The Labs \ Source Viewer \ SSCLI \ System.Security \ SecurityRuntime

  1. // ==++==
  2. //
  3. //
  4. // Copyright (c) 2006 Microsoft Corporation. All rights reserved.
  5. //
  6. // The use and distribution terms for this software are contained in the file
  7. // named license.txt, which can be found in the root of this distribution.
  8. // By using this software in any fashion, you are agreeing to be bound by the
  9. // terms of this license.
  10. //
  11. // You must not remove this notice, or any other, from this software.
  12. //
  13. //
  14. // ==--==
  15. namespace System.Security
  16. {
  17.     using System;
  18.     using System.Globalization;
  19.     using System.Threading;
  20.     using System.Reflection;
  21.     using System.Collections;
  22.     using System.Runtime.CompilerServices;
  23.     using System.Security.Permissions;
  24.    
  25.     internal class SecurityRuntime
  26.     {
  27.         private SecurityRuntime()
  28.         {
  29.         }
  30.        
  31.         // Returns the security object for the caller of the method containing
  32.         // 'stackMark' on its frame.
  33.         //
  34.         // THE RETURNED OBJECT IS THE LIVE RUNTIME OBJECT. BE CAREFUL WITH IT!
  35.         //
  36.         // Internal only, do not doc.
  37.         //
  38.         [MethodImplAttribute(MethodImplOptions.InternalCall)]
  39.         static internal extern FrameSecurityDescriptor GetSecurityObjectForFrame(ref StackCrawlMark stackMark, bool create);
  40.        
  41.         // Constants used to return status to native
  42.         internal const bool StackContinue = true;
  43.         internal const bool StackHalt = false;
  44.        
  45.         // Returns the number of negative overrides(deny/permitonly) in this secDesc
  46.         private static int OverridesHelper(FrameSecurityDescriptor secDesc)
  47.         {
  48.             // check imperative
  49.             int count = OverridesHelper2(secDesc, false);
  50.             // add declarative
  51.             count += OverridesHelper2(secDesc, true);
  52.             return count;
  53.            
  54.         }
  55.         private static int OverridesHelper2(FrameSecurityDescriptor secDesc, bool fDeclarative)
  56.         {
  57.             PermissionSet permSet;
  58.             int count = 0;
  59.            
  60.             permSet = secDesc.GetPermitOnly(fDeclarative);
  61.             if (permSet != null)
  62.                 count++;
  63.             permSet = secDesc.GetDenials(fDeclarative);
  64.             if (permSet != null)
  65.                 count++;
  66.             return count;
  67.         }
  68.        
  69.         // this method is a big perf hit, so don't call unnecessarily
  70.         static internal MethodInfo GetMethodInfo(RuntimeMethodHandle rmh)
  71.         {
  72.             if (rmh.IsNullHandle())
  73.                 return null;
  74.            
  75.             #if _DEBUG
  76.             try {
  77.                 #endif
  78.                 // Assert here because reflection will check grants and if we fail the check,
  79.                 // there will be an infinite recursion that overflows the stack.
  80.                 PermissionSet.s_fullTrust.Assert();
  81.                 RuntimeTypeHandle rth = rmh.GetDeclaringType();
  82.                 return (System.RuntimeType.GetMethodBase(rth, rmh) as MethodInfo);
  83.                 #if _DEBUG
  84.             }
  85.             catch (Exception) {
  86.                 return null;
  87.             }
  88.             #endif
  89.         }
  90.        
  91.         private static bool FrameDescSetHelper(FrameSecurityDescriptor secDesc, PermissionSet demandSet, out PermissionSet alteredDemandSet, RuntimeMethodHandle rmh)
  92.         {
  93.             return secDesc.CheckSetDemand(demandSet, out alteredDemandSet, rmh);
  94.         }
  95.        
  96.         private static bool FrameDescHelper(FrameSecurityDescriptor secDesc, IPermission demandIn, PermissionToken permToken, RuntimeMethodHandle rmh)
  97.         {
  98.             return secDesc.CheckDemand((CodeAccessPermission)demandIn, permToken, rmh);
  99.         }
  100.        
  101.         //
  102.         // API for PermissionSets
  103.         //
  104.        
  105.         static internal void Assert(PermissionSet permSet, ref StackCrawlMark stackMark)
  106.         {
  107.             // Note: if the "AssertPermission" is not a permission that implements IUnrestrictedPermission
  108.             // you need to change the fourth parameter to a zero.
  109.             FrameSecurityDescriptor secObj = CodeAccessSecurityEngine.CheckNReturnSO(CodeAccessSecurityEngine.AssertPermissionToken, CodeAccessSecurityEngine.AssertPermission, ref stackMark, 1, 1);
  110.            
  111.             BCLDebug.Assert(secObj != null || !SecurityManager._IsSecurityOn(), "Failure in SecurityRuntime.Assert() - secObj != null");
  112.             if (secObj == null) {
  113.                 if (SecurityManager._IsSecurityOn())
  114.                     // Security: REQ_SQ flag is missing. Bad compiler ?
  115.                     throw new ExecutionEngineException(Environment.GetResourceString("ExecutionEngine_MissingSecurityDescriptor"));
  116.             }
  117.             else {
  118.                 if (secObj.HasImperativeAsserts())
  119.                     throw new SecurityException(Environment.GetResourceString("Security_MustRevertOverride"));
  120.                
  121.                 secObj.SetAssert(permSet);
  122.             }
  123.         }
  124.        
  125.         static internal void AssertAllPossible(ref StackCrawlMark stackMark)
  126.         {
  127.             FrameSecurityDescriptor secObj = SecurityRuntime.GetSecurityObjectForFrame(ref stackMark, true);
  128.            
  129.             BCLDebug.Assert(secObj != null || !SecurityManager._IsSecurityOn(), "Failure in SecurityRuntime.AssertAllPossible() - secObj != null");
  130.             if (secObj == null) {
  131.                 if (SecurityManager._IsSecurityOn())
  132.                     // Security: REQ_SQ flag is missing. Bad compiler ?
  133.                     throw new ExecutionEngineException(Environment.GetResourceString("ExecutionEngine_MissingSecurityDescriptor"));
  134.             }
  135.             else {
  136.                 if (secObj.GetAssertAllPossible())
  137.                     throw new SecurityException(Environment.GetResourceString("Security_MustRevertOverride"));
  138.                
  139.                 secObj.SetAssertAllPossible();
  140.             }
  141.         }
  142.        
  143.         static internal void Deny(PermissionSet permSet, ref StackCrawlMark stackMark)
  144.         {
  145.             FrameSecurityDescriptor secObj = SecurityRuntime.GetSecurityObjectForFrame(ref stackMark, true);
  146.            
  147.             BCLDebug.Assert(secObj != null || !SecurityManager._IsSecurityOn(), "Failure in SecurityRuntime.Deny() - secObj != null");
  148.             if (secObj == null) {
  149.                 if (SecurityManager._IsSecurityOn())
  150.                     // Security: REQ_SQ flag is missing. Bad compiler ?
  151.                     throw new ExecutionEngineException(Environment.GetResourceString("ExecutionEngine_MissingSecurityDescriptor"));
  152.             }
  153.             else {
  154.                 if (secObj.HasImperativeDenials())
  155.                     throw new SecurityException(Environment.GetResourceString("Security_MustRevertOverride"));
  156.                
  157.                 secObj.SetDeny(permSet);
  158.             }
  159.         }
  160.        
  161.         static internal void PermitOnly(PermissionSet permSet, ref StackCrawlMark stackMark)
  162.         {
  163.             FrameSecurityDescriptor secObj = SecurityRuntime.GetSecurityObjectForFrame(ref stackMark, true);
  164.            
  165.             BCLDebug.Assert(secObj != null || !SecurityManager._IsSecurityOn(), "Failure in SecurityRuntime.PermitOnly() - secObj != null");
  166.             if (secObj == null) {
  167.                 if (SecurityManager._IsSecurityOn())
  168.                     // Security: REQ_SQ flag is missing. Bad compiler ?
  169.                     throw new ExecutionEngineException(Environment.GetResourceString("ExecutionEngine_MissingSecurityDescriptor"));
  170.             }
  171.             else {
  172.                 if (secObj.HasImperativeRestrictions())
  173.                     throw new SecurityException(Environment.GetResourceString("Security_MustRevertOverride"));
  174.                
  175.                 secObj.SetPermitOnly(permSet);
  176.             }
  177.         }
  178.        
  179.         //
  180.         // Revert API
  181.         //
  182.        
  183.         static internal void RevertAssert(ref StackCrawlMark stackMark)
  184.         {
  185.             FrameSecurityDescriptor secObj = GetSecurityObjectForFrame(ref stackMark, false);
  186.             if (secObj != null) {
  187.                 secObj.RevertAssert();
  188.             }
  189.             else if (SecurityManager._IsSecurityOn())
  190.                 throw new ExecutionEngineException(Environment.GetResourceString("ExecutionEngine_MissingSecurityDescriptor"));
  191.         }
  192.        
  193.         static internal void RevertDeny(ref StackCrawlMark stackMark)
  194.         {
  195.             FrameSecurityDescriptor secObj = GetSecurityObjectForFrame(ref stackMark, false);
  196.             if (secObj != null) {
  197.                 secObj.RevertDeny();
  198.             }
  199.             else if (SecurityManager._IsSecurityOn())
  200.                 throw new ExecutionEngineException(Environment.GetResourceString("ExecutionEngine_MissingSecurityDescriptor"));
  201.         }
  202.        
  203.         static internal void RevertPermitOnly(ref StackCrawlMark stackMark)
  204.         {
  205.             FrameSecurityDescriptor secObj = GetSecurityObjectForFrame(ref stackMark, false);
  206.             if (secObj != null) {
  207.                 secObj.RevertPermitOnly();
  208.             }
  209.             else if (SecurityManager._IsSecurityOn())
  210.                 throw new ExecutionEngineException(Environment.GetResourceString("ExecutionEngine_MissingSecurityDescriptor"));
  211.         }
  212.        
  213.         static internal void RevertAll(ref StackCrawlMark stackMark)
  214.         {
  215.             FrameSecurityDescriptor secObj = GetSecurityObjectForFrame(ref stackMark, false);
  216.             if (secObj != null) {
  217.                 secObj.RevertAll();
  218.             }
  219.             else if (SecurityManager._IsSecurityOn())
  220.                 throw new ExecutionEngineException(Environment.GetResourceString("ExecutionEngine_MissingSecurityDescriptor"));
  221.         }
  222.     }
  223. }

Developer Fusion