Author: spouliot
Date: 2005-06-14 10:14:23 -0400 (Tue, 14 Jun 2005)
New Revision: 45967
Modified:
trunk/mcs/class/corlib/System.Security/ChangeLog
trunk/mcs/class/corlib/System.Security/PermissionSet.cs
trunk/mcs/class/corlib/System.Security/SecurityManager.cs
Log:
2005-06-14 Sebastien Pouliot <[EMAIL PROTECTED]>
* SecurityManager.cs: Added ResolvingPolicyLevel property to enable
support for FullTrustAssemblies during policy resolution. Reworked
(simplified) locking. Moved check for CheckExecutionRights to the
"right" place.
* PermissionSet.cs: Added shortcut in GetPermission(Type).
Modified: trunk/mcs/class/corlib/System.Security/ChangeLog
===================================================================
--- trunk/mcs/class/corlib/System.Security/ChangeLog 2005-06-14 13:29:49 UTC
(rev 45966)
+++ trunk/mcs/class/corlib/System.Security/ChangeLog 2005-06-14 14:14:23 UTC
(rev 45967)
@@ -1,3 +1,11 @@
+2005-06-14 Sebastien Pouliot <[EMAIL PROTECTED]>
+
+ * SecurityManager.cs: Added ResolvingPolicyLevel property to enable
+ support for FullTrustAssemblies during policy resolution. Reworked
+ (simplified) locking. Moved check for CheckExecutionRights to the
+ "right" place.
+ * PermissionSet.cs: Added shortcut in GetPermission(Type).
+
2005-06-08 Sebastien Pouliot <[EMAIL PROTECTED]>
* AllowPartiallyTrustedCallersAttribute.cs, HostSecurityManagerFlags.cs
Modified: trunk/mcs/class/corlib/System.Security/PermissionSet.cs
===================================================================
--- trunk/mcs/class/corlib/System.Security/PermissionSet.cs 2005-06-14
13:29:49 UTC (rev 45966)
+++ trunk/mcs/class/corlib/System.Security/PermissionSet.cs 2005-06-14
14:14:23 UTC (rev 45967)
@@ -449,8 +449,11 @@
public virtual IPermission GetPermission (Type permClass)
{
+ if ((permClass == null) || (list.Count == 0))
+ return null;
+
foreach (object o in list) {
- if (o.GetType ().Equals (permClass))
+ if ((o != null) && o.GetType ().Equals
(permClass))
return (IPermission) o;
}
// it's normal to return null for unrestricted sets
Modified: trunk/mcs/class/corlib/System.Security/SecurityManager.cs
===================================================================
--- trunk/mcs/class/corlib/System.Security/SecurityManager.cs 2005-06-14
13:29:49 UTC (rev 45966)
+++ trunk/mcs/class/corlib/System.Security/SecurityManager.cs 2005-06-14
14:14:23 UTC (rev 45967)
@@ -65,6 +65,7 @@
private static PermissionSet _fullTrust; // for
[AllowPartiallyTrustedCallers]
private static IPermission _unmanagedCode;
private static Hashtable _declsecCache;
+ private static PolicyLevel _level;
static SecurityManager ()
{
@@ -216,7 +217,6 @@
try {
pl = new PolicyLevel (type.ToString (), type);
pl.LoadFromFile (path);
- pl.Initialize ();
}
catch (Exception e) {
throw new ArgumentException (Locale.GetText
("Invalid policy XML"), e);
@@ -264,6 +264,20 @@
}
ResolveIdentityPermissions (ps, evidence);
+
+ // do we have the right to execute ?
+ if (CheckExecutionRights) {
+ // unless we have "Full Trust"...
+ if (!ps.IsUnrestricted ()) {
+ // ... we need to find a
SecurityPermission
+ IPermission security = ps.GetPermission
(typeof (SecurityPermission));
+ if (!_execution.IsSubsetOf (security)) {
+ throw new PolicyException
(Locale.GetText (
+ "Policy doesn't grant
the right to execute to the assembly."));
+ }
+ }
+ }
+
return ps;
}
@@ -317,18 +331,6 @@
throw new PolicyException (Locale.GetText (
"Policy doesn't grant the minimal
permissions required to execute the assembly."));
}
- // do we have the right to execute ?
- if (CheckExecutionRights) {
- // unless we have "Full Trust"...
- if (!resolved.IsUnrestricted ()) {
- // ... we need to find a
SecurityPermission
- IPermission security =
resolved.GetPermission (typeof (SecurityPermission));
- if (!_execution.IsSubsetOf (security)) {
- throw new PolicyException
(Locale.GetText (
- "Policy doesn't grant
the right to execute to the assembly."));
- }
- }
- }
denied = denyPset;
return resolved;
@@ -371,12 +373,9 @@
private static IEnumerator Hierarchy {
get {
- // double-lock pattern
- if (_hierarchy == null) {
- lock (_lockObject) {
- if (_hierarchy == null)
-
InitializePolicyHierarchy ();
- }
+ lock (_lockObject) {
+ if (_hierarchy == null)
+ InitializePolicyHierarchy ();
}
return _hierarchy.GetEnumerator ();
}
@@ -389,25 +388,24 @@
string userPolicyPath = Path.Combine
(Environment.InternalGetFolderPath (Environment.SpecialFolder.ApplicationData),
"mono");
PolicyLevel enterprise = new PolicyLevel ("Enterprise",
PolicyLevelType.Enterprise);
+ _level = enterprise;
+ enterprise.LoadFromFile (Path.Combine
(machinePolicyPath, "enterprisesec.config"));
+
PolicyLevel machine = new PolicyLevel ("Machine",
PolicyLevelType.Machine);
+ _level = machine;
+ machine.LoadFromFile (Path.Combine (machinePolicyPath,
"security.config"));
+
PolicyLevel user = new PolicyLevel ("User",
PolicyLevelType.User);
-
- enterprise.LoadFromFile (Path.Combine
(machinePolicyPath, "enterprisesec.config"));
- machine.LoadFromFile (Path.Combine (machinePolicyPath,
"security.config"));
+ _level = user;
user.LoadFromFile (Path.Combine (userPolicyPath,
"security.config"));
ArrayList al = new ArrayList ();
al.Add (enterprise);
al.Add (machine);
al.Add (user);
- // setting _hierarchy here allows for loading
assemblies containing permissions
- // FIXME: we still need to enforce the FullTrust list
+
_hierarchy = ArrayList.Synchronized (al);
-
- // part II - creating the permission sets
- enterprise.Initialize ();
- machine.Initialize ();
- user.Initialize ();
+ _level = null;
}
internal static bool ResolvePolicyLevel (ref PermissionSet ps,
PolicyLevel pl, Evidence evidence)
@@ -445,6 +443,11 @@
}
}
+ internal static PolicyLevel ResolvingPolicyLevel {
+ get { return _level; }
+ set { _level = value; }
+ }
+
internal static PermissionSet Decode (IntPtr permissions, int
length)
{
// Permission sets from the runtime (declarative
security) can be cached
@@ -542,12 +545,9 @@
private static IPermission UnmanagedCode {
get {
- // double-lock pattern
- if (_unmanagedCode == null) {
- lock (_lockObject) {
- if (_unmanagedCode == null)
- _unmanagedCode = new
SecurityPermission (SecurityPermissionFlag.UnmanagedCode);
- }
+ lock (_lockObject) {
+ if (_unmanagedCode == null)
+ _unmanagedCode = new
SecurityPermission (SecurityPermissionFlag.UnmanagedCode);
}
return _unmanagedCode;
}
_______________________________________________
Mono-patches maillist - [email protected]
http://lists.ximian.com/mailman/listinfo/mono-patches
