The Labs \ Source Viewer \ SSCLI \ System.Security \ PolicyLevelType

  1. // ==++==
  2. //
  3. //
  4. // Copyright (c) 2006 Microsoft Corporation. All rights reserved.
  5. //
  6. // The use and distribution terms for this software are contained in the file
  7. // named license.txt, which can be found in the root of this distribution.
  8. // By using this software in any fashion, you are agreeing to be bound by the
  9. // terms of this license.
  10. //
  11. // You must not remove this notice, or any other, from this software.
  12. //
  13. //
  14. // ==--==
  15. //
  16. // SecurityManager.cs
  17. //
  18. // The SecurityManager class provides a general purpose API for interacting
  19. // with the security system.
  20. //
  21. namespace System.Security
  22. {
  23.     using System;
  24.     using System.Security.Util;
  25.     using System.Security.Policy;
  26.     using System.Security.Permissions;
  27.     using System.Collections;
  28.     using System.Runtime.CompilerServices;
  29.     using System.Text;
  30.     using System.Threading;
  31.     using System.Reflection;
  32.     using System.IO;
  33.     using System.Globalization;
  34.     using System.Runtime.Versioning;
  35.    
  36.     [Serializable()]
  37.     [System.Runtime.InteropServices.ComVisible(true)]
  38.     public enum PolicyLevelType
  39.     {
  40.         User = 0,
  41.         Machine = 1,
  42.         Enterprise = 2,
  43.         AppDomain = 3
  44.     }
  45.    
  46.     [System.Runtime.InteropServices.ComVisible(true)]
  47.     public static class SecurityManager
  48.     {
  49.         private static Type securityPermissionType = null;
  50.         private static SecurityPermission executionSecurityPermission = null;
  51.        
  52.         // This flag enables checking for execution rights on start-up (slow)
  53.         private const int CheckExecutionRightsDisabledFlag = 256;
  54.        
  55.         // -1 if no decision has been made yet
  56.         // 0 if we don't need to check
  57.         // 1 if we do.
  58.         private static int checkExecution = -1;
  59.        
  60.         private static PolicyManager polmgr = new PolicyManager();
  61.         static internal PolicyManager PolicyManager {
  62.             get { return polmgr; }
  63.         }
  64.        
  65.         //
  66.         // Public APIs
  67.         //
  68.        
  69.         public static bool IsGranted(IPermission perm)
  70.         {
  71.             if (perm == null)
  72.                 return true;
  73.            
  74.             PermissionSet granted;
  75.             PermissionSet denied;
  76.             StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller;
  77.             _GetGrantedPermissions(out granted, out denied, ref stackMark);
  78.             return granted.Contains(perm) && (denied == null || !denied.Contains(perm));
  79.         }
  80.        
  81.         private static bool CheckExecution()
  82.         {
  83.             if (checkExecution == -1)
  84.                 checkExecution = (GetGlobalFlags() & CheckExecutionRightsDisabledFlag) != 0 ? 0 : 1;
  85.            
  86.             if (checkExecution == 1) {
  87.                 if (securityPermissionType == null) {
  88.                     securityPermissionType = typeof(System.Security.Permissions.SecurityPermission);
  89.                     executionSecurityPermission = new SecurityPermission(SecurityPermissionFlag.Execution);
  90.                 }
  91.                 return true;
  92.             }
  93.             else {
  94.                 return false;
  95.             }
  96.         }
  97.        
  98.         /// <internalonly/>
  99.         [StrongNameIdentityPermissionAttribute(SecurityAction.LinkDemand, Name = "System.Windows.Forms", PublicKey = "0x00000000000000000400000000000000")]
  100.         public static void GetZoneAndOrigin(out ArrayList zone, out ArrayList origin)
  101.         {
  102.             StackCrawlMark mark = StackCrawlMark.LookForMyCaller;
  103.            
  104.             if (_IsSecurityOn()) {
  105.                 CodeAccessSecurityEngine.GetZoneAndOrigin(ref mark, out zone, out origin);
  106.             }
  107.             else {
  108.                 zone = null;
  109.                 origin = null;
  110.             }
  111.         }
  112.        
  113.         [SecurityPermissionAttribute(SecurityAction.Demand, Flags = SecurityPermissionFlag.ControlPolicy)]
  114.         [ResourceExposure(ResourceScope.Machine)]
  115.         [ResourceConsumption(ResourceScope.Machine)]
  116.         public static PolicyLevel LoadPolicyLevelFromFile(string path, PolicyLevelType type)
  117.         {
  118.             if (path == null)
  119.                 throw new ArgumentNullException("path");
  120.            
  121.             // We need to retain V1.x compatibility by throwing the same exception type.
  122.             if (!File.InternalExists(path))
  123.                 throw new ArgumentException(Environment.GetResourceString("Argument_PolicyFileDoesNotExist"));
  124.            
  125.             string fullPath = Path.GetFullPath(path);
  126.            
  127.             FileIOPermission perm = new FileIOPermission(PermissionState.None);
  128.             perm.AddPathList(FileIOPermissionAccess.Read, fullPath);
  129.             perm.AddPathList(FileIOPermissionAccess.Write, fullPath);
  130.             perm.Demand();
  131.            
  132.             using (FileStream stream = new FileStream(path, FileMode.Open, FileAccess.Read)) {
  133.                 using (StreamReader reader = new StreamReader(stream)) {
  134.                     return LoadPolicyLevelFromStringHelper(reader.ReadToEnd(), path, type);
  135.                 }
  136.             }
  137.         }
  138.        
  139.         [SecurityPermissionAttribute(SecurityAction.Demand, Flags = SecurityPermissionFlag.ControlPolicy)]
  140.         public static PolicyLevel LoadPolicyLevelFromString(string str, PolicyLevelType type)
  141.         {
  142.             return LoadPolicyLevelFromStringHelper(str, null, type);
  143.         }
  144.        
  145.         private static PolicyLevel LoadPolicyLevelFromStringHelper(string str, string path, PolicyLevelType type)
  146.         {
  147.             if (str == null)
  148.                 throw new ArgumentNullException("str");
  149.            
  150.             PolicyLevel level = new PolicyLevel(type, path);
  151.            
  152.             Parser parser = new Parser(str);
  153.             SecurityElement elRoot = parser.GetTopElement();
  154.             if (elRoot == null)
  155.                 throw new ArgumentException(String.Format(CultureInfo.CurrentCulture, Environment.GetResourceString("Policy_BadXml"), "configuration"));
  156.            
  157.             SecurityElement elMscorlib = elRoot.SearchForChildByTag("mscorlib");
  158.             if (elMscorlib == null)
  159.                 throw new ArgumentException(String.Format(CultureInfo.CurrentCulture, Environment.GetResourceString("Policy_BadXml"), "mscorlib"));
  160.            
  161.             SecurityElement elSecurity = elMscorlib.SearchForChildByTag("security");
  162.             if (elSecurity == null)
  163.                 throw new ArgumentException(String.Format(CultureInfo.CurrentCulture, Environment.GetResourceString("Policy_BadXml"), "security"));
  164.            
  165.             SecurityElement elPolicy = elSecurity.SearchForChildByTag("policy");
  166.             if (elPolicy == null)
  167.                 throw new ArgumentException(String.Format(CultureInfo.CurrentCulture, Environment.GetResourceString("Policy_BadXml"), "policy"));
  168.            
  169.             SecurityElement elPolicyLevel = elPolicy.SearchForChildByTag("PolicyLevel");
  170.             if (elPolicyLevel != null)
  171.                 level.FromXml(elPolicyLevel);
  172.             else
  173.                 throw new ArgumentException(String.Format(CultureInfo.CurrentCulture, Environment.GetResourceString("Policy_BadXml"), "PolicyLevel"));
  174.            
  175.             return level;
  176.         }
  177.        
  178.         [SecurityPermissionAttribute(SecurityAction.Demand, Flags = SecurityPermissionFlag.ControlPolicy)]
  179.         public static void SavePolicyLevel(PolicyLevel level)
  180.         {
  181.             PolicyManager.EncodeLevel(level);
  182.         }
  183.        
  184.         private static PermissionSet ResolvePolicy(Evidence evidence, PermissionSet reqdPset, PermissionSet optPset, PermissionSet denyPset, out PermissionSet denied, out int securitySpecialFlags, bool checkExecutionPermission)
  185.         {
  186.             CodeAccessPermission.AssertAllPossible();
  187.            
  188.             PermissionSet granted = ResolvePolicy(evidence, reqdPset, optPset, denyPset, out denied, checkExecutionPermission);
  189.            
  190.             securitySpecialFlags = SecurityManager.GetSpecialFlags(granted, denied);
  191.             return granted;
  192.         }
  193.        
  194.         public static PermissionSet ResolvePolicy(Evidence evidence, PermissionSet reqdPset, PermissionSet optPset, PermissionSet denyPset, out PermissionSet denied)
  195.         {
  196.             return ResolvePolicy(evidence, reqdPset, optPset, denyPset, out denied, true);
  197.         }
  198.        
  199.         private static PermissionSet ResolvePolicy(Evidence evidence, PermissionSet reqdPset, PermissionSet optPset, PermissionSet denyPset, out PermissionSet denied, bool checkExecutionPermission)
  200.         {
  201.             PermissionSet requested = null;
  202.             PermissionSet optional;
  203.             PermissionSet allowed;
  204.            
  205.             Exception savedException = null;
  206.            
  207.             // We don't want to recurse back into here as a result of a
  208.             // stackwalk during resolution. So simply assert full trust (this
  209.             // implies that custom permissions cannot use any permissions that
  210.             // don't implement IUnrestrictedPermission.
  211.             // PermissionSet.s_fullTrust.Assert();
  212.            
  213.             // The requested set is the union of the minimal request and the
  214.             // optional request. Minimal request defaults to empty, optional
  215.             // is "AllPossible" (includes any permission that can be defined)
  216.             // which is symbolized by null.
  217.             optional = optPset;
  218.            
  219.             if (reqdPset == null)
  220.                 requested = optional;
  221.             else
  222.                 // If optional is null, the requested set becomes null/"AllPossible".
  223.                 requested = optional == null ? null : reqdPset.Union(optional);
  224.            
  225.             // Make sure that the right to execute is requested (if this feature is
  226.             // enabled).
  227.            
  228.             if (requested != null && !requested.IsUnrestricted() && CheckExecution())
  229.                 requested.AddPermission(executionSecurityPermission);
  230.            
  231.             // If we aren't passed any evidence, just make an empty object
  232.             // If we are passed evidence, copy it before passing it
  233.             // to the policy manager.
  234.             // Note: this is not a deep copy, the pieces of evidence within the
  235.             // Evidence object can still be altered and affect the originals.
  236.            
  237.             if (evidence == null)
  238.                 evidence = new Evidence();
  239.             else
  240.                 evidence = evidence.ShallowCopy();
  241.            
  242.             evidence.AddHost(new PermissionRequestEvidence(reqdPset, optPset, denyPset));
  243.             allowed = polmgr.Resolve(evidence);
  244.            
  245.             // Intersect the grant with the RequestOptional
  246.             if (requested != null)
  247.                 allowed.InplaceIntersect(requested);
  248.            
  249.             // Check that we were granted the right to execute.
  250.             if (checkExecutionPermission && CheckExecution()) {
  251.                 if (!allowed.Contains(executionSecurityPermission) || (denyPset != null && denyPset.Contains(executionSecurityPermission))) {
  252.                     throw new PolicyException(Environment.GetResourceString("Policy_NoExecutionPermission"), System.__HResults.CORSEC_E_NO_EXEC_PERM, savedException);
  253.                 }
  254.             }
  255.            
  256.             // Check that we were granted at least the minimal set we asked for. Do
  257.             // this before pruning away any overlap with the refused set so that
  258.             // users have the flexability of defining minimal permissions that are
  259.             // only expressable as set differences (e.g. allow access to "C:\" but
  260.             // disallow "C:\Windows").
  261.             if (reqdPset != null && !reqdPset.IsSubsetOf(allowed)) {
  262.                 throw new PolicyException(Environment.GetResourceString("Policy_NoRequiredPermission"), System.__HResults.CORSEC_E_MIN_GRANT_FAIL, savedException);
  263.             }
  264.            
  265.             // Remove any granted permissions that are safe subsets of some denied
  266.             // permission. The remaining denied permissions (if any) are returned
  267.             // along with the modified grant set for use in checks.
  268.             if (denyPset != null) {
  269.                 denied = denyPset.Copy();
  270.                 allowed.MergeDeniedSet(denied);
  271.                 if (denied.IsEmpty())
  272.                     denied = null;
  273.             }
  274.             else
  275.                 denied = null;
  276.            
  277.             allowed.IgnoreTypeLoadFailures = true;
  278.            
  279.             return allowed;
  280.         }
  281.        
  282.         public static PermissionSet ResolvePolicy(Evidence evidence)
  283.         {
  284.             // If we aren't passed any evidence, just make an empty object
  285.             // If we are passed evidence, copy it before passing it
  286.             // to the policy manager.
  287.             // Note: this is not a deep copy, the pieces of evidence within the
  288.             // Evidence object can still be altered and affect the originals.
  289.            
  290.             if (evidence == null)
  291.                 evidence = new Evidence();
  292.             else
  293.                 evidence = evidence.ShallowCopy();
  294.            
  295.             evidence.AddHost(new PermissionRequestEvidence(null, null, null));
  296.             return polmgr.Resolve(evidence);
  297.         }
  298.        
  299.         public static PermissionSet ResolvePolicy(Evidence[] evidences)
  300.         {
  301.             if (evidences == null || evidences.Length == 0)
  302.                 evidences = new Evidence[] {null};
  303.            
  304.             PermissionSet retval = ResolvePolicy(evidences[0]);
  305.             if (retval == null)
  306.                 return null;
  307.            
  308.             for (int i = 1; i < evidences.Length; ++i) {
  309.                 retval = retval.Intersect(ResolvePolicy(evidences[i]));
  310.                 if (retval == null || retval.IsEmpty())
  311.                     return retval;
  312.             }
  313.            
  314.             return retval;
  315.         }
  316.        
  317.         //
  318.         // This method resolves the policy for the specified evidence, but it
  319.         // ignores the AppDomain level even when one is available in the current policy.
  320.         //
  321.        
  322.         public static PermissionSet ResolveSystemPolicy(Evidence evidence)
  323.         {
  324.             if (PolicyManager.IsGacAssembly(evidence))
  325.                 return new PermissionSet(PermissionState.Unrestricted);
  326.            
  327.             return polmgr.CodeGroupResolve(evidence, true);
  328.         }
  329.        
  330.         public static IEnumerator ResolvePolicyGroups(Evidence evidence)
  331.         {
  332.             return polmgr.ResolveCodeGroups(evidence);
  333.         }
  334.        
  335.         public static IEnumerator PolicyHierarchy()
  336.         {
  337.             return polmgr.PolicyHierarchy();
  338.         }
  339.        
  340.         [SecurityPermissionAttribute(SecurityAction.Demand, Flags = SecurityPermissionFlag.ControlPolicy)]
  341.         public static void SavePolicy()
  342.         {
  343.             polmgr.Save();
  344.             SaveGlobalFlags();
  345.         }
  346.        
  347.         public static bool CheckExecutionRights {
  348.             get { return (GetGlobalFlags() & CheckExecutionRightsDisabledFlag) != CheckExecutionRightsDisabledFlag; }
  349.            
  350.             set {
  351.                 if (value) {
  352.                     checkExecution = 1;
  353.                     SetGlobalFlags(CheckExecutionRightsDisabledFlag, 0);
  354.                 }
  355.                 else {
  356.                     new SecurityPermission(SecurityPermissionFlag.ControlPolicy).Demand();
  357.                    
  358.                     checkExecution = 0;
  359.                     SetGlobalFlags(CheckExecutionRightsDisabledFlag, CheckExecutionRightsDisabledFlag);
  360.                 }
  361.             }
  362.         }
  363.        
  364.         [Obsolete("Because security can no longer be turned off permanently, setting the SecurityEnabled property no longer has any effect. Reading the property will still indicate whether security has been turned off temporarily.")]
  365.         public static bool SecurityEnabled {
  366.             get { return _IsSecurityOn(); }
  367.            
  368.                 // The setter for this property is now a no-op since caspol.exe is
  369.                 // the only supported way of turning security off, and it does it always
  370.                 // in a temporary way, so there is no need to turn security back on.
  371.             set { }
  372.         }
  373.        
  374.         private static int[][] s_BuiltInPermissionIndexMap = {new int[] {BuiltInPermissionIndex.EnvironmentPermissionIndex, (int)PermissionType.EnvironmentPermission}, new int[] {BuiltInPermissionIndex.FileDialogPermissionIndex, (int)PermissionType.FileDialogPermission}, new int[] {BuiltInPermissionIndex.FileIOPermissionIndex, (int)PermissionType.FileIOPermission}, new int[] {BuiltInPermissionIndex.ReflectionPermissionIndex, (int)PermissionType.ReflectionPermission}, new int[] {BuiltInPermissionIndex.SecurityPermissionIndex, (int)PermissionType.SecurityPermission}, new int[] {BuiltInPermissionIndex.UIPermissionIndex, (int)PermissionType.UIPermission}};
  375.        
  376.         private static CodeAccessPermission[] s_UnrestrictedSpecialPermissionMap = {new EnvironmentPermission(PermissionState.Unrestricted), new FileDialogPermission(PermissionState.Unrestricted), new FileIOPermission(PermissionState.Unrestricted), new ReflectionPermission(PermissionState.Unrestricted), new SecurityPermission(PermissionState.Unrestricted), new UIPermission(PermissionState.Unrestricted)};
  377.        
  378.         private static int GetSpecialFlags(PermissionSet grantSet, PermissionSet deniedSet)
  379.         {
  380.             if ((grantSet != null && grantSet.IsUnrestricted()) && (deniedSet == null || deniedSet.IsEmpty())) {
  381.                 return -1;
  382.             }
  383.             else {
  384.                 SecurityPermission securityPermission = null;
  385.                 SecurityPermissionFlag securityPermissionFlags = SecurityPermissionFlag.NoFlags;
  386.                 ReflectionPermission reflectionPermission = null;
  387.                 ReflectionPermissionFlag reflectionPermissionFlags = ReflectionPermissionFlag.NoFlags;
  388.                
  389.                 CodeAccessPermission[] specialPermissions = new CodeAccessPermission[6];
  390.                 if (grantSet != null) {
  391.                     if (grantSet.IsUnrestricted()) {
  392.                         securityPermissionFlags = SecurityPermissionFlag.AllFlags;
  393.                         reflectionPermissionFlags = ReflectionPermissionFlag.AllFlags;
  394.                         for (int i = 0; i < specialPermissions.Length; i++) {
  395.                             specialPermissions[i] = s_UnrestrictedSpecialPermissionMap[i];
  396.                         }
  397.                     }
  398.                     else {
  399.                         securityPermission = grantSet.GetPermission(BuiltInPermissionIndex.SecurityPermissionIndex) as SecurityPermission;
  400.                         if (securityPermission != null)
  401.                             securityPermissionFlags = securityPermission.Flags;
  402.                         reflectionPermission = grantSet.GetPermission(BuiltInPermissionIndex.ReflectionPermissionIndex) as ReflectionPermission;
  403.                         if (reflectionPermission != null)
  404.                             reflectionPermissionFlags = reflectionPermission.Flags;
  405.                         for (int i = 0; i < specialPermissions.Length; i++) {
  406.                             specialPermissions[i] = grantSet.GetPermission(s_BuiltInPermissionIndexMap[i][0]) as CodeAccessPermission;
  407.                         }
  408.                     }
  409.                 }
  410.                
  411.                 if (deniedSet != null) {
  412.                     if (deniedSet.IsUnrestricted()) {
  413.                         securityPermissionFlags = SecurityPermissionFlag.NoFlags;
  414.                         reflectionPermissionFlags = ReflectionPermissionFlag.NoFlags;
  415.                         for (int i = 0; i < s_BuiltInPermissionIndexMap.Length; i++) {
  416.                             specialPermissions[i] = null;
  417.                         }
  418.                     }
  419.                     else {
  420.                         securityPermission = deniedSet.GetPermission(BuiltInPermissionIndex.SecurityPermissionIndex) as SecurityPermission;
  421.                         if (securityPermission != null)
  422.                             securityPermissionFlags &= ~securityPermission.Flags;
  423.                         reflectionPermission = deniedSet.GetPermission(BuiltInPermissionIndex.ReflectionPermissionIndex) as ReflectionPermission;
  424.                         if (reflectionPermission != null)
  425.                             reflectionPermissionFlags &= ~reflectionPermission.Flags;
  426.                         for (int i = 0; i < s_BuiltInPermissionIndexMap.Length; i++) {
  427.                             CodeAccessPermission deniedSpecialPermission = deniedSet.GetPermission(s_BuiltInPermissionIndexMap[i][0]) as CodeAccessPermission;
  428.                             if (deniedSpecialPermission != null && !deniedSpecialPermission.IsSubsetOf(null))
  429.                                 specialPermissions[i] = null;
  430.                             // we don't care about the exact value here.
  431.                         }
  432.                     }
  433.                 }
  434.                 int flags = MapToSpecialFlags(securityPermissionFlags, reflectionPermissionFlags);
  435.                 if (flags != -1) {
  436.                     for (int i = 0; i < specialPermissions.Length; i++) {
  437.                         if (specialPermissions[i] != null && ((IUnrestrictedPermission)specialPermissions[i]).IsUnrestricted())
  438.                             flags |= (1 << (int)s_BuiltInPermissionIndexMap[i][1]);
  439.                     }
  440.                 }
  441.                 return flags;
  442.             }
  443.         }
  444.        
  445.         private static int MapToSpecialFlags(SecurityPermissionFlag securityPermissionFlags, ReflectionPermissionFlag reflectionPermissionFlags)
  446.         {
  447.             int flags = 0;
  448.             if ((securityPermissionFlags & SecurityPermissionFlag.UnmanagedCode) == SecurityPermissionFlag.UnmanagedCode)
  449.                 flags |= (1 << (int)PermissionType.SecurityUnmngdCodeAccess);
  450.             if ((securityPermissionFlags & SecurityPermissionFlag.SkipVerification) == SecurityPermissionFlag.SkipVerification)
  451.                 flags |= (1 << (int)PermissionType.SecuritySkipVerification);
  452.             if ((securityPermissionFlags & SecurityPermissionFlag.Assertion) == SecurityPermissionFlag.Assertion)
  453.                 flags |= (1 << (int)PermissionType.SecurityAssert);
  454.             if ((securityPermissionFlags & SecurityPermissionFlag.SerializationFormatter) == SecurityPermissionFlag.SerializationFormatter)
  455.                 flags |= (1 << (int)PermissionType.SecuritySerialization);
  456.             if ((securityPermissionFlags & SecurityPermissionFlag.BindingRedirects) == SecurityPermissionFlag.BindingRedirects)
  457.                 flags |= (1 << (int)PermissionType.SecurityBindingRedirects);
  458.             if ((securityPermissionFlags & SecurityPermissionFlag.ControlEvidence) == SecurityPermissionFlag.ControlEvidence)
  459.                 flags |= (1 << (int)PermissionType.SecurityControlEvidence);
  460.             if ((securityPermissionFlags & SecurityPermissionFlag.ControlPrincipal) == SecurityPermissionFlag.ControlPrincipal)
  461.                 flags |= (1 << (int)PermissionType.SecurityControlPrincipal);
  462.            
  463.             if ((reflectionPermissionFlags & ReflectionPermissionFlag.MemberAccess) == ReflectionPermissionFlag.MemberAccess)
  464.                 flags |= (1 << (int)PermissionType.ReflectionMemberAccess);
  465.             if ((reflectionPermissionFlags & ReflectionPermissionFlag.ReflectionEmit) == ReflectionPermissionFlag.ReflectionEmit)
  466.                 flags |= (1 << (int)PermissionType.ReflectionEmit);
  467.             return flags;
  468.         }
  469.        
  470.         [MethodImplAttribute(MethodImplOptions.InternalCall)]
  471.         static internal extern bool _IsSameType(string strLeft, string strRight);
  472.         [MethodImplAttribute(MethodImplOptions.InternalCall)]
  473.         static internal extern bool _SetThreadSecurity(bool bThreadSecurity);
  474.         [MethodImplAttribute(MethodImplOptions.InternalCall)]
  475.         static internal extern bool _IsSecurityOn();
  476.         [MethodImplAttribute(MethodImplOptions.InternalCall)]
  477.         static internal extern int GetGlobalFlags();
  478.         [MethodImplAttribute(MethodImplOptions.InternalCall)]
  479.         static internal extern void SetGlobalFlags(int mask, int flags);
  480.         [MethodImplAttribute(MethodImplOptions.InternalCall)]
  481.         static internal extern void SaveGlobalFlags();
  482.         [MethodImplAttribute(MethodImplOptions.InternalCall)]
  483.         static internal extern void _GetGrantedPermissions(out PermissionSet granted, out PermissionSet denied, ref StackCrawlMark stackmark);
  484.     }
  485. }

Developer Fusion