linux-packaging-mono/mcs/class/corlib/System.Security.Policy/DefaultPolicies.cs

//
// System.Security.Policy.DefaultPolicies.cs
//
// Author:
//	Sebastien Pouliot  <sebastien@ximian.com>
//
// Copyright (C) 2005 Novell, Inc (http://www.novell.com)
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
// "Software"), to deal in the Software without restriction, including
// without limitation the rights to use, copy, modify, merge, publish,
// distribute, sublicense, and/or sell copies of the Software, and to
// permit persons to whom the Software is furnished to do so, subject to
// the following conditions:
// 
// The above copyright notice and this permission notice shall be
// included in all copies or substantial portions of the Software.
// 
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//

using System.Security.Permissions;

namespace System.Security.Policy {

	/* NOTES
	 *
	 * [1]	Some permissions classes are defined _outside_ mscorlib.dll.
	 * 	In this case we're using SecurityElement to construct the 
	 * 	permissions manually.
	 *
	 */

	internal static class DefaultPolicies {

		public static class ReservedNames {
			public const string FullTrust = "FullTrust";
			public const string LocalIntranet = "LocalIntranet";
			public const string Internet = "Internet";
			public const string SkipVerification = "SkipVerification";
			public const string Execution = "Execution";
			public const string Nothing = "Nothing";
			public const string Everything = "Everything";

			static public bool IsReserved (string name) 
			{
				switch (name) {
				case FullTrust:
				case LocalIntranet:
				case Internet:
				case SkipVerification:
				case Execution:
				case Nothing:
				case Everything:
					return true;
				default:
					return false;
				}
			}
		}

		public enum Key {
			Ecma,
			MsFinal,
		}

		private const string DnsPermissionClass = "System.Net.DnsPermission, " + Consts.AssemblySystem;
		private const string EventLogPermissionClass = "System.Diagnostics.EventLogPermission, " + Consts.AssemblySystem;
		private const string PrintingPermissionClass = "System.Drawing.Printing.PrintingPermission, " + Consts.AssemblySystem_Drawing;
		private const string SocketPermissionClass = "System.Net.SocketPermission, " + Consts.AssemblySystem;
		private const string WebPermissionClass = "System.Net.WebPermission, " + Consts.AssemblySystem;
		private const string PerformanceCounterPermissionClass = "System.Diagnostics.PerformanceCounterPermission, " + Consts.AssemblySystem;
		private const string DirectoryServicesPermissionClass = "System.DirectoryServices.DirectoryServicesPermission, " + Consts.AssemblySystem_DirectoryServices;
		private const string MessageQueuePermissionClass = "System.Messaging.MessageQueuePermission, " + Consts.AssemblySystem_Messaging;
		private const string ServiceControllerPermissionClass = "System.ServiceProcess.ServiceControllerPermission, " + Consts.AssemblySystem_ServiceProcess;
		private const string OleDbPermissionClass = "System.Data.OleDb.OleDbPermission, " + Consts.AssemblySystem_Data;
		private const string SqlClientPermissionClass = "System.Data.SqlClient.SqlClientPermission, " + Consts.AssemblySystem_Data;
//		private const string DataProtectionPermissionClass = "System.Security.Permissions.DataProtectionPermission, " + Consts.AssemblySystem_Security;
//		private const string StorePermissionClass = "System.Security.Permissions.StorePermission, " + Consts.AssemblySystem_Security;

		private static Version _fxVersion;
		private static byte[] _ecmaKey = new byte [16] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
		private static StrongNamePublicKeyBlob _ecma;
		private static byte[] _msFinalKey = new byte [160] { 
			0x00, 0x24, 0x00, 0x00, 0x04, 0x80, 0x00, 0x00, 0x94, 0x00, 0x00, 0x00, 0x06, 0x02, 0x00, 0x00,
			0x00, 0x24, 0x00, 0x00, 0x52, 0x53, 0x41, 0x31, 0x00, 0x04, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00,
			0x07, 0xD1, 0xFA, 0x57, 0xC4, 0xAE, 0xD9, 0xF0, 0xA3, 0x2E, 0x84, 0xAA, 0x0F, 0xAE, 0xFD, 0x0D, 
			0xE9, 0xE8, 0xFD, 0x6A, 0xEC, 0x8F, 0x87, 0xFB, 0x03, 0x76, 0x6C, 0x83, 0x4C, 0x99, 0x92, 0x1E, 
			0xB2, 0x3B, 0xE7, 0x9A, 0xD9, 0xD5, 0xDC, 0xC1, 0xDD, 0x9A, 0xD2, 0x36, 0x13, 0x21, 0x02, 0x90, 
			0x0B, 0x72, 0x3C, 0xF9, 0x80, 0x95, 0x7F, 0xC4, 0xE1, 0x77, 0x10, 0x8F, 0xC6, 0x07, 0x77, 0x4F, 
			0x29, 0xE8, 0x32, 0x0E, 0x92, 0xEA, 0x05, 0xEC, 0xE4, 0xE8, 0x21, 0xC0, 0xA5, 0xEF, 0xE8, 0xF1, 
			0x64, 0x5C, 0x4C, 0x0C, 0x93, 0xC1, 0xAB, 0x99, 0x28, 0x5D, 0x62, 0x2C, 0xAA, 0x65, 0x2C, 0x1D, 
			0xFA, 0xD6, 0x3D, 0x74, 0x5D, 0x6F, 0x2D, 0xE5, 0xF1, 0x7E, 0x5E, 0xAF, 0x0F, 0xC4, 0x96, 0x3D, 
			0x26, 0x1C, 0x8A, 0x12, 0x43, 0x65, 0x18, 0x20, 0x6D, 0xC0, 0x93, 0x34, 0x4D, 0x5A, 0xD2, 0x93 };
		private static StrongNamePublicKeyBlob _msFinal;

		private static NamedPermissionSet _fullTrust;
		private static NamedPermissionSet _localIntranet;
		private static NamedPermissionSet _internet;
		private static NamedPermissionSet _skipVerification;
		private static NamedPermissionSet _execution;
		private static NamedPermissionSet _nothing;
		private static NamedPermissionSet _everything;

		public static PermissionSet GetSpecialPermissionSet (string name)
		{
			if (name == null)
				throw new ArgumentNullException ("name");

			switch (name) {
			case ReservedNames.FullTrust:
				return FullTrust;
			case ReservedNames.LocalIntranet:
				return LocalIntranet;
			case ReservedNames.Internet:
				return Internet;
			case ReservedNames.SkipVerification:
				return SkipVerification;
			case ReservedNames.Execution:
				return Execution;
			case ReservedNames.Nothing:
				return Nothing;
			case ReservedNames.Everything:
				return Everything;
			default:
				return null;
			}
		}

		public static PermissionSet FullTrust {
			get {
				if (_fullTrust == null)
					_fullTrust = BuildFullTrust ();
				return _fullTrust;
			}
		}

		public static PermissionSet LocalIntranet {
			get {
				if (_localIntranet == null)
					_localIntranet = BuildLocalIntranet ();
				return _localIntranet;
			}
		}

		public static PermissionSet Internet {
			get {
				if (_internet == null)
					_internet = BuildInternet ();
				return _internet;
			}
		}

		public static PermissionSet SkipVerification {
			get {
				if (_skipVerification == null)
					_skipVerification = BuildSkipVerification ();
				return _skipVerification;
			}
		}

		public static PermissionSet Execution {
			get {
				if (_execution == null)
					_execution = BuildExecution ();
				return _execution;
			}
		}


		public static PermissionSet Nothing {
			get {
				if (_nothing == null)
					_nothing = BuildNothing ();
				return _nothing;
			}
		}

		public static PermissionSet Everything {
			get {
				if (_everything == null)
					_everything = BuildEverything ();
				return _everything;
			}
		}

		public static StrongNameMembershipCondition FullTrustMembership (string name, Key key)
		{
			StrongNamePublicKeyBlob snkb = null;

			switch (key) {
			case Key.Ecma:
				if (_ecma == null) {
					_ecma = new StrongNamePublicKeyBlob (_ecmaKey);
				}
				snkb = _ecma;
				break;
			case Key.MsFinal:
				if (_msFinal == null) {
					_msFinal = new StrongNamePublicKeyBlob (_msFinalKey);
				}
				snkb = _msFinal;
				break;
			}

			if (_fxVersion == null)
			{
				_fxVersion = new Version (Consts.FxVersion);
			}

			return new StrongNameMembershipCondition (snkb, name, _fxVersion);
		}

		// internal stuff

		private static NamedPermissionSet BuildFullTrust ()
		{
			return new NamedPermissionSet (ReservedNames.FullTrust, PermissionState.Unrestricted);
		}

		private static NamedPermissionSet BuildLocalIntranet ()
		{
			NamedPermissionSet nps = new NamedPermissionSet (ReservedNames.LocalIntranet, PermissionState.None);

			nps.AddPermission (new EnvironmentPermission (EnvironmentPermissionAccess.Read, "USERNAME;USER"));

			nps.AddPermission (new FileDialogPermission (PermissionState.Unrestricted));

			IsolatedStorageFilePermission isfp = new IsolatedStorageFilePermission (PermissionState.None);
			isfp.UsageAllowed = IsolatedStorageContainment.AssemblyIsolationByUser;
			isfp.UserQuota = Int64.MaxValue;
			nps.AddPermission (isfp);

			nps.AddPermission (new ReflectionPermission (ReflectionPermissionFlag.ReflectionEmit));

			SecurityPermissionFlag spf = SecurityPermissionFlag.Execution | SecurityPermissionFlag.Assertion;
			nps.AddPermission (new SecurityPermission (spf));

			nps.AddPermission (new UIPermission (PermissionState.Unrestricted));

			// DnsPermission requires stuff outside corlib (System)
			nps.AddPermission (PermissionBuilder.Create (DnsPermissionClass, PermissionState.Unrestricted));

			// PrintingPermission requires stuff outside corlib (System.Drawing)
			nps.AddPermission (PermissionBuilder.Create (PrintingPermission ("SafePrinting")));
			return nps;
		}

		private static NamedPermissionSet BuildInternet ()
		{
			NamedPermissionSet nps = new NamedPermissionSet (ReservedNames.Internet, PermissionState.None);
			nps.AddPermission (new FileDialogPermission (FileDialogPermissionAccess.Open));

			IsolatedStorageFilePermission isfp = new IsolatedStorageFilePermission (PermissionState.None);
			isfp.UsageAllowed = IsolatedStorageContainment.DomainIsolationByUser;
			isfp.UserQuota = 512000;
			nps.AddPermission (isfp);

			nps.AddPermission (new SecurityPermission (SecurityPermissionFlag.Execution));

			nps.AddPermission (new UIPermission (UIPermissionWindow.SafeTopLevelWindows, UIPermissionClipboard.OwnClipboard));

			// PrintingPermission requires stuff outside corlib (System.Drawing)
			nps.AddPermission (PermissionBuilder.Create (PrintingPermission ("SafePrinting")));
			return nps;
		}

		private static NamedPermissionSet BuildSkipVerification ()
		{
			NamedPermissionSet nps = new NamedPermissionSet (ReservedNames.SkipVerification, PermissionState.None);
			nps.AddPermission (new SecurityPermission (SecurityPermissionFlag.SkipVerification));
			return nps;
		}

		private static NamedPermissionSet BuildExecution ()
		{
			NamedPermissionSet nps = new NamedPermissionSet (ReservedNames.Execution, PermissionState.None);
			nps.AddPermission (new SecurityPermission (SecurityPermissionFlag.Execution));
			return nps;
		}

		private static NamedPermissionSet BuildNothing ()
		{
			return new NamedPermissionSet (ReservedNames.Nothing, PermissionState.None);
		}

		private static NamedPermissionSet BuildEverything ()
		{
			NamedPermissionSet nps = new NamedPermissionSet (ReservedNames.Everything, PermissionState.None);

			nps.AddPermission (new EnvironmentPermission (PermissionState.Unrestricted));
			nps.AddPermission (new FileDialogPermission (PermissionState.Unrestricted));
			nps.AddPermission (new FileIOPermission (PermissionState.Unrestricted));
			nps.AddPermission (new IsolatedStorageFilePermission (PermissionState.Unrestricted));
			nps.AddPermission (new ReflectionPermission (PermissionState.Unrestricted));
			nps.AddPermission (new RegistryPermission (PermissionState.Unrestricted));
			nps.AddPermission (new KeyContainerPermission (PermissionState.Unrestricted));

			// not quite all in this case
			SecurityPermissionFlag spf = SecurityPermissionFlag.AllFlags;
			spf &= ~SecurityPermissionFlag.SkipVerification;
			nps.AddPermission (new SecurityPermission (spf));

			nps.AddPermission (new UIPermission (PermissionState.Unrestricted));

			// others requires stuff outside corlib
			nps.AddPermission (PermissionBuilder.Create (DnsPermissionClass, PermissionState.Unrestricted));
			nps.AddPermission (PermissionBuilder.Create (PrintingPermissionClass, PermissionState.Unrestricted));
			nps.AddPermission (PermissionBuilder.Create (EventLogPermissionClass, PermissionState.Unrestricted));

			nps.AddPermission (PermissionBuilder.Create (SocketPermissionClass, PermissionState.Unrestricted));
			nps.AddPermission (PermissionBuilder.Create (WebPermissionClass, PermissionState.Unrestricted));
			nps.AddPermission (PermissionBuilder.Create (PerformanceCounterPermissionClass, PermissionState.Unrestricted));
			nps.AddPermission (PermissionBuilder.Create (DirectoryServicesPermissionClass, PermissionState.Unrestricted));
			nps.AddPermission (PermissionBuilder.Create (MessageQueuePermissionClass, PermissionState.Unrestricted));
			nps.AddPermission (PermissionBuilder.Create (ServiceControllerPermissionClass, PermissionState.Unrestricted));
			nps.AddPermission (PermissionBuilder.Create (OleDbPermissionClass, PermissionState.Unrestricted));
			nps.AddPermission (PermissionBuilder.Create (SqlClientPermissionClass, PermissionState.Unrestricted));
//			nps.AddPermission (PermissionBuilder.Create (DataProtectionPermissionClass, PermissionState.Unrestricted));
//			nps.AddPermission (PermissionBuilder.Create (StorePermissionClass, PermissionState.Unrestricted));
			return nps;
		}

		private static SecurityElement PrintingPermission (string level)
		{
			SecurityElement se = new SecurityElement ("IPermission");
			se.AddAttribute ("class", PrintingPermissionClass);
			se.AddAttribute ("version", "1");
			se.AddAttribute ("Level", level);
			return se;
		}

	}
}