[DOTNET-ROTOR] Permission grants and stackwalk

Sun, 23 Nov 2003 05:14:40 -0800 

Hello,
I tried to get an overview of how the permissions of a piece of code are
calculated.  I enhanced the common equation for the grant set of an
assembly to
take the permissions of the application domain in account.
I'm also providing some pseudo code to illustrate what a stackwalk does.
It should be a logical view of what is happening while walking over the
stack.

Did I overlook something? I'm looking forward to your comments or
suggestions.


**************************************
**************************************
Naming conventions for the permission sets:
MAX: permissions maximum allowed by the policy
MIN: permissions the assembly requires for its operation
OPT:  permissions the  assembly would like to have, but are not necessary
REF: permissions that should not be granted to the assembly
DOM: permissions granted to the application domain
GRANT: granted permission set (result)

Equation (in case of an unmodified stackwalk):
GRANT = ((MAX INTERSECT (MIN U OPT))  - REF) INTERSECT DOM

**************************************

Pseudo code for illustration of the stackwalk:

FUNCTION walk: (stack, permissionset) -> (stack, permissionset)
DEFINITION walk (stack, demandset) ==
 grant = (MAX INTERSECT (MIN U OPT)) - REF
 permset = applyModifications(demandset)
 IF permset SUBSETOF grant
   IF permset SUBSETOF DOM
     walk(POP(stack), permset)
   ELSE
     throw(SecurityException "Denied by AppDomain")
   FI
 ELSE
   throw(SecurityException "Denied by Assembly or Policy")
 FI


The function "applyModifications" applies the stackwalk modifications to
the demanded permissionset. If a denied permission is demanded for
example the stackwalk is stopped immediatly and exception is thrown.
Assertions remove permissions from the demand set.
**************************************
**************************************

Thank you in advance!

Regards,
Philipp Henkel

===================================
This list is hosted by DevelopMentorŪ  http://www.develop.com
NEW! ASP.NET courses you may be interested in:

2 Days of ASP.NET, 29 Sept 2003, in Redmond
http://www.develop.com/courses/2daspdotnet

Guerrilla ASP.NET, 13 Oct 2003, in Boston
http://www.develop.com/courses/gaspdotnet

View archives and manage your subscription(s) at http://discuss.develop.com

Reply via email to