOnly(fDeclarative); if (permitOnlyPset != null) { currentTriple.UpdateGrant(permitOnlyPset); } // Assert all possible if (fsd.GetAssertAllPossible()) { // If we have no grant set, it means that the only assembly we've seen on the stack so // far is mscorlib. Since mscorlib will always be fully trusted, the grant set of the // compressed stack is also FullTrust. if (currentTriple.GrantSet == null) currentTriple.GrantSet = PermissionSet.s_fullTrust; return true; // halt the construction } // Assert PermissionSet assertPset = fsd.GetAssertions(fDeclarative); if (assertPset != null) { if (assertPset.IsUnrestricted()) { // If we have no grant set, it means that the only assembly we've seen on the stack so // far is mscorlib. Since mscorlib will always be fully trusted, the grant set of the // compressed stack is also FullTrust. if (currentTriple.GrantSet == null) currentTriple.GrantSet = PermissionSet.s_fullTrust; return true; // halt the construction } PermissionSetTriple retTriple = currentTriple.UpdateAssert(assertPset); if (retTriple != null) { EnsureTriplesListCreated(); m_permSetTriples.Add(retTriple); } } return false; } [System.Security.SecurityCritical] // auto-generated private void Update(PermissionSetTriple currentTriple, PermissionSet in_g, PermissionSet in_r) { #if FEATURE_COMPRESSEDSTACK ZoneIdentityPermission z; UrlIdentityPermission u; currentTriple.UpdateGrant(in_g, out z, out u); currentTriple.UpdateRefused(in_r); AppendZoneOrigin(z, u); #else // !FEATURE_COMPRESEDSTACK currentTriple.UpdateGrant(in_g); currentTriple.UpdateRefused(in_r); #endif // FEATURE_COMPRESSEDSTACK } // Called from the VM for HG CS construction [System.Security.SecurityCritical] // auto-generated private void Update(PermissionSet in_g) { if (m_firstPermSetTriple == null) m_firstPermSetTriple = new PermissionSetTriple(); Update(m_firstPermSetTriple, in_g, null); } #if FEATURE_COMPRESSEDSTACK private void UpdateZoneAndOrigin(PermissionListSet pls) { if (pls != null) { if (this.m_zoneList == null && pls.m_zoneList != null && pls.m_zoneList.Count > 0) this.m_zoneList = new ArrayList(); UpdateArrayList(this.m_zoneList, pls.m_zoneList); if (this.m_originList == null && pls.m_originList != null && pls.m_originList.Count > 0) this.m_originList = new ArrayList(); UpdateArrayList(this.m_originList, pls.m_originList); } } #endif // FEATURE_COMPRESSEDSTACK [System.Security.SecurityCritical] // auto-generated private bool UpdatePermissions(PermissionSetTriple currentTriple, PermissionListSet pls) { if (pls != null) { if (pls.m_permSetTriples != null) { // DCS has an AGR List. So we need to add the AGR List UpdateTripleListAndCreateNewTriple(currentTriple,pls.m_permSetTriples); } else { // Common case: One AGR set PermissionSetTriple tmp_psTriple = pls.m_firstPermSetTriple; PermissionSetTriple retTriple; // First try and update currentTriple. Return value indicates if we can stop construction if (currentTriple.Update(tmp_psTriple, out retTriple)) return true; // If we got a non-null retTriple, what it means is that compression failed, // and we now have 2 triples to deal with: retTriple and currentTriple. // retTriple has to be appended first. then currentTriple. if (retTriple != null) { EnsureTriplesListCreated(); // we just created a new triple...add the previous one (returned) to the list m_permSetTriples.Add(retTriple); } } } else { // pls can be null only outside the loop in CreateCompressedState UpdateTripleListAndCreateNewTriple(currentTriple, null); } return false; } private void UpdateTripleListAndCreateNewTriple(PermissionSetTriple currentTriple, ArrayList tripleList) { if (!currentTriple.IsEmpty()) { if (m_firstPermSetTriple == null && m_permSetTriples == null) { m_firstPermSetTriple = new PermissionSetTriple(currentTriple); } else { EnsureTriplesListCreated(); m_permSetTriples.Add(new PermissionSetTriple(currentTriple)); } currentTriple.Reset(); } if (tripleList != null) { EnsureTriplesListCreated(); m_permSetTriples.AddRange(tripleList); } } private static void UpdateArrayList(ArrayList current, ArrayList newList) { if (newList == null) return; for(int i=0;i < newList.Count; i++) { if (!current.Contains(newList[i])) current.Add(newList[i]); } } #if FEATURE_COMPRESSEDSTACK private void AppendZoneOrigin(ZoneIdentityPermission z, UrlIdentityPermission u) { if (z != null) { if (m_zoneList == null) m_zoneList = new ArrayList(); z.AppendZones(m_zoneList); } if (u != null) { if (m_originList == null) m_originList = new ArrayList(); u.AppendOrigin(m_originList); } } [System.Security.SecurityCritical] // auto-generated [System.Runtime.InteropServices.ComVisible(true)] // public(internal) interface begins... // Creation functions static internal PermissionListSet CreateCompressedState(CompressedStack cs, CompressedStack innerCS) { // function that completes the construction of the compressed stack if not done so already (bottom half for demand evaluation) bool bHaltConstruction = false; if (cs.CompressedStackHandle == null) return null; // FT case or Security off PermissionListSet pls = new PermissionListSet(); PermissionSetTriple currentTriple = new PermissionSetTriple(); int numDomains = CompressedStack.GetDCSCount(cs.CompressedStackHandle); for (int i=numDomains-1; (i >= 0 && !bHaltConstruction) ; i--) { DomainCompressedStack dcs = CompressedStack.GetDomainCompressedStack(cs.CompressedStackHandle, i); if (dcs == null) continue; // we hit a FT Domain if (dcs.PLS == null) { // We failed on some DCS throw new SecurityException(String.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"))); } pls.UpdateZoneAndOrigin(dcs.PLS); pls.Update(currentTriple, dcs.PLS); bHaltConstruction = dcs.ConstructionHalted; } if (!bHaltConstruction) { PermissionListSet tmp_pls = null; // Construction did not halt. if (innerCS != null) { innerCS.CompleteConstruction(null); tmp_pls = innerCS.PLS; } pls.Terminate(currentTriple, tmp_pls); } else { pls.Terminate(currentTriple); } return pls; } [System.Security.SecurityCritical] // auto-generated static internal PermissionListSet CreateCompressedState(IntPtr unmanagedDCS, out bool bHaltConstruction) { PermissionListSet pls = new PermissionListSet(); PermissionSetTriple currentTriple = new PermissionSetTriple(); PermissionSet tmp_g, tmp_r; // Construct the descriptor list int descCount = DomainCompressedStack.GetDescCount(unmanagedDCS); bHaltConstruction = false; for(int i=0; (i < descCount && !bHaltConstruction); i++) { FrameSecurityDescriptor fsd; Assembly assembly; if (DomainCompressedStack.GetDescriptorInfo(unmanagedDCS, i, out tmp_g, out tmp_r, out assembly, out fsd)) { // Got an FSD bHaltConstruction = pls.Update(currentTriple, fsd); } else { pls.Update(currentTriple, tmp_g, tmp_r); } } if (!bHaltConstruction) { // domain if (!DomainCompressedStack.IgnoreDomain(unmanagedDCS)) { DomainCompressedStack.GetDomainPermissionSets(unmanagedDCS, out tmp_g, out tmp_r); pls.Update(currentTriple, tmp_g, tmp_r); } } pls.Terminate(currentTriple); // return the created object return pls; } [System.Security.SecurityCritical] // auto-generated static internal PermissionListSet CreateCompressedState_HG() { PermissionListSet pls = new PermissionListSet(); CompressedStack.GetHomogeneousPLS(pls); return pls; } #endif // #if FEATURE_COMPRESSEDSTACK // Private Demand evaluation functions - only called from the VM [System.Security.SecurityCritical] // auto-generated internal bool CheckDemandNoThrow(CodeAccessPermission demand) { // AppDomain permissions - no asserts. So there should only be one triple to work with Contract.Assert(m_permSetTriples == null && m_firstPermSetTriple != null, "More than one PermissionSetTriple encountered in AD PermissionListSet"); PermissionToken permToken = null; if (demand != null) permToken = PermissionToken.GetToken(demand); return m_firstPermSetTriple.CheckDemandNoThrow(demand, permToken); } [System.Security.SecurityCritical] // auto-generated internal bool CheckSetDemandNoThrow(PermissionSet pSet) { // AppDomain permissions - no asserts. So there should only be one triple to work with Contract.Assert(m_permSetTriples == null && m_firstPermSetTriple != null, "More than one PermissionSetTriple encountered in AD PermissionListSet"); return m_firstPermSetTriple.CheckSetDemandNoThrow(pSet); } // Demand evauation functions [System.Security.SecurityCritical] // auto-generated internal bool CheckDemand(CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandleInternal rmh) { bool bRet = SecurityRuntime.StackContinue; if (m_permSetTriples != null) { for (int i=0; (i < m_permSetTriples.Count && bRet != SecurityRuntime.StackHalt) ; i++) { PermissionSetTriple psTriple = (PermissionSetTriple)m_permSetTriples[i]; bRet = psTriple.CheckDemand(demand, permToken, rmh); } } else if (m_firstPermSetTriple != null) { bRet = m_firstPermSetTriple.CheckDemand(demand, permToken, rmh); } return SecurityRuntime.StackHalt; // CS demand check always terminates the stackwalk } [System.Security.SecurityCritical] // auto-generated internal bool CheckSetDemand(PermissionSet pset , RuntimeMethodHandleInternal rmh) { bool bRet = SecurityRuntime.StackContinue; PermissionSet demandSet = pset; PermissionSet alteredDemandSet; if (m_permSetTriples != null) { for (int i=0; (i < m_permSetTriples.Count && bRet != SecurityRuntime.StackHalt) ; i++) { PermissionSetTriple psTriple = (PermissionSetTriple)m_permSetTriples[i]; bRet = psTriple.CheckSetDemand(demandSet, out alteredDemandSet, rmh); if (alteredDemandSet != null) demandSet = alteredDemandSet; } } else if (m_firstPermSetTriple != null) { bRet = m_firstPermSetTriple.CheckSetDemand(demandSet, out alteredDemandSet, rmh); } return SecurityRuntime.StackHalt; // CS demand check always terminates the stackwalk } ////// Check to see if the PLS satisfies a demand for the special permissions encoded in flags /// /// set of flags to check (See PermissionType) [System.Security.SecurityCritical] // auto-generated private bool CheckFlags(int flags) { Contract.Assert(flags != 0, "Invalid permission flag demand"); bool check = true; if (m_permSetTriples != null) { for (int i = 0; i < m_permSetTriples.Count && check && flags != 0; i++) { check &= ((PermissionSetTriple)m_permSetTriples[i]).CheckFlags(ref flags); } } else if (m_firstPermSetTriple != null) { check = m_firstPermSetTriple.CheckFlags(ref flags); } return check; } ////// Demand which succeeds if either a set of special permissions or a permission set is granted /// to the call stack /// /// set of flags to check (See PermissionType) /// alternate permission set to check [System.Security.SecurityCritical] // auto-generated internal void DemandFlagsOrGrantSet(int flags, PermissionSet grantSet) { if (CheckFlags(flags)) return; CheckSetDemand(grantSet, RuntimeMethodHandleInternal.EmptyHandle); } #if FEATURE_COMPRESSEDSTACK internal void GetZoneAndOrigin(ArrayList zoneList, ArrayList originList, PermissionToken zoneToken, PermissionToken originToken) { if (m_zoneList != null) zoneList.AddRange(m_zoneList); if (m_originList != null) originList.AddRange(m_originList); } #endif } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007. // ==++== // // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== /*============================================================================== ** ** Class: PermissionListSet.cs ** **[....] **[....] ** ** Purpose: Holds state about A/G/R permissionsets in a callstack or appdomain ** (Replacement for PermissionListSet) ** =============================================================================*/ namespace System.Security { using System.Globalization; using System.Reflection; using System.Runtime.InteropServices; using System.Security; using System.Security.Permissions; using System.Threading; using System.Collections; using System.Collections.Generic; using System.Diagnostics.Contracts; [Serializable] sealed internal class PermissionListSet { // Only internal (public) methods are creation methods and demand evaluation methods. // Scroll down to the end to see them. private PermissionSetTriple m_firstPermSetTriple; private ArrayList m_permSetTriples; #if FEATURE_COMPRESSEDSTACK private ArrayList m_zoneList; private ArrayList m_originList; #endif // FEATURE_COMPRESSEDSTACK internal PermissionListSet() {} private void EnsureTriplesListCreated() { if (m_permSetTriples == null) { m_permSetTriples = new ArrayList(); if (m_firstPermSetTriple != null) { m_permSetTriples.Add(m_firstPermSetTriple); m_firstPermSetTriple = null; } } } #if FEATURE_PLS [System.Security.SecurityCritical] // auto-generated internal void UpdateDomainPLS (PermissionListSet adPLS) { if (adPLS != null && adPLS.m_firstPermSetTriple != null) UpdateDomainPLS(adPLS.m_firstPermSetTriple.GrantSet, adPLS.m_firstPermSetTriple.RefusedSet); } [System.Security.SecurityCritical] // auto-generated internal void UpdateDomainPLS (PermissionSet grantSet, PermissionSet deniedSet) { Contract.Assert(m_permSetTriples == null, "m_permSetTriples != null"); if (m_firstPermSetTriple == null) m_firstPermSetTriple = new PermissionSetTriple(); // update the grant and denied sets m_firstPermSetTriple.UpdateGrant(grantSet); m_firstPermSetTriple.UpdateRefused(deniedSet); } #endif // FEATURE_PLS private void Terminate(PermissionSetTriple currentTriple) { UpdateTripleListAndCreateNewTriple(currentTriple, null); } [System.Security.SecurityCritical] // auto-generated private void Terminate(PermissionSetTriple currentTriple, PermissionListSet pls) { #if FEATURE_COMPRESSEDSTACK this.UpdateZoneAndOrigin(pls); #endif // FEATURE_COMPRESSEDSTACK this.UpdatePermissions(currentTriple, pls); this.UpdateTripleListAndCreateNewTriple(currentTriple, null); } [System.Security.SecurityCritical] // auto-generated private bool Update(PermissionSetTriple currentTriple, PermissionListSet pls) { #if FEATURE_COMPRESSEDSTACK this.UpdateZoneAndOrigin(pls); #endif // FEATURE_COMPRESSEDSTACK return this.UpdatePermissions(currentTriple, pls); } [System.Security.SecurityCritical] // auto-generated private bool Update(PermissionSetTriple currentTriple, FrameSecurityDescriptor fsd) { // check imperative bool fHalt = Update2(currentTriple, fsd, false); if (!fHalt) { // then declarative fHalt = Update2(currentTriple, fsd, true); } return fHalt; } [System.Security.SecurityCritical] // auto-generated private bool Update2(PermissionSetTriple currentTriple, FrameSecurityDescriptor fsd, bool fDeclarative) { // Deny PermissionSet deniedPset = fsd.GetDenials(fDeclarative); if (deniedPset != null) { currentTriple.UpdateRefused(deniedPset); } // permit only PermissionSet permitOnlyPset = fsd.GetPermitOnly(fDeclarative); if (permitOnlyPset != null) { currentTriple.UpdateGrant(permitOnlyPset); } // Assert all possible if (fsd.GetAssertAllPossible()) { // If we have no grant set, it means that the only assembly we've seen on the stack so // far is mscorlib. Since mscorlib will always be fully trusted, the grant set of the // compressed stack is also FullTrust. if (currentTriple.GrantSet == null) currentTriple.GrantSet = PermissionSet.s_fullTrust; return true; // halt the construction } // Assert PermissionSet assertPset = fsd.GetAssertions(fDeclarative); if (assertPset != null) { if (assertPset.IsUnrestricted()) { // If we have no grant set, it means that the only assembly we've seen on the stack so // far is mscorlib. Since mscorlib will always be fully trusted, the grant set of the // compressed stack is also FullTrust. if (currentTriple.GrantSet == null) currentTriple.GrantSet = PermissionSet.s_fullTrust; return true; // halt the construction } PermissionSetTriple retTriple = currentTriple.UpdateAssert(assertPset); if (retTriple != null) { EnsureTriplesListCreated(); m_permSetTriples.Add(retTriple); } } return false; } [System.Security.SecurityCritical] // auto-generated private void Update(PermissionSetTriple currentTriple, PermissionSet in_g, PermissionSet in_r) { #if FEATURE_COMPRESSEDSTACK ZoneIdentityPermission z; UrlIdentityPermission u; currentTriple.UpdateGrant(in_g, out z, out u); currentTriple.UpdateRefused(in_r); AppendZoneOrigin(z, u); #else // !FEATURE_COMPRESEDSTACK currentTriple.UpdateGrant(in_g); currentTriple.UpdateRefused(in_r); #endif // FEATURE_COMPRESSEDSTACK } // Called from the VM for HG CS construction [System.Security.SecurityCritical] // auto-generated private void Update(PermissionSet in_g) { if (m_firstPermSetTriple == null) m_firstPermSetTriple = new PermissionSetTriple(); Update(m_firstPermSetTriple, in_g, null); } #if FEATURE_COMPRESSEDSTACK private void UpdateZoneAndOrigin(PermissionListSet pls) { if (pls != null) { if (this.m_zoneList == null && pls.m_zoneList != null && pls.m_zoneList.Count > 0) this.m_zoneList = new ArrayList(); UpdateArrayList(this.m_zoneList, pls.m_zoneList); if (this.m_originList == null && pls.m_originList != null && pls.m_originList.Count > 0) this.m_originList = new ArrayList(); UpdateArrayList(this.m_originList, pls.m_originList); } } #endif // FEATURE_COMPRESSEDSTACK [System.Security.SecurityCritical] // auto-generated private bool UpdatePermissions(PermissionSetTriple currentTriple, PermissionListSet pls) { if (pls != null) { if (pls.m_permSetTriples != null) { // DCS has an AGR List. So we need to add the AGR List UpdateTripleListAndCreateNewTriple(currentTriple,pls.m_permSetTriples); } else { // Common case: One AGR set PermissionSetTriple tmp_psTriple = pls.m_firstPermSetTriple; PermissionSetTriple retTriple; // First try and update currentTriple. Return value indicates if we can stop construction if (currentTriple.Update(tmp_psTriple, out retTriple)) return true; // If we got a non-null retTriple, what it means is that compression failed, // and we now have 2 triples to deal with: retTriple and currentTriple. // retTriple has to be appended first. then currentTriple. if (retTriple != null) { EnsureTriplesListCreated(); // we just created a new triple...add the previous one (returned) to the list m_permSetTriples.Add(retTriple); } } } else { // pls can be null only outside the loop in CreateCompressedState UpdateTripleListAndCreateNewTriple(currentTriple, null); } return false; } private void UpdateTripleListAndCreateNewTriple(PermissionSetTriple currentTriple, ArrayList tripleList) { if (!currentTriple.IsEmpty()) { if (m_firstPermSetTriple == null && m_permSetTriples == null) { m_firstPermSetTriple = new PermissionSetTriple(currentTriple); } else { EnsureTriplesListCreated(); m_permSetTriples.Add(new PermissionSetTriple(currentTriple)); } currentTriple.Reset(); } if (tripleList != null) { EnsureTriplesListCreated(); m_permSetTriples.AddRange(tripleList); } } private static void UpdateArrayList(ArrayList current, ArrayList newList) { if (newList == null) return; for(int i=0;i < newList.Count; i++) { if (!current.Contains(newList[i])) current.Add(newList[i]); } } #if FEATURE_COMPRESSEDSTACK private void AppendZoneOrigin(ZoneIdentityPermission z, UrlIdentityPermission u) { if (z != null) { if (m_zoneList == null) m_zoneList = new ArrayList(); z.AppendZones(m_zoneList); } if (u != null) { if (m_originList == null) m_originList = new ArrayList(); u.AppendOrigin(m_originList); } } [System.Security.SecurityCritical] // auto-generated [System.Runtime.InteropServices.ComVisible(true)] // public(internal) interface begins... // Creation functions static internal PermissionListSet CreateCompressedState(CompressedStack cs, CompressedStack innerCS) { // function that completes the construction of the compressed stack if not done so already (bottom half for demand evaluation) bool bHaltConstruction = false; if (cs.CompressedStackHandle == null) return null; // FT case or Security off PermissionListSet pls = new PermissionListSet(); PermissionSetTriple currentTriple = new PermissionSetTriple(); int numDomains = CompressedStack.GetDCSCount(cs.CompressedStackHandle); for (int i=numDomains-1; (i >= 0 && !bHaltConstruction) ; i--) { DomainCompressedStack dcs = CompressedStack.GetDomainCompressedStack(cs.CompressedStackHandle, i); if (dcs == null) continue; // we hit a FT Domain if (dcs.PLS == null) { // We failed on some DCS throw new SecurityException(String.Format(CultureInfo.InvariantCulture, Environment.GetResourceString("Security_Generic"))); } pls.UpdateZoneAndOrigin(dcs.PLS); pls.Update(currentTriple, dcs.PLS); bHaltConstruction = dcs.ConstructionHalted; } if (!bHaltConstruction) { PermissionListSet tmp_pls = null; // Construction did not halt. if (innerCS != null) { innerCS.CompleteConstruction(null); tmp_pls = innerCS.PLS; } pls.Terminate(currentTriple, tmp_pls); } else { pls.Terminate(currentTriple); } return pls; } [System.Security.SecurityCritical] // auto-generated static internal PermissionListSet CreateCompressedState(IntPtr unmanagedDCS, out bool bHaltConstruction) { PermissionListSet pls = new PermissionListSet(); PermissionSetTriple currentTriple = new PermissionSetTriple(); PermissionSet tmp_g, tmp_r; // Construct the descriptor list int descCount = DomainCompressedStack.GetDescCount(unmanagedDCS); bHaltConstruction = false; for(int i=0; (i < descCount && !bHaltConstruction); i++) { FrameSecurityDescriptor fsd; Assembly assembly; if (DomainCompressedStack.GetDescriptorInfo(unmanagedDCS, i, out tmp_g, out tmp_r, out assembly, out fsd)) { // Got an FSD bHaltConstruction = pls.Update(currentTriple, fsd); } else { pls.Update(currentTriple, tmp_g, tmp_r); } } if (!bHaltConstruction) { // domain if (!DomainCompressedStack.IgnoreDomain(unmanagedDCS)) { DomainCompressedStack.GetDomainPermissionSets(unmanagedDCS, out tmp_g, out tmp_r); pls.Update(currentTriple, tmp_g, tmp_r); } } pls.Terminate(currentTriple); // return the created object return pls; } [System.Security.SecurityCritical] // auto-generated static internal PermissionListSet CreateCompressedState_HG() { PermissionListSet pls = new PermissionListSet(); CompressedStack.GetHomogeneousPLS(pls); return pls; } #endif // #if FEATURE_COMPRESSEDSTACK // Private Demand evaluation functions - only called from the VM [System.Security.SecurityCritical] // auto-generated internal bool CheckDemandNoThrow(CodeAccessPermission demand) { // AppDomain permissions - no asserts. So there should only be one triple to work with Contract.Assert(m_permSetTriples == null && m_firstPermSetTriple != null, "More than one PermissionSetTriple encountered in AD PermissionListSet"); PermissionToken permToken = null; if (demand != null) permToken = PermissionToken.GetToken(demand); return m_firstPermSetTriple.CheckDemandNoThrow(demand, permToken); } [System.Security.SecurityCritical] // auto-generated internal bool CheckSetDemandNoThrow(PermissionSet pSet) { // AppDomain permissions - no asserts. So there should only be one triple to work with Contract.Assert(m_permSetTriples == null && m_firstPermSetTriple != null, "More than one PermissionSetTriple encountered in AD PermissionListSet"); return m_firstPermSetTriple.CheckSetDemandNoThrow(pSet); } // Demand evauation functions [System.Security.SecurityCritical] // auto-generated internal bool CheckDemand(CodeAccessPermission demand, PermissionToken permToken, RuntimeMethodHandleInternal rmh) { bool bRet = SecurityRuntime.StackContinue; if (m_permSetTriples != null) { for (int i=0; (i < m_permSetTriples.Count && bRet != SecurityRuntime.StackHalt) ; i++) { PermissionSetTriple psTriple = (PermissionSetTriple)m_permSetTriples[i]; bRet = psTriple.CheckDemand(demand, permToken, rmh); } } else if (m_firstPermSetTriple != null) { bRet = m_firstPermSetTriple.CheckDemand(demand, permToken, rmh); } return SecurityRuntime.StackHalt; // CS demand check always terminates the stackwalk } [System.Security.SecurityCritical] // auto-generated internal bool CheckSetDemand(PermissionSet pset , RuntimeMethodHandleInternal rmh) { bool bRet = SecurityRuntime.StackContinue; PermissionSet demandSet = pset; PermissionSet alteredDemandSet; if (m_permSetTriples != null) { for (int i=0; (i < m_permSetTriples.Count && bRet != SecurityRuntime.StackHalt) ; i++) { PermissionSetTriple psTriple = (PermissionSetTriple)m_permSetTriples[i]; bRet = psTriple.CheckSetDemand(demandSet, out alteredDemandSet, rmh); if (alteredDemandSet != null) demandSet = alteredDemandSet; } } else if (m_firstPermSetTriple != null) { bRet = m_firstPermSetTriple.CheckSetDemand(demandSet, out alteredDemandSet, rmh); } return SecurityRuntime.StackHalt; // CS demand check always terminates the stackwalk } ////// Check to see if the PLS satisfies a demand for the special permissions encoded in flags /// /// set of flags to check (See PermissionType) [System.Security.SecurityCritical] // auto-generated private bool CheckFlags(int flags) { Contract.Assert(flags != 0, "Invalid permission flag demand"); bool check = true; if (m_permSetTriples != null) { for (int i = 0; i < m_permSetTriples.Count && check && flags != 0; i++) { check &= ((PermissionSetTriple)m_permSetTriples[i]).CheckFlags(ref flags); } } else if (m_firstPermSetTriple != null) { check = m_firstPermSetTriple.CheckFlags(ref flags); } return check; } ////// Demand which succeeds if either a set of special permissions or a permission set is granted /// to the call stack /// /// set of flags to check (See PermissionType) /// alternate permission set to check [System.Security.SecurityCritical] // auto-generated internal void DemandFlagsOrGrantSet(int flags, PermissionSet grantSet) { if (CheckFlags(flags)) return; CheckSetDemand(grantSet, RuntimeMethodHandleInternal.EmptyHandle); } #if FEATURE_COMPRESSEDSTACK internal void GetZoneAndOrigin(ArrayList zoneList, ArrayList originList, PermissionToken zoneToken, PermissionToken originToken) { if (m_zoneList != null) zoneList.AddRange(m_zoneList); if (m_originList != null) originList.AddRange(m_originList); } #endif } } // File provided for Reference Use Only by Microsoft Corporation (c) 2007.
Link Menu
This book is available now!
Buy at Amazon US or
Buy at Amazon UK
- TreeViewImageKeyConverter.cs
- FontNamesConverter.cs
- PropertyRecord.cs
- wgx_sdk_version.cs
- LinkDescriptor.cs
- GetPageCompletedEventArgs.cs
- SqlFacetAttribute.cs
- StaticFileHandler.cs
- SignatureToken.cs
- EntityDataSourceEntityTypeFilterItem.cs
- GeneralTransform3DGroup.cs
- SafeEventLogWriteHandle.cs
- VectorConverter.cs
- PingReply.cs
- LicenseException.cs
- ClientSideQueueItem.cs
- CalendarDesigner.cs
- UnsafeNativeMethodsCLR.cs
- ResetableIterator.cs
- CompModSwitches.cs
- HttpResponseWrapper.cs
- Rotation3DKeyFrameCollection.cs
- DetailsViewModeEventArgs.cs
- DataTableMapping.cs
- CodeDOMProvider.cs
- EventDescriptorCollection.cs
- InkCanvasAutomationPeer.cs
- TextDecorationCollection.cs
- Slider.cs
- ServiceModelEnhancedConfigurationElementCollection.cs
- DataMemberAttribute.cs
- MsmqActivation.cs
- ImageConverter.cs
- TimelineGroup.cs
- IsolatedStoragePermission.cs
- DataGridHeaderBorder.cs
- LightweightEntityWrapper.cs
- SafeNativeMethods.cs
- ClientConfigPaths.cs
- SyndicationElementExtension.cs
- CaseKeyBox.xaml.cs
- ReadOnlyHierarchicalDataSourceView.cs
- TextFormatter.cs
- DrawListViewSubItemEventArgs.cs
- XmlComplianceUtil.cs
- StrokeCollectionDefaultValueFactory.cs
- Exceptions.cs
- ResourceDisplayNameAttribute.cs
- ToolboxComponentsCreatedEventArgs.cs
- SystemIPGlobalProperties.cs
- UnionExpr.cs
- PersonalizationState.cs
- XamlFilter.cs
- HttpCacheVaryByContentEncodings.cs
- ArrayElementGridEntry.cs
- TreeNodeMouseHoverEvent.cs
- HashCodeCombiner.cs
- UDPClient.cs
- Size3D.cs
- MissingFieldException.cs
- TableHeaderCell.cs
- BitStack.cs
- MediaPlayer.cs
- ProtocolsConfigurationEntry.cs
- EdmFunction.cs
- NegatedCellConstant.cs
- wmiprovider.cs
- StringResourceManager.cs
- ReaderWriterLock.cs
- ObjectSecurity.cs
- ResourceManagerWrapper.cs
- WindowsGraphics.cs
- DataGridViewTopRowAccessibleObject.cs
- XmlArrayAttribute.cs
- OrthographicCamera.cs
- DeclarativeExpressionConditionDeclaration.cs
- DetailsViewDeletedEventArgs.cs
- AliasGenerator.cs
- SurrogateSelector.cs
- SqlParameterCollection.cs
- LocalBuilder.cs
- SafeLibraryHandle.cs
- RestHandler.cs
- ThreadAbortException.cs
- OlePropertyStructs.cs
- Section.cs
- MessageEnumerator.cs
- ToolStripOverflow.cs
- ApplicationCommands.cs
- DataColumnCollection.cs
- columnmapkeybuilder.cs
- Line.cs
- WebPartCatalogCloseVerb.cs
- DataServiceClientException.cs
- StaticResourceExtension.cs
- TableCellAutomationPeer.cs
- FlowDocument.cs
- ExpressionBuilderCollection.cs
- AuthenticationService.cs
- XmlMtomWriter.cs