mono/linux-packaging-mono
0
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Imported Upstream version 4.2.0.179

Browse Source 
Former-commit-id: 0a113cb3a6feb7873f632839b1307cc6033cd595
This commit is contained in:
Xamarin Public Jenkins
2015-08-26 07:17:56 -04:00
committed by Jo Shields
parent 183bba2c9a
commit 6992685b86
7507 changed files with 90259 additions and 657307 deletions
Download Patch File Download Diff File Expand all files Collapse all files

300
mcs/class/corlib/System.Security/SecurityManager.cs
View File

@ -71,13 +71,12 @@ namespace System.Security {
// properties
[Obsolete]
extern public static bool CheckExecutionRights {
[MethodImplAttribute (MethodImplOptions.InternalCall)]
get;
[MethodImplAttribute (MethodImplOptions.InternalCall)]
[SecurityPermission (SecurityAction.Demand, ControlPolicy = true)]
set;
public static bool CheckExecutionRights {
get {
return false;
}
set {
}
}
[Obsolete ("The security manager cannot be turned off on MS runtime")]
@ -154,68 +153,6 @@ namespace System.Security {
return true;
}
internal static IPermission CheckPermissionSet (Assembly a, PermissionSet ps, bool noncas)
{
if (ps.IsEmpty ())
return null;
foreach (IPermission p in ps) {
// note: this may contains non CAS permissions
if ((!noncas) && (p is CodeAccessPermission)) {
if (!IsGranted (a, p))
return p;
} else {
// but non-CAS will throw on failure...
try {
p.Demand ();
}
catch (SecurityException) {
// ... so we catch
return p;
}
}
}
return null;
}
internal static IPermission CheckPermissionSet (AppDomain ad, PermissionSet ps)
{
if ((ps == null) || ps.IsEmpty ())
return null;
PermissionSet granted = ad.GrantedPermissionSet;
if (granted == null)
return null;
if (granted.IsUnrestricted ())
return null;
if (ps.IsUnrestricted ())
return new SecurityPermission (SecurityPermissionFlag.NoFlags);
foreach (IPermission p in ps) {
if (p is CodeAccessPermission) {
CodeAccessPermission grant = (CodeAccessPermission) granted.GetPermission (p.GetType ());
if (grant == null) {
if (!granted.IsUnrestricted () || !(p is IUnrestrictedPermission)) {
if (!p.IsSubsetOf (null))
return p;
}
} else if (!p.IsSubsetOf (grant)) {
return p;
}
} else {
// but non-CAS will throw on failure...
try {
p.Demand ();
}
catch (SecurityException) {
// ... so we catch
return p;
}
}
}
return null;
}
[Obsolete]
[SecurityPermission (SecurityAction.Demand, ControlPolicy = true)]
public static PolicyLevel LoadPolicyLevelFromFile (string path, PolicyLevelType type)
@ -529,179 +466,6 @@ namespace System.Security {
}
}
// security check when using reflection
[MethodImplAttribute(MethodImplOptions.InternalCall)]
private static unsafe extern bool GetLinkDemandSecurity (MethodBase method, RuntimeDeclSecurityActions *cdecl, RuntimeDeclSecurityActions *mdecl);
// When using reflection LinkDemand are promoted to full Demand (i.e. stack walk)
internal unsafe static void ReflectedLinkDemandInvoke (MethodBase mb)
{
RuntimeDeclSecurityActions klass;
RuntimeDeclSecurityActions method;
if (!GetLinkDemandSecurity (mb, &klass, &method))
return;
PermissionSet ps = null;
if (klass.cas.size > 0) {
ps = Decode (klass.cas.blob, klass.cas.size);
}
if (klass.noncas.size > 0) {
PermissionSet p = Decode (klass.noncas.blob, klass.noncas.size);
ps = (ps == null) ? p : ps.Union (p);
}
if (method.cas.size > 0) {
PermissionSet p = Decode (method.cas.blob, method.cas.size);
ps = (ps == null) ? p : ps.Union (p);
}
if (method.noncas.size > 0) {
PermissionSet p = Decode (method.noncas.blob, method.noncas.size);
ps = (ps == null) ? p : ps.Union (p);
}
// in this case we union-ed the permission sets because we want to do
// a single stack walk (not up to 4).
if (ps != null)
ps.Demand ();
}
internal unsafe static bool ReflectedLinkDemandQuery (MethodBase mb)
{
RuntimeDeclSecurityActions klass;
RuntimeDeclSecurityActions method;
if (!GetLinkDemandSecurity (mb, &klass, &method))
return true;
return LinkDemand (mb.ReflectedType.Assembly, &klass, &method);
}
private unsafe static bool LinkDemand (Assembly a, RuntimeDeclSecurityActions *klass, RuntimeDeclSecurityActions *method)
{
try {
PermissionSet ps = null;
bool result = true;
if (klass->cas.size > 0) {
ps = Decode (klass->cas.blob, klass->cas.size);
result = (SecurityManager.CheckPermissionSet (a, ps, false) == null);
}
if (result && (klass->noncas.size > 0)) {
ps = Decode (klass->noncas.blob, klass->noncas.size);
result = (SecurityManager.CheckPermissionSet (a, ps, true) == null);
}
if (result && (method->cas.size > 0)) {
ps = Decode (method->cas.blob, method->cas.size);
result = (SecurityManager.CheckPermissionSet (a, ps, false) == null);
}
if (result && (method->noncas.size > 0)) {
ps = Decode (method->noncas.blob, method->noncas.size);
result = (SecurityManager.CheckPermissionSet (a, ps, true) == null);
}
return result;
}
catch (SecurityException) {
return false;
}
}
#pragma warning disable 169
private static bool LinkDemandFullTrust (Assembly a)
{
// FullTrust is immutable (and means Unrestricted)
// so we can skip the subset operations and jump to IsUnrestricted.
PermissionSet granted = a.GrantedPermissionSet;
if ((granted != null) && !granted.IsUnrestricted ())
return false;
PermissionSet denied = a.DeniedPermissionSet;
if ((denied != null) && !denied.IsEmpty ())
return false;
return true;
}
private static bool LinkDemandUnmanaged (Assembly a)
{
// note: we know that UnmanagedCode (SecurityPermission) implements IUnrestrictedPermission
return IsGranted (a, UnmanagedCode);
}
// we try to provide as much details as possible to help debugging
private static void LinkDemandSecurityException (int securityViolation, IntPtr methodHandle)
{
RuntimeMethodHandle runtimeHandle = new RuntimeMethodHandle (methodHandle);
MethodInfo method = (MethodInfo)(MethodBase.GetMethodFromHandle (runtimeHandle));
Assembly a = method.DeclaringType.Assembly;
string message = null;
AssemblyName an = null;
PermissionSet granted = null;
PermissionSet refused = null;
object demanded = null;
IPermission failed = null;
if (a != null) {
an = a.UnprotectedGetName ();
granted = a.GrantedPermissionSet;
refused = a.DeniedPermissionSet;
}
switch (securityViolation) {
case 1: // MONO_JIT_LINKDEMAND_PERMISSION
message = Locale.GetText ("Permissions refused to call this method.");
break;
case 2: // MONO_JIT_LINKDEMAND_APTC
message = Locale.GetText ("Partially trusted callers aren't allowed to call into this assembly.");
demanded = (object) DefaultPolicies.FullTrust; // immutable
break;
case 4: // MONO_JIT_LINKDEMAND_ECMA
message = Locale.GetText ("Calling internal calls is restricted to ECMA signed assemblies.");
break;
case 8: // MONO_JIT_LINKDEMAND_PINVOKE
message = Locale.GetText ("Calling unmanaged code isn't allowed from this assembly.");
demanded = (object) _unmanagedCode;
failed = _unmanagedCode;
break;
default:
message = Locale.GetText ("JIT time LinkDemand failed.");
break;
}
throw new SecurityException (message, an, granted, refused, method, SecurityAction.LinkDemand, demanded, failed, null);
}
private static void InheritanceDemandSecurityException (int securityViolation, Assembly a, Type t, MethodInfo method)
{
string message = null;
AssemblyName an = null;
PermissionSet granted = null;
PermissionSet refused = null;
if (a != null) {
an = a.UnprotectedGetName ();
granted = a.GrantedPermissionSet;
refused = a.DeniedPermissionSet;
}
switch (securityViolation) {
case 1: // MONO_METADATA_INHERITANCEDEMAND_CLASS
message = String.Format (Locale.GetText ("Class inheritance refused for {0}."), t);
break;
case 2: // MONO_METADATA_INHERITANCEDEMAND_CLASS
message = Locale.GetText ("Method override refused.");
break;
default:
message = Locale.GetText ("Load time InheritDemand failed.");
break;
}
throw new SecurityException (message, an, granted, refused, method, SecurityAction.InheritanceDemand, null, null, null);
}
// called by the runtime when CoreCLR is enabled
private static void ThrowException (Exception ex)
@ -709,58 +473,6 @@ namespace System.Security {
throw ex;
}
// internal - get called by the class loader
// Called when
// - class inheritance
// - method overrides
private unsafe static bool InheritanceDemand (AppDomain ad, Assembly a, RuntimeDeclSecurityActions *actions)
{
try {
PermissionSet ps = null;
bool result = true;
if (actions->cas.size > 0) {
ps = Decode (actions->cas.blob, actions->cas.size);
result = (SecurityManager.CheckPermissionSet (a, ps, false) == null);
if (result) {
// also check appdomain
result = (SecurityManager.CheckPermissionSet (ad, ps) == null);
}
}
if (actions->noncas.size > 0) {
ps = Decode (actions->noncas.blob, actions->noncas.size);
result = (SecurityManager.CheckPermissionSet (a, ps, true) == null);
if (result) {
// also check appdomain
result = (SecurityManager.CheckPermissionSet (ad, ps) == null);
}
}
return result;
}
catch (SecurityException) {
return false;
}
}
// internal - get called at JIT time
private static void DemandUnmanaged ()
{
UnmanagedCode.Demand ();
}
// internal - get called by JIT generated code
private static void InternalDemand (IntPtr permissions, int length)
{
PermissionSet ps = Decode (permissions, length);
ps.Demand ();
}
private static void InternalDemandChoice (IntPtr permissions, int length)
{
throw new SecurityException ("SecurityAction.DemandChoice was removed from 2.0");
}
#pragma warning restore 169
public static PermissionSet GetStandardSandbox (Evidence evidence)