// ==++== // // Copyright (c) Microsoft Corporation. All rights reserved. // // ==--== // [....] // // // SecurityManager.cs // // The SecurityManager class provides a general purpose API for interacting // with the security system. // namespace System.Security { using System; using System.Security.Util; using System.Security.Policy; using System.Security.Permissions; using System.Collections; using System.Runtime.InteropServices; using System.Runtime.CompilerServices; #if FEATURE_CLICKONCE using System.Runtime.Hosting; #endif // FEATURE_CLICKONCE using System.Text; using System.Threading; using System.Reflection; using System.IO; using System.Globalization; using System.Runtime.Versioning; using System.Diagnostics.Contracts; [Serializable] [System.Runtime.InteropServices.ComVisible(true)] public enum PolicyLevelType { User = 0, Machine = 1, Enterprise = 2, AppDomain = 3 } [System.Runtime.InteropServices.ComVisible(true)] static public class SecurityManager { #if FEATURE_CAS_POLICY private static volatile SecurityPermission executionSecurityPermission = null; private static PolicyManager polmgr = new PolicyManager(); internal static PolicyManager PolicyManager { get { return polmgr; } } // // Public APIs // [System.Security.SecuritySafeCritical] // auto-generated [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable [Obsolete("IsGranted is obsolete and will be removed in a future release of the .NET Framework. Please use the PermissionSet property of either AppDomain or Assembly instead.")] public static bool IsGranted( IPermission perm ) { if (perm == null) return true; PermissionSet granted = null, denied = null; StackCrawlMark stackMark = StackCrawlMark.LookForMyCaller; GetGrantedPermissions( JitHelpers.GetObjectHandleOnStack(ref granted), JitHelpers.GetObjectHandleOnStack(ref denied), JitHelpers.GetStackCrawlMarkHandle(ref stackMark) ); return granted.Contains( perm ) && (denied == null || !denied.Contains( perm )); } // Get a sandbox permission set that the CLR considers safe to grant an application with the given // evidence. Note that this API is not a policy API, but rather a host helper API so that a host can // determine if an application's requested permission set is reasonable. This is esentially just a // hard coded mapping of Zone -> Sandbox and is not configurable in any way. public static PermissionSet GetStandardSandbox(Evidence evidence) { if (evidence == null) throw new ArgumentNullException("evidence"); Contract.EndContractBlock(); // // The top-level switch for grant set is based upon Zone // MyComputer -> FullTrust // Intranet -> LocalIntranet // Trusted -> Internet // Internet -> Internet // All else -> Nothing // // Both the Internet and LocalIntranet zones can have permission set extensions applied to them // if there is Activation. // Zone zone = evidence.GetHostEvidence(); if (zone == null) { return new PermissionSet(PermissionState.None); } #if FEATURE_CAS_POLICY else if (zone.SecurityZone == SecurityZone.MyComputer) { return new PermissionSet(PermissionState.Unrestricted); } else if (zone.SecurityZone == SecurityZone.Intranet) { PermissionSet intranetGrantSet = BuiltInPermissionSets.LocalIntranet; // We also need to add in same site web and file IO permission PolicyStatement webPolicy = new NetCodeGroup(new AllMembershipCondition()).Resolve(evidence); PolicyStatement filePolicy = new FileCodeGroup(new AllMembershipCondition(), FileIOPermissionAccess.Read | FileIOPermissionAccess.PathDiscovery).Resolve(evidence); if (webPolicy != null) { intranetGrantSet.InplaceUnion(webPolicy.PermissionSet); } if (filePolicy != null) { intranetGrantSet.InplaceUnion(filePolicy.PermissionSet); } return intranetGrantSet; } else if (zone.SecurityZone == SecurityZone.Internet || zone.SecurityZone == SecurityZone.Trusted) { PermissionSet internetGrantSet = BuiltInPermissionSets.Internet; // We also need to add in same site web permission PolicyStatement webPolicy = new NetCodeGroup(new AllMembershipCondition()).Resolve(evidence); if (webPolicy != null) { internetGrantSet.InplaceUnion(webPolicy.PermissionSet); } return internetGrantSet; } #endif // FEATURE_CAS_POLICY else { return new PermissionSet(PermissionState.None); } } /// [System.Security.SecurityCritical] // auto-generated_required [MethodImplAttribute(MethodImplOptions.NoInlining)] // Methods containing StackCrawlMark local var has to be marked non-inlineable static public void GetZoneAndOrigin( out ArrayList zone, out ArrayList origin ) { StackCrawlMark mark = StackCrawlMark.LookForMyCaller; CodeAccessSecurityEngine.GetZoneAndOrigin( ref mark, out zone, out origin ); } [System.Security.SecuritySafeCritical] // auto-generated [SecurityPermissionAttribute( SecurityAction.Demand, Flags = SecurityPermissionFlag.ControlPolicy )] [ResourceExposure(ResourceScope.Machine)] [ResourceConsumption(ResourceScope.Machine)] [Obsolete("This method is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")] static public PolicyLevel LoadPolicyLevelFromFile(string path, PolicyLevelType type) { if (path == null) throw new ArgumentNullException( "path" ); Contract.EndContractBlock(); if (!AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled) { throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyExplicit")); } // We need to retain V1.x compatibility by throwing the same exception type. if (!File.InternalExists(path)) throw new ArgumentException( Environment.GetResourceString("Argument_PolicyFileDoesNotExist")); String fullPath = Path.GetFullPath( path ); FileIOPermission perm = new FileIOPermission( PermissionState.None ); perm.AddPathList( FileIOPermissionAccess.Read, fullPath ); perm.AddPathList( FileIOPermissionAccess.Write, fullPath ); perm.Demand(); using (FileStream stream = new FileStream(path, FileMode.Open, FileAccess.Read)) { using (StreamReader reader = new StreamReader(stream)) { return LoadPolicyLevelFromStringHelper(reader.ReadToEnd(), path, type); } } } [System.Security.SecuritySafeCritical] // auto-generated [SecurityPermissionAttribute( SecurityAction.Demand, Flags = SecurityPermissionFlag.ControlPolicy )] [ResourceExposure(ResourceScope.None)] [ResourceConsumption(ResourceScope.Machine, ResourceScope.Machine)] [Obsolete("This method is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")] static public PolicyLevel LoadPolicyLevelFromString(string str, PolicyLevelType type) { return LoadPolicyLevelFromStringHelper(str, null, type); } [ResourceExposure(ResourceScope.Machine)] [ResourceConsumption(ResourceScope.Machine)] private static PolicyLevel LoadPolicyLevelFromStringHelper (string str, string path, PolicyLevelType type) { if (str == null) throw new ArgumentNullException( "str" ); Contract.EndContractBlock(); PolicyLevel level = new PolicyLevel(type, path); Parser parser = new Parser( str ); SecurityElement elRoot = parser.GetTopElement(); if (elRoot == null) throw new ArgumentException( String.Format( CultureInfo.CurrentCulture, Environment.GetResourceString( "Policy_BadXml" ), "configuration" ) ); SecurityElement elMscorlib = elRoot.SearchForChildByTag( "mscorlib" ); if (elMscorlib == null) throw new ArgumentException( String.Format( CultureInfo.CurrentCulture, Environment.GetResourceString( "Policy_BadXml" ), "mscorlib" ) ); SecurityElement elSecurity = elMscorlib.SearchForChildByTag( "security" ); if (elSecurity == null) throw new ArgumentException( String.Format( CultureInfo.CurrentCulture, Environment.GetResourceString( "Policy_BadXml" ), "security" ) ); SecurityElement elPolicy = elSecurity.SearchForChildByTag( "policy" ); if (elPolicy == null) throw new ArgumentException( String.Format( CultureInfo.CurrentCulture, Environment.GetResourceString( "Policy_BadXml" ), "policy" ) ); SecurityElement elPolicyLevel = elPolicy.SearchForChildByTag( "PolicyLevel" ); if (elPolicyLevel != null) level.FromXml( elPolicyLevel ); else throw new ArgumentException( String.Format( CultureInfo.CurrentCulture, Environment.GetResourceString( "Policy_BadXml" ), "PolicyLevel" ) ); return level; } [System.Security.SecuritySafeCritical] // auto-generated [SecurityPermissionAttribute( SecurityAction.Demand, Flags = SecurityPermissionFlag.ControlPolicy )] [Obsolete("This method is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")] static public void SavePolicyLevel( PolicyLevel level ) { if (!AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled) { throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyExplicit")); } PolicyManager.EncodeLevel( level ); } [System.Security.SecuritySafeCritical] // auto-generated [Obsolete("This method is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")] static public PermissionSet ResolvePolicy(Evidence evidence, PermissionSet reqdPset, PermissionSet optPset, PermissionSet denyPset, out PermissionSet denied) { if (!AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled) { throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyExplicit")); } return ResolvePolicy(evidence, reqdPset, optPset, denyPset, out denied, true); } [System.Security.SecuritySafeCritical] // auto-generated [Obsolete("This method is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")] static public PermissionSet ResolvePolicy(Evidence evidence) { if (!AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled) { throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyExplicit")); } // If we aren't passed any evidence, just make an empty object if (evidence == null) { evidence = new Evidence(); } return polmgr.Resolve(evidence); } [Obsolete("This method is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")] static public PermissionSet ResolvePolicy( Evidence[] evidences ) { if (!AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled) { throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyExplicit")); } if (evidences == null || evidences.Length == 0) evidences = new Evidence[] { null }; PermissionSet retval = ResolvePolicy( evidences[0] ); if (retval == null) return null; for (int i = 1; i < evidences.Length; ++i) { retval = retval.Intersect( ResolvePolicy( evidences[i] ) ); if (retval == null || retval.IsEmpty()) return retval; } return retval; } #if FEATURE_CAS_POLICY // Determine if the current thread would require a security context capture if the security state of // the thread needs to be re-created at a later point in time. This can be used, for instance, if // sensitive data is being obtained after security demands succeed, and that data is to be cached. // If there is an Assert up the stack, then we wouldn't want to cache the data without capturing the // corresponding security context to go along with it - otherwise we risk leaking data obtained // under an assert to code which may no longer be running with that assert in place. // // A return value of false indicates that the CLR guarantees all of the following conditions are true: // 1. No partial trust AppDomains are on the stack // 2. No partial trust assemblies are on the stack // 3. There are no currently active PermitOnly or Deny modifiers on the stack // // A return value of true means only that the CLR cannot guarantee that all of the conditions are // true, and not that one of the conditions really is false. // // IMPORTANT: The above means is only reliable in the false return case. If we say that the thread // does not require a context capture, then that answer is guaranteed to be correct. However, we may // say that the thread does require a capture when it does not actually strictly need to capture the // state. This is fine, as being overly conservative when capturing context will not lead to // security holes; being overly agresssive in avoding the capture could lead to holes however. // // This API is SecurityCritical because its main use is to optimize away unnecessary security // context captures, which means that the code using it is security sensitive and needs to be audited. [SecurityCritical] public static bool CurrentThreadRequiresSecurityContextCapture() { // If we know that the thread is not made up of entirely full trust code, and that there are no // security stack modifiers on the thread, then there is no need to capture a security context. return !CodeAccessSecurityEngine.QuickCheckForAllDemands(); } #endif // FEATURE_CAS_POLICY // // This method resolves the policy for the specified evidence, but it // ignores the AppDomain level even when one is available in the current policy. // [System.Security.SecuritySafeCritical] // auto-generated [Obsolete("This method is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")] public static PermissionSet ResolveSystemPolicy (Evidence evidence) { if (!AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled) { throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyExplicit")); } if (PolicyManager.IsGacAssembly(evidence)) { return new PermissionSet(PermissionState.Unrestricted); } return polmgr.CodeGroupResolve(evidence, true); } [System.Security.SecuritySafeCritical] // auto-generated [Obsolete("This method is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")] static public IEnumerator ResolvePolicyGroups(Evidence evidence) { if (!AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled) { throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyExplicit")); } return polmgr.ResolveCodeGroups(evidence); } [System.Security.SecuritySafeCritical] // auto-generated [Obsolete("This method is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")] public static IEnumerator PolicyHierarchy() { if (!AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled) { throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyExplicit")); } return polmgr.PolicyHierarchy(); } [System.Security.SecuritySafeCritical] // auto-generated [SecurityPermissionAttribute( SecurityAction.Demand, Flags = SecurityPermissionFlag.ControlPolicy )] [Obsolete("This method is obsolete and will be removed in a future release of the .NET Framework. See http://go.microsoft.com/fwlink/?LinkID=155570 for more information.")] public static void SavePolicy() { if (!AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled) { throw new NotSupportedException(Environment.GetResourceString("NotSupported_RequiresCasPolicyExplicit")); } polmgr.Save(); } [System.Security.SecurityCritical] // auto-generated private static PermissionSet ResolveCasPolicy(Evidence evidence, PermissionSet reqdPset, PermissionSet optPset, PermissionSet denyPset, out PermissionSet denied, out int securitySpecialFlags, bool checkExecutionPermission) { Contract.Assert(AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled); CodeAccessPermission.Assert(true); PermissionSet granted = ResolvePolicy(evidence, reqdPset, optPset, denyPset, out denied, checkExecutionPermission); securitySpecialFlags = SecurityManager.GetSpecialFlags(granted, denied); return granted; } [System.Security.SecurityCritical] // auto-generated static private PermissionSet ResolvePolicy(Evidence evidence, PermissionSet reqdPset, PermissionSet optPset, PermissionSet denyPset, out PermissionSet denied, bool checkExecutionPermission) { Contract.Assert(AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled); if (executionSecurityPermission == null) executionSecurityPermission = new SecurityPermission(SecurityPermissionFlag.Execution); PermissionSet requested = null; PermissionSet optional; PermissionSet allowed; Exception savedException = null; // We don't want to recurse back into here as a result of a // stackwalk during resolution. So simply assert full trust (this // implies that custom permissions cannot use any permissions that // don't implement IUnrestrictedPermission. // PermissionSet.s_fullTrust.Assert(); // The requested set is the union of the minimal request and the // optional request. Minimal request defaults to empty, optional // is "AllPossible" (includes any permission that can be defined) // which is symbolized by null. optional = optPset; if (reqdPset == null) requested = optional; else // If optional is null, the requested set becomes null/"AllPossible". requested = optional == null ? null : reqdPset.Union(optional); // Make sure that the right to execute is requested (if this feature is // enabled). if (requested != null && !requested.IsUnrestricted()) requested.AddPermission( executionSecurityPermission ); // If we aren't passed any evidence, just make an empty object if (evidence == null) { evidence = new Evidence(); } allowed = polmgr.Resolve(evidence); // Intersect the grant with the RequestOptional if (requested != null) allowed.InplaceIntersect(requested); // Check that we were granted the right to execute. if (checkExecutionPermission) { if (!allowed.Contains(executionSecurityPermission) || (denyPset != null && denyPset.Contains(executionSecurityPermission))) { throw new PolicyException(Environment.GetResourceString("Policy_NoExecutionPermission"), System.__HResults.CORSEC_E_NO_EXEC_PERM, savedException); } } // Check that we were granted at least the minimal set we asked for. Do // this before pruning away any overlap with the refused set so that // users have the flexability of defining minimal permissions that are // only expressable as set differences (e.g. allow access to "C:\" but // disallow "C:\Windows"). if (reqdPset != null && !reqdPset.IsSubsetOf(allowed)) { BCLDebug.Assert(AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled, "Evaluating assembly level declarative security without legacy CAS policy enabled"); throw new PolicyException(Environment.GetResourceString( "Policy_NoRequiredPermission" ), System.__HResults.CORSEC_E_MIN_GRANT_FAIL, savedException ); } // Remove any granted permissions that are safe subsets of some denied // permission. The remaining denied permissions (if any) are returned // along with the modified grant set for use in checks. if (denyPset != null) { BCLDebug.Assert(AppDomain.CurrentDomain.IsLegacyCasPolicyEnabled, "Evaluating assembly level declarative security without legacy CAS policy enabled"); denied = denyPset.Copy(); allowed.MergeDeniedSet(denied); if (denied.IsEmpty()) denied = null; } else denied = null; allowed.IgnoreTypeLoadFailures = true; return allowed; } [Obsolete("Because execution permission checks can no longer be turned off, the CheckExecutionRights property no longer has any effect.")] static public bool CheckExecutionRights { get { return true; } set { // The setter for this property is a no-op since execution checking can no longer be turned off } } [Obsolete("Because security can no longer be turned off, the SecurityEnabled property no longer has any effect.")] public static bool SecurityEnabled { get { return true; } set { // The setter for this property is a no-op since security cannot be turned off } } #endif // #if FEATURE_CAS_POLICY private static int[][] s_BuiltInPermissionIndexMap = { new int[] { BuiltInPermissionIndex.EnvironmentPermissionIndex, (int) PermissionType.EnvironmentPermission }, new int[] { BuiltInPermissionIndex.FileDialogPermissionIndex, (int) PermissionType.FileDialogPermission }, new int[] { BuiltInPermissionIndex.FileIOPermissionIndex, (int) PermissionType.FileIOPermission }, new int[] { BuiltInPermissionIndex.ReflectionPermissionIndex, (int) PermissionType.ReflectionPermission }, new int[] { BuiltInPermissionIndex.SecurityPermissionIndex, (int) PermissionType.SecurityPermission }, new int[] { BuiltInPermissionIndex.UIPermissionIndex, (int) PermissionType.UIPermission } }; private static CodeAccessPermission[] s_UnrestrictedSpecialPermissionMap = { new EnvironmentPermission(PermissionState.Unrestricted), new FileDialogPermission(PermissionState.Unrestricted), new FileIOPermission(PermissionState.Unrestricted), new ReflectionPermission(PermissionState.Unrestricted), new SecurityPermission(PermissionState.Unrestricted), new UIPermission(PermissionState.Unrestricted) }; internal static int GetSpecialFlags (PermissionSet grantSet, PermissionSet deniedSet) { if ((grantSet != null && grantSet.IsUnrestricted()) && (deniedSet == null || deniedSet.IsEmpty())) { return -1; } else { SecurityPermission securityPermission = null; #pragma warning disable 618 SecurityPermissionFlag securityPermissionFlags = SecurityPermissionFlag.NoFlags; #pragma warning restore 618 ReflectionPermission reflectionPermission = null; ReflectionPermissionFlag reflectionPermissionFlags = ReflectionPermissionFlag.NoFlags; CodeAccessPermission[] specialPermissions = new CodeAccessPermission[6]; if (grantSet != null) { if (grantSet.IsUnrestricted()) { securityPermissionFlags = SecurityPermissionFlag.AllFlags; reflectionPermissionFlags = ReflectionPermission.AllFlagsAndMore; for (int i = 0; i < specialPermissions.Length; i++) { specialPermissions[i] = s_UnrestrictedSpecialPermissionMap[i]; } } else { securityPermission = grantSet.GetPermission(BuiltInPermissionIndex.SecurityPermissionIndex) as SecurityPermission; if (securityPermission != null) securityPermissionFlags = securityPermission.Flags; reflectionPermission = grantSet.GetPermission(BuiltInPermissionIndex.ReflectionPermissionIndex) as ReflectionPermission; if (reflectionPermission != null) reflectionPermissionFlags = reflectionPermission.Flags; for (int i = 0; i < specialPermissions.Length; i++) { specialPermissions[i] = grantSet.GetPermission(s_BuiltInPermissionIndexMap[i][0]) as CodeAccessPermission; } } } if (deniedSet != null) { if (deniedSet.IsUnrestricted()) { securityPermissionFlags = SecurityPermissionFlag.NoFlags; reflectionPermissionFlags = ReflectionPermissionFlag.NoFlags; for (int i = 0; i < s_BuiltInPermissionIndexMap.Length; i++) { specialPermissions[i] = null; } } else { securityPermission = deniedSet.GetPermission(BuiltInPermissionIndex.SecurityPermissionIndex) as SecurityPermission; if (securityPermission != null) securityPermissionFlags &= ~securityPermission.Flags; reflectionPermission = deniedSet.GetPermission(BuiltInPermissionIndex.ReflectionPermissionIndex) as ReflectionPermission; if (reflectionPermission != null) reflectionPermissionFlags &= ~reflectionPermission.Flags; for (int i = 0; i < s_BuiltInPermissionIndexMap.Length; i++) { CodeAccessPermission deniedSpecialPermission = deniedSet.GetPermission(s_BuiltInPermissionIndexMap[i][0]) as CodeAccessPermission; if (deniedSpecialPermission != null && !deniedSpecialPermission.IsSubsetOf(null)) specialPermissions[i] = null; // we don't care about the exact value here. } } } int flags = MapToSpecialFlags(securityPermissionFlags, reflectionPermissionFlags); if (flags != -1) { for (int i = 0; i < specialPermissions.Length; i++) { if (specialPermissions[i] != null && ((IUnrestrictedPermission) specialPermissions[i]).IsUnrestricted()) flags |= (1 << (int) s_BuiltInPermissionIndexMap[i][1]); } } return flags; } } #pragma warning disable 618 private static int MapToSpecialFlags (SecurityPermissionFlag securityPermissionFlags, ReflectionPermissionFlag reflectionPermissionFlags) { #pragma warning restore 618 int flags = 0; #pragma warning disable 618 if ((securityPermissionFlags & SecurityPermissionFlag.UnmanagedCode) == SecurityPermissionFlag.UnmanagedCode) #pragma warning restore 618 flags |= (1 << (int) PermissionType.SecurityUnmngdCodeAccess); if ((securityPermissionFlags & SecurityPermissionFlag.SkipVerification) == SecurityPermissionFlag.SkipVerification) flags |= (1 << (int) PermissionType.SecuritySkipVerification); if ((securityPermissionFlags & SecurityPermissionFlag.Assertion) == SecurityPermissionFlag.Assertion) flags |= (1 << (int) PermissionType.SecurityAssert); if ((securityPermissionFlags & SecurityPermissionFlag.SerializationFormatter) == SecurityPermissionFlag.SerializationFormatter) flags |= (1 << (int) PermissionType.SecuritySerialization); if ((securityPermissionFlags & SecurityPermissionFlag.BindingRedirects) == SecurityPermissionFlag.BindingRedirects) flags |= (1 << (int) PermissionType.SecurityBindingRedirects); if ((securityPermissionFlags & SecurityPermissionFlag.ControlEvidence) == SecurityPermissionFlag.ControlEvidence) flags |= (1 << (int) PermissionType.SecurityControlEvidence); if ((securityPermissionFlags & SecurityPermissionFlag.ControlPrincipal) == SecurityPermissionFlag.ControlPrincipal) flags |= (1 << (int) PermissionType.SecurityControlPrincipal); if ((reflectionPermissionFlags & ReflectionPermissionFlag.RestrictedMemberAccess) == ReflectionPermissionFlag.RestrictedMemberAccess) flags |= (1 << (int)PermissionType.ReflectionRestrictedMemberAccess); if ((reflectionPermissionFlags & ReflectionPermissionFlag.MemberAccess) == ReflectionPermissionFlag.MemberAccess) flags |= (1 << (int) PermissionType.ReflectionMemberAccess); return flags; } [System.Security.SecurityCritical] // auto-generated [ResourceExposure(ResourceScope.None)] [DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode)] [SuppressUnmanagedCodeSecurity] internal static extern bool IsSameType(String strLeft, String strRight); [System.Security.SecurityCritical] // auto-generated [ResourceExposure(ResourceScope.None)] [MethodImplAttribute(MethodImplOptions.InternalCall)] internal static extern bool _SetThreadSecurity(bool bThreadSecurity); [System.Security.SecurityCritical] // auto-generated [ResourceExposure(ResourceScope.None)] [DllImport(JitHelpers.QCall, CharSet = CharSet.Unicode)] [SuppressUnmanagedCodeSecurity] internal static extern void GetGrantedPermissions(ObjectHandleOnStack retGranted, ObjectHandleOnStack retDenied, StackCrawlMarkHandle stackMark); } }