2014-08-13 10:39:27 +01:00
|
|
|
//
|
|
|
|
|
// System.Security.CodeAccessPermission.cs
|
|
|
|
|
//
|
|
|
|
|
// Authors:
|
|
|
|
|
// Miguel de Icaza (miguel@ximian.com)
|
|
|
|
|
// Nick Drochak, ndrochak@gol.com
|
|
|
|
|
// Sebastien Pouliot <sebastien@ximian.com>
|
|
|
|
|
//
|
|
|
|
|
// (C) Ximian, Inc. http://www.ximian.com
|
|
|
|
|
// Copyright (C) 2001 Nick Drochak, All Rights Reserved
|
|
|
|
|
// Portions (C) 2004 Motus Technologies Inc. (http://www.motus.com)
|
|
|
|
|
// Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
|
|
|
|
|
//
|
|
|
|
|
// Permission is hereby granted, free of charge, to any person obtaining
|
|
|
|
|
// a copy of this software and associated documentation files (the
|
|
|
|
|
// "Software"), to deal in the Software without restriction, including
|
|
|
|
|
// without limitation the rights to use, copy, modify, merge, publish,
|
|
|
|
|
// distribute, sublicense, and/or sell copies of the Software, and to
|
|
|
|
|
// permit persons to whom the Software is furnished to do so, subject to
|
|
|
|
|
// the following conditions:
|
|
|
|
|
//
|
|
|
|
|
// The above copyright notice and this permission notice shall be
|
|
|
|
|
// included in all copies or substantial portions of the Software.
|
|
|
|
|
//
|
|
|
|
|
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
|
|
|
|
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
|
|
|
|
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
|
|
|
|
// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
|
|
|
|
// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
|
|
|
|
// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
|
|
|
|
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
|
|
|
|
//
|
|
|
|
|
|
|
|
|
|
using System.Diagnostics;
|
|
|
|
|
using System.Globalization;
|
|
|
|
|
using System.Reflection;
|
|
|
|
|
using System.Runtime.CompilerServices;
|
|
|
|
|
using System.Runtime.InteropServices;
|
|
|
|
|
using System.Security.Permissions;
|
|
|
|
|
using System.Threading;
|
|
|
|
|
|
|
|
|
|
namespace System.Security {
|
|
|
|
|
|
|
|
|
|
[Serializable]
|
|
|
|
|
[SecurityPermission (SecurityAction.InheritanceDemand, ControlEvidence = true, ControlPolicy = true)]
|
|
|
|
|
[ComVisible (true)]
|
|
|
|
|
[MonoTODO ("CAS support is experimental (and unsupported).")]
|
|
|
|
|
public abstract class CodeAccessPermission : IPermission, ISecurityEncodable, IStackWalk {
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
protected CodeAccessPermission ()
|
|
|
|
|
{
|
|
|
|
|
}
|
|
|
|
|
|
2016-08-03 10:59:49 +00:00
|
|
|
#if MOBILE
|
2017-04-10 11:41:01 +00:00
|
|
|
[Conditional ("MONO_FEATURE_CAS")]
|
2016-08-03 10:59:49 +00:00
|
|
|
#else
|
2014-08-13 10:39:27 +01:00
|
|
|
[MonoTODO ("CAS support is experimental (and unsupported). Imperative mode is not implemented.")]
|
2016-08-03 10:59:49 +00:00
|
|
|
#endif
|
2014-08-13 10:39:27 +01:00
|
|
|
public void Assert ()
|
|
|
|
|
{
|
|
|
|
|
new PermissionSet (this).Assert ();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public abstract IPermission Copy ();
|
|
|
|
|
|
2016-08-03 10:59:49 +00:00
|
|
|
#if MOBILE
|
2017-04-10 11:41:01 +00:00
|
|
|
[Conditional ("MONO_FEATURE_CAS")]
|
2016-08-03 10:59:49 +00:00
|
|
|
#endif
|
2014-08-13 10:39:27 +01:00
|
|
|
public void Demand ()
|
|
|
|
|
{
|
|
|
|
|
// note: here we're sure it's a CAS demand
|
|
|
|
|
if (!SecurityManager.SecurityEnabled)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
// skip frames until we get the caller (of our caller)
|
|
|
|
|
new PermissionSet (this).CasOnlyDemand (3);
|
|
|
|
|
}
|
|
|
|
|
|
2016-08-03 10:59:49 +00:00
|
|
|
#if MOBILE
|
2017-04-10 11:41:01 +00:00
|
|
|
[Conditional ("MONO_FEATURE_CAS")]
|
2016-08-03 10:59:49 +00:00
|
|
|
#else
|
2014-08-13 10:39:27 +01:00
|
|
|
[MonoTODO ("CAS support is experimental (and unsupported). Imperative mode is not implemented.")]
|
2016-08-03 10:59:49 +00:00
|
|
|
#endif
|
2014-08-13 10:39:27 +01:00
|
|
|
public void Deny ()
|
|
|
|
|
{
|
|
|
|
|
new PermissionSet (this).Deny ();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
[ComVisible (false)]
|
|
|
|
|
public override bool Equals (object obj)
|
|
|
|
|
{
|
|
|
|
|
if (obj == null)
|
|
|
|
|
return false;
|
|
|
|
|
if (obj.GetType () != this.GetType ())
|
|
|
|
|
return false;
|
|
|
|
|
CodeAccessPermission cap = (obj as CodeAccessPermission);
|
|
|
|
|
return (IsSubsetOf (cap) && cap.IsSubsetOf (this));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public abstract void FromXml (SecurityElement elem);
|
|
|
|
|
|
|
|
|
|
[ComVisible (false)]
|
|
|
|
|
public override int GetHashCode ()
|
|
|
|
|
{
|
|
|
|
|
return base.GetHashCode ();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public abstract IPermission Intersect (IPermission target);
|
|
|
|
|
|
|
|
|
|
public abstract bool IsSubsetOf (IPermission target);
|
|
|
|
|
|
|
|
|
|
public override string ToString ()
|
|
|
|
|
{
|
|
|
|
|
SecurityElement elem = ToXml ();
|
|
|
|
|
return elem.ToString ();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public abstract SecurityElement ToXml ();
|
|
|
|
|
|
|
|
|
|
public virtual IPermission Union (IPermission other)
|
|
|
|
|
{
|
|
|
|
|
if (null != other)
|
|
|
|
|
throw new System.NotSupportedException (); // other is not null.
|
|
|
|
|
return null;
|
|
|
|
|
}
|
|
|
|
|
|
2016-08-03 10:59:49 +00:00
|
|
|
#if MOBILE
|
2017-04-10 11:41:01 +00:00
|
|
|
[Conditional ("MONO_FEATURE_CAS")]
|
2016-08-03 10:59:49 +00:00
|
|
|
#else
|
2014-08-13 10:39:27 +01:00
|
|
|
[MonoTODO ("CAS support is experimental (and unsupported). Imperative mode is not implemented.")]
|
2016-08-03 10:59:49 +00:00
|
|
|
#endif
|
2014-08-13 10:39:27 +01:00
|
|
|
public void PermitOnly ()
|
|
|
|
|
{
|
|
|
|
|
new PermissionSet (this).PermitOnly ();
|
|
|
|
|
}
|
|
|
|
|
|
2016-08-03 10:59:49 +00:00
|
|
|
#if MOBILE
|
2017-04-10 11:41:01 +00:00
|
|
|
[Conditional ("MONO_FEATURE_CAS")]
|
2016-08-03 10:59:49 +00:00
|
|
|
#else
|
2014-08-13 10:39:27 +01:00
|
|
|
[MonoTODO ("CAS support is experimental (and unsupported). Imperative mode is not implemented.")]
|
2016-08-03 10:59:49 +00:00
|
|
|
#endif
|
2014-08-13 10:39:27 +01:00
|
|
|
public static void RevertAll ()
|
|
|
|
|
{
|
|
|
|
|
if (!SecurityManager.SecurityEnabled)
|
|
|
|
|
return;
|
2015-08-26 07:17:56 -04:00
|
|
|
throw new NotImplementedException ();
|
2014-08-13 10:39:27 +01:00
|
|
|
}
|
|
|
|
|
|
2016-08-03 10:59:49 +00:00
|
|
|
#if MOBILE
|
2017-04-10 11:41:01 +00:00
|
|
|
[Conditional ("MONO_FEATURE_CAS")]
|
2016-08-03 10:59:49 +00:00
|
|
|
#else
|
2014-08-13 10:39:27 +01:00
|
|
|
[MonoTODO ("CAS support is experimental (and unsupported). Imperative mode is not implemented.")]
|
2016-08-03 10:59:49 +00:00
|
|
|
#endif
|
2014-08-13 10:39:27 +01:00
|
|
|
public static void RevertAssert ()
|
|
|
|
|
{
|
|
|
|
|
if (!SecurityManager.SecurityEnabled)
|
|
|
|
|
return;
|
2015-08-26 07:17:56 -04:00
|
|
|
throw new NotImplementedException ();
|
2014-08-13 10:39:27 +01:00
|
|
|
}
|
|
|
|
|
|
2016-08-03 10:59:49 +00:00
|
|
|
#if MOBILE
|
2017-04-10 11:41:01 +00:00
|
|
|
[Conditional ("MONO_FEATURE_CAS")]
|
2016-08-03 10:59:49 +00:00
|
|
|
#else
|
2014-08-13 10:39:27 +01:00
|
|
|
[MonoTODO ("CAS support is experimental (and unsupported). Imperative mode is not implemented.")]
|
2016-08-03 10:59:49 +00:00
|
|
|
#endif
|
2014-08-13 10:39:27 +01:00
|
|
|
public static void RevertDeny ()
|
|
|
|
|
{
|
|
|
|
|
if (!SecurityManager.SecurityEnabled)
|
|
|
|
|
return;
|
2015-08-26 07:17:56 -04:00
|
|
|
throw new NotImplementedException ();
|
2014-08-13 10:39:27 +01:00
|
|
|
}
|
|
|
|
|
|
2016-08-03 10:59:49 +00:00
|
|
|
#if MOBILE
|
2017-04-10 11:41:01 +00:00
|
|
|
[Conditional ("MONO_FEATURE_CAS")]
|
2016-08-03 10:59:49 +00:00
|
|
|
#else
|
2014-08-13 10:39:27 +01:00
|
|
|
[MonoTODO ("CAS support is experimental (and unsupported). Imperative mode is not implemented.")]
|
2016-08-03 10:59:49 +00:00
|
|
|
#endif
|
2014-08-13 10:39:27 +01:00
|
|
|
public static void RevertPermitOnly ()
|
|
|
|
|
{
|
|
|
|
|
if (!SecurityManager.SecurityEnabled)
|
|
|
|
|
return;
|
2015-08-26 07:17:56 -04:00
|
|
|
throw new NotImplementedException ();
|
2014-08-13 10:39:27 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Internal helpers methods
|
|
|
|
|
|
|
|
|
|
// snippet moved from FileIOPermission (nickd) to be reused in all derived classes
|
|
|
|
|
internal SecurityElement Element (int version)
|
|
|
|
|
{
|
|
|
|
|
SecurityElement se = new SecurityElement ("IPermission");
|
|
|
|
|
Type type = this.GetType ();
|
|
|
|
|
se.AddAttribute ("class", type.FullName + ", " + type.Assembly.ToString ().Replace ('\"', '\''));
|
|
|
|
|
se.AddAttribute ("version", version.ToString ());
|
|
|
|
|
return se;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
internal static PermissionState CheckPermissionState (PermissionState state, bool allowUnrestricted)
|
|
|
|
|
{
|
|
|
|
|
string msg;
|
|
|
|
|
switch (state) {
|
|
|
|
|
case PermissionState.None:
|
|
|
|
|
break;
|
|
|
|
|
case PermissionState.Unrestricted:
|
|
|
|
|
// unrestricted permissions are possible for identiy permissions
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
msg = String.Format (Locale.GetText ("Invalid enum {0}"), state);
|
|
|
|
|
throw new ArgumentException (msg, "state");
|
|
|
|
|
}
|
|
|
|
|
return state;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
internal static int CheckSecurityElement (SecurityElement se, string parameterName, int minimumVersion, int maximumVersion)
|
|
|
|
|
{
|
|
|
|
|
if (se == null)
|
|
|
|
|
throw new ArgumentNullException (parameterName);
|
|
|
|
|
|
|
|
|
|
// Tag is case-sensitive
|
|
|
|
|
if (se.Tag != "IPermission") {
|
|
|
|
|
string msg = String.Format (Locale.GetText ("Invalid tag {0}"), se.Tag);
|
|
|
|
|
throw new ArgumentException (msg, parameterName);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Note: we do not care about the class attribute at
|
|
|
|
|
// this stage (in fact we don't even if the class
|
|
|
|
|
// attribute is present or not). Anyway the object has
|
|
|
|
|
// already be created, with success, if we're loading it
|
|
|
|
|
|
|
|
|
|
// we assume minimum version if no version number is supplied
|
|
|
|
|
int version = minimumVersion;
|
|
|
|
|
string v = se.Attribute ("version");
|
|
|
|
|
if (v != null) {
|
|
|
|
|
try {
|
|
|
|
|
version = Int32.Parse (v);
|
|
|
|
|
}
|
|
|
|
|
catch (Exception e) {
|
|
|
|
|
string msg = Locale.GetText ("Couldn't parse version from '{0}'.");
|
|
|
|
|
msg = String.Format (msg, v);
|
|
|
|
|
throw new ArgumentException (msg, parameterName, e);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ((version < minimumVersion) || (version > maximumVersion)) {
|
|
|
|
|
string msg = Locale.GetText ("Unknown version '{0}', expected versions between ['{1}','{2}'].");
|
|
|
|
|
msg = String.Format (msg, version, minimumVersion, maximumVersion);
|
|
|
|
|
throw new ArgumentException (msg, parameterName);
|
|
|
|
|
}
|
|
|
|
|
return version;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// must be called after CheckSecurityElement (i.e. se != null)
|
|
|
|
|
internal static bool IsUnrestricted (SecurityElement se)
|
|
|
|
|
{
|
|
|
|
|
string value = se.Attribute ("Unrestricted");
|
|
|
|
|
if (value == null)
|
|
|
|
|
return false;
|
|
|
|
|
return (String.Compare (value, Boolean.TrueString, true, CultureInfo.InvariantCulture) == 0);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
internal static void ThrowInvalidPermission (IPermission target, Type expected)
|
|
|
|
|
{
|
|
|
|
|
string msg = Locale.GetText ("Invalid permission type '{0}', expected type '{1}'.");
|
|
|
|
|
msg = String.Format (msg, target.GetType (), expected);
|
|
|
|
|
throw new ArgumentException (msg, "target");
|
|
|
|
|
}
|
2016-08-03 10:59:49 +00:00
|
|
|
|
|
|
|
|
#if MOBILE
|
|
|
|
|
// Workaround for CS0629
|
|
|
|
|
void IStackWalk.Assert ()
|
|
|
|
|
{
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void IStackWalk.Deny ()
|
|
|
|
|
{
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void IStackWalk.PermitOnly ()
|
|
|
|
|
{
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void IStackWalk.Demand ()
|
|
|
|
|
{
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void IPermission.Demand ()
|
|
|
|
|
{
|
|
|
|
|
}
|
|
|
|
|
#endif
|
2014-08-13 10:39:27 +01:00
|
|
|
}
|
|
|
|
|
}
|
